Permalink
Browse files

Accept keyfile file-like objects

  • Loading branch information...
1 parent 9252df1 commit 3a7107ae08c49a9d49e65e0f5f038944bd6a85d2 @nmaier committed Jan 6, 2013
Showing with 30 additions and 21 deletions.
  1. +14 −18 xpisign/api.py
  2. +16 −3 xpisign/crypto.py
View
@@ -169,9 +169,8 @@ def xpisign(xpifile,
'''
Sign an XP-Install (XPI file)
- xpifile and outfile might be either strings pointing to the corresponding
- file or file-like-objects.
- keyfile is expected to be a string containing a path.
+ xpifile, keyfile and outfile might be either strings pointing to the
+ corresponding file or file-like-objects.
The file in question will be signed using the key as provided in key file.
@@ -195,25 +194,22 @@ def xpisign(xpifile,
@return: signed result file name or buffer
'''
+ kw = dict(optimize_signatures=optimize_signatures,
+ optimize_compression=optimize_compression,
+ signer=signer
+ )
+
if isinstance(xpifile, basestring):
- with open(xpifile, "rb") as zp:
- return xpisign(zp,
- keyfile,
- outfile,
- optimize_signatures,
- optimize_compression,
- signer
- )
+ with open(xpifile, "rb") as xp:
+ return xpisign(xp, keyfile, outfile, **kw)
+
+ if isinstance(keyfile, basestring):
+ with open(keyfile, "rb") as kp:
+ return xpisign(xpifile, kp, outfile, **kw)
if outfile and isinstance(outfile, basestring):
with open(outfile, "wb") as op:
- xpisign(zp,
- keyfile,
- op,
- optimize_signatures,
- optimize_compression,
- signer
- )
+ xpisign(xpifile, keyfile, op, **kw)
return outfile
if not outfile:
View
@@ -4,6 +4,8 @@
import re
import warnings
+from .context import StreamPositionRestore
+
RE_KEY = re.compile("-----BEGIN ((ENCRYPTED|RSA) )?PRIVATE KEY-----"
".+?-----END ((ENCRYPTED|RSA) )?PRIVATE KEY-----", re.S)
RE_CERTS = re.compile("-----BEGIN CERTIFICATE-----"
@@ -17,8 +19,8 @@ def parse_keyfile(keyfile):
Parse a keyfile into private key, signing cert and CA stack
"""
- with open(keyfile, "rb") as kf:
- kf = kf.read()
+ with StreamPositionRestore(keyfile):
+ kf = keyfile.read()
key = RE_KEY.search(kf)
certs = RE_CERTS.finditer(kf)
return (str(key.group(0)),
@@ -122,6 +124,17 @@ def sign_m2(keyfile, content):
Sign content with a keyfile using M2Crypto
"""
+ # XXX kill once we can load the key directly from a buffer
+ if not hasattr(keyfile, "name"):
+ warnings.warn("Rewrapping keyfile into a temporary file. "
+ "This may case the file to be written to insecure "
+ "storage!")
+ with NamedTemporaryFile() as kp:
+ with StreamPositionRestore(kp):
+ with StreamPositionRestore(keyfile):
+ kp.write(keyfile.read())
+ return sign_m2(kp, content)
+
try:
# load intermediate certs if any
stack = M2X509.X509_Stack()
@@ -136,7 +149,7 @@ def sign_m2(keyfile, content):
# actual signing
smime = M2S.SMIME()
- smime.load_key(keyfile)
+ smime.load_key(keyfile.name)
smime.set_x509_stack(stack)
pkcs7 = M2Buffer()

0 comments on commit 3a7107a

Please sign in to comment.