From 914a07aaf8ef52b2eaf88f1bf01fb6f72adcac5a Mon Sep 17 00:00:00 2001
From: kali <kali@leap.se>
Date: Sat, 15 Dec 2012 02:25:12 +0900
Subject: use gnutls to parse pemfiles

---
 src/leap/crypto/certs.py | 42 +++++++++++++++++++++++++++++++++++++++---
 1 file changed, 39 insertions(+), 3 deletions(-)

(limited to 'src/leap/crypto/certs.py')

diff --git a/src/leap/crypto/certs.py b/src/leap/crypto/certs.py
index 8908865d..45d7326d 100644
--- a/src/leap/crypto/certs.py
+++ b/src/leap/crypto/certs.py
@@ -1,10 +1,14 @@
 import ctypes
+from StringIO import StringIO
+import re
 import socket
 
 import gnutls.connection
 import gnutls.crypto
 import gnutls.library
 
+from leap.util.misc import null_check
+
 
 def get_https_cert_from_domain(domain):
     """
@@ -20,12 +24,44 @@ def get_https_cert_from_domain(domain):
     return cert
 
 
-def get_cert_from_file(filepath):
-    with open(filepath) as f:
-        cert = gnutls.crypto.X509Certificate(f.read())
+def get_cert_from_file(_file):
+    getcert = lambda f: gnutls.crypto.X509Certificate(f.read())
+    if isinstance(_file, str):
+        with open(_file) as f:
+            cert = getcert(f)
+    else:
+        cert = getcert(_file)
     return cert
 
 
+def get_pkey_from_file(_file):
+    getkey = lambda f: gnutls.crypto.X509PrivateKey(f.read())
+    if isinstance(_file, str):
+        with open(_file) as f:
+            key = getkey(f)
+    else:
+        key = getkey(_file)
+    return key
+
+
+def can_load_cert_and_pkey(string):
+    try:
+        f = StringIO(string)
+        cert = get_cert_from_file(f)
+
+        f = StringIO(string)
+        key = get_pkey_from_file(f)
+
+        null_check(cert, 'certificate')
+        null_check(key, 'private key')
+    except:
+        # XXX catch GNUTLSError
+        raise
+        return False
+    else:
+        return True
+
+
 def get_cert_fingerprint(domain=None, filepath=None,
                          hash_type="SHA256", sep=":"):
     """
-- 
cgit v1.2.3


From 20f779b644a551bf56cb735868c55cd50d7c3610 Mon Sep 17 00:00:00 2001
From: kali <kali@leap.se>
Date: Tue, 18 Dec 2012 21:07:06 +0900
Subject: catch gnutls error while validating pemfile

---
 src/leap/crypto/certs.py | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

(limited to 'src/leap/crypto/certs.py')

diff --git a/src/leap/crypto/certs.py b/src/leap/crypto/certs.py
index 45d7326d..78f49fb0 100644
--- a/src/leap/crypto/certs.py
+++ b/src/leap/crypto/certs.py
@@ -1,6 +1,5 @@
 import ctypes
 from StringIO import StringIO
-import re
 import socket
 
 import gnutls.connection
@@ -10,6 +9,10 @@ import gnutls.library
 from leap.util.misc import null_check
 
 
+class BadCertError(Exception):
+    """raised for malformed certs"""
+
+
 def get_https_cert_from_domain(domain):
     """
     @param domain: a domain name to get a certificate from.
@@ -55,9 +58,8 @@ def can_load_cert_and_pkey(string):
         null_check(cert, 'certificate')
         null_check(key, 'private key')
     except:
-        # XXX catch GNUTLSError
-        raise
-        return False
+        # XXX catch GNUTLSError?
+        raise BadCertError
     else:
         return True
 
-- 
cgit v1.2.3