Security-55179.1.tar.gz

[apple/security.git] / libsecurity_codesigning / gke / gkgenerate

diff --git a/libsecurity_codesigning/gke/gkgenerate b/libsecurity_codesigning/gke/gkgenerate
index b62383f18fa043e1c23757d3b387afc85b11caad..127d9b0c0301270488a2599b12749ac54adcda9f 100755 (executable)
--- a/libsecurity_codesigning/gke/gkgenerate
+++ b/libsecurity_codesigning/gke/gkgenerate
@@ -22,7 +22,6 @@ import uuid
 authfile = "gke.auth"
 sigfile = "gke.dsig"
 
-
 #
 # Usage and fail
 #
@@ -49,6 +48,20 @@ authfile = args.output + ".auth"
 sigsfile = args.output + ".sigs"
 
 
+#
+# Augment a snippet record
+#
+def augment(data):
+       for auth in data.authority.values():
+               if auth.path in data.signatures:
+                       signature = data.signatures[auth.path].signature.data
+                       unpack = subprocess.Popen(["/usr/local/bin/gkunpack"], stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+                       (stdout, stderr) = unpack.communicate(input=signature)
+                       if stderr:
+                               fail("signature unpack failed for %s" % auth.path)
+                       auth.screen = stdout.rstrip();
+
+
 #
 # Start by collecting authority evidence from the authority records
 #
@@ -57,10 +70,12 @@ sigs = { }
 for source in args.source:
        if source[0] == '+':
                data = plistlib.readPlist(source[1:])
+               augment(data)
                auth.update(data["authority"])
                sigs.update(data["signatures"])
        else:
                data = plistlib.readPlist(source)
+               augment(data)
                auth.update(data["authority"])
 
 if not auth and not args.empty: