def pkcs7_to_pem_chain(pkcs7_input):
""" Converts a PKCS#7 cert chain to PEM format.
Attempts to use python-cryptography 3.1 or falls back to using the
openssl(1) tool.
Args:
pkcs7_input (bytes): the PKCS#7 chain as stored in the database.
Returns:
str: PEM encoded certificate chain as expected by ACME clients.
"""
from cryptography import __version__ as crypto_version
v = [int(s) if s.isdigit() else -1 for s in crypto_version.split(".")]
if v[0] > 3 or (v[0] == 3 and v[1] >= 1): # if cryptography 3.1 or higher:
from cryptography.hazmat.primitives.serialization import pkcs7
certs = serialization.pkcs7.load_der_pkcs7_certificates(pkcs7_input)
return "\n".join([
cert.public_bytes(serialization.Encoding.PEM).decode("ascii")
for cert in certs
])
else:
from subprocess import Popen, PIPE, DEVNULL
proc = Popen(
["openssl", "pkcs7", "-print_certs", "-inform", "DER"],
stdin=PIPE,
stdout=PIPE,
stderr=DEVNULL,
)
proc.stdin.write(pkcs7_input)
proc.stdin.close()
pem_cert = proc.stdout.read().decode("ascii")
return "\n".join([
l for l in pem_cert.splitlines()
if not l.startswith("subject=") and not l.startswith("issuer=")
])
import re
import subprocess
import sys
import time
import traceback
import warnings
try:
from collections.abc import Mapping
except ImportError: # Python 2.7
from collections import Mapping
from types import ModuleType
try:
from cryptography import __version__ as cryptography_version
cryptography_version = list(map(int, cryptography_version.split('.')))
except ImportError:
cryptography_version = None
import pywikibot
from pywikibot.comms import threadedhttp
from pywikibot import config
from pywikibot.data.api import CachedRequest, APIError
from pywikibot.data.api import Request as _original_Request
from pywikibot.site import Namespace
from pywikibot.tools import (
PY2,
PYTHON_VERSION,
UnicodeType as unicode,
)
from tests import _pwb_py, unittest
from cryptography import __version__ as _cver
from cryptography.exceptions import InvalidSignature
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization, hashes
from cryptography.hazmat.primitives.asymmetric import padding
from . import generic
import pkg.actions
import pkg.client.api_errors as apx
import pkg.digest as digest
import pkg.misc as misc
valid_hash_algs = ("sha256", "sha384", "sha512")
valid_sig_algs = ("rsa", )
if list(map(int, _cver.split('.'))) >= [3, 4, 0]:
# In cryptography 3.4, the hash classes moved to subclasses of
# hashes.hashAlgorithm
hash_registry = hashes.HashAlgorithm.__subclasses__()
else:
# For cryptography < 3.4.0
import abc
hash_registry = [
ref() for ref in abc._get_dump(hashes.HashAlgorithm)[0] if ref()
]
class SignatureAction(generic.Action):
"""Class representing the signature-type packaging object."""
import os
import ipaddress
import requests
import datetime
import unittest
from unittest.mock import Mock
import mock
import pytest
import serles.challenge as main
import MockBackend
import dns.resolver
from cryptography import __version__ as crypto_version
v = [int(s) if s.isdigit() else -1 for s in crypto_version.split(".")]
has_crypto31 = v[0] >= 3 or (v[0] == 3 and v[1] >= 1)
class MockedRequestsSession:
def get(self, *args, **kwargs):
mock_response = Mock()
mock_response.raw.connection.sock.getpeername = lambda: ("", "")
mock_response.text = "token.i9Qes9RMOIbciQjAy6pzYwcZw8IKjKxPP7UZ8fTetps"
return mock_response
class MockedRequestsSessionPeerNameFallback:
def get(self, *args, **kwargs):
mock_response = Mock()
mock_response.raw.connection.sock = None
