Module: Origami::Signature

Defined in:: lib/origami/signature.rb

Defined Under Namespace

Classes: AppData, BuildData, BuildProperties, DigitalSignature, PKCS1, Reference, SigQData

Constant Summary collapse

PKCS1_RSA_SHA1 =

"adbe.x509.rsa_sha1"

PKCS7_SHA1 =

"adbe.pkcs7.sha1"

PKCS7_DETACHED =

"adbe.pkcs7.detached"

Class Method Summary collapse

.compute(method, data, certificate, key, ca) ⇒ Object

Computes the signature using the specified subfilter method.
.required_size(method, certificate, key, ca) ⇒ Object

Computes the required size in bytes for storing the signature.
.verify(method, data, signature, store, chain) ⇒ Object

Class Method Details

.compute(method, data, certificate, key, ca) ⇒ `Object`

Computes the signature using the specified subfilter method.

# File 'lib/origami/signature.rb', line 424

def self.compute(method, data, certificate, key, ca)
  case method
  when PKCS7_DETACHED
    OpenSSL::PKCS7.sign(certificate, key, data, ca, OpenSSL::PKCS7::DETACHED | OpenSSL::PKCS7::BINARY).to_der

  when PKCS7_SHA1
    OpenSSL::PKCS7.sign(certificate, key, Digest::SHA1.digest(data), ca, OpenSSL::PKCS7::BINARY).to_der

  when PKCS1_RSA_SHA1
    PKCS1.sign(certificate, key, data).to_der

  else
    raise NotImplementedError, "Unsupported signature method #{method.inspect}"
  end
end

.required_size(method, certificate, key, ca) ⇒ `Object`

Computes the required size in bytes for storing the signature.



417
418
419

# File 'lib/origami/signature.rb', line 417

def self.required_size(method, certificate, key, ca)
  compute(method, "", certificate, key, ca).size
end

.verify(method, data, signature, store, chain) ⇒ `Object`

# File 'lib/origami/signature.rb', line 392

def self.verify(method, data, signature, store, chain)
  case method
  when PKCS7_DETACHED
    pkcs7 = OpenSSL::PKCS7.new(signature)
    raise SignatureError, "Not a PKCS7 detached signature" unless pkcs7.detached?
    pkcs7.verify([], store, data, OpenSSL::PKCS7::DETACHED | OpenSSL::PKCS7::BINARY)

  when PKCS7_SHA1
    pkcs7 = OpenSSL::PKCS7.new(signature)
    pkcs7.verify([], store, nil, OpenSSL::PKCS7::BINARY) and pkcs7.data == Digest::SHA1.digest(data)

  when PKCS1_RSA_SHA1
    raise SignatureError, "Cannot verify RSA signature without a certificate" if chain.empty?
    cert = chain.shift
    pkcs1 = PKCS1.new(signature)
    pkcs1.verify(cert, chain, store, data)

  else
    raise NotImplementedError, "Unsupported signature method #{method.inspect}"
  end
end

Module: Origami::Signature

Defined Under Namespace

Constant Summary collapse

Class Method Summary collapse

Class Method Details

.compute(method, data, certificate, key, ca) ⇒ Object

.required_size(method, certificate, key, ca) ⇒ Object

.verify(method, data, signature, store, chain) ⇒ Object

.compute(method, data, certificate, key, ca) ⇒ `Object`

.required_size(method, certificate, key, ca) ⇒ `Object`

.verify(method, data, signature, store, chain) ⇒ `Object`