def get_hash_list(self): """ That method is needed when we look for a specific cert if it is in the db so we need their hash list""" hash_list=[] #from root to client for cert in self.__cert_stack: tempCert=X509Man(cert[2]) hash_list.append(DigestMan.gen_buf_hash(tempCert.get_cert_text())) del tempCert return hash_list
def verify_sign(self,data,signature_place): """ Verifies the signature against the data""" #create a BIO.Memory object dg=DigestMan() data=dg.gen_buf_hash(data) if not self.verify_signers(signature_place): return False #pass self.dataBuf=self.makebuf(data) if not data : print "Supply data to verify with" return False #print self.dataBuf.read() #Load the pkcs7 document try : #Make a stote and stack object just for argument list #we dont need them actually #xStore=self.create_store(["chain/cacert.pem"]) xStore=X509.X509_Store() #stW=stackWork() #sk=stW.add_chain(["chain/cacert.pem"]) sk = X509.X509_Stack() self.sm.set_x509_stack(sk) self.sm.set_x509_store(xStore) #Sets the flags to noverify which means that the verification of #the signers was made above flagset=SMIME.PKCS7_NOVERIFY #verify the signature it is a M2Crypto openssl method res=self.sm.verify(self.__p7,self.dataBuf,flags=flagset) #print res if not res: return False else: return True except SMIME.SMIME_Error,e: print "Error while setting pkcs7 verification process :",e return False
def verify_sign(self, data, signature_place): """ Verifies the signature against the data""" #create a BIO.Memory object dg = DigestMan() data = dg.gen_buf_hash(data) if not self.verify_signers(signature_place): return False #pass self.dataBuf = self.makebuf(data) if not data: print "Supply data to verify with" return False #print self.dataBuf.read() #Load the pkcs7 document try: #Make a stote and stack object just for argument list #we dont need them actually #xStore=self.create_store(["chain/cacert.pem"]) xStore = X509.X509_Store() #stW=stackWork() #sk=stW.add_chain(["chain/cacert.pem"]) sk = X509.X509_Stack() self.sm.set_x509_stack(sk) self.sm.set_x509_store(xStore) #Sets the flags to noverify which means that the verification of #the signers was made above flagset = SMIME.PKCS7_NOVERIFY #verify the signature it is a M2Crypto openssl method res = self.sm.verify(self.__p7, self.dataBuf, flags=flagset) #print res if not res: return False else: return True except SMIME.SMIME_Error, e: print "Error while setting pkcs7 verification process :", e return False
def make_sign(self,keyplace,certplace,dataSign,signature_place): """ We give the cert(s) and key place""" #if the message is a big one we should digest it dg=DigestMan() dataSign=dg.gen_buf_hash(dataSign) ch=chainMan() #check basic things if not ch.load_chain(certplace, tip=0): return False #testing the chain if not ch.create_chain(): return False #Gets the X509 objects as a stack stack=ch.dumpto_stack() del ch #create a buffer to store the data to be signed tosign=self.makebuf(dataSign) #return "Process cut" try : #Loading the private key self.sm.load_key(keyplace,certplace[0]) #print stack #setting the stack we prepared #Not used for now self.sm.set_x509_stack(stack) #The flags is detached because we dont want to store the original message in the pkcs7 flagset=SMIME.PKCS7_DETACHED #print "The flagset is :",flagset self.__p7=self.sm.sign(tosign,flags=flagset) #print self.__p7 except SMIME.SMIME_Error,e: print "Error with signing process",e return False
def make_sign(self, keyplace, certplace, dataSign, signature_place): """ We give the cert(s) and key place""" #if the message is a big one we should digest it dg = DigestMan() dataSign = dg.gen_buf_hash(dataSign) ch = chainMan() #check basic things if not ch.load_chain(certplace, tip=0): return False #testing the chain if not ch.create_chain(): return False #Gets the X509 objects as a stack stack = ch.dumpto_stack() del ch #create a buffer to store the data to be signed tosign = self.makebuf(dataSign) #return "Process cut" try: #Loading the private key self.sm.load_key(keyplace, certplace[0]) #print stack #setting the stack we prepared #Not used for now self.sm.set_x509_stack(stack) #The flags is detached because we dont want to store the original message in the pkcs7 flagset = SMIME.PKCS7_DETACHED #print "The flagset is :",flagset self.__p7 = self.sm.sign(tosign, flags=flagset) #print self.__p7 except SMIME.SMIME_Error, e: print "Error with signing process", e return False
from digest.Hasher import DigestMan from initializer import DbCert from dbMain import LiteDb from sign.cert import X509Man dc = DbCert() sum = dc.selectS("select cert_sum from certs where ce_id=%s" % (7)) #print sum[0][0] #print dc.get_certData(2)[1:].split() d = DigestMan() sum2 = d.gen_buf_hash(dc.get_certData(7)[1:]) print sum2 if sum == sum2: print "The sum is ok" else: print "The cert was modified" sum3 = open("chain/cert2.pem", "r").read() sum3 = d.gen_buf_hash(sum3) #print sum3 #try to import it there c = X509Man() c.set_from_buf(dc.get_certData(7)[1:]) print c.get_detail()
def import_chain(self,file_list,name=None): """ Inserts a new entry to db in chain table also calls the import_cert to complete the job 1.take cert stack 2.compute their hash 3.if chain exists it fails 4.if root exists warning 5.If not there it is inserted as trusted cause we import it (May be changed later)""" """ Verification Process""" ch=chainMan() if not ch.load_chain(file_list): print "Cert verification failed" return False #Test the chain if it is valid if not ch.create_chain(): print "The chain is not valid" return False #get the final one chain_st=ch.get_final() del ch #use the slot 0 of the list that we recieved #get the hashes for c in chain_st: #print c[2] tempCert=X509Man(c[2]) c[0]=DigestMan.gen_buf_hash(tempCert.get_cert_text()) del tempCert #print c[0] #check first if the same chain is in the db if not self.dup_control([c[0] for c in chain_st]): #print "The chain exists in the db" return False #return "Process cut :)" q2="select max(c_id) from chains" res=super(DbCert,self).selectS(q2,"one") if res==-1: #print res print "Chain insertin process failed" return False if not name: if res[0]: print res[0] q="insert into chains values (null,\'%s\',\'trusted\')"%("".join(["name",str(res[0])])) else: q="insert into chains values (null,\'%s\',\'trusted\')"%("name1") else: q3="select * from chains where name=\'%s\'"%(name) res=super(DbCert,self).selectS(q3,"one") if res: print "Name exists" return False q="insert into chains values (null,\'%s\',\'trusted\')"%(name) res=super(DbCert,self).updateS(q) if res==-1: print "Chain insertion error" return False #print "New chain inserted" #super(DbCert,self).renew_conn() res=super(DbCert,self).selectS(q2) if not res or res==-1: #print res #print "Chain insertin process failed" return False #print "parent chain number taken" if not self.import_cert(res[0], chain_st): return False print "Import process succesfull" return True
from digest.Hasher import DigestMan from initializer import DbCert from dbMain import LiteDb from sign.cert import X509Man dc=DbCert() sum=dc.selectS("select cert_sum from certs where ce_id=%s"%(7)) #print sum[0][0] #print dc.get_certData(2)[1:].split() d=DigestMan() sum2=d.gen_buf_hash(dc.get_certData(7)[1:]) print sum2 if sum==sum2: print "The sum is ok" else: print "The cert was modified" sum3=open("chain/cert2.pem","r").read() sum3=d.gen_buf_hash(sum3) #print sum3 #try to import it there c=X509Man() c.set_from_buf(dc.get_certData(7)[1:]) print c.get_detail()