def __init__(self):
"""
Just create the objec that wil handle all the stuff
"""
self.db_handler = DbCertHandler() #will use the default
def __init__(self):
from imzaci.db.db_operations import DbCertHandler
super(Pkcs7Verifier,self).__init__()
self.__db_handler = DbCertHandler()
self.__db_handler.load_db()
class TestDbCertHandler(object):
def __init__(self):
"""
Just create the objec that wil handle all the stuff
"""
self.db_handler = DbCertHandler() #will use the default
def setUp(self):
"""
Will be called on every initialization
"""
self.db_handler.clear_db() #remove all the stuff
self.db_handler.recreate_internal_db() #recreate the stuff
self.db_handler.load_db() #load into the memory
def test_load_db(self):
"""
Does it load the stuff
"""
current_db = self.db_handler.get_current_memory_snap()
assert current_db=={}
def test_add_cert(self):
"""
Add cert object into db
"""
from imzaci.cert.cert_tools import load_cert_from_dir
#add one into the empty db
cert_to_add = load_cert_from_dir(list_of_cert_dirs['0'])
assert self.db_handler.add_cert(cert_to_add) == True
#should check if we have that in db
tmp_cert=self.db_handler.search_and_get_cert(cert_to_add.cert_hash())
assert len(tmp_cert) == 1
assert tmp_cert[0] == cert_to_add
#add one duplicate
assert self.db_handler.add_cert(cert_to_add) == False
#add another when have others
another_cert = load_cert_from_dir(list_of_cert_dirs['1'])
assert self.db_handler.add_cert(another_cert) == True
#is it there?
tmp_cert=self.db_handler.search_and_get_cert(another_cert.cert_hash())
assert len(tmp_cert) == 1
assert tmp_cert[0] == another_cert
def test_add_cert_chain(self):
"""
Add chain object into db
"""
from imzaci.cert.cert_tools import load_chain_from_dirs
#add into an empty stuff
chain_to_add = load_chain_from_dirs([list_of_cert_dirs['3'],list_of_cert_dirs['2']])
assert self.db_handler.add_cert_chain(chain_to_add) == True
#look if it is inside it ?
tmp_search=self.db_handler.search_and_get_chain(chain_to_add.get_chain_hash())
assert len(tmp_search)==1
assert tmp_search[0] == chain_to_add
#test the duplication
assert self.db_handler.add_cert_chain(chain_to_add) == False
#test for similar ones but diffrent chains
chain_to_add = load_chain_from_dirs([list_of_cert_dirs['3'],list_of_cert_dirs['2'],list_of_cert_dirs['1']])
assert self.db_handler.add_cert_chain(chain_to_add) == True
#is it inside it ?
tmp_search=self.db_handler.search_and_get_chain(chain_to_add.get_chain_hash())
assert len(tmp_search)==1
assert tmp_search[0] == chain_to_add
assert self.db_handler.add_cert_chain(chain_to_add) == False
#print self.db_handler.get_current_memory_snap()
def test_add_cert_from_file(self):
"""
Add cert from file
"""
from imzaci.cert.cert_tools import load_cert_from_dir
#add one into the empty db
cert_to_add = load_cert_from_dir(list_of_cert_dirs['0'])
cert_to_add.store_to_file("foo.pem")
assert self.db_handler.add_cert_from_file("foo.pem") == True
assert self.db_handler.add_cert_from_file("foo.pem") == False
import os
os.remove("foo.pem")
def test_add_chain_from_file(self):
"""
Add chain from file
"""
from imzaci.cert.cert_tools import load_chain_from_dirs
#add into an empty stuff
chain_to_add = load_chain_from_dirs([list_of_cert_dirs['3'],list_of_cert_dirs['2']])
chain_to_add.store_to_file("foo.pem")
assert self.db_handler.add_chain_from_file("foo.pem") == True
assert self.db_handler.add_chain_from_file("foo.pem") == False
import os
os.remove("foo.pem")
def test_list_db_all(self):
pass
def test_list_cert_detail(self):
pass
def test_remove_cert(self):
"""
Remove a cert from db
"""
#first try to remove a cert that is not there
assert self.db_handler.remove_cert("foo_cert")==False
from imzaci.cert.cert_tools import load_cert_from_dir
#add one into the empty db
cert_to_add = load_cert_from_dir(list_of_cert_dirs['0'])
self.db_handler.add_cert(cert_to_add) == True
#now remove that cert from there
assert self.db_handler.remove_cert(cert_to_add.cert_hash())==True
#now search for it into db
tmp_cert=self.db_handler.search_and_get_cert(cert_to_add.cert_hash())
assert tmp_cert == None
def test_remove_chain(self):
"""
Remove a chain from db
"""
#first try to remove sth is not there
assert self.db_handler.remove_chain("foo_chain") == False
from imzaci.cert.cert_tools import load_chain_from_dirs
#add into an empty stuff
chain_to_add = load_chain_from_dirs([list_of_cert_dirs['3'],list_of_cert_dirs['2']])
self.db_handler.add_cert_chain(chain_to_add)
#now remove it
assert self.db_handler.remove_chain(chain_to_add.get_chain_hash()) == True
#look if it is inside it ?
tmp_search=self.db_handler.search_and_get_chain(chain_to_add.get_chain_hash())
assert tmp_search==[]
def test_clear_db(self):
pass
def test_recreate_internal_db(self):
pass
def test_check_for_errors(self):
pass
def test_clean_expired(self):
"""
Clean expired certs
"""
from imzaci.cert.cert_tools import load_cert_from_dir
from M2Crypto import X509 as x
from imzaci.cert.cert import X509Cert
#add one into the empty db
cert_to_add = x.load_cert(EXPIRED_CERTS['0'])
cert_to_add=X509Cert(cert_to_add)
self.db_handler.add_cert(cert_to_add)
#clear the expired certs
self.db_handler.clean_expired()
assert self.db_handler.get_current_memory_snap() == {}
def test_search_cert_and_get_cert(self):
"""
Test the search operations for search_and_get_cert and search_cert
"""
#search an empty db
tmp_result = self.db_handler.search_cert("*")
tmp_cert_result = self.db_handler.search_and_get_cert("*")
assert tmp_result == {}
assert tmp_cert_result == None
#search emtry db for sth that is not there
tmp_result = self.db_handler.search_cert("foo_cert")
tmp_cert_result = self.db_handler.search_and_get_cert("foo_cert")
assert tmp_cert_result == None
assert tmp_result == {}
#add a cert and search for it
from imzaci.cert.cert_tools import load_cert_from_dir
#add one into the empty db
cert_to_add = load_cert_from_dir(list_of_cert_dirs['0'])
self.db_handler.add_cert(cert_to_add)
search_fields = extract_subject_info(cert_to_add.person_info())
#search for every field it has ...
for search_item in search_fields:
tmp_result = self.db_handler.search_cert(search_item)
tmp_cert_result = self.db_handler.search_and_get_cert(search_item)
#check instance
assert len(tmp_cert_result) == 1
assert tmp_cert_result[0] == cert_to_add
#check dict
assert len(tmp_result.keys()) == 1
assert tmp_result.has_key(cert_to_add.cert_hash())== True
#search also the hash
tmp_result = self.db_handler.search_cert(cert_to_add.cert_hash())
assert len(tmp_result.keys()) == 1
assert tmp_result.has_key(cert_to_add.cert_hash())== True
#now make a full search again
tmp_result = self.db_handler.search_cert("*")
tmp_cert_result = self.db_handler.search_and_get_cert("*")
#check instance
assert len(tmp_cert_result) == 1
#check the dict
assert len(tmp_result.keys()) == 1
tmp_cert_result = self.db_handler.search_and_get_cert("foo_cert")
tmp_result = self.db_handler.search_cert("foo_cert")
assert tmp_cert_result == None
assert tmp_result == {}
#add also a chain and make search for it
from imzaci.cert.cert_tools import load_chain_from_dirs
#add into an empty stuff
chain_to_add = load_chain_from_dirs([list_of_cert_dirs['3'],list_of_cert_dirs['2'],list_of_cert_dirs['1']])
self.db_handler.add_cert_chain(chain_to_add)
#search for the chain hash firstly
tmp_result = self.db_handler.search_cert(chain_to_add.get_chain_hash())
tmp_cert_result = self.db_handler.search_and_get_cert(chain_to_add.get_chain_hash())
assert len(tmp_result) == 3
for cert_search in chain_to_add:
assert tmp_result.has_key("".join([chain_to_add.get_chain_hash(),"-",cert_search.cert_hash()])) == True
#also search for the cert in the chain
tmp_result_inner = self.db_handler.search_cert(cert_search.cert_hash())
assert len(tmp_result_inner.keys()) == 1
#print tmp_result_inner
assert tmp_result_inner.has_key("".join([chain_to_add.get_chain_hash(),"-",cert_search.cert_hash()]))== True
def test_search_and_get_chain(self):
"""
Test searching and getting chain
"""
#search in empty stuff
tmp_chain_result=self.db_handler.search_and_get_chain("*")
assert tmp_chain_result == []
self.db_handler.search_and_get_chain("foo_chain")
assert tmp_chain_result == []
#add a chain and serach for it :)
from imzaci.cert.cert_tools import load_chain_from_dirs
#add into an empty stuff
chain_to_add = load_chain_from_dirs([list_of_cert_dirs['3'],list_of_cert_dirs['2'],list_of_cert_dirs['1']])
self.db_handler.add_cert_chain(chain_to_add)
chain_tmp_result = self.db_handler.search_and_get_chain(chain_to_add.get_chain_hash())
assert len(chain_tmp_result) == 1
assert chain_tmp_result[0] == chain_to_add
#add another similar to see can it pull the excat one from there
another_chain_add = load_chain_from_dirs([list_of_cert_dirs['3'],list_of_cert_dirs['2']])
self.db_handler.add_cert_chain(another_chain_add)
chain_tmp_result = self.db_handler.search_and_get_chain(another_chain_add.get_chain_hash())
assert len(chain_tmp_result) == 1
assert chain_tmp_result[0] == another_chain_add
class Pkcs7Verifier(Pkcs7Manager):
"""
The verifier part of the pkcs7 manager
"""
DEFAULT_SIGNATURE_NAME = "signature.p7"
def __init__(self):
from imzaci.db.db_operations import DbCertHandler
super(Pkcs7Verifier,self).__init__()
self.__db_handler = DbCertHandler()
self.__db_handler.load_db()
def verify_document(self,verify_dir):
"""
Verifies the directory with signature
"""
#the part we are going to verify
self.verify_dir = verify_dir
self.signature_file = self.get_signature_file()
chain = self.load_chain_sign()
#now we have the chain we have the signature we have
#all the stuff so it is time to make a db lookup ...
chain_search_str = chain.get_chain_hash()
ch_result = self.__db_handler.search_and_get_chain(chain_search_str)
if not ch_result:
raise PkcsOperationException("The chain that signed document is not in your TRUSTED_DAtABASE verify fails")
found = False
for ch in ch_result:
if ch == chain:
found = True
break
if not found:
raise PkcsOperationException("The chain seems to be in database but exact match failed (are u tricking me ?)")
#the chain passed all the tests and it is ready to be verified
#ger a pkcs7 object from the signature
try:
#print "The signature file is :",self.signature_file
self.__p7 = self.sm_module.load_pkcs7(self.signature_file)
except Exception,e:
print "Couldnt load the signature file intoa objecti :",e
return
try:
#some boiler code
xStore=X509.X509_Store()
sk = X509.X509_Stack()
self.sm.set_x509_stack(sk)
self.sm.set_x509_store(xStore)
#Sets the flags to noverify which means that the verification of
#the signers was made above
flagset=SMIME.PKCS7_NOVERIFY
#verify the signature it is a M2Crypto openssl method
#create the s,gnature firstly ...
self.get_sign_hash(verify_dir,[self.signature_file])
#print "What we have in the buffer now ? ",self.tosign_buffer.read()
res=self.sm.verify(self.__p7,self.tosign_buffer,flags=flagset)
if not res:
print "Verification failed "
return False
else:
return True
except Exception,e:
print "Pkcs Error",e
return False
