Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

load_pem_x509_cert_str_safe: Handle str or bytes input #78

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

load_pem_x509_cert_str_safe: Handle str or bytes input #78

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 4 additions & 3 deletions src/xmlsec/crypto.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
from cryptography.hazmat.primitives import serialization, hashes
from cryptography.hazmat.primitives.asymmetric import padding, ec
from cryptography.x509 import load_pem_x509_certificate, load_der_x509_certificate, Certificate
from xmlsec.utils import load_pem_x509_cert_str_safe
from xmlsec.utils import sigvalue2dsssig, noop
import base64

Expand Down Expand Up @@ -249,7 +250,7 @@ def __init__(self, signature_element, keyspec):

super(XMLSecCryptoFromXML, self).__init__(source=source, do_padding=False, private=False, do_digest=False)

self.key = load_pem_x509_certificate(data, backend=default_backend())
self.key = load_pem_x509_cert_str_safe(data, backend=default_backend())

# XXX now we could implement encrypted-PEM-support
self.cert_pem = self.key.public_bytes(encoding=serialization.Encoding.PEM)
Expand Down Expand Up @@ -329,7 +330,7 @@ def __setitem__(self, key, value):
if isinstance(value, Certificate):
self.certs[key] = value
else:
self.certs[key] = load_pem_x509_certificate(value, backend=default_backend())
self.certs[key] = load_pem_x509_cert_str_safe(value, backend=default_backend())

def __delitem__(self, key):
del self.certs[key]
Expand Down Expand Up @@ -358,7 +359,7 @@ def _get_cert_by_fp(self, fp):

def _cert_fingerprint(cert_pem):
if "-----BEGIN CERTIFICATE" in cert_pem:
cert = load_pem_x509_certificate(cert_pem, backend=default_backend())
cert = load_pem_x509_cert_str_safe(cert_pem, backend=default_backend())
else:
cert = load_der_x509_certificate(base64.standard_b64decode(cert_pem), backend=default_backend())

Expand Down
14 changes: 13 additions & 1 deletion src/xmlsec/utils.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,18 @@
import re
from base64 import b64encode, standard_b64decode

def load_pem_x509_cert_str_safe(data, *args, **kwargs):
"""
Load a PEM-encoded X.509 certificate safely from a string or bytestring.

:param data: str or bytes: The PEM X.509 certificate data as a string or bytestring
:returns: A X.509 certificate object

*args and **kwargs are passed to load_pem_x509_certificate
"""
if isinstance(data, six.text_type):
data = data.encode()
return load_pem_x509_certificate(data, *args, **kwargs)

def parse_xml(data, remove_whitespace=True, remove_comments=True, schema=None):
"""
Expand Down Expand Up @@ -80,7 +92,7 @@ def pem2cert(pem):
be used by new code.
@param pem The certificate as pem string
"""
cert = load_pem_x509_certificate(pem, backend=default_backend())
cert = load_pem_x509_cert_str_safe(pem, backend=default_backend())
return _cert2dict(cert)


Expand Down