Exemple #1
0
 def dumpPKeyToString(self):
     """
 Dump key to string
 """
     if not self.__loadedPKey:
         return S_ERROR("No chain loaded")
     return S_OK(crypto.dump_privatekey(crypto.FILETYPE_PEM, self.__keyObj))
Exemple #2
0
 def dumpPKeyToString( self ):
   """
   Dump key to string
   """
   if not self.__loadedPKey:
     return S_ERROR( "No chain loaded" )
   return S_OK( crypto.dump_privatekey( crypto.FILETYPE_PEM, self.__keyObj ) )
Exemple #3
0
  def generateProxyToString( self, lifeTime, diracGroup = False, strength = 1024, limited = False, rfc = False, proxyKey = False ):
    """
    Generate a proxy and get it as a string

    Args:
        lifeTime (int): expected lifetime in seconds of proxy
        diracGroup (str): diracGroup to add to the certificate
        strength (int): length in bits of the pair
        limited (bool): Create a limited proxy

    """
    if not self.__loadedChain:
      return S_ERROR( DErrno.ENOCHAIN )
    if not self.__loadedPKey:
      return S_ERROR( DErrno.ENOPKEY )

    if self.__isProxy:
      rfc = self.isRFC().get( 'Value', False )

    issuerCert = self.__certList[0]

    if not proxyKey:
      proxyKey = crypto.PKey()
      proxyKey.generate_key( crypto.TYPE_RSA, strength )

    proxyCert = crypto.X509()


    if rfc:
      proxyCert.set_serial_number( str( int( random.random() * 10 ** 10 ) ) )
      cloneSubject = issuerCert.get_subject().clone()
      cloneSubject.insert_entry( "CN", str( int( random.random() * 10 ** 10 ) ) )
      proxyCert.set_subject( cloneSubject )
      proxyCert.add_extensions( self.__getProxyExtensionList( diracGroup, rfc and not limited, rfc and limited ) )
    else:
      proxyCert.set_serial_number( issuerCert.get_serial_number() )
      cloneSubject = issuerCert.get_subject().clone()
      if limited:
        cloneSubject.insert_entry( "CN", "limited proxy" )
      else:
        cloneSubject.insert_entry( "CN", "proxy" )
      proxyCert.set_subject( cloneSubject )
      proxyCert.add_extensions( self.__getProxyExtensionList( diracGroup ) )

    proxyCert.set_issuer( issuerCert.get_subject() )
    proxyCert.set_version( issuerCert.get_version() )
    proxyCert.set_pubkey( proxyKey )
    proxyCert.gmtime_adj_notBefore( -900 )
    proxyCert.gmtime_adj_notAfter( int( lifeTime ) )
    proxyCert.sign( self.__keyObj, 'sha256' )

    proxyString = "%s%s" % ( crypto.dump_certificate( crypto.FILETYPE_PEM, proxyCert ),
                               crypto.dump_privatekey( crypto.FILETYPE_PEM, proxyKey ) )
    for i in range( len( self.__certList ) ):
      proxyString += crypto.dump_certificate( crypto.FILETYPE_PEM, self.__certList[i] )


    return S_OK( proxyString )
Exemple #4
0
  def generateProxyToString(self, lifeTime, diracGroup=False, strength=1024, limited=False, rfc=False, proxyKey=False):
    """
    Generate a proxy and get it as a string

    Args:
        lifeTime (int): expected lifetime in seconds of proxy
        diracGroup (str): diracGroup to add to the certificate
        strength (int): length in bits of the pair
        limited (bool): Create a limited proxy

    """
    if not self.__loadedChain:
      return S_ERROR(DErrno.ENOCHAIN)
    if not self.__loadedPKey:
      return S_ERROR(DErrno.ENOPKEY)

    if self.__isProxy:
      rfc = self.isRFC().get('Value', False)

    issuerCert = self.__certList[0]

    if not proxyKey:
      proxyKey = crypto.PKey()
      proxyKey.generate_key(crypto.TYPE_RSA, strength)

    proxyCert = crypto.X509()

    if rfc:
      proxyCert.set_serial_number(str(int(random.random() * 10 ** 10)))
      cloneSubject = issuerCert.get_subject().clone()
      cloneSubject.insert_entry("CN", str(int(random.random() * 10 ** 10)))
      proxyCert.set_subject(cloneSubject)
      proxyCert.add_extensions(self.__getProxyExtensionList(diracGroup, rfc and not limited, rfc and limited))
    else:
      proxyCert.set_serial_number(issuerCert.get_serial_number())
      cloneSubject = issuerCert.get_subject().clone()
      if limited:
        cloneSubject.insert_entry("CN", "limited proxy")
      else:
        cloneSubject.insert_entry("CN", "proxy")
      proxyCert.set_subject(cloneSubject)
      proxyCert.add_extensions(self.__getProxyExtensionList(diracGroup))

    proxyCert.set_issuer(issuerCert.get_subject())
    proxyCert.set_version(issuerCert.get_version())
    proxyCert.set_pubkey(proxyKey)
    proxyCert.gmtime_adj_notBefore(-900)
    proxyCert.gmtime_adj_notAfter(int(lifeTime))
    proxyCert.sign(self.__keyObj, 'sha256')

    proxyString = "%s%s" % (crypto.dump_certificate(crypto.FILETYPE_PEM, proxyCert),
                            crypto.dump_privatekey(crypto.FILETYPE_PEM, proxyKey))
    for i in range(len(self.__certList)):
      proxyString += crypto.dump_certificate(crypto.FILETYPE_PEM, self.__certList[i])

    return S_OK(proxyString)
Exemple #5
0
 def dumpAllToString( self ):
   """
   Dump all to string
   """
   if not self.__loadedChain:
     return S_ERROR( "No chain loaded" )
   data = crypto.dump_certificate( crypto.FILETYPE_PEM, self.__certList[0] )
   if self.__loadedPKey:
     data += crypto.dump_privatekey( crypto.FILETYPE_PEM, self.__keyObj )
   for i in range( 1, len( self.__certList ) ):
     data += crypto.dump_certificate( crypto.FILETYPE_PEM, self.__certList[i] )
   return S_OK( data )
Exemple #6
0
 def dumpAllToString(self):
   """
   Dump all to string
   """
   if not self.__loadedChain:
     return S_ERROR(DErrno.ENOCHAIN)
   data = crypto.dump_certificate(crypto.FILETYPE_PEM, self.__certList[0])
   if self.__loadedPKey:
     data += crypto.dump_privatekey(crypto.FILETYPE_PEM, self.__keyObj)
   for i in range(1, len(self.__certList)):
     data += crypto.dump_certificate(crypto.FILETYPE_PEM, self.__certList[i])
   return S_OK(data)
Exemple #7
0
 def dumpAllToString( self ):
   """
   Dump all to string
   """
   if not self.__loadedChain:
     return S_ERROR( "No chain loaded" )
   buffer = crypto.dump_certificate( crypto.FILETYPE_PEM, self.__certList[0] )
   if self.__loadedPKey:
     buffer += crypto.dump_privatekey( crypto.FILETYPE_PEM, self.__keyObj )
   for i in range( 1, len( self.__certList ) ):
     buffer += crypto.dump_certificate( crypto.FILETYPE_PEM, self.__certList[i] )
   return S_OK( buffer )
Exemple #8
0
    def generateProxyToString(self,
                              lifeTime,
                              diracGroup=False,
                              strength=1024,
                              limited=False):
        """
    Generate a proxy and get it as a string
      Args:
        - lifeTime : expected lifetime in seconds of proxy
        - diracGroup : diracGroup to add to the certificate
        - strength : length in bits of the pair
        - limited : Create a limited proxy
    """
        if not self.__loadedChain:
            return S_ERROR("No chain loaded")
        if not self.__loadedPKey:
            return S_ERROR("No pkey loaded")

        issuerCert = self.__certList[0]

        proxyKey = crypto.PKey()
        proxyKey.generate_key(crypto.TYPE_RSA, strength)

        proxyCert = crypto.X509()
        cloneSubject = issuerCert.get_subject().clone()
        if limited:
            cloneSubject.insert_entry("CN", "limited proxy")
        else:
            cloneSubject.insert_entry("CN", "proxy")
        proxyCert.set_subject(cloneSubject)

        proxyCert.set_serial_number(issuerCert.get_serial_number())
        proxyCert.set_issuer(issuerCert.get_subject())
        proxyCert.set_version(issuerCert.get_version())
        proxyCert.set_pubkey(proxyKey)
        proxyCert.add_extensions(self.__getProxyExtensionList(diracGroup))
        proxyCert.gmtime_adj_notBefore(-900)
        proxyCert.gmtime_adj_notAfter(lifeTime)
        proxyCert.sign(self.__keyObj, 'sha1')

        proxyString = "%s%s" % (crypto.dump_certificate(
            crypto.FILETYPE_PEM,
            proxyCert), crypto.dump_privatekey(crypto.FILETYPE_PEM, proxyKey))
        for i in range(len(self.__certList)):
            proxyString += crypto.dump_certificate(crypto.FILETYPE_PEM,
                                                   self.__certList[i])

        return S_OK(proxyString)
Exemple #9
0
    def generateProxyToString(self, lifeTime, diracGroup=False, strength=1024, limited=False):
        """
    Generate a proxy and get it as a string
      Args:
        - lifeTime : expected lifetime in seconds of proxy
        - diracGroup : diracGroup to add to the certificate
        - strength : length in bits of the pair
        - limited : Create a limited proxy
    """
        if not self.__loadedChain:
            return S_ERROR("No chain loaded")
        if not self.__loadedPKey:
            return S_ERROR("No pkey loaded")

        issuerCert = self.__certList[0]

        proxyKey = crypto.PKey()
        proxyKey.generate_key(crypto.TYPE_RSA, strength)

        proxyCert = crypto.X509()
        cloneSubject = issuerCert.get_subject().clone()
        if limited:
            cloneSubject.insert_entry("CN", "limited proxy")
        else:
            cloneSubject.insert_entry("CN", "proxy")
        proxyCert.set_subject(cloneSubject)

        proxyCert.set_serial_number(issuerCert.get_serial_number())
        proxyCert.set_issuer(issuerCert.get_subject())
        proxyCert.set_version(issuerCert.get_version())
        proxyCert.set_pubkey(proxyKey)
        proxyCert.add_extensions(self.__getProxyExtensionList(diracGroup))
        proxyCert.gmtime_adj_notBefore(-900)
        proxyCert.gmtime_adj_notAfter(lifeTime)
        proxyCert.sign(self.__keyObj, "md5")

        proxyString = "%s%s" % (
            crypto.dump_certificate(crypto.FILETYPE_PEM, proxyCert),
            crypto.dump_privatekey(crypto.FILETYPE_PEM, proxyKey),
        )
        for i in range(len(self.__certList)):
            proxyString += crypto.dump_certificate(crypto.FILETYPE_PEM, self.__certList[i])

        return S_OK(proxyString)