Module: Origami::Signature

Defined in:

lib/origami/signature.rb

Defined Under Namespace

Classes: AppData, BuildData, BuildProperties, DigitalSignature, PKCS1, Reference, SigQData

Constant Summary

PKCS1_RSA_SHA1 =

"adbe.x509.rsa_sha1"

PKCS7_SHA1 =

"adbe.pkcs7.sha1"

PKCS7_DETACHED =

"adbe.pkcs7.detached"

Class Method Summary

• .compute(method, data, certificate, key, ca) ⇒ Object

  Computes the signature using the specified subfilter method.

• .required_size(method, certificate, key, ca) ⇒ Object

  Computes the required size in bytes for storing the signature.

• .verify(method, data, signature, store, chain) ⇒ Object

Class Method Details

.compute(method, data, certificate, key, ca) ⇒ Object

Computes the signature using the specified subfilter method.

# File 'lib/origami/signature.rb', line 433

def self.compute(method, data, certificate, key, ca)
    case method
    when PKCS7_DETACHED
        OpenSSL::PKCS7.sign(certificate, key, data, ca, OpenSSL::PKCS7::DETACHED | OpenSSL::PKCS7::BINARY).to_der

    when PKCS7_SHA1
        OpenSSL::PKCS7.sign(certificate, key, Digest::SHA1.digest(data), ca, OpenSSL::PKCS7::BINARY).to_der

    when PKCS1_RSA_SHA1
        PKCS1.sign(certificate, key, data).to_der

    else
        raise NotImplementedError, "Unsupported signature method #{method.inspect}"
    end
end

.required_size(method, certificate, key, ca) ⇒ Object

Computes the required size in bytes for storing the signature.

# File 'lib/origami/signature.rb', line 426

def self.required_size(method, certificate, key, ca)
    self.compute(method, "", certificate, key, ca).size
end

.verify(method, data, signature, store, chain) ⇒ Object

# File 'lib/origami/signature.rb', line 401

def self.verify(method, data, signature, store, chain)
    case method
    when PKCS7_DETACHED
        pkcs7 = OpenSSL::PKCS7.new(signature)
        raise SignatureError, "Not a PKCS7 detached signature" unless pkcs7.detached?
        pkcs7.verify([], store, data, OpenSSL::PKCS7::DETACHED | OpenSSL::PKCS7::BINARY)

    when PKCS7_SHA1
        pkcs7 = OpenSSL::PKCS7.new(signature)
        pkcs7.verify([], store, nil, OpenSSL::PKCS7::BINARY) and pkcs7.data == Digest::SHA1.digest(data)

    when PKCS1_RSA_SHA1
        raise SignatureError, "Cannot verify RSA signature without a certificate" if chain.empty?
        cert = chain.shift
        pkcs1 = PKCS1.new(signature)
        pkcs1.verify(cert, chain, store, data)

    else
        raise NotImplementedError, "Unsupported signature method #{method.inspect}"
    end
end