def run(self, args): if args.file or '/' in args.host or '\\' in args.host: cat = self.client.remote('pupyutils.basic_cmds', 'cat', False) cert = cat(args.host, None, None, None) else: get_server_certificate = self.client.remote( 'ssl', 'get_server_certificate') cert = get_server_certificate((args.host, args.port)) if not args.raw: parsed = None try: parsed = load_cert_string(cert).as_text() except (X509Error, TypeError): try: parsed = load_cert_string(cert, 0).as_text() except X509Error: pass cert = parsed if cert: self.log(cert) else: self.error('Invalid certificate format')
def active_cert(key): cert_str = pem_format(key) certificate = load_cert_string(cert_str) not_before = to_time(str(certificate.get_not_before())) not_after = to_time(str(certificate.get_not_after())) try: assert not_before < utc_now() assert not_after > utc_now() return True except AssertionError: return False
def verify_signatures(self): if self._has_signature : keyInfo = data = cert = None keyInfo = self.signatureEntry.firstChild.getElementsByTagName('KeyInfo') if keyInfo : data = keyInfo[0].getElementsByTagName('X509Data') if data : cert = data[0].getElementsByTagName('X509Certificate') if cert : from M2Crypto.X509 import load_cert_string x509_cert = load_cert_string(cert[0].nodeValue) print "X509 Certificate Created: {0}".format(x509_cert) if x509_cert : result = x509_cert.verify(pkey=None) print "X509 Certificate Verified: {0}".format(result) if result : return True return False
def active_cert(key): """ Verifies that a key is active that is present time is after not_before and before not_after. :param key: The Key :return: True if the key is active else False """ cert_str = pem_format(key) certificate = load_cert_string(cert_str) try: not_before = to_time(str(certificate.get_not_before())) not_after = to_time(str(certificate.get_not_after())) assert not_before < utc_now() assert not_after > utc_now() return True except AssertionError: return False except AttributeError: return False
def _verify(self, cert, content, nonce, signature): decodeSign = base64.b64decode(signature) c = load_cert_string(cert) log.debug("Successfully loaded cert") k = c.get_pubkey() k.verify_init() data = content+nonce k.verify_update(data) log.debug("Finished verify update") result = k.verify_final(decodeSign) log.debug("Finished verify final, result = %d" % result) return result
def dobase64Str(): f = open('signature.txt') b64 = f.read() signature = base64.b64decode(b64) cf = open('new_cert.x509') certString = cf.read() c = load_cert_string(certString) k = c.get_pubkey() k.verify_init() data = 'Jesus is Lord' k.verify_update(data) result = k.verify_final(signature) print 'verification result: ', result
class FStat(PupyModule): '''Show a bit more info about file path. ACLs/Caps/Owner for now''' dependencies = { 'all': ['pupyutils.basic_cmds', 'fsutils', 'fsutils_ext'], 'windows': ['junctions', 'ntfs_streams', 'pupwinutils.security'], 'linux': ['xattr', 'posix1e', 'prctl', '_prctl'] } @classmethod def init_argparse(cls): cls.arg_parser = PupyArgumentParser(prog='stat', description=cls.__doc__) cls.arg_parser.add_argument( '-v', '--verbose', action='store_true', default=False, help='Print more information (certificates for example)') cls.arg_parser.add_argument('path', type=str, nargs=REMAINDER, help='path of a specific file', completer=remote_path_completer) def run(self, args): getfilesec = self.client.remote('fsutils_ext', 'getfilesec') path = ' '.join(args.path) try: sec = getfilesec(path) except Exception, e: self.error(' '.join(x for x in e.args if type(x) in (str, unicode))) return ctime, atime, mtime, size, owner, group, header, mode, extra = sec owner_id, owner_name, owner_domain = owner group_id, group_name, group_domain = group default = { 'Created': file_timestamp(ctime, time=True), 'Accessed': file_timestamp(atime, time=True), 'Modified': file_timestamp(mtime, time=True), 'Size': '{} ({})'.format(size_human_readable(size), size), 'Owner': '{}{} ({})'.format(owner_domain + '\\' if owner_domain else '', owner_name, owner_id), 'Group': '{}{} ({})'.format(group_domain + '\\' if group_domain else '', group_name, group_id), 'Mode': mode, } infos = [] infos.append( Table([{ 'Property': p, 'Value': default[p] } for p in ('Created', 'Accessed', 'Modified', 'Size', 'Owner', 'Group', 'Mode')], ['Property', 'Value'], legend=False)) oneliners = [] certificates = None for extra, values in extra.iteritems(): if extra == 'Certificates': certificates = [ load_cert_string(cert, FORMAT_DER).as_text() for cert in values ] elif isinstance(values, dict): records = [{ 'KEY': k.decode('utf-8'), 'VALUE': v.decode('utf-8') if isinstance(v, str) else str(v) } for k, v in values.iteritems()] infos.append(Table(records, ['KEY', 'VALUE'], caption=extra)) elif isinstance(values, (list, tuple)): if all( isinstance(value, (list, tuple)) and len(value) == 2 for value in values): infos.append( List('{}: {}'.format(key, value) for key, value in values)) else: infos.append(List(values, caption=extra)) elif isinstance(values, int): oneliners.append('{}: {}'.format(extra, values)) elif '\n' in values: infos.append(Line(extra + ':', values)) else: oneliners.append(extra + ': ' + values) if args.verbose: magic = '' if header: with Magic() as libmagic: magic = libmagic.id_buffer(header) if magic: oneliners.append('Magic: {}'.format(magic)) if certificates: infos.extend(certificates) if oneliners: infos.append(List(oneliners, caption='Other')) self.log(MultiPart(infos))