def _get_openssl_key_manager(cert_file, key_file=None):
paths = [key_file] if key_file else []
paths.append(cert_file)
# Go from Bouncy Castle API to Java's; a bit heavyweight for the Python dev ;)
key_converter = JcaPEMKeyConverter().setProvider("BC")
cert_converter = JcaX509CertificateConverter().setProvider("BC")
private_key = None
certs = []
for path in paths:
for br in _extract_readers(path):
while True:
obj = PEMParser(br).readObject()
if obj is None:
break
if isinstance(obj, PEMKeyPair):
private_key = key_converter.getKeyPair(obj).getPrivate()
elif isinstance(obj, PrivateKeyInfo):
private_key = key_converter.getPrivateKey(obj)
elif isinstance(obj, X509CertificateHolder):
certs.append(cert_converter.getCertificate(obj))
assert private_key, "No private key loaded"
key_store = KeyStore.getInstance(KeyStore.getDefaultType())
key_store.load(None, None)
key_store.setKeyEntry(str(uuid.uuid4()), private_key, [], certs)
kmf = KeyManagerFactory.getInstance(
KeyManagerFactory.getDefaultAlgorithm())
kmf.init(key_store, [])
return kmf
def _get_openssl_key_manager(cert_file, key_file=None):
paths = [key_file] if key_file else []
paths.append(cert_file)
# Go from Bouncy Castle API to Java's; a bit heavyweight for the Python dev ;)
key_converter = JcaPEMKeyConverter().setProvider("BC")
cert_converter = JcaX509CertificateConverter().setProvider("BC")
private_key = None
certs = []
for path in paths:
for br in _extract_readers(path):
while True:
obj = PEMParser(br).readObject()
if obj is None:
break
if isinstance(obj, PEMKeyPair):
private_key = key_converter.getKeyPair(obj).getPrivate()
elif isinstance(obj, PrivateKeyInfo):
private_key = key_converter.getPrivateKey(obj)
elif isinstance(obj, X509CertificateHolder):
certs.append(cert_converter.getCertificate(obj))
assert private_key, "No private key loaded"
key_store = KeyStore.getInstance(KeyStore.getDefaultType())
key_store.load(None, None)
key_store.setKeyEntry(str(uuid.uuid4()), private_key, [], certs)
kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm())
kmf.init(key_store, [])
return kmf
def _get_openssl_key_manager(cert_file=None,
key_file=None,
password=None,
_key_store=None):
certs, private_key = [], None
if _key_store is None:
_key_store = KeyStore.getInstance(KeyStore.getDefaultType())
_key_store.load(None, None)
if key_file is not None:
certs, private_key = _extract_certs_for_paths([key_file], password)
if private_key is None:
from _socket import SSLError, SSL_ERROR_SSL
raise SSLError(SSL_ERROR_SSL, "PEM lib (No private key loaded)")
if cert_file is not None:
_certs, _private_key = _extract_certs_for_paths([cert_file], password)
private_key = _private_key if _private_key else private_key
certs.extend(_certs)
if not private_key:
from _socket import SSLError, SSL_ERROR_SSL
raise SSLError(SSL_ERROR_SSL, "PEM lib (No private key loaded)")
keys_match = False
for cert in certs:
# TODO works for RSA only for now
if not isinstance(cert.publicKey, RSAPublicKey) and isinstance(
private_key, RSAPrivateCrtKey):
keys_match = True
continue
if cert.publicKey.getModulus() == private_key.getModulus() \
and cert.publicKey.getPublicExponent() == private_key.getPublicExponent():
keys_match = True
else:
keys_match = False
if key_file is not None and not keys_match:
from _socket import SSLError, SSL_ERROR_SSL
raise SSLError(SSL_ERROR_SSL, "key values mismatch")
_key_store.setKeyEntry(_str_hash_key_entry(private_key, *certs),
private_key, [], certs)
kmf = KeyManagerFactory.getInstance(
KeyManagerFactory.getDefaultAlgorithm())
kmf.init(_key_store, [])
return kmf
def _get_openssl_key_manager(cert_file=None, key_file=None, password=None, _key_store=None):
certs, private_key = [], None
if _key_store is None:
_key_store = KeyStore.getInstance(KeyStore.getDefaultType())
_key_store.load(None, None)
if key_file is not None:
certs, private_key = _extract_certs_for_paths([key_file], password)
if private_key is None:
from _socket import SSLError, SSL_ERROR_SSL
raise SSLError(SSL_ERROR_SSL, "PEM lib (No private key loaded)")
if cert_file is not None:
_certs, _private_key = _extract_certs_for_paths([cert_file], password)
private_key = _private_key if _private_key else private_key
certs.extend(_certs)
if not private_key:
from _socket import SSLError, SSL_ERROR_SSL
raise SSLError(SSL_ERROR_SSL, "PEM lib (No private key loaded)")
keys_match = False
for cert in certs:
# TODO works for RSA only for now
if not isinstance(cert.publicKey, RSAPublicKey) and isinstance(private_key, RSAPrivateCrtKey):
keys_match = True
continue
if cert.publicKey.getModulus() == private_key.getModulus() \
and cert.publicKey.getPublicExponent() == private_key.getPublicExponent():
keys_match = True
else:
keys_match = False
if key_file is not None and not keys_match:
from _socket import SSLError, SSL_ERROR_SSL
raise SSLError(SSL_ERROR_SSL, "key values mismatch")
_key_store.setKeyEntry(_str_hash_key_entry(private_key, *certs), private_key, [], certs)
kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm())
kmf.init(_key_store, [])
return kmf
def _get_openssl_key_manager(cert_file, key_file=None):
paths = [key_file] if key_file else []
paths.append(cert_file)
private_key = None
certs = []
for path in paths:
with closing(FileReader(path)) as reader:
br = BufferedReader(reader)
while True:
obj = PEMReader(br).readObject()
if obj is None:
break
if isinstance(obj, KeyPair):
private_key = obj.getPrivate()
elif isinstance(obj, X509Certificate):
certs.append(obj)
key_store = KeyStore.getInstance(KeyStore.getDefaultType())
key_store.load(None, None)
key_store.setKeyEntry(str(uuid.uuid4()), private_key, [], certs)
kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm())
kmf.init(key_store, [])
return kmf
