You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@labs.apache.org by dr...@apache.org on 2008/01/08 22:54:20 UTC
svn commit: r610182 - in /labs/badca: BaDCA/Certificates.py BaDCA/baseCA.py
openssl/certmodule.c tests/runTests.py
Author: dreid
Date: Tue Jan 8 13:54:19 2008
New Revision: 610182
URL: http://svn.apache.org/viewvc?rev=610182&view=rev
Log:
Add modulus extraction for a certificate
Add function check if key wa sused to create a certificate
Correct an error with the emptyDirectory function pointed out by
Mads Toftum
Use certificate modulus to add extra checks for key recognition
Modified:
labs/badca/BaDCA/Certificates.py
labs/badca/BaDCA/baseCA.py
labs/badca/openssl/certmodule.c
labs/badca/tests/runTests.py
Modified: labs/badca/BaDCA/Certificates.py
URL: http://svn.apache.org/viewvc/labs/badca/BaDCA/Certificates.py?rev=610182&r1=610181&r2=610182&view=diff
==============================================================================
--- labs/badca/BaDCA/Certificates.py (original)
+++ labs/badca/BaDCA/Certificates.py Tue Jan 8 13:54:19 2008
@@ -16,6 +16,7 @@
keyPaths = []
notBefore = None
notAfter = None
+ modulus = None
def __init__(self, filename = None, obj = None, keyPaths = None):
if keyPaths is not None:
@@ -133,15 +134,18 @@
return True
return False
+ # Collect all information from the certificate we need.
+ # Try and find the key that was used to create the certificate.
def processCertificate(self):
if self.cert is None:
return
self.info = cert.parse(self.cert)
self.notBefore = self.asTime("notBefore")
self.notAfter = self.asTime("notAfter")
+ self.modulus = cert.getModulus(self.cert)
key = Keys.RSAKey(searchPath = self.keyPaths, \
certificate = self.cert)
- if key.isValid():
+ if key.isValid() and key.modulus == self.modulus:
self.key = key
def signRequest(self, csr = None, options = None):
@@ -191,4 +195,13 @@
self.filename = os.path.abspath( \
os.path.join(dirname, self.getSerial() + '.pem'))
return cert.write(self.cert, self.filename)
+
+ def checkKey(self, key):
+ if self.key is not None:
+ if key == self.key:
+ return True
+ if self.modulus == self.key.modulus:
+ self.key = key
+ return True
+ return False
Modified: labs/badca/BaDCA/baseCA.py
URL: http://svn.apache.org/viewvc/labs/badca/BaDCA/baseCA.py?rev=610182&r1=610181&r2=610182&view=diff
==============================================================================
--- labs/badca/BaDCA/baseCA.py (original)
+++ labs/badca/BaDCA/baseCA.py Tue Jan 8 13:54:19 2008
@@ -166,9 +166,14 @@
if self.currentCertificate is None:
self.currentCertificate = c
break
- # todo - set the current key!
- return 1
-
+ if self.currentCertificate:
+ for k in self.keys:
+ if self.currentCertificate.checkKey(k):
+ self.currentKey = k
+ if self.currentKey and self.currentCertificate:
+ return 1
+ return 0
+
def createSelfSigned(self):
key = Keys.RSAKey()
if key is None:
Modified: labs/badca/openssl/certmodule.c
URL: http://svn.apache.org/viewvc/labs/badca/openssl/certmodule.c?rev=610182&r1=610181&r2=610182&view=diff
==============================================================================
--- labs/badca/openssl/certmodule.c (original)
+++ labs/badca/openssl/certmodule.c Tue Jan 8 13:54:19 2008
@@ -839,6 +839,49 @@
return Py_BuildValue("s", serial);
}
+static PyObject *
+getCertificateModulus(PyObject *self, PyObject *args)
+{
+ X509 *cert = NULL;
+ void *tmp = NULL;
+ EVP_PKEY *pkey = NULL;
+ PyObject *rv = NULL;
+
+ if (! PyArg_ParseTuple(args, "O", &tmp))
+ return NULL;
+
+ cert = (X509 *)PyCObject_AsVoidPtr(tmp);
+ if (!cert) {
+ PyErr_SetString(PyExc_ValueError, "No certificate object supplied");
+ return NULL;
+ }
+
+ pkey=X509_get_pubkey(cert);
+ if (pkey && pkey->type == EVP_PKEY_RSA) {
+ char *modulus = NULL;
+ long sz = 0;
+ BIO *out = BIO_new(BIO_s_mem());
+ if (out) {
+ BN_print(out, pkey->pkey.rsa->n);
+ (void)BIO_flush(out);
+
+ sz = BIO_get_mem_data(out, &modulus);
+ if (sz && modulus)
+ (void)BIO_set_close(out, BIO_NOCLOSE);
+ BIO_free(out);
+ if (modulus && sz > 0)
+ rv = PyString_FromStringAndSize(modulus, sz);
+ else
+ PyErr_SetString(PyExc_RuntimeError,
+ "Unable to allocate memory for the public key modulus");
+ } else
+ PyErr_SetString(PyExc_RuntimeError, "Unable to create a BIO");
+ }
+ EVP_PKEY_free(pkey);
+
+ return rv;
+}
+
static PyMethodDef CertMethods[] = {
{ "read", readCert, METH_VARARGS, "Read a certificate from a file" },
{ "write", writeCert, METH_VARARGS, "Write a certificate to a file" },
@@ -847,7 +890,10 @@
"Create a certificate from a CSR using a root certificate" },
{ "createCertificateFromDict", createSelfSignedCertificate, METH_VARARGS,
"Create a self signed 'root' certificate using a dict for the subject" },
- { "getSerial", getCertificateSerial, METH_VARARGS, "Get the serial from a certificate" },
+ { "getSerial", getCertificateSerial, METH_VARARGS,
+ "Get the serial from a certificate" },
+ { "getModulus", getCertificateModulus, METH_VARARGS,
+ "Get the modulus of the certificate's public key" },
{ NULL, NULL, 0, NULL },
};
Modified: labs/badca/tests/runTests.py
URL: http://svn.apache.org/viewvc/labs/badca/tests/runTests.py?rev=610182&r1=610181&r2=610182&view=diff
==============================================================================
--- labs/badca/tests/runTests.py (original)
+++ labs/badca/tests/runTests.py Tue Jan 8 13:54:19 2008
@@ -98,6 +98,8 @@
def emptyDirectory(self, thedir):
files = os.listdir(thedir)
for f in files:
+ if f == '.svn':
+ continue
fn = os.path.join(thedir, f)
print " removing '%s' [%s]" % (f, fn)
if os.path.isdir(fn):
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@labs.apache.org
For additional commands, e-mail: commits-help@labs.apache.org