Commits

Martin Geisler committed 67c0d11

Switch to S/MIME (X509) certificates for OpenSSL.

  • Participants
  • Parent commits d40d639

Comments (0)

Files changed (10)

     'gnupg.path': 'gpg',
     'gnupg.flags': [],
     'openssl.path': 'openssl',
-    'openssl.pubkey': '',
-    'openssl.seckey': ''
+    'openssl.capath': '',
+    'openssl.certificate': ''
     }
 
 
 
 
 def opensslsign(msg):
-    cmd = [CONFIG["openssl.path"], "dgst", "-sign", CONFIG["openssl.seckey"]]
+    cmd = [CONFIG["openssl.path"], "smime", "-sign", "-outform", "pem",
+           "-signer", CONFIG["openssl.certificate"]]
     p = subprocess.Popen(cmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE)
     sig = p.communicate(msg)[0]
-    return binascii.b2a_base64(sig).strip()
+    return sig
 
 
 def opensslverify(msg, sig, quiet=False):
-    sig = binascii.a2b_base64(sig)
     try:
-        fd, filename = tempfile.mkstemp(prefix="hg-", suffix=".sig")
+        fd, filename = tempfile.mkstemp(prefix="hg-", suffix=".msg")
         fp = os.fdopen(fd, 'wb')
-        fp.write(sig)
+        fp.write(msg)
         fp.close()
-        stderr = quiet and subprocess.PIPE or None
 
-        cmd = [CONFIG["openssl.path"], "dgst",
-               "-verify", CONFIG["openssl.pubkey"], "-signature", filename]
+        cmd = [CONFIG["openssl.path"], "smime",
+               "-verify", "-CApath", CONFIG["openssl.capath"],
+               "-inform", "pem", "-content", filename]
         p = subprocess.Popen(cmd, stdin=subprocess.PIPE,
-                             stdout=subprocess.PIPE, stderr=stderr)
-        out, err = p.communicate(msg)
-        return out.strip() == "Verified OK"
+                             stdout=subprocess.PIPE,
+                             stderr=subprocess.PIPE)
+        out, err = p.communicate(sig)
+        return err.strip() == "Verification successful"
     finally:
         try:
             os.unlink(filename)

tests/openssl/alice.pem

+-----BEGIN RSA PRIVATE KEY-----
+MIICXgIBAAKBgQC+Vcdyf7sAs9RIqDsjdb30tE/bvoUEa7cjZ0aCsv41iHD99NY2
+HMMR3opUUVIVhI5a1AIM5sYNILRmPcxQO7RgUBaChMSC+byWKwSWVPVFvWZIDbeD
+50FkBKOBFgPSpVLbVkmEucIJ+V1x2OGBVu824bTjl5CfP1ztqb36xaPOZQIDAQAB
+AoGBAJNsC0xjJKu5nb4dF5kylEvZ8VTJr2uqJrJ0RofrLby3DpWVMum8w1au4MPI
+LOTfxAcT2Pa3NEVsxG3AheTLKbxrX3FJ9y+KKJtzWA+RHX8oSlm4Ie89T/jGDb4y
+r24U4Cxmq8v0Lq4Ni32emqSBYrmgMXJwZuw9x0XLsgSBFgOhAkEA+C8kAKFOYT/t
+VOXjKvNCM6+AZMOMNkfEK1LkwWU/lLpN3+/424o2zUOU9gQCIIBKGsRJKx0aJVKw
+3uQztyMwOQJBAMRUQnGD9mkmfNROi6jUd4iYzDye8RAwwGxNd6tHglW46zEVvKBP
+H5yOuqMWSc9B60EkbKRQO/IqYAot+8sWN40CQQCraGt2H/IxSmSQ4SEvFckgR1Lm
+xQO+rXw3681gIJx0DOQiCOwYPHIy/D0SWJxbdB86M1zRcQ0Qv/a2SmfJUX1JAkEA
+ql/YvTvglcWhpHh5OE0RYof/DUh9OCimhBYCGLBYyd1MtO8BHzkq3Kj8DFVmPicd
+ag2a/kjmjLP7XjojfU1NbQJAXWPrn8kkR9RXrawdwIwkyRDDogGoX/otcIn92dUv
+PBJxw0zUfE5mvtplS9j5PiLuvNqmqzMD6mihfyt2ASaUrA==
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIICDzCCAXigAwIBAgIJAL4kb25j3xBtMA0GCSqGSIb3DQEBBQUAMBAxDjAMBgNV
+BAMTBUFsaWNlMB4XDTEwMDUyNzE0MzkyNFoXDTIwMDUyNDE0MzkyNFowEDEOMAwG
+A1UEAxMFQWxpY2UwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL5Vx3J/uwCz
+1EioOyN1vfS0T9u+hQRrtyNnRoKy/jWIcP301jYcwxHeilRRUhWEjlrUAgzmxg0g
+tGY9zFA7tGBQFoKExIL5vJYrBJZU9UW9ZkgNt4PnQWQEo4EWA9KlUttWSYS5wgn5
+XXHY4YFW7zbhtOOXkJ8/XO2pvfrFo85lAgMBAAGjcTBvMB0GA1UdDgQWBBTRKhyj
+9La26sDZBgRo3Uvtkp4StzBABgNVHSMEOTA3gBTRKhyj9La26sDZBgRo3Uvtkp4S
+t6EUpBIwEDEOMAwGA1UEAxMFQWxpY2WCCQC+JG9uY98QbTAMBgNVHRMEBTADAQH/
+MA0GCSqGSIb3DQEBBQUAA4GBAHWaQDH7nazi9Qvg1DPkbYwP0FxD5gkq8nqjAnsP
+r4MTiS0dvHC/TYZOcZukKpdrdOpE5i/Sde6D8KrV++HK9jWGaN1Oywcw2XDXicdf
+J0O5gaQgP8pStKdZVFWBmMPLaCrux7lg6BwBoEQqxDRg10or75f/T+J8R9wzqhlk
+bw3g
+-----END CERTIFICATE-----

tests/openssl/alice.pub.pem

------BEGIN PUBLIC KEY-----
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5YoXkv8z7/dz10v92vhK
-TphzDpRShCLOiGdhrCoB3mgIBJb/o5apzg+hpofvkFzvXBqdhobF9BEw8WXpSdTI
-f4pgvpLyrV7/YVvLw1CSC01ivcxaOk8uZAqIh/O0+FuaU51QPrQeso0iPYRybFOa
-lFgdLdCRxPmUOWdbEjaeTc8WmTL64/wmLMeW9XG3QIt6Bz4WHeDknJ/+DedwdN+T
-zriQUPP+9SYA0B1Q8WBIuEnG2qlgBTabcRTRoe8azZ3GUI+dYQOz4gIOvra45qBE
-Usfm7XulqtDdkBvivchlc57vfFmUtxaBLiQk/zxIxGS9ttN+PCc876Bv8UlXuJo5
-/wIDAQAB
------END PUBLIC KEY-----

tests/openssl/alice.sec.pem

------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEA5YoXkv8z7/dz10v92vhKTphzDpRShCLOiGdhrCoB3mgIBJb/
-o5apzg+hpofvkFzvXBqdhobF9BEw8WXpSdTIf4pgvpLyrV7/YVvLw1CSC01ivcxa
-Ok8uZAqIh/O0+FuaU51QPrQeso0iPYRybFOalFgdLdCRxPmUOWdbEjaeTc8WmTL6
-4/wmLMeW9XG3QIt6Bz4WHeDknJ/+DedwdN+TzriQUPP+9SYA0B1Q8WBIuEnG2qlg
-BTabcRTRoe8azZ3GUI+dYQOz4gIOvra45qBEUsfm7XulqtDdkBvivchlc57vfFmU
-txaBLiQk/zxIxGS9ttN+PCc876Bv8UlXuJo5/wIDAQABAoIBAA0t/6qGEsJdj/41
-s87F4OZgZILay14g7YDxhq8u/kp56LPyw5zuArP9O8fnGD9OxsOgF5lo1abs8cV6
-l4mQuS5xkJqAr4R65uj9L1b4oloZyGijei7M6xn9bNd5i9OS1uqkJr5i8zxHVEb5
-+uPzbPXFlW9TAXuw5Ozi3VzPXAmVlZR0kGRHkCYSOkKl9lHdq0WpocOVohF52zSW
-3CJFKoAw2TDSIMYk7NXfK/7hGbrAUcskexNrW/nz4fURiVET+HzJaOUpdGpz/eEg
-4U+fXgy10xu+2ak7My8hfClEDoKMX3fucYs0PinH4meqJMd8lxbTilf310y3/Elk
-XkWNlTECgYEA/q77lGfTCVzV2awGM/ROAe6YVNeauwbmIPyLqtHW2ffoRHnjBc2V
-6JT7rGMGEBF/jwkE+XUb7BUdiMT/Odd+85aNdALeUlN7bezGFPre36AeMs+FiliZ
-5NO3w0WTSy46f2eAbqNv9ioS41e6VV6+Tn7rlj+rYLRWx1DkNlb41xkCgYEA5rnW
-Mdb8HXMOfm9MSfWjO93OrjYOQ8TxznqZBMK3TwGmOiyyB6Bn9TV7/ytt1z3QpNdF
-JIMDQWZzyYM9IrSWUJmh/NYyVe4DcTC5KlDNl9oPsbJ5t/2YBfq616VddcylRSIe
-x6yHxKLqiMb39D0UIQXK2HDN0bd+HC9rWBVgtNcCgYEAlQQ5e6oMFuxUzBoVPwzx
-H7xFMU8937S3rhFWf0psVfjx1C8lIF4cGowhfcoq3/f9FOoIGRXmkooAT+hEFcn7
-I/exKHINN0pVbAogFGJ9SYdcZAp8bmhNE1C1svHgrxqLa8RZp2LFvdj8WD0ab50R
-6MfmfHEgi2K5a8Hu5cSZsPECgYAIVUfuLuSWL7SjTmPD/BI0NFOlqSAkxHUzTuw9
-5sZ2HQoi6cBYVCvNCGx9D9V8w6fIfFnr8qtobknaSlon6bvQF2xpVFcnEVygdvEJ
-HTf/twmAEoEg6xDVjnO3HCre+VAyygOwlIOmz3eHDyCfeqFCfBISdSiJ3YW5gODw
-on0GqwKBgH/qPr4TmoREhEFBJxpeiyxtLXR0jzD/vpMpw8tSeNBJ1zcSCN+uZ84i
-hIZk3QoLEaW8OQOVW0FyO+G+Nkhf6hr90/i7B5LHxO2JMUZI+DS3ynGgWg4d7yyb
-WvsnBUJalHqNDjMMG8fUXw0q7gONwLHaKkx2YjYq1jQpIdMmks5i
------END RSA PRIVATE KEY-----

tests/openssl/bob.pem

+-----BEGIN RSA PRIVATE KEY-----
+MIICXgIBAAKBgQDJ4A08LW8CDvaUeHyRepMT0cVZhnu3LMbks9/hXjIEMwOnt3nc
+tx1bYF4vYtNcWis6mUIZPg9b+gzdiyemCBU7fnfrNra2NcqojaVW+qdmsPlA5Zhx
+rz0i+du4VJm2R62Bi5njx2Q38RwZVlNpP6fWOgLbbazRjChdc8gtSrZhsQIDAQAB
+AoGBAKkwnCcJNPYWsFYyvMP4ZPfBYZLsgRc98duPXV02YtjeIHwZ64ot9e61T3qL
+avUFpSFRfPJG7vx5DvtGOw6Ny6w30WkCOo+SkzdaH0ibYH5sLaHZkZR9iJMfayRE
+n2RcV4t2A4xD/4ODF+xJrzb/TbRjswOIAmswE/bp/EIxDd35AkEA/PDlDnSzbO+b
+PL3xbg23CLpQ99nboWryraY5QJ8pvyjqqApYHxBm3qtbw6ksvOpm0mkU4yG0zxKN
+zjZs+5+hxwJBAMxRDqkHZbp6YLEZpW1i6cZC4VDrhCHzaGxbqR6k7Nh6tZsSLXbs
+fRmVWXXdC6AqRERW+JMvTqdVHBWZv5NjYMcCQE4yl035zELAbMjBnDM+8Dg1ibSm
+WJ01uCLxQb/1tO1RVAJxeD7aTkNGzM7XrWoWOYWRURDLKd/ex5JaByVfe58CQQCm
+QqedYImlj4QzWV1GgCEf1rinMp+ZSQuGcahTaX3aQzCY+dfJWHQMZ34e7TtSoFJh
+EizBCNQGUrnB0hUVCN9tAkEA257ilbCofZcr5JTNdU4R9ZpOeL9WEu9tenUp44cg
+2XMfRcLyZxWzCpqyabu+43v8LbWSGShDxdWmBu4Uoy4L8Q==
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIICCTCCAXKgAwIBAgIJAPKyLkI/CamRMA0GCSqGSIb3DQEBBQUAMA4xDDAKBgNV
+BAMTA0JvYjAeFw0xMDA1MjcxNDM5MjdaFw0yMDA1MjQxNDM5MjdaMA4xDDAKBgNV
+BAMTA0JvYjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyeANPC1vAg72lHh8
+kXqTE9HFWYZ7tyzG5LPf4V4yBDMDp7d53LcdW2BeL2LTXForOplCGT4PW/oM3Ysn
+pggVO3536za2tjXKqI2lVvqnZrD5QOWYca89IvnbuFSZtketgYuZ48dkN/EcGVZT
+aT+n1joC222s0YwoXXPILUq2YbECAwEAAaNvMG0wHQYDVR0OBBYEFAr7evrIop/W
+PcHP+US/Qa5Pi2teMD4GA1UdIwQ3MDWAFAr7evrIop/WPcHP+US/Qa5Pi2teoRKk
+EDAOMQwwCgYDVQQDEwNCb2KCCQDysi5CPwmpkTAMBgNVHRMEBTADAQH/MA0GCSqG
+SIb3DQEBBQUAA4GBAHQg1RdTfb6z+feo7ediwBhK1tVJRj7Oq5VBAFB277pQ07md
+GyhyUvdu7N7crEChK0QwtOyQ7GJaWghJgP2mSCbfj/S7hV0Snns7wrGtff/+dgfv
+ZWkXKE5gbISIkbIxsHyhjvZn4+o390yVRqjRDqCAVpj6SE7c7iIJAQYSyQaS
+-----END CERTIFICATE-----

tests/openssl/bob.pub.pem

------BEGIN PUBLIC KEY-----
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Ih7yBH0PbYkm7SaZbxU
-xWe+Mqv7UL7o5TCWWLg3eMUcZoGL8N1nWEKUmSDf5kM1Vc1WPBZvPNVmNnuxuW4Q
-2NZXqRTOlvQgExJERi9UHwsAE7uEipaz7DBhAIor2EagdpCKWwfouM/oMmrjyYU6
-U5sAf//stsD0gZJ2Y2Qfazz0cap/5SXArDSlB6gBCbaOOxOl4/PZ1st6Ma0ibkKn
-MYHPbSjOkBk3hiZBmMEStxrcERvyWByApO/2ZkhOtH6ZsST5JMEEza9BYhEAz0NM
-qa9pqITDxiHsY/rKoSk1ch2sq8nJu/MPtoriYTjHxpviZJoDJHiMLsbZqETL0l28
-wQIDAQAB
------END PUBLIC KEY-----

tests/openssl/bob.sec.pem

------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEA4Ih7yBH0PbYkm7SaZbxUxWe+Mqv7UL7o5TCWWLg3eMUcZoGL
-8N1nWEKUmSDf5kM1Vc1WPBZvPNVmNnuxuW4Q2NZXqRTOlvQgExJERi9UHwsAE7uE
-ipaz7DBhAIor2EagdpCKWwfouM/oMmrjyYU6U5sAf//stsD0gZJ2Y2Qfazz0cap/
-5SXArDSlB6gBCbaOOxOl4/PZ1st6Ma0ibkKnMYHPbSjOkBk3hiZBmMEStxrcERvy
-WByApO/2ZkhOtH6ZsST5JMEEza9BYhEAz0NMqa9pqITDxiHsY/rKoSk1ch2sq8nJ
-u/MPtoriYTjHxpviZJoDJHiMLsbZqETL0l28wQIDAQABAoIBAQDDyP72VAF/FiYR
-x4eiEnhwsad9k81OeUmnH5jZv7hPDMFY+LlHzCdjJJticvIJXK1TJft95aoVh5bb
-BzzPjhQOn8hMXSJPKowVVSZHdNmLQBJPIoHOPt6gowbSa6kTq3IcMKkT+2+IR3IX
-FHGPtSZI5K2o70Y/jT0nBslInXNwE1KK5n4eNGPD0h0NKlWrLoqMV4EJnyWBO3nb
-i97iu4/tR/EQnBYqIjV3M0Frv4KpvZxwr0Q8t3i1frzTE1iDwLbPPlOjfkfAsulr
-QZiWt6E5eI2UW62spSlsKBSY1FrP1lj98BPGzqiNKiGDUGmyK9xFPZSBFHW4c+/C
-NNOrYbbhAoGBAPFxJekw5XPjWtFPZahDapPLW6ANUZiP5UeEYUI84r6B18F/fv6C
-P6lNDuHZHFPtPLb7c7qz7o7zgntWZyb9cOFfEzO/VBYK7dmi5O3958vmK2qiAhPp
-C6MD73soShYFWUiAqd6NsTWQybbPnIM32pbufGhuofW1IeSBbTpYAI2FAoGBAO4S
-VXBvV2E4Y2oN9/PGt4nSBbamNPPyHGp/waWDrLdAuCMfxMlMMoZ3e2nAe0dhLLgL
-y0NHoQpfR8lgv0yK7CoEVOaVQHFwk2758SXECJ5seZk0nEi8/Yf8vT4tHVtquBzw
-aIKHmXhUEC5ZRfu0jFnfT1Srvtm4nQJ0uXS3j2kNAoGAO8FhPKGZaGEwrPUVl9t3
-mTSPbMFfHH8go96jo50mEThZic5gQ+VAlEo6ELOHS04/5Jm/PsohlMe314a+6Ot4
-8I5zVi9YRExYKbEjL7PTlqdUv4NxODRJaQMkVjrWezS/sC4H3Mj8vuEiy1f+yIse
-UpSbvc0D0KgPx1oxCmuVV3ECgYA/89LZyj8Z0bD6+1ehN790GWQJhapx4Zb6kOkv
-EikibRNJ9C3DuWFVN+GCLf+v1A3UPu7SWvqKs7+v+/pHkIYSX2mDK5LNJmWkiSXb
-dEawcAlWO4jEDWi50A3yFuJs/UUKGRaqAc0bQtG58adYD08okVFZOG2jRPGAiGSN
-UwYGPQKBgA+956zjBdG7v+YTLQ4qbTf2iV5Gbo+yACHYRo19Cfe7M5uQZDQLQYZh
-623K5QrEj+WKAyoFpszR3HioDvhK2a4aPyh+jTuNVuRG1IMsj8osIX5MitOGgDQX
-/AKTa7VPrvSCW9d4J1KRRKsnfPb2laOiC6WQvNOmOzoAuv+nlyKy
------END RSA PRIVATE KEY-----

tests/openssl/e4e5eb74.0

+alice.pem

tests/openssl/f1f1e870.0

+bob.pem

tests/test-commitsigs

 cat >> $HGRCPATH <<EOF
 [commitsigs]
 scheme = openssl
-openssl.pubkey = $TESTDIR/openssl/alice.pub.pem
-openssl.seckey = $TESTDIR/openssl/alice.sec.pem
+openssl.certificate = $TESTDIR/openssl/alice.pem
+openssl.capath = $TESTDIR/openssl
 EOF
 
 echo "!" >> a.txt