def get_hash_package_data(package): to_sign_package = Package( None, SecimageRemoteClientSigner.get_class_ToSignPackageFiles(), package=package) to_sign_package.update_data() return SecimageRemoteClientSigner.use_tosign_data( to_sign_package.pf)
def sign_hash(self, hash_to_sign, imageinfo, binary_to_sign=None, debug_dir=None, sha_algo=None, binary_to_sign_len=None): # Find the hash_package packages_folder = imageinfo.dest_image.image_dir to_sign_package = Package(packages_folder, src.get_class_ToSignPackageFiles()) try: if to_sign_package.package is None: raise RemoteSignerError( 'Please place the to_sign package in ' + packages_folder, RemoteSignerError.E_PACKAGE_MISSING) # Read the hash package to_sign_package.update_data() to_sign, signing_config = src.use_tosign_data(to_sign_package.pf) signing_config = json.loads(signing_config) # Get the binary length binary_to_sign_len = int(signing_config['binary_len']) # Use the signing overrides signing_attributes = signing_config.get('signing_attributes', None) if signing_attributes is not None: signer_attributes = imageinfo.config.signing.signer_attributes.remote_signer_attributes if signer_attributes and signer_attributes.allow_signing_overrides: sa = SigningAttributes() sa.update_from_json(signing_attributes) sa.update_image_info_attrs(imageinfo.signing_attributes) else: raise RemoteSignerError( 'Signing attributes override is not accepted.', RemoteSignerError.E_PACKAGE_MISSING) except RemoteSignerError: raise except RuntimeError as e: raise RemoteSignerError(e.message) # Sign using openssl locally signer_output = OpenSSLSigner.sign_hash( self, hash_to_sign, imageinfo, binary_to_sign=binary_to_sign, debug_dir=debug_dir, sha_algo=sha_algo, binary_to_sign_len=binary_to_sign_len) # Generate the signature package signature_package = Package(packages_folder, src.get_class_SignaturePackageFiles()) src.update_signature_package(signer_output.signature, signer_output.attestation_cert, signer_output.attestation_ca_cert, [signer_output.root_cert], signature_package.pf) signature_package.package = src.get_signature_package_path(imageinfo) signature_package.save_package() return signer_output