def load_ascii_to_x509(bytes_input, ascii_input): first_line = ascii_input.splitlines()[0] if first_line == "-----BEGIN PKCS7-----": return load_pem_pkcs7_certificates(bytes_input)[0] elif first_line == "-----BEGIN CERTIFICATE-----": return x509.load_pem_x509_certificate(bytes_input) raise ImproperlyFormattedCert( "Cert can not be read! It is not a valid PEM")
def test_load_pkcs7_unsupported_type(self, backend): with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_SERIALIZATION): load_vectors_from_file( os.path.join("pkcs7", "enveloped.pem"), lambda pemfile: pkcs7.load_pem_pkcs7_certificates(pemfile.read( )), mode="rb", )
def test_pem_matches_vector(self, backend): p7_pem = load_vectors_from_file( os.path.join("pkcs7", "isrg.pem"), lambda p: p.read(), mode="rb", ) certs = pkcs7.load_pem_pkcs7_certificates(p7_pem) p7 = pkcs7.serialize_certificates(certs, serialization.Encoding.PEM) assert p7 == p7_pem
def printData(data, showPub=True): try: xcert = x509.load_der_x509_certificate(data) except: try: xcert = x509.load_pem_x509_certificate(data) except: try: xcert = pkcs7.load_der_pkcs7_certificates(data) except: xcert = pkcs7.load_pem_pkcs7_certificates(data) if len(xcert) > 1: print('// Warning: TODO: pkcs7 has {} entries'.format( len(xcert))) xcert = xcert[0] cn = '' for dn in xcert.subject.rfc4514_string().split(','): keyval = dn.split('=') if keyval[0] == 'CN': cn += keyval[1] name = re.sub('[^a-zA-Z0-9_]', '_', cn) print('// CN: {} => name: {}'.format(cn, name)) print('// not valid before:', xcert.not_valid_before) print('// not valid after: ', xcert.not_valid_after) if showPub: fingerprint = xcert.fingerprint(hashes.SHA1()).hex(':') print('const char fingerprint_{} [] PROGMEM = "{}";'.format( name, fingerprint)) pem = xcert.public_key().public_bytes( Encoding.PEM, PublicFormat.SubjectPublicKeyInfo).decode('utf-8') print('const char pubkey_{} [] PROGMEM = R"PUBKEY('.format(name)) print(pem + ')PUBKEY";') else: cert = xcert.public_bytes(Encoding.PEM).decode('utf-8') print('const char cert_{} [] PROGMEM = R"CERT('.format(name)) print(cert + ')CERT";') cas = [] for ext in xcert.extensions: if ext.oid == x509.ObjectIdentifier("1.3.6.1.5.5.7.1.1"): for desc in ext.value: if desc.access_method == x509.oid.AuthorityInformationAccessOID.CA_ISSUERS: cas.append(desc.access_location.value) for ca in cas: with urllib.request.urlopen(ca) as crt: print() print('// ' + ca) printData(crt.read(), False) print()
def test_load_pkcs7_pem(self, backend): certs = load_vectors_from_file( os.path.join("pkcs7", "isrg.pem"), lambda pemfile: pkcs7.load_pem_pkcs7_certificates(pemfile.read()), mode="rb", ) assert len(certs) == 1 assert certs[0].subject.get_attributes_for_oid( x509.oid.NameOID.COMMON_NAME ) == [x509.NameAttribute(x509.oid.NameOID.COMMON_NAME, "ISRG Root X1")]
def convert_pkcs7_bytes_to_pem(certs_pkcs7): """ Given a list of certificates in pkcs7 encoding (bytes), covert them into a list of PEM encoded files :raises ValueError or ValidationError :param certs_pkcs7: :return: list of certs in PEM format """ certificates = pkcs7.load_pem_pkcs7_certificates(certs_pkcs7) certificates_pem = [] for cert in certificates: certificates_pem.append(pem.parse(cert.public_bytes(encoding=Encoding.PEM))[0]) return certificates_pem
def test_not_bytes_pem(self, backend): with pytest.raises(TypeError): pkcs7.load_pem_pkcs7_certificates(38) # type: ignore[arg-type]
def test_load_invalid_pem_pkcs7(self, backend): with pytest.raises(ValueError): pkcs7.load_pem_pkcs7_certificates(b"nonsense")
def _extract_client_certificate(cert_response: dict) -> str: pkcs7_pem = cert_response['value'] certs = pkcs7.load_pem_pkcs7_certificates(pkcs7_pem.encode('utf-8')) if not certs: raise ValueError('no certificates found in response') return certs[0].public_bytes(serialization.Encoding.PEM).decode('utf-8')
def load_key(filename: str, private: bool = False, password: Optional[bytes] = None, extensive: bool = False) -> KEY_ALL_TYPES: key = None if password is None and not extensive: with open(filename, 'r') as f: if 'ENCRYPTED' in f.readline(): password = input("Password: "******"Multiple certificates found, using first entry [%s]" % certs[0].subject, file=sys.stderr) key = certs[0].public_key() # PKCS#12 Certificate (Private and/or Public Key) if not key: try: private_key, cert, more_certs = load_key_and_certificates( data, password=password) if not private and cert: key = cert.public_key() elif private: key = private_key except: pass # X.509 Certificate if not key and not private: cert = None try: cert = load_der_x509_certificate(data) except: try: cert = load_pem_x509_certificate(data) except: pass if cert: key = cert.public_key() if key: if private and is_private_key(key): return key elif not private and is_private_key(key): return key.public_key() elif not private and is_public_key(key): return key raise FileException("Could not read key")
def test_not_bytes_pem(self): with pytest.raises(TypeError): pkcs7.load_pem_pkcs7_certificates(38)