Exemplo n.º 1
0
 def verify_sign(self,data,signature_place):
     """ Verifies the signature against the data"""
     #create a BIO.Memory object
     dg=DigestMan()
     data=dg.gen_buf_hash(data)
     
     if not self.verify_signers(signature_place):
         return False
         #pass
     
     self.dataBuf=self.makebuf(data)
     
     if not data :
         print "Supply data to verify with"
         return False
     
     #print self.dataBuf.read()
     #Load the pkcs7 document
     try :
         
         #Make a stote and stack object just for argument list
         #we dont need them actually
         #xStore=self.create_store(["chain/cacert.pem"])
         xStore=X509.X509_Store()
         
         #stW=stackWork()
         #sk=stW.add_chain(["chain/cacert.pem"])
         sk = X509.X509_Stack()
         
     
         self.sm.set_x509_stack(sk)
         self.sm.set_x509_store(xStore)
         
         #Sets the flags to noverify which means that the verification of
         #the signers was made above
     
         flagset=SMIME.PKCS7_NOVERIFY
         
         #verify the signature it is a M2Crypto openssl method
         res=self.sm.verify(self.__p7,self.dataBuf,flags=flagset)
         #print res
         if not res:
             return False
         else:
             return True
         
     except SMIME.SMIME_Error,e:
         print "Error while setting pkcs7 verification process :",e
         return False
Exemplo n.º 2
0
    def verify_sign(self, data, signature_place):
        """ Verifies the signature against the data"""
        #create a BIO.Memory object
        dg = DigestMan()
        data = dg.gen_buf_hash(data)

        if not self.verify_signers(signature_place):
            return False
            #pass

        self.dataBuf = self.makebuf(data)

        if not data:
            print "Supply data to verify with"
            return False

        #print self.dataBuf.read()
        #Load the pkcs7 document
        try:

            #Make a stote and stack object just for argument list
            #we dont need them actually
            #xStore=self.create_store(["chain/cacert.pem"])
            xStore = X509.X509_Store()

            #stW=stackWork()
            #sk=stW.add_chain(["chain/cacert.pem"])
            sk = X509.X509_Stack()

            self.sm.set_x509_stack(sk)
            self.sm.set_x509_store(xStore)

            #Sets the flags to noverify which means that the verification of
            #the signers was made above

            flagset = SMIME.PKCS7_NOVERIFY

            #verify the signature it is a M2Crypto openssl method
            res = self.sm.verify(self.__p7, self.dataBuf, flags=flagset)
            #print res
            if not res:
                return False
            else:
                return True

        except SMIME.SMIME_Error, e:
            print "Error while setting pkcs7 verification process :", e
            return False
Exemplo n.º 3
0
 def make_sign(self,keyplace,certplace,dataSign,signature_place):
     """ We give the cert(s) and key place"""
     
     #if the message is a big one we should digest it
     dg=DigestMan()
     dataSign=dg.gen_buf_hash(dataSign)
     
     ch=chainMan()
     
     #check basic things
     if not ch.load_chain(certplace, tip=0):
         return False
     
     #testing the chain
     if not ch.create_chain():
         return False
     
     #Gets the X509 objects as a stack
     stack=ch.dumpto_stack()
     
     del ch
     
     #create a buffer to store the data to be signed
     tosign=self.makebuf(dataSign)
     
     #return "Process cut"
     try :
         #Loading the private key
        
         self.sm.load_key(keyplace,certplace[0])
         #print stack
         #setting the stack we prepared
         
         #Not used for now 
         self.sm.set_x509_stack(stack)
         
         #The flags is detached because we dont want to store the original message in the pkcs7
         flagset=SMIME.PKCS7_DETACHED
         
         #print "The flagset is :",flagset
         
         self.__p7=self.sm.sign(tosign,flags=flagset)
         #print self.__p7
     
     except SMIME.SMIME_Error,e:
         print "Error with signing process",e
         return False
Exemplo n.º 4
0
    def make_sign(self, keyplace, certplace, dataSign, signature_place):
        """ We give the cert(s) and key place"""

        #if the message is a big one we should digest it
        dg = DigestMan()
        dataSign = dg.gen_buf_hash(dataSign)

        ch = chainMan()

        #check basic things
        if not ch.load_chain(certplace, tip=0):
            return False

        #testing the chain
        if not ch.create_chain():
            return False

        #Gets the X509 objects as a stack
        stack = ch.dumpto_stack()

        del ch

        #create a buffer to store the data to be signed
        tosign = self.makebuf(dataSign)

        #return "Process cut"
        try:
            #Loading the private key

            self.sm.load_key(keyplace, certplace[0])
            #print stack
            #setting the stack we prepared

            #Not used for now
            self.sm.set_x509_stack(stack)

            #The flags is detached because we dont want to store the original message in the pkcs7
            flagset = SMIME.PKCS7_DETACHED

            #print "The flagset is :",flagset

            self.__p7 = self.sm.sign(tosign, flags=flagset)
            #print self.__p7

        except SMIME.SMIME_Error, e:
            print "Error with signing process", e
            return False
Exemplo n.º 5
0
 def get_hash_list(self):
     """ That method is needed when we look for a specific cert if it is 
     in the db so we need their hash list"""
     hash_list=[]
     #from root to client
     for cert in self.__cert_stack:
         tempCert=X509Man(cert[2])
         hash_list.append(DigestMan.gen_buf_hash(tempCert.get_cert_text()))
         
         del tempCert
     
     
     return hash_list 
Exemplo n.º 6
0
def main(argv):
    """ The main arguments passed"""
    try:
        opts, args = getopt.getopt(argv, "", [
            "help", "showsigner=", "initdb", "listall", "list=", "sign=",
            "verify=", "delete=", "update=", "import=", "hash=", "help"
        ])
    except getopt.GetoptError:
        usage()
        sys.exit(2)

    for opt, arg in opts:
        #listing a proper chain
        if opt in ("--list"):

            if args:
                usage()
                sys.exit(2)
            else:
                if not list_chain(arg):
                    print "No available chain use --listall"
                    sys.exit(2)

                print "Chain loaded look at your browser (Firefox)"

        #Listing all chains:
        elif opt in ("--listall"):
            if args:
                usage()
                sys.exit(2)

            else:
                dc = DbCert()
                res = dc.list_chains()
                if not res:
                    print "No chains in db"
                    sys.exit(2)

                else:
                    print res

        #signing a document
        elif opt in ("--sign"):
            if not args or len(args) < 2:
                usage()
                sys.exit(2)

            if not os.path.exists(arg):
                print "Provide a valid file to sign"
                sys.exit(2)

            arg = Cutil.file_operator(arg, op=0)

            if arg == -1 or not arg:
                sys.exit(2)

            #string.strip(arg)
            #dg=DigestMan()
            #print dg.gen_buf_hash(arg)

            p7 = pkcs7Work()
            p7.make_sign(args[0], args[1:], arg, "signature.sig")
            sys.exit(0)

        #verifying a signature
        elif opt in ("--verify"):
            if not args:
                usage()
                sys.exit(2)

            if not os.path.exists(arg):
                print "Provide a valid file to sign"
                sys.exit(2)

            arg = Cutil.file_operator(arg, op=0)

            if arg == -1 or not arg:
                sys.exit(2)
            #string.strip(arg)

            #dg=DigestMan()
            #print dg.gen_buf_hash(arg)

            p7 = pkcs7Work()
            #print args[0]
            if p7.verify_sign(arg, args[0]):
                print "Verification succesful"

            sys.exit(0)

        #importing a chain into db
        elif opt in ("--import"):
            dc = DbCert()

            if not args:
                usage()
                sys.exit(2)

            else:
                if not dc.import_chain(args, arg):
                    print "Chain insertion Failed"
                else:
                    print "Chain inserted into database"

                sys.exit(0)

        #deleting a chain from the db
        elif opt in ("--delete"):
            if args:
                usage()
                sys.exit(2)

            dc = DbCert()
            if dc.delete_chain(arg):
                print "Chain deleted succesfully"
            else:
                print "Chain deletion can not be completed"

        #updating the trust degreee
        elif opt in ("--update"):
            if not args or len(args) > 1:
                usage()
                sys.exit(2)

            dc = DbCert()
            if dc.change_trust(arg, int(args[0])):
                print "Chain trust degree changed"

            else:
                print "Chain degree changing failed"

            sys.exit(0)

        elif opt in ("--hash"):
            if args:
                usage()
                sys.exit(2)

            dg = DigestMan()
            if dg.store_hash(arg) == True:
                print "Now you can sign the sum file"

            else:
                print "Hash computing failed"

            sys.exit(0)

        elif opt in ("--initdb"):
            dc = DbCert()
            if not dc.c_tables():
                """ Initialization process failed"""

            sys.exit(0)

        elif opt in ("--showsigner"):
            if args:
                usage()
                sys.exit(2)

            p7 = pkcs7Work()
            if not p7.print_signers(arg):
                "The chain into signature can not be shown"

            sys.exit(0)

        elif opt in ("--help"):
            usage()
            sys.exit(2)
Exemplo n.º 7
0
from digest.Hasher import DigestMan
from initializer import DbCert
from dbMain import LiteDb

from sign.cert import X509Man

dc = DbCert()
sum = dc.selectS("select cert_sum from certs where ce_id=%s" % (7))
#print sum[0][0]
#print dc.get_certData(2)[1:].split()

d = DigestMan()
sum2 = d.gen_buf_hash(dc.get_certData(7)[1:])
print sum2
if sum == sum2:
    print "The sum is ok"
else:
    print "The cert was modified"

sum3 = open("chain/cert2.pem", "r").read()

sum3 = d.gen_buf_hash(sum3)

#print sum3

#try to import  it there
c = X509Man()

c.set_from_buf(dc.get_certData(7)[1:])
print c.get_detail()
Exemplo n.º 8
0
 def import_chain(self,file_list,name=None):
     """ Inserts a new entry to db in chain table also calls the
     import_cert to complete the job
     1.take cert stack
     2.compute their hash
     3.if chain exists it fails
     4.if root exists warning
     5.If not there it is inserted as trusted cause we import it (May be changed later)"""
     
     """ Verification Process"""
     ch=chainMan()
     if not ch.load_chain(file_list):
         print "Cert verification failed"
         return False
     
     #Test the chain if it is valid
     if not ch.create_chain():
         print "The chain is not valid"
         return False
     
     #get the final one
     chain_st=ch.get_final()
     del ch
     
     #use the slot 0 of the list that we recieved
     
     #get the hashes
     
     for c in chain_st:
         #print c[2]
         tempCert=X509Man(c[2])
         c[0]=DigestMan.gen_buf_hash(tempCert.get_cert_text())
         del tempCert
         #print c[0]
      
     #check first if the same chain is in the db
     if not self.dup_control([c[0] for c in chain_st]):
         #print "The chain exists in the db"
         return False
     
     #return "Process cut :)"
     
     
     q2="select max(c_id) from chains"
     
     res=super(DbCert,self).selectS(q2,"one")
     
     
     if res==-1:
         
         #print res
         print "Chain insertin process failed"
         return False
     
     if not name:
         if res[0]:
             print res[0]
             q="insert into chains values (null,\'%s\',\'trusted\')"%("".join(["name",str(res[0])]))
         else:
             q="insert into chains values (null,\'%s\',\'trusted\')"%("name1")
         
     else:
         q3="select * from chains where name=\'%s\'"%(name)
         res=super(DbCert,self).selectS(q3,"one")
         
         if res:
             print "Name exists"
             return False
         
         q="insert into chains values (null,\'%s\',\'trusted\')"%(name)
         
         
         
     
     res=super(DbCert,self).updateS(q)
     
     
     if res==-1:
         print "Chain insertion error"
         return False
     #print "New chain inserted"
     
     #super(DbCert,self).renew_conn()
     
     res=super(DbCert,self).selectS(q2)
     
     
     if not res or res==-1:
         #print res
         #print "Chain insertin process failed"
         return False
     
     #print "parent chain number taken"
     
     
     if not self.import_cert(res[0], chain_st):
         return False
     
     print "Import process succesfull"
     return True
Exemplo n.º 9
0
def main(argv):
    """ The main arguments passed"""
    try:
        opts,args=getopt.getopt(argv, "", ["help","showsigner=","initdb","listall","list=","sign=","verify=","delete=","update=","import=","hash=","help"])
    except getopt.GetoptError:
        usage()
        sys.exit(2)
        
    for opt,arg in opts:
        #listing a proper chain
        if opt in ("--list"):
            
            if args:
                usage()
                sys.exit(2)
            else:
                if not list_chain(arg):
                    print "No available chain use --listall"
                    sys.exit(2)
                    
                print "Chain loaded look at your browser (Firefox)"
                    
        #Listing all chains:
        elif opt in ("--listall"):
            if args:
                usage()
                sys.exit(2)
            
            else:
                dc=DbCert()
                res=dc.list_chains()
                if not res:
                    print "No chains in db"
                    sys.exit(2)
                    
                else:
                    print res
                    
        #signing a document            
        elif opt in ("--sign"):
            if not args or len(args)<2:
                usage()
                sys.exit(2)
            
            if not os.path.exists(arg):
                print "Provide a valid file to sign"
                sys.exit(2)
                
            arg=Cutil.file_operator(arg, op=0)
            
            if arg==-1 or not arg: 
                sys.exit(2)
            
            #string.strip(arg)
            #dg=DigestMan()
            #print dg.gen_buf_hash(arg) 
               
            p7=pkcs7Work()
            p7.make_sign(args[0],args[1:], arg,"signature.sig")
            sys.exit(0)
            
        #verifying a signature    
        elif opt in ("--verify"):
            if not args:
                usage()
                sys.exit(2)
            
            if not os.path.exists(arg):
                print "Provide a valid file to sign"
                sys.exit(2)
            
                
            arg=Cutil.file_operator(arg, op=0)
            
            if arg==-1 or not arg: 
                sys.exit(2)
            #string.strip(arg)
            
            #dg=DigestMan()
            #print dg.gen_buf_hash(arg)
                
            p7=pkcs7Work()
            #print args[0]
            if p7.verify_sign(arg, args[0]):
                print "Verification succesful"
                
            sys.exit(0)
            
        #importing a chain into db    
        elif opt in ("--import"):        
            dc=DbCert()
            
            if not args:
                usage()
                sys.exit(2)
                
            else:
                if not dc.import_chain(args,arg):
                    print "Chain insertion Failed"
                else:
                    print "Chain inserted into database"
                    
                sys.exit(0)
        
        #deleting a chain from the db        
        elif opt in ("--delete"):
            if args:
                usage()
                sys.exit(2)
            
            dc=DbCert()
            if dc.delete_chain(arg):
                print "Chain deleted succesfully"
            else:
                print "Chain deletion can not be completed"
        
        #updating the trust degreee        
        elif opt in ("--update"):
            if not args or len(args)>1:
                usage()
                sys.exit(2)
                
            dc=DbCert()
            if dc.change_trust(arg, int(args[0])):
                print "Chain trust degree changed"
                
            else:
                print "Chain degree changing failed"
                
            
            sys.exit(0)
            
        elif opt in ("--hash"):
            if args:
                usage()
                sys.exit(2)
                
            dg=DigestMan()
            if dg.store_hash(arg)==True:
                print "Now you can sign the sum file"
                
            else:
                print "Hash computing failed"
                
            sys.exit(0)
            
        elif opt in ("--initdb"):
            dc=DbCert()
            if not dc.c_tables():
                """ Initialization process failed"""
                
            sys.exit(0)
            
        
        elif opt in ("--showsigner"):
            if args:
                usage()
                sys.exit(2)
                
            p7=pkcs7Work()
            if not p7.print_signers(arg):
                "The chain into signature can not be shown"
            
            sys.exit(0)
            
        elif opt in ("--help"):
            usage()
            sys.exit(2)
Exemplo n.º 10
0
from digest.Hasher import DigestMan
from initializer import DbCert
from dbMain import LiteDb

from sign.cert import X509Man

dc=DbCert()
sum=dc.selectS("select cert_sum from certs where ce_id=%s"%(7))
#print sum[0][0]
#print dc.get_certData(2)[1:].split()

d=DigestMan()
sum2=d.gen_buf_hash(dc.get_certData(7)[1:])
print sum2
if sum==sum2:
    print "The sum is ok"
else:
    print "The cert was modified"

sum3=open("chain/cert2.pem","r").read()

sum3=d.gen_buf_hash(sum3)

#print sum3

#try to import  it there
c=X509Man()

c.set_from_buf(dc.get_certData(7)[1:])
print c.get_detail()