def generate(self,subject,level=0,**argv):
# Will generate a new certificate. Compatiable with NERV-XI-001 Standard.
log.info("Now generating new Xi certificate: Subject[%s] Level[%s].",subject,level)
# - subject
subject = subject.strip()
if not self._validate_subject(subject):
log.exception("Required certificate subject's invalid.")
raise Exception("Certificate subject is not valid.")
self.subject = subject
# - pubkeyring
key_ec = publickeyalgo._EC()
if argv.has_key('curve'):
key_ec.generate(curve=argv['curve'])
else:
key_ec.generate()
key_rsa = publickeyalgo._RSA()
if argv.has_key('bits'):
key_rsa.generate(bits=argv['bits'])
else:
key_rsa.generate()
self.keys = [key_ec,key_rsa]
self.is_ours = True
# clear others
self.signatures = []
self.level = level
self.private_save_key = None
# After generated, load this cert. into the instance.
log.info("New Xi certificate generation done.")
def load_public_text(self,text):
try:
j = serializer.loads(text)
if j['Title'] != 'Xi_Certificate':
raise Exception("Seems not a Xi Project Certificate.")
# Read subject, version and others
basic = j['Basic']
basic_version = basic['Version']
basic_subject = basic['Subject']
basic_level = basic['Level']
basic_public_key_ring = basic['Public_Key_Ring']
fingerprint = j['Finger_Print']
certid = j['ID']
# Try to load public keys
basic_pubkey_sensible = True
eckey = publickeyalgo._EC()
rsakey = publickeyalgo._RSA()
try:
for key in basic_public_key_ring:
pubkey = basic_public_key_ring[key]
if pubkey['type'] == 'EC_Public_Key':
ret = eckey.load_publickey(serializer.dumps(pubkey))
elif pubkey['type'] == 'RSA_Public_Key':
ret = rsakey.load_publickey(serializer.dumps(pubkey))
basic_pubkey_sensible = basic_pubkey_sensible and ret
except Exception,e:
print "Error occured: %s" % e
basic_pubkey_sensible = False
if not basic_pubkey_sensible:
raise Exception("This ceritificate's public key info is non-sense.")
if not ( eckey._pubkey != None and rsakey._pubkey != None ):
raise Exception("This certificate has insufficient public key info.")
# Verify Integrity
hash_source = hashable_obj(basic)
hash_recognized = False
for fpinfo in fingerprint:
if Hash().recognizes(fpinfo['Algorithm']):
hash_recognized = True
calchash = Hash(fpinfo['Algorithm'],hash_source).hexdigest()
if calchash != fpinfo['Hash']:
print calchash
print fpinfo['Hash']
raise Exception("Certificate has invalid hash, cannot verify its INTERGRITY.")
if not hash_recognized:
raise Exception("Cannot verify INTERGRITY of this certificate.")
wanted_id = Hash('md5',hash_source).hexdigest()
if wanted_id != certid:
raise Exception("Certificate ID do not match its content.")
# save info
self.keys = [eckey, rsakey]
self.subject = basic_subject
self.level = basic_level
# Load signatures
self.signatures = []
if j.has_key('Signatures'):
for sig in j['Signatures']:
self.load_signature(sig)
# Now load this certificate.
self.is_ours = False
self.private_save_key = None
log.info('Public certificate successfully loaded. Subject[%s].',basic_subject)
return True
