def sign_file(self, file):
        """
        Sign an actor, component or application.
        Store the signature in <file>.sign.<hash-cert>
        Conf is a Config object with a loaded openssl.conf configuration.
        File is the file to be signed.

        Equivalent of:
        openssl dgst -sha256 -sign "$private_key"
                    -out "$file.sign.<cert-hash>"
                    -passin file:$private_dir/ca_password
                     "$file"
        """
        _log.debug("sign_file: file={}".format(file))
        private = self.configuration["CA_default"]["private_dir"]
        cert_file = self.configuration["CA_default"]["certificate"]
        private_key = self.configuration["CA_default"]["private_key"]
        password_file = os.path.join(private, "ca_password")

        try:
            certificate_hash = certificate.cert_hash(certpath=cert_file)
        except:
            _log.exception("Failed to get certificate hash")
            raise Exception("Failed to get certificate hash")
        sign_file = file + ".sign." + certificate_hash
        log = subprocess.Popen([
            "openssl", "dgst", "-sha256", "-sign", private_key, "-passin",
            "file:" + password_file, "-out", sign_file, file
        ],
                               stdout=subprocess.PIPE,
                               stderr=subprocess.PIPE)
        stdout, stderr = log.communicate()
        if log.returncode != 0:
            raise IOError(stderr)
        return sign_file
예제 #2
0
    def sign_file(self, file, dir=None):
        """
        Sign an actor, component or application.
        Store the signature in <file>.sign.<hash-cert>
        File is the file to be signed.

        Equivalent of:
        openssl dgst -sha256 -sign "$private_key"
                    -out "$file.sign.<cert-hash>"
                    -passin file:$private_dir/ca_password
                     "$file"
        """
        try:
            certificate_hash = certificate.cert_hash(certpath=self.certificate)
        except:
            _log.exception("Failed to get certificate hash")
            raise Exception("Failed to get certificate hash")
        sign_file_name = file + ".sign." + certificate_hash
        if dir:
            sign_file = os.path.join(dir, sign_file_name)
        else:
            sign_file = sign_file_name
        print "signed file name=" + sign_file
        log = subprocess.Popen([
            "openssl", "dgst", "-sha256", "-sign", self.private_key, "-passin",
            "file:" + self.password_file, "-out", sign_file, file
        ],
                               stdout=subprocess.PIPE,
                               stderr=subprocess.PIPE)
        stdout, stderr = log.communicate()
        if log.returncode != 0:
            raise IOError(stderr)
        return sign_file
예제 #3
0
    def sign_file(self, file):
        """
        Sign an actor, component or application.
        Store the signature in <file>.sign.<hash-cert>
        Conf is a Config object with a loaded openssl.conf configuration.
        File is the file to be signed.

        Equivalent of:
        openssl dgst -sha256 -sign "$private_key"
                    -out "$file.sign.<cert-hash>"
                    -passin file:$private_dir/ca_password
                     "$file"
        """
        private = self.configuration["CA_default"]["private_dir"]
        cert_file = self.configuration["CA_default"]["certificate"]
        private_key = self.configuration["CA_default"]["private_key"]
        password_file = os.path.join(private, "ca_password")

        try:
            certificate_hash = certificate.cert_hash(certpath=cert_file)
        except:
            _log.exception("Failed to get certificate hash")
            raise Exception("Failed to get certificate hash")
        sign_file = file + ".sign." + certificate_hash
        log = subprocess.Popen(["openssl", "dgst", "-sha256",
                                "-sign", private_key,
                                "-passin", "file:" + password_file,
                                "-out", sign_file,
                                file],
                               stdout=subprocess.PIPE,
                               stderr=subprocess.PIPE)
        stdout, stderr = log.communicate()
        if log.returncode != 0:
            raise IOError(stderr)
        return sign_file
예제 #4
0
    def sign_file(self, file, dir=None):
        """
        Sign an actor, component or application.
        Store the signature in <file>.sign.<hash-cert>
        File is the file to be signed.

        Equivalent of:
        openssl dgst -sha256 -sign "$private_key"
                    -out "$file.sign.<cert-hash>"
                    -passin file:$private_dir/ca_password
                     "$file"
        """
        try:
            certificate_hash = certificate.cert_hash(certpath=self.certificate)
        except:
            _log.exception("Failed to get certificate hash")
            raise Exception("Failed to get certificate hash")
        sign_file_name = file + ".sign." + certificate_hash
        if dir:
            sign_file = os.path.join(dir, sign_file_name)
        else:
            sign_file = sign_file_name
        print "signed file name="+sign_file
        log = subprocess.Popen(["openssl", "dgst", "-sha256",
                                "-sign", self.private_key,
                                "-passin", "file:" + self.password_file,
                                "-out", sign_file,
                                file],
                               stdout=subprocess.PIPE,
                               stderr=subprocess.PIPE)
        stdout, stderr = log.communicate()
        if log.returncode != 0:
            raise IOError(stderr)
        return sign_file
예제 #5
0
    def sign_file(self, file, dir=None):
        """
        Sign an actor, component or application.
        Store the signature in <file>.sign.<hash-cert>
        File is the file to be signed.

        Equivalent of:
        openssl dgst -sha256 -sign "$private_key"
                    -out "$file.sign.<cert-hash>"
                    -passin file:$private_dir/ca_password
                     "$file"
        """
        _log.debug("sign_file: file={}".format(file))
        try:
            certificate_hash = certificate.cert_hash(certpath=self.certificate)
        except:
            _log.exception("Failed to get certificate hash")
            raise Exception("Failed to get certificate hash")
        sign_file_name = file + ".sign." + certificate_hash
        if dir:
            sign_file = os.path.join(dir, sign_file_name)
        else:
            sign_file = sign_file_name
        print "signed file name=" + sign_file
        log = subprocess.Popen([
            "openssl", "dgst", "-sha256", "-sign", self.private_key, "-passin",
            "file:" + self.password_file, "-out", sign_file, file
        ],
                               stdout=subprocess.PIPE,
                               stderr=subprocess.PIPE)
        stdout, stderr = log.communicate()
        if log.returncode != 0:
            raise IOError(stderr)
        with open(sign_file, 'rt') as f:
            signature = f.read()
        with open(file, 'rt') as f:
            content = f.read()
        with open(self.certificate, 'rt') as f:
            trusted_cert = OpenSSL.crypto.load_certificate(
                OpenSSL.crypto.FILETYPE_PEM, f.read())
            try:
                # Verify signature
                OpenSSL.crypto.verify(trusted_cert, signature, content,
                                      'sha256')
                _log.debug("verify_signature_content: signature correct")
            except Exception as e:
                _log.error("OpenSSL verification error", exc_info=True)
        return sign_file
예제 #6
0
    def sign_file(self, file, dir=None):
        """
        Sign an actor, component or application.
        Store the signature in <file>.sign.<hash-cert>
        File is the file to be signed.

        Equivalent of:
        openssl dgst -sha256 -sign "$private_key"
                    -out "$file.sign.<cert-hash>"
                    -passin file:$private_dir/ca_password
                     "$file"
        """
        _log.debug("sign_file: file={}".format(file))
        try:
            certificate_hash = certificate.cert_hash(certpath=self.certificate)
        except:
            _log.exception("Failed to get certificate hash")
            raise Exception("Failed to get certificate hash")
        sign_file_name = file + ".sign." + certificate_hash
        if dir:
            sign_file = os.path.join(dir, sign_file_name)
        else:
            sign_file = sign_file_name
        print "signed file name="+sign_file
        log = subprocess.Popen(["openssl", "dgst", "-sha256",
                                "-sign", self.private_key,
                                "-passin", "file:" + self.password_file,
                                "-out", sign_file,
                                file],
                               stdout=subprocess.PIPE,
                               stderr=subprocess.PIPE)
        stdout, stderr = log.communicate()
        if log.returncode != 0:
            raise IOError(stderr)
        with open(sign_file, 'rt') as f:
            signature = f.read()
        with open(file, 'rt') as f:
            content= f.read()
        with open(self.certificate, 'rt') as f:
            trusted_cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, f.read())
            try:
                # Verify signature
                OpenSSL.crypto.verify(trusted_cert, signature, content, 'sha256')
                _log.debug("verify_signature_content: signature correct")
            except Exception as e:
                _log.error("OpenSSL verification error", exc_info=True)
        return sign_file