def check_gid(self, xrn=None, type=None, all=None, verbose=None): """Check the correspondance between the GID and the PubKey""" # db records from sfa.storage.model import RegRecord db_query = self.api.dbsession().query(RegRecord).filter_by(type=type) if xrn and not all: hrn = Xrn(xrn).get_hrn() db_query = db_query.filter_by(hrn=hrn) elif all and xrn: print "Use either -a or -x <xrn>, not both !!!" sys.exit(1) elif not all and not xrn: print "Use either -a or -x <xrn>, one of them is mandatory !!!" sys.exit(1) records = db_query.all() if not records: print "No Record found" sys.exit(1) OK = [] NOK = [] ERROR = [] NOKEY = [] for record in records: # get the pubkey stored in SFA DB if record.reg_keys: db_pubkey_str = record.reg_keys[0].key try: db_pubkey_obj = convert_public_key(db_pubkey_str) except: ERROR.append(record.hrn) continue else: NOKEY.append(record.hrn) continue # get the pubkey from the gid gid_str = record.gid gid_obj = GID(string = gid_str) gid_pubkey_obj = gid_obj.get_pubkey() # Check if gid_pubkey_obj and db_pubkey_obj are the same check = gid_pubkey_obj.is_same(db_pubkey_obj) if check : OK.append(record.hrn) else: NOK.append(record.hrn) if not verbose: print "Users NOT having a PubKey: %s\n\ Users having a non RSA PubKey: %s\n\ Users having a GID/PubKey correpondence OK: %s\n\ Users having a GID/PubKey correpondence Not OK: %s\n"%(len(NOKEY), len(ERROR), len(OK), len(NOK)) else: print "Users NOT having a PubKey: %s and are: \n%s\n\n\ Users having a non RSA PubKey: %s and are: \n%s\n\n\ Users having a GID/PubKey correpondence OK: %s and are: \n%s\n\n\ Users having a GID/PubKey correpondence NOT OK: %s and are: \n%s\n\n"%(len(NOKEY),NOKEY, len(ERROR), ERROR, len(OK), OK, len(NOK), NOK)
def sign(options): """ Sign the specified gid """ hierarchy = Hierarchy() config = Config() default_authority = config.SFA_INTERFACE_HRN auth_info = hierarchy.get_auth_info(default_authority) # load the gid gidfile = os.path.abspath(options.sign) if not os.path.isfile(gidfile): print "no such gid: %s" % gidfile sys.exit(1) gid = GID(filename=gidfile) # extract pub_key and create new gid pkey = gid.get_pubkey() urn = gid.get_urn() gid = hierarchy.create_gid(urn, create_uuid(), pkey) # get the outfile outfile = options.outfile if not outfile: outfile = os.path.abspath('./signed-%s.gid' % gid.get_hrn()) # save the signed gid if options.verbose: print "Writing signed gid %s" % outfile gid.save_to_file(outfile, save_parents=True)
class UploadCertForm(forms.Form): """Form to upload a certificate and its corresponding key.""" key_file = forms.FileField( help_text="Select the file that contains the key for the "\ "certificate to upload.") cert_file = forms.FileField( help_text="Select the file that contains the "\ "certificate to upload. The certificate must be signed "\ "with the uploaded key.") clean_key_file = _clean_x_file_factory("key") clean_cert_file = _clean_x_file_factory("cert") def clean(self): """Check that the cert file is signed by the key file and is trusted.""" logger.debug("cleaned_data %s" % self.cleaned_data) if self.files: self.key = Keypair(string=self.files["key_file"].read()) self.cert = GID(string=self.files["cert_file"].read()) cert_pubkey = self.cert.get_pubkey().get_pubkey_string() if cert_pubkey != self.key.get_pubkey_string(): raise forms.ValidationError( "Error: The certificate was not signed " "by the uploaded key. Please use a key " "that matches the certificate.") try: certs = [GID(filename=f) for f in get_trusted_cert_filenames()] self.cert.verify_chain(certs) except Exception as e: logger.error(traceback.format_exc()) raise forms.ValidationError( "Could not verify that the uploaded certificate is " "trusted. This could be because none of the certificate's " "ancestors have been installed as trusted. The error was: " "%s" % e ) return self.cleaned_data def save(self, user): """Write the key and cert into files. @param user: the user to save the cert and key for. @type user: C{django.contrib.auth.models.User} """ key_fname = get_user_key_fname(user) cert_fname = get_user_cert_fname(user) self.key.save_to_file(key_fname) self.cert.save_to_file(cert_fname)
class UploadCertForm(forms.Form): """Form to upload a certificate and its corresponding key.""" key_file = forms.FileField( help_text="Select the file that contains the key for the "\ "certificate to upload.") cert_file = forms.FileField( help_text="Select the file that contains the "\ "certificate to upload. The certificate must be signed "\ "with the uploaded key.") clean_key_file = _clean_x_file_factory("key") clean_cert_file = _clean_x_file_factory("cert") def clean(self): """Check that the cert file is signed by the key file and is trusted.""" logger.debug("cleaned_data %s" % self.cleaned_data) if self.files: self.key = Keypair(string=self.files["key_file"].read()) self.cert = GID(string=self.files["cert_file"].read()) cert_pubkey = self.cert.get_pubkey().get_pubkey_string() if cert_pubkey != self.key.get_pubkey_string(): raise forms.ValidationError( "Error: The certificate was not signed " "by the uploaded key. Please use a key " "that matches the certificate.") try: certs = [GID(filename=f) for f in get_trusted_cert_filenames()] self.cert.verify_chain(certs) except Exception as e: logger.error(traceback.format_exc()) raise forms.ValidationError( "Could not verify that the uploaded certificate is " "trusted. This could be because none of the certificate's " "ancestors have been installed as trusted. The error was: " "%s" % e) return self.cleaned_data def save(self, user): """Write the key and cert into files. @param user: the user to save the cert and key for. @type user: C{django.contrib.auth.models.User} """ key_fname = get_user_key_fname(user) cert_fname = get_user_cert_fname(user) self.key.save_to_file(key_fname) self.cert.save_to_file(cert_fname)
def check_gid(self, xrn=None, type=None, all=None, verbose=None): """Check the correspondance between the GID and the PubKey""" # db records from sfa.storage.model import RegRecord db_query = self.api.dbsession().query(RegRecord).filter_by(type=type) if xrn and not all: hrn = Xrn(xrn).get_hrn() db_query = db_query.filter_by(hrn=hrn) elif all and xrn: print "Use either -a or -x <xrn>, not both !!!" sys.exit(1) elif not all and not xrn: print "Use either -a or -x <xrn>, one of them is mandatory !!!" sys.exit(1) records = db_query.all() if not records: print "No Record found" sys.exit(1) OK = [] NOK = [] ERROR = [] NOKEY = [] for record in records: # get the pubkey stored in SFA DB if record.reg_keys: db_pubkey_str = record.reg_keys[0].key try: db_pubkey_obj = convert_public_key(db_pubkey_str) except: ERROR.append(record.hrn) continue else: NOKEY.append(record.hrn) continue # get the pubkey from the gid gid_str = record.gid gid_obj = GID(string=gid_str) gid_pubkey_obj = gid_obj.get_pubkey() # Check if gid_pubkey_obj and db_pubkey_obj are the same check = gid_pubkey_obj.is_same(db_pubkey_obj) if check: OK.append(record.hrn) else: NOK.append(record.hrn) if not verbose: print "Users NOT having a PubKey: %s\n\ Users having a non RSA PubKey: %s\n\ Users having a GID/PubKey correpondence OK: %s\n\ Users having a GID/PubKey correpondence Not OK: %s\n" % ( len(NOKEY), len(ERROR), len(OK), len(NOK)) else: print "Users NOT having a PubKey: %s and are: \n%s\n\n\ Users having a non RSA PubKey: %s and are: \n%s\n\n\ Users having a GID/PubKey correpondence OK: %s and are: \n%s\n\n\ Users having a GID/PubKey correpondence NOT OK: %s and are: \n%s\n\n" % (len( NOKEY), NOKEY, len(ERROR), ERROR, len(OK), OK, len(NOK), NOK)