def verify_sign(self,data,signature_place):
""" Verifies the signature against the data"""
#create a BIO.Memory object
dg=DigestMan()
data=dg.gen_buf_hash(data)
if not self.verify_signers(signature_place):
return False
#pass
self.dataBuf=self.makebuf(data)
if not data :
print "Supply data to verify with"
return False
#print self.dataBuf.read()
#Load the pkcs7 document
try :
#Make a stote and stack object just for argument list
#we dont need them actually
#xStore=self.create_store(["chain/cacert.pem"])
xStore=X509.X509_Store()
#stW=stackWork()
#sk=stW.add_chain(["chain/cacert.pem"])
sk = X509.X509_Stack()
self.sm.set_x509_stack(sk)
self.sm.set_x509_store(xStore)
#Sets the flags to noverify which means that the verification of
#the signers was made above
flagset=SMIME.PKCS7_NOVERIFY
#verify the signature it is a M2Crypto openssl method
res=self.sm.verify(self.__p7,self.dataBuf,flags=flagset)
#print res
if not res:
return False
else:
return True
except SMIME.SMIME_Error,e:
print "Error while setting pkcs7 verification process :",e
return False
def verify_sign(self, data, signature_place):
""" Verifies the signature against the data"""
#create a BIO.Memory object
dg = DigestMan()
data = dg.gen_buf_hash(data)
if not self.verify_signers(signature_place):
return False
#pass
self.dataBuf = self.makebuf(data)
if not data:
print "Supply data to verify with"
return False
#print self.dataBuf.read()
#Load the pkcs7 document
try:
#Make a stote and stack object just for argument list
#we dont need them actually
#xStore=self.create_store(["chain/cacert.pem"])
xStore = X509.X509_Store()
#stW=stackWork()
#sk=stW.add_chain(["chain/cacert.pem"])
sk = X509.X509_Stack()
self.sm.set_x509_stack(sk)
self.sm.set_x509_store(xStore)
#Sets the flags to noverify which means that the verification of
#the signers was made above
flagset = SMIME.PKCS7_NOVERIFY
#verify the signature it is a M2Crypto openssl method
res = self.sm.verify(self.__p7, self.dataBuf, flags=flagset)
#print res
if not res:
return False
else:
return True
except SMIME.SMIME_Error, e:
print "Error while setting pkcs7 verification process :", e
return False
def make_sign(self,keyplace,certplace,dataSign,signature_place):
""" We give the cert(s) and key place"""
#if the message is a big one we should digest it
dg=DigestMan()
dataSign=dg.gen_buf_hash(dataSign)
ch=chainMan()
#check basic things
if not ch.load_chain(certplace, tip=0):
return False
#testing the chain
if not ch.create_chain():
return False
#Gets the X509 objects as a stack
stack=ch.dumpto_stack()
del ch
#create a buffer to store the data to be signed
tosign=self.makebuf(dataSign)
#return "Process cut"
try :
#Loading the private key
self.sm.load_key(keyplace,certplace[0])
#print stack
#setting the stack we prepared
#Not used for now
self.sm.set_x509_stack(stack)
#The flags is detached because we dont want to store the original message in the pkcs7
flagset=SMIME.PKCS7_DETACHED
#print "The flagset is :",flagset
self.__p7=self.sm.sign(tosign,flags=flagset)
#print self.__p7
except SMIME.SMIME_Error,e:
print "Error with signing process",e
return False
def make_sign(self, keyplace, certplace, dataSign, signature_place):
""" We give the cert(s) and key place"""
#if the message is a big one we should digest it
dg = DigestMan()
dataSign = dg.gen_buf_hash(dataSign)
ch = chainMan()
#check basic things
if not ch.load_chain(certplace, tip=0):
return False
#testing the chain
if not ch.create_chain():
return False
#Gets the X509 objects as a stack
stack = ch.dumpto_stack()
del ch
#create a buffer to store the data to be signed
tosign = self.makebuf(dataSign)
#return "Process cut"
try:
#Loading the private key
self.sm.load_key(keyplace, certplace[0])
#print stack
#setting the stack we prepared
#Not used for now
self.sm.set_x509_stack(stack)
#The flags is detached because we dont want to store the original message in the pkcs7
flagset = SMIME.PKCS7_DETACHED
#print "The flagset is :",flagset
self.__p7 = self.sm.sign(tosign, flags=flagset)
#print self.__p7
except SMIME.SMIME_Error, e:
print "Error with signing process", e
return False
def get_hash_list(self):
""" That method is needed when we look for a specific cert if it is
in the db so we need their hash list"""
hash_list=[]
#from root to client
for cert in self.__cert_stack:
tempCert=X509Man(cert[2])
hash_list.append(DigestMan.gen_buf_hash(tempCert.get_cert_text()))
del tempCert
return hash_list
def main(argv):
""" The main arguments passed"""
try:
opts, args = getopt.getopt(argv, "", [
"help", "showsigner=", "initdb", "listall", "list=", "sign=",
"verify=", "delete=", "update=", "import=", "hash=", "help"
])
except getopt.GetoptError:
usage()
sys.exit(2)
for opt, arg in opts:
#listing a proper chain
if opt in ("--list"):
if args:
usage()
sys.exit(2)
else:
if not list_chain(arg):
print "No available chain use --listall"
sys.exit(2)
print "Chain loaded look at your browser (Firefox)"
#Listing all chains:
elif opt in ("--listall"):
if args:
usage()
sys.exit(2)
else:
dc = DbCert()
res = dc.list_chains()
if not res:
print "No chains in db"
sys.exit(2)
else:
print res
#signing a document
elif opt in ("--sign"):
if not args or len(args) < 2:
usage()
sys.exit(2)
if not os.path.exists(arg):
print "Provide a valid file to sign"
sys.exit(2)
arg = Cutil.file_operator(arg, op=0)
if arg == -1 or not arg:
sys.exit(2)
#string.strip(arg)
#dg=DigestMan()
#print dg.gen_buf_hash(arg)
p7 = pkcs7Work()
p7.make_sign(args[0], args[1:], arg, "signature.sig")
sys.exit(0)
#verifying a signature
elif opt in ("--verify"):
if not args:
usage()
sys.exit(2)
if not os.path.exists(arg):
print "Provide a valid file to sign"
sys.exit(2)
arg = Cutil.file_operator(arg, op=0)
if arg == -1 or not arg:
sys.exit(2)
#string.strip(arg)
#dg=DigestMan()
#print dg.gen_buf_hash(arg)
p7 = pkcs7Work()
#print args[0]
if p7.verify_sign(arg, args[0]):
print "Verification succesful"
sys.exit(0)
#importing a chain into db
elif opt in ("--import"):
dc = DbCert()
if not args:
usage()
sys.exit(2)
else:
if not dc.import_chain(args, arg):
print "Chain insertion Failed"
else:
print "Chain inserted into database"
sys.exit(0)
#deleting a chain from the db
elif opt in ("--delete"):
if args:
usage()
sys.exit(2)
dc = DbCert()
if dc.delete_chain(arg):
print "Chain deleted succesfully"
else:
print "Chain deletion can not be completed"
#updating the trust degreee
elif opt in ("--update"):
if not args or len(args) > 1:
usage()
sys.exit(2)
dc = DbCert()
if dc.change_trust(arg, int(args[0])):
print "Chain trust degree changed"
else:
print "Chain degree changing failed"
sys.exit(0)
elif opt in ("--hash"):
if args:
usage()
sys.exit(2)
dg = DigestMan()
if dg.store_hash(arg) == True:
print "Now you can sign the sum file"
else:
print "Hash computing failed"
sys.exit(0)
elif opt in ("--initdb"):
dc = DbCert()
if not dc.c_tables():
""" Initialization process failed"""
sys.exit(0)
elif opt in ("--showsigner"):
if args:
usage()
sys.exit(2)
p7 = pkcs7Work()
if not p7.print_signers(arg):
"The chain into signature can not be shown"
sys.exit(0)
elif opt in ("--help"):
usage()
sys.exit(2)
from digest.Hasher import DigestMan
from initializer import DbCert
from dbMain import LiteDb
from sign.cert import X509Man
dc = DbCert()
sum = dc.selectS("select cert_sum from certs where ce_id=%s" % (7))
#print sum[0][0]
#print dc.get_certData(2)[1:].split()
d = DigestMan()
sum2 = d.gen_buf_hash(dc.get_certData(7)[1:])
print sum2
if sum == sum2:
print "The sum is ok"
else:
print "The cert was modified"
sum3 = open("chain/cert2.pem", "r").read()
sum3 = d.gen_buf_hash(sum3)
#print sum3
#try to import it there
c = X509Man()
c.set_from_buf(dc.get_certData(7)[1:])
print c.get_detail()
def import_chain(self,file_list,name=None):
""" Inserts a new entry to db in chain table also calls the
import_cert to complete the job
1.take cert stack
2.compute their hash
3.if chain exists it fails
4.if root exists warning
5.If not there it is inserted as trusted cause we import it (May be changed later)"""
""" Verification Process"""
ch=chainMan()
if not ch.load_chain(file_list):
print "Cert verification failed"
return False
#Test the chain if it is valid
if not ch.create_chain():
print "The chain is not valid"
return False
#get the final one
chain_st=ch.get_final()
del ch
#use the slot 0 of the list that we recieved
#get the hashes
for c in chain_st:
#print c[2]
tempCert=X509Man(c[2])
c[0]=DigestMan.gen_buf_hash(tempCert.get_cert_text())
del tempCert
#print c[0]
#check first if the same chain is in the db
if not self.dup_control([c[0] for c in chain_st]):
#print "The chain exists in the db"
return False
#return "Process cut :)"
q2="select max(c_id) from chains"
res=super(DbCert,self).selectS(q2,"one")
if res==-1:
#print res
print "Chain insertin process failed"
return False
if not name:
if res[0]:
print res[0]
q="insert into chains values (null,\'%s\',\'trusted\')"%("".join(["name",str(res[0])]))
else:
q="insert into chains values (null,\'%s\',\'trusted\')"%("name1")
else:
q3="select * from chains where name=\'%s\'"%(name)
res=super(DbCert,self).selectS(q3,"one")
if res:
print "Name exists"
return False
q="insert into chains values (null,\'%s\',\'trusted\')"%(name)
res=super(DbCert,self).updateS(q)
if res==-1:
print "Chain insertion error"
return False
#print "New chain inserted"
#super(DbCert,self).renew_conn()
res=super(DbCert,self).selectS(q2)
if not res or res==-1:
#print res
#print "Chain insertin process failed"
return False
#print "parent chain number taken"
if not self.import_cert(res[0], chain_st):
return False
print "Import process succesfull"
return True
def main(argv):
""" The main arguments passed"""
try:
opts,args=getopt.getopt(argv, "", ["help","showsigner=","initdb","listall","list=","sign=","verify=","delete=","update=","import=","hash=","help"])
except getopt.GetoptError:
usage()
sys.exit(2)
for opt,arg in opts:
#listing a proper chain
if opt in ("--list"):
if args:
usage()
sys.exit(2)
else:
if not list_chain(arg):
print "No available chain use --listall"
sys.exit(2)
print "Chain loaded look at your browser (Firefox)"
#Listing all chains:
elif opt in ("--listall"):
if args:
usage()
sys.exit(2)
else:
dc=DbCert()
res=dc.list_chains()
if not res:
print "No chains in db"
sys.exit(2)
else:
print res
#signing a document
elif opt in ("--sign"):
if not args or len(args)<2:
usage()
sys.exit(2)
if not os.path.exists(arg):
print "Provide a valid file to sign"
sys.exit(2)
arg=Cutil.file_operator(arg, op=0)
if arg==-1 or not arg:
sys.exit(2)
#string.strip(arg)
#dg=DigestMan()
#print dg.gen_buf_hash(arg)
p7=pkcs7Work()
p7.make_sign(args[0],args[1:], arg,"signature.sig")
sys.exit(0)
#verifying a signature
elif opt in ("--verify"):
if not args:
usage()
sys.exit(2)
if not os.path.exists(arg):
print "Provide a valid file to sign"
sys.exit(2)
arg=Cutil.file_operator(arg, op=0)
if arg==-1 or not arg:
sys.exit(2)
#string.strip(arg)
#dg=DigestMan()
#print dg.gen_buf_hash(arg)
p7=pkcs7Work()
#print args[0]
if p7.verify_sign(arg, args[0]):
print "Verification succesful"
sys.exit(0)
#importing a chain into db
elif opt in ("--import"):
dc=DbCert()
if not args:
usage()
sys.exit(2)
else:
if not dc.import_chain(args,arg):
print "Chain insertion Failed"
else:
print "Chain inserted into database"
sys.exit(0)
#deleting a chain from the db
elif opt in ("--delete"):
if args:
usage()
sys.exit(2)
dc=DbCert()
if dc.delete_chain(arg):
print "Chain deleted succesfully"
else:
print "Chain deletion can not be completed"
#updating the trust degreee
elif opt in ("--update"):
if not args or len(args)>1:
usage()
sys.exit(2)
dc=DbCert()
if dc.change_trust(arg, int(args[0])):
print "Chain trust degree changed"
else:
print "Chain degree changing failed"
sys.exit(0)
elif opt in ("--hash"):
if args:
usage()
sys.exit(2)
dg=DigestMan()
if dg.store_hash(arg)==True:
print "Now you can sign the sum file"
else:
print "Hash computing failed"
sys.exit(0)
elif opt in ("--initdb"):
dc=DbCert()
if not dc.c_tables():
""" Initialization process failed"""
sys.exit(0)
elif opt in ("--showsigner"):
if args:
usage()
sys.exit(2)
p7=pkcs7Work()
if not p7.print_signers(arg):
"The chain into signature can not be shown"
sys.exit(0)
elif opt in ("--help"):
usage()
sys.exit(2)
from digest.Hasher import DigestMan
from initializer import DbCert
from dbMain import LiteDb
from sign.cert import X509Man
dc=DbCert()
sum=dc.selectS("select cert_sum from certs where ce_id=%s"%(7))
#print sum[0][0]
#print dc.get_certData(2)[1:].split()
d=DigestMan()
sum2=d.gen_buf_hash(dc.get_certData(7)[1:])
print sum2
if sum==sum2:
print "The sum is ok"
else:
print "The cert was modified"
sum3=open("chain/cert2.pem","r").read()
sum3=d.gen_buf_hash(sum3)
#print sum3
#try to import it there
c=X509Man()
c.set_from_buf(dc.get_certData(7)[1:])
print c.get_detail()
