def demo1(): print 'Test 1: As DER...' cert1 = X509.load_cert('server.pem') der1 = cert1.as_der() dgst1 = MessageDigest('sha1') dgst1.update(der1) print 'Using M2Crypto:\n', `dgst1.final()`, '\n' cert2 = os.popen('openssl x509 -inform pem -outform der -in server.pem') der2 = cert2.read() dgst2 = MessageDigest('sha1') dgst2.update(der2) print 'Openssl command line:\n', `dgst2.final()`, '\n'
def demo1(): print 'Test 1: As DER...' cert1 = X509.load_cert('server.pem') der1 = cert1.as_der() dgst1 = MessageDigest('sha1') dgst1.update(der1) print 'Using M2Crypto:\n', ` dgst1.final() `, '\n' cert2 = os.popen('openssl x509 -inform pem -outform der -in server.pem') der2 = cert2.read() dgst2 = MessageDigest('sha1') dgst2.update(der2) print 'Openssl command line:\n', ` dgst2.final() `, '\n'
def sign(self, data): """ Emulates the signing behavior of an ssh key agent. """ digest = MessageDigest('sha1') digest.update(data) my_data = digest.final() return self.instance.sign(data)
def __call__(self, peerCert, host=None): if peerCert is None: raise NoCertificate('peer did not return certificate') if host is not None: self.host = host if self.fingerprint: if self.digest not in ('sha1', 'md5'): raise ValueError('unsupported digest "%s"' %(self.digest)) if (self.digest == 'sha1' and len(self.fingerprint) != 40) or \ (self.digest == 'md5' and len(self.fingerprint) != 32): raise WrongCertificate('peer certificate fingerprint length does not match') der = peerCert.as_der() md = MessageDigest(self.digest) md.update(der) digest = md.final() if octx_to_num(digest) != int(self.fingerprint, 16): raise WrongCertificate('peer certificate fingerprint does not match') if self.host and self.ssl_config.fqdn_check and self.ssl_config.check: hostValidationPassed = False self.useSubjectAltNameOnly = False # subjectAltName=DNS:somehost[, ...]* try: subjectAltName = peerCert.get_ext('subjectAltName').get_value() if self._splitSubjectAltName(self.host, subjectAltName): hostValidationPassed = True elif self.useSubjectAltNameOnly: raise WrongHost(expectedHost=self.host, actualHost=subjectAltName, fieldName='subjectAltName') except LookupError: pass # commonName=somehost[, ...]* if not hostValidationPassed: hasCommonName = False commonNames = '' for entry in peerCert.get_subject().get_entries_by_nid(NID_commonName): hasCommonName = True commonName = entry.get_data().as_text() if not commonNames: commonNames = commonName else: commonNames += ',' + commonName if self._match(self.host, commonName): hostValidationPassed = True break if not hasCommonName: raise WrongCertificate('no commonName in peer certificate') if not hostValidationPassed: raise WrongHost(expectedHost=self.host, actualHost=commonNames, fieldName='commonName') return True
def fingerprint(x509): der = x509.as_der() md = MessageDigest('sha1') md.update(der) digest = md.final() return hex(util.octx_to_num(digest))