1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
import jks
from OpenSSL import crypto
from cryptography import x509
from cryptography.hazmat.backends import default_backend
from EnvsReader import EnvsReader
from ArtifactParser import ArtifactParser
class JksArtifactsValidator:
def __init__(self, mount_path):
self.parser = ArtifactParser(mount_path, "jks")
def get_and_compare_data_jks(self, path_to_env):
data = self.get_data_jks(path_to_env)
return data, self.parser.contains_expected_data(data)
def get_keystore(self):
keystore = jks.KeyStore.load(self.parser.keystorePath, open(self.parser.keystorePassPath, 'rb').read())
return keystore.private_keys['certificate'].cert_chain[0][1]
def get_truststore(self):
truststore = jks.KeyStore.load(self.parser.truststorePath, open(self.parser.truststorePassPath, 'rb').read())
return truststore.certs
def can_open_keystore_and_truststore_with_pass_jks(self):
try:
jks.KeyStore.load(self.parser.keystorePath, open(self.parser.keystorePassPath, 'rb').read())
jks.KeyStore.load(self.parser.truststorePath, open(self.parser.truststorePassPath, 'rb').read())
return True
except:
return False
def get_data_jks(self, path_to_env):
envs = self.parser.get_envs_as_dict(EnvsReader().read_env_list_from_file(path_to_env))
certificate = self.get_keystore_certificate()
data = self.parser.get_owner_data_from_certificate(certificate)
data['SANS'] = self.parser.get_sans(certificate)
return type('', (object,), {"expectedData": envs, "actualData": data})
def get_keystore_certificate(self):
return crypto.X509.from_cryptography(self.load_x509_certificate(self.get_keystore()))
def load_x509_certificate(self, data):
cert = x509.load_der_x509_certificate(data, default_backend())
return cert
|
