def get_certificates(self, status=None):
"""Returns all the certificates attached to a master
Optionally you can specify a `status` for the certificates. The statuses can either be
* "SIGNATURE PENDING"
* "SIGNED"
* "REVOKED"
If status is None, all the certifictes will be returned regardless of their status
Note that it is just for conveinence that this option is provided. From the API's point
of view we will issue the same request anyway.
:param status: The status of the certificates
:type status: str
:return: A list of matching certificates
:rtype: List of ppaas.Certificate
"""
if status is None:
return Certificate.get_certificates(self, self.client)
else:
certificates = Certificate.get_certificates(self, self.client)
return [
cert for cert in certificates
if cert.status['message'] == status
]
def __init__(self, name):
self.__name = name
print("{} created".format(name))
self.__key = KeyPairRSA()
self.__cert = Certificate(name=name,
key_pair_rsa=self.__key,
validity_date=10)
def main():
lista = load_csv()
for cert in lista:
svg = load_svg(cert)
certificado = Certificate(svg)
certificado.save()
def create_p12(logger, ctx, name, pem, key, password, config, force, verbose,
debug):
"""
\b
Create a simple p12
Need key file and pem file
\f
:param logger:
:param ctx:
:param name:
:param pem:
:param key:
:param password:
:param config:
:param force:
:param verbose:
:param debug:
:return:
"""
tools.set_options(ctx=ctx, config=config, verbose=verbose, debug=debug)
cert = Certificate(logger=logger, opts=tools.opts)
cert.generate_p12(key=key,
pem=pem,
p12=name,
password=password,
force=force)
class Equipment:
def __init__(self, name):
self.__name = name
print("{} created".format(name))
self.__key = KeyPairRSA()
self.__cert = Certificate(name=name,
key_pair_rsa=self.__key,
validity_date=10)
def name(self):
return self.__name
def pubkey(self):
return self.__key.pubkey()
def byte_pubkey(self):
return self.__key.byte_pubkey()
def cert(self):
return self.__cert.cert()
def byte_cert(self):
return self.__cert.byte_cert()
def generate_certificate(self, issuer_name, issuer_pubkey, validity_date):
now = datetime.datetime.utcnow()
# Creation d'un certificat
subject = x509.Name(
[x509.NameAttribute(NameOID.COMMON_NAME, self.__name)])
issuer = x509.Name(
[x509.NameAttribute(NameOID.COMMON_NAME, issuer_name)])
cert = x509.CertificateBuilder() \
.subject_name(subject) \
.issuer_name(issuer) \
.public_key(key=issuer_pubkey) \
.serial_number(number=x509.random_serial_number()) \
.not_valid_before(now) \
.not_valid_after(now + datetime.timedelta(days=validity_date)) \
.add_extension(extension=x509.SubjectAlternativeName([x509.DNSName(u"localhost")]),
critical=False) \
.sign(private_key=self.__key.privkey(),
algorithm=hashes.SHA256(),
backend=default_backend())
print(
'certificate generate by Equipment {} on Equipment {}\'s public key'
.format(subject, issuer))
return cert
def verify_certif(self, cert_to_check, public_key):
public_key.verify(signature=cert_to_check.signature,
data=cert_to_check.tbs_certificate_bytes,
padding=padding.PKCS1v15(),
algorithm=cert_to_check.signature_hash_algorithm)
# print('Certificate verified')
return True
def validate_tcg_from_certs(self, ca_cert_der, attest_cert_der):
attest_cert_obj = Certificate(attest_cert_der)
ca_cert_obj = Certificate(ca_cert_der)
isValid = self._validate_attributes_with_tcg_rule(attest_cert_obj) and \
self._validate_tcg_raw(attest_cert_obj.tcg_min,
attest_cert_obj.tcg_max,
ca_cert_obj.tcg_min,
ca_cert_obj.tcg_max)
return isValid
def create_multiple(logger, ctx, csv_file, config, force, key_size, san,
verbose, debug, **subject):
"""
Create multiple certificate using csv file
\f
:param logger:
:param ctx:
:param csv_file:
:param config:
:param force:
:param key_size:
:param san:
:param verbose:
:param debug:
:param subject:
:return:
"""
tools.set_options(ctx=ctx,
config=config,
san=san,
size=key_size,
subject=subject,
verbose=verbose,
debug=debug)
cert = Certificate(logger=logger, opts=tools.opts)
if 'subject' in tools.opts:
cert.load_subject()
if csv_file:
cert.generate_multiple(csv_file=csv_file, force=force)
else:
cert.generate_multiple(force=force)
def certificate():
id = request.args.get('id')
donor = Donor.query.filter(Donor.id == id).first()
file_dir = os.path.join(basedir, app.config['IMG_FOLDER'])
if donor:
no = "WH2020012310{0:04d}".format(donor.id)
certi_file = "%s.png" % os.path.join(file_dir, no)
if not os.path.exists(certi_file):
amount = "%.2f" % donor.amount
cert = Certificate(donor.name, amount, no)
cert.grant()
image_data = open(certi_file, "rb").read()
response = make_response(image_data)
response.headers['Content-Type'] = 'image/png'
return response
def read(logger, ctx, path, password, plain_text):
"""
Read csr or p12
\f
:param logger:
:param ctx:
:param path:
:param password:
:param plain_text:
:return:
"""
tools.set_options(ctx=ctx)
cert = Certificate(logger=logger, opts=tools.opts)
click.echo(cert.read(path=path, password=password, plain_text=plain_text))
def collect_fingerprints_from_lbb_db(fingerprints: set = None) -> None:
"""
Connects to the little black box database and converts the certificates to
compatible fingerprints.
Args:
fingerprints (set): A collection of obtained certificates from the
little black box and the house of keys.
"""
# Actual database connection
conn = connect(LITTLE_BLACK_BOX_DATABASE)
cur = conn.cursor()
# Obtain all the certificates contained in the database
cur.execute("SELECT certificate FROM certificates;")
# Iterate over the items from the database
for item in cur:
# Ignore ssh-rsa keys
if (not item[0].startswith(BEGIN_CERTIFICATE)): continue
# Convert the text of the certificate and extract the fingerprint
fingerprints.add(Certificate.from_string(item[0]).fingerprint)
conn.close()
def __init__(self, certificate, proxykey=None, full=True):
if isinstance(certificate, Certificate):
self._certificate = certificate
elif isinstance(certificate, ProxyCertificate):
self._certificate = certificate._proxy
else:
self._certificate = Certificate(certificate)
self._full = full
self._proxy = Certificate(key=proxykey)
self._proxy.set_version(2)
self.set_serial_number()
issuer = self._certificate.get_subject()
subject = X509.X509_Name()
for n in issuer:
m2.x509_name_add_entry(subject.x509_name, n.x509_name_entry, -1, 0)
subject.add_entry_by_txt(field='CN', type=MBSTRING_ASC,
entry=str(self._proxy.get_serial_number()),len=-1, loc=-1, set=0)
# CURRENT - this partly fools the system that it has a globus legacy proxy (needed by grisu/grid)
# can look up VOs, but can't access filesystems for running jobs with this on
# subject.add_entry_by_txt(field='CN', type=MBSTRING_ASC, entry='proxy',len=-1, loc=-1, set=0)
self._proxy.set_dn(subject)
self._proxy.set_times(lifetime=43200)
self._proxy.set_issuer_name(self._certificate.get_subject())
try:
key_usage = self._certificate._certificate.get_ext('keyUsage')
except LookupError:
pass
else:
self._proxy.add_extension({'name':key_usage.get_name(),
'critical': key_usage.get_critical(),
'value': self._fix_key_usage(key_usage.get_value())})
if self._full:
self._proxy.add_extension({'name':"proxyCertInfo",
'value': PCI_VALUE_FULL,
'critical': 1})
else:
self._proxy.add_extension({'name': "proxyCertInfo",
'value': PCI_VALUE_LIMITED,
'critical': 1})
def main():
BASE_MODULE_ARGS = dict(
cadir = dict(default="/etc/certs"),
certname = dict(required=True),
subj = dict(default="/DC=com/DC=example/CN=CA/"),
p12password = dict(required=True),
certtype = dict(default="server", choices=["server", "client"]),
state = dict(default="present", choices=["present", "absent"]),
subjectAltNames = dict(required=False)
)
module = AnsibleModule(
argument_spec= BASE_MODULE_ARGS,
supports_check_mode=True
)
isServerCert = True
if module.params["certtype"] == "client":
isServerCert = False
# cadir, certname, subj, p12password, isServerCert
cert = Certificate(
module.params["cadir"],
module.params["certname"],
module.params["subj"],
module.params["p12password"],
isServerCert,
module.params["subjectAltNames"]
)
isValid = cert.validate_config()
if isValid["success"]:
if module.params["state"] == "present":
isValid = cert.create_certificate()
else:
isValid = cert.remove_certificate()
if not isValid["success"]:
module.fail_json(msg=isValid["msg"])
else:
module.exit_json(**isValid)
def certificate(self, hostname):
"""Returns the certificate of a particular hostname
:param hostname: The hostname you want the certificate of
:type hostname: str
:return: The ppaas.Certificate object, or raises an exception
:rtype: ppaas.Certificate
"""
return Certificate(self, hostname)
def _generate_oid_config(self, oid_name, min_str, max_str):
min_attr = Attribute.init(num_bits=32, string=min_str)
max_attr = Attribute.init(num_bits=32, string=max_str)
oid_str = "%.8X%.8X" % (min_attr.value, max_attr.value)
oid_cfg = "\n%s=DER:%s:%s:%s:%s:%s:%s:%s:%s" % \
(Certificate.GetOIDByName(oid_name), oid_str[0:2], oid_str[2:4], oid_str[4:6], oid_str[6:8], \
oid_str[8:10], oid_str[10:12], oid_str[12:14], oid_str[14:16])
return oid_cfg
def parseCerts(self, signature, offset):
prev = self._f.tell()
true_offset = signature.getOffset() + offset
self._f.seek(true_offset)
magic = getInt(self._f)
if magic != dictionary.signatures['BLOBWRAPPER']:
data = {
'offset': true_offset,
'magic': hex(magic),
'expected': hex(dictionary.signatures['BLOBWRAPPER'])
}
a = Abnormality(title='BAD MAGIC - BLOBWRAPPER', data=data)
self.addAbnormality(a)
self._f.seek(prev)
return
size = getInt(self._f) - 8
# out = open('cms', 'wb')
# out.write(self._f.read(size))
# out.close()
# exit(0)
if size > 0:
signed_data = cms.CMS(self._f.read(size), format='DER')
for cert in signed_data.certs:
serial = cert.serial
subject = {
'country': self.getCertNameData(cert.subject,
oid.Oid('C')),
'org': self.getCertNameData(cert.subject, oid.Oid('O')),
'org_unit': self.getCertNameData(cert.subject,
oid.Oid('OU')),
'common_name': self.getCertNameData(cert.subject,
oid.Oid('CN'))
}
issuer = {
'country': self.getCertNameData(cert.issuer, oid.Oid('C')),
'org': self.getCertNameData(cert.issuer, oid.Oid('O')),
'org_unit': self.getCertNameData(cert.issuer,
oid.Oid('OU')),
'common_name': self.getCertNameData(cert.issuer,
oid.Oid('CN'))
}
ca = cert.check_ca()
cert = Certificate(serial=serial, subject=subject,
issuer=issuer, ca=ca)
signature.addCert(cert)
else:
data = {
'offset': true_offset,
'size': size
}
a = Abnormality(title='NON-POSITIVE CMS SIZE', data=data)
self.addAbnormality(a)
self._f.seek(prev)
def validate_tcg_from_config(self, ca_cert_path, signing_attributes):
ca_cert_obj = Certificate(path=ca_cert_path)
tcg_min_str = signing_attributes.tcg_min
tcg_max_str = signing_attributes.tcg_max
tcg_min_attest = Attribute.init(num_bits=32, string=tcg_min_str)
tcg_max_attest = Attribute.init(num_bits=32, string=tcg_max_str)
return self._validate_tcg_raw(tcg_min_attest, tcg_max_attest,
ca_cert_obj.tcg_min, ca_cert_obj.tcg_max)
def create_multiple_p12(logger, ctx, csv_file, pem_folder, key_folder,
password, config, force, verbose, debug):
"""
Create multiple p12 using csv file
\f
:param logger:
:param ctx:
:param csv_file:
:param pem_folder:
:param key_folder:
:param password:
:param config:
:param force:
:param verbose:
:param debug:
:return:
"""
tools.set_options(ctx=ctx, config=config, verbose=verbose, debug=debug)
cert = Certificate(logger, opts=tools.opts)
if csv_file:
cert.generate_multiple_p12(csv_file=csv_file,
pem_folder=pem_folder,
key_folder=key_folder,
password=password,
force=force)
else:
cert.generate_multiple_p12(pem_folder=pem_folder,
key_folder=key_folder,
password=password,
force=force)
def create(logger, ctx, name, config, force, key_size, san, verbose, debug,
**subject):
"""
Create a single CSR
\f
:param logger:
:param ctx:
:param name:
:param config:
:param force:
:param key_size:
:param san:
:param verbose:
:param debug:
:param subject:
:return:
"""
tools.set_options(ctx=ctx,
config=config,
san=san,
size=key_size,
subject=subject,
verbose=verbose,
debug=debug)
if name:
tools.set_options(name=str(name))
cert = Certificate(logger=logger, opts=tools.opts)
if 'subject' in tools.opts:
cert.load_subject()
cert.generate_csr(force=force)
def _generate_signing_package(self, hash_to_sign, signing_attributes, cass_signer_attributes,
image_path, signingpackage_fname, binary_to_sign):
signingpackage = SigningPackage(secimage.__version__)
signingrequest = signingpackage.createSigningRequest("image_to_sign=%s" % image_path)
hexbindigest = binascii.b2a_hex(hash_to_sign)
logger.debug("Digest to sign (hexbinary)= [%s]" % hexbindigest)
signingrequest.setDigest(hexbindigest)
signingrequest.setCapability(signing_attributes.cass_capability)
signingrequest.setSigningAttribute(Certificate.SIGNATTR_SW_SIZE, "0x%.8X" % len(binary_to_sign))
hmac_params = signerutils.get_hmac_params_from_config(signing_attributes)
signingrequest.setSigningAttribute(Certificate.SIGNATTR_HW_ID, "0x%s" % hmac_params.msm_id_str)
signingrequest.setSigningAttribute(Certificate.SIGNATTR_SW_ID, signing_attributes.sw_id)
signingrequest.setSigningAttribute(Certificate.SIGNATTR_MODEL_ID, signing_attributes.model_id)
signingrequest.setSigningAttribute(Certificate.SIGNATTR_OEM_ID, signing_attributes.oem_id)
if signing_attributes.debug:
signingrequest.setSigningAttribute(Certificate.SIGNATTR_DEBUG, signing_attributes.debug)
if signing_attributes.app_id:
signingrequest.setSigningAttribute(Certificate.SIGNATTR_APP_ID, signing_attributes.app_id)
if signing_attributes.crash_dump:
signingrequest.setSigningAttribute(Certificate.SIGNATTR_CRASH_DUMP, signing_attributes.crash_dump)
if self._is_oid_supported(signing_attributes) is True:
attr_min, attr_max = Certificate.GetOIDAttrName(signing_attributes.object_id.name)
#Min/max can be supplied by CASS server and is optional
if signing_attributes.object_id.min:
signingrequest.setSigningAttribute(attr_min, signing_attributes.object_id.min)
if signing_attributes.object_id.max:
signingrequest.setSigningAttribute(attr_max, signing_attributes.object_id.max)
else:
#opendsp does not CASS_SIGNATTR_USE_EXP3 currently
if signing_attributes.exponent == 3:
signingrequest.setSigningAttribute(self.CASS_SIGNATTR_USE_EXP3, 'TRUE')
elif signing_attributes.exponent == 65537:
signingrequest.setSigningAttribute(self.CASS_SIGNATTR_USE_EXP3, 'FALSE')
else:
raise RuntimeError, "Exponent value of {0} is invalid!".format(signing_attributes.exponent)
# Set signature algorithm to SHA256 by default
signingrequest.setSigningAttribute(Certificate.SIGNATTR_SHA256, 'TRUE')
pathname, fname = os.path.split(signingpackage_fname)
c_path.create_dir(pathname)
signingpackage.toxml()
signingpackage.saveToFile(signingpackage_fname)
logger.info("Signing package created. Digest = [%s]" % signingpackage.getDigest())
return signingpackage
def main():
BASE_MODULE_ARGS = dict(cadir=dict(default="/etc/certs"),
certname=dict(required=True),
subj=dict(default="/DC=com/DC=example/CN=CA/"),
p12password=dict(required=True),
certtype=dict(default="server",
choices=["server", "client"]),
state=dict(default="present",
choices=["present", "absent"]),
subjectAltNames=dict(required=False))
module = AnsibleModule(argument_spec=BASE_MODULE_ARGS,
supports_check_mode=True)
isServerCert = True
if module.params["certtype"] == "client":
isServerCert = False
# cadir, certname, subj, p12password, isServerCert
cert = Certificate(module.params["cadir"], module.params["certname"],
module.params["subj"], module.params["p12password"],
isServerCert, module.params["subjectAltNames"])
isValid = cert.validate_config()
if isValid["success"]:
if module.params["state"] == "present":
isValid = cert.create_certificate()
else:
isValid = cert.remove_certificate()
if not isValid["success"]:
module.fail_json(msg=isValid["msg"])
else:
module.exit_json(**isValid)
def get_certificates(self, status=None):
"""Returns all the certificates attached to a master
Optionally you can specify a `status` for the certificates. The statuses can either be
* "SIGNATURE PENDING"
* "SIGNED"
* "REVOKED"
If status is None, all the certifictes will be returned regardless of their status
Note that it is just for conveinence that this option is provided. From the API's point
of view we will issue the same request anyway.
:param status: The status of the certificates
:type status: str
:return: A list of matching certificates
:rtype: List of ppaas.Certificate
"""
if status is None:
return Certificate.get_certificates(self, self.client)
else:
certificates = Certificate.get_certificates(self, self.client)
return [cert for cert in certificates if cert.status['message'] == status]
def validate_oid_from_config(self, ca_cert_path, signing_attributes):
ca_cert_obj = Certificate(path=ca_cert_path)
min_str = signing_attributes.object_id.min
max_str = signing_attributes.object_id.max
min_attest = Attribute.init(num_bits=32, string=min_str)
max_attest = Attribute.init(num_bits=32, string=max_str)
if signing_attributes.object_id.name == "tcg":
min_ca = ca_cert_obj.tcg_min
max_ca = ca_cert_obj.tcg_max
elif signing_attributes.object_id.name == "feature_id":
min_ca = ca_cert_obj.fid_min
max_ca = ca_cert_obj.fid_max
return self._validate_oid_raw(min_attest, max_attest, min_ca, max_ca)
def sign(self, binary_to_sign, imageinfo, debug_dir=None):
'''
This function returns a SignerOutput object which has all the security assets generated
by the signer.
'''
self._signer_impl.validate_config(imageinfo)
hasher = Hasher()
hmacParams = signerutils.get_hmac_params_from_config(
imageinfo.signing_attributes)
hash_to_sign = hasher.qcom_hmac(binary_to_sign, hmacParams)
signer_output = self._signer_impl.sign(hash_to_sign, imageinfo,
binary_to_sign, debug_dir)
#print certificate properties
attestation_cert_obj = Certificate(signer_output.attestation_cert)
logger.info('\nAttestation Certificate Properties:\n' +
str(attestation_cert_obj))
return signer_output
def collect_fingerprints_from_hok_fp(fingerprints: set = None) -> None:
"""
Iterates through the House Of Keys directory and converts the certificates
in the PEM files to compatible fingerprints.
Args:
fingerprints (set): A collection of obtained certificates from the
little black box and the house of keys.
"""
# Iterate through the content of the directory
for f in os.listdir(HOUSE_OF_KEYS_PATH):
# Only interested in the known certificates
if (not f.endswith("pem")): continue
# Extract the PEM certificate as string
pem = open(os.path.join(HOUSE_OF_KEYS_PATH, f), 'r').read()
pem = pem[pem.rfind(BEGIN_CERTIFICATE):]
# Convert the PEM certificate to a compatible fingerprint
fingerprints.add(Certificate.from_string(pem).fingerprint)
def read_certificates(self, server_certificates):
logger.info(
"------------------------------------------------------------------------------------"
)
logger.info("Rufe die Zertifkate für die weiteren Tests ab")
logger.info(
"------------------------------------------------------------------------------------"
)
try:
if server_certificates is None:
openssl_cmd_getcert = "echo 'Q' | openssl s_client -connect " + self.hostname + ":" + str(
self.port
) + self.openssl_client_proxy_part + " -showcerts | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'"
proc = subprocess.Popen([openssl_cmd_getcert],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
shell=True)
(out, err) = proc.communicate()
tmp_certs = pem.parse(out)
else:
tmp_certs = pem.parse_file(server_certificates)
logger.info(
str(len(tmp_certs)) +
" Zertifikate wurden empfangen bzw. eingelesen.")
for crt in tmp_certs:
self.x509_certs.append(
load_pem_x509_certificate(
str(crt).encode('ascii', 'ignore'), default_backend()))
for x509 in self.x509_certs:
self.certs.append(Certificate(x509, self.ca_file))
except Exception as err:
print err
def extract_fps_ecs(file_path, fps, ecs):
"""
Extract the fingerprints and Ellyptic Curve data from a given file.
Args:
file_path (str): Full system path to the file.
fps (dict): Dictionary of all collected fingerprints.
ecs (dict): Dictionary of all collected Elyptic Curve data.
"""
try:
pem = open(file_path, "r").read()
if (pem.startswith("-----BEGIN PUBLIC KEY-----")):
pn = SSHKey.from_pem_public_key(pem).public_numbers
ecs.setdefault(str(pn.x), []).append(file_path)
elif (CERT_FLAG in pem):
pem = pem[pem.rfind(CERT_FLAG):].strip()
cert = Certificate.from_string(pem)
fps.setdefault(cert.fingerprint, []).append(file_path)
except Exception as e:
print(file_path, str(e))
def retrieve_certificate(self):
""" retrieve the repository's certificate file """
certificate = self.retrieve_object(self.manifest.certificate, 'X')
return Certificate(certificate)
def __main__(self):
father = self.father
chatroom = tk.Tk()
chatroom.geometry('600x400+425+225')
chatroom.title('91 Chatroom for ' +
self.father.father.username)
# chatroom.attributes('-topmost',1)
# backgroud
frame = tk.Frame(chatroom,
bg=colors['black'],
width=600,
height=400)
frame.place(x=0, y=0)
# container
textArea = tk.Text(frame,
bg=colors['black'],
fg=colors['green'],
highlightbackground=colors['lightGray'],
selectbackground=colors['blue'],
selectforeground=colors['green'],
width=60,
height=22,
bd=0)
textArea.place(x=10, y=10, anchor=tk.NW)
textArea.bind('<KeyPress>', lambda x: "break")
father.textArea = textArea
# textArea.focus_set()
# choose
tk.Label(frame,
text="Select Receiver:",
bg=colors['black'],
fg=colors['green']).place(x=460, y=10, anchor=tk.NW)
listbox = tk.Listbox(frame,
width=14,
height=7,
bg=colors['darkGray'],
fg=colors['green'],
selectbackground=colors['black'],
selectforeground=colors['green'])
listbox.place(x=460, y=35, anchor=tk.NW)
father.listbox = listbox
fileButton = tk.Button(
frame,
text="File",
bd=0,
highlightbackground=colors['black'],
command=lambda: self.uploadFile(father.socket, nameLabel))
fileButton.place(x=480, y=180, anchor=tk.CENTER)
videoButton = tk.Button(
frame,
text="Video",
bd=0,
highlightbackground=colors['black'],
command=lambda: self.videoCall(father.socket, nameLabel))
videoButton.place(x=560, y=180, anchor=tk.CENTER)
# ttk.Style().configure("b.TButton", foreground="black", background="white")
# style1 = ttk.Style()
# style1.configure("BW1.TLabel", foreground="black", background="white")
# bt_refresh = ttk.Button(f, text = "刷新列表", bd = 0, style = "BW1.TLable",command = lambda : self.refresh(father.socket))
tk.Label(frame,
text="System Log:",
bg=colors['black'],
fg=colors['green']).place(x=460, y=208, anchor=tk.NW)
logArea = tk.Text(frame,
bg=colors['black'],
fg=colors['green'],
highlightbackground=colors['lightGray'],
selectbackground=colors['blue'],
selectforeground=colors['green'],
width=16,
height=7,
bd=0)
logArea.place(x=455, y=233, anchor=tk.NW)
logArea.bind('<KeyPress>', lambda x: "break")
father.logArea = logArea
log = ctime() + " Connection Establishment"
logArea.insert(tk.END, log + '\n\n')
logArea.see(tk.END)
# input
nameLabel = tk.Label(frame,
text="Unseleted",
bg=colors['black'],
fg=colors['green'],
width=8)
nameLabel.place(x=12, y=360)
listbox.bind('<Double-Button-1>',
lambda x: self.changeSendTo(listbox, nameLabel))
self.nameLabel = nameLabel
inputEntry = tk.Entry(frame,
width=37,
bg=colors['black'],
fg=colors['green'],
insertbackground=colors['white'],
highlightbackground=colors['lightGray'],
selectbackground=colors['blue'],
selectforeground=colors['green'])
inputEntry.place(x=90, y=358)
# inputEntry.bind('<Key-Return>',
# lambda x : self.requestCertificate(father.socket,
# nameLabel, inputEntry))
inputEntry.bind(
'<Key-Return>', lambda x: self.requestCertificate(
father.socket, nameLabel))
# self.inputEntry = inputEntry
father.inputEntry = inputEntry
bt_send = tk.Button(frame,
text="Enter",
highlightbackground=colors['black'],
command=lambda: self.requestCertificate(
father.socket, nameLabel))
bt_send.place(x=480, y=371, anchor=tk.CENTER)
bt_clear = tk.Button(
frame,
text="Clear",
highlightbackground=colors['black'],
command=lambda: textArea.delete(0.0, tk.END))
bt_clear.place(x=560, y=372, anchor=tk.CENTER)
r = RSA()
c = Certificate(r.pubKey)
c.certificateInfo['username'] = self.father.father.username
self.father.father.selfInfo[
'username'] = self.father.father.username
self.father.father.selfInfo[
'decryptionType'] = c.certificateInfo['encryptionType']
self.father.father.selfInfo['pubKey'] = r.pubKey
self.father.father.selfInfo['priKey'] = r.priKey
self.father.father.selfInfo[
'communicationType'] = c.certificateInfo[
'communicationType']
if c.certificateInfo['communicationType'] == "dh":
pubNum = DH().getPAndG()
self.father.father.selfInfo['pAndg'] = pubNum
c.certificateInfo['pAndg'] = pubNum
self.father.father.selfInfo['secretA'] = getPrimeNum(20)
self.father.father.selfInfo['mA'] = pow(
pubNum[1], self.father.father.selfInfo['secretA'],
pubNum[0])
jData = json.dumps(c.certificateInfo)
father.socket.send(jData.encode())
# 刷新列表
# self.refresh(father.socket)
inputEntry.focus_set()
chatroom.focus_force()
chatroom.mainloop()
father.socket.shutdown(2)
print('Socket 断开')
from suds.client import Client
from certificate import Certificate
import sys
client = Client(
"http://localhost:8081/config-service/ConfigurationService?wsdl")
cert = Certificate(sys.argv[1])
cert.add_to_config(client)
from suds.client import Client
from certificate import Certificate
import sys
client = Client("http://localhost:8081/config-service/ConfigurationService?wsdl")
cert = Certificate(sys.argv[1])
cert.add_to_config(client)
def createCert(certname, subj, password, isServerCert):
print line
print "Creating certificate for: {}".format(certname)
cert = Certificate(cadir, certname, subj, password, isServerCert)
print cert.create_certificate()
return cert
from suds.client import Client
from certificate import Certificate
import sys
client = Client("http://localhost:8081/config-service/ConfigurationService?wsdl")
cert = Certificate(sys.argv[1])
cert.add_to_anchor(client, sys.argv[2])
class ProxyCertificate:
"""This is a wrapper class for handling proxy certificate generation.
:param request: if specified this will be wrapped in a :class:`~arcs.gsi.certificate.Certificate` object
:param proxykey: the key used to sign the proxy, if sepecified this will be wrapped in a :class:`~arcs.gsi.key.Key` object
:param full: whether this is a full proxy or not
"""
def __init__(self, certificate, proxykey=None, full=True):
if isinstance(certificate, Certificate):
self._certificate = certificate
elif isinstance(certificate, ProxyCertificate):
self._certificate = certificate._proxy
else:
self._certificate = Certificate(certificate)
self._full = full
self._proxy = Certificate(key=proxykey)
self._proxy.set_version(2)
self.set_serial_number()
issuer = self._certificate.get_subject()
subject = X509.X509_Name()
for n in issuer:
m2.x509_name_add_entry(subject.x509_name, n.x509_name_entry, -1, 0)
subject.add_entry_by_txt(field='CN', type=MBSTRING_ASC,
entry=str(self._proxy.get_serial_number()),len=-1, loc=-1, set=0)
# CURRENT - this partly fools the system that it has a globus legacy proxy (needed by grisu/grid)
# can look up VOs, but can't access filesystems for running jobs with this on
# subject.add_entry_by_txt(field='CN', type=MBSTRING_ASC, entry='proxy',len=-1, loc=-1, set=0)
self._proxy.set_dn(subject)
self._proxy.set_times(lifetime=43200)
self._proxy.set_issuer_name(self._certificate.get_subject())
try:
key_usage = self._certificate._certificate.get_ext('keyUsage')
except LookupError:
pass
else:
self._proxy.add_extension({'name':key_usage.get_name(),
'critical': key_usage.get_critical(),
'value': self._fix_key_usage(key_usage.get_value())})
if self._full:
self._proxy.add_extension({'name':"proxyCertInfo",
'value': PCI_VALUE_FULL,
'critical': 1})
else:
self._proxy.add_extension({'name': "proxyCertInfo",
'value': PCI_VALUE_LIMITED,
'critical': 1})
def _fix_key_usage(self, values):
"""
invalid values are 'Non Repudiation' and 'keyCertSign'
digitalSignature is required
"""
r = []
for v in values.split(', '):
if v in ['Non Repudiation', 'keyCertSign']:
continue
r.append(v)
if 'Digital Signature' not in r:
r.append('Digital Signature')
return ', '.join(r)
def set_serial_number(self):
message_digest = EVP.MessageDigest('sha1')
pubkey = self._proxy.get_pubkey()
der_encoding = pubkey.as_der()
message_digest.update(der_encoding)
digest = message_digest.final()
digest_tuple = struct.unpack('BBBB', digest[:4])
sub_hash = long(digest_tuple[0] + (digest_tuple[1] + ( digest_tuple[2] +
( digest_tuple[3] >> 1) * 256 ) * 256) * 256)
self._proxy._certificate.set_serial_number(sub_hash)
def sign(self, md='sha1'):
self._proxy.sign(self._certificate.get_key(), md)
def __str__(self):
return self._proxy.__str__()
def __repr__(self):
return self._proxy.__repr__()
def as_der(self):
return self._proxy._certificate.as_der()
def createCert(certname, subj, password, isServerCert):
print line
print "Creating certificate for: {}".format(certname)
cert = Certificate(cadir, certname, subj, password, isServerCert)
print cert.create_certificate()
return cert
