示例#1
0
 def setupKey(self, subjectOrIssuer, value):
     if subjectOrIssuer == 'subject':
         self.subjectKey = pykey.keyFromSpecification(value)
     elif subjectOrIssuer == 'issuer':
         self.issuerKey = pykey.keyFromSpecification(value)
     else:
         raise UnknownKeyTargetError(subjectOrIssuer)
def createSTH(configStream):
    """Given a stream that will provide the specification for a signed
    tree head (see the comment at the top of this file), creates the
    corresponding signed tree head. Returns a string that can be
    compiled as C/C++ that declares two const char*s kSTHHex and
    kSPKIHex corresponding to the hex encoding of the signed tree head
    and the hex encoding of the subject public key info from the
    specification, respectively."""
    toSign = ""
    prefix = ""
    hashAlgorithm = "sha256"
    for line in configStream.readlines():
        if ":" in line:
            param = line.split(":")[0]
            arg = line.split(":")[1].split("//")[0].strip()
            if param == "signingKey":
                signingKey = pykey.keyFromSpecification(arg)
            elif param == "spki":
                spki = pykey.keyFromSpecification(arg)
            elif param == "prefix":
                prefix = arg
            elif param == "hash":
                hashAlgorithm = arg
            else:
                raise UnknownParameterTypeError(param)
        else:
            toSign = toSign + line.split("//")[0].strip()
    signature = sign(signingKey, hashAlgorithm, toSign)
    lengthBytesHex = getTwoByteLenAsHex(binascii.unhexlify(signature))
    sth = prefix + toSign + lengthBytesHex + signature
    spkiHex = encoder.encode(spki.asSubjectPublicKeyInfo()).hex()
    return 'const char* kSTHHex = "%s";\nconst char* kSPKIHex = "%s";\n' % (
        sth,
        spkiHex,
    )
示例#3
0
 def __init__(self, paramStream):
     self.versionValue = 2  # a value of 2 is X509v3
     self.signature = 'sha256WithRSAEncryption'
     self.issuer = 'Default Issuer'
     actualNow = datetime.datetime.utcnow()
     self.now = datetime.datetime.strptime(str(actualNow.year), '%Y')
     aYearAndAWhile = datetime.timedelta(days=400)
     self.notBefore = self.now - aYearAndAWhile
     self.notAfter = self.now + aYearAndAWhile
     self.subject = 'Default Subject'
     self.extensions = None
     # The serial number can be automatically generated from the
     # certificate specification. We need this value to depend in
     # part of what extensions are present. self.extensions are
     # pyasn1 objects. Depending on the string representation of
     # these objects can cause the resulting serial number to change
     # unexpectedly, so instead we depend on the original string
     # representation of the extensions as specified.
     self.extensionLines = None
     self.savedEmbeddedSCTListData = None
     self.subjectKey = pykey.keyFromSpecification('default')
     self.issuerKey = pykey.keyFromSpecification('default')
     self.serialNumber = None
     self.decodeParams(paramStream)
     # If a serial number wasn't specified, generate one based on
     # the certificate contents.
     if not self.serialNumber:
         self.serialNumber = self.generateSerialNumber()
     # This has to be last because the SCT signature depends on the
     # contents of the certificate.
     if self.savedEmbeddedSCTListData:
         self.addEmbeddedSCTListData()
示例#4
0
 def setupKey(self, subjectOrIssuer, value):
     if subjectOrIssuer == 'subject':
         self.subjectKey = pykey.keyFromSpecification(value)
     elif subjectOrIssuer == 'issuer':
         self.issuerKey = pykey.keyFromSpecification(value)
     else:
         raise UnknownKeyTargetError(subjectOrIssuer)
示例#5
0
 def __init__(self, paramStream):
     self.versionValue = 2 # a value of 2 is X509v3
     self.signature = 'sha256WithRSAEncryption'
     self.issuer = 'Default Issuer'
     actualNow = datetime.datetime.utcnow()
     self.now = datetime.datetime.strptime(str(actualNow.year), '%Y')
     aYearAndAWhile = datetime.timedelta(days=550)
     self.notBefore = self.now - aYearAndAWhile
     self.notAfter = self.now + aYearAndAWhile
     self.subject = 'Default Subject'
     self.extensions = None
     self.subjectKey = pykey.keyFromSpecification('default')
     self.issuerKey = pykey.keyFromSpecification('default')
     self.decodeParams(paramStream)
     self.serialNumber = self.generateSerialNumber()
示例#6
0
 def __init__(self, paramStream):
     self.versionValue = 2  # a value of 2 is X509v3
     self.signature = 'sha256WithRSAEncryption'
     self.issuer = 'Default Issuer'
     actualNow = datetime.datetime.utcnow()
     self.now = datetime.datetime.strptime(str(actualNow.year), '%Y')
     aYearAndAWhile = datetime.timedelta(days=550)
     self.notBefore = self.now - aYearAndAWhile
     self.notAfter = self.now + aYearAndAWhile
     self.subject = 'Default Subject'
     self.extensions = None
     self.subjectKey = pykey.keyFromSpecification('default')
     self.issuerKey = pykey.keyFromSpecification('default')
     self.decodeParams(paramStream)
     self.serialNumber = self.generateSerialNumber()
示例#7
0
 def __init__(self, paramStream):
     self.versionValue = 2 # a value of 2 is X509v3
     self.signature = 'sha256WithRSAEncryption'
     self.issuer = 'Default Issuer'
     actualNow = datetime.datetime.utcnow()
     self.now = datetime.datetime.strptime(str(actualNow.year), '%Y')
     aYearAndAWhile = datetime.timedelta(days=400)
     self.notBefore = self.now - aYearAndAWhile
     self.notAfter = self.now + aYearAndAWhile
     self.subject = 'Default Subject'
     self.extensions = None
     self.savedEmbeddedSCTListData = None
     self.subjectKey = pykey.keyFromSpecification('default')
     self.issuerKey = pykey.keyFromSpecification('default')
     self.serialNumber = None
     self.decodeParams(paramStream)
     # If a serial number wasn't specified, generate one based on
     # the certificate contents.
     if not self.serialNumber:
         self.serialNumber = self.generateSerialNumber()
     # This has to be last because the SCT signature depends on the
     # contents of the certificate.
     if self.savedEmbeddedSCTListData:
         self.addEmbeddedSCTListData()
示例#8
0
 def __init__(self, paramStream):
     self.versionValue = 2 # a value of 2 is X509v3
     self.signature = 'sha256WithRSAEncryption'
     self.issuer = 'Default Issuer'
     actualNow = datetime.datetime.utcnow()
     self.now = datetime.datetime.strptime(str(actualNow.year), '%Y')
     aYearAndAWhile = datetime.timedelta(days=400)
     self.notBefore = self.now - aYearAndAWhile
     self.notAfter = self.now + aYearAndAWhile
     self.subject = 'Default Subject'
     self.extensions = None
     self.savedEmbeddedSCTListData = None
     self.subjectKey = pykey.keyFromSpecification('default')
     self.issuerKey = pykey.keyFromSpecification('default')
     self.serialNumber = None
     self.decodeParams(paramStream)
     # If a serial number wasn't specified, generate one based on
     # the certificate contents.
     if not self.serialNumber:
         self.serialNumber = self.generateSerialNumber()
     # This has to be last because the SCT signature depends on the
     # contents of the certificate.
     if self.savedEmbeddedSCTListData:
         self.addEmbeddedSCTListData()
示例#9
0
 def __init__(self, paramStream):
     self.sha1 = ''
     self.sha256 = ''
     signerSpecification = StringIO.StringIO()
     readingSignerSpecification = False
     for line in paramStream.readlines():
         if readingSignerSpecification:
             print >> signerSpecification, line.strip()
         elif line.strip() == 'signer:':
             readingSignerSpecification = True
         elif line.startswith('sha1:'):
             self.sha1 = line.strip()[len('sha1:'):]
         elif line.startswith('sha256:'):
             self.sha256 = line.strip()[len('sha256:'):]
         else:
             raise UnknownDirectiveError(line.strip())
     signerSpecification.seek(0)
     self.signer = pycert.Certificate(signerSpecification)
     self.signingKey = pykey.keyFromSpecification('default')
示例#10
0
 def __init__(self, paramStream):
     self.sha1 = ""
     self.sha256 = ""
     signerSpecification = StringIO()
     readingSignerSpecification = False
     for line in paramStream.readlines():
         if readingSignerSpecification:
             print(line.strip(), file=signerSpecification)
         elif line.strip() == "signer:":
             readingSignerSpecification = True
         elif line.startswith("sha1:"):
             self.sha1 = line.strip()[len("sha1:"):]
         elif line.startswith("sha256:"):
             self.sha256 = line.strip()[len("sha256:"):]
         else:
             raise UnknownDirectiveError(line.strip())
     signerSpecification.seek(0)
     self.signer = pycert.Certificate(signerSpecification)
     self.signingKey = pykey.keyFromSpecification("default")
示例#11
0
 def __init__(self, paramStream):
     self.sha1 = ''
     self.sha256 = ''
     signerSpecification = StringIO.StringIO()
     readingSignerSpecification = False
     for line in paramStream.readlines():
         if readingSignerSpecification:
             print >>signerSpecification, line.strip()
         elif line.strip() == 'signer:':
             readingSignerSpecification = True
         elif line.startswith('sha1:'):
             self.sha1 = line.strip()[len('sha1:'):]
         elif line.startswith('sha256:'):
             self.sha256 = line.strip()[len('sha256:'):]
         else:
             raise UnknownDirectiveError(line.strip())
     signerSpecification.seek(0)
     self.signer = pycert.Certificate(signerSpecification)
     self.signingKey = pykey.keyFromSpecification('default')
示例#12
0
 def addEmbeddedSCTListData(self):
     (scts, critical) = self.savedEmbeddedSCTListData
     encodedSCTs = []
     for sctSpec in scts.split(','):
         match = re.search('(\w+):(\d{8})', sctSpec)
         if not match:
             raise InvalidSCTSpecification(sctSpec)
         keySpec = match.group(1)
         key = pykey.keyFromSpecification(keySpec)
         time = datetime.datetime.strptime(match.group(2), '%Y%m%d')
         tbsCertificate = self.getTBSCertificate()
         tbsDER = encoder.encode(tbsCertificate)
         sct = pyct.SCT(key, time, tbsDER, self.issuerKey)
         signed = sct.signAndEncode()
         lengthPrefix = pack('!H', len(signed))
         encodedSCTs.append(lengthPrefix + signed)
     encodedSCTBytes = "".join(encodedSCTs)
     lengthPrefix = pack('!H', len(encodedSCTBytes))
     extensionBytes = lengthPrefix + encodedSCTBytes
     self.addExtension(univ.ObjectIdentifier('1.3.6.1.4.1.11129.2.4.2'),
                       univ.OctetString(extensionBytes), critical)
示例#13
0
 def addEmbeddedSCTListData(self):
     (scts, critical) = self.savedEmbeddedSCTListData
     encodedSCTs = []
     for sctSpec in scts.split(','):
         match = re.search('(\w+):(\d{8})', sctSpec)
         if not match:
             raise InvalidSCTSpecification(sctSpec)
         keySpec = match.group(1)
         key = pykey.keyFromSpecification(keySpec)
         time = datetime.datetime.strptime(match.group(2), '%Y%m%d')
         tbsCertificate = self.getTBSCertificate()
         tbsDER = encoder.encode(tbsCertificate)
         sct = pyct.SCT(key, time, tbsDER, self.issuerKey)
         signed = sct.signAndEncode()
         lengthPrefix = pack('!H', len(signed))
         encodedSCTs.append(lengthPrefix + signed)
     encodedSCTBytes = "".join(encodedSCTs)
     lengthPrefix = pack('!H', len(encodedSCTBytes))
     extensionBytes = lengthPrefix + encodedSCTBytes
     self.addExtension(univ.ObjectIdentifier('1.3.6.1.4.1.11129.2.4.2'),
                       univ.OctetString(extensionBytes), critical)