def create(data, cert, pkey, flags=Flags.BINARY, certs=None):
"""
Creates SignedData message by signing data with pkey and
certificate.
@param data - data to sign
@param cert - signer's certificate
@param pkey - pkey object with private key to sign
@param flags - OReed combination of Flags constants
@param certs - list of X509 objects to include into CMS
"""
if not pkey.cansign:
raise ValueError("Specified keypair has no private part")
if cert.pubkey != pkey:
raise ValueError("Certificate doesn't match public key")
bio = Membio(data)
if certs is not None and len(certs) > 0:
certstack_obj = StackOfX509(
certs) # keep reference to prevent immediate __del__ call
certstack = certstack_obj.ptr
else:
certstack = None
ptr = libcrypto.CMS_sign(cert.cert, pkey.key, certstack, bio.bio,
flags)
if ptr is None:
raise CMSError("signing message")
return SignedData(ptr)
def certs(self):
"""
List of the certificates contained in the structure
"""
certstack = libcrypto.CMS_get1_certs(self.ptr)
if certstack is None:
raise CMSError("getting certs")
return StackOfX509(ptr=certstack, disposable=True)
def signers(self):
"""
Return list of signer's certificates
"""
signerlist = libcrypto.CMS_get0_signers(self.ptr)
if signerlist is None:
raise CMSError("Cannot get signers")
return StackOfX509(ptr=signerlist, disposable=False)
def create(recipients, data, cipher, flags=0):
"""
Creates and encrypts message
@param recipients - list of X509 objects
@param data - contents of the message
@param cipher - CipherType object
@param flags - flag
"""
recp = StackOfX509(recipients)
bio = Membio(data)
cms_ptr = libcrypto.CMS_encrypt(recp.ptr, bio.bio, cipher.cipher,
flags)
if cms_ptr is None:
raise CMSError("encrypt EnvelopedData")
return EnvelopedData(cms_ptr)
def test_certstack2(self):
stack = StackOfX509()
stack.append(X509(self.cert1))
stack.append(X509(self.ca_cert))
c = stack[1]
stack[1] = X509(self.digicert_cert)
self.assertEqual(len(stack), 2)
self.assertEqual(unicode(stack[1].subject[Oid('CN')]),
u'DigiCert High Assurance EV CA-1')
with self.assertRaises(IndexError):
stack[-1] = c
with self.assertRaises(IndexError):
stack[3] = c
with self.assertRaises(TypeError):
stack[0] = self.cert1
with self.assertRaises(TypeError):
stack.append(self.cert1)
def test_certstack1(self):
l = []
l.append(X509(self.cert1))
self.assertEqual(unicode(l[0].subject[Oid('CN')]), u'Виктор Вагнер')
l.append(X509(self.ca_cert))
l.append(X509(self.digicert_cert))
stack = StackOfX509(certs=l)
self.assertEqual(len(stack), 3)
self.assertTrue(isinstance(stack[1], X509))
self.assertEqual(unicode(stack[0].subject[Oid('CN')]),
u'Виктор Вагнер')
with self.assertRaises(IndexError):
c = stack[-1]
with self.assertRaises(IndexError):
c = stack[3]
del stack[1]
self.assertEqual(len(stack), 2)
self.assertEqual(unicode(stack[0].subject[Oid('CN')]),
u'Виктор Вагнер')
self.assertEqual(unicode(stack[1].subject[Oid('CN')]),
u'DigiCert High Assurance EV CA-1')
def verify(self, store, flags, data=None, certs=None):
"""
Verifies signature under CMS message using trusted cert store
@param store - X509Store object with trusted certs
@param flags - OR-ed combination of flag consants
@param data - message data, if messge has detached signature
param certs - list of certificates to use during verification
If Flags.NOINTERN is specified, these are only
sertificates to search for signing certificates
@returns True if signature valid, False otherwise
"""
bio = None
if data != None:
bio_obj = Membio(data)
bio = bio_obj.bio
if certs is not None and len(certs) > 0:
certstack = StackOfX509(certs)
else:
certstack = None
res = libcrypto.CMS_verify(self.ptr, certstack, store.store, bio, None,
flags)
return res > 0
