def sign(self, data):
# XPI signing is JAR signing which uses PKCS7 detached signatures
pkcs7 = self.smime.sign(MemoryBuffer(data),
PKCS7_DETACHED | PKCS7_BINARY)
pkcs7_buffer = MemoryBuffer()
pkcs7.write_der(pkcs7_buffer)
return pkcs7
def run_test(*args, **kwargs):
with MemoryBuffer(b'hello\nworld\n') as mb:
self.assertTrue(mb.readable())
self.assertEqual(mb.readline().rstrip(), b'hello')
self.assertEqual(mb.readline().rstrip(), b'world')
with MemoryBuffer(b'hello\nworld\n') as mb:
self.assertEqual(mb.readlines(), [b'hello\n', b'world\n'])
def run_test(*args, **kwargs):
sep = os.linesep.encode()
with MemoryBuffer(b'hello\nworld\n') as mb:
assert mb.readable()
assert mb.readline() == b'hello' + sep
assert mb.readline() == b'world' + sep
with MemoryBuffer(b'hello\nworld\n') as mb:
assert mb.readlines() == [b'hello' + sep, b'world' + sep]
def test_write_close(self):
mb = MemoryBuffer(self.data)
assert mb.writeable()
mb.write_close()
assert mb.readable()
with self.assertRaises(IOError):
mb.write(self.data)
assert not mb.writeable()
def gPubkey(self):
""" Return Back the certs public key"""
#print self.cert.get_pubkey()
self.pkey = self.cert.get_pubkey()
self.buffer = MemoryBuffer()
#print self.pkey
self.pkey.save_key_bio(self.buffer, cipher=None)
self.pub = self.buffer.read()
#Because the default is PRIVATE even if it is public
self.pub = string.replace(self.pub, "PRIVATE", "PUBLIC")
return self.pub
def test_write_close(self):
mb = MemoryBuffer(self.data)
assert mb.writeable()
mb.write_close()
assert mb.readable()
with self.assertRaises(IOError):
mb.write(self.data)
assert not mb.writeable()
def __sign(self):
buf = MemoryBuffer(self.request_xml)
smime = SMIME()
smime.load_key(self.__key_file, self.__crt_file)
signed_data = smime.sign(buf, 0)
out = MemoryBuffer()
smime.write(out, signed_data)
mime_data = email.message_from_string(out.read())
for part in mime_data.walk():
if part.get_filename() == "smime.p7m":
self.signed_request = part.get_payload(decode=False)
return self
def test_closed(self):
mb = MemoryBuffer(self.data)
io = IOBuffer(mb)
io.close()
with self.assertRaises(IOError):
io.write(self.data)
assert not io.readable() and not io.writeable()
def __init__(self, rsa=None, pem_string=None):
if rsa is None and pem_string is None:
raise CryptoError("Invalid parameter passed to the constructor")
elif rsa is None:
self.rsa = load_pub_key_bio(MemoryBuffer(pem_string))
elif pem_string is None:
self.rsa = rsa
def test_readlines(self):
buf = BytesIO()
mb = MemoryBuffer(self.data)
io = IOBuffer(mb)
lines = io.readlines()
for line in lines:
self.assertEqual(line, self._data)
buf.write(line)
self.assertEqual(buf.getvalue(), self.data)
def withM2(addr):
import M2Crypto
from M2Crypto.BIO import MemoryBuffer
from M2Crypto import RSA as mRSA
rsa = process.readBytes(addr, ctypes.sizeof(ctypes_openssl.RSA))
bio = MemoryBuffer(rsa)
# tsssi need PEM
myrsa = mRSA.load_key_bio(bio)
return myrsa
def response_to_pkcs7(blob):
der = b64decode(blob)
pkcs7_buf = MemoryBuffer(der)
if pkcs7_buf is None:
raise BIOError(Err.get_error())
p7_ptr = pkcs7_read_bio_der(pkcs7_buf.bio)
pkcs7 = PKCS7(p7_ptr, 1)
return pkcs7
def test_readlines(self):
buf = StringIO()
mb = MemoryBuffer(self.data)
io = IOBuffer(mb)
lines = io.readlines()
for line in lines:
assert line == self._data
buf.write(line)
assert buf.getvalue() == self.data
def test_readline(self):
buf = BytesIO()
mb = MemoryBuffer(self.data)
io = IOBuffer(mb)
while 1:
out = io.readline()
if not out:
break
buf.write(out)
self.assertEqual(out, self._data)
self.assertEqual(buf.getvalue(), self.data)
def test_readline(self):
buf = StringIO()
mb = MemoryBuffer(self.data)
io = IOBuffer(mb)
while 1:
out = io.readline()
if not out:
break
buf.write(out)
assert out == self._data
assert buf.getvalue() == self.data
def gPubkey(self):
""" Return Back the certs public key"""
#print self.cert.get_pubkey()
self.pkey=self.cert.get_pubkey()
self.buffer=MemoryBuffer()
#print self.pkey
self.pkey.save_key_bio(self.buffer, cipher=None)
self.pub=self.buffer.read()
#Because the default is PRIVATE even if it is public
self.pub=string.replace(self.pub, "PRIVATE", "PUBLIC")
return self.pub
def get_signature_serial_number(pkcs7):
"""
Extracts the serial number out of a DER formatted, detached PKCS7
signature buffer
"""
pkcs7_buf = MemoryBuffer(pkcs7)
if pkcs7_buf is None:
raise BIOError(Err.get_error())
p7_ptr = pkcs7_read_bio_der(pkcs7_buf.bio)
p = PKCS7(p7_ptr, 1)
# Fetch the certificate stack that is the list of signers
# Since there should only be one in this use case, take the zeroth
# cert in the stack and return its serial number
return p.get0_signers(X509_Stack())[0].get_serial_number()
def membufi(iter, txt=txt):
buf = MemoryBuffer()
for i in range(iter):
buf.write(txt)
out = buf.getvalue()
def test_init_empty(self):
mb = MemoryBuffer()
assert len(mb) == 0
out = mb.read()
assert out is None
def test_init_something(self):
mb = MemoryBuffer(self.data)
io = IOBuffer(mb)
out = io.read(len(self.data))
assert out == self.data
def test_read_more_than(self):
chunk = len(self.data) + 8
mb = MemoryBuffer(self.data)
io = IOBuffer(mb)
out = io.read(chunk)
assert out == self.data
def test_init_something_result_bytes(self):
mb = MemoryBuffer(self.data)
self.assertEqual(len(mb), len(self.data))
out = mb.read()
self.assertIsInstance(out, bytes)
def test_init_empty(self):
mb = MemoryBuffer()
self.assertEqual(len(mb), 0)
out = mb.read()
assert out is None
def test_init_something_cm(self):
with MemoryBuffer(self.data) as mb:
self.assertEqual(len(mb), len(self.data))
out = mb.read()
self.assertEqual(out, self.data)
def test_init_empty(self):
mb = MemoryBuffer()
io = IOBuffer(mb)
out = io.read()
self.assertEqual(out, b'')
def test_closed(self):
mb = MemoryBuffer(self.data)
mb.close()
self.assertRaises(IOError, mb.write, self.data)
assert mb.readable() and not mb.writeable()
def test_read_more_than(self):
chunk = len(self.data) + 8
mb = MemoryBuffer(self.data)
out = mb.read(chunk)
self.assertEqual(out, self.data)
self.assertEqual(len(mb), 0)
def test_read_more_than(self):
chunk = len(self.data) + 8
mb = MemoryBuffer(self.data)
out = mb.read(chunk)
assert out == self.data and len(mb) == 0
def test_read_less_than(self):
chunk = len(self.data) - 7
mb = MemoryBuffer(self.data)
out = mb.read(chunk)
assert out == self.data[:chunk] and len(mb) == (len(self.data) - chunk)
def test_init_something(self):
mb = MemoryBuffer(self.data)
assert len(mb) == len(self.data)
out = mb.read()
assert out == self.data
def test_closed(self):
mb = MemoryBuffer(self.data)
mb.close()
self.assertRaises(IOError, mb.write, self.data)
assert mb.readable() and not mb.writeable()
def test_read_less_than(self):
chunk = len(self.data) - 7
mb = MemoryBuffer(self.data)
out = mb.read(chunk)
self.assertEqual(out, self.data[:chunk])
self.assertEqual(len(mb), (len(self.data)) - chunk)
def load_public_key(pub_key_str: str):
bio = MemoryBuffer(pub_key_str.encode('utf-8'))
return RSA.load_pub_key_bio(bio)
def test_read_more_than(self):
chunk = len(self.data) + 8
mb = MemoryBuffer(self.data)
out = mb.read(chunk)
self.assertEqual(out, self.data)
self.assertEqual(len(mb), 0)
def test_init_something(self):
mb = MemoryBuffer(self.data)
io = IOBuffer(mb)
out = io.read(len(self.data))
self.assertEqual(out, self.data)
def test_read_less_than(self):
chunk = len(self.data) - 7
mb = MemoryBuffer(self.data)
out = mb.read(chunk)
self.assertEqual(out, self.data[:chunk])
self.assertEqual(len(mb), (len(self.data)) - chunk)
def test_init_something(self):
mb = MemoryBuffer(self.data)
self.assertEqual(len(mb), len(self.data))
out = mb.read()
self.assertEqual(out, self.data)
def test_init_empty(self):
mb = MemoryBuffer()
assert len(mb) == 0
out = mb.read()
assert out is None
def test_init_empty(self):
mb = MemoryBuffer()
io = IOBuffer(mb)
out = io.read()
assert out == ''
def test_init_something(self):
mb = MemoryBuffer(self.data)
assert len(mb) == len(self.data)
out = mb.read()
assert out == self.data
def test_read_less_than(self):
chunk = len(self.data) - 7
mb = MemoryBuffer(self.data)
io = IOBuffer(mb)
out = io.read(chunk)
assert out == self.data[:chunk]
def test_read_less_than(self):
chunk = len(self.data) - 7
mb = MemoryBuffer(self.data)
out = mb.read(chunk)
assert out == self.data[:chunk] and len(mb) == (len(self.data) - chunk)
def membuf2i(iter, txt=txt):
buf = MemoryBuffer()
buf.write(txt * iter)
out = buf.getvalue()
def test_read_more_than(self):
chunk = len(self.data) + 8
mb = MemoryBuffer(self.data)
out = mb.read(chunk)
assert out == self.data and len(mb) == 0
def test_read_only(self):
mb = MemoryBuffer(self.data)
io = IOBuffer(mb, mode='r')
self.assertRaises(IOError, io.write, self.data)
assert not io.writeable()
class X509Man(object):
""" Makes the X509 structure more useful for the purpose"""
def __init__(self,thecert=None):
if thecert:
self.cert=thecert
else:
self.cert=x.X509()
#print self.cert
def set_from_buf(self,certData,format=0):
""" The method sets the cert with data from a buffer
format 0 is for pem and 1 for der"""
#buf=MemoryBuffer()
#buf.write(certData)
#Loads into global object
#print certData
self.cert=x.load_cert_string(certData)
#print self.cert.get_not_before()
return True
#to check if it was loaded
def set_cert(self,certObj):
""" Sets the global cert object from outside the class"""
self.cert=certObj
def list_info(self,tam=None):
""" Lists some info about the cert"""
if tam:
print self.cert.as_text()
else:
#print "Cert version :%s"%(self.cert.get_version())
print "Beginnig Date :%s"%(self.cert.get_not_before())
print "End Date :%s"%(self.cert.get_not_after())
#print "The public key is :%s"%(self.gPubkey())
print "*****************************************************"
print "The issuer info :"
self.cert_detail(self.cert.get_issuer())
print "*****************************************************"
print "Certs owner info :"
self.cert_detail(self.cert.get_subject())
#print "Is it a Ca cert :%s"%(self.cert.check_ca())
print "******************************************************"
print "The fingerprint is :%s"%(self.cert.get_fingerprint("sha1"))
#print self.cert.as_pem()
#print self.cert.as_der()
def store_tofile(self,fname):
""" Loads the certficate to a file"""
self.cert.save(fname)
print "Certificate saved to :",fname
def gPubkey(self):
""" Return Back the certs public key"""
#print self.cert.get_pubkey()
self.pkey=self.cert.get_pubkey()
self.buffer=MemoryBuffer()
#print self.pkey
self.pkey.save_key_bio(self.buffer, cipher=None)
self.pub=self.buffer.read()
#Because the default is PRIVATE even if it is public
self.pub=string.replace(self.pub, "PRIVATE", "PUBLIC")
return self.pub
def cert_detail(self,detailObj):
""" It is passed a XNAME object"""
self.xDetail=detailObj
self.printFormat=self.optionClear()
for key in self.xDetail.nid.keys():
res=self.xDetail.get_entries_by_nid(self.xDetail.nid[key])
#print res
if res:
#print key
#print res[0].get_data()
print "%s : %s"%(self.printFormat[key],res[0].get_data())
def optionClear(self):
""" Makes some options clearer in the certificate"""
opClr={'C' : 'Country Name',
'SP' : 'State or Province',
'ST' : 'Province or State',
'stateOrProvinceName' : 'State Province',
'L' : 'Locality Name',
'localityName' : 'Local Name',
'O' : 'Organization',
'organizationName' : 'Organization Name',
'OU' : 'Org Unit Name',
'organizationUnitName' : 'Organization Unit Name',
'CN' : 'The Common Name',
'commonName' : 'Common Name',
'Email' : 'Email',
'emailAddress' : 'email',
'serialNumber' : 'Serial Number',
'SN' : 'Surname',
'surname' : 'The Surname',
'GN' : 'Given Name',
'givenName' : 'GivenName'
}
return opClr
def is_valid(self):
""" Checks if the certificate is still valid and is not expired..."""
self.expDate=str(self.cert.get_not_after())
#Get rid off GMT thing
self.expDate=string.replace(self.expDate, "GMT", "").strip()
#print self.expDate
#Convert to a valid type for easy comparison
self.expDate=strptime(self.expDate,"%b %d %H:%M:%S %Y")
#print self.expDate
#Get the current time in same format
curTime=strptime(strftime("%b %d %H:%M:%S %Y"),"%b %d %H:%M:%S %Y")
#print type(curTime)
if self.expDate>curTime:
#print "It is still valid"
return True
else:
#print "It expired"
return False
def person_info(self,tip="subject"):
""" Gets the sides info ex signer(issuer),subject etc."""
xn=None
if tip=="subject":
xn=self.cert.get_subject()
elif tip=="issuer":
xn=self.cert.get_issuer()
return xn #XName Object
def get_detail(self,tip="issuer"):
""" Returns a tuple to be displayed"""
xn=self.person_info(tip)
clear_dic={
'C':'country',
'CN':'commoName',
'emailAddress':'eadress',
'SP':'statePro',
'OU':'department',
'O':'company'
}
toPrint={}
#print type(xn)
#Take the country firstly
for k in clear_dic.keys():
entry=xn.get_entries_by_nid(xn.nid[k])
toPrint[clear_dic[k]]=str(entry[0].get_data())
return toPrint
def get_cert(self):
""" Getting the certificate back it is an object"""
return self.cert
def get_date_info(self):
"returns start date,end date and if it is valid"
date_info={}
date_info['sdate']=str(self.cert.get_not_before())
date_info['edate']=str(self.cert.get_not_after())
if self.is_valid():
date_info['v']="Valid"
else:
date_info['v']="Expired"
return date_info
def get_cert_text(self,format=0):
"""Format 0 is pem,format 1 is der
Extracts the encrypted base64 text from certificate"""
#print self.cert.verify()
#print self.cert.check_ca()
#get it according to its format
if format==0:
return self.cert.as_pem()
elif format==1:
return self.cert.as_der()
def check_sum(self):
""" Checks if the cert has been modified for any reasons"""
if self.cert.verify()==0:
#print "Hash is valid"
return True
else:
print "The cert has been modified"
return False
