def pkcs7_to_pem_chain(pkcs7_input): """ Converts a PKCS#7 cert chain to PEM format. Attempts to use python-cryptography 3.1 or falls back to using the openssl(1) tool. Args: pkcs7_input (bytes): the PKCS#7 chain as stored in the database. Returns: str: PEM encoded certificate chain as expected by ACME clients. """ from cryptography import __version__ as crypto_version v = [int(s) if s.isdigit() else -1 for s in crypto_version.split(".")] if v[0] > 3 or (v[0] == 3 and v[1] >= 1): # if cryptography 3.1 or higher: from cryptography.hazmat.primitives.serialization import pkcs7 certs = serialization.pkcs7.load_der_pkcs7_certificates(pkcs7_input) return "\n".join([ cert.public_bytes(serialization.Encoding.PEM).decode("ascii") for cert in certs ]) else: from subprocess import Popen, PIPE, DEVNULL proc = Popen( ["openssl", "pkcs7", "-print_certs", "-inform", "DER"], stdin=PIPE, stdout=PIPE, stderr=DEVNULL, ) proc.stdin.write(pkcs7_input) proc.stdin.close() pem_cert = proc.stdout.read().decode("ascii") return "\n".join([ l for l in pem_cert.splitlines() if not l.startswith("subject=") and not l.startswith("issuer=") ])
import re import subprocess import sys import time import traceback import warnings try: from collections.abc import Mapping except ImportError: # Python 2.7 from collections import Mapping from types import ModuleType try: from cryptography import __version__ as cryptography_version cryptography_version = list(map(int, cryptography_version.split('.'))) except ImportError: cryptography_version = None import pywikibot from pywikibot.comms import threadedhttp from pywikibot import config from pywikibot.data.api import CachedRequest, APIError from pywikibot.data.api import Request as _original_Request from pywikibot.site import Namespace from pywikibot.tools import ( PY2, PYTHON_VERSION, UnicodeType as unicode, ) from tests import _pwb_py, unittest
from cryptography import __version__ as _cver from cryptography.exceptions import InvalidSignature from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives import serialization, hashes from cryptography.hazmat.primitives.asymmetric import padding from . import generic import pkg.actions import pkg.client.api_errors as apx import pkg.digest as digest import pkg.misc as misc valid_hash_algs = ("sha256", "sha384", "sha512") valid_sig_algs = ("rsa", ) if list(map(int, _cver.split('.'))) >= [3, 4, 0]: # In cryptography 3.4, the hash classes moved to subclasses of # hashes.hashAlgorithm hash_registry = hashes.HashAlgorithm.__subclasses__() else: # For cryptography < 3.4.0 import abc hash_registry = [ ref() for ref in abc._get_dump(hashes.HashAlgorithm)[0] if ref() ] class SignatureAction(generic.Action): """Class representing the signature-type packaging object."""
import os import ipaddress import requests import datetime import unittest from unittest.mock import Mock import mock import pytest import serles.challenge as main import MockBackend import dns.resolver from cryptography import __version__ as crypto_version v = [int(s) if s.isdigit() else -1 for s in crypto_version.split(".")] has_crypto31 = v[0] >= 3 or (v[0] == 3 and v[1] >= 1) class MockedRequestsSession: def get(self, *args, **kwargs): mock_response = Mock() mock_response.raw.connection.sock.getpeername = lambda: ("", "") mock_response.text = "token.i9Qes9RMOIbciQjAy6pzYwcZw8IKjKxPP7UZ8fTetps" return mock_response class MockedRequestsSessionPeerNameFallback: def get(self, *args, **kwargs): mock_response = Mock() mock_response.raw.connection.sock = None