def load_chain_dir(chain_dir): """ Loads a chain of certs from a dir Only gets the .pem files from it """ chain_place=load_cert_from_dir(chain_dir,get_all=True) result=chain_manager_factory(chain_place,X509ChainManager.X509_CERT) return result
def load_chain_from_dirs(list_of_dirs): """ A similar approach like above ones but we need it for our project because all the time we have different diectories for different certs so may need to scan them. The scanning depth is 1 we dont do recursive things because we may have some private keys :) """ chain_place = load_certs_from_dirs(list_of_dirs) result=chain_manager_factory(chain_place,X509ChainManager.X509_CERT) return result
def recreate_internal_db(self): """ Recreating the internal db because it is corrupted or not exists .The internal structure for every cert will be like : 'cert_hash':{ 'cert_subject':"value of the subject", 'cert_file':"value of the file name", 'chain':True,False } """ from imzaci.util.cert_util import parse_pem_cert from imzaci.cert.chain_manager import chain_manager_factory, X509ChainManager internal_file_path = os.path.join(self.__db_dir, INTERNAL_DB_FILE) if os.path.exists(internal_file_path): index_files = glob.glob("".join([internal_file_path, "*"])) # print "The index files to remove : ",index_files for index_file in index_files: os.remove(index_file) possible_certs = glob.glob("".join([self.__db_dir, "/", "*.pem"])) if not possible_certs: write_index_data(self.__db_dir, {}) return True for cert_file in possible_certs: parsed_object = parse_pem_cert(cert_file) if not parsed_object: continue if len(parsed_object) > 1: # it may be a chain chain = chain_manager_factory(parsed_object, X509ChainManager.X509_CERT) if not chain: # it seems we dont have a valid chain here continue else: for c in chain: cert_entry = self.__create_entry_index( c, cert_file, is_chain=True, chain_hash=chain.get_chain_hash() ) write_index_data(self.__db_dir, cert_entry) else: # it is a single one cert_entry = self.__create_entry_index(parsed_object[0], cert_file, is_chain=False) write_index_data(self.__db_dir, cert_entry) return True
def load_chain_file(chain_file): """ Loads a chain from a single file Works for pattern : ----BEGIN CERT---- ----END CERT----- """ from imzaci.util.cert_util import parse_pem_cert import os if not os.path.exists(chain_file): print "Chain file doesnt exists" return None chain_place = parse_pem_cert(chain_file) if not chain_place: print "Error when loading the chain file ",chain_file return None result=chain_manager_factory(chain_place,X509ChainManager.X509_CERT) return result
def load_chain_sign(self): from imzaci.util.cert_util import parse_pem_cert_buf from imzaci.sign.pkcs7_util import get_cert_from_signature from imzaci.cert.chain_manager import X509ChainManager,chain_manager_factory """ Get the certs and chains from the signature test if we trust em and continue verification """ chain_string = get_cert_from_signature(self.signature_file) #print chain_string if not chain_string: raise PkcsOperationException("Error when extracting chains from sginature file ...(probably corrupted or changed)") chain_candidates = parse_pem_cert_buf(chain_string) if not chain_candidates: raise PkcsOperationException("Error when extracting chains from sginature file ...(probably corrupted or changed)") chain =chain_manager_factory(chain_candidates,X509ChainManager.X509_CERT) if not chain: raise PkcsOperationException("Chain extracted from signature file, but it was not a valid chain, probably corrupted signature file") #get the chain return chain