diff options
Diffstat (limited to 'src/leap/crypto')
| -rw-r--r-- | src/leap/crypto/certs.py | 44 | ||||
| -rw-r--r-- | src/leap/crypto/leapkeyring.py | 1 | ||||
| -rw-r--r-- | src/leap/crypto/tests/__init__.py | 0 | ||||
| -rw-r--r-- | src/leap/crypto/tests/test_certs.py | 22 |
4 files changed, 64 insertions, 3 deletions
diff --git a/src/leap/crypto/certs.py b/src/leap/crypto/certs.py index 8908865d..78f49fb0 100644 --- a/src/leap/crypto/certs.py +++ b/src/leap/crypto/certs.py @@ -1,10 +1,17 @@ import ctypes +from StringIO import StringIO import socket import gnutls.connection import gnutls.crypto import gnutls.library +from leap.util.misc import null_check + + +class BadCertError(Exception): + """raised for malformed certs""" + def get_https_cert_from_domain(domain): """ @@ -20,12 +27,43 @@ def get_https_cert_from_domain(domain): return cert -def get_cert_from_file(filepath): - with open(filepath) as f: - cert = gnutls.crypto.X509Certificate(f.read()) +def get_cert_from_file(_file): + getcert = lambda f: gnutls.crypto.X509Certificate(f.read()) + if isinstance(_file, str): + with open(_file) as f: + cert = getcert(f) + else: + cert = getcert(_file) return cert +def get_pkey_from_file(_file): + getkey = lambda f: gnutls.crypto.X509PrivateKey(f.read()) + if isinstance(_file, str): + with open(_file) as f: + key = getkey(f) + else: + key = getkey(_file) + return key + + +def can_load_cert_and_pkey(string): + try: + f = StringIO(string) + cert = get_cert_from_file(f) + + f = StringIO(string) + key = get_pkey_from_file(f) + + null_check(cert, 'certificate') + null_check(key, 'private key') + except: + # XXX catch GNUTLSError? + raise BadCertError + else: + return True + + def get_cert_fingerprint(domain=None, filepath=None, hash_type="SHA256", sep=":"): """ diff --git a/src/leap/crypto/leapkeyring.py b/src/leap/crypto/leapkeyring.py index d4be7bf9..c241d0bc 100644 --- a/src/leap/crypto/leapkeyring.py +++ b/src/leap/crypto/leapkeyring.py @@ -53,6 +53,7 @@ class LeapCryptedFileKeyring(keyring.backend.CryptedFileKeyring): def leap_set_password(key, value, seed="xxx"): + key, value = map(unicode, (key, value)) keyring.set_keyring(LeapCryptedFileKeyring(seed=seed)) keyring.set_password('leap', key, value) diff --git a/src/leap/crypto/tests/__init__.py b/src/leap/crypto/tests/__init__.py new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/src/leap/crypto/tests/__init__.py diff --git a/src/leap/crypto/tests/test_certs.py b/src/leap/crypto/tests/test_certs.py new file mode 100644 index 00000000..e476b630 --- /dev/null +++ b/src/leap/crypto/tests/test_certs.py @@ -0,0 +1,22 @@ +import unittest + +from leap.testing.https_server import where +from leap.crypto import certs + + +class CertTestCase(unittest.TestCase): + + def test_can_load_client_and_pkey(self): + with open(where('leaptestscert.pem')) as cf: + cs = cf.read() + with open(where('leaptestskey.pem')) as kf: + ks = kf.read() + certs.can_load_cert_and_pkey(cs + ks) + + with self.assertRaises(certs.BadCertError): + # screw header + certs.can_load_cert_and_pkey(cs.replace("BEGIN", "BEGINN") + ks) + + +if __name__ == "__main__": + unittest.main() |