Beispiel #1
0
def load_certificates(ca_path):
    import pem
    ca_list = {}
    ca_keyID = {}
    if getattr(sys, 'frozen', False) and os.name == "nt":
        # When frozen for windows distribution, get the include cert
        ca_path = os.path.join(os.path.dirname(sys.executable), 'cacert.pem')
    else:
        ca_path = ca_path
    with open(ca_path, 'r') as f:
        s = f.read()
    bList = pem.dePemList(s, "CERTIFICATE")
    for b in bList:
        try:
            x = X509(b)
            x.check_date()
        except BaseException as e:
            util.print_error("cert error:", e)
            continue

        fp = x.getFingerprint()
        ca_list[fp] = x
        ca_keyID[x.get_keyID()] = fp

    return ca_list, ca_keyID
Beispiel #2
0
def load_certificates(ca_path):
    import pem
    ca_list = {}
    ca_keyID = {}
    if getattr(sys, 'frozen', False) and os.name == "nt":
        # When frozen for windows distribution, get the include cert
        ca_path = os.path.join(os.path.dirname(sys.executable), 'cacert.pem')
    else:
        ca_path = ca_path
    with open(ca_path, 'r') as f:
        s = f.read()
    bList = pem.dePemList(s, "CERTIFICATE")
    for b in bList:
        try:
            x = X509(b)
            x.check_date()
        except BaseException as e:
            util.print_error("cert error:", e)
            continue

        fp = x.getFingerprint()
        ca_list[fp] = x
        ca_keyID[x.get_keyID()] = fp

    return ca_list, ca_keyID
Beispiel #3
0
def sign_request_with_x509(pr, key_path, cert_path):
    import pem
    with open(key_path, 'r') as f:
        params = pem.parse_private_key(f.read())
        privkey = rsakey.RSAKey(*params)
    with open(cert_path, 'r') as f:
        s = f.read()
        bList = pem.dePemList(s, "CERTIFICATE")
    certificates = pb2.X509Certificates()
    certificates.certificate.extend(map(str, bList))
    pr.pki_type = 'x509+sha256'
    pr.pki_data = certificates.SerializeToString()
    msgBytes = bytearray(pr.SerializeToString())
    hashBytes = bytearray(hashlib.sha256(msgBytes).digest())
    sig = privkey.sign(x509.PREFIX_RSA_SHA256 + hashBytes)
    pr.signature = bytes(sig)
Beispiel #4
0
def sign_request_with_x509(pr, key_path, cert_path):
    import pem
    with open(key_path, 'r') as f:
        params = pem.parse_private_key(f.read())
        privkey = rsakey.RSAKey(*params)
    with open(cert_path, 'r') as f:
        s = f.read()
        bList = pem.dePemList(s, "CERTIFICATE")
    certificates = pb2.X509Certificates()
    certificates.certificate.extend(map(str, bList))
    pr.pki_type = 'x509+sha256'
    pr.pki_data = certificates.SerializeToString()
    msgBytes = bytearray(pr.SerializeToString())
    hashBytes = bytearray(hashlib.sha256(msgBytes).digest())
    sig = privkey.sign(x509.PREFIX_RSA_SHA256 + hashBytes)
    pr.signature = bytes(sig)
Beispiel #5
0
def load_certificates(ca_path):
    import pem
    ca_list = {}
    ca_keyID = {}
    with open(ca_path, 'r') as f:
        s = f.read()
    bList = pem.dePemList(s, "CERTIFICATE")
    for b in bList:
        try:
            x = X509(b)
            x.check_date()
        except BaseException as e:
            util.print_error("cert error:", e)
            continue

        fp = x.getFingerprint()
        ca_list[fp] = x
        ca_keyID[x.get_keyID()] = fp

    return ca_list, ca_keyID
Beispiel #6
0
def load_certificates(ca_path):
    import pem
    ca_list = {}
    ca_keyID = {}
    with open(ca_path, 'r') as f:
        s = f.read()
    bList = pem.dePemList(s, "CERTIFICATE")
    for b in bList:
        try:
            x = X509(b)
            x.check_date()
        except BaseException as e:
            util.print_error("cert error:", e)
            continue

        fp = x.getFingerprint()
        ca_list[fp] = x
        ca_keyID[x.get_keyID()] = fp

    return ca_list, ca_keyID
Beispiel #7
0
def check_ssl_config(config):
    import pem
    key_path = config.get('ssl_privkey')
    cert_path = config.get('ssl_chain')
    with open(key_path, 'r') as f:
        params = pem.parse_private_key(f.read())
    with open(cert_path, 'r') as f:
        s = f.read()
    bList = pem.dePemList(s, "CERTIFICATE")
    # verify chain
    x, ca = verify_cert_chain(bList)
    # verify that privkey and pubkey match
    privkey = rsakey.RSAKey(*params)
    pubkey = rsakey.RSAKey(x.modulus, x.exponent)
    assert x.modulus == params[0]
    assert x.exponent == params[1]
    # return requestor
    requestor = x.get_common_name()
    if requestor.startswith('*.'):
        requestor = requestor[2:]
    return requestor
Beispiel #8
0
def check_ssl_config(config):
    import pem
    key_path = config.get('ssl_privkey')
    cert_path = config.get('ssl_chain')
    with open(key_path, 'r') as f:
        params = pem.parse_private_key(f.read())
    with open(cert_path, 'r') as f:
        s = f.read()
    bList = pem.dePemList(s, "CERTIFICATE")
    # verify chain
    x, ca = verify_cert_chain(bList)
    # verify that privkey and pubkey match
    privkey = rsakey.RSAKey(*params)
    pubkey = rsakey.RSAKey(x.modulus, x.exponent)
    assert x.modulus == params[0]
    assert x.exponent == params[1]
    # return requestor
    requestor = x.get_common_name()
    if requestor.startswith('*.'):
        requestor = requestor[2:]
    return requestor
Beispiel #9
0
def load_certificates(ca_path):
    import pem
    ca_list = {}
    ca_keyID = {}
    # ca_path = '/tmp/tmp.txt'
    with open(ca_path, 'r') as f:
        s = f.read()
    bList = pem.dePemList(s, "CERTIFICATE")
    for b in bList:
        try:
            x = X509(b)
            x.check_date()
        except BaseException as e:
            # with open('/tmp/tmp.txt', 'w') as f:
            #     f.write(pem.pem(b, 'CERTIFICATE').decode('ascii'))
            util.print_error("cert error:", e)
            continue

        fp = x.getFingerprint()
        ca_list[fp] = x
        ca_keyID[x.get_keyID()] = fp

    return ca_list, ca_keyID