Пример #1
0
    def load_cert_chain(self,
                        certchainfile,
                        keyfile=None,
                        callback=util.passphrase_callback):
        """Load certificate chain and private key into the context.

        @param certchainfile: File object containing the PEM-encoded
                              certificate chain.
        @type  certchainfile: str
        @param keyfile:       File object containing the PEM-encoded private
                              key. Default value of None indicates that the
                              private key is to be found in 'certchainfile'.
        @type keyfile:        str

        @param callback:      Callable object to be invoked if the private key
                              is passphrase-protected. Default callback
                              provides a simple terminal-style input for the
                              passphrase.
        """
        m2.ssl_ctx_passphrase_callback(self.ctx, callback)
        m2.ssl_ctx_use_cert_chain(self.ctx, certchainfile)
        if not keyfile:
            keyfile = certchainfile
        m2.ssl_ctx_use_privkey(self.ctx, keyfile)
        if not m2.ssl_ctx_check_privkey(self.ctx):
            raise ValueError('public/private key mismatch')
Пример #2
0
    def _initConnection(self, 
                        ownerCertFile=None, 
                        ownerKeyFile=None,
                        ownerPassphrase=None):
        """Initialise connection setting up SSL context and client and
        server side identity checks
        
        @type ownerCertFile: basestring
        @param ownerCertFile: client certificate and owner of credential
        to be acted on.  Can be a proxy cert + proxy's signing cert.  Cert
        and private key are not necessary for getDelegation / logon calls
        @type ownerKeyFile: basestring
        @param ownerKeyFile: client private key file
        @type ownerPassphrase: basestring
        @param ownerPassphrase: pass-phrase protecting private key if set - 
        not needed in the case of a proxy private key
        """

        # Must be version 3 for MyProxy
        context = SSL.Context(protocol='sslv3')

# SDF
#        context.load_verify_locations(cafile=self.caCertFilePath, capath='/etc/grid-security/certificates')

        if self.caCertFilePath or self.caCertDir:
            context.load_verify_locations(cafile=self.caCertFilePath,
                                          capath=self.caCertDir)


            # Stop if peer's certificate can't be verified
            context.set_allow_unknown_ca(False)
        else:
            context.set_allow_unknown_ca(True)

        from arcs.gsi import Certificate
        if ownerCertFile:
            try:
                if isinstance(ownerCertFile, Certificate):
                    m2.ssl_ctx_passphrase_callback(context.ctx, lambda *ar: ownerPassphrase)
                    m2.ssl_ctx_use_x509(context.ctx, ownerCertFile._certificate.x509)
                    m2.ssl_ctx_use_rsa_privkey(context.ctx, ownerKeyFile.rsa)
                    if not m2.ssl_ctx_check_privkey(context.ctx):
                        raise ValueError, 'public/private key mismatch'
                else:
                    context.load_cert_chain(ownerCertFile,
                                        keyfile=ownerKeyFile,
                                        callback=lambda *ar, **kw: ownerPassphrase)
            except Exception, e:
                raise MyProxyClientConfigError("Loading certificate "
                                               "and private key for SSL "
                                               "connection [also check CA "
                                               "certificate settings]: %s" % e) 
            
            # Verify peer's certificate
            context.set_verify(SSL.verify_peer, 1) 
Пример #3
0
    def load_cert_pkey(self,
                       certfile,
                       pkey,
                       callback=util.passphrase_callback):
        # type: (AnyStr, Optional[AnyStr], Callable) -> None
        """Load certificate and private key into the context.

        :param certfile: File that contains the PEM-encoded certificate.
        :param keyfile:  'M2Crypto.EVP' object
        :param callback: Callable object to be invoked if the private key is
                         passphrase-protected. Default callback provides a
                         simple terminal-style input for the passphrase.
        """
        m2.ssl_ctx_passphrase_callback(self.ctx, callback)
        m2.ssl_ctx_use_cert(self.ctx, certfile)
        m2.ssl_ctx_use_pkey_privkey(self.ctx, pkey)
        if not m2.ssl_ctx_check_privkey(self.ctx):
            raise ValueError('public/private key mismatch')
Пример #4
0
    def load_cert(self, certfile, keyfile=None,
                  callback=util.passphrase_callback):
        # type: (AnyStr, Optional[AnyStr], Callable) -> None
        """Load certificate and private key into the context.

        @param certfile: File that contains the PEM-encoded certificate.
        @param keyfile:  File that contains the PEM-encoded private key.
                         Default value of None indicates that the private key
                         is to be found in 'certfile'.
        @param callback: Callable object to be invoked if the private key is
                         passphrase-protected. Default callback provides a
                         simple terminal-style input for the passphrase.
        """
        m2.ssl_ctx_passphrase_callback(self.ctx, callback)
        m2.ssl_ctx_use_cert(self.ctx, certfile)
        if not keyfile:
            keyfile = certfile
        m2.ssl_ctx_use_privkey(self.ctx, keyfile)
        if not m2.ssl_ctx_check_privkey(self.ctx):
            raise ValueError('public/private key mismatch')