def _wrap_callback(self, callback): @wraps(callback) def wrapper(size, verify, userdata): return callback(size, verify, self._passphrase_userdata) return _PassphraseHelper(FILETYPE_PEM, wrapper, more_args=True, truncate=True)
def dump_rsa_privatekey(pkey): """ Dump a private rsa key to a buffer :param pkey: The PKey to dump :return: The buffer with the dumped key in :rtype: :py:data:`str` """ # Based off of https://github.com/pyca/pyopenssl/blob/27398343217703c5261e67d6c19dda89ba559f1b/OpenSSL/crypto.py#L1418-L1466 from OpenSSL._util import ( ffi as _ffi, lib as _lib, exception_from_error_queue as _exception_from_error_queue) from OpenSSL import crypto from functools import partial class Error(Exception): """ An error occurred in an `OpenSSL.crypto` API. """ _raise_current_error = partial(_exception_from_error_queue, Error) bio = crypto._new_mem_buf() cipher_obj = _ffi.NULL rsa = _lib.EVP_PKEY_get1_RSA(pkey._pkey) helper = crypto._PassphraseHelper(crypto.FILETYPE_PEM, None) result_code = _lib.PEM_write_bio_RSAPrivateKey( bio, rsa, cipher_obj, _ffi.NULL, 0, helper.callback, helper.callback_args) helper.raise_if_problem() if result_code == 0: _raise_current_error() return crypto._bio_to_string(bio)
def dump_rsa_privatekey(pkey): """ Dump a private rsa key to a buffer :param pkey: The PKey to dump :return: The buffer with the dumped key in :rtype: :py:data:`str` """ # Based off of https://github.com/pyca/pyopenssl/blob/27398343217703c5261e67d6c19dda89ba559f1b/OpenSSL/crypto.py#L1418-L1466 from OpenSSL._util import (ffi as _ffi, lib as _lib, exception_from_error_queue as _exception_from_error_queue) from OpenSSL import crypto from functools import partial class Error(Exception): """ An error occurred in an `OpenSSL.crypto` API. """ _raise_current_error = partial(_exception_from_error_queue, Error) bio = crypto._new_mem_buf() cipher_obj = _ffi.NULL rsa = _lib.EVP_PKEY_get1_RSA(pkey._pkey) helper = crypto._PassphraseHelper(crypto.FILETYPE_PEM, None) result_code = _lib.PEM_write_bio_RSAPrivateKey(bio, rsa, cipher_obj, _ffi.NULL, 0, helper.callback, helper.callback_args) helper.raise_if_problem() if result_code == 0: _raise_current_error() return crypto._bio_to_string(bio)
def write_rsa_private_key (private_key): helper = crypto._PassphraseHelper (type, None) bio = crypto._new_mem_buf () rsa_private_key = crypto._lib.EVP_PKEY_get1_RSA (private_key._pkey) result_code = crypto._lib.PEM_write_bio_RSAPrivateKey ( bio, rsa_private_key, crypto._ffi.NULL, crypto._ffi.NULL, 0, helper.callback, helper.callback_args) helper.raise_if_problem () rsa_private_key_string = crypto._bio_to_string (bio) return rsa_private_key_string
def _wrap_callback(self, callback): @wraps(callback) def wrapper(size, verify, userdata): return callback(size, verify, self._passphrase_userdata) return _PassphraseHelper( FILETYPE_PEM, wrapper, more_args=True, truncate=True)
def get(self, name): if (self.state != "active"): raise Exception() entry_path = self.path + "/subjects/" + name if not self.client.exists(entry_path): raise Exception("No certificate for " + name) if not self.client.exists(entry_path + "/current"): raise Exception("No current certificate for " + name) certificate_path = entry_path + "/current/certificate" certificate_string = self.client.get_raw(certificate_path) chain_paths = [] chain_strings = [] for chain_index in range(0, 9): chain_path = entry_path + "/current/chain/" + str(chain_index) if not self.client.exists(chain_path): break chain_string = self.client.get_raw(chain_path) chain_strings.append(chain_string) chain_paths.append(chain_path) key_path = entry_path + "/current/key" key_string = self.client.get_raw(key_path) # convert to rsa private key # TODO backport this to pyopenssl private_key = crypto.load_privatekey(crypto.FILETYPE_PEM, key_string) helper = crypto._PassphraseHelper(type, None) bio = crypto._new_mem_buf() rsa_private_key = crypto._lib.EVP_PKEY_get1_RSA(private_key._pkey) result_code = crypto._lib.PEM_write_bio_RSAPrivateKey( bio, rsa_private_key, crypto._ffi.NULL, crypto._ffi.NULL, 0, helper.callback, helper.callback_args) helper.raise_if_problem() rsa_private_key_string = crypto._bio_to_string(bio) # format other information subject_certificate = crypto.load_certificate(crypto.FILETYPE_PEM, certificate_string) subject_not_before = time.strftime( "%Y-%m-%dT%H:%M:%SZ", time.strptime(subject_certificate.get_notBefore(), "%Y%m%d%H%M%SZ")) subject_not_after = time.strftime( "%Y-%m-%dT%H:%M:%SZ", time.strptime(subject_certificate.get_notAfter(), "%Y%m%d%H%M%SZ")) # return return Certificate(common_name=name, serial=None, digest=None, request=None, certificate=certificate_string, certificate_path=certificate_path, not_before=subject_not_before, not_after=subject_not_after, chain=chain_strings, chain_paths=chain_paths, private_key=key_string, private_key_path=key_path, rsa_private_key=rsa_private_key_string)