Changeset 6829 for TI12-security/trunk


Ignore:
Timestamp:
21/04/10 11:51:19 (10 years ago)
Author:
pjkersha
Message:

Working getTrustRoots method but SEGV errors with private key conversion to PEM format. Will make a branch to revisit pyOpenSSL and dump M2Crypto.

Location:
TI12-security/trunk/MyProxyClient
Files:
2 added
7 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/MyProxyClient/.pydevproject

    r6827 r6829  
    66<path>/MyProxyClient</path> 
    77</pydev_pathproperty> 
    8 <pydev_property name="org.python.pydev.PYTHON_PROJECT_VERSION">python 2.6</pydev_property> 
    9 <pydev_property name="org.python.pydev.PYTHON_PROJECT_INTERPRETER">Python2.6</pydev_property> 
     8<pydev_property name="org.python.pydev.PYTHON_PROJECT_VERSION">python 2.5</pydev_property> 
     9<pydev_property name="org.python.pydev.PYTHON_PROJECT_INTERPRETER">Python2.5</pydev_property> 
    1010</pydev_project> 
  • TI12-security/trunk/MyProxyClient/myproxy/client.py

    r6828 r6829  
    1010__author__ = "P J Kershaw" 
    1111__date__ = "02/06/05" 
    12 __copyright__ = "(C) 2009 Science and Technology Facilities Council" 
     12__copyright__ = "(C) 2010 Science and Technology Facilities Council" 
    1313__license__ = """BSD - See LICENSE file in top-level directory 
    1414 
     
    2626import os 
    2727import socket 
    28 from M2Crypto import X509, RSA, EVP, m2, BIO, SSL 
     28from M2Crypto import X509, RSA, EVP, m2, BIO, SSL, util 
    2929import base64 
    3030from ConfigParser import SafeConfigParser 
     
    226226                                    or None)   
    227227     
    228     PRIKEY_NBITS = 4096 
     228    PRIKEY_NBITS = 2048 #4096 
    229229    MESSAGE_DIGEST_TYPE = "md5" 
    230230    SERVER_RESP_BLK_SIZE = 8192 
     
    550550         
    551551    def _createKeys(self, nBitsForKey=PRIKEY_NBITS): 
    552         """Generate keys and return as PEM encoded string 
     552        """Generate key pair and return as PEM encoded string 
    553553        @type nBitsForKey: int 
    554554        @param nBitsForKey: number of bits for private key generation -  
     
    557557        @return: public/private key pair 
    558558        """ 
    559         keys = RSA.gen_key(nBitsForKey, m2.RSA_F4) 
    560          
    561         return keys 
    562              
    563     def _createCertReq(self, CN, keys, messageDigest=MESSAGE_DIGEST_TYPE): 
     559        keyPair = RSA.gen_key(nBitsForKey, 65537L,#m2.RSA_F4,  
     560                              callback=lambda *arg, **kw: None) 
     561         
     562        return keyPair 
     563             
     564    def _createCertReq(self, CN, keyPair, messageDigest=MESSAGE_DIGEST_TYPE): 
    564565        """Create a certificate request. 
    565566         
     
    567568        @param CN: Common Name for certificate - effectively the same as the 
    568569        username for the MyProxy credential 
    569         @type keys: string/None 
    570         @param keys: public/private key pair 
     570        @type keyPair: string/None 
     571        @param keyPair: public/private key pair 
    571572        @type messageDigest: basestring 
    572573        @param messageDigest: message digest type - default is MD5 
     
    581582        # Create public key object 
    582583        pubKey = EVP.PKey() 
    583         pubKey.assign_rsa(keys) 
     584        pubKey.assign_rsa(keyPair) 
    584585         
    585586        # Add the public key to the request 
     
    10211022         
    10221023          
    1023     def logon(self, username, passphrase, lifetime=None, keys=None,  
     1024    def logon(self, username, passphrase, lifetime=None, keyPair=None,  
    10241025              certReq=None, nBitsForKey=PRIKEY_NBITS): 
    10251026        """Retrieve a proxy credential from a MyProxy server 
     
    10451046        lifetime = lifetime or self.proxyCertLifetime 
    10461047 
    1047         # Generate certificate request here - any errors will be thrown 
    1048         # prior to making the connection and so not upsetting the server 
    1049         # 
    1050         # - The client will generate a public/private key pair and send a  
    1051         #   NULL-terminated PKCS#10 certificate request to the server. 
    1052         if keys is None: 
    1053             if certReq is not None: 
    1054                 raise MyProxyClientConfigError("'certReq' key must not be set " 
    1055                                                "without the 'keys' keyword") 
    1056             keys = self._createKeys(nBitsForKey=nBitsForKey) 
    1057              
     1048        # Certificate request may be passed as an input but if not generate it 
     1049        # here request here  
    10581050        if certReq is None: 
    1059             certReq = self._createCertReq(username, keys) 
     1051            # If no key pair was passed, generate here 
     1052            if keyPair is None: 
     1053                keyPair = self._createKeys(nBitsForKey=nBitsForKey) 
     1054                 
     1055            certReq = self._createCertReq(username, keyPair) 
     1056 
     1057        if keyPair is not None:  
     1058            pemKeyPair = keyPair.as_pem(cipher=None,  
     1059                                        callback=util.no_passphrase_callback) 
    10601060         
    10611061        # Set-up SSL connection 
     
    10971097        if len(pemCerts) != nCerts: 
    10981098            MyProxyClientRetrieveError("%d certs expected, %d received" %  
    1099                                                     (nCerts, len(pemCerts))) 
    1100      
    1101         if keys is not None: 
     1099                                       (nCerts, len(pemCerts))) 
     1100     
     1101        if keyPair is not None: 
    11021102            # Return certs and private key 
    11031103            # - proxy or dynamically issued certificate (MyProxy CA mode) 
    11041104            # - private key 
    11051105            # - rest of cert chain if proxy cert issued 
    1106             pemKey = keys.as_pem(cipher=None) 
    1107             creds = [pemCerts[0], pemKey] 
     1106            creds = [pemCerts[0], pemKeyPair] 
    11081107            creds.extend(pemCerts[1:]) 
    11091108        else: 
  • TI12-security/trunk/MyProxyClient/myproxy/test/myProxyClient.cfg

    r6828 r6829  
    22# MyProxyClient configuration file 
    33# 
    4 # NERC Data Grid Project 
     4# NERC DataGrid Project 
    55# 
    66# P J Kershaw 12/12/08 
    77# 
    8 # Copyright (C) 2009 Science and Technology Facilities Council 
     8# Copyright (C) 2010 Science and Technology Facilities Council 
    99#  
    1010# BSD - See LICENSE file in top-level directory 
  • TI12-security/trunk/MyProxyClient/myproxy/test/myProxyClientTest.cfg

    r6828 r6829  
    66# P J Kershaw 13/12/06 
    77# 
    8 # Copyright (C) 2009 Science and Technology Facilities Council 
     8# Copyright (C) 2010 Science and Technology Facilities Council 
    99#  
    1010# BSD - See LICENSE file in top-level directory 
     
    1818username: testuser 
    1919passphrase: testpassword 
    20 signingCertFilePath: $MYPROXYCLIENT_UNITTEST_DIR/user.crt 
    21 signingPriKeyFilePath: $MYPROXYCLIENT_UNITTEST_DIR/user.key 
    22 ownerCertFile: $MYPROXYCLIENT_UNITTEST_DIR/user.crt 
    23 ownerKeyFile: $MYPROXYCLIENT_UNITTEST_DIR/user.key 
     20signingCertFilePath: $MYPROXYCLIENT_UNITTEST_DIR/testuser.crt 
     21signingPriKeyFilePath: $MYPROXYCLIENT_UNITTEST_DIR/testuser.key 
     22ownerCertFile: $MYPROXYCLIENT_UNITTEST_DIR/testuser.crt 
     23ownerKeyFile: $MYPROXYCLIENT_UNITTEST_DIR/testuser.key 
    2424ownerPassphrase: testpassword 
    2525 
  • TI12-security/trunk/MyProxyClient/myproxy/test/proxy.crt

    r5048 r6829  
    11-----BEGIN CERTIFICATE----- 
    2 MIICijCCAXKgAwIBAgICAQIwDQYJKoZIhvcNAQEEBQAwQjEMMAoGA1UEChMDTkRH 
    3 MQ0wCwYDVQQLEwRCQURDMRAwDgYDVQQLEwdHYWJyaWVsMREwDwYDVQQDEwh0ZXN0 
    4 dXNlcjAeFw0wOTAyMjcxMjA2MjlaFw0wOTAyMjgwNjExMjlaMFIxDDAKBgNVBAoT 
    5 A05ERzENMAsGA1UECxMEQkFEQzEQMA4GA1UECxMHR2FicmllbDERMA8GA1UEAxMI 
    6 dGVzdHVzZXIxDjAMBgNVBAMTBXByb3h5MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB 
    7 iQKBgQC9rRosWhzLmb9Somkxp7BL33Av3rxCNsV3gs5+viNPoa75siG2Mbop+fZQ 
    8 JYPF0IWaCI6uysxVexnEILVs+xJyV5KCXCYbdaJhlOXyhmGUTaAWGHR+6+P6eO7m 
    9 LMTgKpOullCqDd40+r+Z6iCnsBkq3btXuvXyzfVaVuUfYlKyWwIDAQABMA0GCSqG 
    10 SIb3DQEBBAUAA4IBAQBSjq0aApYQbjieXVDDdMUGfUUWEqoVjQDl8u8FTEXvTueK 
    11 o3EgXmgGOWtkn3acoGLTUfznjut2e4M90/kJU8sN/bMldy+TqgVDiTuppmcM8BMp 
    12 0CP5XdlUT4Egbk27IBzlEZYcwbNqoVQYADEuRDxNScapoGi/qq48xuUInNMR2+PB 
    13 xFUVLunKQq2kFUFpkOFHCnkH0c4gCqe09YhxE06EgqfGszaz8LZZhHDjQ1ldEAPZ 
    14 iXTeNpidFGor3e93bzUxFldBpZZcPPPuqmIC0aZb3A3iovzvyDcYRgFB94cPknRm 
    15 WzYssgEe8BJPapkWCRkX7gKdAYf4ef5zIv9sqmRg 
     2MIICfDCCAeWgAwIBAgIEFEquwTANBgkqhkiG9w0BAQUFADAlMRAwDgYDVQQKEwdH 
     3YWJyaWVsMREwDwYDVQQDEwh0ZXN0dXNlcjAeFw0xMDA0MjEwOTI5MDNaFw0xMDA0 
     4MjIwMzM0MDNaMDkxEDAOBgNVBAoTB0dhYnJpZWwxETAPBgNVBAMTCHRlc3R1c2Vy 
     5MRIwEAYDVQQDEwkzNDA0Mzg3MjEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK 
     6AoIBAQDySWTRVbS6L5T9UUoTpARD+Jk6H8NFp9Y1TjFWPaKySKa9ep0Gdj0vM83B 
     784Hz0U2R6FgdoaTBFIB2pbugjbm3pl8FIRZKaq7gdO6otmC21Y5XpjVA0s/fgyBG 
     8y0iKqG78lSDnaBmVyaCra+2a7kkqsxGwUCMAlnxmZPqsHKXuRozRwTassH+BdUIt 
     9A3oUe7M1PQLo3e5hwJWg/7igRHc7kHItaSRUcXeZ7RNnY/DNSU6ww/ovWFZajqpt 
     10cCyFpmRZ6nPx2jhxWyKvu8xi+NeKlkwc9mmqcWdJD1iRomQWNJAgG85Bm2oZSlMV 
     11xJwMoiEZRxNk1yzBTMlqRW+Tcu69AgMBAAGjITAfMB0GCCsGAQUFBwEOAQH/BA4w 
     12DDAKBggrBgEFBQcVATANBgkqhkiG9w0BAQUFAAOBgQDcbaaHn/fP61V97xl+24v/ 
     13qFaFG4F415QD6o7ZTV0o1dub1ygXO5FaVBYgDa7bxV72qZw24rxbLs5fxVkKBAWc 
     14HYidDjG9FlDcgEC43Y6NSyugvuoPowBx/IPdRe2e/ub0qbZrAm7Xz8mNJKfVXkV8 
     15vhj9yMRFrxmIyqFVoSI+QA== 
    1616-----END CERTIFICATE----- 
    1717-----BEGIN CERTIFICATE----- 
    18 MIICgTCCAeqgAwIBAgICAQIwDQYJKoZIhvcNAQEEBQAwLzEMMAoGA1UEChMDTkRH 
    19 MQ0wCwYDVQQLEwRCQURDMRAwDgYDVQQDEwdUZXN0IENBMB4XDTA4MTIxNjE1MTgy 
    20 NVoXDTEzMTIxNTE1MTgyNVowQjEMMAoGA1UEChMDTkRHMQ0wCwYDVQQLEwRCQURD 
    21 MRAwDgYDVQQLEwdHYWJyaWVsMREwDwYDVQQDEwh0ZXN0dXNlcjCCASIwDQYJKoZI 
    22 hvcNAQEBBQADggEPADCCAQoCggEBAOdL1ZgnNhthCgNzg3vO/8jMbpfa0aggwKmq 
    23 Yib2+RiIElRpPa6iYQxDQ3J1LzXTqn7cHyyLhT0DpH6/oszmXthSCP2LrZkbtMm7 
    24 CDTWj60i/e0N53sezmcBBqE5Ttn2PKLpWPGYNX3Z+3qnd3PYpQQ08d75GXwfOsz/ 
    25 MRn77l9sxKB9yT3nMGJuMzaBbUBCStsbFIzFXbNSkE29jVDLwehdIPb7taIDrPuB 
    26 vTnxOuscWOWjooDURwr4JeP0XRqBGcvcq6Ba24FxSr+R+UwyoDqLYmnrLDlxrecp 
    27 QCIYArOPlkgOi0Kw5nu9B3pMzp6UqXH4b8JXcBW2t2cRMzWo+VcCAwEAAaMVMBMw 
    28 EQYJYIZIAYb4QgEBBAQDAgTwMA0GCSqGSIb3DQEBBAUAA4GBAJUHnprX3iucPKDM 
    29 Xl3dh6mEOywXTv21h84xt3RM3JROluqoXwFS3zEz638fJdRl5G2xchHMDD8OHeiJ 
    30 kOwrZNw0Nhl0K1Jc5PVv0wKyR2VMeRcM4xTF4r+J/eWm1WxEZ1/gQz1vlxnwV/6p 
    31 AgpWkK/6FZXQzSbdRMk47NTB4IxD 
     18MIIB3DCCAUWgAwIBAgIBAjANBgkqhkiG9w0BAQUFADAsMRAwDgYDVQQKEwdHYWJy 
     19aWVsMRgwFgYDVQQDEw9HYWJyaWVsIFRlc3QgQ0EwHhcNMTAwNDIxMDg0OTAyWhcN 
     20MTEwNDIxMDg0OTAyWjAlMRAwDgYDVQQKEwdHYWJyaWVsMREwDwYDVQQDEwh0ZXN0 
     21dXNlcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA6nV1jephMPKO7GnNn6tJ 
     22cEfx/09obsszso6F5BWrapcA/d4p6FYVWAj3C+kCybqa0vByW7owJnGfzHDyzpGC 
     23+cUKIQMHVFzkD71iGHHrKR1tBymH2vOt2sxU8meJ0XadEhxf0P2cq6MW71cvsZmb 
     24vUrkKSLQjJf5BJedHtMYnfECAwEAAaMVMBMwEQYJYIZIAYb4QgEBBAQDAgTwMA0G 
     25CSqGSIb3DQEBBQUAA4GBACF9CyGb4VFg9LkA9xVlxnz4XIJteE6cNrMdVRhvnOpO 
     26lHLDSVDoFcLCDcw0FJHWLwHAawxqdgBu2S39uh5ZK6NFj+mHh/NeA82PtUq9bvSG 
     27OE18caP851nNp2pWhr2nnUdC8XEXPi94iSsLYv33aGfnpvgBRX/P2gZaW+NaukkA 
    3228-----END CERTIFICATE----- 
  • TI12-security/trunk/MyProxyClient/myproxy/test/proxy.key

    r5048 r6829  
    11-----BEGIN RSA PRIVATE KEY----- 
    2 MIICXAIBAAKBgQC9rRosWhzLmb9Somkxp7BL33Av3rxCNsV3gs5+viNPoa75siG2 
    3 Mbop+fZQJYPF0IWaCI6uysxVexnEILVs+xJyV5KCXCYbdaJhlOXyhmGUTaAWGHR+ 
    4 6+P6eO7mLMTgKpOullCqDd40+r+Z6iCnsBkq3btXuvXyzfVaVuUfYlKyWwIDAQAB 
    5 AoGAJpgNRk8Dou3ivxaq3t6nAZkyQ5tHpRVt8pZcG+/mUXKtnsL/FwphPd9Nnhs0 
    6 B9EZDjGFjs1W7GHC6WRaZhVkOCP5VIeLoNMTYU14i0S9d+TPk5SQ5HCjo6IcHts3 
    7 n6WF9TvaD9WPpW5zaPoM2tBa8CjhDNDJIjd1YpqZ0e2uPFECQQDrTcsB3I62ff84 
    8 49mJZf4HRB/qlvYirGi8JE9KfpXxrwJexkivpFQUWKXINh9AeK6DGzVtvoH0e99c 
    9 /nePh+XTAkEAzlvvhvnuJEpUos/X4jnypfkzoMEBrqpO4IXX6zsK8bJrBornmtyx 
    10 iaR0XRYdNqJMtYWqlqrlKAnsAwzUVUGEWQJAbr4CGTIwiHrsL14s95lk4Q6S5tl9 
    11 pfv2nvWHy8ufzktLlkdD1kZEu/6sp3mxY6pol5OqpafPibzy9tVcd9TBuQJATYwW 
    12 8y4w48pbC+P3SLhmCyEe2aYuL6kogw9JGMjTUAiwV4ETkAqnXQZEBEcvKzzKftyA 
    13 QqZt/yHbYzoLAQ7h4QJBAMYlwdUtt2HBNGEqp+TwV2QYfqthPYo9l1CN+zfYWJZn 
    14 qwFGwvNBJgrUb8bZe10kicF882cxT6MwYGe2G0eWmzs= 
     2MAMCAQA= 
    153-----END RSA PRIVATE KEY----- 
  • TI12-security/trunk/MyProxyClient/myproxy/test/test_myproxyclient.py

    r6828 r6829  
    9999        proxyKeyFile = path.expandvars(thisSection['proxyKeyFileOut']) 
    100100 
    101         creds = self.clnt.getDelegation(thisSection['username'],  
    102                                         passphrase) 
     101        creds = self.clnt.getDelegation(thisSection['username'], passphrase) 
    103102        print "proxy credentials:"  
    104103        print ''.join(creds) 
Note: See TracChangeset for help on using the changeset viewer.