-
Notifications
You must be signed in to change notification settings - Fork 0
/
driver.py
104 lines (87 loc) · 4.07 KB
/
driver.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
import os.path
import subprocess
import sys
import argparse
import os
import random
from pathlib import Path
from pem import *
from base64 import *
from verifySignature import *
def main():
### command-line argument processing
# usage: ./armor-driver [-h] [--chain INPUT] [--trust_store CA_STORE] [--purpose CHECK_PURPOSE]
parser = argparse.ArgumentParser(description='ARMOR command-line arguments')
parser.add_argument('--chain', type=str,
help='Input certificate chain location')
parser.add_argument('--trust_store', type=str, default='/etc/ssl/certs/ca-certificates.crt',
help='Trust anchor location; default=/etc/ssl/certs/ca-certificates.crt')
parser.add_argument('--purpose', type=str,
help='expected purpose for end-user certificate: serverAuth, clientAuth, codeSigning, emailProtection, timeStamping, or OCSPSigning')
args = parser.parse_args()
input_chain = args.chain
input_CA_store = args.trust_store
input_purpose = args.purpose
if input_chain == None:
print("Error : missing input certificate chain")
sys.exit(-1)
if not (input_chain.endswith((".pem", ".crt", ".der")) \
and input_CA_store.endswith((".pem", ".crt")) \
and os.path.exists(input_chain) and os.path.exists(input_CA_store)):
print("Error : Input file or CA store doesn't exist or not supported (supported formats: .pem, .crt)")
sys.exit(-1)
if (input_purpose != 'serverAuth' and \
input_purpose != 'clientAuth' and \
input_purpose != 'codeSigning' and \
input_purpose != 'emailProtection' and \
input_purpose != 'timeStamping' and \
input_purpose != 'OCSPSigning' and \
input_purpose != None):
print(
"Error : Purposes are not supported (supported purposes: serverAuth, "
"clientAuth, codeSigning, emailProtection, timeStamping, OCSPSigning")
sys.exit(-1)
#############################
ep = random.random()
args = sys.argv
home_dir = str(Path.home())
filename_certchain = input_chain
filename_aeres_output = home_dir + "/.residuals/temp_{}.txt".format(ep)
if not os.path.exists(home_dir + "/.residuals/"):
os.mkdir(home_dir + "/.residuals/")
if input_chain.endswith(".der"):
if input_purpose == None:
cmd = ['{}/.armor/armor-bin --DER {} {} > {}'.format(home_dir, filename_certchain, input_CA_store, filename_aeres_output)]
else:
cmd = ['{}/.armor/armor-bin --DER --purpose {} {} {} > {}'.format(home_dir, input_purpose, filename_certchain, input_CA_store, filename_aeres_output)]
else: ## for .pem and .crt
if input_purpose == None:
cmd = ['{}/.armor/armor-bin {} {} > {}'.format(home_dir, filename_certchain, input_CA_store, filename_aeres_output)]
else:
cmd = ['{}/.armor/armor-bin --purpose {} {} {} > {}'.format(home_dir, input_purpose, filename_certchain, input_CA_store, filename_aeres_output)]
aeres_res = subprocess.getoutput(cmd)
print(aeres_res)
if aeres_res.__contains__("failed") or aeres_res.__contains__("error") or aeres_res.__contains__("Error") \
or aeres_res.__contains__("exception") or aeres_res.__contains__("TLV: cert") \
or aeres_res.__contains__("cannot execute binary file") or aeres_res.__contains__("more bytes remain") \
or aeres_res.__contains__("incomplete read") or aeres_res.__contains__("not found"):
print("AERES syntactic or semantic checks: failed")
os.remove(filename_aeres_output)
return False
else:
print("AERES syntactic and semantic checks: passed")
readData(filename_aeres_output)
os.remove(filename_aeres_output)
sign_verify_res = verifySignatures()
if sign_verify_res == "false":
print("Signature verification: failed")
return False
else:
print("Signature verification: passed")
return True
if __name__ == "__main__":
res = main()
if res:
print("success")
else:
print("failed")