def load_db(self, identity, certlist=None):
#######################################################################
"""Read in all rsa keys from directory and name them as found"""
#######################################################################
try:
session = sessionmaker(bind=self.args["db"]["engine"])()
recipient = create_or_update(
session, Recipient, dont_update=["key"], **{"name": identity}
)
for cert in certlist:
cert = cert.encode()
cert_dict = {}
cert_dict["cert_bytes"] = cert
cert_dict["verified"] = pk_verify_chain(cert, self.cabundle)
cert_dict["fingerprint"] = get_cert_fingerprint(cert)
cert_dict["subject"] = get_cert_subject(cert)
cert_dict["issuer"] = get_cert_issuer(cert)
cert_dict["enddate"] = datetime.strptime(
get_cert_enddate(cert), "%b %d %H:%M:%S %Y %Z"
)
cert_dict["issuerhash"] = get_cert_issuerhash(cert)
cert_dict["subjecthash"] = get_cert_subjecthash(cert)
cert = create_or_update(
session, Cert, unique_identifiers=["fingerprint"], **cert_dict
)
if cert not in recipient.certs:
recipient.certs.append(cert)
session.commit()
except KeyError as err:
raise CliArgumentError(
f"Error: Recipient '{identity}' is not in the recipient database"
) from err
def test_cert_fingerprint(self):
"""Verify fingerprint is correct"""
for identity in self.session.query(Recipient).all():
cert = (self.session.query(Cert).filter(
Cert.recipients.contains(identity)).first())
fingerprint = get_cert_fingerprint(cert.cert_bytes)
self.assertTrue(len(fingerprint.split(":")) == 20)
def verify_identity(self, identity, results): #pylint: disable=unused-argument
""" Read in all rsa keys from directory and name them as found
results is a meaningless parameter, but is required to make threading work
"""
#######################################################################
try:
self.iddb[identity]['cabundle'] = self.cabundle
self.iddb[identity]['certs'] = []
for cert in parse_file(self.iddb[identity]['certificate_path']):
cert = cert.as_bytes()
cert_dict = {}
cert_dict['cert_bytes'] = cert
cert_dict['verified'] = pk_verify_chain(cert, self.iddb[identity]['cabundle'])
cert_dict['fingerprint'] = get_cert_fingerprint(cert)
cert_dict['subject'] = get_cert_subject(cert)
cert_dict['issuer'] = get_cert_issuer(cert)
cert_dict['enddate'] = get_cert_enddate(cert)
cert_dict['issuerhash'] = get_cert_issuerhash(cert)
cert_dict['subjecthash'] = get_cert_subjecthash(cert)
self.iddb[identity]['certs'].append(cert_dict)
except KeyError:
raise CliArgumentError(
"Error: Recipient '%s' is not in the recipient database" % identity)
def verify_identity(self, identity):
#######################################################################
""" Read in all rsa keys from directory and name them as found """
#######################################################################
try:
self.iddb[identity]['cabundle'] = self.cabundle
self.iddb[identity]['verified'] = crypto.pk_verify_chain(
self.iddb[identity])
self.iddb[identity]['fingerprint'] = crypto.get_cert_fingerprint(
self.iddb[identity])
self.iddb[identity]['subject'] = crypto.get_cert_subject(
self.iddb[identity])
self.iddb[identity]['issuer'] = crypto.get_cert_issuer(
self.iddb[identity])
self.iddb[identity]['enddate'] = crypto.get_cert_enddate(
self.iddb[identity])
self.iddb[identity]['issuerhash'] = crypto.get_cert_issuerhash(
self.iddb[identity])
self.iddb[identity]['subjecthash'] = crypto.get_cert_subjecthash(
self.iddb[identity])
except KeyError:
raise CliArgumentError(
"Error: Recipient '%s' is not in the recipient database" %
identity)
def test_cert_fingerprint(self):
"""Verify fingerprint is correct"""
for _, identity in self.identities.iddb.items():
fingerprint = crypto.get_cert_fingerprint(identity['certs'][0]['cert_bytes'])
self.assertTrue(len(fingerprint.split(':')) == 20)