def _load_key_storage(self, ks_path, passwd):
ks_file = self.ks_file_class(ks_path)
if not ks_file.exists():
raise Exception('Key chain does not found at %s!'%ks_path)
tmp_file = TempFile()
ks_tmp_file = TempFile()
try:
ks_tmp_file.write(ks_file.read())
ks_tmp_file.flush()
retcode, out = self.exec_openssl(['pkcs12', '-in', ks_tmp_file.name, '-out', \
tmp_file.name, '-password', 'stdin', '-nodes'], passwd)
if retcode:
raise InvalidPasswordException('Can not open key chain! Maybe pin-code is invalid!')
data = open(tmp_file.name).read()
finally:
tmp_file.close()
ks_tmp_file.close()
pkey_s = re.search('(-----BEGIN \w*\s*PRIVATE KEY-----(\w|\W)+-----END \w*\s*PRIVATE KEY-----)', data)
if not pkey_s:
raise Exception('Private key does not found in key chain!')
self._client_prikey = pkey_s.groups()[0]
cert_s = re.search('(-----BEGIN \w*\s*CERTIFICATE-----(\w|\W)+-----END \w*\s*CERTIFICATE-----)', data)
if cert_s:
self._client_cert = cert_s.groups()[0]
def generate_cert_request(self, cert_cn):
pkey_file = TempFile()
cert_req_file = TempFile()
pkey_file.write(self._client_prikey)
pkey_file.flush()
try:
retcode, out = self.exec_openssl(['req', '-key', pkey_file.name, '-out', cert_req_file.name, \
'-new', '-subj', '/CN=%s/O=iDepositBox\ software/OU=clients.idepositbox.com'%cert_cn])
if retcode:
raise Exception('No certificate request generated!\n%s'%out)
cert_req = open(cert_req_file.name).read()
finally:
pkey_file.close()
cert_req_file.close()
return cert_req
def validate(self, password):
ks_file = self.ks_file_class(self._ks_path)
ks_tmp_file = TempFile()
try:
ks_tmp_file.write(ks_file.read())
ks_tmp_file.flush()
retcode, out = self.exec_openssl(['pkcs12', '-in', ks_tmp_file.name, \
'-password', 'stdin', '-info', '-noout', '-nodes'], password)
if retcode:
return False
return True
finally:
ks_tmp_file.close()
def get_client_cert_hr(self):
cert = self.get_client_cert()
tmp_file = TempFile()
tmp_file.write(cert)
tmp_file.flush()
try:
retcode, out = self.exec_openssl(
['x509', '-in', tmp_file.name, '-noout', '-text'])
if retcode:
raise Exception('No certificate opened!\n%s' % out)
finally:
tmp_file.close()
return out
def get_client_cert_hr(self):
cert = self.get_client_cert()
tmp_file = TempFile()
tmp_file.write(cert)
tmp_file.flush()
try:
retcode, out = self.exec_openssl(['x509', '-in', tmp_file.name, '-noout', '-text'])
if retcode:
raise Exception('No certificate opened!\n%s'%out)
finally:
tmp_file.close()
return out
def validate(self, password):
ks_file = self.ks_file_class(self._ks_path)
ks_tmp_file = TempFile()
try:
ks_tmp_file.write(ks_file.read())
ks_tmp_file.flush()
retcode, out = self.exec_openssl(['pkcs12', '-in', ks_tmp_file.name, \
'-password', 'stdin', '-info', '-noout', '-nodes'], password)
if retcode:
return False
return True
finally:
ks_tmp_file.close()
def get_client_cert_key(self):
cert_file = TempFile()
cert_file.write(self._client_cert)
cert_file.flush()
try:
retcode, out = self.exec_openssl(
['x509', '-in', cert_file.name, '-subject', '-noout'])
if retcode:
raise Exception(
'Can not retrieve subject from client certificate')
for item in out.split('/'):
parts = item.split('=')
if parts[0] == 'CN':
try:
return int(parts[1])
except ValueError:
raise Exception(
'Invalid subject CN in client certificate!')
finally:
cert_file.close()
def get_client_cert_key(self):
cert_file = TempFile()
cert_file.write(self._client_cert)
cert_file.flush()
try:
retcode, out = self.exec_openssl(['x509', '-in', cert_file.name, '-subject', '-noout'])
if retcode:
raise Exception('Can not retrieve subject from client certificate')
for item in out.split('/'):
parts = item.split('=')
if parts[0] == 'CN':
try:
return int(parts[1])
except ValueError:
raise Exception('Invalid subject CN in client certificate!')
finally:
cert_file.close()
def write(self, data, file_path=None):
if self.is_linux:
tmp_file = None
if file_path is None:
tmp_file = TempFile()
tmp_file.write(data)
tmp_file.flush()
file_path = tmp_file.name
try:
self.__bdm_call(self.__dev_path, "write", file_path)
finally:
if tmp_file:
tmp_file.close()
else:
if file_path:
try:
data = open(file_path, "rb").read()
except IOError:
raise IOError('Can not read from "%s"' % file_path)
self.int_write(data)
def append_certificate(self, ks_path, ks_pwd, cert):
pkey_file = TempFile()
cert_file = TempFile()
new_ks_file = TempFile()
pkey_file.write(self._client_prikey)
pkey_file.flush()
cert_file.write(cert)
cert_file.flush()
try:
retcode, out = self.exec_openssl(['pkcs12', '-export', \
'-inkey', pkey_file.name, '-in', cert_file.name, '-out', new_ks_file.name, \
'-password', 'stdin'], ks_pwd)
if retcode:
raise Exception('Can not update key chain! %s'%out)
ks_file = self.ks_file_class(ks_path)
ks_file.copy_from(new_ks_file.name)
finally:
pkey_file.close()
cert_file.close()
new_ks_file.close()
@classmethod
def initiate_key_storage(cls, ks_path, ks_pwd):
ks_file = cls.ks_file_class(ks_path)
if ks_file.exists():
try:
cls(ks_path, ks_pwd)
except Exception, err:
raise Exception('Key chain at "%s" is already exists'\
' and can not be opened with this pin-code'%ks_path)
return
ks_file.create_empty()
pkey_file = TempFile()
ks_tmp_file = TempFile()
retcode, out = cls.exec_openssl(['genrsa', '-out', pkey_file.name, '1024'])
if retcode:
raise Exception('Can not generate private key using openssl command')
try:
retcode, out = cls.exec_openssl(['pkcs12', '-export', '-inkey', pkey_file.name, \
'-nocerts', '-out', ks_tmp_file.name, '-password', 'stdin'], ks_pwd)
if retcode:
raise Exception('Can not create key chain! Details: %s'%out)
ks_file.copy_from(ks_tmp_file.name)
finally:
pkey_file.close()
ks_tmp_file.close()
def append_certificate(self, ks_path, ks_pwd, cert):
pkey_file = TempFile()
cert_file = TempFile()
new_ks_file = TempFile()
pkey_file.write(self._client_prikey)
pkey_file.flush()
cert_file.write(cert)
cert_file.flush()
try:
retcode, out = self.exec_openssl(['pkcs12', '-export', \
'-inkey', pkey_file.name, '-in', cert_file.name, '-out', new_ks_file.name, \
'-password', 'stdin'], ks_pwd)
if retcode:
raise Exception('Can not update key chain! %s' % out)
ks_file = self.ks_file_class(ks_path)
ks_file.copy_from(new_ks_file.name)
finally:
pkey_file.close()
cert_file.close()
new_ks_file.close()
def generate_cert_request(self, cert_cn):
pkey_file = TempFile()
cert_req_file = TempFile()
pkey_file.write(self._client_prikey)
pkey_file.flush()
try:
retcode, out = self.exec_openssl(['req', '-key', pkey_file.name, '-out', cert_req_file.name, \
'-new', '-subj', '/CN=%s/O=iDepositBox\ software/OU=clients.idepositbox.com'%cert_cn])
if retcode:
raise Exception('No certificate request generated!\n%s' % out)
cert_req = open(cert_req_file.name).read()
finally:
pkey_file.close()
cert_req_file.close()
return cert_req
def _load_key_storage(self, ks_path, passwd):
ks_file = self.ks_file_class(ks_path)
if not ks_file.exists():
raise Exception('Key chain does not found at %s!' % ks_path)
tmp_file = TempFile()
ks_tmp_file = TempFile()
try:
ks_tmp_file.write(ks_file.read())
ks_tmp_file.flush()
retcode, out = self.exec_openssl(['pkcs12', '-in', ks_tmp_file.name, '-out', \
tmp_file.name, '-password', 'stdin', '-nodes'], passwd)
if retcode:
raise InvalidPasswordException(
'Can not open key chain! Maybe pin-code is invalid!')
data = open(tmp_file.name).read()
finally:
tmp_file.close()
ks_tmp_file.close()
pkey_s = re.search(
'(-----BEGIN \w*\s*PRIVATE KEY-----(\w|\W)+-----END \w*\s*PRIVATE KEY-----)',
data)
if not pkey_s:
raise Exception('Private key does not found in key chain!')
self._client_prikey = pkey_s.groups()[0]
cert_s = re.search(
'(-----BEGIN \w*\s*CERTIFICATE-----(\w|\W)+-----END \w*\s*CERTIFICATE-----)',
data)
if cert_s:
self._client_cert = cert_s.groups()[0]
cert_file.close()
@classmethod
def initiate_key_storage(cls, ks_path, ks_pwd):
ks_file = cls.ks_file_class(ks_path)
if ks_file.exists():
try:
cls(ks_path, ks_pwd)
except Exception, err:
raise Exception('Key chain at "%s" is already exists'\
' and can not be opened with this pin-code'%ks_path)
return
ks_file.create_empty()
pkey_file = TempFile()
ks_tmp_file = TempFile()
retcode, out = cls.exec_openssl(
['genrsa', '-out', pkey_file.name, '1024'])
if retcode:
raise Exception(
'Can not generate private key using openssl command')
try:
retcode, out = cls.exec_openssl(['pkcs12', '-export', '-inkey', pkey_file.name, \
'-nocerts', '-out', ks_tmp_file.name, '-password', 'stdin'], ks_pwd)
if retcode:
raise Exception('Can not create key chain! Details: %s' % out)
ks_file.copy_from(ks_tmp_file.name)
finally:
