1 files changed, 56 insertions, 0 deletions

diff --git a/vnfsdk_pkgtools/packager/utils.py b/vnfsdk_pkgtools/packager/utils.py
index 2d74943..7027e2b 100644
--- a/vnfsdk_pkgtools/packager/utils.py
+++ b/vnfsdk_pkgtools/packager/utils.py
@@ -15,11 +15,17 @@
 
 import hashlib
 from io import BytesIO
+import logging
 import os
+import os.path
 import urlparse
+import subprocess
+import tempfile
 
 import requests
 
+LOG = logging.getLogger(__name__)
+
 
 def _hash_value_for_file(f, hash_function, block_size=2**20):
     while True:
@@ -43,3 +49,53 @@ def cal_file_hash(root, path, algo):
     else:
         with open(os.path.join(root, path), 'rb') as fp:
             return _hash_value_for_file(fp, h)
+
+
+def _run_cmd(cmd, **kwargs):
+    if isinstance(cmd, list):
+        args = cmd
+    elif isinstance(cmd, string):
+        args = [cmd]
+    else:
+        raise RuntimeError("cmd must be string or list")
+
+    for key, value in kwargs.iteritems():
+        args.append(key)
+        if value:
+            args.append(value)
+    try:
+        LOG.debug("Executing %s", args)
+        return subprocess.check_output(args)
+    except subprocess.CalledProcessError as e:
+        LOG.error("Executing %s failed with return code %d, output: %s",
+                  e.cmd, e.returncode, e.output)
+        raise e
+
+
+def sign(msg_file, cert_file, key_file):
+    args = ["openssl", "cms", "-sign", "-binary", "-nocerts"]
+    kwargs = {
+              '-in': os.path.abspath(msg_file),
+              '-signer': os.path.abspath(cert_file),
+              '-inkey': os.path.abspath(key_file),
+              '-outform': 'PEM',
+             }
+
+    return _run_cmd(args, **kwargs)
+
+
+def verify(msg_file, cert_file, cms, no_verify_cert=False):
+    args = ["openssl", "cms", "-verify"]
+    if no_verify_cert:
+        args.append("-no_signer_cert_verify")
+
+    with tempfile.NamedTemporaryFile() as f:
+        f.write(cms)
+        f.flush()
+        kwargs = {
+                  '-in': f.name,
+                  '-inform': 'PEM',
+                  '-content': os.path.abspath(msg_file),
+                  '-certfile': os.path.abspath(cert_file),
+                 }
+        return _run_cmd(args, **kwargs)