Python OpenSSL.crypto.load_pkcs12() Examples

The following are 30 code examples of OpenSSL.crypto.load_pkcs12(). You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may also want to check out all available functions/classes of the module OpenSSL.crypto , or try the search function .
Example #1
Source File: crypt.py    From twitter-for-bigquery with Apache License 2.0 6 votes vote down vote up
def from_string(key, password='notasecret'):
      """Construct a Signer instance from a string.

      Args:
        key: string, private key in PKCS12 or PEM format.
        password: string, password for the private key file.

      Returns:
        Signer instance.

      Raises:
        OpenSSL.crypto.Error if the key can't be parsed.
      """
      if key.startswith('-----BEGIN '):
        pkey = crypto.load_privatekey(crypto.FILETYPE_PEM, key)
      else:
        pkey = crypto.load_pkcs12(key, password).get_privatekey()
      return OpenSSLSigner(pkey) 
Example #2
Source File: test_xades.py    From python-xades with BSD 3-Clause "New" or "Revised" License 6 votes vote down vote up
def test_sign(self):
        root = parse_xml("data/unsigned-sample.xml")
        sign = root.xpath("//ds:Signature", namespaces={"ds": xmlsig.constants.DSigNs})[
            0
        ]
        policy = GenericPolicyId(
            "http://www.facturae.es/politica_de_firma_formato_facturae/"
            "politica_de_firma_formato_facturae_v3_1.pdf",
            u"Politica de Firma FacturaE v3.1",
            xmlsig.constants.TransformSha1,
        )
        ctx = XAdESContext(policy)
        with open(path.join(BASE_DIR, "data/keyStore.p12"), "rb") as key_file:
            ctx.load_pkcs12(crypto.load_pkcs12(key_file.read()))
        with patch("xades.policy.urllib.urlopen") as mock:
            mock.return_value = UrllibMock()
            ctx.sign(sign)
            ctx.verify(sign) 
Example #3
Source File: crypt.py    From splunk-ref-pas-code with Apache License 2.0 6 votes vote down vote up
def from_string(key, password='notasecret'):
      """Construct a Signer instance from a string.

      Args:
        key: string, private key in PKCS12 or PEM format.
        password: string, password for the private key file.

      Returns:
        Signer instance.

      Raises:
        OpenSSL.crypto.Error if the key can't be parsed.
      """
      if key.startswith('-----BEGIN '):
        pkey = crypto.load_privatekey(crypto.FILETYPE_PEM, key)
      else:
        pkey = crypto.load_pkcs12(key, password).get_privatekey()
      return OpenSSLSigner(pkey) 
Example #4
Source File: crypt.py    From sndlatr with Apache License 2.0 6 votes vote down vote up
def from_string(key, password='notasecret'):
      """Construct a Signer instance from a string.

      Args:
        key: string, private key in PKCS12 or PEM format.
        password: string, password for the private key file.

      Returns:
        Signer instance.

      Raises:
        OpenSSL.crypto.Error if the key can't be parsed.
      """
      if key.startswith('-----BEGIN '):
        pkey = crypto.load_privatekey(crypto.FILETYPE_PEM, key)
      else:
        pkey = crypto.load_pkcs12(key, password).get_privatekey()
      return OpenSSLSigner(pkey) 
Example #5
Source File: test_crypto.py    From oss-ftp with MIT License 6 votes vote down vote up
def test_key_only(self):
        """
        A :py:obj:`PKCS12` with only a private key can be exported using
        :py:obj:`PKCS12.export` and loaded again using :py:obj:`load_pkcs12`.
        """
        passwd = b"blah"
        p12 = PKCS12()
        pkey = load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM)
        p12.set_privatekey(pkey)
        self.assertEqual(None, p12.get_certificate())
        self.assertEqual(pkey, p12.get_privatekey())
        try:
            dumped_p12 = p12.export(passphrase=passwd, iter=2, maciter=3)
        except Error:
            # Some versions of OpenSSL will throw an exception
            # for this nearly useless PKCS12 we tried to generate:
            # [('PKCS12 routines', 'PKCS12_create', 'invalid null argument')]
            return
        p12 = load_pkcs12(dumped_p12, passwd)
        self.assertEqual(None, p12.get_ca_certificates())
        self.assertEqual(None, p12.get_certificate())

        # OpenSSL fails to bring the key back to us.  So sad.  Perhaps in the
        # future this will be improved.
        self.assertTrue(isinstance(p12.get_privatekey(), (PKey, type(None)))) 
Example #6
Source File: _openssl_crypt.py    From aqua-monitor with GNU Lesser General Public License v3.0 6 votes vote down vote up
def from_string(key, password=b'notasecret'):
        """Construct a Signer instance from a string.

        Args:
            key: string, private key in PKCS12 or PEM format.
            password: string, password for the private key file.

        Returns:
            Signer instance.

        Raises:
            OpenSSL.crypto.Error if the key can't be parsed.
        """
        key = _to_bytes(key)
        parsed_pem_key = _parse_pem_key(key)
        if parsed_pem_key:
            pkey = crypto.load_privatekey(crypto.FILETYPE_PEM, parsed_pem_key)
        else:
            password = _to_bytes(password, encoding='utf-8')
            pkey = crypto.load_pkcs12(key, password).get_privatekey()
        return OpenSSLSigner(pkey) 
Example #7
Source File: test_crypto.py    From oss-ftp with MIT License 6 votes vote down vote up
def test_load_without_mac(self):
        """
        Loading a PKCS12 without a MAC does something other than crash.
        """
        passwd = b"Lake Michigan"
        p12 = self.gen_pkcs12(server_cert_pem, server_key_pem, root_cert_pem)
        dumped_p12 = p12.export(maciter=-1, passphrase=passwd, iter=2)
        try:
            recovered_p12 = load_pkcs12(dumped_p12, passwd)
            # The person who generated this PCKS12 should be flogged,
            # or better yet we should have a means to determine
            # whether a PCKS12 had a MAC that was verified.
            # Anyway, libopenssl chooses to allow it, so the
            # pyopenssl binding does as well.
            self.assertTrue(isinstance(recovered_p12, PKCS12))
        except Error:
            # Failing here with an exception is preferred as some openssl
            # versions do.
            pass 
Example #8
Source File: crypt.py    From billing-export-python with Apache License 2.0 6 votes vote down vote up
def from_string(key, password='notasecret'):
      """Construct a Signer instance from a string.

      Args:
        key: string, private key in PKCS12 or PEM format.
        password: string, password for the private key file.

      Returns:
        Signer instance.

      Raises:
        OpenSSL.crypto.Error if the key can't be parsed.
      """
      if key.startswith('-----BEGIN '):
        pkey = crypto.load_privatekey(crypto.FILETYPE_PEM, key)
      else:
        pkey = crypto.load_pkcs12(key, password).get_privatekey()
      return OpenSSLSigner(pkey) 
Example #9
Source File: crypt.py    From googleapps-message-recall with Apache License 2.0 6 votes vote down vote up
def from_string(key, password='notasecret'):
      """Construct a Signer instance from a string.

      Args:
        key: string, private key in PKCS12 or PEM format.
        password: string, password for the private key file.

      Returns:
        Signer instance.

      Raises:
        OpenSSL.crypto.Error if the key can't be parsed.
      """
      if key.startswith('-----BEGIN '):
        pkey = crypto.load_privatekey(crypto.FILETYPE_PEM, key)
      else:
        pkey = crypto.load_pkcs12(key, password).get_privatekey()
      return OpenSSLSigner(pkey) 
Example #10
Source File: publickey.py    From chepy with GNU General Public License v3.0 6 votes vote down vote up
def dump_pkcs12_cert(self, password: str):
        """Get the private key and cert from pkcs12 cert
        
        Args:
            password (str): Password for certificate
        
        Returns:
            Chepy: The Chepy object. 
        """
        if isinstance(password, str):
            password = password.encode()
        pk12 = _pyssl_crypto.load_pkcs12(self._convert_to_bytes(), password)
        self.state = {
            "private": _pyssl_crypto.dump_privatekey(
                _pyssl_crypto.FILETYPE_PEM, pk12.get_privatekey()
            ),
            "cert": _pyssl_crypto.dump_certificate(
                _pyssl_crypto.FILETYPE_PEM, pk12.get_certificate()
            ),
        }
        return self 
Example #11
Source File: _openssl_crypt.py    From alfred-gmail with MIT License 6 votes vote down vote up
def from_string(key, password=b'notasecret'):
        """Construct a Signer instance from a string.

        Args:
            key: string, private key in PKCS12 or PEM format.
            password: string, password for the private key file.

        Returns:
            Signer instance.

        Raises:
            OpenSSL.crypto.Error if the key can't be parsed.
        """
        key = _helpers._to_bytes(key)
        parsed_pem_key = _helpers._parse_pem_key(key)
        if parsed_pem_key:
            pkey = crypto.load_privatekey(crypto.FILETYPE_PEM, parsed_pem_key)
        else:
            password = _helpers._to_bytes(password, encoding='utf-8')
            pkey = crypto.load_pkcs12(key, password).get_privatekey()
        return OpenSSLSigner(pkey) 
Example #12
Source File: _openssl_crypt.py    From luci-py with Apache License 2.0 6 votes vote down vote up
def from_string(key, password=b'notasecret'):
        """Construct a Signer instance from a string.

        Args:
            key: string, private key in PKCS12 or PEM format.
            password: string, password for the private key file.

        Returns:
            Signer instance.

        Raises:
            OpenSSL.crypto.Error if the key can't be parsed.
        """
        key = _to_bytes(key)
        parsed_pem_key = _parse_pem_key(key)
        if parsed_pem_key:
            pkey = crypto.load_privatekey(crypto.FILETYPE_PEM, parsed_pem_key)
        else:
            password = _to_bytes(password, encoding='utf-8')
            pkey = crypto.load_pkcs12(key, password).get_privatekey()
        return OpenSSLSigner(pkey) 
Example #13
Source File: _openssl_crypt.py    From luci-py with Apache License 2.0 6 votes vote down vote up
def from_string(key, password=b'notasecret'):
        """Construct a Signer instance from a string.

        Args:
            key: string, private key in PKCS12 or PEM format.
            password: string, password for the private key file.

        Returns:
            Signer instance.

        Raises:
            OpenSSL.crypto.Error if the key can't be parsed.
        """
        key = _to_bytes(key)
        parsed_pem_key = _parse_pem_key(key)
        if parsed_pem_key:
            pkey = crypto.load_privatekey(crypto.FILETYPE_PEM, parsed_pem_key)
        else:
            password = _to_bytes(password, encoding='utf-8')
            pkey = crypto.load_pkcs12(key, password).get_privatekey()
        return OpenSSLSigner(pkey) 
Example #14
Source File: _openssl_crypt.py    From luci-py with Apache License 2.0 6 votes vote down vote up
def from_string(key, password=b'notasecret'):
        """Construct a Signer instance from a string.

        Args:
            key: string, private key in PKCS12 or PEM format.
            password: string, password for the private key file.

        Returns:
            Signer instance.

        Raises:
            OpenSSL.crypto.Error if the key can't be parsed.
        """
        key = _to_bytes(key)
        parsed_pem_key = _parse_pem_key(key)
        if parsed_pem_key:
            pkey = crypto.load_privatekey(crypto.FILETYPE_PEM, parsed_pem_key)
        else:
            password = _to_bytes(password, encoding='utf-8')
            pkey = crypto.load_pkcs12(key, password).get_privatekey()
        return OpenSSLSigner(pkey) 
Example #15
Source File: _openssl_crypt.py    From luci-py with Apache License 2.0 6 votes vote down vote up
def from_string(key, password=b'notasecret'):
        """Construct a Signer instance from a string.

        Args:
            key: string, private key in PKCS12 or PEM format.
            password: string, password for the private key file.

        Returns:
            Signer instance.

        Raises:
            OpenSSL.crypto.Error if the key can't be parsed.
        """
        key = _to_bytes(key)
        parsed_pem_key = _parse_pem_key(key)
        if parsed_pem_key:
            pkey = crypto.load_privatekey(crypto.FILETYPE_PEM, parsed_pem_key)
        else:
            password = _to_bytes(password, encoding='utf-8')
            pkey = crypto.load_pkcs12(key, password).get_privatekey()
        return OpenSSLSigner(pkey) 
Example #16
Source File: _openssl_crypt.py    From luci-py with Apache License 2.0 6 votes vote down vote up
def from_string(key, password=b'notasecret'):
        """Construct a Signer instance from a string.

        Args:
            key: string, private key in PKCS12 or PEM format.
            password: string, password for the private key file.

        Returns:
            Signer instance.

        Raises:
            OpenSSL.crypto.Error if the key can't be parsed.
        """
        key = _to_bytes(key)
        parsed_pem_key = _parse_pem_key(key)
        if parsed_pem_key:
            pkey = crypto.load_privatekey(crypto.FILETYPE_PEM, parsed_pem_key)
        else:
            password = _to_bytes(password, encoding='utf-8')
            pkey = crypto.load_pkcs12(key, password).get_privatekey()
        return OpenSSLSigner(pkey) 
Example #17
Source File: nota.py    From PySIGNFe with GNU Lesser General Public License v2.1 6 votes vote down vote up
def extrair_certificado_a1(self, arquivo, senha):
        '''
        Extrai o conteúdo do certificado A1
        @param arquivo:arquivo binário do certificado
        @param senha: senha do certificado.
        @return: dicionário com a string do certificado, chave privada, emissor, proprietario, data_inicio_validade e
        data_final_validade.
        '''
        
        conteudo_pkcs12 = crypto.load_pkcs12(arquivo, senha)
        key_str = crypto.dump_privatekey(crypto.FILETYPE_PEM, conteudo_pkcs12.get_privatekey())
        cert_str = crypto.dump_certificate(crypto.FILETYPE_PEM, conteudo_pkcs12.get_certificate())
        
        certificado = Certificado()
        certificado.prepara_certificado_txt(cert_str.decode('utf-8'))
        
        vals = {'cert': cert_str.decode('utf-8'),
                'key': key_str.decode('utf-8'),
                'emissor': certificado.emissor.get('OU'),
                'proprietario': certificado.proprietario.get('CN'),
                'data_inicio_validade': certificado.data_inicio_validade,
                'data_final_validade': certificado.data_fim_validade,
        }
        return vals 
Example #18
Source File: main.py    From acs-keyvault-agent with MIT License 6 votes vote down vote up
def _dump_pfx(self, pfx, cert_filename, key_filename):
        p12 = crypto.load_pkcs12(base64.decodestring(pfx))
        pk = crypto.dump_privatekey(crypto.FILETYPE_PEM, p12.get_privatekey())
        if os.getenv('DOWNLOAD_CA_CERTIFICATES','true').lower() == "true":
            certs = (p12.get_certificate(),) + (p12.get_ca_certificates() or ())
        else:     
            certs = (p12.get_certificate(),)

        if (cert_filename == key_filename):
            key_path = os.path.join(self._keys_output_folder, key_filename)
            cert_path = os.path.join(self._certs_output_folder, cert_filename)
        else:
            # write to certs_keys folder when cert_filename and key_filename specified
            key_path = os.path.join(self._cert_keys_output_folder, key_filename)
            cert_path = os.path.join(self._cert_keys_output_folder, cert_filename)

        _logger.info('Dumping key value to: %s', key_path)
        with open(key_path, 'w') as key_file:
            key_file.write(pk)

        _logger.info('Dumping certs to: %s', cert_path)
        with open(cert_path, 'w') as cert_file:
            for cert in certs:
                cert_file.write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert)) 
Example #19
Source File: test_crypto.py    From pyopenssl with Apache License 2.0 6 votes vote down vote up
def test_key_only(self):
        """
        A `PKCS12` with only a private key can be exported using
        `PKCS12.export` and loaded again using `load_pkcs12`.
        """
        passwd = b"blah"
        p12 = PKCS12()
        pkey = load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM)
        p12.set_privatekey(pkey)
        assert None is p12.get_certificate()
        assert pkey == p12.get_privatekey()
        try:
            dumped_p12 = p12.export(passphrase=passwd, iter=2, maciter=3)
        except Error:
            # Some versions of OpenSSL will throw an exception
            # for this nearly useless PKCS12 we tried to generate:
            # [('PKCS12 routines', 'PKCS12_create', 'invalid null argument')]
            return
        p12 = load_pkcs12(dumped_p12, passwd)
        assert None is p12.get_ca_certificates()
        assert None is p12.get_certificate()

        # OpenSSL fails to bring the key back to us.  So sad.  Perhaps in the
        # future this will be improved.
        assert isinstance(p12.get_privatekey(), (PKey, type(None))) 
Example #20
Source File: test_crypto.py    From pyopenssl with Apache License 2.0 6 votes vote down vote up
def test_load_pkcs12(self):
        """
        A PKCS12 string generated using the openssl command line can be loaded
        with `load_pkcs12` and its components extracted and examined.
        """
        passwd = b"whatever"
        pem = client_key_pem + client_cert_pem
        p12_str = _runopenssl(
            pem,
            b"pkcs12",
            b"-export",
            b"-clcerts",
            b"-passout",
            b"pass:" + passwd
        )
        p12 = load_pkcs12(p12_str, passphrase=passwd)
        self.verify_pkcs12_container(p12) 
Example #21
Source File: test_crypto.py    From pyopenssl with Apache License 2.0 6 votes vote down vote up
def test_load_pkcs12_text_passphrase(self):
        """
        A PKCS12 string generated using the openssl command line can be loaded
        with `load_pkcs12` and its components extracted and examined.
        Using text as passphrase instead of bytes. DeprecationWarning expected.
        """
        pem = client_key_pem + client_cert_pem
        passwd = b"whatever"
        p12_str = _runopenssl(pem, b"pkcs12", b"-export", b"-clcerts",
                              b"-passout", b"pass:" + passwd)
        with pytest.warns(DeprecationWarning) as w:
            simplefilter("always")
            p12 = load_pkcs12(p12_str, passphrase=b"whatever".decode("ascii"))
            assert (
                "{0} for passphrase is no longer accepted, use bytes".format(
                    WARNING_TYPE_EXPECTED
                ) == str(w[-1].message))

        self.verify_pkcs12_container(p12) 
Example #22
Source File: test_crypto.py    From pyopenssl with Apache License 2.0 6 votes vote down vote up
def test_load_without_mac(self):
        """
        Loading a PKCS12 without a MAC does something other than crash.
        """
        passwd = b"Lake Michigan"
        p12 = self.gen_pkcs12(server_cert_pem, server_key_pem, root_cert_pem)
        dumped_p12 = p12.export(maciter=-1, passphrase=passwd, iter=2)
        try:
            recovered_p12 = load_pkcs12(dumped_p12, passwd)
            # The person who generated this PCKS12 should be flogged,
            # or better yet we should have a means to determine
            # whether a PCKS12 had a MAC that was verified.
            # Anyway, libopenssl chooses to allow it, so the
            # pyopenssl binding does as well.
            assert isinstance(recovered_p12, PKCS12)
        except Error:
            # Failing here with an exception is preferred as some openssl
            # versions do.
            pass 
Example #23
Source File: _openssl_crypt.py    From jarvis with GNU General Public License v2.0 6 votes vote down vote up
def from_string(key, password=b'notasecret'):
        """Construct a Signer instance from a string.

        Args:
            key: string, private key in PKCS12 or PEM format.
            password: string, password for the private key file.

        Returns:
            Signer instance.

        Raises:
            OpenSSL.crypto.Error if the key can't be parsed.
        """
        key = _helpers._to_bytes(key)
        parsed_pem_key = _helpers._parse_pem_key(key)
        if parsed_pem_key:
            pkey = crypto.load_privatekey(crypto.FILETYPE_PEM, parsed_pem_key)
        else:
            password = _helpers._to_bytes(password, encoding='utf-8')
            pkey = crypto.load_pkcs12(key, password).get_privatekey()
        return OpenSSLSigner(pkey) 
Example #24
Source File: _openssl_crypt.py    From data with GNU General Public License v3.0 6 votes vote down vote up
def from_string(key, password=b'notasecret'):
        """Construct a Signer instance from a string.

        Args:
            key: string, private key in PKCS12 or PEM format.
            password: string, password for the private key file.

        Returns:
            Signer instance.

        Raises:
            OpenSSL.crypto.Error if the key can't be parsed.
        """
        parsed_pem_key = _parse_pem_key(key)
        if parsed_pem_key:
            pkey = crypto.load_privatekey(crypto.FILETYPE_PEM, parsed_pem_key)
        else:
            password = _to_bytes(password, encoding='utf-8')
            pkey = crypto.load_pkcs12(key, password).get_privatekey()
        return OpenSSLSigner(pkey) 
Example #25
Source File: _openssl_crypt.py    From data with GNU General Public License v3.0 6 votes vote down vote up
def pkcs12_key_as_pem(private_key_text, private_key_password):
    """Convert the contents of a PKCS12 key to PEM using OpenSSL.

    Args:
        private_key_text: String. Private key.
        private_key_password: String. Password for PKCS12.

    Returns:
        String. PEM contents of ``private_key_text``.
    """
    decoded_body = base64.b64decode(private_key_text)
    private_key_password = _to_bytes(private_key_password)

    pkcs12 = crypto.load_pkcs12(decoded_body, private_key_password)
    return crypto.dump_privatekey(crypto.FILETYPE_PEM,
                                  pkcs12.get_privatekey()) 
Example #26
Source File: crypt.py    From data with GNU General Public License v3.0 6 votes vote down vote up
def from_string(key, password='notasecret'):
      """Construct a Signer instance from a string.

      Args:
        key: string, private key in PKCS12 or PEM format.
        password: string, password for the private key file.

      Returns:
        Signer instance.

      Raises:
        OpenSSL.crypto.Error if the key can't be parsed.
      """
      if key.startswith('-----BEGIN '):
        pkey = crypto.load_privatekey(crypto.FILETYPE_PEM, key)
      else:
        pkey = crypto.load_pkcs12(key, password).get_privatekey()
      return OpenSSLSigner(pkey) 
Example #27
Source File: crypt.py    From data with GNU General Public License v3.0 6 votes vote down vote up
def from_string(key, password='notasecret'):
      """Construct a Signer instance from a string.

      Args:
        key: string, private key in PKCS12 or PEM format.
        password: string, password for the private key file.

      Returns:
        Signer instance.

      Raises:
        OpenSSL.crypto.Error if the key can't be parsed.
      """
      if key.startswith('-----BEGIN '):
        pkey = crypto.load_privatekey(crypto.FILETYPE_PEM, key)
      else:
        pkey = crypto.load_pkcs12(key, password).get_privatekey()
      return OpenSSLSigner(pkey) 
Example #28
Source File: crypt.py    From data with GNU General Public License v3.0 6 votes vote down vote up
def from_string(key, password='notasecret'):
      """Construct a Signer instance from a string.

      Args:
        key: string, private key in PKCS12 or PEM format.
        password: string, password for the private key file.

      Returns:
        Signer instance.

      Raises:
        OpenSSL.crypto.Error if the key can't be parsed.
      """
      if key.startswith('-----BEGIN '):
        pkey = crypto.load_privatekey(crypto.FILETYPE_PEM, key)
      else:
        pkey = crypto.load_pkcs12(key, password).get_privatekey()
      return OpenSSLSigner(pkey) 
Example #29
Source File: _openssl_crypt.py    From data with GNU General Public License v3.0 6 votes vote down vote up
def pkcs12_key_as_pem(private_key_text, private_key_password):
    """Convert the contents of a PKCS12 key to PEM using OpenSSL.

    Args:
        private_key_text: String. Private key.
        private_key_password: String. Password for PKCS12.

    Returns:
        String. PEM contents of ``private_key_text``.
    """
    decoded_body = base64.b64decode(private_key_text)
    private_key_password = _to_bytes(private_key_password)

    pkcs12 = crypto.load_pkcs12(decoded_body, private_key_password)
    return crypto.dump_privatekey(crypto.FILETYPE_PEM,
                                  pkcs12.get_privatekey()) 
Example #30
Source File: crypt.py    From data with GNU General Public License v3.0 6 votes vote down vote up
def from_string(key, password='notasecret'):
      """Construct a Signer instance from a string.

      Args:
        key: string, private key in PKCS12 or PEM format.
        password: string, password for the private key file.

      Returns:
        Signer instance.

      Raises:
        OpenSSL.crypto.Error if the key can't be parsed.
      """
      if key.startswith('-----BEGIN '):
        pkey = crypto.load_privatekey(crypto.FILETYPE_PEM, key)
      else:
        pkey = crypto.load_pkcs12(key, password).get_privatekey()
      return OpenSSLSigner(pkey)