Exemplo n.º 1
0
    def is_type(cls, container_bytes, password=None):
        cert = None
        try:
            if password is None:
                cert = k.parse_private(container_bytes)
            else:
                cert = k.parse_private(container_bytes, password=password)

            cert.native
        except Exception:
            return False

        try:
            if cert.native["private_key"]["modulus"] is not None:
                return True
        except:
            pass

        try:
            if cert.native["private_key"]["public_key"] is not None:
                return True
        except:
            pass

        return False
Exemplo n.º 2
0
    def is_type(cls, container_bytes, password=None):
        cert = None
        try:
            if password is None:
                cert = k.parse_private(container_bytes)
            else:
                cert = k.parse_private(container_bytes, password=password)

            cert.native
        except Exception:
            return False

        try:
            if cert.native["private_key"]["modulus"] is not None:
                return True
        except:
            pass

        try:
            if cert.native["private_key"]["public_key"] is not None:
                return True
        except:
            pass

        return False
Exemplo n.º 3
0
 def parse(self):
     assert self.type == ContainerTypes.PKCS8
     if self.password is None:
         self.asn1 = k.parse_private(self.bytes)
     else:
         self.asn1 = k.parse_private(self.bytes, password=self.password)
     self.asn1.native
     self._raise_if_wrong_algorithm()
     self._is_parsed = True
Exemplo n.º 4
0
 def parse(self):
     assert self.type == ContainerTypes.Private
     if self.password is None:
         self.asn1 = k.parse_private(self.bytes)
     else:
         self.asn1 = k.parse_private(self.bytes, password=self.password)
     self.asn1.native
     self._raise_if_wrong_algorithm()
     self._is_parsed = True
Exemplo n.º 5
0
    def is_type(cls, container_bytes, password=None):
        if PKCS8Reader.is_type(bytes, password=password):
            return False
        try:
            if password is None:
                cert = k.parse_private(container_bytes)
            else:
                cert = k.parse_private(container_bytes, password=password)

            cert.native
            return True
        except Exception:
            return False
Exemplo n.º 6
0
    def is_type(cls, container_bytes, password=None):
        if PKCS8Reader.is_type(bytes, password=password):
            return False
        try:
            if password is None:
                cert = k.parse_private(container_bytes)
            else:
                cert = k.parse_private(container_bytes, password=password)

            cert.native
            return True
        except Exception:
            return False
Exemplo n.º 7
0
    def load_private_key(self, key_bytes: bytes, password: Optional[str]) \
            -> Tuple[keys.PrivateKeyInfo, keys.PublicKeyInfo]:
        from cryptography.hazmat.primitives import serialization
        from oscrypto import keys as oskeys

        # use oscrypto parser here to parse the key to a PrivateKeyInfo object
        # (It handles unarmoring/decryption/... without worrying about the
        # key type, while load_der/pem_private_key would fail to process
        # PSS-exclusive keys)
        priv_key_info = oskeys.parse_private(key_bytes, password)
        assert isinstance(priv_key_info, keys.PrivateKeyInfo)
        if priv_key_info.algorithm == 'rsassa_pss':
            # these keys can't be loaded directly in pyca/cryptography,
            # so we have to give it a nudge
            priv_key_copy = priv_key_info.copy()
            priv_key_copy['private_key_algorithm'] = {'algorithm': 'rsa'}
            key_bytes = priv_key_copy.dump()
        else:
            key_bytes = priv_key_info.dump()

        priv_key = serialization.load_der_private_key(key_bytes, password=None)
        pub_key_bytes = priv_key.public_key().public_bytes(
            encoding=serialization.Encoding.DER,
            format=serialization.PublicFormat.SubjectPublicKeyInfo)
        pub_key_info = keys.PublicKeyInfo.load(pub_key_bytes)
        if priv_key_info.algorithm == 'rsassa_pss':
            # if the private key was a PSS-exclusive one, copy the parameters
            # back from the original (since we stripped them going in)
            # We use .native to get around asn1crypto's type checking
            pub_key_info['algorithm'] = \
                priv_key_info['private_key_algorithm'].native
        return priv_key_info, pub_key_info
Exemplo n.º 8
0
    def parse_private(self, input_filename, password, algo):
        with open(os.path.join(fixtures_dir, input_filename), 'rb') as f:
            private_object = keys.parse_private(f.read(), password)

        self.assertEqual(algo, private_object['private_key_algorithm']['algorithm'].native)

        # Make sure we can parse the whole structure
        private_object.native
Exemplo n.º 9
0
    def parse_private(self, input_filename, password, algo):
        with open(os.path.join(fixtures_dir, input_filename), 'rb') as f:
            private_object = keys.parse_private(f.read(), password)

        self.assertEqual(algo, private_object['private_key_algorithm']['algorithm'].native)

        # Make sure we can parse the whole structure
        private_object.native
Exemplo n.º 10
0
 def load_private_key(self, key_bytes: bytes, password: Optional[str]) \
         -> Tuple[keys.PrivateKeyInfo, keys.PublicKeyInfo]:
     from oscrypto import asymmetric, keys as oskeys
     private = oskeys.parse_private(key_bytes, password=password)
     if private.algorithm == 'rsassa_pss':
         loaded, public = _oscrypto_hacky_load_pss_exclusive_key(private)
     else:
         loaded = asymmetric.load_private_key(private)
         public = loaded.public_key.asn1
     return private, public
Exemplo n.º 11
0
    def __init__(self, der_string=None, password=None, private_key=None):
        if private_key is None:
            self._private_key = keys.parse_private(der_string,
                                                   password=password)
        else:
            self._private_key = private_key

        self._oscrypto_private_key = asymmetric.load_private_key(
            source=self._private_key)
        self._crypto_private_key = serialization.load_der_private_key(
            data=self.to_der(), backend=default_backend(), password=None)
Exemplo n.º 12
0
 def from_pem_data(certdata: str | bytes,
                   keydata: str | bytes,
                   dhparams: DirtyDH = None,
                   username: str = None,
                   domain: str = None) -> KerberosCredential:
     if isinstance(certdata, str):
         certdata = base64.b64decode(
             certdata.replace(' ',
                              '').replace('\r',
                                          '').replace('\n',
                                                      '').replace('\t', ''))
     if isinstance(keydata, str):
         keydata = base64.b64decode(
             keydata.replace(' ',
                             '').replace('\r',
                                         '').replace('\n',
                                                     '').replace('\t', ''))
     k = KerberosCredential()
     k.certificate = parse_certificate(certdata)
     k.private_key = parse_private(keydata)
     k.set_user_and_domain_from_cert(username=username, domain=domain)
     k.set_dhparams(dhparams)
     return k
Exemplo n.º 13
0
    def test_parse_private_pem_leading_whitespace(self):
        with open(os.path.join(fixtures_dir, 'keys/test.key'), 'rb') as f:
            private_object = keys.parse_private(b'   \n' + f.read(), None)

        # Make sure we can parse the whole structure
        private_object.native