Joanna Jeremicz | 9c14f19 | 2020-03-19 14:51:51 +0100 | [diff] [blame^] | 1 | from OpenSSL import crypto |
| 2 | from cryptography.x509.oid import ExtensionOID |
| 3 | from cryptography import x509 |
| 4 | from EnvsReader import EnvsReader |
| 5 | |
| 6 | class JksFilesValidator: |
| 7 | |
| 8 | def __init__(self, mount_path): |
| 9 | self.keystorePassPath = mount_path + '/keystore.pass' |
| 10 | self.keystoreJksPath = mount_path + '/keystore.jks' |
| 11 | self.truststorePassPath = mount_path + '/truststore.pass' |
| 12 | self.truststoreJksPath = mount_path + '/truststore.jks' |
| 13 | |
| 14 | def get_and_compare_data(self, path_to_env): |
| 15 | data = self.get_data(path_to_env) |
| 16 | return data, self.contains_expected_data(data) |
| 17 | |
| 18 | def can_open_keystore_and_truststore_with_pass(self): |
| 19 | can_open_keystore = self.can_open_jks_file_with_pass_file(self.keystorePassPath, self.keystoreJksPath) |
| 20 | can_open_truststore = self.can_open_jks_file_with_pass_file(self.truststorePassPath, self.truststoreJksPath) |
| 21 | |
| 22 | return can_open_keystore & can_open_truststore |
| 23 | |
| 24 | def can_open_jks_file_with_pass_file(self, pass_file_path, jks_file_path): |
| 25 | try: |
| 26 | self.get_certificate(pass_file_path, jks_file_path) |
| 27 | return True |
| 28 | except: |
| 29 | return False |
| 30 | |
| 31 | def get_data(self, path_to_env): |
| 32 | envs = self.get_envs_as_dict(EnvsReader().read_env_list_from_file(path_to_env)) |
| 33 | certificate = self.get_certificate(self.keystorePassPath, self.keystoreJksPath) |
| 34 | data = self.get_owner_data_from_certificate(certificate) |
| 35 | data['SANS'] = self.get_sans(certificate) |
| 36 | return type('', (object,), {"expectedData": envs, "actualData": data}) |
| 37 | |
| 38 | def contains_expected_data(self, data): |
| 39 | expectedData = data.expectedData |
| 40 | actualData = data.actualData |
| 41 | return cmp(expectedData, actualData) == 0 |
| 42 | |
| 43 | def get_owner_data_from_certificate(self, certificate): |
| 44 | list = certificate.get_subject().get_components() |
| 45 | return dict((k, v) for k, v in list) |
| 46 | |
| 47 | def get_certificate(self, pass_file_path, jks_file_path): |
| 48 | password = open(pass_file_path, 'rb').read() |
| 49 | crypto.load_pkcs12(open(jks_file_path, 'rb').read(), password) |
| 50 | return crypto.load_pkcs12(open(jks_file_path, 'rb').read(), password).get_certificate() |
| 51 | |
| 52 | def get_sans(self, cert): |
| 53 | extension = cert.to_cryptography().extensions.get_extension_for_oid(ExtensionOID.SUBJECT_ALTERNATIVE_NAME) |
| 54 | dnsList = extension.value.get_values_for_type(x509.DNSName) |
| 55 | return ':'.join(map(lambda dns: dns.encode('ascii','ignore'), dnsList)) |
| 56 | |
| 57 | def get_envs_as_dict(self, list): |
| 58 | envs = self.get_list_of_pairs_by_mappings(list) |
| 59 | return self.remove_nones_from_dict(envs) |
| 60 | |
| 61 | def remove_nones_from_dict(self, dictionary): |
| 62 | return dict((k, v) for k, v in dictionary.iteritems() if k is not None) |
| 63 | |
| 64 | def get_list_of_pairs_by_mappings(self, list): |
| 65 | mappings = self.get_mappings() |
| 66 | listOfEnvs = map(lambda k: k.split('='), list) |
| 67 | return dict((mappings.get(a[0]), a[1]) for a in listOfEnvs) |
| 68 | |
| 69 | def get_mappings(self): |
| 70 | return {'COMMON_NAME':'CN', 'ORGANIZATION':'O', 'ORGANIZATION_UNIT':'OU', 'LOCATION':'L', 'STATE':'ST', 'COUNTRY':'C', 'SANS':'SANS'} |