def getCertificate(self, sodObj):
"""
Retrieve de DocumentSigner certificate out of the SOD.
@return: A PEM representation of the certificate or None if not present.
@raise PassiveAuthenticationException: I{sodObj must be a sod object}: the sodObj parameter must be a sod object.
@raise PassiveAuthenticationException: I{sodObj object is not initialized}: the sodObj parameter is a sod object, but is not initialized.
@raise openSSLException: See the openssl documentation
"""
if type(sodObj) != type(datagroup.SOD(None)):
raise PassiveAuthenticationException("sodObj must be a sod object")
if sodObj.body is None:
raise PassiveAuthenticationException(
"sodObj object is not initialized")
return self._openSSL.retrievePkcs7Certificate(sodObj.body)
def verifySODandCDS(self, sodObj, CSCADirectory):
"""
Execute the first part of the Passive Authentication protocol.
- Read the document signer from the Document Security Object
- Verify SOD by using Document Signer Public Key (KPuDS).
- Verify CDS by using the Country Signing CA Public Key (KPuCSCA).
- Read the relevant Data Groups from the LDS.
The I{toHash} method of the CSCADirectory object must be called before the passive authentication.
Once the hashing processing is done, the I{toHash} method does not need to be called again.
@param sodObj: An initialized security data object
@type sodObj: A sod object
@param CSCADirectory: The object representing the CSCA directory.
@type CSCADirectory: A CAManager object
@return: True if the DS Certificate is valided
@raise PassiveAuthenticationException: I{sodObj must be a sod object}: the sodObj parameter must be a sod object.
@raise PassiveAuthenticationException: I{sodObj object is not initialized}: the sodObj parameter is a sod object, but is not initialized.
@raise PassiveAuthenticationException: I{CSCADirectory is not set}
@raise openSSLException: See the openssl documentation
"""
if CSCADirectory == None:
raise PassiveAuthenticationException("CSCADirectory is not set")
if type(sodObj) != type(datagroup.SOD(None)):
raise PassiveAuthenticationException("sodObj must be a sod object")
if type(CSCADirectory) != type(CAManager("")):
raise PassiveAuthenticationException(
"CSCADirectory must be a CAManager object")
CDS = self.getCertificate(sodObj)
if CDS == None:
#No certificate
raise PassiveAuthenticationException(
"The certificate could not be retrieved")
self._data = self.getSODContent(sodObj)
self._content = self._readDGfromLDS(self._data)
return self.verifyDSC(CDS, CSCADirectory.dir)
def getSODContent(self, sodObj):
"""
Verify SOD by using Document Signer Public Key (KPuDS))
@param sodObj: A filled SOD object
@type sodObj: A sod object
@return: The data (a binary string) if the verification is ok, else an PassiveAuthentication is raised.
@raise PassiveAuthenticationException: I{sodObj must be a sod object}: the sodObj parameter must be a sod object.
@raise PassiveAuthenticationException: I{sodObj object is not initialized}: the sodObj parameter is a sod object, but is not initialized.
@raise openSSLException: See the openssl documentation
"""
self.log("Verify SOD by using Document Signer Public Key (KPuDS))")
if type(sodObj) != type(datagroup.SOD(None)):
raise PassiveAuthenticationException("sodObj must be a sod object")
if sodObj.body == None:
raise PassiveAuthenticationException(
"sodObj object is not initialized")
return self._openSSL.getPkcs7SignatureContent(sodObj.body)