def load_chain_dir(chain_dir):
"""
Loads a chain of certs from a dir
Only gets the .pem files from it
"""
chain_place=load_cert_from_dir(chain_dir,get_all=True)
result=chain_manager_factory(chain_place,X509ChainManager.X509_CERT)
return result
def load_chain_from_dirs(list_of_dirs):
"""
A similar approach like above ones but we need
it for our project because all the time we have
different diectories for different certs so may
need to scan them. The scanning depth is 1 we dont do
recursive things because we may have some private keys :)
"""
chain_place = load_certs_from_dirs(list_of_dirs)
result=chain_manager_factory(chain_place,X509ChainManager.X509_CERT)
return result
def recreate_internal_db(self):
"""
Recreating the internal db because it is corrupted
or not exists .The internal structure for every cert will be like :
'cert_hash':{
'cert_subject':"value of the subject",
'cert_file':"value of the file name",
'chain':True,False
}
"""
from imzaci.util.cert_util import parse_pem_cert
from imzaci.cert.chain_manager import chain_manager_factory, X509ChainManager
internal_file_path = os.path.join(self.__db_dir, INTERNAL_DB_FILE)
if os.path.exists(internal_file_path):
index_files = glob.glob("".join([internal_file_path, "*"]))
# print "The index files to remove : ",index_files
for index_file in index_files:
os.remove(index_file)
possible_certs = glob.glob("".join([self.__db_dir, "/", "*.pem"]))
if not possible_certs:
write_index_data(self.__db_dir, {})
return True
for cert_file in possible_certs:
parsed_object = parse_pem_cert(cert_file)
if not parsed_object:
continue
if len(parsed_object) > 1: # it may be a chain
chain = chain_manager_factory(parsed_object, X509ChainManager.X509_CERT)
if not chain: # it seems we dont have a valid chain here
continue
else:
for c in chain:
cert_entry = self.__create_entry_index(
c, cert_file, is_chain=True, chain_hash=chain.get_chain_hash()
)
write_index_data(self.__db_dir, cert_entry)
else:
# it is a single one
cert_entry = self.__create_entry_index(parsed_object[0], cert_file, is_chain=False)
write_index_data(self.__db_dir, cert_entry)
return True
def load_chain_file(chain_file):
"""
Loads a chain from a single file
Works for pattern :
----BEGIN CERT----
----END CERT-----
"""
from imzaci.util.cert_util import parse_pem_cert
import os
if not os.path.exists(chain_file):
print "Chain file doesnt exists"
return None
chain_place = parse_pem_cert(chain_file)
if not chain_place:
print "Error when loading the chain file ",chain_file
return None
result=chain_manager_factory(chain_place,X509ChainManager.X509_CERT)
return result
def load_chain_sign(self):
from imzaci.util.cert_util import parse_pem_cert_buf
from imzaci.sign.pkcs7_util import get_cert_from_signature
from imzaci.cert.chain_manager import X509ChainManager,chain_manager_factory
"""
Get the certs and chains from the signature
test if we trust em and continue verification
"""
chain_string = get_cert_from_signature(self.signature_file)
#print chain_string
if not chain_string:
raise PkcsOperationException("Error when extracting chains from sginature file ...(probably corrupted or changed)")
chain_candidates = parse_pem_cert_buf(chain_string)
if not chain_candidates:
raise PkcsOperationException("Error when extracting chains from sginature file ...(probably corrupted or changed)")
chain =chain_manager_factory(chain_candidates,X509ChainManager.X509_CERT)
if not chain:
raise PkcsOperationException("Chain extracted from signature file, but it was not a valid chain, probably corrupted signature file")
#get the chain
return chain
