def local_oscrypto(): """ Make sure oscrypto is initialized and the backend is selected via env vars :return: A 2-element tuple with the (asn1crypto, oscrypto) modules """ global _asn1crypto_module global _oscrypto_module if _oscrypto_module: return (_asn1crypto_module, _oscrypto_module) tests_dir = os.path.dirname(os.path.abspath(__file__)) # If we are in a source checkout, load the local oscrypto module, and # local asn1crypto module if possible. Otherwise do a normal import. in_source_checkout = os.path.basename(tests_dir) == 'tests' if in_source_checkout: _asn1crypto_module = _import_from( 'asn1crypto', os.path.abspath(os.path.join(tests_dir, '..', '..', 'asn1crypto'))) if _asn1crypto_module is None: import asn1crypto as _asn1crypto_module if in_source_checkout: _oscrypto_module = _import_from( 'oscrypto', os.path.abspath(os.path.join(tests_dir, '..'))) if _oscrypto_module is None: import oscrypto as _oscrypto_module if os.environ.get('OSCRYPTO_USE_CTYPES'): _oscrypto_module.use_ctypes() # Configuring via env vars so CI for other packages doesn't need to do # anything complicated to get the alternate backends if os.environ.get('OSCRYPTO_USE_OPENSSL'): paths = os.environ.get('OSCRYPTO_USE_OPENSSL').split(',') if len(paths) != 2: raise ValueError( 'Value for OSCRYPTO_USE_OPENSSL env var must be two paths separated by a comma' ) _oscrypto_module.use_openssl(*paths) elif os.environ.get('OSCRYPTO_USE_WINLEGACY'): _oscrypto_module.use_winlegacy() return (_asn1crypto_module, _oscrypto_module)
from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives import hashes, serialization from cryptography.hazmat.primitives.asymmetric import padding, utils from snowflake.connector.errorcode import ER_INVALID_OCSP_RESPONSE, ER_INVALID_OCSP_RESPONSE_CODE from snowflake.connector.errors import RevocationCheckError from snowflake.connector.ocsp_snowflake import SnowflakeOCSP from snowflake.connector.ssd_internal_keys import ret_wildcard_hkey with warnings.catch_warnings(): warnings.simplefilter("ignore") # force versioned dylibs onto oscrypto ssl on catalina if sys.platform == 'darwin' and platform.mac_ver()[0].startswith('10.15'): from oscrypto import use_openssl, _module_values if _module_values['backend'] is None: use_openssl(libcrypto_path='/usr/lib/libcrypto.35.dylib', libssl_path='/usr/lib/libssl.35.dylib') from oscrypto import asymmetric logger = getLogger(__name__) class SnowflakeOCSPAsn1Crypto(SnowflakeOCSP): """OCSP checks by asn1crypto.""" # map signature algorithm name to digest class SIGNATURE_ALGORITHM_TO_DIGEST_CLASS = { 'sha256': SHA256, 'sha384': SHA384, 'sha512': SHA512, }
import pytest import os from oscrypto import use_openssl libcrypto_path = os.path.abspath( "C:\\Program Files (x86)\\OpenSSL-Win32\\libcrypto-1_1.dll") libssl_path = os.path.abspath( "C:\\Program Files (x86)\\OpenSSL-Win32\\libssl-1_1.dll") use_openssl(libcrypto_path, libssl_path) from oscrypto.asymmetric import ecdsa_verify, load_public_key from oscrypto.errors import SignatureError from asn1crypto import keys, core from optigatrust import objects from optigatrust import crypto tbs_str = b'Test String to Sign' tbs_str_fail = b'FAILED Test String to Sign' @pytest.mark.parametrize("oid, curve, max_sign_size, hashname", [(0xe0f1, 'secp256r1', 72, 'sha256'), (0xe0f1, 'secp384r1', 104, 'sha384'), (0xe0f1, 'secp521r1', 141, 'sha512'), (0xe0f1, 'brainpoolp256r1', 72, 'sha256'), (0xe0f1, 'brainpoolp384r1', 104, 'sha384'), (0xe0f1, 'brainpoolp512r1', 137, 'sha512'), (0xe0f2, 'secp256r1', 72, 'sha256'), (0xe0f2, 'secp384r1', 104, 'sha384'), (0xe0f2, 'secp521r1', 141, 'sha512'), (0xe0f2, 'brainpoolp256r1', 72, 'sha256'),
import datetime import secrets import platform from unicrypto import hashlib from asn1crypto import cms from asn1crypto import algos from asn1crypto import core from asn1crypto import x509 from asn1crypto import keys import oscrypto if platform.system().lower() == 'emscripten': # these imports are pyodide-specific import ssl oscrypto.use_openssl('/lib/python3.9/site-packages/libcrypto.so', '/lib/python3.9/site-packages/libssl.so') from oscrypto.keys import parse_pkcs12 from oscrypto.asymmetric import rsa_pkcs1v15_sign, load_private_key from minikerberos.protocol.constants import NAME_TYPE, MESSAGE_TYPE, PaDataType from minikerberos.protocol.encryption import Enctype, _checksum_table, _enctype_table, Key from minikerberos.protocol.structures import AuthenticatorChecksum from minikerberos.protocol.asn1_structs import KDC_REQ_BODY, PrincipalName, HostAddress, \ KDCOptions, EncASRepPart, AP_REQ, AuthorizationData, Checksum, krb5_pvno, Realm, \ EncryptionKey, Authenticator, Ticket, APOptions, EncryptedData, AS_REQ, AP_REP from minikerberos.protocol.rfc4556 import PKAuthenticator, AuthPack, Dunno1, Dunno2, MetaData, Info, CertIssuer, CertIssuers, PA_PK_AS_REP, KDCDHKeyInfo from minikerberos.protocol.rfc_iakerb import KRB_FINISHED from minikerberos.protocol.mskile import LSAP_TOKEN_INFO_INTEGRITY, KERB_AD_RESTRICTION_ENTRY, KERB_AD_RESTRICTION_ENTRYS from minikerberos.gssapi.gssapi import GSSAPIFlags
ER_OCSP_RESPONSE_LOAD_FAILURE, ER_OCSP_RESPONSE_STATUS_UNSUCCESSFUL, ) from snowflake.connector.errors import RevocationCheckError from snowflake.connector.ocsp_snowflake import SnowflakeOCSP from snowflake.connector.ssd_internal_keys import ret_wildcard_hkey with warnings.catch_warnings(): warnings.simplefilter("ignore") # force versioned dylibs onto oscrypto ssl on catalina if sys.platform == "darwin" and platform.mac_ver()[0].startswith("10.15"): from oscrypto import _module_values, use_openssl if _module_values["backend"] is None: use_openssl( libcrypto_path="/usr/lib/libcrypto.35.dylib", libssl_path="/usr/lib/libssl.35.dylib", ) from oscrypto import asymmetric logger = getLogger(__name__) class SnowflakeOCSPAsn1Crypto(SnowflakeOCSP): """OCSP checks by asn1crypto.""" # map signature algorithm name to digest class SIGNATURE_ALGORITHM_TO_DIGEST_CLASS = { "sha256": SHA256, "sha384": SHA384, "sha512": SHA512, }