Module: Origami::Signature

Defined in:
lib/origami/signature.rb

Defined Under Namespace

Classes: AppData, BuildData, BuildProperties, DigitalSignature, Reference, SigQData

Constant Summary collapse

PKCS1_RSA_SHA1 = 
"adbe.x509.rsa_sha1"
PKCS7_SHA1 = 
"adbe.pkcs7.sha1"
PKCS7_DETACHED = 
"adbe.pkcs7.detached"

Class Method Summary collapse

Class Method Details

.compute(method, data, certificate, key, ca) ⇒ Object

Computes the signature using the specified subfilter method.



356
357
358
359
360
361
362
363
364
365
366
367
368
369
 
# File 'lib/origami/signature.rb', line 356

def self.compute(method, data, certificate, key, ca)
    case method
    when PKCS7_DETACHED
        OpenSSL::PKCS7.sign(certificate, key, data, ca, OpenSSL::PKCS7::DETACHED | OpenSSL::PKCS7::BINARY).to_der

    when PKCS7_SHA1
        OpenSSL::PKCS7.sign(certificate, key, Digest::SHA1.digest(data), ca, OpenSSL::PKCS7::BINARY).to_der

    when PKCS1_RSA_SHA1
        key.sign(OpenSSL::Digest::SHA1.new, data)
    else
        raise NotImplementedError, "Unsupported signature method #{method.inspect}"
    end
end

.required_size(method, certificate, key, ca) ⇒ Object

Computes the required size in bytes for storing the signature.



349
350
351
 
# File 'lib/origami/signature.rb', line 349

def self.required_size(method, certificate, key, ca)
    self.compute(method, "", certificate, key, ca).size
end

.verify(method, data, signature, store, flags) ⇒ Object 



329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
 
# File 'lib/origami/signature.rb', line 329

def self.verify(method, data, signature, store, flags)
    case method
    when PKCS7_DETACHED
        pkcs7 = OpenSSL::PKCS7.new(signature)
        raise SignatureError, "Not a PKCS7 detached signature" unless pkcs7.detached?
        flags |= OpenSSL::PKCS7::DETACHED
        pkcs7.verify([], store, data, flags)

    when PKCS7_SHA1
        pkcs7 = OpenSSL::PKCS7.new(signature)
        pkcs7.verify([], store, nil, flags) and pkcs7.data == Digest::SHA1.digest(data)

    else
        raise NotImplementedError, "Unsupported signature method #{method.inspect}"
    end
end