summaryrefslogtreecommitdiff
path: root/src/leap/crypto
diff options
context:
space:
mode:
authorkali <kali@leap.se>2012-11-14 00:38:20 +0900
committerkali <kali@leap.se>2012-11-14 00:38:20 +0900
commit21875404282522a9c83bfb9c85d6a24fa59d20f8 (patch)
treeae0409bd742ce3a6f994ae9bb31fc5ab7225f1c6 /src/leap/crypto
parentf6e900f024074435349eb778a2d89baed55e1e6c (diff)
parentd24c7328fa845737dbb83d512e4b3f287634c4cc (diff)
Merge branch 'feature/generic-wizard' into develop
The generic wizard (big) branch is now stabilised. A bunch of refactors have gone together with this topic branch: - client does not have any info included for default service providers. - user has to run the first-run wizard and manually entry domain for sample provider. - remove all remains of the older branding strategy for default provider. - srp registration + authentication are integrated with the signup process.
Diffstat (limited to 'src/leap/crypto')
-rw-r--r--src/leap/crypto/certs.py71
-rw-r--r--src/leap/crypto/leapkeyring.py1
2 files changed, 72 insertions, 0 deletions
diff --git a/src/leap/crypto/certs.py b/src/leap/crypto/certs.py
new file mode 100644
index 00000000..8908865d
--- /dev/null
+++ b/src/leap/crypto/certs.py
@@ -0,0 +1,71 @@
+import ctypes
+import socket
+
+import gnutls.connection
+import gnutls.crypto
+import gnutls.library
+
+
+def get_https_cert_from_domain(domain):
+ """
+ @param domain: a domain name to get a certificate from.
+ """
+ sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+ cred = gnutls.connection.X509Credentials()
+
+ session = gnutls.connection.ClientSession(sock, cred)
+ session.connect((domain, 443))
+ session.handshake()
+ cert = session.peer_certificate
+ return cert
+
+
+def get_cert_from_file(filepath):
+ with open(filepath) as f:
+ cert = gnutls.crypto.X509Certificate(f.read())
+ return cert
+
+
+def get_cert_fingerprint(domain=None, filepath=None,
+ hash_type="SHA256", sep=":"):
+ """
+ @param domain: a domain name to get a fingerprint from
+ @type domain: str
+ @param filepath: path to a file containing a PEM file
+ @type filepath: str
+ @param hash_type: the hash function to be used in the fingerprint.
+ must be one of SHA1, SHA224, SHA256, SHA384, SHA512
+ @type hash_type: str
+ @rparam: hex_fpr, a hexadecimal representation of a bytestring
+ containing the fingerprint.
+ @rtype: string
+ """
+ if domain:
+ cert = get_https_cert_from_domain(domain)
+ if filepath:
+ cert = get_cert_from_file(filepath)
+
+ _buffer = ctypes.create_string_buffer(64)
+ buffer_length = ctypes.c_size_t(64)
+
+ SUPPORTED_DIGEST_FUN = ("SHA1", "SHA224", "SHA256", "SHA384", "SHA512")
+ if hash_type in SUPPORTED_DIGEST_FUN:
+ digestfunction = getattr(
+ gnutls.library.constants,
+ "GNUTLS_DIG_%s" % hash_type)
+ else:
+ # XXX improperlyconfigured or something
+ raise Exception("digest function not supported")
+
+ gnutls.library.functions.gnutls_x509_crt_get_fingerprint(
+ cert._c_object, digestfunction,
+ ctypes.byref(_buffer), ctypes.byref(buffer_length))
+
+ # deinit
+ #server_cert._X509Certificate__deinit(server_cert._c_object)
+ # needed? is segfaulting
+
+ fpr = ctypes.string_at(_buffer, buffer_length.value)
+ hex_fpr = sep.join(u"%02X" % ord(char) for char in fpr)
+
+ return hex_fpr
diff --git a/src/leap/crypto/leapkeyring.py b/src/leap/crypto/leapkeyring.py
index bceadc75..d4be7bf9 100644
--- a/src/leap/crypto/leapkeyring.py
+++ b/src/leap/crypto/leapkeyring.py
@@ -59,6 +59,7 @@ def leap_set_password(key, value, seed="xxx"):
def leap_get_password(key, seed="xxx"):
keyring.set_keyring(LeapCryptedFileKeyring(seed=seed))
+ #import ipdb;ipdb.set_trace()
return keyring.get_password('leap', key)