def _gost_cleanup():
from M2Crypto import Engine
try:
gost = Engine.Engine('gost')
except ValueError:
pass
else:
gost.finish()
Engine.cleanup()
def test_load_certificate(self):
Engine.load_openssl()
e = Engine.Engine('openssl')
e.set_default()
try:
with self.assertRaises(Engine.EngineError):
e.load_certificate('/dev/null')
except SystemError:
pass
def test_load_certificate(self):
Engine.load_openssl()
e = Engine.Engine('openssl')
e.set_default()
try:
with self.assertRaises(Engine.EngineError):
e.load_certificate('/dev/null')
except SystemError:
pass
def pkcs11_init(pkcs11_engine, pkcs11_driver):
"""
Initializes Openssl pkcs11 engine with pkcs11 driver module and returns
initialized engine for operations.
"""
# loading Dynamic engine to load the PKCS#11 engine
Engine.load_dynamic_engine("pkcs11", pkcs11_engine)
# loading pkcs#11 module
pkcs11 = Engine.Engine("pkcs11")
pkcs11.ctrl_cmd_string("MODULE_PATH", pkcs11_driver)
pkcs11.init()
return pkcs11
def robot_init():
e = Engine.load_dynamic_engine("pkcs11", "/usr/local/lib/engine_pkcs11.so")
pk = Engine.Engine("pkcs11")
pk.ctrl_cmd_string("MODULE_PATH", "/usr/lib/libeTPkcs11.so")
ret = pk.init()
print "Loading certificate DeRoberto"
cert = e.load_certificate("30354530383037334131344144353636")
print "Loading key ..."
key = e.load_private_key("30354530383037334131344144353636", "indicate#2011")
ctx = SSL.Context("sslv23")
ctx.set_cipher_list("HIGH:!aNULL:!eNULL:@STRENGTH")
ctx.set_session_id_ctx("foobar")
m2.ssl_ctx_use_x509(ctx.ctx, cert.x509)
m2.ssl_ctx_use_pkey_privkey(ctx.ctx, key.pkey)
class SmartRedirectHandler(m2urllib2.HTTPRedirectHandler):
def http_error_302(self, req, fp, code, msg, headers):
redirect = headers['Location']
return redirect
opener = m2urllib2.build_opener(ctx, SmartRedirectHandler())
return opener
def _gost_cleanup():
from M2Crypto import Engine
try:
gost = Engine.Engine(GOST_ENGINE_NAME)
except ValueError:
pass
else:
gost.finish()
def _gost_cleanup():
from M2Crypto import Engine
try:
gost = Engine.Engine(b'gost')
except ValueError:
pass
else:
gost.finish()
def load_engine(self):
if self.pkcs11_engine is not None: # se l'engine e' gia stato caricato
return True
engine_drv_path = self.config.get_engine_driver_path()
if engine_drv_path is None:
return False
self.engine_driver_path = engine_drv_path
scard_drv_path = self.config.get_smartcard_driver_path(
) # ottengo il path della smartcard dalle config
if scard_drv_path is None: # se non sono riuscito ad ottenere il driver della smartcard
scard_atr = SmartcardFetcher.get_smartcard_atr(
self.logger) # ottengo l'atr della smartcard
if scard_atr is None: # se non sono riuscito ad ottenere l'atr
return False
scard_drv_path = SmartcardFetcher.get_smartcard_library(
scard_atr, self.config,
self.logger) # ottengo il path del driver della smarcard
if scard_drv_path is None: # se non sono ancora riuscito ad ottenere il path
return False
self.smartcard_driver_path = scard_drv_path
if Engine.load_dynamic_engine('pkcs11',
self.engine_driver_path) is None:
return False
self.pkcs11_engine = Engine.Engine('pkcs11')
self.pkcs11_engine.ctrl_cmd_string('MODULE_PATH',
self.smartcard_driver_path)
if self.must_fetch_pin: # se e' rischiesto un inserimento del pin
pin = self.config.get_smartcard_pin()
if pin is None:
return False
self.logger.debug('create engine using pin:%s' % pin)
self.pkcs11_engine.ctrl_cmd_string(
"PIN", pin) # senza il pin l'engine chiede il pin da prompt
# TODO da controllare il login con un pin errate perche' non da' errore
self.pkcs11_engine.init()
return True
def get_engine(cls):
if cls._pkcs11 is not None:
return
engine_path = "/usr/lib/ssl/engines/engine_pkcs11.so"
module_path = "/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so"
#engine_path = "/usr/local/Cellar/engine_pkcs11/0.1.8/lib/engines/engine_pkcs11.so"
#module_path = "/Library/OpenSC/lib/opensc-pkcs11.so"
cls._pkcs11 = Engine.load_dynamic_engine("pkcs11", engine_path)
cls._pkcs11.ctrl_cmd_string('MODULE_PATH', module_path)
cls._pkcs11.set_default(m2.ENGINE_METHOD_RSA)
def load_engine(self):
if self.pkcs11_engine is not None: # se l'engine e' gia stato caricato
return True
engine_drv_path = self.config.get_engine_driver_path()
if engine_drv_path is None:
return False
self.engine_driver_path = engine_drv_path
scard_drv_path = self.config.get_smartcard_driver_path() # ottengo il path della smartcard dalle config
if scard_drv_path is None: # se non sono riuscito ad ottenere il driver della smartcard
scard_atr = SmartcardFetcher.get_smartcard_atr(self.logger) # ottengo l'atr della smartcard
if scard_atr is None: # se non sono riuscito ad ottenere l'atr
return False
scard_drv_path = SmartcardFetcher.get_smartcard_library(
scard_atr, self.config, self.logger
) # ottengo il path del driver della smarcard
if scard_drv_path is None: # se non sono ancora riuscito ad ottenere il path
return False
self.smartcard_driver_path = scard_drv_path
if Engine.load_dynamic_engine('pkcs11', self.engine_driver_path) is None:
return False
self.pkcs11_engine = Engine.Engine('pkcs11')
self.pkcs11_engine.ctrl_cmd_string('MODULE_PATH', self.smartcard_driver_path)
if self.must_fetch_pin: # se e' rischiesto un inserimento del pin
pin = self.config.get_smartcard_pin()
if pin is None:
return False
self.logger.debug('create engine using pin:%s' % pin)
self.pkcs11_engine.ctrl_cmd_string("PIN", pin) # senza il pin l'engine chiede il pin da prompt
# TODO da controllare il login con un pin errate perche' non da' errore
self.pkcs11_engine.init()
return True
def __init__(self,engpath=""):
self.pkcs11 = PyKCS11.PyKCS11Lib()
self.engpath = engpath
self.pkcs11.load(engpath + "\\" + etoken_dll)
self.engine = Engine.load_dynamic_engine('pkcs11',
self.engpath + "\\" + engine_dll)
self.engine.ctrl_cmd_string('MODULE_PATH',self.engpath + "\\" + etoken_dll)
self.engine.init()
self.info = None
# for slot in range(0,10):
# try:
# xx = self.pkcs11.getTokenInfo(slot)
# if xx.model.strip() == "eToken":
# self.info = xx
# self.tokenSlot = slot
# break
# except PyKCS11.PyKCS11Error as e:
# print e
# pass
# if self.info == None:
# print "eToken not found"
# raise
# print "eToken in slot",self.tokenSlot
self.tokenSlot=2
def test_load_private(self):
Engine.load_openssl()
e = Engine.Engine('openssl')
e.set_default()
e.load_private_key(self.privkey)
def test_engine_ctrl_cmd_string(self):
Engine.load_dynamic()
e = Engine.Engine('dynamic')
e.ctrl_cmd_string('ID', 'TESTID')
def test_by_id_dynamic(self):
Engine.load_dynamic()
Engine.Engine('dynamic')
def test_by_id_openssl(self):
Engine.load_openssl()
e = Engine.Engine('openssl')
self.assertEqual(e.get_name(), 'Software engine support')
self.assertEqual(e.get_id(), 'openssl')
def test_by_id_junk(self):
with self.assertRaises(ValueError):
Engine.Engine(self.bad_id)
with self.assertRaises(ValueError):
Engine.Engine()
def tearDown(self):
Engine.cleanup()
def test_engine_ctrl_cmd_string(self):
Engine.load_dynamic()
e = Engine.Engine('dynamic')
e.ctrl_cmd_string('ID', 'TESTID')
def test_by_id_dynamic(self):
Engine.load_dynamic()
Engine.Engine('dynamic')
def tearDown(self):
Engine.cleanup()
def _load_pkcs11(cls, engine_path, module_path):
if cls._pkcs11 is None:
cls._pkcs11 = Engine.load_dynamic_engine("pkcs11", engine_path)
cls._pkcs11.ctrl_cmd_string('MODULE_PATH', module_path)
cls._pkcs11.set_default(m2.ENGINE_METHOD_RSA)
def test_load_certificate(self):
Engine.load_openssl()
e = Engine.Engine('openssl')
e.set_default()
self.assertRaises(Engine.EngineError, e.load_certificate, '/dev/null')
def test_load_certificate(self):
Engine.load_openssl()
e = Engine.Engine('openssl')
e.set_default()
self.assertRaises(Engine.EngineError, e.load_certificate, '/dev/null')
def _gost_cleanup():
from M2Crypto import Engine
gost = Engine.Engine("gost")
gost.finish()
Engine.cleanup()
def test_by_id_openssl(self):
Engine.load_openssl()
e = Engine.Engine('openssl')
self.assertEqual(e.get_name(), 'Software engine support')
self.assertEqual(e.get_id(), 'openssl')
def test_by_id_openssl(self):
Engine.load_openssl()
Engine.Engine('openssl')
def test_load_private(self):
Engine.load_openssl()
e = Engine.Engine('openssl')
e.set_default()
e.load_private_key(self.privkey)
def test_by_id_openssl(self):
Engine.load_openssl()
e = Engine.Engine("openssl")
self.assertEqual(e.get_name(), "Software engine support")
self.assertEqual(e.get_id(), "openssl")