def get_private_key_encrypted(certificate_path, password=None):
"""Load certificate and finc matching Key in same dir.
Return path to private_key if key is encrypted
Args:
certificate_path (str): path to personal certificate
Returns
str: path to matching private key
"""
cert = SSLCertificate(certificate_path)
if isinstance(password, unicode):
password = password.encode('utf8')
try:
if password is None or password == '':
key = cert.matching_key_in_dirs(
password_callback=NOPASSWORD_CALLBACK,
private_key_password=None)
else:
key = cert.matching_key_in_dirs(private_key_password=password)
if key:
return key.private_key_filename
else:
return ''
except Exception as e:
print(e)
return ''
def get_private_key_encrypted(certificate_path,password=None):
"""Load certificate and finc matching Key in same dir.
Return path to private_key if key is encrypted
Args:
certificate_path (str): path to personal certificate
Returns
str: path to matching private key
"""
cert = SSLCertificate(certificate_path)
if isinstance(password,unicode):
password = password.encode('utf8')
try:
if password is None or password == '':
key = cert.matching_key_in_dirs(password_callback=NOPASSWORD_CALLBACK,private_key_password = None)
else:
key = cert.matching_key_in_dirs(private_key_password = password)
if key:
return key.private_key_filename
else:
return ''
except Exception as e:
print(e)
return ''
def main():
parser=OptionParser(usage=__doc__,prog = 'wapt-signpackage')
parser.add_option("-c","--certificate", dest="public_key", default='', help="Path to the PEM RSA certificate to embed identitiy in control. (default: %default)")
parser.add_option("-k","--private-key", dest="private_key", default='', help="Path to the PEM RSA private key to sign packages. (default: %default)")
#parser.add_option("-w","--private-key-passwd", dest="private_key_passwd", default='', help="Path to the password of the private key. (default: %default)")
parser.add_option("-l","--loglevel", dest="loglevel", default=None, type='choice', choices=['debug','warning','info','error','critical'], metavar='LOGLEVEL',help="Loglevel (default: warning)")
parser.add_option("-m","--message-digest", dest="md", default='sha256', help="Message digest type for signatures. (default: %default)")
parser.add_option("-s","--scan-packages", dest="doscan", default=False, action='store_true', help="Rescan packages and update local Packages index after signing. (default: %default)")
parser.add_option("-r","--remove-setup", dest="removesetup", default=False, action='store_true', help="Remove setup.py. (default: %default)")
parser.add_option("-i","--inc-release", dest="increlease", default=False, action='store_true', help="Increase release number when building package (default: %default)")
parser.add_option("--maturity", dest="set_maturity", default=None, help="Set/change package maturity when signing package. (default: None)")
parser.add_option( "--keep-signature-date", dest="keep_signature_date",default=False, action='store_true', help="Keep the current package signature date, and file changetime (default: %default)")
parser.add_option( "--if-needed", dest="if_needed", default=False, action='store_true',help="Re-sign package only if needed (default: warning)")
(options,args) = parser.parse_args()
loglevel = options.loglevel
if len(logger.handlers) < 1:
hdlr = logging.StreamHandler(sys.stderr)
hdlr.setFormatter(logging.Formatter(
u'%(asctime)s %(levelname)s %(message)s'))
logger.addHandler(hdlr)
if loglevel:
setloglevel(logger,loglevel)
else:
setloglevel(logger,'warning')
if len(args) < 1:
print(parser.usage)
sys.exit(1)
if not options.public_key and not options.private_key:
print('ERROR: No certificate found or specified')
sys.exit(1)
if options.private_key and os.path.isfile(options.private_key):
key = SSLPrivateKey(options.private_key)
else:
cert = SSLCertificate(options.public_key or options.private_key)
key = cert.matching_key_in_dirs()
if not key:
print('ERROR: No private key found or specified')
sys.exit(1)
args = ensure_list(args)
ca_bundle = SSLCABundle()
signers_bundle = SSLCABundle()
signers_bundle.add_certificates_from_pem(pem_filename=options.public_key)
waptpackages = []
for arg in args:
waptpackages.extend(glob.glob(arg))
errors = []
package_dirs = []
for waptpackage in waptpackages:
package_dir = os.path.abspath(os.path.dirname(waptpackage))
if not package_dir in package_dirs:
package_dirs.append(package_dir)
print('Processing %s'%waptpackage)
try:
sign_needed=False
pe = PackageEntry(waptfile = waptpackage)
if options.removesetup:
if pe.has_file('setup.py'):
with pe.as_zipfile(mode='a') as waptfile:
waptfile.remove('setup.py')
sign_needed=True
if not sign_needed and options.if_needed:
try:
pe.check_control_signature(trusted_bundle=signers_bundle,signers_bundle=signers_bundle)
for md in ensure_list(options.md):
if not pe.has_file(pe.get_signature_filename(md)):
raise Exception('Missing signature for md %s' % md)
logger.info('Skipping %s, already signed properly' % pe.asrequirement())
sign_needed = False
except Exception as e:
logger.info('Sign is needed for %s because %s' % (pe.asrequirement(),e))
sign_needed = True
if options.increlease:
pe.inc_build()
sign_needed = True
if options.set_maturity is not None and pe.maturity != options.set_maturity:
pe.maturity = options.set_maturity
sign_needed = True
if not options.if_needed or sign_needed:
pe.sign_package(private_key=key,certificate = signers_bundle.certificates(),mds = ensure_list(options.md),keep_signature_date=options.keep_signature_date)
newfn = pe.make_package_filename()
if newfn != pe.filename:
newfn_path = os.path.join(package_dir,newfn)
if not os.path.isfile(newfn_path):
print(u"Renaming file from %s to %s to match new package's properties" % (pe.filename,newfn))
shutil.move(os.path.join(package_dir,pe.filename),newfn_path)
else:
print('WARNING: unable to rename file from %s to %s because target already exists' % (pe.filename,newfn))
print('Done')
except Exception as e:
print(u'Error: %s'%ensure_unicode(e.message))
errors.append([waptpackage,repr(e)])
if options.doscan:
for package_dir in package_dirs:
if os.path.isfile(os.path.join(package_dir,'Packages')):
print(u'Launching the update of Packages index in %s ...'% ensure_unicode(package_dir))
repo = WaptLocalRepo(package_dir)
repo.update_packages_index()
print('Done')
else:
print("Don't forget to rescan your repository with wapt-scanpackages %s" % os.path.dirname(waptpackages[0]))
if errors:
print('Package not processed properly: ')
for fn,error in errors:
print(u'%s : %s' % (fn,error))
sys.exit(1)
else:
sys.exit(0)
def main():
parser=OptionParser(usage=__doc__,prog = 'wapt-signpackage')
parser.add_option("-c","--certificate", dest="public_key", default='', help="Path to the PEM RSA certificate to embed identitiy in control. (default: %default)")
parser.add_option("-k","--private-key", dest="private_key", default='', help="Path to the PEM RSA private key to sign packages. (default: %default)")
#parser.add_option("-w","--private-key-passwd", dest="private_key_passwd", default='', help="Path to the password of the private key. (default: %default)")
parser.add_option("-l","--loglevel", dest="loglevel", default=None, type='choice', choices=['debug','warning','info','error','critical'], metavar='LOGLEVEL',help="Loglevel (default: warning)")
parser.add_option("-m","--message-digest", dest="md", default='sha256', help="Message digest type for signatures. (default: %default)")
parser.add_option("-s","--scan-packages", dest="doscan", default=False, action='store_true', help="Rescan packages and update local Packages index after signing. (default: %default)")
parser.add_option("-r","--remove-setup", dest="removesetup", default=False, action='store_true', help="Remove setup.py. (default: %default)")
parser.add_option("-i","--inc-release", dest="increlease", default=False, action='store_true', help="Increase release number when building package (default: %default)")
parser.add_option("--maturity", dest="set_maturity", default=None, help="Set/change package maturity when signing package. (default: None)")
parser.add_option( "--keep-signature-date", dest="keep_signature_date",default=False, action='store_true', help="Keep the current package signature date, and file changetime (default: %default)")
parser.add_option( "--if-needed", dest="if_needed", default=False, action='store_true',help="Re-sign package only if needed (default: warning)")
(options,args) = parser.parse_args()
loglevel = options.loglevel
if len(logger.handlers) < 1:
hdlr = logging.StreamHandler(sys.stderr)
hdlr.setFormatter(logging.Formatter(
u'%(asctime)s %(levelname)s %(message)s'))
logger.addHandler(hdlr)
if loglevel:
setloglevel(logger,loglevel)
else:
setloglevel(logger,'warning')
if len(args) < 1:
print(parser.usage)
sys.exit(1)
if not options.public_key and not options.private_key:
print('ERROR: No certificate found or specified')
sys.exit(1)
if options.private_key and os.path.isfile(options.private_key):
key = SSLPrivateKey(options.private_key)
else:
cert = SSLCertificate(options.public_key or options.private_key)
key = cert.matching_key_in_dirs()
if not key:
print('ERROR: No private key found or specified')
sys.exit(1)
args = ensure_list(args)
ca_bundle = SSLCABundle()
signers_bundle = SSLCABundle()
signers_bundle.add_certificates_from_pem(pem_filename=options.public_key)
waptpackages = []
for arg in args:
waptpackages.extend(glob.glob(arg))
errors = []
package_dirs = []
for waptpackage in waptpackages:
package_dir = os.path.abspath(os.path.dirname(waptpackage))
if not package_dir in package_dirs:
package_dirs.append(package_dir)
print('Processing %s'%waptpackage)
try:
sign_needed=False
pe = PackageEntry(waptfile = waptpackage)
if options.removesetup:
if pe.has_file('setup.py'):
with pe.as_zipfile(mode='a') as waptfile:
waptfile.remove('setup.py')
sign_needed=True
if not sign_needed and options.if_needed:
try:
pe.check_control_signature(trusted_bundle=signers_bundle,signers_bundle=signers_bundle)
for md in ensure_list(options.md):
if not pe.has_file(pe.get_signature_filename(md)):
raise Exception('Missing signature for md %s' % md)
logger.info('Skipping %s, already signed properly' % pe.asrequirement())
sign_needed = False
except Exception as e:
logger.info('Sign is needed for %s because %s' % (pe.asrequirement(),e))
sign_needed = True
if options.increlease:
pe.inc_build()
sign_needed = True
if options.set_maturity is not None and pe.maturity != options.set_maturity:
pe.maturity = options.set_maturity
sign_needed = True
if not options.if_needed or sign_needed:
pe.sign_package(private_key=key,certificate = signers_bundle.certificates(),mds = ensure_list(options.md),keep_signature_date=options.keep_signature_date)
newfn = pe.make_package_filename()
if newfn != pe.filename:
newfn_path = os.path.join(package_dir,newfn)
if not os.path.isfile(newfn_path):
print(u"Renaming file from %s to %s to match new package's properties" % (pe.filename,newfn))
os.rename(os.path.join(package_dir,pe.filename),newfn_path)
else:
print('WARNING: unable to rename file from %s to %s because target already exists' % (pe.filename,newfn))
print('Done')
except Exception as e:
print(u'Error: %s'%ensure_unicode(e.message))
errors.append([waptpackage,repr(e)])
if options.doscan:
for package_dir in package_dirs:
if os.path.isfile(os.path.join(package_dir,'Packages')):
print(u'Launching the update of Packages index in %s ...'% ensure_unicode(package_dir))
repo = WaptLocalRepo(package_dir)
repo.update_packages_index()
print('Done')
else:
print("Don't forget to rescan your repository with wapt-scanpackages %s" % os.path.dirname(waptpackages[0]))
if errors:
print('Package not processed properly: ')
for fn,error in errors:
print(u'%s : %s' % (fn,error))
sys.exit(1)
else:
sys.exit(0)