def _get_openssl_key_manager(cert_file, key_file=None): paths = [key_file] if key_file else [] paths.append(cert_file) # Go from Bouncy Castle API to Java's; a bit heavyweight for the Python dev ;) key_converter = JcaPEMKeyConverter().setProvider("BC") cert_converter = JcaX509CertificateConverter().setProvider("BC") private_key = None certs = [] for path in paths: for br in _extract_readers(path): while True: obj = PEMParser(br).readObject() if obj is None: break if isinstance(obj, PEMKeyPair): private_key = key_converter.getKeyPair(obj).getPrivate() elif isinstance(obj, PrivateKeyInfo): private_key = key_converter.getPrivateKey(obj) elif isinstance(obj, X509CertificateHolder): certs.append(cert_converter.getCertificate(obj)) assert private_key, "No private key loaded" key_store = KeyStore.getInstance(KeyStore.getDefaultType()) key_store.load(None, None) key_store.setKeyEntry(str(uuid.uuid4()), private_key, [], certs) kmf = KeyManagerFactory.getInstance( KeyManagerFactory.getDefaultAlgorithm()) kmf.init(key_store, []) return kmf
def _get_openssl_key_manager(cert_file, key_file=None): paths = [key_file] if key_file else [] paths.append(cert_file) # Go from Bouncy Castle API to Java's; a bit heavyweight for the Python dev ;) key_converter = JcaPEMKeyConverter().setProvider("BC") cert_converter = JcaX509CertificateConverter().setProvider("BC") private_key = None certs = [] for path in paths: for br in _extract_readers(path): while True: obj = PEMParser(br).readObject() if obj is None: break if isinstance(obj, PEMKeyPair): private_key = key_converter.getKeyPair(obj).getPrivate() elif isinstance(obj, PrivateKeyInfo): private_key = key_converter.getPrivateKey(obj) elif isinstance(obj, X509CertificateHolder): certs.append(cert_converter.getCertificate(obj)) assert private_key, "No private key loaded" key_store = KeyStore.getInstance(KeyStore.getDefaultType()) key_store.load(None, None) key_store.setKeyEntry(str(uuid.uuid4()), private_key, [], certs) kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()) kmf.init(key_store, []) return kmf
def _get_openssl_key_manager(cert_file=None, key_file=None, password=None, _key_store=None): certs, private_key = [], None if _key_store is None: _key_store = KeyStore.getInstance(KeyStore.getDefaultType()) _key_store.load(None, None) if key_file is not None: certs, private_key = _extract_certs_for_paths([key_file], password) if private_key is None: from _socket import SSLError, SSL_ERROR_SSL raise SSLError(SSL_ERROR_SSL, "PEM lib (No private key loaded)") if cert_file is not None: _certs, _private_key = _extract_certs_for_paths([cert_file], password) private_key = _private_key if _private_key else private_key certs.extend(_certs) if not private_key: from _socket import SSLError, SSL_ERROR_SSL raise SSLError(SSL_ERROR_SSL, "PEM lib (No private key loaded)") keys_match = False for cert in certs: # TODO works for RSA only for now if not isinstance(cert.publicKey, RSAPublicKey) and isinstance( private_key, RSAPrivateCrtKey): keys_match = True continue if cert.publicKey.getModulus() == private_key.getModulus() \ and cert.publicKey.getPublicExponent() == private_key.getPublicExponent(): keys_match = True else: keys_match = False if key_file is not None and not keys_match: from _socket import SSLError, SSL_ERROR_SSL raise SSLError(SSL_ERROR_SSL, "key values mismatch") _key_store.setKeyEntry(_str_hash_key_entry(private_key, *certs), private_key, [], certs) kmf = KeyManagerFactory.getInstance( KeyManagerFactory.getDefaultAlgorithm()) kmf.init(_key_store, []) return kmf
def _get_openssl_key_manager(cert_file=None, key_file=None, password=None, _key_store=None): certs, private_key = [], None if _key_store is None: _key_store = KeyStore.getInstance(KeyStore.getDefaultType()) _key_store.load(None, None) if key_file is not None: certs, private_key = _extract_certs_for_paths([key_file], password) if private_key is None: from _socket import SSLError, SSL_ERROR_SSL raise SSLError(SSL_ERROR_SSL, "PEM lib (No private key loaded)") if cert_file is not None: _certs, _private_key = _extract_certs_for_paths([cert_file], password) private_key = _private_key if _private_key else private_key certs.extend(_certs) if not private_key: from _socket import SSLError, SSL_ERROR_SSL raise SSLError(SSL_ERROR_SSL, "PEM lib (No private key loaded)") keys_match = False for cert in certs: # TODO works for RSA only for now if not isinstance(cert.publicKey, RSAPublicKey) and isinstance(private_key, RSAPrivateCrtKey): keys_match = True continue if cert.publicKey.getModulus() == private_key.getModulus() \ and cert.publicKey.getPublicExponent() == private_key.getPublicExponent(): keys_match = True else: keys_match = False if key_file is not None and not keys_match: from _socket import SSLError, SSL_ERROR_SSL raise SSLError(SSL_ERROR_SSL, "key values mismatch") _key_store.setKeyEntry(_str_hash_key_entry(private_key, *certs), private_key, [], certs) kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()) kmf.init(_key_store, []) return kmf
def _get_openssl_key_manager(cert_file, key_file=None): paths = [key_file] if key_file else [] paths.append(cert_file) private_key = None certs = [] for path in paths: with closing(FileReader(path)) as reader: br = BufferedReader(reader) while True: obj = PEMReader(br).readObject() if obj is None: break if isinstance(obj, KeyPair): private_key = obj.getPrivate() elif isinstance(obj, X509Certificate): certs.append(obj) key_store = KeyStore.getInstance(KeyStore.getDefaultType()) key_store.load(None, None) key_store.setKeyEntry(str(uuid.uuid4()), private_key, [], certs) kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()) kmf.init(key_store, []) return kmf