1
2
3
4
5
6
7 """
8 Functions to verify, sign, encrypt and decrypt SMIME files, build on top of
9 pysmime/core.
10 """
11
12 import logging
13
14 from util import BIO_from_buffer, BIO_from_file_path
15 from core import encrypt, sign, decrypt, verify
16
17
18 -def file_encrypt(input_file_path, recipient_cert, output_file_path=None,
19 keyring_source='file', cypher='des_ede3_cbc'):
20 """
21 Encrypts the input file data with public key of input certificate. If an
22 output file path is present, the encrypted data is also written to that
23 file.
24
25 @type input_file_path: filepath
26 @param input_file_path: the filepath from where retrieve the data to
27 encrypt
28 @type recipient_cert: filepath or M2Crypto.BIO or M2Crypto.X509.X509
29 @param recipient_cert: the recipient certificate reference from filepath,
30 could be from file, from memory or from pkcs11 smartcard, based on
31 keyring_source input parameter.
32 @type output_file_path: filepath
33 @param output_file_path: if present, the filepath where to write the
34 encrypted data.
35 @type keyring_source: str
36 @keyword keyring_source: the type of the source for input certificate, used
37 to recall the appropriate method for encrypter settings. Ammitted
38 values are: file, memory, pkcs11.
39 @type cypher: str
40 @keyword cypher: the cypher to use for encryption of the data, run
41 "openssl enc -help" for supported cyphers, you have to choose a public
42 key cypher from availables.
43 @rtype: M2Crypto.SMIME.PKCS7
44 @return: the PKCS#7 encrypted data in DER format.
45 """
46 file_bio = BIO_from_file_path(input_file_path)
47 p7 = encrypt(file_bio, recipient_cert, keyring_source, cypher)
48 encrypted_data = BIO_from_buffer()
49 p7.write_der(encrypted_data)
50 if output_file_path:
51 try:
52 with open(output_file_path, 'wb') as fd:
53 fd.write(encrypted_data.read())
54 except IOError, e:
55 logging.error('IOError in writing encrypted file ' + str(e))
56 raise
57 return encrypted_data
58
59
60 -def file_decrypt(input_file_path, recipient_private_key, recipient_cert,
61 output_file_path=None, keyring_source='file', type='DER'):
62 """
63 Decrypts the input file data with input private key and input certificate.
64 If an output file path is present, the decrypted data is also written to
65 that file.
66
67 @type input_file_path: filepath
68 @param input_file_path: the filepath from where retrieve the data to
69 decrypt
70 @type recipient_private_key: filepath or M2Crypto.BIO or M2Crypto.EVP.PKey
71 @param recipient_private_key: recipient private key reference, could be
72 from file, from memory or from pkcs11 smartcard, based on
73 keyring_source input parameter.
74 @type recipient_cert: filepath or M2Crypto.BIO or M2Crypto.X509.X509
75 @param recipient_cert: recipient certificate, could be from filepath, from
76 memory or from pkcs11 smartcard, based on keyring_source input
77 parameter.
78 @type output_file_path: filepath
79 @param output_file_path: if present, the filepath where to write the
80 decrypted data.
81 @type keyring_source: str
82 @keyword keyring_source: the type of the source for input certificate, used
83 to recall the appropriate method for decrypter settings. Ammitted
84 values are: file, memory, pkcs11.
85 @type type: str
86 @keyword type: specifies the type of input PKCS#7 data: PEM or DER
87 @rtype: str
88 @return: the decrypted data in plain form.
89 """
90 file_bio = BIO_from_file_path(input_file_path)
91 decrypted_data = decrypt(file_bio, recipient_private_key, recipient_cert,
92 keyring_source, type)
93 if output_file_path:
94 try:
95 with open(output_file_path, 'wb') as fd:
96 fd.write(decrypted_data)
97 except IOError, e:
98 logging.error('IOError in writing decrypted file ' + str(e))
99 raise
100 return decrypted_data
101
102
103 -def file_sign(input_file_path, sender_private_key, sender_cert,
104 output_file_path=None, keyring_source='file', type='DER'):
105 """
106 Signs the input file data with input private key and input certificate.
107 If an output file path is present, the signed data is also written to that
108 file.
109
110 @type input_file_path: filepath
111 @param input_file_path: the filepath from where retrieve the data to
112 sign.
113 @type sender_private_key: filepath or M2Crypto.BIO or M2Crypto.EVP.PKey
114 @param sender_private_key: recipient private key reference, could be from
115 file, from memory or from pkcs11 smartcard, based on keyring_source
116 input parameter.
117 @type sender_cert: filepath or M2Crypto.BIO or M2Crypto.X509.X509
118 @param sender_cert: recipient certificate, could be from filepath, from
119 memory or from pkcs11 smartcard, based on keyring_source input
120 parameter.
121 @type output_file_path: filepath
122 @param output_file_path: if present, the filepath where to write the
123 signed data.
124 @type keyring_source: str
125 @keyword keyring_source: the type of the source for input certificate, used
126 to recall the appropriate method for decrypter settings. Ammitted
127 values are: file, memory, pkcs11.
128 @type type: str
129 @keyword type: specifies the type of output PKCS#7 data: PEM or DER
130 @rtype: M2Crypto.SMIME.PKCS7
131 @return: the PKCS#7 signed data in DER format.
132 """
133 file_bio = BIO_from_file_path(input_file_path)
134 p7 = sign(file_bio, sender_private_key, sender_cert, keyring_source, type)
135 signed_data = BIO_from_buffer()
136 p7.write_der(signed_data)
137 if output_file_path:
138 try:
139 with open(output_file_path, 'wb') as fd:
140 fd.write(signed_data.read())
141 except IOError, e:
142 logging.error('IOError in writing signed files ' + str(e))
143 raise
144 return signed_data
145
146
147 -def file_verify(input_file_path, certstore_path, AUTO_SIGNED_CERT=False,
148 type='DER'):
149 """
150 Verifies the input file data against the certificates stored in file at
151 certstore path.
152
153 @type input_file_path: filepath
154 @parameter input_file_path: the filepath from where retrieve the data to
155 verify.
156 @type certstore_path: filepath
157 @parameter certstore_path: path to the file of the trusted certificates,
158 for example /etc/ssl/certs/ca-certificats.crt.
159 @type AUTO_SIGNED_CERT: boolean
160 @parameter AUTO_SIGNED_CERT: to accept or not auto signed certificates as
161 valid for verification.
162 @type type: str
163 @keyword type: specifies the type of input PKCS#7 data: PEM or DER
164 @rtype: list
165 @return: list of the certificate of the signer verified.
166 """
167 signed_certs = []
168 file_bio = BIO_from_file_path(input_file_path)
169 signed_certs = verify(file_bio, certstore_path, AUTO_SIGNED_CERT, type)
170 return signed_certs
171