Esempi in Python per Certificate

Esempio n. 1

File: context.py Progetto: okrt/signify

    def _load(self):
        if self._loaded:
            return
        self._loaded = True

        if self.location.is_dir():
            for file in self.location.glob("*"):
                with open(str(file), "rb") as f:
                    self.extend(Certificate.from_pems(f.read()))
        else:
            with open(str(self.location), "rb") as f:
                self.extend(Certificate.from_pems(f.read()))

Esempio n. 2

File: context.py Progetto: wtfuzz/signify

    def _load(self):
        if self._loaded:
            return
        self._loaded = True

        for file in self.location.glob("*"):
            with open(str(file), "rb") as f:
                self.append(Certificate.from_pem(f.read()))

Esempio n. 3

File: test_asn1.py Progetto: Elricos/signify

    def test_to_string_with_commas(self):
        with open(
                str(CERTIFICATE_LOCATION /
                    "Verisign Time Stamping Service Root.pem"), "rb") as f:
            certificate = Certificate.from_pem(f.read())

        self.assertEqual(
            certificate.issuer.dn,
            r"OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc., OU=VeriSign Time Stamping Service Root, "
            r"OU=VeriSign\, Inc., O=VeriSign Trust Network")

Esempio n. 4

File: test_asn1.py Progetto: Elricos/signify

    def test_to_string(self):
        with open(
                str(CERTIFICATE_LOCATION /
                    "Microsoft Root Certificate Authority 2010.pem"),
                "rb") as f:
            certificate = Certificate.from_pem(f.read())

        self.assertEqual(
            certificate.issuer.dn,
            "CN=Microsoft Root Certificate Authority 2010, O=Microsoft Corporation, "
            "L=Redmond, ST=Washington, C=US")

Esempio n. 5

File: signeddata.py Progetto: okrt/signify

    def _parse(self):
        # digestAlgorithms
        if len(self.data['digestAlgorithms']) != 1:
            raise ParseError(
                "SignedData.digestAlgorithms must contain exactly 1 algorithm, not %d"
                % len(self.data['digestAlgorithms']))
        self.digest_algorithm = _get_digest_algorithm(
            self.data['digestAlgorithms'][0], "SignedData.digestAlgorithm")

        # contentType
        if isinstance(self.data, rfc2315.SignedData):
            self.content_type = asn1.oids.get(
                self.data['contentInfo']['contentType'])
            content = self.data['contentInfo']['content']
        elif isinstance(self.data, rfc5652.SignedData):
            self.content_type = asn1.oids.get(
                self.data['encapContentInfo']['eContentType'])
            content = self.data['encapContentInfo']['eContent']
        else:
            raise ParseError("Unknown SignedData data type {}".format(
                _print_type(self.data)))

        if self.content_type is not self._expected_content_type:
            raise ParseError("SignedData.contentInfo does not contain %s" %
                             _print_type(self._expected_content_type))

        # Content
        self.content = guarded_ber_decode(
            content, asn1_spec=self._expected_content_type())

        # Certificates
        self.certificates = CertificateStore([
            Certificate(cert) for cert in self.data['certificates']
            if Certificate.is_certificate(cert)
        ])

        # SignerInfo
        if self._signerinfo_class is not None:
            self.signer_infos = [
                self._signerinfo_class(si) for si in self.data['signerInfos']
            ]

Esempio n. 6

File: test_asn1.py Progetto: Elricos/signify

    def test_get_components(self):
        with open(
                str(CERTIFICATE_LOCATION /
                    "Verisign Time Stamping Service Root.pem"), "rb") as f:
            certificate = Certificate.from_pem(f.read())

        result = list(certificate.issuer.get_components("OU"))
        self.assertEqual(result, [
            "NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.",
            "VeriSign Time Stamping Service Root", "VeriSign, Inc."
        ])
        self.assertEqual(list(certificate.issuer.get_components("CN")), [])

Esempio n. 7

File: test_asn1.py Progetto: Elricos/signify

    def test_get_components_none(self):
        with open(
                str(CERTIFICATE_LOCATION /
                    "Verisign Time Stamping Service Root.pem"), "rb") as f:
            certificate = Certificate.from_pem(f.read())

        result = certificate.issuer.rdns
        self.assertEqual(
            result, [('OU', 'NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.'),
                     ('OU', 'VeriSign Time Stamping Service Root'),
                     ('OU', 'VeriSign, Inc.'),
                     ('O', 'VeriSign Trust Network')])

Esempio n. 8

File: authenticode.py Progetto: Elricos/signify

    def _parse(self):
        # digestAlgorithms
        if len(self.data['digestAlgorithms']) != 1:
            raise AuthenticodeParseError(
                "RFC3161 SignedData.digestAlgorithms must contain exactly 1 algorithm, not "
                "%d" % len(self.data['digestAlgorithms']))
        self.digest_algorithm = _get_digest_algorithm(
            self.data['digestAlgorithms'][0], "SignedData.digestAlgorithm")

        # Get the tst_info
        self.content_type = asn1.oids.get(
            self.data['encapContentInfo']['eContentType'])
        if self.content_type is not rfc3161.TSTInfo:
            raise AuthenticodeParseError(
                "RFC3161 SignedData.contentInfo does not contain TSTInfo")

        self.tst_info = guarded_der_decode(
            self.data['encapContentInfo']['eContent'],
            asn1_spec=rfc3161.TSTInfo())

        if self.tst_info['version'] != 1:
            raise AuthenticodeParseError("TSTInfo.version must be 1, not %d" %
                                         self.data['version'])

        self.policy = self.tst_info['policy']  # TODO
        self.hash_algorithm = _get_digest_algorithm(
            self.tst_info['messageImprint']['hashAlgorithm'],
            location="TSTInfo.messageImprint.hashAlgorithm")
        self.message_digest = bytes(
            self.tst_info['messageImprint']['hashedMessage'])
        self.serial_number = self.tst_info['serialNumber']
        self.signing_time = self.tst_info['genTime'].asDateTime
        self.signing_time_accuracy = accuracy_to_python(
            self.tst_info['accuracy'])
        # TODO handle case where directoryName is not a rdnSequence
        self.signing_authority = CertificateName(
            self.tst_info['tsa']['directoryName']['rdnSequence'])

        # Certificates
        self.certificates = CertificateStore(
            [Certificate(cert) for cert in self.data['certificates']])

        # signerInfos
        if len(self.data['signerInfos']) != 1:
            raise AuthenticodeParseError(
                "RFC3161 SignedData.signerInfos must contain exactly 1 signer, not %d"
                % len(self.data['signerInfos']))

        self.signer_info = RFC3161SignerInfo(self.data['signerInfos'][0])

Esempio n. 9

    def _parse(self):
        # Parse the fields of the SignedData structure
        if self.data['version'] != 1:
            raise AuthenticodeParseError(
                "SignedData.version must be 1, not %d" % self.data['version'])

        # digestAlgorithms
        if len(self.data['digestAlgorithms']) != 1:
            raise AuthenticodeParseError(
                "SignedData.digestAlgorithms must contain exactly 1 algorithm, not %d"
                % len(self.data['digestAlgorithms']))
        self.digest_algorithm = _get_digest_algorithm(
            self.data['digestAlgorithms'][0], "SignedData.digestAlgorithm")

        # SpcIndirectDataContent
        self.content_type = asn1.oids.get(
            self.data['contentInfo']['contentType'])
        if self.content_type is not asn1.spc.SpcIndirectDataContent:
            raise AuthenticodeParseError(
                "SignedData.contentInfo does not contain SpcIndirectDataContent"
            )
        spc_info = guarded_ber_decode(
            self.data['contentInfo']['content'],
            asn1_spec=asn1.spc.SpcIndirectDataContent())
        self.spc_info = SpcInfo(spc_info)

        # Certificates
        self.certificates = CertificateStore(
            [Certificate(cert) for cert in self.data['certificates']])

        # signerInfos
        if len(self.data['signerInfos']) != 1:
            raise AuthenticodeParseError(
                "SignedData.signerInfos must contain exactly 1 signer, not %d"
                % len(self.data['signerInfos']))

        self.signer_info = AuthenticodeSignerInfo(self.data['signerInfos'][0])

        # CRLs
        if 'crls' in self.data and self.data['crls'].isValue:
            raise AuthenticodeParseError(
                "SignedData.crls is present, but that is unexpected.")

Esempio n. 10

    def test_revoked_certificate(self):
        root = FileSystemCertificateStore(root_dir / "certs" /
                                          'digicert-global-root-ca.pem',
                                          trusted=True)
        intermediate = FileSystemCertificateStore(
            root_dir / "certs" / 'digicert-sha2-secure-server-ca.pem')
        with open(str(root_dir / "certs" / 'revoked.badssl.com.pem'),
                  "rb") as f:
            cert = Certificate.from_pem(f.read())

        # check that when we do not verify the CRL it does not fail
        context = VerificationContext(root, intermediate)
        context.verify(cert)

        context = VerificationContext(root,
                                      intermediate,
                                      allow_fetching=True,
                                      revocation_mode='hard-fail')
        with self.assertRaises(VerificationError):
            context.verify(cert)