def load_db(self, identity, certlist=None): ####################################################################### """Read in all rsa keys from directory and name them as found""" ####################################################################### try: session = sessionmaker(bind=self.args["db"]["engine"])() recipient = create_or_update( session, Recipient, dont_update=["key"], **{"name": identity} ) for cert in certlist: cert = cert.encode() cert_dict = {} cert_dict["cert_bytes"] = cert cert_dict["verified"] = pk_verify_chain(cert, self.cabundle) cert_dict["fingerprint"] = get_cert_fingerprint(cert) cert_dict["subject"] = get_cert_subject(cert) cert_dict["issuer"] = get_cert_issuer(cert) cert_dict["enddate"] = datetime.strptime( get_cert_enddate(cert), "%b %d %H:%M:%S %Y %Z" ) cert_dict["issuerhash"] = get_cert_issuerhash(cert) cert_dict["subjecthash"] = get_cert_subjecthash(cert) cert = create_or_update( session, Cert, unique_identifiers=["fingerprint"], **cert_dict ) if cert not in recipient.certs: recipient.certs.append(cert) session.commit() except KeyError as err: raise CliArgumentError( f"Error: Recipient '{identity}' is not in the recipient database" ) from err
def test_cert_fingerprint(self): """Verify fingerprint is correct""" for identity in self.session.query(Recipient).all(): cert = (self.session.query(Cert).filter( Cert.recipients.contains(identity)).first()) fingerprint = get_cert_fingerprint(cert.cert_bytes) self.assertTrue(len(fingerprint.split(":")) == 20)
def verify_identity(self, identity, results): #pylint: disable=unused-argument """ Read in all rsa keys from directory and name them as found results is a meaningless parameter, but is required to make threading work """ ####################################################################### try: self.iddb[identity]['cabundle'] = self.cabundle self.iddb[identity]['certs'] = [] for cert in parse_file(self.iddb[identity]['certificate_path']): cert = cert.as_bytes() cert_dict = {} cert_dict['cert_bytes'] = cert cert_dict['verified'] = pk_verify_chain(cert, self.iddb[identity]['cabundle']) cert_dict['fingerprint'] = get_cert_fingerprint(cert) cert_dict['subject'] = get_cert_subject(cert) cert_dict['issuer'] = get_cert_issuer(cert) cert_dict['enddate'] = get_cert_enddate(cert) cert_dict['issuerhash'] = get_cert_issuerhash(cert) cert_dict['subjecthash'] = get_cert_subjecthash(cert) self.iddb[identity]['certs'].append(cert_dict) except KeyError: raise CliArgumentError( "Error: Recipient '%s' is not in the recipient database" % identity)
def verify_identity(self, identity): ####################################################################### """ Read in all rsa keys from directory and name them as found """ ####################################################################### try: self.iddb[identity]['cabundle'] = self.cabundle self.iddb[identity]['verified'] = crypto.pk_verify_chain( self.iddb[identity]) self.iddb[identity]['fingerprint'] = crypto.get_cert_fingerprint( self.iddb[identity]) self.iddb[identity]['subject'] = crypto.get_cert_subject( self.iddb[identity]) self.iddb[identity]['issuer'] = crypto.get_cert_issuer( self.iddb[identity]) self.iddb[identity]['enddate'] = crypto.get_cert_enddate( self.iddb[identity]) self.iddb[identity]['issuerhash'] = crypto.get_cert_issuerhash( self.iddb[identity]) self.iddb[identity]['subjecthash'] = crypto.get_cert_subjecthash( self.iddb[identity]) except KeyError: raise CliArgumentError( "Error: Recipient '%s' is not in the recipient database" % identity)
def test_cert_fingerprint(self): """Verify fingerprint is correct""" for _, identity in self.identities.iddb.items(): fingerprint = crypto.get_cert_fingerprint(identity['certs'][0]['cert_bytes']) self.assertTrue(len(fingerprint.split(':')) == 20)