def load_pkcs7(p7file): bio = m2.bio_new_file(p7file, 'r') if bio is None: raise BIO.BIOError(Err.get_error()) try: p7_ptr = m2.pkcs7_read_bio(bio) finally: m2.bio_free(bio) if p7_ptr is None: raise PKCS7_Error(Err.get_error()) return PKCS7(p7_ptr, 1)
def load_session(pemfile): f = BIO.openfile(pemfile) cptr = m2.ssl_session_read_pem(f.bio_ptr()) f.close() if cptr is None: raise Err.get_error() return Session(cptr, 1)
def sign(self, data_bio, flags=0): if not hasattr(self, 'pkey'): raise SMIME_Error('no private key: use load_key()') if hasattr(self, 'x509_stack'): pkcs7 = m2.pkcs7_sign1(self.x509._ptr(), self.pkey._ptr(), self.x509_stack._ptr(), data_bio._ptr(), flags) if pkcs7 is None: raise SMIME_Error(Err.get_error()) return PKCS7(pkcs7, 1) else: pkcs7 = m2.pkcs7_sign0(self.x509._ptr(), self.pkey._ptr(), data_bio._ptr(), flags) if pkcs7 is None: raise SMIME_Error(Err.get_error()) return PKCS7(pkcs7, 1)
def load_session(pemfile): # type: (AnyStr) -> Session with BIO.openfile(pemfile) as f: cptr = m2.ssl_session_read_pem(f.bio_ptr()) if cptr is None: raise SSLError(Err.get_error()) return Session(cptr, 1)
def _validatepubkeygeneric(self, signing_cert, digest_alg, payload, enc_digest): m2_cert = M2_X509.load_cert_der_string(der_encoder.encode(signing_cert)) pubkey = m2_cert.get_pubkey() pubkey.reset_context(digest_alg().name) pubkey.verify_init() pubkey.verify_update(payload) v = pubkey.verify_final(enc_digest) if v != 1: self.openssl_error = M2_Err.get_error() # Let's try a special case. I have no idea how I would determine when # to use this instead of the above code, so I'll always try. The # observed problem was that for one countersignature (RSA on MD5), # the encrypted digest did not contain an ASN.1 structure, but the # raw hash value instead. try: rsa = pubkey.get_rsa() except ValueError: # It's not an RSA key, just fall through... pass else: clear = rsa.public_decrypt(enc_digest, M2_RSA.pkcs1_padding) if digest_alg(payload).digest() == clear: return 1 return v
def run(self): ctx = SSL.Context() ctx.load_cert_chain("tests/server.pem") conn = SSL.Connection(ctx) cipher_list = conn.get_cipher_list() sslbio = BIO.SSLBio() readbio = BIO.MemoryBuffer() writebio = BIO.MemoryBuffer() sslbio.set_ssl(conn) conn.set_bio(readbio, writebio) conn.set_connect_state() sock = socket.socket() sock.connect((self.host, self.port)) handshake_complete = False while not handshake_complete: ret = sslbio.do_handshake() if ret <= 0: if not sslbio.should_retry() or not sslbio.should_read(): err_string = Err.get_error() print(err_string) sys.exit("unrecoverable error in handshake - client") else: output_token = writebio.read() if output_token is not None: sock.sendall(output_token) else: input_token = sock.recv(1024) readbio.write(input_token) else: handshake_complete = True sock.close()
def load_request(file, format=FORMAT_PEM): """ Load certificate request from file. @type file: string @param file: Name of file containing certificate request in either PEM or DER format. @type format: int, either FORMAT_PEM or FORMAT_DER @param format: Describes the format of the file to be loaded, either PEM or DER. @rtype: M2Crypto.X509.Request @return: M2Crypto.X509.Request object. """ f = BIO.openfile(file) if format == FORMAT_PEM: cptr = m2.x509_req_read_pem(f.bio_ptr()) elif format == FORMAT_DER: cptr = m2.d2i_x509_req(f.bio_ptr()) else: raise ValueError( "Unknown filetype. Must be either FORMAT_PEM or FORMAT_DER") f.close() if cptr is None: raise X509Error(Err.get_error()) return Request(cptr, 1)
def text_crlf_bio(bio_in): # type: (BIO.BIO) -> BIO.BIO bio_out = BIO.MemoryBuffer() if m2.smime_crlf_copy(bio_in._ptr(), bio_out._ptr()): return bio_out else: raise SMIME_Error(Err.get_error())
def load_cert(file, format=FORMAT_PEM): """ Load certificate from file. @type file: string @param file: Name of file containing certificate in either DER or PEM format. @type format: int, either FORMAT_PEM or FORMAT_DER @param format: Describes the format of the file to be loaded, either PEM or DER. @rtype: M2Crypto.X509.X509 @return: M2Crypto.X509.X509 object. """ bio = BIO.openfile(file) if format == FORMAT_PEM: return load_cert_bio(bio) elif format == FORMAT_DER: cptr = m2.d2i_x509(bio._ptr()) if cptr is None: raise X509Error(Err.get_error()) return X509(cptr, _pyfree=1) else: raise ValueError( "Unknown format. Must be either FORMAT_DER or FORMAT_PEM")
def smime_load_pkcs7(p7file): bio = m2.bio_new_file(p7file, 'r') if bio is None: raise BIO.BIOError(Err.get_error()) try: p7_ptr, bio_ptr = m2.smime_read_pkcs7(bio) finally: m2.bio_free(bio) if p7_ptr is None: raise SMIME_Error(Err.get_error()) if bio_ptr is None: return PKCS7(p7_ptr, 1), None else: return PKCS7(p7_ptr, 1), BIO.BIO(bio_ptr, 1)
def text_crlf(text): bio_in = BIO.MemoryBuffer(text) bio_out = BIO.MemoryBuffer() if m2.smime_crlf_copy(bio_in._ptr(), bio_out._ptr()): return bio_out.read() else: raise SMIME_Error(Err.get_error())
def ctrl_cmd_string(self, cmd, arg, optional=0): # type: (AnyStr, Optional[AnyStr], int) -> None """Call ENGINE_ctrl_cmd_string""" cmd = six.ensure_str(cmd) if arg is not None: arg = six.ensure_str(arg) if not m2.engine_ctrl_cmd_string(self._ptr, cmd, arg, optional): raise EngineError(Err.get_error())
def smime_load_pkcs7_bio(p7_bio): p7_ptr, bio_ptr = m2.smime_read_pkcs7(p7_bio._ptr()) if p7_ptr is None: raise SMIME_Error(Err.get_error()) if bio_ptr is None: return PKCS7(p7_ptr, 1), None else: return PKCS7(p7_ptr, 1), BIO.BIO(bio_ptr, 1)
def load_session(pemfile): f = BIO.openfile(pemfile) cptr = m2.ssl_session_read_pem(f.bio_ptr()) f.close() if cptr is None: from M2Crypto.SSL import SSLError raise SSLError(Err.get_error()) return Session(cptr, 1)
def new_stack_from_der(der_string): """ Create a new X509_Stack from DER string. @return: X509_Stack """ stack_ptr = m2.make_stack_from_der_sequence(der_string) if stack_ptr is None: raise X509Error(Err.get_error()) return X509_Stack(stack_ptr, 1, 1)
def __init__(self, request=None, path=None, dn=None, keySize=2048, key=None, extensions=None): self._signed = False # Create public key object if key and not request: self._key = key else: self._key = Key(keySize=keySize) # Create certificate._request if request: self._request = request if isinstance(request, str): if request.startswith("-----BEGIN CERTIFICATE REQUEST-----"): bio = BIO.MemoryBuffer(request) cptr = m2.x509_req_read_pem(bio._ptr()) if cptr is None: raise X509.X509Error(Err.get_error()) self._request = X509.Request(cptr, _pyfree=1) elif ord(request[0]) == 48: bio = BIO.MemoryBuffer(request) cptr = m2.d2i_x509_req(bio._ptr()) if cptr is None: raise X509.X509Error(Err.get_error()) self._request = X509.Request(cptr, _pyfree=1) elif path.exists(request): reqfile = open(request) bio = BIO.File(reqfile) self._request = X509.load_request_bio(bio) else: raise ValueError('WFT') else: self._request = X509.Request() self._request.set_pubkey(self._key) self._request.set_version(0) if dn: self.set_dn(dn) if extensions: self.add_extensions(extensions)
def encrypt(self, data_bio, flags=0): if not hasattr(self, 'cipher'): raise SMIME_Error('no cipher: use set_cipher()') if not hasattr(self, 'x509_stack'): raise SMIME_Error('no recipient certs: use set_x509_stack()') pkcs7 = m2.pkcs7_encrypt(self.x509_stack._ptr(), data_bio._ptr(), self.cipher._ptr(), flags) if pkcs7 is None: raise SMIME_Error(Err.get_error()) return PKCS7(pkcs7, 1)
def ValidateCertificateSignature(self, signed_cert, signing_cert): """Given a cert signed by another cert, validates the signature.""" # First the naive way -- note this does not check expiry / use etc. signed_m2 = M2_X509.load_cert_der_string(der_encoder.encode(signed_cert)) signing_m2 = M2_X509.load_cert_der_string(der_encoder.encode(signing_cert)) pubkey = signing_m2.get_pubkey() v = signed_m2.verify(pubkey) if v != 1: self.openssl_error = M2_Err.get_error() raise Asn1Error('1: Validation of cert signature failed.')
def decrypt(self, pkcs7, flags=0): if not hasattr(self, 'pkey'): raise SMIME_Error('no private key: use load_key()') if not hasattr(self, 'x509'): raise SMIME_Error('no certificate: load_key() used incorrectly?') blob = m2.pkcs7_decrypt(pkcs7._ptr(), self.pkey._ptr(), self.x509._ptr(), flags) if blob is None: raise SMIME_Error(Err.get_error()) return blob
def load_key(file, callback=util.passphrase_callback): # type: (AnyStr, Callable) -> PKey """ Load an M2Crypto.EVP.PKey from file. @param file: Name of file containing the key in PEM format. @param callback: A Python callable object that is invoked to acquire a passphrase with which to protect the key. @return: M2Crypto.EVP.PKey object. """ bio = m2.bio_new_file(file, 'r') if bio is None: raise BIO.BIOError(Err.get_error()) cptr = m2.pkey_read_pem(bio, callback) m2.bio_free(bio) if cptr is None: raise EVPError(Err.get_error()) return PKey(cptr, 1)
def _engine_load_key(self, func, name, pin = None): """Helper function for loading keys""" ui = m2.ui_openssl() cbd = m2.engine_pkcs11_data_new(pin) try: kptr = func(self._ptr, name, ui, cbd) if not kptr: raise EngineError(Err.get_error()) key = EVP.PKey(kptr, _pyfree = 1) finally: m2.engine_pkcs11_data_free(cbd) return key
def load_key(file, callback=util.passphrase_callback): """ Load an M2Crypto.EVP.PKey from file. @type file: string @param file: Name of file containing the key in PEM format. @type callback: Python callable @param callback: A Python callable object that is invoked to acquire a passphrase with which to protect the key. @rtype: M2Crypto.EVP.PKey @return: M2Crypto.EVP.PKey object. """ bio = m2.bio_new_file(file, "r") if bio is None: raise Err.get_error() cptr = m2.pkey_read_pem(bio, callback) m2.bio_free(bio) if cptr is None: raise Err.get_error() return PKey(cptr, 1)
def sign(self, data_bio, flags=0, algo='sha1'): # type: (BIO.BIO, int, Optional[str]) -> PKCS7 if not hasattr(self, 'pkey'): raise SMIME_Error('no private key: use load_key()') hash = getattr(m2, algo, None) if hash is None: raise SMIME_Error('no such hash algorithm %s' % algo) if hasattr(self, 'x509_stack'): pkcs7 = m2.pkcs7_sign1(self.x509._ptr(), self.pkey._ptr(), self.x509_stack._ptr(), data_bio._ptr(), hash(), flags) if pkcs7 is None: raise SMIME_Error(Err.get_error()) return PKCS7(pkcs7, 1) else: pkcs7 = m2.pkcs7_sign0(self.x509._ptr(), self.pkey._ptr(), data_bio._ptr(), hash(), flags) if pkcs7 is None: raise SMIME_Error(Err.get_error()) return PKCS7(pkcs7, 1)
def load_cert_der_string(string): # type: (AnyStr) -> X509 """ Load certificate from a string. @param string: String containing a certificate in DER format. @return: M2Crypto.X509.X509 object. """ string = util.py3bytes(string) bio = BIO.MemoryBuffer(string) cptr = m2.d2i_x509(bio._ptr()) if cptr is None: raise X509Error(Err.get_error()) return X509(cptr, _pyfree=1)
def load_key_bio_pubkey(bio, callback=util.passphrase_callback): # type: (BIO.BIO, Callable) -> PKey """ Load an M2Crypto.EVP.PKey from a public key as a M2Crypto.BIO object. :param bio: M2Crypto.BIO object containing the key in PEM format. :param callback: A Python callable object that is invoked to acquire a passphrase with which to protect the key. :return: M2Crypto.EVP.PKey object. """ cptr = m2.pkey_read_pem_pubkey(bio._ptr(), callback) if cptr is None: raise EVPError(Err.get_error()) return PKey(cptr, 1)
def load_crl_string(crl_string): """ Load CRL from a string. @type string: string @param string: String containing a CRL in PEM format. @rtype: M2Crypto.X509.X509_CRL @return: M2Crypto.X509.X509_CRL object. """ bio = BIO.MemoryBuffer(crl_string) cptr=m2.x509_crl_read_pem(bio._ptr()) if cptr is None: raise X509Error(Err.get_error()) return CRL(cptr, 1)
def load_cert_der_string(string): """ Load certificate from a string. @type string: string @param string: String containing a certificate in DER format. @rtype: M2Crypto.X509.X509 @return: M2Crypto.X509.X509 object. """ bio = BIO.MemoryBuffer(string) cptr = m2.d2i_x509(bio._ptr()) if cptr is None: raise X509Error(Err.get_error()) return X509(cptr, _pyfree=1)
def load_crl(file): # type: (AnyStr) -> CRL """ Load CRL from file. :param file: Name of file containing CRL in PEM format. :return: M2Crypto.X509.CRL object. """ with BIO.openfile(file) as f: cptr = m2.x509_crl_read_pem(f.bio_ptr()) if cptr is None: raise X509Error(Err.get_error()) return CRL(cptr, 1)
def load_crl(file): """ Load CRL from file. @type file: string @param file: Name of file containing CRL in PEM format. @rtype: M2Crypto.X509.CRL @return: M2Crypto.X509.CRL object. """ f=BIO.openfile(file) cptr=m2.x509_crl_read_pem(f.bio_ptr()) f.close() if cptr is None: raise X509Error(Err.get_error()) return CRL(cptr, 1)
def get_signature_serial_number(pkcs7): """ Extracts the serial number out of a DER formatted, detached PKCS7 signature buffer """ pkcs7_buf = MemoryBuffer(pkcs7) if pkcs7_buf is None: raise BIOError(Err.get_error()) p7_ptr = pkcs7_read_bio_der(pkcs7_buf.bio) p = PKCS7(p7_ptr, 1) # Fetch the certificate stack that is the list of signers # Since there should only be one in this use case, take the zeroth # cert in the stack and return its serial number return p.get0_signers(X509_Stack())[0].get_serial_number()
def load_request(file): """ Load certificate request from file. @type file: string @param file: Name of file containing certificate request in PEM format. @rtype: M2Crypto.X509.Request @return: M2Crypto.X509.Request object. """ f = BIO.openfile(file) cptr = m2.x509_req_read_pem(f.bio_ptr()) f.close() if cptr is None: raise Err.get_error() return Request(cptr, 1)
def load_crl(file): """ Load CRL from file. @type file: string @param file: Name of file containing CRL in PEM format. @rtype: M2Crypto.X509.CRL @return: M2Crypto.X509.CRL object. """ f = BIO.openfile(file) cptr = m2.x509_crl_read_pem(f.bio_ptr()) f.close() if cptr is None: raise X509Error(Err.get_error()) return CRL(cptr, 1)
def load_key_bio_pubkey(bio, callback=util.passphrase_callback): # type: (BIO.BIO, Callable) -> PKey """ Load an M2Crypto.EVP.PKey from a public key as a M2Crypto.BIO object. @param bio: M2Crypto.BIO object containing the key in PEM format. @param callback: A Python callable object that is invoked to acquire a passphrase with which to protect the key. @return: M2Crypto.EVP.PKey object. """ cptr = m2.pkey_read_pem_pubkey(bio._ptr(), callback) if cptr is None: raise EVPError(Err.get_error()) return PKey(cptr, 1)
def verify(self, pkcs7, data_bio=None, flags=0): if not hasattr(self, 'x509_stack'): raise SMIME_Error('no signer certs: use set_x509_stack()') if not hasattr(self, 'x509_store'): raise SMIME_Error('no x509 cert store: use set_x509_store()') assert isinstance(pkcs7, PKCS7), 'pkcs7 not an instance of PKCS7' p7 = pkcs7._ptr() if data_bio is None: blob = m2.pkcs7_verify0(p7, self.x509_stack._ptr(), self.x509_store._ptr(), flags) else: blob = m2.pkcs7_verify1(p7, self.x509_stack._ptr(), self.x509_store._ptr(), data_bio._ptr(), flags) if blob is None: raise SMIME_Error(Err.get_error()) return blob
def test_makefile_err(self): pid = self.start_server(self.args) try: ctx = SSL.Context() s = SSL.Connection(ctx) try: s.connect(self.srv_addr) except SSL.SSLError, e: assert 0, e f = s.makefile() data = self.http_get(s) s.close() del f del s err_code = Err.peek_error_code() assert not err_code, 'Unexpected error: %s' % err_code err = Err.get_error() assert not err, 'Unexpected error: %s' % err
def load_key_bio(bio, callback=util.passphrase_callback): """ Load an M2Crypto.EVP.PKey from an M2Crypto.BIO object. @type bio: M2Crypto.BIO @param bio: M2Crypto.BIO object containing the key in PEM format. @type callback: Python callable @param callback: A Python callable object that is invoked to acquire a passphrase with which to protect the key. @rtype: M2Crypto.EVP.PKey @return: M2Crypto.EVP.PKey object. """ cptr = m2.pkey_read_pem(bio._ptr(), callback) if cptr is None: raise EVPError(Err.get_error()) return PKey(cptr, 1)
def load_key_bio(bio, callback=util.passphrase_callback): """ Load an M2Crypto.EVP.PKey from an M2Crypto.BIO object. @type bio: M2Crypto.BIO @param bio: M2Crypto.BIO object containing the key in PEM format. @type callback: Python callable @param callback: A Python callable object that is invoked to acquire a passphrase with which to protect the key. @rtype: M2Crypto.EVP.PKey @return: M2Crypto.EVP.PKey object. """ cptr = m2.pkey_read_pem(bio._ptr(), callback) if cptr is None: raise Err.get_error() return PKey(cptr, 1)
def load_key_pubkey(file, callback=util.passphrase_callback): # type: (AnyStr, Callable) -> PKey """ Load an M2Crypto.EVP.PKey from a public key as a file. :param file: Name of file containing the key in PEM format. :param callback: A Python callable object that is invoked to acquire a passphrase with which to protect the key. :return: M2Crypto.EVP.PKey object. """ with BIO.openfile(file, 'r') as bio: cptr = m2.pkey_read_pem_pubkey(bio._ptr(), callback) if cptr is None: raise EVPError(Err.get_error()) return PKey(cptr, 1)
def ValidateCertificateSignature(self, signed_cert, signing_cert): """Given a cert signed by another cert, validates the signature.""" # First the naive way -- note this does not check expiry / use etc. signed_m2 = M2_X509.load_cert_der_string( der_encoder.encode(signed_cert)) signing_cert_text = der_encoder.encode(signing_cert) signing_m2 = M2_X509.load_cert_der_string(signing_cert_text) pubkey = signing_m2.get_pubkey() #XXX: eval! eval!!! #for openssl doesn't accept md2 as hash method. and such a cert has been used every where. #will not just trust it if hashlib.md5(signing_cert_text).hexdigest( ) == '10fc635df6263e0df325be5f79cd6767': return #10fc635df6263e0df325be5f79cd6767: Issuer: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority #Serial Number:70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf v = signed_m2.verify(pubkey) if v != 1: self.openssl_error = M2_Err.get_error() raise Asn1Error('1: Validation of cert signature failed.')
def test_makefile_err(self): pid = self.start_server(self.args) try: ctx = SSL.Context() s = SSL.Connection(ctx) try: s.connect(self.srv_addr) except SSL.SSLError as e: self.fail(e) f = s.makefile() data = self.http_get(s) s.close() del f del s err_code = Err.peek_error_code() self.assertEqual(err_code, 0, 'Unexpected error: %s' % err_code) err = Err.get_error() self.assertIsNone(err, 'Unexpected error: %s' % err) finally: self.stop_server(pid) self.assertIn('s_server -quiet -www', data)
def load_request_bio(bio, format=FORMAT_PEM): # type: (BIO.BIO, int) -> Request """ Load certificate request from a bio. :param bio: BIO pointing at a certificate request in either DER or PEM format. :param format: Describes the format of the request to be loaded, either PEM or DER. (using constants FORMAT_PEM and FORMAT_DER) :return: M2Crypto.X509.Request object. """ if format == FORMAT_PEM: cptr = m2.x509_req_read_pem(bio._ptr()) elif format == FORMAT_DER: cptr = m2.d2i_x509_req(bio._ptr()) else: raise ValueError( "Unknown format. Must be either FORMAT_DER or FORMAT_PEM") if cptr is None: raise X509Error(Err.get_error()) return Request(cptr, _pyfree=1)
def load_cert_bio(bio, format=FORMAT_PEM): # type: (BIO.BIO, int) -> X509 """ Load certificate from a bio. @param bio: BIO pointing at a certificate in either DER or PEM format. @param format: Describes the format of the cert to be loaded, either PEM or DER (via constants FORMAT_PEM and FORMAT_FORMAT_DER) @return: M2Crypto.X509.X509 object. """ if format == FORMAT_PEM: cptr = m2.x509_read_pem(bio._ptr()) elif format == FORMAT_DER: cptr = m2.d2i_x509(bio._ptr()) else: raise ValueError( "Unknown format. Must be either FORMAT_DER or FORMAT_PEM") if cptr is None: raise X509Error(Err.get_error()) return X509(cptr, _pyfree=1)
def _validateRegistrationSignature(self, applicationParameter, challengeParameter, keyHandle, userPublicKey, cert, signature): """ Internal helper function to validate the registration signature received after parsing the token registration data according to the U2F specification :param applicationParameter: SHA-256 hash of the application identity. :param challengeParameter: SHA-256 hash of the Client Data, a stringified JSON data structure prepared by the FIDO Client. :param keyHandle: The key handle retrieved on parsing the registration data :param userPublicKey: The user public key retrieved on parsing the registration data :param cert: X.509 certificate retrieved on parsing the registration data :param signature: The signature to be verified as retrieved on parsing the registration data """ certPubKey = cert.get_pubkey() certPubKey.reset_context('sha256') certPubKey.verify_init() if certPubKey.verify_update(b'\x00' + applicationParameter + challengeParameter + keyHandle + userPublicKey) != 1: raise Exception("Error on verify_update.") # Check for OpenSSL version 1.0.0 or higher if not self._is_supported_openssl_version(): raise Exception( "This version of OpenSSL is not supported! OpenSSL version 1.0.0 " "or higher is required for the U2F token.") if certPubKey.verify_final(signature) != 1: ssl_error = Err.get_error() raise Exception( "Signature verification failed! Maybe someone is doing " "something nasty! However, this error could possibly also be " "related to missing ECDSA support for the NIST P-256 curve in " "OpenSSL.\n\nOpenSSL says:\n{}".format(ssl_error))
def load_cert(file, format=FORMAT_PEM): # type: (AnyStr, int) -> X509 """ Load certificate from file. @param file: Name of file containing certificate in either DER or PEM format. @param format: Describes the format of the file to be loaded, either PEM or DER. @return: M2Crypto.X509.X509 object. """ with BIO.openfile(file) as bio: if format == FORMAT_PEM: return load_cert_bio(bio) elif format == FORMAT_DER: cptr = m2.d2i_x509(bio._ptr()) if cptr is None: raise X509Error(Err.get_error()) return X509(cptr, _pyfree=1) else: raise ValueError( "Unknown format. Must be either FORMAT_DER or FORMAT_PEM")
def load_request(file, format=FORMAT_PEM): # type: (AnyStr, int) -> Request """ Load certificate request from file. :param file: Name of file containing certificate request in either PEM or DER format. :param format: Describes the format of the file to be loaded, either PEM or DER. (using constants FORMAT_PEM and FORMAT_DER) :return: Request object. """ with BIO.openfile(file) as f: if format == FORMAT_PEM: cptr = m2.x509_req_read_pem(f.bio_ptr()) elif format == FORMAT_DER: cptr = m2.d2i_x509_req(f.bio_ptr()) else: raise ValueError( "Unknown filetype. Must be either FORMAT_PEM or FORMAT_DER") if cptr is None: raise X509Error(Err.get_error()) return Request(cptr, 1)
def run(self): ctx = SSL.Context() ctx.load_cert_chain("tests/server.pem") conn = SSL.Connection(ctx) cipher_list = conn.get_cipher_list() sslbio = BIO.SSLBio() readbio = BIO.MemoryBuffer() writebio = BIO.MemoryBuffer() sslbio.set_ssl(conn) conn.set_bio(readbio, writebio) conn.set_connect_state() sock = socket.socket() sock.connect((self.host, self.port)) handshake_complete = False while not handshake_complete: ret = sslbio.do_handshake() if ret <= 0: if not sslbio.should_retry() or not sslbio.should_read(): err_string = Err.get_error() print(err_string) sys.exit("unrecoverable error in handshake - client") else: output_token = writebio.read() if output_token is not None: sock.sendall(output_token) else: input_token = sock.recv(1024) readbio.write(input_token) else: handshake_complete = True output_token = writebio.read() if output_token is not None: sock.sendall(output_token) sock.close()
def load_pkcs7_bio_der(p7_bio): # type: (BIO.BIO) -> PKCS7 p7_ptr = m2.pkcs7_read_bio_der(p7_bio._ptr()) if p7_ptr is None: raise PKCS7_Error(Err.get_error()) return PKCS7(p7_ptr, 1)
def ctrl_cmd_string(self, cmd, arg, optional=0): """Call ENGINE_ctrl_cmd_string""" if not m2.engine_ctrl_cmd_string(self._ptr, cmd, arg, optional): raise EngineError(Err.get_error())
def load_pkcs7_bio_der(p7_bio): p7_ptr = m2.pkcs7_read_bio_der(p7_bio._ptr()) if p7_ptr is None: raise SMIME.PKCS7_Error(Err.get_error()) return SMIME.PKCS7(p7_ptr, 1)
def ctrl_cmd_string(self, cmd, arg, optional=0): # type: (bytes, Optional[bytes], int) -> int """Call ENGINE_ctrl_cmd_string""" if not m2.engine_ctrl_cmd_string(self._ptr, cmd, arg, optional): raise EngineError(Err.get_error())
def text_crlf_bio(bio_in): bio_out = BIO.MemoryBuffer() if m2.smime_crlf_copy(bio_in._ptr(), bio_out._ptr()): return bio_out else: raise SMIME_Error(Err.get_error())
def handle_error(self, exc_type, exc_value, exc_traceback): if self.debug: print 'handle_error()' #print exc_type, exc_value, exc_traceback print Err.get_error() self.handle_close()
def load_info(self, file): ret = m2.x509_store_load_locations(self.store, file) if ret < 1: raise X509Error(Err.get_error()) return ret