Esempio n. 1
0
def _map_log_id_to_verifier(log_list):
    """Returns a map from log id to verifier object from the log_list."""
    log_id_to_verifier = {}
    for log_key in log_list.values():
        key_id = hashlib.sha256(log_key).digest()
        key_info = client_pb2.KeyInfo()
        key_info.type = client_pb2.KeyInfo.ECDSA
        key_info.pem_key = pem.to_pem(log_key, 'PUBLIC KEY')
        log_id_to_verifier[key_id] = verify.LogVerifier(key_info)
    return log_id_to_verifier
Esempio n. 2
0
def _map_log_id_to_verifier(log_list):
    """Returns a map from log id to verifier object from the log_list."""
    log_id_to_verifier = {}
    for log_key in log_list.values():
        key_id = hashlib.sha256(log_key).digest()
        key_info = client_pb2.KeyInfo()
        key_info.type = client_pb2.KeyInfo.ECDSA
        key_info.pem_key = pem.to_pem(log_key, 'PUBLIC KEY')
        log_id_to_verifier[key_id] = verify.LogVerifier(key_info)
    return log_id_to_verifier
Esempio n. 3
0
    def test_verify_sth_for_bad_asn1_signature(self):
        # www.google.com certificate for which a bad SCT was issued.
        google_cert = (
            '-----BEGIN CERTIFICATE-----',
            'MIIEgDCCA2igAwIBAgIIdJ7+eILLLSgwDQYJKoZIhvcNAQELBQAwSTELMAkGA1UE',
            'BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl',
            'cm5ldCBBdXRob3JpdHkgRzIwHhcNMTUxMDA3MTExMDM4WhcNMTYwMTA1MDAwMDAw',
            'WjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN',
            'TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEXMBUGA1UEAwwOd3d3',
            'Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCR6Knj',
            'TG6eyvY6C1VO7daC0AbWe3cenr9y9lVFQH2ej5r87znUvep4pC/bmG71aTd25wds',
            'ScpclWNR4lkR9Ph45j8K+SjMXU7syiqFiWPWgVzyi4N3bXZw4w83RoTzfyUTn4Kx',
            '9nsQLmjVS4wUMSEpWBmYfORwUwMF8BYp5qSkIUogZTADPY7Qr8tmwEq8jLHv9z62',
            'SiYd9JEcGdhnajgXg/+/f+iIb1jhkbjsTjFJBHClgrtRqLZHSU1THZCK6iULTd1B',
            '4yBNvXcHDaSBTPUSvZvZXo/msKfOqd0fHtny1icgl5CSU0tZrZPteomMnLMGdLlN',
            'KHyqIX7XsAd3pNoXAgMBAAGjggFLMIIBRzAdBgNVHSUEFjAUBggrBgEFBQcDAQYI',
            'KwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdvb2dsZS5jb20waAYIKwYBBQUHAQEE',
            'XDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3J0',
            'MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50czEuZ29vZ2xlLmNvbS9vY3NwMB0G',
            'A1UdDgQWBBSUPOkxr+tGC3JYs2JIdXVB2R+f8zAMBgNVHRMBAf8EAjAAMB8GA1Ud',
            'IwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEvMCEGA1UdIAQaMBgwDAYKKwYBBAHW',
            'eQIFATAIBgZngQwBAgIwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3BraS5nb29n',
            'bGUuY29tL0dJQUcyLmNybDANBgkqhkiG9w0BAQsFAAOCAQEAfBoIl5qeaJ7NZ6hB',
            'WqeBZwbDV/DOHCPg3/84n8YGlfYdfXQpQdOWC5hfgEkkinBT0yp8dDTdXMUIT9Al',
            'ZMrxE54xJ1cU6FPuZPDWOnzV+6YEW6P9RnTbqKgYCNkHFiFwVvFRm5RTEGei5TLv',
            'l0zFDBusT/mgyvYBMIfW3vVPteEKKEz+aRCZHRiLAHbmJHj2+blVJeHGSF+eKN5q',
            'GWgk7/pMww4JAXsLQ0mmL8qdJKivuiNcyyhbr8IeERiVcItKqfBsX1nwyUnYFWY3',
            'HPkV+sXAPnpTGuxgYvTjcYDf8UO9lgDX5QubEFjjTuTIYAAabmc6Z4UKOS0O46Ne',
            'z28m7Q==',
            '-----END CERTIFICATE-----')
        # The SCT with the bad signature.
        sct_bytes = (
            '00ddeb1d2b7a0d4fa6208b81ad8168707e2e8e9d01d55c888d3d11c4cdb6ecbecc'
            '00000150421dfbb6000004030047304502200035de73784699d2ad8c3631aeda77'
            'f70b2c899492b16f051fd6d38d46afc892022100a4d1b58c63002e5d0862a9f623'
            'f67c8ccf5fc934bd28133fbc8f240aae4cab38'
        ).decode('hex')

        symantec_sct = client_pb2.SignedCertificateTimestamp()
        tls_message.decode(sct_bytes, symantec_sct)
        key_info = client_pb2.KeyInfo()
        key_info.type = client_pb2.KeyInfo.ECDSA
        key_info.pem_key = pem.to_pem(
            base64.decodestring(SYMANTEC_B64_KEY),
            'PUBLIC KEY')
        verifier = verify.LogVerifier(key_info)
        self.assertRaises(
            error.SignatureError,
            verifier.verify_sct,
            symantec_sct,
            [cert.Certificate.from_pem("\n".join(google_cert)),])
Esempio n. 4
0
def create_key_info_from_raw_key(log_key):
    """Creates a KeyInfo from the given raw (DER-encoded) key.

    Detects the key type (ECDSA or RSA), returning a client_pb2.KeyInfo
    instance that can be used to construct a LogVerifier.

    Args:
        log_key: A DER-encoded key.

    Returns:
        A client_pb2.KeyInfo instance with all fields correctly filled.
    """
    key_info = client_pb2.KeyInfo()
    decoded_key = x509_common.SubjectPublicKeyInfo.decode(log_key)
    key_algorithm_oid = decoded_key['algorithm']['algorithm']
    if key_algorithm_oid == oid.RSA_ENCRYPTION:
        key_info.type = client_pb2.KeyInfo.RSA
    elif key_algorithm_oid == oid.ID_EC_PUBLICKEY:
        key_info.type = client_pb2.KeyInfo.ECDSA
    else:
        raise error.UnsupportedAlgorithmError('Unknown key type: %s' %
                                              key_algorithm_oid)
    key_info.pem_key = pem.to_pem(log_key, 'PUBLIC KEY')
    return key_info
Esempio n. 5
0
def create_key_info_from_raw_key(log_key):
    """Creates a KeyInfo from the given raw (DER-encoded) key.

    Detects the key type (ECDSA or RSA), returning a client_pb2.KeyInfo
    instance that can be used to construct a LogVerifier.

    Args:
        log_key: A DER-encoded key.

    Returns:
        A client_pb2.KeyInfo instance with all fields correctly filled.
    """
    key_info = client_pb2.KeyInfo()
    decoded_key = x509_common.SubjectPublicKeyInfo.decode(log_key)
    key_algorithm_oid = decoded_key['algorithm']['algorithm']
    if key_algorithm_oid == oid.RSA_ENCRYPTION:
        key_info.type = client_pb2.KeyInfo.RSA
    elif key_algorithm_oid == oid.ID_EC_PUBLICKEY:
        key_info.type = client_pb2.KeyInfo.ECDSA
    else:
        raise error.UnsupportedAlgorithmError(
                'Unknown key type: %s' % key_algorithm_oid)
    key_info.pem_key = pem.to_pem(log_key, 'PUBLIC KEY')
    return key_info
Esempio n. 6
0
 def to_pem(self):
   return pem.to_pem(self._asn1_cert.encode(), self.PEM_MARKERS[0])
Esempio n. 7
0
 def __repr__(self):
     return "%s(public key: %r)" % (self.__class__.__name__,
                                    pem.to_pem(self.__der,
                                               self.__WRITE_MARKER))
Esempio n. 8
0
 def __str__(self):
     return "%s(public key: %s)" % (self.__class__.__name__,
                                    pem.to_pem(self.__der,
                                               self.__ECDSA_WRITE_MARKER))
Esempio n. 9
0
 def __str__(self):
     return "%s(public key: %s)" % (self.__class__.__name__, pem.to_pem(self.__der, self.__ECDSA_WRITE_MARKER))
Esempio n. 10
0
def pem_cert_chain_for_cert(c, cert_chain_der):
    output_pem = c.to_pem() + '\n'
    for chained_cert_der in cert_chain_der:
        output_pem += pem.to_pem(chained_cert_der, "CERTIFICATE") + '\n'
    return output_pem
Esempio n. 11
0
 def __repr__(self):
     return "%s(public key: %r)" % (self.__class__.__name__,
                                    pem.to_pem(self.__der,
                                               self.__WRITE_MARKER))
Esempio n. 12
0
 def test_to_pem(self):
     self.assertEqual(self.PEM_BLOB,
                      pem.to_pem(self.BLOB, self.MARKER))
Esempio n. 13
0
 def test_to_pem(self):
     self.assertEqual(self.PEM_BLOB, pem.to_pem(self.BLOB, self.MARKER))
Esempio n. 14
0
 def to_pem(self):
   return pem.to_pem(self._asn1_cert.encode(), self.PEM_MARKERS[0])
Esempio n. 15
0
 def to_pem(self):
     """Get the PEM-encoding of the certificate."""
     return pem.to_pem(self._asn1_cert.encode(), self.PEM_MARKERS[0])
Esempio n. 16
0
 def to_pem(self):
     """Get the PEM-encoding of the certificate."""
     return pem.to_pem(self._asn1_cert.encode(), self.PEM_MARKERS[0])