Exemple #1
0
def degenerate_pkcs7_der(m2_x509s):
    ct_p7 = get_lc().PKCS7_new()

    assert get_lc().PKCS7_set_type(ct_p7, m2.PKCS7_SIGNED)
    assert get_lc().PKCS7_content_new(ct_p7, m2.PKCS7_DATA)

    ct_x509_sk = get_lc().sk_new_null()

    for m2_x509 in m2_x509s:
        # duplicate the provided X509 certificate (as it will get free'd)
        # when we free our PKCS7 structure
        m2_x509_dup = m2.x509_dup(m2_x509._ptr())
        ct_x509_dup = c_void_p(long(m2_x509_dup))

        get_lc().sk_push(ct_x509_sk, ct_x509_dup)

    ct_p7.contents.d.sign.contents.crl = None
    ct_p7.contents.d.sign.contents.cert = ct_x509_sk

    m2_p7bio = BIO.MemoryBuffer()
    ct_p7bio = c_void_p(long(m2_p7bio._ptr()))

    assert get_lc().i2d_PKCS7_bio(ct_p7bio, ct_p7)

    pkcs7_der = m2_p7bio.read()

    get_lc().PKCS7_free(ct_p7)

    return pkcs7_der
Exemple #2
0
    def from_pkcs7_der(cls, pkcs7_der):
        m2_p7_bio = BIO.MemoryBuffer(pkcs7_der)
        m2_p7 = SMIME.PKCS7(m2.pkcs7_read_bio_der(m2_p7_bio._ptr()), 1)
        ct_p7 = cast(c_void_p(long(m2_p7._ptr())), POINTER(PKCS7))

        ct_sis = get_lc().PKCS7_get_signer_info(ct_p7)
        assert get_lc().sk_num(ct_sis) == 1

        ct_si = cast(c_void_p(get_lc().sk_value(ct_sis, 0)), POINTER(PKCS7_SIGNER_INFO))

        ct_x509 = get_lc().X509_find_by_issuer_and_serial(
            ct_p7.contents.d.sign.contents.cert,
            ct_si.contents.issuer_and_serial.contents.issuer,
            ct_si.contents.issuer_and_serial.contents.serial)

        signing_cert_int = m2_x509_from_ct_ptr(ct_x509)
        signing_cert = X509.X509(m2.x509_dup(signing_cert_int._ptr()))

        m2_p7buf = BIO.MemoryBuffer()
        ct_p7buf = c_void_p(long(m2_p7buf._ptr()))

        assert get_lc().PKCS7_signatureVerify(ct_p7buf, ct_p7, ct_si, ct_x509) >= 0

        assert ct_si.contents.auth_attr
        assert get_lc().sk_num(ct_si.contents.auth_attr)

        attrs = []

        for i in xrange(0, get_lc().sk_num(ct_si.contents.auth_attr)):
            # loop through the signed attributes

            ct_x509_attr_p = get_lc().sk_value(ct_si.contents.auth_attr, i)
            assert ct_x509_attr_p
            ct_x509_attr = cast(ct_x509_attr_p, POINTER(X509_ATTRIBUTE))

            try:
                # try to find a matching OID attribute that we handle
                oid_obj = SCEPAttribute.find_by_matching_x509_attr_asn1_obj(ct_x509_attr)
            except SCEPAttributeKeyError:
                continue

            attrs.append((oid_obj, oid_obj.get_string(ct_x509_attr)))

        message_types = [attr for attr in attrs if issubclass(attr[0], MessageType)]
        assert message_types
        message_type = message_types[0]
        attrs.remove(message_types[0])

        ct_p7bio = get_lc().PKCS7_dataInit(ct_p7, None)
        assert ct_p7bio

        m2_p7bio = m2_MemoryBuffer_from_ct_ptr(ct_p7bio)

        ncls = SCEPMessage.find_by_message_type(message_type[1])()

        ncls.signing_cert = signing_cert
        ncls.signedcontent = m2_p7bio.read()
        ncls._set_attrs(attrs)

        return ncls