Exemple #1
0
def generate_sym_key():
    """ This Function generate Symmetric key and nonce data """    
    ## Initialize NSS Database opens temporary database and the internal PKCS #112 module
    nss.nss_init_nodb()
    ## Mechanism to be used for symmetric key 
    mechanism = nss.CKM_DES_CBC_PAD
    # From the Soft token that we initialized get slot to generate symmetric key
    slot = nss.get_best_slot(mechanism)
    # Generate a symmetric key on the pk11 slot, The sym_key is of type PK11SymKey
    sym_key = slot.key_gen(mechanism, None, slot.get_best_key_length(mechanism))

    # Generate Nonce 
    iv_length = nss.get_iv_length(mechanism)

    if iv_length > 0:
        # Generate Nonce
        iv_data = nss.generate_random(iv_length)
        # Pass this random data to NSS SecItem
        iv_si = nss.SecItem(iv_data)
        # Use the Data passed to SecItem for initialization Vector 
        iv_param = nss.param_from_iv(mechanism, iv_si)
        # Random data is converted to hex
        pki_nonce = nss.data_to_hex(data=iv_data, separator=":")
        #print "generated %d bytes initialization vector: %s" % (iv_length, pki_nonce)
    
        # Create a Symmetric key Context using the Symmetric key, nonce  The context should be 
        # used for encrypt as well as decrypt
        encoding_ctx = nss.create_context_by_sym_key(mechanism, nss.CKA_ENCRYPT, sym_key, iv_param)
        decoding_ctx = nss.create_context_by_sym_key(mechanism, nss.CKA_DECRYPT, sym_key, iv_param)
    #return the symmetric key, nonce data, encoding context and decoding context to encrypt and 
    # decrypt
    return sym_key, pki_nonce, encoding_ctx, decoding_ctx
Exemple #2
0
def load_certificate(data, datatype=PEM, dbdir=None):
    """
    Given a base64-encoded certificate, with or without the
    header/footer, return a request object.

    Returns a nss.Certificate type
    """
    if type(data) in (tuple, list):
        data = data[0]

    if (datatype == PEM):
        data = strip_header(data)
        data = base64.b64decode(data)

    if not nss.nss_is_initialized():
        if dbdir is None:
            if 'in_tree' in api.env:
                if api.env.in_tree:
                    dbdir = api.env.dot_ipa + os.sep + 'alias'
                else:
                    dbdir = "/etc/httpd/alias"
                nss.nss_init(dbdir)
            else:
                nss.nss_init_nodb()
        else:
            nss.nss_init(dbdir)

    return nss.Certificate(buffer(data))
Exemple #3
0
    def __init__(self, host, port=None, strict=None):
        six.moves.http_client.HTTPConnection.__init__(self, host, port, strict)

        logging.debug('%s init %s', self.__class__.__name__, host)
        if not nss.nss_is_initialized():
            nss.nss_init_nodb()
        self.sock = None
Exemple #4
0
    def getKeyFromPassphrase(self, keylen):
        pdialog = self.xml.get_widget("passphraseDialog")
        phraseEntry = self.xml.get_widget("passphraseEntry")

        phraseEntry.set_text('')
        pdialog.show()
        button = pdialog.run()
        pdialog.hide()
        if button != gtk.RESPONSE_OK and button != 0:
            return None

        phrase = phraseEntry.get_text()

        try:
            import nss.nss as nss
            nss.nss_init_nodb()
            shasum = nss.data_to_hex(nss.sha1_digest(phrase))
        except:
            import hashlib
            shasum = hashlib.sha1(phrase).hexdigest()

        if len(shasum) > keylen: 
            shasum = shasum[:keylen]

        return shasum
Exemple #5
0
def load_certificate(data, datatype=PEM, dbdir=None):
    """
    Given a base64-encoded certificate, with or without the
    header/footer, return a request object.

    Returns a nss.Certificate type
    """
    if type(data) in (tuple, list):
        data = data[0]

    if (datatype == PEM):
        data = strip_header(data)
        data = base64.b64decode(data)

    if not nss.nss_is_initialized():
        if dbdir is None:
            if 'in_tree' in api.env:
                if api.env.in_tree:
                    dbdir = api.env.dot_ipa + os.sep + 'alias'
                else:
                    dbdir = "/etc/httpd/alias"
                nss.nss_init(dbdir)
            else:
                nss.nss_init_nodb()
        else:
            nss.nss_init(dbdir)

    return nss.Certificate(buffer(data))
 def test_full(self):
     nss.nss_init_nodb()
     try:
         doc = PSKCDocument(os.path.join(basename, "full.xml"))
         assert [(t.id, t.options) for t in doc.getKeyPackages()] == [
             (
                 u"KID1",
                 {
                     "ipatokenotpkey": u"GEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQ",
                     "ipatokennotafter": u"20060531000000Z",
                     "ipatokennotbefore": u"20060501000000Z",
                     "ipatokenserial": u"SerialNo-IssueNo",
                     "ipatokentotpclockoffset": 60000,
                     "ipatokenotpalgorithm": u"sha1",
                     "ipatokenvendor": u"iana.dummy",
                     "description": u"FriendlyName",
                     "ipatokentotptimestep": 200,
                     "ipatokenhotpcounter": 0,
                     "ipatokenmodel": u"Model",
                     "ipatokenotpdigits": 8,
                     "type": u"hotp",
                 },
             )
         ]
     finally:
         nss.nss_shutdown()
Exemple #7
0
 def setUp(self):
     self.conn = None
     self.ldapuri = 'ldap://%s' % ipautil.format_netloc(api.env.host)
     self.ccache = '/tmp/krb5cc_%d' % os.getuid()
     nss.nss_init_nodb()
     self.dn = DN(('krbprincipalname','ldap/%s@%s' % (api.env.host, api.env.realm)),
                  ('cn','services'),('cn','accounts'),api.env.basedn)
Exemple #8
0
 def setup(self):
     nss.nss_init_nodb()
     if ipautil.file_exists("test0.csr"):
         self.testdir="./"
     elif ipautil.file_exists("ipatests/test_pkcs10/test0.csr"):
         self.testdir= "./ipatests/test_pkcs10/"
     else:
         raise nose.SkipTest("Unable to find test update files")
Exemple #9
0
 def setup(self):
     nss.nss_init_nodb()
     if ipautil.file_exists("test0.csr"):
         self.testdir="./"
     elif ipautil.file_exists("ipatests/test_pkcs10/test0.csr"):
         self.testdir= "./ipatests/test_pkcs10/"
     else:
         raise nose.SkipTest("Unable to find test update files")
Exemple #10
0
 def test_invalid(self):
     nss.nss_init_nodb()
     try:
         PSKCDocument(os.path.join(basename, "pskc-invalid.xml"))
     except ValueError: # File is invalid.
         pass
     else:
         assert False
     finally:
         nss.nss_shutdown()
Exemple #11
0
 def test_figure8(self):
     nss.nss_init_nodb()
     try:
         PSKCDocument(os.path.join(basename, "pskc-figure8.xml"))
     except NotImplementedError:  # X.509 is not supported.
         pass
     else:
         assert False
     finally:
         nss.nss_shutdown()
Exemple #12
0
 def test_invalid(self):
     nss.nss_init_nodb()
     try:
         PSKCDocument(os.path.join(basename, "pskc-invalid.xml"))
     except ValueError:  # File is invalid.
         pass
     else:
         assert False
     finally:
         nss.nss_shutdown()
Exemple #13
0
 def test_figure8(self):
     nss.nss_init_nodb()
     try:
         PSKCDocument(os.path.join(basename, "pskc-figure8.xml"))
     except NotImplementedError: # X.509 is not supported.
         pass
     else:
         assert False
     finally:
         nss.nss_shutdown()
 def test_mini(self):
     nss.nss_init_nodb()
     try:
         doc = PSKCDocument(os.path.join(basename, "pskc-mini.xml"))
         [(t.id, t.options) for t in doc.getKeyPackages()]
     except ValidationError: # Unsupported token type.
         pass
     else:
         assert False
     finally:
         nss.nss_shutdown()
 def test_mini(self):
     nss.nss_init_nodb()
     try:
         doc = PSKCDocument(os.path.join(basename, "pskc-mini.xml"))
         [(t.id, t.options) for t in doc.getKeyPackages()]
     except ValidationError:  # Unsupported token type.
         pass
     else:
         assert False
     finally:
         nss.nss_shutdown()
Exemple #16
0
 def setup(self):
     self.conn = None
     self.ldapuri = "ldap://%s" % ipautil.format_netloc(api.env.host)
     self.ccache = paths.TMP_KRB5CC % os.getuid()
     nss.nss_init_nodb()
     self.dn = DN(
         ("krbprincipalname", "ldap/%s@%s" % (api.env.host, api.env.realm)),
         ("cn", "services"),
         ("cn", "accounts"),
         api.env.basedn,
     )
Exemple #17
0
def main():
    global options

    parser = argparse.ArgumentParser(description='Password Based Encryption Example')

    parser.add_argument('-q', '--quiet', action='store_true',
                        help='stiffle chatty output')

    # === NSS Database Group ===
    group = parser.add_argument_group('PBKDF2',
                                      'Specify the PBKDF2 parameters')

    group.add_argument('--pbe-alg',
                       help='password based encryption algorithm')
    group.add_argument('--cipher-alg',
                       help='cipher algorithm')
    group.add_argument('--prf-alg',
                       help='pseudo-random function algorithm')
    group.add_argument('-l', '--key-length',
                       help='number of octets in derived key')
    group.add_argument('-s', '--salt',
                       help='salt as a string, if none then use random data')


    group = parser.add_argument_group('Encryption',
                                      'Specify the encryption parameters')

    group.add_argument('-p', '--password',
                       help='PBE password')

    group.add_argument('-t', '--plain-text',
                       help='string to encrypt')

    parser.set_defaults(pbe_alg = 'SEC_OID_PKCS5_PBKDF2',
                        cipher_alg = 'SEC_OID_AES_256_CBC',
                        prf_alg = 'SEC_OID_HMAC_SHA1',
                        iterations = 100,
                        key_length = 0,
                        salt = None,
                        password = '******',
                        plain_text = 'Black holes are where God divided by zero - Steven Wright',
                        )

    options = parser.parse_args()

    # Initialize NSS.
    nss.nss_init_nodb()

    do_pbkdf2()
Exemple #18
0
def main():
    global options

    parser = argparse.ArgumentParser(
        description='Password Based Encryption Example')

    parser.add_argument('-q',
                        '--quiet',
                        action='store_true',
                        help='stiffle chatty output')

    # === NSS Database Group ===
    group = parser.add_argument_group('PBKDF2',
                                      'Specify the PBKDF2 parameters')

    group.add_argument('--pbe-alg', help='password based encryption algorithm')
    group.add_argument('--cipher-alg', help='cipher algorithm')
    group.add_argument('--prf-alg', help='pseudo-random function algorithm')
    group.add_argument('-l',
                       '--key-length',
                       help='number of octets in derived key')
    group.add_argument('-s',
                       '--salt',
                       help='salt as a string, if none then use random data')

    group = parser.add_argument_group('Encryption',
                                      'Specify the encryption parameters')

    group.add_argument('-p', '--password', help='PBE password')

    group.add_argument('-t', '--plain-text', help='string to encrypt')

    parser.set_defaults(
        pbe_alg='SEC_OID_PKCS5_PBKDF2',
        cipher_alg='SEC_OID_AES_256_CBC',
        prf_alg='SEC_OID_HMAC_SHA1',
        iterations=100,
        key_length=0,
        salt=None,
        password='******',
        plain_text='Black holes are where God divided by zero - Steven Wright',
    )

    options = parser.parse_args()

    # Initialize NSS.
    nss.nss_init_nodb()

    do_pbkdf2()
Exemple #19
0
 def test_figure7(self):
     nss.nss_init_nodb()
     try:
         doc = PSKCDocument(os.path.join(basename, "pskc-figure7.xml"))
         assert doc.keyname == 'My Password 1'
         doc.setKey('qwerty')
         assert [(t.id, t.options) for t in doc.getKeyPackages()] == \
             [(u'123456', {
                 'ipatokenotpkey': u'GEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQ',
                 'ipatokenvendor': u'TokenVendorAcme',
                 'ipatokenserial': u'987654321',
                 'ipatokenotpdigits': 8,
                 'type': u'hotp'})]
     finally:
         nss.nss_shutdown()
Exemple #20
0
def load_certificate_request(csr, datatype=PEM):
    """
    Given a base64-encoded certificate request, with or without the
    header/footer, return a request object.
    """
    if datatype == PEM:
        csr = strip_header(csr)
        csr = base64.b64decode(csr)

    # A fail-safe so we can always read a CSR. python-nss/NSS will segfault
    # otherwise
    if not nss.nss_is_initialized():
        nss.nss_init_nodb()

    return nss.CertificateRequest(csr)
Exemple #21
0
def load_certificate_request(csr, datatype=PEM):
    """
    Given a base64-encoded certificate request, with or without the
    header/footer, return a request object.
    """
    if datatype == PEM:
        csr = strip_header(csr)
        csr = base64.b64decode(csr)

    # A fail-safe so we can always read a CSR. python-nss/NSS will segfault
    # otherwise
    if not nss.nss_is_initialized():
        nss.nss_init_nodb()

    return nss.CertificateRequest(csr)
Exemple #22
0
 def test_figure7(self):
     nss.nss_init_nodb()
     try:
         doc = PSKCDocument(os.path.join(basename, "pskc-figure7.xml"))
         assert doc.keyname == 'My Password 1'
         doc.setKey('qwerty')
         assert [(t.id, t.options) for t in doc.getKeyPackages()] == \
             [(u'123456', {
                 'ipatokenotpkey': u'GEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQ',
                 'ipatokenvendor': u'TokenVendorAcme',
                 'ipatokenserial': u'987654321',
                 'ipatokenotpdigits': 8,
                 'type': u'hotp'})]
     finally:
         nss.nss_shutdown()
Exemple #23
0
 def test_figure6(self):
     nss.nss_init_nodb()
     try:
         doc = PSKCDocument(os.path.join(basename, "pskc-figure6.xml"))
         assert doc.keyname == 'Pre-shared-key'
         doc.setKey('12345678901234567890123456789012'.decode('hex'))
         assert [(t.id, t.options) for t in doc.getKeyPackages()] == \
             [(u'12345678', {
                 'ipatokenotpkey': u'GEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQ',
                 'ipatokenvendor': u'Manufacturer',
                 'ipatokenserial': u'987654321',
                 'ipatokenhotpcounter': 0,
                 'ipatokenotpdigits': 8,
                 'type': u'hotp'})]
     finally:
         nss.nss_shutdown()
Exemple #24
0
 def test_figure6(self):
     nss.nss_init_nodb()
     try:
         doc = PSKCDocument(os.path.join(basename, "pskc-figure6.xml"))
         assert doc.keyname == 'Pre-shared-key'
         doc.setKey('12345678901234567890123456789012'.decode('hex'))
         assert [(t.id, t.options) for t in doc.getKeyPackages()] == \
             [(u'12345678', {
                 'ipatokenotpkey': u'GEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQ',
                 'ipatokenvendor': u'Manufacturer',
                 'ipatokenserial': u'987654321',
                 'ipatokenhotpcounter': 0,
                 'ipatokenotpdigits': 8,
                 'type': u'hotp'})]
     finally:
         nss.nss_shutdown()
Exemple #25
0
def verify_sym_key(archived_key, archived_iv, algorithm, plain_text):
    """ This function verifies whether archived key is usable, Actually
    verifying this is senseless, reason any random data can be used for encryption, 
    but still just for the heck of it. 
    """
    
    # Initialize NSS 
    nss.nss_init_nodb()

    # Decode the base64 string to binary
    key = base64.decodestring(archived_data)

    # Currently we are assuming the mechanism to AES
    # Will need to add other mechanisms later, but 
    # this is just an example.
    mechanism = nss.CKM_AES_CBC_PAD

    # Get the best pkcs11 slot
    slot = nss.get_best_slot(mechanism)

    # convert the binary to hex with separtor as :
    pki_key = nss.data_to_hex(data=key,separator=":")

    # create a nssSecItem object out of it.
    key_si = nss.SecItem(nss.read_hex(pki_key))

    # Import the key to the slot
    sym_key = nss.import_sym_key(slot, mechanism, nss.PK11_OriginUnwrap, nss.CKA_ENCRYPT, key_si)

    # Same for the nonce data
    iv = base64.decodestring(archived_iv)
    iv_data = nss.data_to_hex(data=iv,separator=":")
    iv_si = nss.SecItem(nss.read_hex(iv_data))
    iv_param = nss.param_from_iv(mechanism, iv_si)


    encoding_ctx = nss.create_context_by_sym_key(mechanism, nss.CKA_ENCRYPT,sym_key, iv_param)
    decoding_ctx = nss.create_context_by_sym_key(mechanism, nss.CKA_DECRYPT,sym_key, iv_param)

    cipher_text = encoding_ctx.cipher_op(plain_text)
    cipher_text += encoding_ctx.digest_final()
    print cipher_text

    decoded_text = decoding_ctx.cipher_op(cipher_text)
    decoded_text += decoding_ctx.digest_final()

    print decoded_text
Exemple #26
0
def initialize_nss_database(dbdir=None):
    """
    Initializes NSS database, if not initialized yet. Uses a proper database
    directory (.ipa/alias or HTTPD_ALIAS_DIR), depending on the value of
    api.env.in_tree.
    """

    if not nss.nss_is_initialized():
        if dbdir is None:
            if 'in_tree' in api.env:
                if api.env.in_tree:
                    dbdir = api.env.dot_ipa + os.sep + 'alias'
                else:
                    dbdir = paths.HTTPD_ALIAS_DIR
                nss.nss_init(dbdir)
            else:
                nss.nss_init_nodb()
        else:
            nss.nss_init(dbdir)
Exemple #27
0
def initialize_nss_database(dbdir=None):
    """
    Initializes NSS database, if not initialized yet. Uses a proper database
    directory (.ipa/alias or HTTPD_ALIAS_DIR), depending on the value of
    api.env.in_tree.
    """

    if not nss.nss_is_initialized():
        if dbdir is None:
            if 'in_tree' in api.env:
                if api.env.in_tree:
                    dbdir = api.env.dot_ipa + os.sep + 'alias'
                else:
                    dbdir = paths.HTTPD_ALIAS_DIR
                nss.nss_init(dbdir)
            else:
                nss.nss_init_nodb()
        else:
            nss.nss_init(dbdir)
 def test_figure7(self):
     nss.nss_init_nodb()
     try:
         doc = PSKCDocument(os.path.join(basename, "pskc-figure7.xml"))
         assert doc.keyname == "My Password 1"
         doc.setKey("qwerty")
         assert [(t.id, t.options) for t in doc.getKeyPackages()] == [
             (
                 u"123456",
                 {
                     "ipatokenotpkey": u"GEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQ",
                     "ipatokenvendor": u"TokenVendorAcme",
                     "ipatokenserial": u"987654321",
                     "ipatokenotpdigits": 8,
                     "type": u"hotp",
                 },
             )
         ]
     finally:
         nss.nss_shutdown()
 def test_figure6(self):
     nss.nss_init_nodb()
     try:
         doc = PSKCDocument(os.path.join(basename, "pskc-figure6.xml"))
         assert doc.keyname == "Pre-shared-key"
         doc.setKey("12345678901234567890123456789012".decode("hex"))
         assert [(t.id, t.options) for t in doc.getKeyPackages()] == [
             (
                 u"12345678",
                 {
                     "ipatokenotpkey": u"GEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQ",
                     "ipatokenvendor": u"Manufacturer",
                     "ipatokenserial": u"987654321",
                     "ipatokenhotpcounter": 0,
                     "ipatokenotpdigits": 8,
                     "type": u"hotp",
                 },
             )
         ]
     finally:
         nss.nss_shutdown()
Exemple #30
0
 def test_full(self):
     nss.nss_init_nodb()
     try:
         doc = PSKCDocument(os.path.join(basename, "full.xml"))
         assert [(t.id, t.options) for t in doc.getKeyPackages()] == \
             [(u'KID1', {
                 'ipatokenotpkey': u'GEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQ',
                 'ipatokennotafter': u'20060531000000Z',
                 'ipatokennotbefore': u'20060501000000Z',
                 'ipatokenserial': u'SerialNo-IssueNo',
                 'ipatokentotpclockoffset': 60000,
                 'ipatokenotpalgorithm': u'sha1',
                 'ipatokenvendor': u'iana.dummy',
                 'description': u'FriendlyName',
                 'ipatokentotptimestep': 200,
                 'ipatokenhotpcounter': 0,
                 'ipatokenmodel': u'Model',
                 'ipatokenotpdigits': 8,
                 'type': u'hotp',
             })]
     finally:
         nss.nss_shutdown()
Exemple #31
0
 def test_full(self):
     nss.nss_init_nodb()
     try:
         doc = PSKCDocument(os.path.join(basename, "full.xml"))
         assert [(t.id, t.options) for t in doc.getKeyPackages()] == \
             [(u'KID1', {
                 'ipatokenotpkey': u'GEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQ',
                 'ipatokennotafter': u'20060531000000Z',
                 'ipatokennotbefore': u'20060501000000Z',
                 'ipatokenserial': u'SerialNo-IssueNo',
                 'ipatokentotpclockoffset': 60000,
                 'ipatokenotpalgorithm': u'sha1',
                 'ipatokenvendor': u'iana.dummy',
                 'description': u'FriendlyName',
                 'ipatokentotptimestep': 200,
                 'ipatokenhotpcounter': 0,
                 'ipatokenmodel': u'Model',
                 'ipatokenotpdigits': 8,
                 'type': u'hotp',
             })]
     finally:
         nss.nss_shutdown()
def generate_sym_key():
    """ This Function generate Symmetric key and nonce data """
    ## Initialize NSS Database opens temporary database and the internal PKCS #112 module
    nss.nss_init_nodb()
    ## Mechanism to be used for symmetric key
    mechanism = nss.CKM_DES_CBC_PAD
    # From the Soft token that we initialized get slot to generate symmetric key
    slot = nss.get_best_slot(mechanism)
    # Generate a symmetric key on the pk11 slot, The sym_key is of type PK11SymKey
    sym_key = slot.key_gen(mechanism, None,
                           slot.get_best_key_length(mechanism))

    # Generate Nonce
    iv_length = nss.get_iv_length(mechanism)

    if iv_length > 0:
        # Generate Nonce
        iv_data = nss.generate_random(iv_length)
        # Pass this random data to NSS SecItem
        iv_si = nss.SecItem(iv_data)
        # Use the Data passed to SecItem for initialization Vector
        iv_param = nss.param_from_iv(mechanism, iv_si)
        # Random data is converted to hex
        pki_nonce = nss.data_to_hex(data=iv_data, separator=":")
        #print "generated %d bytes initialization vector: %s" % (iv_length, pki_nonce)

        # Create a Symmetric key Context using the Symmetric key, nonce  The context should be
        # used for encrypt as well as decrypt
        encoding_ctx = nss.create_context_by_sym_key(mechanism,
                                                     nss.CKA_ENCRYPT, sym_key,
                                                     iv_param)
        decoding_ctx = nss.create_context_by_sym_key(mechanism,
                                                     nss.CKA_DECRYPT, sym_key,
                                                     iv_param)
    #return the symmetric key, nonce data, encoding context and decoding context to encrypt and
    # decrypt
    return sym_key, pki_nonce, encoding_ctx, decoding_ctx
Exemple #33
0
    def test_shutdown_callback(self):
        int_value = 43
        str_value = u"foobar"
        count = 0
        dict_value = {'count': count}

        def shutdown_callback(nss_data, i, s, d):
            self.assertEqual(isinstance(nss_data, dict), True)

            self.assertEqual(isinstance(i, int), True)
            self.assertEqual(i, int_value)

            self.assertEqual(isinstance(s, six.string_types), True)
            self.assertEqual(s, str_value)

            self.assertEqual(isinstance(d, dict), True)
            self.assertEqual(d, dict_value)
            d['count'] += 1
            return True

        nss.nss_init_nodb()
        nss.set_shutdown_callback(shutdown_callback, int_value, str_value, dict_value)
        nss.nss_shutdown()
        self.assertEqual(dict_value['count'], count + 1)

        # Callback should not be invoked again after shutdown
        nss.nss_init_nodb()
        nss.nss_shutdown()
        self.assertEqual(dict_value['count'], count + 1)

        # Callback should not be invoked if cleared
        nss.nss_init_nodb()
        nss.set_shutdown_callback(shutdown_callback, int_value, str_value, dict_value)
        nss.set_shutdown_callback(None)
        nss.nss_shutdown()
        self.assertEqual(dict_value['count'], count + 1)
Exemple #34
0
 def setUp(self):
     nss.nss_init_nodb()
     self.encoding_ctx, self.decoding_ctx = setup_contexts(mechanism, key, iv)
    def __init__(self, host, port=None, strict=None):
        httplib.HTTPConnection.__init__(self, host, port, strict)

        logging.debug('%s init %s', self.__class__.__name__, host)
        if not nss.nss_is_initialized(): nss.nss_init_nodb()
        self.sock = None
Exemple #36
0
 def setUp(self):
     nss.nss_init_nodb()
     self.csr_der = nss.SecItem(pem, ascii=True)
     self.csr = nss.CertificateRequest(self.csr_der)
 def setUp(self):
     nss.nss_init_nodb()
     self.csr_der = nss.SecItem(pem, ascii=True)
     self.csr = nss.CertificateRequest(self.csr_der)
Exemple #38
0
    def execute(self, argv):
        try:
            opts, _ = getopt.gnu_getopt(argv, 'i:v',
                                        ['instance=', 'verbose', 'help'])

        except getopt.GetoptError as e:
            print('ERROR: ' + str(e))
            self.usage()
            sys.exit(1)

        instance_name = 'pki-tomcat'

        for o, a in opts:
            if o in ('-i', '--instance'):
                instance_name = a

            elif o in ('-v', '--verbose'):
                self.set_verbose(True)

            elif o == '--help':
                self.usage()
                sys.exit()

            else:
                print('ERROR: unknown option ' + o)
                self.usage()
                sys.exit(1)

        nss.nss_init_nodb()

        instance = pki.server.PKIInstance(instance_name)
        if not instance.is_valid():
            print("ERROR: Invalid instance %s." % instance_name)
            sys.exit(1)
        instance.load()

        subsystem = instance.get_subsystem('ca')
        if not subsystem:
            print('ERROR: No CA subsystem in instance %s.' % instance_name)
            sys.exit(1)

        base_dn = subsystem.config['internaldb.basedn']
        conn = subsystem.open_database()

        try:
            repo_dn = 'ou=certificateRepository,ou=ca,%s' % base_dn
            if self.verbose:
                print(
                    'Searching certificates records with missing issuerName in %s'
                    % repo_dn)

            entries = conn.ldap.search_s(
                repo_dn, ldap.SCOPE_ONELEVEL,
                '(&(objectclass=certificaterecord)(|(!(issuername=*))(issuername=)))',
                None)

            for entry in entries:
                self.add_issuer_name(conn, entry)

        finally:
            conn.close()

        self.print_message('Upgrade complete')
Exemple #39
0
 def setUp(self):
     nss.nss_init_nodb()
     self.encoding_ctx, self.decoding_ctx = setup_contexts(
         mechanism, key, iv)
Exemple #40
0
 def setup(self):
     nss.nss_init_nodb()
     self.testdir = os.path.abspath(os.path.dirname(__file__))
     if not ipautil.file_exists(os.path.join(self.testdir,
                                             "test0.csr")):
         raise nose.SkipTest("Unable to find test update files")
Exemple #41
0
 def setUp(self):
     nss.nss_init_nodb()
Exemple #42
0
    return csr

def load_certificate_request(csr, datatype=PEM):
    """
    Given a base64-encoded certificate request, with or without the
    header/footer, return a request object.
    """
    if datatype == PEM:
        csr = strip_header(csr)
        csr = base64.b64decode(csr)

    # A fail-safe so we can always read a CSR. python-nss/NSS will segfault
    # otherwise
    if not nss.nss_is_initialized():
        nss.nss_init_nodb()

    return nss.CertificateRequest(csr)

if __name__ == '__main__':
    nss.nss_init_nodb()

    # Read PEM request from stdin and print out its components

    csrlines = sys.stdin.readlines()
    csr = ''.join(csrlines)

    print load_certificate_request(csr)
    print get_subject(csr)
    print get_subjectaltname(csr)
    print get_friendlyname(csr)
Exemple #43
0
 def main(cls, argv):
     nss.nss_init_nodb()
     try:
         super(OTPTokenImport, cls).main(argv)
     finally:
         nss.nss_shutdown()
Exemple #44
0
class _ExtKeyUsageSyntax(univ.SequenceOf):
    componentType = univ.ObjectIdentifier()


def encode_ext_key_usage(ext_key_usage):
    eku = _ExtKeyUsageSyntax()
    for i, oid in enumerate(ext_key_usage):
        eku[i] = univ.ObjectIdentifier(oid)
    eku = encoder.encode(eku)
    return _encode_extension('2.5.29.37', EKU_ANY not in ext_key_usage, eku)


if __name__ == '__main__':
    # this can be run with:
    # python ipalib/x509.py < /etc/ipa/ca.crt

    from ipalib import api
    api.bootstrap()
    api.finalize()

    nss.nss_init_nodb()

    # Read PEM certs from stdin and print out its components

    certlines = sys.stdin.readlines()
    cert = ''.join(certlines)

    nsscert = load_certificate(cert)

    print(nsscert)
Exemple #45
0
    def new_generate_random(self):

        nss.nss_init_nodb()
        rndnoise = hashlib.sha256(nss.generate_random(50)).hexdigest()
        return rndnoise
Exemple #46
0
 def setup(self):
     nss.nss_init_nodb()
     self.testdir = os.path.abspath(os.path.dirname(__file__))
     if not ipautil.file_exists(os.path.join(self.testdir, "test0.csr")):
         raise nose.SkipTest("Unable to find test update files")
 def main(cls, argv):
     nss.nss_init_nodb()
     try:
         super(OTPTokenImport, cls).main(argv)
     finally:
         nss.nss_shutdown()
Exemple #48
0
Fichier : db.py Projet : tiran/pki
    def execute(self, argv):
        try:
            opts, _ = getopt.gnu_getopt(
                argv, 'i:v', ['instance=', 'verbose', 'help'])

        except getopt.GetoptError as e:
            print('ERROR: ' + str(e))
            self.usage()
            sys.exit(1)

        instance_name = 'pki-tomcat'

        for o, a in opts:
            if o in ('-i', '--instance'):
                instance_name = a

            elif o in ('-v', '--verbose'):
                self.set_verbose(True)

            elif o == '--help':
                self.usage()
                sys.exit()

            else:
                print('ERROR: unknown option ' + o)
                self.usage()
                sys.exit(1)

        nss.nss_init_nodb()

        instance = pki.server.PKIInstance(instance_name)
        if not instance.is_valid():
            print("ERROR: Invalid instance %s." % instance_name)
            sys.exit(1)
        instance.load()

        subsystem = instance.get_subsystem('ca')
        if not subsystem:
            print('ERROR: No CA subsystem in instance %s.' % instance_name)
            sys.exit(1)

        base_dn = subsystem.config['internaldb.basedn']
        conn = subsystem.open_database()

        try:
            repo_dn = 'ou=certificateRepository,ou=ca,%s' % base_dn
            if self.verbose:
                print('Searching certificates records with missing issuerName in %s' % repo_dn)

            entries = conn.ldap.search_s(
                repo_dn,
                ldap.SCOPE_ONELEVEL,
                '(&(objectclass=certificaterecord)(|(!(issuername=*))(issuername=)))',
                None)

            for entry in entries:
                self.add_issuer_name(conn, entry)

        finally:
            conn.close()

        self.print_message('Upgrade complete')
 def setUp(self):
     nss.nss_init_nodb()