Ignore:
Timestamp:
21/04/10 11:51:19 (10 years ago)
Author:
pjkersha
Message:

Working getTrustRoots method but SEGV errors with private key conversion to PEM format. Will make a branch to revisit pyOpenSSL and dump M2Crypto.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/MyProxyClient/myproxy/client.py

    r6828 r6829  
    1010__author__ = "P J Kershaw" 
    1111__date__ = "02/06/05" 
    12 __copyright__ = "(C) 2009 Science and Technology Facilities Council" 
     12__copyright__ = "(C) 2010 Science and Technology Facilities Council" 
    1313__license__ = """BSD - See LICENSE file in top-level directory 
    1414 
     
    2626import os 
    2727import socket 
    28 from M2Crypto import X509, RSA, EVP, m2, BIO, SSL 
     28from M2Crypto import X509, RSA, EVP, m2, BIO, SSL, util 
    2929import base64 
    3030from ConfigParser import SafeConfigParser 
     
    226226                                    or None)   
    227227     
    228     PRIKEY_NBITS = 4096 
     228    PRIKEY_NBITS = 2048 #4096 
    229229    MESSAGE_DIGEST_TYPE = "md5" 
    230230    SERVER_RESP_BLK_SIZE = 8192 
     
    550550         
    551551    def _createKeys(self, nBitsForKey=PRIKEY_NBITS): 
    552         """Generate keys and return as PEM encoded string 
     552        """Generate key pair and return as PEM encoded string 
    553553        @type nBitsForKey: int 
    554554        @param nBitsForKey: number of bits for private key generation -  
     
    557557        @return: public/private key pair 
    558558        """ 
    559         keys = RSA.gen_key(nBitsForKey, m2.RSA_F4) 
    560          
    561         return keys 
    562              
    563     def _createCertReq(self, CN, keys, messageDigest=MESSAGE_DIGEST_TYPE): 
     559        keyPair = RSA.gen_key(nBitsForKey, 65537L,#m2.RSA_F4,  
     560                              callback=lambda *arg, **kw: None) 
     561         
     562        return keyPair 
     563             
     564    def _createCertReq(self, CN, keyPair, messageDigest=MESSAGE_DIGEST_TYPE): 
    564565        """Create a certificate request. 
    565566         
     
    567568        @param CN: Common Name for certificate - effectively the same as the 
    568569        username for the MyProxy credential 
    569         @type keys: string/None 
    570         @param keys: public/private key pair 
     570        @type keyPair: string/None 
     571        @param keyPair: public/private key pair 
    571572        @type messageDigest: basestring 
    572573        @param messageDigest: message digest type - default is MD5 
     
    581582        # Create public key object 
    582583        pubKey = EVP.PKey() 
    583         pubKey.assign_rsa(keys) 
     584        pubKey.assign_rsa(keyPair) 
    584585         
    585586        # Add the public key to the request 
     
    10211022         
    10221023          
    1023     def logon(self, username, passphrase, lifetime=None, keys=None,  
     1024    def logon(self, username, passphrase, lifetime=None, keyPair=None,  
    10241025              certReq=None, nBitsForKey=PRIKEY_NBITS): 
    10251026        """Retrieve a proxy credential from a MyProxy server 
     
    10451046        lifetime = lifetime or self.proxyCertLifetime 
    10461047 
    1047         # Generate certificate request here - any errors will be thrown 
    1048         # prior to making the connection and so not upsetting the server 
    1049         # 
    1050         # - The client will generate a public/private key pair and send a  
    1051         #   NULL-terminated PKCS#10 certificate request to the server. 
    1052         if keys is None: 
    1053             if certReq is not None: 
    1054                 raise MyProxyClientConfigError("'certReq' key must not be set " 
    1055                                                "without the 'keys' keyword") 
    1056             keys = self._createKeys(nBitsForKey=nBitsForKey) 
    1057              
     1048        # Certificate request may be passed as an input but if not generate it 
     1049        # here request here  
    10581050        if certReq is None: 
    1059             certReq = self._createCertReq(username, keys) 
     1051            # If no key pair was passed, generate here 
     1052            if keyPair is None: 
     1053                keyPair = self._createKeys(nBitsForKey=nBitsForKey) 
     1054                 
     1055            certReq = self._createCertReq(username, keyPair) 
     1056 
     1057        if keyPair is not None:  
     1058            pemKeyPair = keyPair.as_pem(cipher=None,  
     1059                                        callback=util.no_passphrase_callback) 
    10601060         
    10611061        # Set-up SSL connection 
     
    10971097        if len(pemCerts) != nCerts: 
    10981098            MyProxyClientRetrieveError("%d certs expected, %d received" %  
    1099                                                     (nCerts, len(pemCerts))) 
    1100      
    1101         if keys is not None: 
     1099                                       (nCerts, len(pemCerts))) 
     1100     
     1101        if keyPair is not None: 
    11021102            # Return certs and private key 
    11031103            # - proxy or dynamically issued certificate (MyProxy CA mode) 
    11041104            # - private key 
    11051105            # - rest of cert chain if proxy cert issued 
    1106             pemKey = keys.as_pem(cipher=None) 
    1107             creds = [pemCerts[0], pemKey] 
     1106            creds = [pemCerts[0], pemKeyPair] 
    11081107            creds.extend(pemCerts[1:]) 
    11091108        else: 
Note: See TracChangeset for help on using the changeset viewer.