Пример #1
0
def dump_cert_data(key_file: pathlib.Path, cert_file: pathlib.Path,
                   keystore: crypto.PKCS12) -> None:
    with cert_file.open("wt") as f:
        f.write(
            crypto.dump_certificate(
                crypto.FILETYPE_PEM,
                keystore.get_certificate()).decode("utf-8"))
    with key_file.open("wt") as f:
        f.write(
            crypto.dump_privatekey(crypto.FILETYPE_PEM,
                                   keystore.get_privatekey()).decode("utf-8"))
Пример #2
0
def p12create(p12file):
    try:
        p12 = PKCS12()
        p12.set_certificate(pub)
        p12.set_privatekey(privkey)
        p12.set_friendlyname(alias)
        p12data = p12.export(passw, iter=2048, maciter=1)
    except:
        return 'Failed to create p12 Object of p12create() method'
    try:
        newfile = open(p12file, 'wb+')
        newfile.write(p12data)
        newfile.close()
    except:
        print("Problem in p12create method. Couldn't write file: %s" %
              (p12file))
Пример #3
0
    def to_pkcs12(self, password):
        p12 = PKCS12()

        # convert M2Crypto keys & certs into OpenSSL's format using DER
        # yes, a bit wasteful as we're going into one OpenSSL wrapper to
        # another. perhaps settle on an OpenSSL wrapper at some point.
        cert_pem = self.get_cert().to_pem()
        p12.set_certificate(load_certificate(FILETYPE_PEM, cert_pem))

        key_pem = self.get_private_key().to_pem()
        p12.set_privatekey(load_privatekey(FILETYPE_PEM, key_pem))

        cvt_cacerts = []
        for cacert in self.addl_certs:
            cvt_cacert = cacert.to_pem()
            cvt_cacerts.append(load_certificate(FILETYPE_PEM, cvt_cacert))

        return p12.export(password)
Пример #4
0
def save_p12(cert, private, file_name, passphrase=None):
    host_folder = os.getenv(HOST_FOLDER_EXPORTS_PATH_ENV_KEY)

    if file_name and host_folder:
        openssl_cert = X509.from_cryptography(cert)
        openssl_priv_key = PKey.from_cryptography_key(private)

        p12 = PKCS12()
        p12.set_privatekey(openssl_priv_key)
        p12.set_certificate(openssl_cert)

        p12bin = p12.export(passphrase)
        file_path = PATH_TO_EXPORTS_FOLDER + '/{}.p12'.format(file_name)

        if os.path.isfile(file_path):
            raise ValueError
        with open(file_path, 'wb') as f:
            f.write(p12bin)
        return host_folder + '/{}.p12'.format(file_name)
Пример #5
0
def dump_keystore(pkcs12_file: pathlib.Path, keystore: crypto.PKCS12,
                  passphrase: str) -> None:
    with pkcs12_file.open("wb") as f:
        f.write(keystore.export(passphrase=passphrase.encode()))
def request_certificate(csr: crypto.X509Req, token_id: str, client_cert: crypto.PKCS12, domains: [str],
                        cert_file: str = None, cert_type: str = "DVSSL"):
    """Request certificate from StartSSL.

        :param csr: The csr with which to request the certificate.
        :param token_id: The token id to present to StartSSL.
        :param client_cert: The client certificate to present to StartSSL.
        :param domains: The list of domains to add to the request.
        :param cert_file: The file name relative to SSL_DIR to store the certificate if issued. Pass None to disable.
        :param cert_type: The type of certificate to request from StartSSL.
        :return: Returns a tuple containing the StartSSL request status and the certificate in PEM format if successful.
        """

    #
    #
    # ------ INNER CLASS DECLARATIONS ------ #
    #
    #

    # Class to manage making sensitive temporary files securely (ensuring deletion, etc.)
    class make_temp_file:
        def __init__(self, suffix: str = None, prefix: str = None, dir_path: str = None, text: bool = False):
            self.temp_file = tempfile.mkstemp(suffix, prefix, dir_path, text)

        def __enter__(self):
            """Returns a tuple of the file object and its full path."""
            return self.temp_file

        def __exit__(self, exc_type, exc_val, exc_tb):
            try:
                os.close(self.temp_file[0])
            except OSError:
                # needs to be ignored so that the file as attempted to be destroyed
                print("Temporary file could not be closed.", file=sys.stderr)

            os.remove(self.temp_file[1])  # This file must be destroyed. If it errors out, let the error bubble up

    #
    #
    # ------ START OF FUNCTION ------ #
    #
    #

    # Create temporary file for requests library
    with make_temp_file('tmp', 'ProcessCerts', text=True) as temp_file:

        # Write unencrypted key temporarily to disk, will be destroyed by "with" when done
        os.write(temp_file[0], crypto.dump_certificate(crypto.FILETYPE_PEM, client_cert.get_certificate()) +
                 crypto.dump_privatekey(crypto.FILETYPE_PEM, client_cert.get_privatekey()))

        # Request certificate
        r = requests.post(
            CertSecurityGlobals.DEBUG_API if CertSecurityGlobals.DEBUG_MODE else CertSecurityGlobals.PRODUCTION_API,
            data={'RequestData': json.dumps({
                "tokenID": token_id,
                "actionType": "ApplyCertificate",
                "certType": cert_type,
                "domains": ",".join(domains),
                "CSR": crypto.dump_certificate_request(crypto.FILETYPE_PEM, csr).decode("utf-8")
            })},
            cert=temp_file[1]
        )

        # Decode response
        try:
            response_json = r.json()
        except ValueError:
            raise CertSecurityError(
                "Response sent was not JSON. Type: {0} Response:\n{1}".format(r.headers.get('content-type'), r.text))

        # Bad request
        if not response_json['status'] == 1:
            raise CertSecurityError(response_json['shortMsg'], response_json['errorCode'])

        # CSR issuance status
        if response_json['data']['orderStatus'] == 1:  # The request is pending
            print("The certificate has been successfully submitted and is pending issuance.\n"
                  "\t Order ID: " + response_json['orderID'])
            return {'status': response_json['data']['orderStatus']}

        elif response_json['data']['orderStatus'] == 3:  # The request was rejected
            print("The certificate request has been rejected.", file=sys.stderr)
            return {'status': response_json['data']['orderStatus']}

        elif response_json['data']['orderStatus'] != 2:  # Unspecified error
            raise CertSecurityError(response_json['data']['orderStatus'], "Received an invalid response!")

        else:  # The request was issued
            print("The certificate has been successfully issued.")

            # Get certificate
            cert_received = crypto.load_certificate(crypto.FILETYPE_PEM, base64.b64decode(response_json['data'][
                                                                                              'certificate'],
                                                                                          validate=True))
            inter_cert = crypto.load_certificate(crypto.FILETYPE_PEM, base64.b64decode(response_json['data'][
                                                                                           'intermediateCertificate'],
                                                                                       validate=True))

            # Save certificate if requested
            if cert_file:
                cert_file = os.path.join(CertSecurityGlobals.SSL_DIR, cert_file)
                for file_format, f in write_all_formats(cert_file):
                    f.write(crypto.dump_certificate(file_format, cert_received))

            return {'status': response_json['data']['orderStatus'], 'cert': cert_received, 'intermediate': inter_cert}
Пример #7
0
 def CreateP12(self, Key, Cert, p12File, passphrase=None):
     p12 = PKCS12()
     p12.set_certificate(Cert)
     p12.set_privatekey(Key)
     p12File.write(p12.export(passphrase=passphrase))