def validate_tcg_from_certs(self, ca_cert_der, attest_cert_der):
attest_cert_obj = Certificate(attest_cert_der)
ca_cert_obj = Certificate(ca_cert_der)
isValid = self._validate_attributes_with_tcg_rule(attest_cert_obj) and \
self._validate_tcg_raw(attest_cert_obj.tcg_min,
attest_cert_obj.tcg_max,
ca_cert_obj.tcg_min,
ca_cert_obj.tcg_max)
return isValid
def main():
lista = load_csv()
for cert in lista:
svg = load_svg(cert)
certificado = Certificate(svg)
certificado.save()
def create_multiple(logger, ctx, csv_file, config, force, key_size, san,
verbose, debug, **subject):
"""
Create multiple certificate using csv file
\f
:param logger:
:param ctx:
:param csv_file:
:param config:
:param force:
:param key_size:
:param san:
:param verbose:
:param debug:
:param subject:
:return:
"""
tools.set_options(ctx=ctx,
config=config,
san=san,
size=key_size,
subject=subject,
verbose=verbose,
debug=debug)
cert = Certificate(logger=logger, opts=tools.opts)
if 'subject' in tools.opts:
cert.load_subject()
if csv_file:
cert.generate_multiple(csv_file=csv_file, force=force)
else:
cert.generate_multiple(force=force)
def create(logger, ctx, name, config, force, key_size, san, verbose, debug,
**subject):
"""
Create a single CSR
\f
:param logger:
:param ctx:
:param name:
:param config:
:param force:
:param key_size:
:param san:
:param verbose:
:param debug:
:param subject:
:return:
"""
tools.set_options(ctx=ctx,
config=config,
san=san,
size=key_size,
subject=subject,
verbose=verbose,
debug=debug)
if name:
tools.set_options(name=str(name))
cert = Certificate(logger=logger, opts=tools.opts)
if 'subject' in tools.opts:
cert.load_subject()
cert.generate_csr(force=force)
def create_multiple_p12(logger, ctx, csv_file, pem_folder, key_folder,
password, config, force, verbose, debug):
"""
Create multiple p12 using csv file
\f
:param logger:
:param ctx:
:param csv_file:
:param pem_folder:
:param key_folder:
:param password:
:param config:
:param force:
:param verbose:
:param debug:
:return:
"""
tools.set_options(ctx=ctx, config=config, verbose=verbose, debug=debug)
cert = Certificate(logger, opts=tools.opts)
if csv_file:
cert.generate_multiple_p12(csv_file=csv_file,
pem_folder=pem_folder,
key_folder=key_folder,
password=password,
force=force)
else:
cert.generate_multiple_p12(pem_folder=pem_folder,
key_folder=key_folder,
password=password,
force=force)
def create_p12(logger, ctx, name, pem, key, password, config, force, verbose,
debug):
"""
\b
Create a simple p12
Need key file and pem file
\f
:param logger:
:param ctx:
:param name:
:param pem:
:param key:
:param password:
:param config:
:param force:
:param verbose:
:param debug:
:return:
"""
tools.set_options(ctx=ctx, config=config, verbose=verbose, debug=debug)
cert = Certificate(logger=logger, opts=tools.opts)
cert.generate_p12(key=key,
pem=pem,
p12=name,
password=password,
force=force)
def __init__(self, name):
self.__name = name
print("{} created".format(name))
self.__key = KeyPairRSA()
self.__cert = Certificate(name=name,
key_pair_rsa=self.__key,
validity_date=10)
def certificate(self, hostname):
"""Returns the certificate of a particular hostname
:param hostname: The hostname you want the certificate of
:type hostname: str
:return: The ppaas.Certificate object, or raises an exception
:rtype: ppaas.Certificate
"""
return Certificate(self, hostname)
def validate_tcg_from_config(self, ca_cert_path, signing_attributes):
ca_cert_obj = Certificate(path=ca_cert_path)
tcg_min_str = signing_attributes.tcg_min
tcg_max_str = signing_attributes.tcg_max
tcg_min_attest = Attribute.init(num_bits=32, string=tcg_min_str)
tcg_max_attest = Attribute.init(num_bits=32, string=tcg_max_str)
return self._validate_tcg_raw(tcg_min_attest, tcg_max_attest,
ca_cert_obj.tcg_min, ca_cert_obj.tcg_max)
def parseCerts(self, signature, offset):
prev = self._f.tell()
true_offset = signature.getOffset() + offset
self._f.seek(true_offset)
magic = getInt(self._f)
if magic != dictionary.signatures['BLOBWRAPPER']:
data = {
'offset': true_offset,
'magic': hex(magic),
'expected': hex(dictionary.signatures['BLOBWRAPPER'])
}
a = Abnormality(title='BAD MAGIC - BLOBWRAPPER', data=data)
self.addAbnormality(a)
self._f.seek(prev)
return
size = getInt(self._f) - 8
# out = open('cms', 'wb')
# out.write(self._f.read(size))
# out.close()
# exit(0)
if size > 0:
signed_data = cms.CMS(self._f.read(size), format='DER')
for cert in signed_data.certs:
serial = cert.serial
subject = {
'country': self.getCertNameData(cert.subject,
oid.Oid('C')),
'org': self.getCertNameData(cert.subject, oid.Oid('O')),
'org_unit': self.getCertNameData(cert.subject,
oid.Oid('OU')),
'common_name': self.getCertNameData(cert.subject,
oid.Oid('CN'))
}
issuer = {
'country': self.getCertNameData(cert.issuer, oid.Oid('C')),
'org': self.getCertNameData(cert.issuer, oid.Oid('O')),
'org_unit': self.getCertNameData(cert.issuer,
oid.Oid('OU')),
'common_name': self.getCertNameData(cert.issuer,
oid.Oid('CN'))
}
ca = cert.check_ca()
cert = Certificate(serial=serial, subject=subject,
issuer=issuer, ca=ca)
signature.addCert(cert)
else:
data = {
'offset': true_offset,
'size': size
}
a = Abnormality(title='NON-POSITIVE CMS SIZE', data=data)
self.addAbnormality(a)
self._f.seek(prev)
def certificate():
id = request.args.get('id')
donor = Donor.query.filter(Donor.id == id).first()
file_dir = os.path.join(basedir, app.config['IMG_FOLDER'])
if donor:
no = "WH2020012310{0:04d}".format(donor.id)
certi_file = "%s.png" % os.path.join(file_dir, no)
if not os.path.exists(certi_file):
amount = "%.2f" % donor.amount
cert = Certificate(donor.name, amount, no)
cert.grant()
image_data = open(certi_file, "rb").read()
response = make_response(image_data)
response.headers['Content-Type'] = 'image/png'
return response
def read(logger, ctx, path, password, plain_text):
"""
Read csr or p12
\f
:param logger:
:param ctx:
:param path:
:param password:
:param plain_text:
:return:
"""
tools.set_options(ctx=ctx)
cert = Certificate(logger=logger, opts=tools.opts)
click.echo(cert.read(path=path, password=password, plain_text=plain_text))
def validate_oid_from_config(self, ca_cert_path, signing_attributes):
ca_cert_obj = Certificate(path=ca_cert_path)
min_str = signing_attributes.object_id.min
max_str = signing_attributes.object_id.max
min_attest = Attribute.init(num_bits=32, string=min_str)
max_attest = Attribute.init(num_bits=32, string=max_str)
if signing_attributes.object_id.name == "tcg":
min_ca = ca_cert_obj.tcg_min
max_ca = ca_cert_obj.tcg_max
elif signing_attributes.object_id.name == "feature_id":
min_ca = ca_cert_obj.fid_min
max_ca = ca_cert_obj.fid_max
return self._validate_oid_raw(min_attest, max_attest, min_ca, max_ca)
def sign(self, binary_to_sign, imageinfo, debug_dir=None):
'''
This function returns a SignerOutput object which has all the security assets generated
by the signer.
'''
self._signer_impl.validate_config(imageinfo)
hasher = Hasher()
hmacParams = signerutils.get_hmac_params_from_config(
imageinfo.signing_attributes)
hash_to_sign = hasher.qcom_hmac(binary_to_sign, hmacParams)
signer_output = self._signer_impl.sign(hash_to_sign, imageinfo,
binary_to_sign, debug_dir)
#print certificate properties
attestation_cert_obj = Certificate(signer_output.attestation_cert)
logger.info('\nAttestation Certificate Properties:\n' +
str(attestation_cert_obj))
return signer_output
def read_certificates(self, server_certificates):
logger.info(
"------------------------------------------------------------------------------------"
)
logger.info("Rufe die Zertifkate für die weiteren Tests ab")
logger.info(
"------------------------------------------------------------------------------------"
)
try:
if server_certificates is None:
openssl_cmd_getcert = "echo 'Q' | openssl s_client -connect " + self.hostname + ":" + str(
self.port
) + self.openssl_client_proxy_part + " -showcerts | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'"
proc = subprocess.Popen([openssl_cmd_getcert],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
shell=True)
(out, err) = proc.communicate()
tmp_certs = pem.parse(out)
else:
tmp_certs = pem.parse_file(server_certificates)
logger.info(
str(len(tmp_certs)) +
" Zertifikate wurden empfangen bzw. eingelesen.")
for crt in tmp_certs:
self.x509_certs.append(
load_pem_x509_certificate(
str(crt).encode('ascii', 'ignore'), default_backend()))
for x509 in self.x509_certs:
self.certs.append(Certificate(x509, self.ca_file))
except Exception as err:
print err
def main():
BASE_MODULE_ARGS = dict(cadir=dict(default="/etc/certs"),
certname=dict(required=True),
subj=dict(default="/DC=com/DC=example/CN=CA/"),
p12password=dict(required=True),
certtype=dict(default="server",
choices=["server", "client"]),
state=dict(default="present",
choices=["present", "absent"]),
subjectAltNames=dict(required=False))
module = AnsibleModule(argument_spec=BASE_MODULE_ARGS,
supports_check_mode=True)
isServerCert = True
if module.params["certtype"] == "client":
isServerCert = False
# cadir, certname, subj, p12password, isServerCert
cert = Certificate(module.params["cadir"], module.params["certname"],
module.params["subj"], module.params["p12password"],
isServerCert, module.params["subjectAltNames"])
isValid = cert.validate_config()
if isValid["success"]:
if module.params["state"] == "present":
isValid = cert.create_certificate()
else:
isValid = cert.remove_certificate()
if not isValid["success"]:
module.fail_json(msg=isValid["msg"])
else:
module.exit_json(**isValid)
def retrieve_certificate(self):
""" retrieve the repository's certificate file """
certificate = self.retrieve_object(self.manifest.certificate, 'X')
return Certificate(certificate)
def createCert(certname, subj, password, isServerCert):
print line
print "Creating certificate for: {}".format(certname)
cert = Certificate(cadir, certname, subj, password, isServerCert)
print cert.create_certificate()
return cert
def __main__(self):
father = self.father
chatroom = tk.Tk()
chatroom.geometry('600x400+425+225')
chatroom.title('91 Chatroom for ' +
self.father.father.username)
# chatroom.attributes('-topmost',1)
# backgroud
frame = tk.Frame(chatroom,
bg=colors['black'],
width=600,
height=400)
frame.place(x=0, y=0)
# container
textArea = tk.Text(frame,
bg=colors['black'],
fg=colors['green'],
highlightbackground=colors['lightGray'],
selectbackground=colors['blue'],
selectforeground=colors['green'],
width=60,
height=22,
bd=0)
textArea.place(x=10, y=10, anchor=tk.NW)
textArea.bind('<KeyPress>', lambda x: "break")
father.textArea = textArea
# textArea.focus_set()
# choose
tk.Label(frame,
text="Select Receiver:",
bg=colors['black'],
fg=colors['green']).place(x=460, y=10, anchor=tk.NW)
listbox = tk.Listbox(frame,
width=14,
height=7,
bg=colors['darkGray'],
fg=colors['green'],
selectbackground=colors['black'],
selectforeground=colors['green'])
listbox.place(x=460, y=35, anchor=tk.NW)
father.listbox = listbox
fileButton = tk.Button(
frame,
text="File",
bd=0,
highlightbackground=colors['black'],
command=lambda: self.uploadFile(father.socket, nameLabel))
fileButton.place(x=480, y=180, anchor=tk.CENTER)
videoButton = tk.Button(
frame,
text="Video",
bd=0,
highlightbackground=colors['black'],
command=lambda: self.videoCall(father.socket, nameLabel))
videoButton.place(x=560, y=180, anchor=tk.CENTER)
# ttk.Style().configure("b.TButton", foreground="black", background="white")
# style1 = ttk.Style()
# style1.configure("BW1.TLabel", foreground="black", background="white")
# bt_refresh = ttk.Button(f, text = "刷新列表", bd = 0, style = "BW1.TLable",command = lambda : self.refresh(father.socket))
tk.Label(frame,
text="System Log:",
bg=colors['black'],
fg=colors['green']).place(x=460, y=208, anchor=tk.NW)
logArea = tk.Text(frame,
bg=colors['black'],
fg=colors['green'],
highlightbackground=colors['lightGray'],
selectbackground=colors['blue'],
selectforeground=colors['green'],
width=16,
height=7,
bd=0)
logArea.place(x=455, y=233, anchor=tk.NW)
logArea.bind('<KeyPress>', lambda x: "break")
father.logArea = logArea
log = ctime() + " Connection Establishment"
logArea.insert(tk.END, log + '\n\n')
logArea.see(tk.END)
# input
nameLabel = tk.Label(frame,
text="Unseleted",
bg=colors['black'],
fg=colors['green'],
width=8)
nameLabel.place(x=12, y=360)
listbox.bind('<Double-Button-1>',
lambda x: self.changeSendTo(listbox, nameLabel))
self.nameLabel = nameLabel
inputEntry = tk.Entry(frame,
width=37,
bg=colors['black'],
fg=colors['green'],
insertbackground=colors['white'],
highlightbackground=colors['lightGray'],
selectbackground=colors['blue'],
selectforeground=colors['green'])
inputEntry.place(x=90, y=358)
# inputEntry.bind('<Key-Return>',
# lambda x : self.requestCertificate(father.socket,
# nameLabel, inputEntry))
inputEntry.bind(
'<Key-Return>', lambda x: self.requestCertificate(
father.socket, nameLabel))
# self.inputEntry = inputEntry
father.inputEntry = inputEntry
bt_send = tk.Button(frame,
text="Enter",
highlightbackground=colors['black'],
command=lambda: self.requestCertificate(
father.socket, nameLabel))
bt_send.place(x=480, y=371, anchor=tk.CENTER)
bt_clear = tk.Button(
frame,
text="Clear",
highlightbackground=colors['black'],
command=lambda: textArea.delete(0.0, tk.END))
bt_clear.place(x=560, y=372, anchor=tk.CENTER)
r = RSA()
c = Certificate(r.pubKey)
c.certificateInfo['username'] = self.father.father.username
self.father.father.selfInfo[
'username'] = self.father.father.username
self.father.father.selfInfo[
'decryptionType'] = c.certificateInfo['encryptionType']
self.father.father.selfInfo['pubKey'] = r.pubKey
self.father.father.selfInfo['priKey'] = r.priKey
self.father.father.selfInfo[
'communicationType'] = c.certificateInfo[
'communicationType']
if c.certificateInfo['communicationType'] == "dh":
pubNum = DH().getPAndG()
self.father.father.selfInfo['pAndg'] = pubNum
c.certificateInfo['pAndg'] = pubNum
self.father.father.selfInfo['secretA'] = getPrimeNum(20)
self.father.father.selfInfo['mA'] = pow(
pubNum[1], self.father.father.selfInfo['secretA'],
pubNum[0])
jData = json.dumps(c.certificateInfo)
father.socket.send(jData.encode())
# 刷新列表
# self.refresh(father.socket)
inputEntry.focus_set()
chatroom.focus_force()
chatroom.mainloop()
father.socket.shutdown(2)
print('Socket 断开')
from suds.client import Client
from certificate import Certificate
import sys
client = Client(
"http://localhost:8081/config-service/ConfigurationService?wsdl")
cert = Certificate(sys.argv[1])
cert.add_to_config(client)
