diff options
| author |   Lianhao Lu <lianhao.lu@intel.com> | 2018-08-24 18:48:49 +0800 |
|---|---|---|
| committer | Lianhao Lu <lianhao.lu@intel.com> | 2018-08-24 18:48:49 +0800 |
| commit | a570b0bbe05295b469c975916faf19919c656cd2 (patch) | |
| tree | 692c16ce232ffb3cbddfb518e2fe56d77672e00b /vnfsdk_pkgtools | |
| parent | a15a4bc165307623ca0870983cee746e5f761db8 (diff) | |
Added supporting functions for certificate
Added the supporting functions for sign and verify using certificate.
Change-Id: Ic84e773d60c248963e63909cbdae3edd99bd5293
Issue-ID: VNFSDK-144
Signed-off-by: Lianhao Lu <lianhao.lu@intel.com>
Diffstat (limited to 'vnfsdk_pkgtools')
| -rw-r--r-- | vnfsdk_pkgtools/packager/utils.py | 56 |
1 files changed, 56 insertions, 0 deletions
diff --git a/vnfsdk_pkgtools/packager/utils.py b/vnfsdk_pkgtools/packager/utils.py index 2d74943..7027e2b 100644 --- a/vnfsdk_pkgtools/packager/utils.py +++ b/vnfsdk_pkgtools/packager/utils.py @@ -15,11 +15,17 @@ import hashlib from io import BytesIO +import logging import os +import os.path import urlparse +import subprocess +import tempfile import requests +LOG = logging.getLogger(__name__) + def _hash_value_for_file(f, hash_function, block_size=2**20): while True: @@ -43,3 +49,53 @@ def cal_file_hash(root, path, algo): else: with open(os.path.join(root, path), 'rb') as fp: return _hash_value_for_file(fp, h) + + +def _run_cmd(cmd, **kwargs): + if isinstance(cmd, list): + args = cmd + elif isinstance(cmd, string): + args = [cmd] + else: + raise RuntimeError("cmd must be string or list") + + for key, value in kwargs.iteritems(): + args.append(key) + if value: + args.append(value) + try: + LOG.debug("Executing %s", args) + return subprocess.check_output(args) + except subprocess.CalledProcessError as e: + LOG.error("Executing %s failed with return code %d, output: %s", + e.cmd, e.returncode, e.output) + raise e + + +def sign(msg_file, cert_file, key_file): + args = ["openssl", "cms", "-sign", "-binary", "-nocerts"] + kwargs = { + '-in': os.path.abspath(msg_file), + '-signer': os.path.abspath(cert_file), + '-inkey': os.path.abspath(key_file), + '-outform': 'PEM', + } + + return _run_cmd(args, **kwargs) + + +def verify(msg_file, cert_file, cms, no_verify_cert=False): + args = ["openssl", "cms", "-verify"] + if no_verify_cert: + args.append("-no_signer_cert_verify") + + with tempfile.NamedTemporaryFile() as f: + f.write(cms) + f.flush() + kwargs = { + '-in': f.name, + '-inform': 'PEM', + '-content': os.path.abspath(msg_file), + '-certfile': os.path.abspath(cert_file), + } + return _run_cmd(args, **kwargs) |