def validate_config(self, imageinfo):
self._validate_config(imageinfo.cert_config,
imageinfo.general_properties)
BaseSigner._validate_oid_values(self, imageinfo.signing_attributes,
imageinfo.general_properties)
def validate_config(self, imageinfo):
cass_signer_attributes = self.config.signing.signer_attributes.cass_signer_attributes
self._validate_config(cass_signer_attributes)
BaseSigner._validate_oid_values(self,
imageinfo.signing_attributes,
imageinfo.general_properties,
mandatory=False)
def initialize(self, imageinfo):
""" The following should be set at the end of the call
self.certs[self.ROOT].cert
self.certs[self.CA].cert
self.certs[self.ATTEST].cert
self.signature
"""
# Initialize the base signer
BaseSigner.initialize(self, imageinfo)
# Create the request packet
attrs = SigningAttributes()
attrs.update_from_image_info_attrs(self.signing_attributes)
request = {
'machine':
platform.node(),
'sign_id':
imageinfo.sign_id,
'to_sign':
BinString(self.hash_to_sign),
'authority':
imageinfo.authority,
'signing_attributes':
self.get_general_properties_dict(imageinfo.general_properties),
}
# Send the signing request
remote_host, remote_port = self.resolve_remote_server_info()
client = QtiRemoteClient(host=remote_host, port=remote_port)
logger.info('Signing with the remote server at ' + remote_host + ':' +
str(remote_port) +
'. Please wait for signing to complete.')
response = client.sign_hash(request=request)
# Check return code
if response['retcode'] != 0:
raise RuntimeError('Qti remote signing failed [' +
str(response['retcode']) + ']: ' +
str(response['errstr']))
# Set the local vars
root_cert, ca_cert, attest_cert, signature = (
str(response['sig_pkg']['root']), str(response['sig_pkg']['ca']),
str(response['sig_pkg']['attest']),
str(response['sig_pkg']['signature']))
# Make sure all assets are present
if signature is None:
raise RuntimeError("Signature is missing")
if attest_cert is None:
raise RuntimeError("Attestation Certificate is missing")
if ca_cert is None:
raise RuntimeError("CA Certificate is missing")
if root_cert is None:
raise RuntimeError("Root Certificate is missing")
# Set all the variables
self.certs[self.ROOT].cert = cert.get_cert_in_format(
root_cert, utils.FORMAT_PEM)
self.certs[self.CA].cert = cert.get_cert_in_format(
ca_cert, utils.FORMAT_PEM)
self.certs[self.ATTEST].cert = cert.get_cert_in_format(
attest_cert, utils.FORMAT_PEM)
self.signature = signature
def __init__(self, config):
BaseSigner.__init__(self, config)
self.openssl_info = openssl_fetch_module.OpenSSLPathsObject(config)
def __init__(self, config):
BaseSigner.__init__(self, config)