def load_ascii_to_x509(bytes_input, ascii_input):
first_line = ascii_input.splitlines()[0]
if first_line == "-----BEGIN PKCS7-----":
return load_pem_pkcs7_certificates(bytes_input)[0]
elif first_line == "-----BEGIN CERTIFICATE-----":
return x509.load_pem_x509_certificate(bytes_input)
raise ImproperlyFormattedCert(
"Cert can not be read! It is not a valid PEM")
def test_load_pkcs7_unsupported_type(self, backend):
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_SERIALIZATION):
load_vectors_from_file(
os.path.join("pkcs7", "enveloped.pem"),
lambda pemfile: pkcs7.load_pem_pkcs7_certificates(pemfile.read(
)),
mode="rb",
)
def test_pem_matches_vector(self, backend):
p7_pem = load_vectors_from_file(
os.path.join("pkcs7", "isrg.pem"),
lambda p: p.read(),
mode="rb",
)
certs = pkcs7.load_pem_pkcs7_certificates(p7_pem)
p7 = pkcs7.serialize_certificates(certs, serialization.Encoding.PEM)
assert p7 == p7_pem
def printData(data, showPub=True):
try:
xcert = x509.load_der_x509_certificate(data)
except:
try:
xcert = x509.load_pem_x509_certificate(data)
except:
try:
xcert = pkcs7.load_der_pkcs7_certificates(data)
except:
xcert = pkcs7.load_pem_pkcs7_certificates(data)
if len(xcert) > 1:
print('// Warning: TODO: pkcs7 has {} entries'.format(
len(xcert)))
xcert = xcert[0]
cn = ''
for dn in xcert.subject.rfc4514_string().split(','):
keyval = dn.split('=')
if keyval[0] == 'CN':
cn += keyval[1]
name = re.sub('[^a-zA-Z0-9_]', '_', cn)
print('// CN: {} => name: {}'.format(cn, name))
print('// not valid before:', xcert.not_valid_before)
print('// not valid after: ', xcert.not_valid_after)
if showPub:
fingerprint = xcert.fingerprint(hashes.SHA1()).hex(':')
print('const char fingerprint_{} [] PROGMEM = "{}";'.format(
name, fingerprint))
pem = xcert.public_key().public_bytes(
Encoding.PEM, PublicFormat.SubjectPublicKeyInfo).decode('utf-8')
print('const char pubkey_{} [] PROGMEM = R"PUBKEY('.format(name))
print(pem + ')PUBKEY";')
else:
cert = xcert.public_bytes(Encoding.PEM).decode('utf-8')
print('const char cert_{} [] PROGMEM = R"CERT('.format(name))
print(cert + ')CERT";')
cas = []
for ext in xcert.extensions:
if ext.oid == x509.ObjectIdentifier("1.3.6.1.5.5.7.1.1"):
for desc in ext.value:
if desc.access_method == x509.oid.AuthorityInformationAccessOID.CA_ISSUERS:
cas.append(desc.access_location.value)
for ca in cas:
with urllib.request.urlopen(ca) as crt:
print()
print('// ' + ca)
printData(crt.read(), False)
print()
def test_load_pkcs7_pem(self, backend):
certs = load_vectors_from_file(
os.path.join("pkcs7", "isrg.pem"),
lambda pemfile: pkcs7.load_pem_pkcs7_certificates(pemfile.read()),
mode="rb",
)
assert len(certs) == 1
assert certs[0].subject.get_attributes_for_oid(
x509.oid.NameOID.COMMON_NAME
) == [x509.NameAttribute(x509.oid.NameOID.COMMON_NAME, "ISRG Root X1")]
def convert_pkcs7_bytes_to_pem(certs_pkcs7):
"""
Given a list of certificates in pkcs7 encoding (bytes), covert them into a list of PEM encoded files
:raises ValueError or ValidationError
:param certs_pkcs7:
:return: list of certs in PEM format
"""
certificates = pkcs7.load_pem_pkcs7_certificates(certs_pkcs7)
certificates_pem = []
for cert in certificates:
certificates_pem.append(pem.parse(cert.public_bytes(encoding=Encoding.PEM))[0])
return certificates_pem
def test_not_bytes_pem(self, backend):
with pytest.raises(TypeError):
pkcs7.load_pem_pkcs7_certificates(38) # type: ignore[arg-type]
def test_load_invalid_pem_pkcs7(self, backend):
with pytest.raises(ValueError):
pkcs7.load_pem_pkcs7_certificates(b"nonsense")
def _extract_client_certificate(cert_response: dict) -> str:
pkcs7_pem = cert_response['value']
certs = pkcs7.load_pem_pkcs7_certificates(pkcs7_pem.encode('utf-8'))
if not certs:
raise ValueError('no certificates found in response')
return certs[0].public_bytes(serialization.Encoding.PEM).decode('utf-8')
def load_key(filename: str,
private: bool = False,
password: Optional[bytes] = None,
extensive: bool = False) -> KEY_ALL_TYPES:
key = None
if password is None and not extensive:
with open(filename, 'r') as f:
if 'ENCRYPTED' in f.readline():
password = input("Password: "******"Multiple certificates found, using first entry [%s]" %
certs[0].subject,
file=sys.stderr)
key = certs[0].public_key()
# PKCS#12 Certificate (Private and/or Public Key)
if not key:
try:
private_key, cert, more_certs = load_key_and_certificates(
data, password=password)
if not private and cert:
key = cert.public_key()
elif private:
key = private_key
except:
pass
# X.509 Certificate
if not key and not private:
cert = None
try:
cert = load_der_x509_certificate(data)
except:
try:
cert = load_pem_x509_certificate(data)
except:
pass
if cert:
key = cert.public_key()
if key:
if private and is_private_key(key):
return key
elif not private and is_private_key(key):
return key.public_key()
elif not private and is_public_key(key):
return key
raise FileException("Could not read key")
def test_not_bytes_pem(self):
with pytest.raises(TypeError):
pkcs7.load_pem_pkcs7_certificates(38)
