rpms / roca-detect

Clone
Source Code
GIT

Files

epel7 epel8 epel8-playground f27 f28 f29 f30 f31 f32 f33 f34 f35 f36 f37 f38 f39 f40 main rawhide
  1.   f33
  2.   roca-detect-pkcs7.patch
Blob Blame History Raw 
diff -up ./roca/detect.py.pkcs7 ./roca/detect.py
--- ./roca/detect.py.pkcs7	2021-03-12 17:34:45.847428925 -0500
+++ ./roca/detect.py	2021-03-12 17:41:53.760529589 -0500
@@ -1170,11 +1170,11 @@ class RocaFingerprinter(object):
         :param name:
         :return:
         """
-        is_ssh_file = startswith(data, 'ssh-rsa') or contains(data, 'ssh-rsa ')
-        is_pgp_file = startswith(data, '-----BEGIN PGP')
-        is_pkcs7_file = startswith(data, '-----BEGIN PKCS7')
-        is_pem_file = startswith(data, '-----BEGIN') and not is_pgp_file
-        is_ldiff_file = contains(data, 'binary::')
+        is_ssh_file = startswith(data, b'ssh-rsa') or contains(data, b'ssh-rsa ')
+        is_pgp_file = startswith(data, b'-----BEGIN PGP')
+        is_pkcs7_file = startswith(data, b'-----BEGIN PKCS7')
+        is_pem_file = startswith(data, b'-----BEGIN') and not is_pgp_file
+        is_ldiff_file = contains(data, b'binary::')
 
         is_pgp = is_pgp_file or (self.file_matches_extensions(name, ['pgp', 'gpg', 'key', 'pub', 'asc'])
                                  and not is_ssh_file
@@ -1198,7 +1198,7 @@ class RocaFingerprinter(object):
         is_mod |= not is_pem and not is_der and not is_pgp and not is_ssh_file and not is_apk
         is_mod |= self.args.file_mod
 
-        is_json = self.file_matches_extensions(name, ['json', 'js']) or startswith(data, '{') or startswith(data, '[')
+        is_json = self.file_matches_extensions(name, ['json', 'js']) or startswith(data, b'{') or startswith(data, b'[')
         is_json |= self.args.file_json
 
         is_ldiff = self.file_matches_extensions(name, ['ldiff', 'ldap']) or is_ldiff_file
@@ -2060,8 +2060,7 @@ class RocaFingerprinter(object):
         :param name:
         :return:
         """
-        from cryptography.hazmat.backends.openssl.backend import backend
-        from cryptography.hazmat.backends.openssl.x509 import _Certificate
+        from cryptography.hazmat.primitives.serialization import pkcs7 
 
         # DER conversion
         is_pem = startswith(data, '-----')
@@ -2069,27 +2068,15 @@ class RocaFingerprinter(object):
             is_pem = True
 
         try:
-            der = data
             if is_pem:
-                data = data.decode('utf8')
-                data = re.sub(r'\s*-----\s*BEGIN\s+PKCS7\s*-----', '', data)
-                data = re.sub(r'\s*-----\s*END\s+PKCS7\s*-----', '', data)
-                der = base64.b64decode(data)
-
-            bio = backend._bytes_to_bio(der)
-            pkcs7 = backend._lib.d2i_PKCS7_bio(bio.bio, backend._ffi.NULL)
-            backend.openssl_assert(pkcs7 != backend._ffi.NULL)
-            signers = backend._lib.PKCS7_get0_signers(pkcs7, backend._ffi.NULL, 0)
-            backend.openssl_assert(signers != backend._ffi.NULL)
-            backend.openssl_assert(backend._lib.sk_X509_num(signers) > 0)
-            x509_ptr = backend._lib.sk_X509_value(signers, 0)
-            backend.openssl_assert(x509_ptr != backend._ffi.NULL)
-            x509_ptr = backend._ffi.gc(x509_ptr, backend._lib.X509_free)
-            x509 = _Certificate(backend, x509_ptr)
-
-            self.num_pkcs7_cert += 1
+              signers = pkcs7.load_pem_pkcs7_certificates(data)
+            else:
+              signers = pkcs7.load_der_pkcs7_certificates(data)
 
-            return [self.process_x509(x509, name=name, pem=False, source='pkcs7-cert', aux='')]
+            self.num_pkcs7_cert += len(signers)
+            return [ self.process_x509(
+                x509, name=name, pem=False, source='pkcs7-cert', aux='')
+              for x509 in signers ]
 
         except Exception as e:
             logger.debug('Error in PKCS7 processing %s: %s' % (name, e))
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.