def run(self, args):
if args.file or '/' in args.host or '\\' in args.host:
cat = self.client.remote('pupyutils.basic_cmds', 'cat', False)
cert = cat(args.host, None, None, None)
else:
get_server_certificate = self.client.remote(
'ssl', 'get_server_certificate')
cert = get_server_certificate((args.host, args.port))
if not args.raw:
parsed = None
try:
parsed = load_cert_string(cert).as_text()
except (X509Error, TypeError):
try:
parsed = load_cert_string(cert, 0).as_text()
except X509Error:
pass
cert = parsed
if cert:
self.log(cert)
else:
self.error('Invalid certificate format')
def active_cert(key):
cert_str = pem_format(key)
certificate = load_cert_string(cert_str)
not_before = to_time(str(certificate.get_not_before()))
not_after = to_time(str(certificate.get_not_after()))
try:
assert not_before < utc_now()
assert not_after > utc_now()
return True
except AssertionError:
return False
def active_cert(key):
cert_str = pem_format(key)
certificate = load_cert_string(cert_str)
not_before = to_time(str(certificate.get_not_before()))
not_after = to_time(str(certificate.get_not_after()))
try:
assert not_before < utc_now()
assert not_after > utc_now()
return True
except AssertionError:
return False
def verify_signatures(self):
if self._has_signature :
keyInfo = data = cert = None
keyInfo = self.signatureEntry.firstChild.getElementsByTagName('KeyInfo')
if keyInfo :
data = keyInfo[0].getElementsByTagName('X509Data')
if data :
cert = data[0].getElementsByTagName('X509Certificate')
if cert :
from M2Crypto.X509 import load_cert_string
x509_cert = load_cert_string(cert[0].nodeValue)
print "X509 Certificate Created: {0}".format(x509_cert)
if x509_cert :
result = x509_cert.verify(pkey=None)
print "X509 Certificate Verified: {0}".format(result)
if result :
return True
return False
def active_cert(key):
"""
Verifies that a key is active that is present time is after not_before
and before not_after.
:param key: The Key
:return: True if the key is active else False
"""
cert_str = pem_format(key)
certificate = load_cert_string(cert_str)
try:
not_before = to_time(str(certificate.get_not_before()))
not_after = to_time(str(certificate.get_not_after()))
assert not_before < utc_now()
assert not_after > utc_now()
return True
except AssertionError:
return False
except AttributeError:
return False
def _verify(self, cert, content, nonce, signature):
decodeSign = base64.b64decode(signature)
c = load_cert_string(cert)
log.debug("Successfully loaded cert")
k = c.get_pubkey()
k.verify_init()
data = content+nonce
k.verify_update(data)
log.debug("Finished verify update")
result = k.verify_final(decodeSign)
log.debug("Finished verify final, result = %d" % result)
return result
def dobase64Str():
f = open('signature.txt')
b64 = f.read()
signature = base64.b64decode(b64)
cf = open('new_cert.x509')
certString = cf.read()
c = load_cert_string(certString)
k = c.get_pubkey()
k.verify_init()
data = 'Jesus is Lord'
k.verify_update(data)
result = k.verify_final(signature)
print 'verification result: ', result
class FStat(PupyModule):
'''Show a bit more info about file path. ACLs/Caps/Owner for now'''
dependencies = {
'all': ['pupyutils.basic_cmds', 'fsutils', 'fsutils_ext'],
'windows': ['junctions', 'ntfs_streams', 'pupwinutils.security'],
'linux': ['xattr', 'posix1e', 'prctl', '_prctl']
}
@classmethod
def init_argparse(cls):
cls.arg_parser = PupyArgumentParser(prog='stat',
description=cls.__doc__)
cls.arg_parser.add_argument(
'-v',
'--verbose',
action='store_true',
default=False,
help='Print more information (certificates for example)')
cls.arg_parser.add_argument('path',
type=str,
nargs=REMAINDER,
help='path of a specific file',
completer=remote_path_completer)
def run(self, args):
getfilesec = self.client.remote('fsutils_ext', 'getfilesec')
path = ' '.join(args.path)
try:
sec = getfilesec(path)
except Exception, e:
self.error(' '.join(x for x in e.args
if type(x) in (str, unicode)))
return
ctime, atime, mtime, size, owner, group, header, mode, extra = sec
owner_id, owner_name, owner_domain = owner
group_id, group_name, group_domain = group
default = {
'Created':
file_timestamp(ctime, time=True),
'Accessed':
file_timestamp(atime, time=True),
'Modified':
file_timestamp(mtime, time=True),
'Size':
'{} ({})'.format(size_human_readable(size), size),
'Owner':
'{}{} ({})'.format(owner_domain + '\\' if owner_domain else '',
owner_name, owner_id),
'Group':
'{}{} ({})'.format(group_domain + '\\' if group_domain else '',
group_name, group_id),
'Mode':
mode,
}
infos = []
infos.append(
Table([{
'Property': p,
'Value': default[p]
} for p in ('Created', 'Accessed', 'Modified', 'Size', 'Owner',
'Group', 'Mode')], ['Property', 'Value'],
legend=False))
oneliners = []
certificates = None
for extra, values in extra.iteritems():
if extra == 'Certificates':
certificates = [
load_cert_string(cert, FORMAT_DER).as_text()
for cert in values
]
elif isinstance(values, dict):
records = [{
'KEY':
k.decode('utf-8'),
'VALUE':
v.decode('utf-8') if isinstance(v, str) else str(v)
} for k, v in values.iteritems()]
infos.append(Table(records, ['KEY', 'VALUE'], caption=extra))
elif isinstance(values, (list, tuple)):
if all(
isinstance(value, (list, tuple)) and len(value) == 2
for value in values):
infos.append(
List('{}: {}'.format(key, value)
for key, value in values))
else:
infos.append(List(values, caption=extra))
elif isinstance(values, int):
oneliners.append('{}: {}'.format(extra, values))
elif '\n' in values:
infos.append(Line(extra + ':', values))
else:
oneliners.append(extra + ': ' + values)
if args.verbose:
magic = ''
if header:
with Magic() as libmagic:
magic = libmagic.id_buffer(header)
if magic:
oneliners.append('Magic: {}'.format(magic))
if certificates:
infos.extend(certificates)
if oneliners:
infos.append(List(oneliners, caption='Other'))
self.log(MultiPart(infos))
