diff options
| author | Rob Austein <sra@hactrn.net> | 2007-08-15 06:51:54 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2007-08-15 06:51:54 +0000 |
| commit | 43b61961de173b35df5bca8e982dacb7a76f1b5d (patch) | |
| tree | 7cd194464dec76fb47a7be336484457890bb3944 | |
| parent | cebd2c29f56bcc7d92718296663df185fa481d17 (diff) | |
Cleanup
svn path=/scripts/gski.py; revision=882
| -rw-r--r-- | scripts/gski.py | 13 | ||||
| -rwxr-xr-x | scripts/irbe-cli.py | 21 | ||||
| -rw-r--r-- | scripts/rpki/pkix-m2crypto-driver.py | 42 |
3 files changed, 56 insertions, 20 deletions
diff --git a/scripts/gski.py b/scripts/gski.py index f7e6dbf6..6d1e34c3 100644 --- a/scripts/gski.py +++ b/scripts/gski.py @@ -1,6 +1,6 @@ # $Id$ -import POW, POW.pkix, base64, getopt, sys +import rpki.x509, POW.pkix, base64, getopt, sys opts, args = getopt.getopt(sys.argv[1:], "", ["pem", "der"]) @@ -11,12 +11,9 @@ for o, a in opts: if o == "--der": use_pem = False for file in args: - f = open(file, "r") - der = f.read() - f.close() if use_pem: - der = POW.pemRead(POW.X509_CERTIFICATE, der).derWrite() - cert = POW.pkix.Certificate() - cert.fromString(der) - ski = base64.b64encode([x for x in cert.getExtensions() if x[0] == (2, 5, 29, 14)][0][2]).replace("+", "-").replace("/", "_") + cert = rpki.x509.X509(PEM_file=file) + else: + cert = rpki.x509.X509(DER_file=file) + ski = base64.b64encode([x for x in cert.get_POWpkix().getExtensions() if x[0] == (2, 5, 29, 14)][0][2]).replace("+", "-").replace("/", "_") print ski, file diff --git a/scripts/irbe-cli.py b/scripts/irbe-cli.py index 8ebb149e..0320967b 100755 --- a/scripts/irbe-cli.py +++ b/scripts/irbe-cli.py @@ -6,11 +6,19 @@ This only handles the control channel. The query back-channel will be a separate program. """ -import glob, rpki.left_right, rpki.relaxng, getopt, sys, lxml.etree, POW, POW.pkix, rpki.cms, rpki.https, xml.sax, lxml.sax +import glob, rpki.left_right, rpki.relaxng, getopt, sys, lxml.etree, POW.pkix, rpki.cms, rpki.https, xml.sax, lxml.sax, rpki.x509 # Kludge around current test setup all being PEM rather than DER format convert_from_pem = True +def read_cert(filename): + """Read a certificate file from disk.""" + if convert_from_pem: + cert = rpki.x509.X509(PEM_file=filename) + else: + cert = rpki.x509.X509(DER_file=filename) + return cert.get_POWpkix() + class command(object): """Command processor mixin class for left-right protocol objects. @@ -54,17 +62,6 @@ class command(object): """Special handler for --peer_ta option.""" self.peer_ta = read_cert(arg) -def read_cert(filename): - """Read a certificate file from disk.""" - f = open(filename, "r") - der = f.read() - f.close() - if convert_from_pem: - der = POW.pemRead(POW.X509_CERTIFICATE, der).derWrite() - cert = POW.pkix.Certificate() - cert.fromString(der) - return cert - class self(command, rpki.left_right.self_elt): '''"self" command.''' diff --git a/scripts/rpki/pkix-m2crypto-driver.py b/scripts/rpki/pkix-m2crypto-driver.py new file mode 100644 index 00000000..61dabac7 --- /dev/null +++ b/scripts/rpki/pkix-m2crypto-driver.py @@ -0,0 +1,42 @@ +# $Id$ + +"""Crypto driver for POW.pkix using M2Crypto. + +This driver is part of an attempt to salvage the (really nice) +POW.pkix code from the POW package. I like POW well enough, but it's +old and missing some pieces and the Python world seems to have moved +to M2Crypto. But M2Crypto has nothing like POW.pkix, so I whacked +together an interface to let POW.pkix run over other crypto packages. + +This module is a driver for M2Crypto. +""" + +# NB: Module names may change eventually + +import POW.pkix + +class M2CryptoCryptoDriver(POW.pkix.CryptoDriver): + """Dispatcher for crypto calls using M2Crypto package.""" + + def __init__(self): + import M2Crypto + self.driver2OID = { + "md5" : (1, 2, 840, 113549, 1, 1, 4), # md5WithRSAEncryption + "sha1" : (1, 2, 840, 113549, 1, 1, 5), # sha1withRSAEncryption + "ripemd160" : (1, 2, 840, 113549, 1, 1, 6), # ripemd160WithRSAEncryption + "sha256" : (1, 2, 840, 113549, 1, 1, 11), # sha256WithRSAEncryption + } + self.OID2driver = dict((v,k) for k,v in self.driver2OID.iteritems()) + + def sign(self, key, oid, plaintext): + digest = M2Crypto.EVP.MessageDigest(self.OID2driver[oid]) + digest.update(plaintext) + return key.sign(digest.final(), self.OID2driver[oid]) + + def verify(self, key, oid, plaintext, signature): + return key.verify(plaintext, signature, self.OID2driver[oid]) + + def keyDER(self, key): + bio = M2Crypto.BIO.MemoryBuffer() + key.save_key_der_bio(bio) + return bio.read() |