File wrapping framework.

wrapfile.py

@@ -0,0 +1,54 @@
+#!/usr/bin/python3
+
+import argparse
+import codecs
+import json
+from OpenSSL import crypto
+import sys
+
+
+parser = argparse.ArgumentParser(description='iconograph wrapfile')
+parser.add_argument(
+    '--cert',
+    dest='cert',
+    action='store',
+    required=True)
+parser.add_argument(
+    '--key',
+    dest='key',
+    action='store',
+    required=True)
+parser.add_argument(
+    '--other-cert',
+    dest='other_certs',
+    action='store',
+    nargs='*')
+FLAGS = parser.parse_args()
+
+
+class Wrapper(object):
+
+  def __init__(self, key, cert, other_certs):
+    with open(key, 'r') as fh:
+      self._key = crypto.load_privatekey(crypto.FILETYPE_PEM, fh.read())
+    with open(cert, 'r') as fh:
+      self._cert_str = fh.read()
+      self._cert = crypto.load_certificate(crypto.FILETYPE_PEM, self._cert_str)
+    self._other_cert_strs = []
+    for path in (other_certs or []):
+      with open(path, 'r') as fh:
+        self._other_cert_strs.append(fh.read())
+
+  def Wrap(self, instr):
+    inbytes = instr.encode('utf8')
+    return {
+        'cert': self._cert_str,
+        'other_certs': self._other_cert_strs,
+        'sig': codecs.encode(crypto.sign(self._key, inbytes, 'sha256'), 'hex').decode('ascii'),
+        'inner': instr,
+    }
+
+
+wrapper = Wrapper(FLAGS.key, FLAGS.cert, FLAGS.other_certs)
+wrapped = wrapper.Wrap(sys.stdin.read())
+json.dump(wrapped, sys.stdout, sort_keys=True, indent=4)