def _wrap_callback(self, callback):
@wraps(callback)
def wrapper(size, verify, userdata):
return callback(size, verify, self._passphrase_userdata)
return _PassphraseHelper(FILETYPE_PEM,
wrapper,
more_args=True,
truncate=True)
def dump_rsa_privatekey(pkey):
"""
Dump a private rsa key to a buffer
:param pkey: The PKey to dump
:return: The buffer with the dumped key in
:rtype: :py:data:`str`
"""
# Based off of https://github.com/pyca/pyopenssl/blob/27398343217703c5261e67d6c19dda89ba559f1b/OpenSSL/crypto.py#L1418-L1466
from OpenSSL._util import (
ffi as _ffi,
lib as _lib,
exception_from_error_queue as _exception_from_error_queue)
from OpenSSL import crypto
from functools import partial
class Error(Exception):
"""
An error occurred in an `OpenSSL.crypto` API.
"""
_raise_current_error = partial(_exception_from_error_queue, Error)
bio = crypto._new_mem_buf()
cipher_obj = _ffi.NULL
rsa = _lib.EVP_PKEY_get1_RSA(pkey._pkey)
helper = crypto._PassphraseHelper(crypto.FILETYPE_PEM, None)
result_code = _lib.PEM_write_bio_RSAPrivateKey(
bio, rsa, cipher_obj, _ffi.NULL, 0,
helper.callback, helper.callback_args)
helper.raise_if_problem()
if result_code == 0:
_raise_current_error()
return crypto._bio_to_string(bio)
def dump_rsa_privatekey(pkey):
"""
Dump a private rsa key to a buffer
:param pkey: The PKey to dump
:return: The buffer with the dumped key in
:rtype: :py:data:`str`
"""
# Based off of https://github.com/pyca/pyopenssl/blob/27398343217703c5261e67d6c19dda89ba559f1b/OpenSSL/crypto.py#L1418-L1466
from OpenSSL._util import (ffi as _ffi, lib as _lib,
exception_from_error_queue as
_exception_from_error_queue)
from OpenSSL import crypto
from functools import partial
class Error(Exception):
"""
An error occurred in an `OpenSSL.crypto` API.
"""
_raise_current_error = partial(_exception_from_error_queue, Error)
bio = crypto._new_mem_buf()
cipher_obj = _ffi.NULL
rsa = _lib.EVP_PKEY_get1_RSA(pkey._pkey)
helper = crypto._PassphraseHelper(crypto.FILETYPE_PEM, None)
result_code = _lib.PEM_write_bio_RSAPrivateKey(bio, rsa, cipher_obj,
_ffi.NULL, 0,
helper.callback,
helper.callback_args)
helper.raise_if_problem()
if result_code == 0:
_raise_current_error()
return crypto._bio_to_string(bio)
def write_rsa_private_key (private_key): helper = crypto._PassphraseHelper (type, None) bio = crypto._new_mem_buf () rsa_private_key = crypto._lib.EVP_PKEY_get1_RSA (private_key._pkey) result_code = crypto._lib.PEM_write_bio_RSAPrivateKey ( bio, rsa_private_key, crypto._ffi.NULL, crypto._ffi.NULL, 0, helper.callback, helper.callback_args) helper.raise_if_problem () rsa_private_key_string = crypto._bio_to_string (bio) return rsa_private_key_string
def _wrap_callback(self, callback):
@wraps(callback)
def wrapper(size, verify, userdata):
return callback(size, verify, self._passphrase_userdata)
return _PassphraseHelper(
FILETYPE_PEM, wrapper, more_args=True, truncate=True)
def get(self, name):
if (self.state != "active"):
raise Exception()
entry_path = self.path + "/subjects/" + name
if not self.client.exists(entry_path):
raise Exception("No certificate for " + name)
if not self.client.exists(entry_path + "/current"):
raise Exception("No current certificate for " + name)
certificate_path = entry_path + "/current/certificate"
certificate_string = self.client.get_raw(certificate_path)
chain_paths = []
chain_strings = []
for chain_index in range(0, 9):
chain_path = entry_path + "/current/chain/" + str(chain_index)
if not self.client.exists(chain_path):
break
chain_string = self.client.get_raw(chain_path)
chain_strings.append(chain_string)
chain_paths.append(chain_path)
key_path = entry_path + "/current/key"
key_string = self.client.get_raw(key_path)
# convert to rsa private key
# TODO backport this to pyopenssl
private_key = crypto.load_privatekey(crypto.FILETYPE_PEM, key_string)
helper = crypto._PassphraseHelper(type, None)
bio = crypto._new_mem_buf()
rsa_private_key = crypto._lib.EVP_PKEY_get1_RSA(private_key._pkey)
result_code = crypto._lib.PEM_write_bio_RSAPrivateKey(
bio, rsa_private_key, crypto._ffi.NULL, crypto._ffi.NULL, 0,
helper.callback, helper.callback_args)
helper.raise_if_problem()
rsa_private_key_string = crypto._bio_to_string(bio)
# format other information
subject_certificate = crypto.load_certificate(crypto.FILETYPE_PEM,
certificate_string)
subject_not_before = time.strftime(
"%Y-%m-%dT%H:%M:%SZ",
time.strptime(subject_certificate.get_notBefore(),
"%Y%m%d%H%M%SZ"))
subject_not_after = time.strftime(
"%Y-%m-%dT%H:%M:%SZ",
time.strptime(subject_certificate.get_notAfter(), "%Y%m%d%H%M%SZ"))
# return
return Certificate(common_name=name,
serial=None,
digest=None,
request=None,
certificate=certificate_string,
certificate_path=certificate_path,
not_before=subject_not_before,
not_after=subject_not_after,
chain=chain_strings,
chain_paths=chain_paths,
private_key=key_string,
private_key_path=key_path,
rsa_private_key=rsa_private_key_string)
