-
Notifications
You must be signed in to change notification settings - Fork 0
/
CertAuth.py
115 lines (95 loc) · 3.96 KB
/
CertAuth.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
from cryptography import x509
from cryptography.hazmat.primitives.asymmetric import padding
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.backends import default_backend
import argparse
from OpenSSL.crypto import *
def parse():
parser = argparse.ArgumentParser(description=
"Sample : python3 CertAuth.py cert_bckup.p12 root.crt subject.crt CSE539_Rocks!",
usage="python3 CertAuth.py <path for backup private key> <CA public certificate> "
"<subject public certificate> <password for backup private key>")
parser.add_argument('arguments', type=str, nargs=4, help="includes file paths and passwords needed for successful "
"execution")
args = parser.parse_args()
return args.arguments
def get_hex(test):
values = []
for char in test:
values.append('{0:02x}'.format(int(char)))
return "".join(values)
def tasks(arguments):
PRIVATE_KEY_FILE_PATH = arguments[0]
ROOT_CERT_FILE_PATH = arguments[1]
SUBJECT_CERT_FILE_PATH = arguments[2]
PRIVATE_KEY_PASSWORD = arguments[3]
# load the certificate files
# using 'with open(...) as file' closes the file automatically
with open(SUBJECT_CERT_FILE_PATH, "rb") as file:
crt_data = file.read()
subject_certificate = load_certificate(FILETYPE_PEM, crt_data)
subject_certificate_x509 = x509.load_pem_x509_certificate(crt_data, default_backend())
with open(ROOT_CERT_FILE_PATH, "rb") as file:
root_crt_data = file.read()
root_certificate = load_certificate(FILETYPE_PEM, root_crt_data)
root_certificate_x509 = x509.load_pem_x509_certificate(root_crt_data, default_backend())
with open(PRIVATE_KEY_FILE_PATH, "rb") as file:
subject_pkcs12 = load_pkcs12(file.read(), PRIVATE_KEY_PASSWORD)
# task 1
root_cert_store = X509Store()
root_cert_store.add_cert(root_certificate)
root_store_context = X509StoreContext(root_cert_store, subject_certificate)
try:
root_store_context.verify_certificate()
except X509StoreContextError:
print(False)
else:
print(True)
# task 2
print()
print(subject_certificate.get_subject().CN)
print()
print(subject_certificate.get_issuer().CN)
print()
print(subject_certificate.get_serial_number())
print()
print(subject_certificate_x509.signature_hash_algorithm.name)
print()
print(subject_certificate.get_notBefore().decode())
print()
print(subject_certificate.get_notAfter().decode())
# task 3
subject_numbers = subject_certificate_x509.public_key().public_numbers()
subject_private_numbers = subject_pkcs12.get_privatekey().to_cryptography_key().private_numbers()
print()
print(subject_numbers.n)
print()
print(subject_numbers.e)
print()
print(subject_private_numbers.d)
# task 4
root_numbers = root_certificate_x509.public_key().public_numbers()
print()
print(root_numbers.n)
print()
print(root_numbers.e)
# task 5 - Signature
subject_x509_data = open(SUBJECT_CERT_FILE_PATH, "rb").read()
subject_x509 = x509.load_pem_x509_certificate(subject_x509_data, default_backend())
signature = subject_x509.signature
print()
print(get_hex(signature))
# task 6
test_string = b'Hello World'
subject_cert_x509_data = open(SUBJECT_CERT_FILE_PATH, "rb").read()
subject_cert_x509 = x509.load_pem_x509_certificate(subject_cert_x509_data, default_backend())
pubkey = subject_cert_x509.public_key()
algo_256 = hashes.SHA256()
test_padding = padding.MGF1(algo_256)
test_padding = padding.OAEP(mgf=test_padding, algorithm=algo_256, label=None)
encrypted_string = pubkey.encrypt(test_string, test_padding)
print()
print(get_hex(encrypted_string))
if __name__ == "__main__":
args = parse()
tasks(args)