@@ -77,13 +77,27 @@ func verifySig() *cobra.Command {
7777 }
7878 logger .Info (ctx , fmt .Sprintf ("Valid: %t" , valid ))
7979
80- fmt .Println ("----------------OpenSSL Verify----------------" )
81- valid , err = openSSLVerify (ctx , logger , msgData , signed )
80+ fmt .Println ("----------------OpenSSL Verify CMS ----------------" )
81+ valid , err = openSSLVerify (ctx , "cms" , logger , msgData , signed )
8282 if err != nil {
8383 logger .Error (ctx , "openssl verify" , slog .Error (err ))
8484 }
8585 logger .Info (ctx , fmt .Sprintf ("Valid: %t" , valid ))
8686
87+ fmt .Println ("----------------OpenSSL Verify SMIME----------------" )
88+ valid , err = openSSLVerify (ctx , "smime" , logger , msgData , signed )
89+ if err != nil {
90+ logger .Error (ctx , "openssl verify" , slog .Error (err ))
91+ }
92+ logger .Info (ctx , fmt .Sprintf ("Valid: %t" , valid ))
93+
94+ fmt .Println ("----------------node-ovsx-sign Verify----------------" )
95+ valid , err = openVSXSignVerify (ctx , logger , extensionVsix , p7sFile )
96+ if err != nil {
97+ logger .Error (ctx , "open vsx verify" , slog .Error (err ))
98+ }
99+ logger .Info (ctx , fmt .Sprintf ("Valid: %t" , valid ))
100+
87101 fmt .Println ("----------------vsce-sign Verify----------------" )
88102 valid , err = vsceSignVerify (ctx , logger , extensionVsix , p7sFile )
89103 if err != nil {
@@ -143,7 +157,7 @@ func goVerify(ctx context.Context, logger slog.Logger, message []byte, signature
143157 return verifyErr == nil , nil
144158}
145159
146- func openSSLVerify (ctx context.Context , logger slog.Logger , message []byte , signature []byte ) (bool , error ) {
160+ func openSSLVerify (ctx context.Context , algo string , logger slog.Logger , message []byte , signature []byte ) (bool , error ) {
147161 // openssl cms -verify -in message_from_alice_for_bob.msg -inform DER -CAfile ehealth_root_ca.cer | openssl cms -decrypt -inform DER -recip bob_etk_pair.pem | openssl cms -inform DER -cmsout -print
148162 tmpdir := os .TempDir ()
149163 tmpdir = filepath .Join (tmpdir , "verify-sigs" )
@@ -165,7 +179,8 @@ func openSSLVerify(ctx context.Context, logger slog.Logger, message []byte, sign
165179
166180 }
167181
168- cmd := exec .CommandContext (ctx , "openssl" , "cms" , "-verify" ,
182+ // smime or cms
183+ cmd := exec .CommandContext (ctx , "openssl" , algo , "-verify" ,
169184 "-in" , sigPath , "-content" , msgPath , "-inform" , "DER" ,
170185 )
171186 if localCA {
@@ -183,6 +198,30 @@ func openSSLVerify(ctx context.Context, logger slog.Logger, message []byte, sign
183198 return cmd .ProcessState .ExitCode () == 0 , nil
184199}
185200
201+ func openVSXSignVerify (ctx context.Context , logger slog.Logger , vsixPath , sigPath string ) (bool , error ) {
202+ bin := os .Getenv ("OPEN_VSX_SIGN_PATH" )
203+ if bin == "" {
204+ return false , xerrors .Errorf ("OPEN_VSX_SIGN_PATH not set" )
205+ }
206+
207+ cmd := exec .CommandContext (ctx , bin , "verify" ,
208+ vsixPath ,
209+ sigPath ,
210+ "--public-key" , "/home/steven/go/src/github.com/coder/code-marketplace/extensionsign/testdata/public.pem" ,
211+ )
212+ fmt .Println (cmd .String ())
213+ output := & strings.Builder {}
214+ cmd .Stdout = output
215+ cmd .Stderr = output
216+ err := cmd .Run ()
217+ fmt .Println (output .String ())
218+ if err != nil {
219+ return false , xerrors .Errorf ("run verify %q: %w" , cmd .String (), err )
220+ }
221+
222+ return cmd .ProcessState .ExitCode () == 0 , nil
223+ }
224+
186225func vsceSignVerify (ctx context.Context , logger slog.Logger , vsixPath , sigPath string ) (bool , error ) {
187226 bin := os .Getenv ("VSCE_SIGN_PATH" )
188227 if bin == "" {
0 commit comments