def verify(certificate_path, ca_certificate_path, sign_request_path, output):
certificate = None
try:
certificate = X509.load_cert(certificate_path)
except (X509.X509Error, IOError):
print('ERROR verify: Could not load certificate for verifying')
exit(1)
smime = SMIME.SMIME()
stack = X509.X509_Stack()
stack.push(certificate)
smime.set_x509_stack(stack)
store = X509.X509_Store()
store.load_info(ca_certificate_path)
smime.set_x509_store(store)
pks7, data = SMIME.smime_load_pkcs7(sign_request_path)
clear_text = smime.verify(pks7, data)
if not output:
output = path.abspath(path.curdir) + '/%s.csr' % DEFAULT_FIELDS['CN']
if clear_text:
request = X509.load_request_string(clear_text)
request.save(output)
print('Verification OK')
print('Request file was saved to %s' % output)
else:
print('Verification failed')
def test_load_bad(self):
s = SMIME.SMIME()
with self.assertRaises(EVP.EVPError):
s.load_key('tests/signer.pem', 'tests/signer.pem')
with self.assertRaises(BIO.BIOError):
SMIME.load_pkcs7('nosuchfile-dfg456')
with self.assertRaises(SMIME.PKCS7_Error):
SMIME.load_pkcs7('tests/signer.pem')
with self.assertRaises(SMIME.PKCS7_Error):
SMIME.load_pkcs7_bio(BIO.MemoryBuffer(b'no pkcs7'))
with self.assertRaises(SMIME.SMIME_Error):
SMIME.smime_load_pkcs7('tests/signer.pem')
with self.assertRaises(SMIME.SMIME_Error):
SMIME.smime_load_pkcs7_bio(BIO.MemoryBuffer(b'no pkcs7'))
def decrypt_and_verify(self):
# Instantiate an SMIME object.
s = SMIME.SMIME()
# Load private key and cert.
s.load_key(recipient_key, recipient_cert)
# Load the signed/encrypted data.
p7, data = SMIME.smime_load_pkcs7('smime-m2-sign-encrypt.txt')
# After the above step, 'data' == None.
# Decrypt p7. 'out' now contains a PKCS #7 signed blob.
out = s.decrypt(p7)
# Load the signer's cert.
x509 = X509.load_cert(signer_cert)
sk = X509.X509_Stack()
sk.push(x509)
s.set_x509_stack(sk)
# Load the signer's CA cert.
st = X509.X509_Store()
st.load_info(ca_cert)
s.set_x509_store(st)
# Recall 'out' contains a PKCS #7 blob.
# Transform 'out'; verify the resulting PKCS #7 blob.
p7_bio = BIO.MemoryBuffer(out)
p7, data = SMIME.smime_load_pkcs7_bio(p7_bio)
v = s.verify(p7)
print v
def verify(certificate_path, ca_certificate_path, sign_request_path, output):
certificate = None
try:
certificate = X509.load_cert(certificate_path)
except (X509.X509Error, IOError):
print('ERROR verify: Could not load certificate for verifying')
exit(1)
smime = SMIME.SMIME()
stack = X509.X509_Stack()
stack.push(certificate)
smime.set_x509_stack(stack)
store = X509.X509_Store()
store.load_info(ca_certificate_path)
smime.set_x509_store(store)
pks7, data = SMIME.smime_load_pkcs7(sign_request_path)
clear_text = smime.verify(pks7, data)
if not output:
output = path.abspath(path.curdir) + '/%s.csr' % DEFAULT_FIELDS['CN']
if clear_text:
request = X509.load_request_string(clear_text)
request.save(output)
print('Verification OK')
print('Request file was saved to %s' % output)
else:
print('Verification failed')
def decrypt_email_body(client: Client, args: Dict, file_path=None):
""" Decrypt the message
Args:
client: Client
args: Dict
file_path: relevant for the test module
"""
if file_path:
encrypt_message = file_path
else:
encrypt_message = demisto.getFilePath(args.get('encrypt_message'))
client.smime.load_key(client.private_key_file, client.public_key_file)
try:
p7, data = SMIME.smime_load_pkcs7(encrypt_message['path'])
out = client.smime.decrypt(p7).decode('utf-8')
except SMIME.SMIME_Error as e:
if str(
e
) == 'no content type': # If no content type; see if we can process as DER format
with open(encrypt_message['path'], "rb") as message_file:
p7data = message_file.read()
p7bio = BIO.MemoryBuffer(p7data)
p7 = SMIME.PKCS7(m2.pkcs7_read_bio_der(p7bio._ptr()))
out = client.smime.decrypt(
p7, flags=SMIME.PKCS7_NOVERIFY).decode('utf-8')
entry_context = {'SMIME.Decrypted': {'Message': out}}
human_readable = f'The decrypted message is: \n{out}'
return human_readable, entry_context
def get_keyfile(directory, name, ext='yaml'):
"""Returns the DECRYPTED keyfile named by the given `directory',
`name' and `ext' (as passed to ``keyfile_path'')."""
s = SMIME.SMIME()
s.load_key(env.ec2.pk, env.ec2.cert)
p7, data = SMIME.smime_load_pkcs7(keyfile_path(directory, name, ext))
return s.decrypt(p7)
def get_keyfile(directory, name, ext='yaml'):
"""Returns the DECRYPTED keyfile named by the given `directory',
`name' and `ext' (as passed to ``keyfile_path'')."""
s = SMIME.SMIME()
s.load_key(env.ec2.pk, env.ec2.cert)
p7, data = SMIME.smime_load_pkcs7(keyfile_path(directory, name, ext))
return s.decrypt(p7)
def test_load_bad(self):
s = SMIME.SMIME()
with self.assertRaises(EVP.EVPError):
s.load_key('tests/signer.pem',
'tests/signer.pem')
with self.assertRaises(BIO.BIOError):
SMIME.load_pkcs7('nosuchfile-dfg456')
with self.assertRaises(SMIME.PKCS7_Error):
SMIME.load_pkcs7('tests/signer.pem')
with self.assertRaises(SMIME.PKCS7_Error):
SMIME.load_pkcs7_bio(BIO.MemoryBuffer('no pkcs7'))
with self.assertRaises(SMIME.SMIME_Error):
SMIME.smime_load_pkcs7('tests/signer.pem')
with self.assertRaises(SMIME.SMIME_Error):
SMIME.smime_load_pkcs7_bio(BIO.MemoryBuffer('no pkcs7'))
def verify_netscape():
print 'test load & verify netscape messager output...',
s = SMIME.SMIME()
#x509 = X509.load_cert('client.pem')
sk = X509.X509_Stack()
#sk.push(x509)
s.set_x509_stack(sk)
st = X509.X509_Store()
st.load_info('ca.pem')
s.set_x509_store(st)
p7, data = SMIME.smime_load_pkcs7('ns.p7')
v = s.verify(p7, data)
print '\n', v, '\n...ok'
def verify_netscape():
print 'test load & verify netscape messager output...',
s = SMIME.SMIME()
#x509 = X509.load_cert('client.pem')
sk = X509.X509_Stack()
#sk.push(x509)
s.set_x509_stack(sk)
st = X509.X509_Store()
st.load_info('ca.pem')
s.set_x509_store(st)
p7, data = SMIME.smime_load_pkcs7('ns.p7')
v = s.verify(p7, data)
print '\n', v, '\n...ok'
def decrypt(self):
# Instantiate an SMIME object.
s = SMIME.SMIME()
# Load private key and cert.
s.load_key(recipient_key, recipient_cert)
# Load the encrypted data.
p7, data = SMIME.smime_load_pkcs7('smime-m2-encrypt.txt')
# Decrypt p7.
out = s.decrypt(p7)
print out
def verify_opaque():
print 'test load & verify opaque...',
s = SMIME.SMIME()
x509 = X509.load_cert('client.pem')
sk = X509.X509_Stack()
sk.push(x509)
s.set_x509_stack(sk)
st = X509.X509_Store()
st.load_info('ca.pem')
s.set_x509_store(st)
p7, data = SMIME.smime_load_pkcs7('opaque.p7')
v = s.verify(p7, data)
if v:
print 'ok'
else:
print 'not ok'
def verify_opaque():
print 'test load & verify opaque...',
s = SMIME.SMIME()
x509 = X509.load_cert('client.pem')
sk = X509.X509_Stack()
sk.push(x509)
s.set_x509_stack(sk)
st = X509.X509_Store()
st.load_info('ca.pem')
s.set_x509_store(st)
p7, data = SMIME.smime_load_pkcs7('opaque.p7')
v = s.verify(p7, data)
if v:
print 'ok'
else:
print 'not ok'
def test_detailed_error_message(self):
from M2Crypto import SMIME, X509
s = SMIME.SMIME()
x509 = X509.load_cert('tests/recipient.pem')
sk = X509.X509_Stack()
sk.push(x509)
s.set_x509_stack(sk)
st = X509.X509_Store()
st.load_info('tests/recipient.pem')
s.set_x509_store(st)
p7, data = SMIME.smime_load_pkcs7('tests/sample-p7.pem')
self.assertIsInstance(p7, SMIME.PKCS7, p7)
try:
s.verify(p7, data)
except SMIME.PKCS7_Error as e:
self.assertRegexpMatches(str(e),
"unable to get local issuer certificate",
"Not received expected error message")
def decrypt_email_body(client: Client, args: Dict, file_path=None):
""" Decrypt the message
Args:
client: Client
args: Dict
file_path: relevant for the test module
"""
if file_path:
encrypt_message = file_path
else:
encrypt_message = demisto.getFilePath(args.get('encrypt_message'))
client.smime.load_key(client.private_key_file, client.public_key_file)
p7, data = SMIME.smime_load_pkcs7(encrypt_message['path'])
out = client.smime.decrypt(p7).decode('utf-8')
entry_context = {'SMIME.Decrypted': {'Message': out}}
human_readable = f'The decrypted message is: \n{out}'
return human_readable, entry_context
def verify(client: Client, args: Dict):
""" Verify the signature
Args:
client: Client
args: Dict
"""
signed_message = demisto.getFilePath(args.get('signed_message'))
x509 = X509.load_cert(client.public_key_file)
sk = X509.X509_Stack()
sk.push(x509)
client.smime.set_x509_stack(sk)
st = X509.X509_Store()
st.load_info(client.public_key_file)
client.smime.set_x509_store(st)
try:
p7, data = SMIME.smime_load_pkcs7(signed_message['path'])
v = client.smime.verify(p7, data, flags=SMIME.PKCS7_NOVERIFY)
human_readable = f'The signature verified\n\n{v}'
except SMIME.SMIME_Error as e:
if str(
e
) == 'no content type': # If no content type; see if we can process as DER format
with open(signed_message['path'], "rb") as message_file:
p7data = message_file.read()
p7bio = BIO.MemoryBuffer(p7data)
p7 = SMIME.PKCS7(m2.pkcs7_read_bio_der(p7bio._ptr()))
v = client.smime.verify(p7, flags=SMIME.PKCS7_NOVERIFY)
return_results(
fileResult('unwrapped-' + signed_message.get('name'), v))
human_readable = 'The signature verified\n\n'
return human_readable, {}
def verify(self):
# Instantiate an SMIME object.
s = SMIME.SMIME()
# Load the signer's cert.
x509 = X509.load_cert(signer_cert)
sk = X509.X509_Stack()
sk.push(x509)
s.set_x509_stack(sk)
# Load the signer's CA cert.
st = X509.X509_Store()
st.load_info(ca_cert)
s.set_x509_store(st)
# Load the data, verify it.
p7, data = SMIME.smime_load_pkcs7('smime-m2-sign.txt')
v = s.verify(p7)
print v
print data
print data.read()
def verify(client: Client, args: Dict):
""" Verify the signature
Args:
client: Client
args: Dict
"""
signed_message = demisto.getFilePath(args.get('signed_message'))
x509 = X509.load_cert(client.public_key_file)
sk = X509.X509_Stack()
sk.push(x509)
client.smime.set_x509_stack(sk)
st = X509.X509_Store()
st.load_info(client.public_key_file)
client.smime.set_x509_store(st)
p7, data = SMIME.smime_load_pkcs7(signed_message['path'])
v = client.smime.verify(p7, data, flags=SMIME.PKCS7_NOVERIFY)
human_readable = f'The signature verified\n\n{v}'
return human_readable, {}
from M2Crypto import SMIME, X509
# Instantiate an SMIME object.
s = SMIME.SMIME()
# Load the signer's cert.
x509 = X509.load_cert('mycert.pem')
sk = X509.X509_Stack()
sk.push(x509)
s.set_x509_stack(sk)
# Load the signer's CA cert. In this case, because the signer's
# cert is self-signed, it is the signer's cert itself.
st = X509.X509_Store()
st.load_info('mycert.pem')
s.set_x509_store(st)
# Load the data, verify it.
p7, data = SMIME.smime_load_pkcs7('target/smime_signed.txt')
v = s.verify(p7, data)
print v
print data
print data.read()
from M2Crypto import BIO, SMIME, X509
s = SMIME.SMIME()
# Load private key and cert.
s.load_key('mycert-private.pem', 'mycert.pem')
# Load the signed/encrypted data.
p7, data = SMIME.smime_load_pkcs7('target/python_encrypted_signed.txt')
# After the above step, 'data' == None.
# Decrypt p7. 'out' now contains a PKCS #7 signed blob.
out = s.decrypt(p7)
# Load the signer's cert.
x509 = X509.load_cert('mycert.pem')
sk = X509.X509_Stack()
sk.push(x509)
s.set_x509_stack(sk)
# Load the signer's CA cert. In this case, because the signer's
# cert is self-signed, it is the signer's cert itself.
st = X509.X509_Store()
st.load_info('mycert.pem')
s.set_x509_store(st)
# Recall 'out' contains a PKCS #7 blob.
# Transform 'out'; verify the resulting PKCS #7 blob.
p7_bio = BIO.MemoryBuffer(out)
p7, data = SMIME.smime_load_pkcs7_bio(p7_bio)
v = s.verify(p7, data)
# The putpose of this code is to serve as example
# not to do anthing useful for the library
from M2Crypto import SMIME, X509
# Instantiate an SMIME object.
sk = X509.X509_Stack()
# Load the data, verify it.
p7, data = SMIME.smime_load_pkcs7('bill')
stack = p7.get0_signers(sk)
looping = True
while looping:
one = stack.pop()
if one == None:
break
print one.get_subject()
print one.get_serial_number()
print one.get_issuer()
crl = X509.load_crl('/etc/grid-security/certificates/dd4b34ea.r0')
print crl.as_text()
#print crl.crl.own()
s = SMIME.SMIME()
x509c = X509.load_cert('/etc/grid-security/certificates/dd4b34ea.0')
sk = X509.X509_Stack()
sk.push(x509c)
s.set_x509_stack(sk)
def test_load_smime(self):
a, b = SMIME.smime_load_pkcs7(self.filenameSmime)
assert isinstance(a, SMIME.PKCS7), a
assert isinstance(b, BIO.BIO), b
assert a.type() == SMIME.PKCS7_SIGNED
from M2Crypto import SMIME, X509
# Instantiate an SMIME object.
s = SMIME.SMIME()
# Load the signer's cert.
x509 = X509.load_cert('mycert.pem')
sk = X509.X509_Stack()
sk.push(x509)
s.set_x509_stack(sk)
# Load the signer's CA cert. In this case, because the signer's
# cert is self-signed, it is the signer's cert itself.
st = X509.X509_Store()
st.load_info('mycert.pem')
s.set_x509_store(st)
# Load the data, verify it.
p7, data = SMIME.smime_load_pkcs7('smime_signed.txt')
v = s.verify(p7, data)
print v
print data
print data.read()
#!/usr/bin/env python
"""S/MIME HOWTO demo program.
Copyright (c) 1999-2001 Ng Pheng Siong. All rights reserved."""
from M2Crypto import BIO, SMIME, X509
# Instantiate an SMIME object.
s = SMIME.SMIME()
# Load private key and cert.
s.load_key('recipient_key.pem', 'recipient.pem')
# Load the encrypted data.
p7, data = SMIME.smime_load_pkcs7('encrypt.p7')
# Decrypt p7.
out = s.decrypt(p7)
print out
def test_load_smime(self):
a, b = SMIME.smime_load_pkcs7(self.filenameSmime)
self.assertIsInstance(a, SMIME.PKCS7, a)
self.assertIsInstance(b, BIO.BIO, b)
self.assertEqual(a.type(), SMIME.PKCS7_SIGNED)
from M2Crypto import SMIME, X509
# Instantiate an SMIME object.
s = SMIME.SMIME()
# Load the signer's cert.
x509 = X509.load_cert('signer.pem')
sk = X509.X509_Stack()
sk.push(x509)
s.set_x509_stack(sk)
# Load the signer's CA cert. In this case, because the signer's
# cert is self-signed, it is the signer's cert itself.
st = X509.X509_Store()
st.load_info('signer.pem')
s.set_x509_store(st)
# Load the data, verify it.
p7, data = SMIME.smime_load_pkcs7('sign.p7')
'''
v = s.verify(p7,data)
print v
print data
print data.read()
'''
#!/usr/bin/env python
"""S/MIME HOWTO demo program.
Copyright (c) 1999-2001 Ng Pheng Siong. All rights reserved."""
from M2Crypto import BIO, SMIME, X509
# Instantiate an SMIME object.
s = SMIME.SMIME()
# Load private key and cert.
s.load_key('recipient_key.pem', 'recipient.pem')
# Load the encrypted data.
p7, data = SMIME.smime_load_pkcs7('encrypt.p7')
# Decrypt p7.
out = s.decrypt(p7)
print out
from M2Crypto import BIO, SMIME, X509
s = SMIME.SMIME()
s.load_key('mycert-private.pem', 'mycert.pem')
p7, data = SMIME.smime_load_pkcs7('smime.txt')
out = s.decrypt(p7)
print out
#!/usr/bin/env python
"""S/MIME HOWTO demo program.
Copyright (c) 1999-2001 Ng Pheng Siong. All rights reserved."""
from M2Crypto import SMIME, X509
# Instantiate an SMIME object.
s = SMIME.SMIME()
# Load the signer's cert.
x509 = X509.load_cert('signer.pem')
sk = X509.X509_Stack()
sk.push(x509)
s.set_x509_stack(sk)
# Load the signer's CA cert. In this case, because the signer's
# cert is self-signed, it is the signer's cert itself.
st = X509.X509_Store()
st.load_info('signer.pem')
s.set_x509_store(st)
# Load the data, verify it.
p7, data = SMIME.smime_load_pkcs7('sign.p7')
v = s.verify(p7)
print v
print data
print data.read()
def test_load_smime(self):
a, b = SMIME.smime_load_pkcs7(self.filenameSmime)
self.assertIsInstance(a, SMIME.PKCS7, a)
self.assertIsInstance(b, BIO.BIO, b)
self.assertEqual(a.type(), SMIME.PKCS7_SIGNED)
# The putpose of this code is to serve as example
# not to do anthing useful for the library
from M2Crypto import SMIME, X509
# Instantiate an SMIME object.
sk = X509.X509_Stack()
# Load the data, verify it.
p7, data = SMIME.smime_load_pkcs7('bill')
stack = p7.get0_signers(sk)
looping = True
while looping:
one = stack.pop()
if one == None:
break
print one.get_subject()
print one.get_serial_number()
print one.get_issuer()
crl = X509.load_crl('/etc/grid-security/certificates/dd4b34ea.r0')
print crl.as_text()
#print crl.crl.own()
s = SMIME.SMIME()
x509c = X509.load_cert('/etc/grid-security/certificates/dd4b34ea.0')
sk = X509.X509_Stack()
