1 #----------------------------------------------------------------------
2 # Copyright (c) 2008 Board of Trustees, Princeton University
4 # Permission is hereby granted, free of charge, to any person obtaining
5 # a copy of this software and/or hardware specification (the "Work") to
6 # deal in the Work without restriction, including without limitation the
7 # rights to use, copy, modify, merge, publish, distribute, sublicense,
8 # and/or sell copies of the Work, and to permit persons to whom the Work
9 # is furnished to do so, subject to the following conditions:
11 # The above copyright notice and this permission notice shall be
12 # included in all copies or substantial portions of the Work.
14 # THE WORK IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15 # OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
16 # MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
17 # NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
18 # HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
19 # WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 # OUT OF OR IN CONNECTION WITH THE WORK OR THE USE OR OTHER DEALINGS
22 #----------------------------------------------------------------------
25 # SFA uses two crypto libraries: pyOpenSSL and M2Crypto to implement
26 # the necessary crypto functionality. Ideally just one of these libraries
27 # would be used, but unfortunately each of these libraries is independently
28 # lacking. The pyOpenSSL library is missing many necessary functions, and
29 # the M2Crypto library has crashed inside of some of the functions. The
30 # design decision is to use pyOpenSSL whenever possible as it seems more
31 # stable, and only use M2Crypto for those functions that are not possible
34 # This module exports two classes: Keypair and Certificate.
42 from tempfile import mkstemp
44 from OpenSSL import crypto
46 from M2Crypto import X509
48 from sfa.util.faults import CertExpired, CertMissingParent, CertNotSignedByParent
49 from sfa.util.sfalogging import logger
51 glo_passphrase_callback = None
54 # A global callback may be implemented for requesting passphrases from the
55 # user. The function will be called with three arguments:
57 # keypair_obj: the keypair object that is calling the passphrase
58 # string: the string containing the private key that's being loaded
59 # x: unknown, appears to be 0, comes from pyOpenSSL and/or m2crypto
61 # The callback should return a string containing the passphrase.
63 def set_passphrase_callback(callback_func):
64 global glo_passphrase_callback
66 glo_passphrase_callback = callback_func
69 # Sets a fixed passphrase.
71 def set_passphrase(passphrase):
72 set_passphrase_callback( lambda k,s,x: passphrase )
75 # Check to see if a passphrase works for a particular private key string.
76 # Intended to be used by passphrase callbacks for input validation.
78 def test_passphrase(string, passphrase):
80 crypto.load_privatekey(crypto.FILETYPE_PEM, string, (lambda x: passphrase))
85 def convert_public_key(key):
86 keyconvert_path = "/usr/bin/keyconvert.py"
87 if not os.path.isfile(keyconvert_path):
88 raise IOError, "Could not find keyconvert in %s" % keyconvert_path
90 # we can only convert rsa keys
92 raise Exception, "keyconvert: dss keys are not supported"
94 (ssh_f, ssh_fn) = tempfile.mkstemp()
95 ssl_fn = tempfile.mktemp()
99 cmd = keyconvert_path + " " + ssh_fn + " " + ssl_fn
102 # this check leaves the temporary file containing the public key so
103 # that it can be expected to see why it failed.
104 # TODO: for production, cleanup the temporary files
105 if not os.path.exists(ssl_fn):
106 raise Exception, "keyconvert: generated certificate not found. keyconvert may have failed."
110 k.load_pubkey_from_file(ssl_fn)
113 logger.log_exc("convert_public_key caught exception")
116 # remove the temporary files
117 if os.path.exists(ssh_fn):
119 if os.path.exists(ssl_fn):
123 # Public-private key pairs are implemented by the Keypair class.
124 # A Keypair object may represent both a public and private key pair, or it
125 # may represent only a public key (this usage is consistent with OpenSSL).
128 key = None # public/private keypair
129 m2key = None # public key (m2crypto format)
132 # Creates a Keypair object
133 # @param create If create==True, creates a new public/private key and
134 # stores it in the object
135 # @param string If string!=None, load the keypair from the string (PEM)
136 # @param filename If filename!=None, load the keypair from the file
138 def __init__(self, create=False, string=None, filename=None):
142 self.load_from_string(string)
144 self.load_from_file(filename)
147 # Create a RSA public/private key pair and store it inside the keypair object
150 self.key = crypto.PKey()
151 self.key.generate_key(crypto.TYPE_RSA, 1024)
154 # Save the private key to a file
155 # @param filename name of file to store the keypair in
157 def save_to_file(self, filename):
158 open(filename, 'w').write(self.as_pem())
159 self.filename=filename
162 # Load the private key from a file. Implicity the private key includes the public key.
164 def load_from_file(self, filename):
165 self.filename=filename
166 buffer = open(filename, 'r').read()
167 self.load_from_string(buffer)
170 # Load the private key from a string. Implicitly the private key includes the public key.
172 def load_from_string(self, string):
173 if glo_passphrase_callback:
174 self.key = crypto.load_privatekey(crypto.FILETYPE_PEM, string, functools.partial(glo_passphrase_callback, self, string) )
175 self.m2key = M2Crypto.EVP.load_key_string(string, functools.partial(glo_passphrase_callback, self, string) )
177 self.key = crypto.load_privatekey(crypto.FILETYPE_PEM, string)
178 self.m2key = M2Crypto.EVP.load_key_string(string)
181 # Load the public key from a string. No private key is loaded.
183 def load_pubkey_from_file(self, filename):
184 # load the m2 public key
185 m2rsakey = M2Crypto.RSA.load_pub_key(filename)
186 self.m2key = M2Crypto.EVP.PKey()
187 self.m2key.assign_rsa(m2rsakey)
189 # create an m2 x509 cert
190 m2name = M2Crypto.X509.X509_Name()
191 m2name.add_entry_by_txt(field="CN", type=0x1001, entry="junk", len=-1, loc=-1, set=0)
192 m2x509 = M2Crypto.X509.X509()
193 m2x509.set_pubkey(self.m2key)
194 m2x509.set_serial_number(0)
195 m2x509.set_issuer_name(m2name)
196 m2x509.set_subject_name(m2name)
197 ASN1 = M2Crypto.ASN1.ASN1_UTCTIME()
199 m2x509.set_not_before(ASN1)
200 m2x509.set_not_after(ASN1)
201 # x509v3 so it can have extensions
202 # prob not necc since this cert itself is junk but still...
203 m2x509.set_version(2)
204 junk_key = Keypair(create=True)
205 m2x509.sign(pkey=junk_key.get_m2_pkey(), md="sha1")
207 # convert the m2 x509 cert to a pyopenssl x509
208 m2pem = m2x509.as_pem()
209 pyx509 = crypto.load_certificate(crypto.FILETYPE_PEM, m2pem)
211 # get the pyopenssl pkey from the pyopenssl x509
212 self.key = pyx509.get_pubkey()
213 self.filename=filename
216 # Load the public key from a string. No private key is loaded.
218 def load_pubkey_from_string(self, string):
219 (f, fn) = tempfile.mkstemp()
222 self.load_pubkey_from_file(fn)
226 # Return the private key in PEM format.
229 return crypto.dump_privatekey(crypto.FILETYPE_PEM, self.key)
232 # Return an M2Crypto key object
234 def get_m2_pkey(self):
236 self.m2key = M2Crypto.EVP.load_key_string(self.as_pem())
240 # Returns a string containing the public key represented by this object.
242 def get_pubkey_string(self):
243 m2pkey = self.get_m2_pkey()
244 return base64.b64encode(m2pkey.as_der())
247 # Return an OpenSSL pkey object
249 def get_openssl_pkey(self):
253 # Given another Keypair object, return TRUE if the two keys are the same.
255 def is_same(self, pkey):
256 return self.as_pem() == pkey.as_pem()
258 def sign_string(self, data):
259 k = self.get_m2_pkey()
262 return base64.b64encode(k.sign_final())
264 def verify_string(self, data, sig):
265 k = self.get_m2_pkey()
267 k.verify_update(data)
268 return M2Crypto.m2.verify_final(k.ctx, base64.b64decode(sig), k.pkey)
270 def compute_hash(self, value):
271 return self.sign_string(str(value))
274 def get_filename(self):
275 return getattr(self,'filename',None)
277 def dump (self, *args, **kwargs):
278 print self.dump_string(*args, **kwargs)
280 def dump_string (self):
282 result += "KEYPAIR: pubkey=%40s..."%self.get_pubkey_string()
283 filename=self.get_filename()
284 if filename: result += "Filename %s\n"%filename
288 # The certificate class implements a general purpose X509 certificate, making
289 # use of the appropriate pyOpenSSL or M2Crypto abstractions. It also adds
290 # several addition features, such as the ability to maintain a chain of
291 # parent certificates, and storage of application-specific data.
293 # Certificates include the ability to maintain a chain of parents. Each
294 # certificate includes a pointer to it's parent certificate. When loaded
295 # from a file or a string, the parent chain will be automatically loaded.
296 # When saving a certificate to a file or a string, the caller can choose
297 # whether to save the parent certificates as well.
306 isCA = None # will be a boolean once set
308 separator="-----parent-----"
311 # Create a certificate object.
313 # @param lifeDays life of cert in days - default is 1825==5 years
314 # @param create If create==True, then also create a blank X509 certificate.
315 # @param subject If subject!=None, then create a blank certificate and set
317 # @param string If string!=None, load the certficate from the string.
318 # @param filename If filename!=None, load the certficiate from the file.
319 # @param isCA If !=None, set whether this cert is for a CA
321 def __init__(self, lifeDays=1825, create=False, subject=None, string=None, filename=None, isCA=None, email=None):
323 if create or subject:
324 self.create(lifeDays)
326 self.set_subject(subject)
328 self.load_from_string(string)
330 self.load_from_file(filename)
332 self.set_email(email)
334 # Set the CA bit if a value was supplied
338 # Create a blank X509 certificate and store it in this object.
340 def create(self, lifeDays=1825):
341 self.cert = crypto.X509()
342 # FIXME: Use different serial #s
343 self.cert.set_serial_number(3)
344 self.cert.gmtime_adj_notBefore(0) # 0 means now
345 self.cert.gmtime_adj_notAfter(lifeDays*60*60*24) # five years is default
346 self.cert.set_version(2) # x509v3 so it can have extensions
350 # Given a pyOpenSSL X509 object, store that object inside of this
351 # certificate object.
353 def load_from_pyopenssl_x509(self, x509):
357 # Load the certificate from a string
359 def load_from_string(self, string):
360 # if it is a chain of multiple certs, then split off the first one and
361 # load it (support for the ---parent--- tag as well as normal chained certs)
363 string = string.strip()
365 # If it's not in proper PEM format, wrap it
366 if string.count('-----BEGIN CERTIFICATE') == 0:
367 string = '-----BEGIN CERTIFICATE-----\n%s\n-----END CERTIFICATE-----' % string
369 # If there is a PEM cert in there, but there is some other text first
370 # such as the text of the certificate, skip the text
371 beg = string.find('-----BEGIN CERTIFICATE')
373 # skipping over non cert beginning
374 string = string[beg:]
378 if string.count('-----BEGIN CERTIFICATE-----') > 1 and \
379 string.count(Certificate.separator) == 0:
380 parts = string.split('-----END CERTIFICATE-----',1)
381 parts[0] += '-----END CERTIFICATE-----'
383 parts = string.split(Certificate.separator, 1)
385 self.cert = crypto.load_certificate(crypto.FILETYPE_PEM, parts[0])
387 # if there are more certs, then create a parent and let the parent load
388 # itself from the remainder of the string
389 if len(parts) > 1 and parts[1] != '':
390 self.parent = self.__class__()
391 self.parent.load_from_string(parts[1])
394 # Load the certificate from a file
396 def load_from_file(self, filename):
397 file = open(filename)
399 self.load_from_string(string)
400 self.filename=filename
403 # Save the certificate to a string.
405 # @param save_parents If save_parents==True, then also save the parent certificates.
407 def save_to_string(self, save_parents=True):
408 string = crypto.dump_certificate(crypto.FILETYPE_PEM, self.cert)
409 if save_parents and self.parent:
410 string = string + self.parent.save_to_string(save_parents)
414 # Save the certificate to a file.
415 # @param save_parents If save_parents==True, then also save the parent certificates.
417 def save_to_file(self, filename, save_parents=True, filep=None):
418 string = self.save_to_string(save_parents=save_parents)
422 f = open(filename, 'w')
425 self.filename=filename
428 # Save the certificate to a random file in /tmp/
429 # @param save_parents If save_parents==True, then also save the parent certificates.
430 def save_to_random_tmp_file(self, save_parents=True):
431 fp, filename = mkstemp(suffix='cert', text=True)
432 fp = os.fdopen(fp, "w")
433 self.save_to_file(filename, save_parents=True, filep=fp)
437 # Sets the issuer private key and name
438 # @param key Keypair object containing the private key of the issuer
439 # @param subject String containing the name of the issuer
440 # @param cert (optional) Certificate object containing the name of the issuer
442 def set_issuer(self, key, subject=None, cert=None):
445 # it's a mistake to use subject and cert params at the same time
447 if isinstance(subject, dict) or isinstance(subject, str):
448 req = crypto.X509Req()
449 reqSubject = req.get_subject()
450 if (isinstance(subject, dict)):
451 for key in reqSubject.keys():
452 setattr(reqSubject, key, subject[key])
454 setattr(reqSubject, "CN", subject)
456 # subject is not valid once req is out of scope, so save req
459 # if a cert was supplied, then get the subject from the cert
460 subject = cert.cert.get_subject()
462 self.issuerSubject = subject
465 # Get the issuer name
467 def get_issuer(self, which="CN"):
468 x = self.cert.get_issuer()
469 return getattr(x, which)
472 # Set the subject name of the certificate
474 def set_subject(self, name):
475 req = crypto.X509Req()
476 subj = req.get_subject()
477 if (isinstance(name, dict)):
478 for key in name.keys():
479 setattr(subj, key, name[key])
481 setattr(subj, "CN", name)
482 self.cert.set_subject(subj)
485 # Get the subject name of the certificate
487 def get_subject(self, which="CN"):
488 x = self.cert.get_subject()
489 return getattr(x, which)
492 # Get a pretty-print subject name of the certificate
494 def get_printable_subject(self):
495 x = self.cert.get_subject()
496 return "[ OU: %s, CN: %s, SubjectAltName: %s ]" % (getattr(x, "OU"), getattr(x, "CN"), self.get_data())
499 # Get the public key of the certificate.
501 # @param key Keypair object containing the public key
503 def set_pubkey(self, key):
504 assert(isinstance(key, Keypair))
505 self.cert.set_pubkey(key.get_openssl_pkey())
508 # Get the public key of the certificate.
509 # It is returned in the form of a Keypair object.
511 def get_pubkey(self):
512 m2x509 = X509.load_cert_string(self.save_to_string())
514 pkey.key = self.cert.get_pubkey()
515 pkey.m2key = m2x509.get_pubkey()
518 def set_intermediate_ca(self, val):
519 return self.set_is_ca(val)
521 # Set whether this cert is for a CA. All signers and only signers should be CAs.
522 # The local member starts unset, letting us check that you only set it once
523 # @param val Boolean indicating whether this cert is for a CA
524 def set_is_ca(self, val):
528 if self.isCA != None:
529 # Can't double set properties
530 raise Exception, "Cannot set basicConstraints CA:?? more than once. Was %s, trying to set as %s" % (self.isCA, val)
534 self.add_extension('basicConstraints', 1, 'CA:TRUE')
536 self.add_extension('basicConstraints', 1, 'CA:FALSE')
541 # Add an X509 extension to the certificate. Add_extension can only be called
542 # once for a particular extension name, due to limitations in the underlying
545 # @param name string containing name of extension
546 # @param value string containing value of the extension
548 def add_extension(self, name, critical, value):
551 oldExtVal = self.get_extension(name)
553 # M2Crypto LookupError when the extension isn't there (yet)
556 # This code limits you from adding the extension with the same value
557 # The method comment says you shouldn't do this with the same name
558 # But actually it (m2crypto) appears to allow you to do this.
559 if oldExtVal and oldExtVal == value:
560 # don't add this extension again
561 # just do nothing as here
563 # FIXME: What if they are trying to set with a different value?
564 # Is this ever OK? Or should we raise an exception?
566 # raise "Cannot add extension %s which had val %s with new val %s" % (name, oldExtVal, value)
568 ext = crypto.X509Extension (name, critical, value)
569 self.cert.add_extensions([ext])
572 # Get an X509 extension from the certificate
574 def get_extension(self, name):
576 # pyOpenSSL does not have a way to get extensions
577 m2x509 = X509.load_cert_string(self.save_to_string())
578 value = m2x509.get_ext(name).get_value()
583 # Set_data is a wrapper around add_extension. It stores the parameter str in
584 # the X509 subject_alt_name extension. Set_data can only be called once, due
585 # to limitations in the underlying library.
587 def set_data(self, str, field='subjectAltName'):
588 # pyOpenSSL only allows us to add extensions, so if we try to set the
589 # same extension more than once, it will not work
590 if self.data.has_key(field):
591 raise "Cannot set ", field, " more than once"
592 self.data[field] = str
593 self.add_extension(field, 0, str)
596 # Return the data string that was previously set with set_data
598 def get_data(self, field='subjectAltName'):
599 if self.data.has_key(field):
600 return self.data[field]
603 uri = self.get_extension(field)
604 self.data[field] = uri
608 return self.data[field]
611 # Sign the certificate using the issuer private key and issuer subject previous set with set_issuer().
614 logger.debug('certificate.sign')
615 assert self.cert != None
616 assert self.issuerSubject != None
617 assert self.issuerKey != None
618 self.cert.set_issuer(self.issuerSubject)
619 self.cert.sign(self.issuerKey.get_openssl_pkey(), self.digest)
622 # Verify the authenticity of a certificate.
623 # @param pkey is a Keypair object representing a public key. If Pkey
624 # did not sign the certificate, then an exception will be thrown.
626 def verify(self, pkey):
627 # pyOpenSSL does not have a way to verify signatures
628 m2x509 = X509.load_cert_string(self.save_to_string())
629 m2pkey = pkey.get_m2_pkey()
631 return m2x509.verify(m2pkey)
633 # XXX alternatively, if openssl has been patched, do the much simpler:
635 # self.cert.verify(pkey.get_openssl_key())
641 # Return True if pkey is identical to the public key that is contained in the certificate.
642 # @param pkey Keypair object
644 def is_pubkey(self, pkey):
645 return self.get_pubkey().is_same(pkey)
648 # Given a certificate cert, verify that this certificate was signed by the
649 # public key contained in cert. Throw an exception otherwise.
651 # @param cert certificate object
653 def is_signed_by_cert(self, cert):
654 k = cert.get_pubkey()
655 result = self.verify(k)
659 # Set the parent certficiate.
661 # @param p certificate object.
663 def set_parent(self, p):
667 # Return the certificate object of the parent of this certificate.
669 def get_parent(self):
673 # Verification examines a chain of certificates to ensure that each parent
674 # signs the child, and that some certificate in the chain is signed by a
675 # trusted certificate.
677 # Verification is a basic recursion: <pre>
678 # if this_certificate was signed by trusted_certs:
681 # return verify_chain(parent, trusted_certs)
684 # At each recursion, the parent is tested to ensure that it did sign the
685 # child. If a parent did not sign a child, then an exception is thrown. If
686 # the bottom of the recursion is reached and the certificate does not match
687 # a trusted root, then an exception is thrown.
688 # Also require that parents are CAs.
690 # @param Trusted_certs is a list of certificates that are trusted.
693 def verify_chain(self, trusted_certs = None):
694 # Verify a chain of certificates. Each certificate must be signed by
695 # the public key contained in it's parent. The chain is recursed
696 # until a certificate is found that is signed by a trusted root.
698 # verify expiration time
699 if self.cert.has_expired():
700 logger.debug("verify_chain: NO, Certificate %s has expired" % self.get_printable_subject())
701 raise CertExpired(self.get_printable_subject(), "client cert")
703 # if this cert is signed by a trusted_cert, then we are set
704 for trusted_cert in trusted_certs:
705 if self.is_signed_by_cert(trusted_cert):
706 # verify expiration of trusted_cert ?
707 if not trusted_cert.cert.has_expired():
708 logger.debug("verify_chain: YES. Cert %s signed by trusted cert %s"%(
709 self.get_printable_subject(), trusted_cert.get_printable_subject()))
712 logger.debug("verify_chain: NO. Cert %s is signed by trusted_cert %s, but that signer is expired..."%(
713 self.get_printable_subject(),trusted_cert.get_printable_subject()))
714 raise CertExpired(self.get_printable_subject()," signer trusted_cert %s"%trusted_cert.get_printable_subject())
716 # if there is no parent, then no way to verify the chain
718 logger.debug("verify_chain: NO. %s has no parent and issuer %s is not in %d trusted roots"%(self.get_printable_subject(), self.get_issuer(), len(trusted_certs)))
719 raise CertMissingParent(self.get_printable_subject() + ": Issuer %s is not one of the %d trusted roots, and cert has no parent." % (self.get_issuer(), len(trusted_certs)))
721 # if it wasn't signed by the parent...
722 if not self.is_signed_by_cert(self.parent):
723 logger.debug("verify_chain: NO. %s is not signed by parent %s, but by %s"%\
724 (self.get_printable_subject(),
725 self.parent.get_printable_subject(),
727 raise CertNotSignedByParent("%s: Parent %s, issuer %s"\
728 % (self.get_printable_subject(),
729 self.parent.get_printable_subject(),
732 # Confirm that the parent is a CA. Only CAs can be trusted as
734 # Note that trusted roots are not parents, so don't need to be
736 # Ugly - cert objects aren't parsed so we need to read the
737 # extension and hope there are no other basicConstraints
738 if not self.parent.isCA and not (self.parent.get_extension('basicConstraints') == 'CA:TRUE'):
739 logger.warn("verify_chain: cert %s's parent %s is not a CA" % \
740 (self.get_printable_subject(), self.parent.get_printable_subject()))
741 raise CertNotSignedByParent("%s: Parent %s not a CA" % (self.get_printable_subject(),
742 self.parent.get_printable_subject()))
744 # if the parent isn't verified...
745 logger.debug("verify_chain: .. %s, -> verifying parent %s"%\
746 (self.get_printable_subject(),self.parent.get_printable_subject()))
747 self.parent.verify_chain(trusted_certs)
751 ### more introspection
752 def get_extensions(self):
753 # pyOpenSSL does not have a way to get extensions
755 m2x509 = X509.load_cert_string(self.save_to_string())
756 nb_extensions=m2x509.get_ext_count()
757 logger.debug("X509 had %d extensions"%nb_extensions)
758 for i in range(nb_extensions):
759 ext=m2x509.get_ext_at(i)
760 triples.append( (ext.get_name(), ext.get_value(), ext.get_critical(),) )
763 def get_data_names(self):
764 return self.data.keys()
766 def get_all_datas (self):
767 triples=self.get_extensions()
768 for name in self.get_data_names():
769 triples.append( (name,self.get_data(name),'data',) )
773 def get_filename(self):
774 return getattr(self,'filename',None)
776 def dump (self, *args, **kwargs):
777 print self.dump_string(*args, **kwargs)
779 def dump_string (self,show_extensions=False):
781 result += "CERTIFICATE for %s\n"%self.get_printable_subject()
782 result += "Issued by %s\n"%self.get_issuer()
783 filename=self.get_filename()
784 if filename: result += "Filename %s\n"%filename
786 all_datas=self.get_all_datas()
787 result += " has %d extensions/data attached"%len(all_datas)
788 for (n,v,c) in all_datas:
790 result += " data: %s=%s\n"%(n,v)
792 result += " ext: %s (crit=%s)=<<<%s>>>\n"%(n,c,v)