Bug 1094551 - Support EME voucher signing on signing server. r=nthomas

--HG-- extra : rebase_source : f8c0497832dfd8f75bfe32e872c3b4512a813abd
mozilla · Nov 13, 2014 · 0e5bfa0 · 0e5bfa0
1 parent 0d1707a
commit 0e5bfa0
Show file tree

Hide file tree

Showing 4 changed files with 51 additions and 3 deletions.
diff --git a/lib/python/signing/utils.py b/lib/python/signing/utils.py
@@ -152,6 +152,40 @@ def gpg_signfile(filename, sigfile, gpgdir, fake=False, passphrase=None):
         raise
 
 
+def emevoucher_signfile(inputfile, outputfile, key, fake=False, passphrase=None):
+    """Perform SMIME signing on "inputfile", writing a signed version
+    to "outputfile", using passed in "key". This is necessary for the EME voucher.
+
+    If fake is True, generate a fake signature and sleep for a bit.
+
+    If passphrase is set, it will be passed to gpg on stdin
+    """
+    if fake:
+        time.sleep(1)
+        return
+
+    stdout = tempfile.TemporaryFile()
+    args = ['smime', '-sign', '-in', inputfile,
+            '-out', outputfile, '-signer', key,
+            '-md', 'sha256', '-binary', '-nodetach',
+            '-outform', 'DER']
+
+    try:
+        import pexpect
+        proc = pexpect.spawn("openssl", args)
+        # We use logfile_read because we only want stdout/stderr, _not_ stdin.
+        proc.logfile_read = stdout
+        proc.expect('Enter pass phrase')
+        proc.sendline(passphrase)
+        if proc.wait() != 0:
+            raise ValueError("openssl didn't return 0")
+    except:
+        stdout.seek(0)
+        data = stdout.read()
+        log.exception(data)
+        raise
+
+
 def mar_signfile(inputfile, outputfile, mar_cmd, fake=False, passphrase=None):
     # Now sign it
     if isinstance(mar_cmd, basestring):

diff --git a/release/signing/signing.ini.template b/release/signing/signing.ini.template
@@ -33,6 +33,7 @@ max_filesize_dmg = 52428800
 max_filesize_mar = 52428800
 max_filesize_signcode = 52428800
 max_filesize_osslsigncode = 52428800
+max_filesize_emevoucher = 52428800
 # Secret for signing tokens. This should be kept private!
 # It should also be the same on all equivalent signing servers.
 token_secret = secretstring
@@ -58,7 +59,7 @@ unsigned_dir = unsigned-files
 
 [signing]
 # What signing formats we support
-formats = mar,gpg,signcode,osslsigncode
+formats = mar,gpg,signcode,osslsigncode,emevoucher
 # Which script to run to sign files
 signscript = python ./signscript.py -c signing.ini
 # How many files to sign at once
@@ -70,6 +71,7 @@ testfile_signcode = test.exe
 testfile_osslsigncode = test64.exe
 testfile_mar = test.mar
 testfile_gpg = test.mar
+testfile_emevoucher = test.bin
 
 [signscript]
 # Various settings for signscript. signing-server.py doesn't look in here
@@ -78,5 +80,7 @@ signcode_keydir = /path/to/keys
 osslsigncode_keydir = /path/to/keys
 # Where is the gpg directory with our private key
 gpg_homedir = /path/to/.gpg
+# Where is the eme voucher private key
+emevoucher_key = /path/to/cert.pem
 # How to run mar
 mar_cmd = /path/to/signmar -d /path/to/nsscerts -n keyname -s
diff --git a/release/signing/signscript.py b/release/signing/signscript.py
@@ -10,7 +10,9 @@
 import sys
 
 from util.file import copyfile, safe_unlink
-from signing.utils import shouldSign, signfile, osslsigncode_signfile, gpg_signfile, mar_signfile, dmg_signpackage, jar_signfile
+from signing.utils import shouldSign, signfile, osslsigncode_signfile
+from signing.utils import gpg_signfile, mar_signfile, dmg_signpackage
+from signing.utils import jar_signfile, emevoucher_signfile
 
 if __name__ == '__main__':
     from optparse import OptionParser
@@ -28,6 +30,7 @@
         signcode_timestamp=None,
         jar_keystore=None,
         jar_keyname=None,
+        emevoucher_key=None,
     )
     parser.add_option("--keydir", dest="signcode_keydir",
                       help="where MozAuthenticode.spc, MozAuthenticode.spk can be found")
@@ -47,6 +50,8 @@
                       help="keystore for signing jar_")
     parser.add_option("--jar_keyname", dest="jar_keyname",
                       help="which key to use from jar_keystore")
+    parser.add_option("--emevoucher_key", dest="emevoucher_key",
+                      help="The certificate to use for signing the eme voucher")
     parser.add_option(
         "-v", action="store_const", dest="loglevel", const=logging.DEBUG)
 
@@ -104,6 +109,10 @@
         safe_unlink(tmpfile)
         gpg_signfile(
             inputfile, tmpfile, options.gpg_homedir, options.fake, passphrase)
+    elif format_ == "emevoucher":
+        safe_unlink(tmpfile)
+        emevoucher_signfile(
+            inputfile, tmpfile, options.emevoucher_key, options.fake, passphrase)
     elif format_ == "mar":
         if not options.mar_cmd:
             parser.error("mar_cmd is required when format is mar")

diff --git a/release/signing/signtool.py b/release/signing/signtool.py
@@ -40,7 +40,8 @@ def is_authenticode_signed(filename):
 
 
 def main():
-    allowed_formats = ("signcode", "osslsigncode", "gpg", "mar", "dmg", "dmgv2", "jar", "b2gmar")
+    allowed_formats = ("signcode", "osslsigncode", "gpg", "mar", "dmg",
+                       "dmgv2", "jar", "b2gmar", "emevoucher")
 
     from optparse import OptionParser
     import random