[tor-commits] [ooni-probe/master] Fix #8359. Report server public key in PEM format. There is a bug in

Tue Apr 30 13:01:43 UTC 2013

commit 96a1640e614eee8fa7f84837a84066e01261c622
Author: Isis Lovecruft <isis at torproject.org>
Date:   Thu Feb 28 13:31:57 2013 +0000

    Fix #8359. Report server public key in PEM format. There is a bug in
    pyOpenSSL where the dumped public key begins with
    '----- BEGIN PRIVATE KEY -----' due to the
    OpenSSL.crypto.dump_privatekey() method hardcoding incorrect PEM headers,
    which would need to be fixed in the upstream if we care enough.
---
 nettests/experimental/tls_handshake.py |   30 +++++++++++++++++++++++-------
 1 files changed, 23 insertions(+), 7 deletions(-)

diff --git a/nettests/experimental/tls_handshake.py b/nettests/experimental/tls_handshake.py
index 34a917c..28c9990 100644
--- a/nettests/experimental/tls_handshake.py
+++ b/nettests/experimental/tls_handshake.py
@@ -32,8 +32,8 @@ import types
 
 from ipaddr                 import IPAddress
 from OpenSSL                import SSL
-from OpenSSL.crypto         import dump_certificate, FILETYPE_PEM
-from OpenSSL.crypto         import X509Name
+from OpenSSL.crypto         import dump_certificate, dump_privatekey
+from OpenSSL.crypto         import X509Name, PKey, FILETYPE_PEM
 from twisted.internet       import defer
 from twisted.python         import usage
 from twisted.python.failure import Failure
@@ -232,6 +232,22 @@ class TLSHandshakeTest(nettest.NetTestCase):
         else:
             log.debug("getX509Name: got None for ivar x509_name")
 
+    @staticmethod
+    def getPublicKey(key):
+        """
+        Get the PEM-encoded format of a host certificate's public key.
+
+        @param key: A :class:`OpenSSL.crypto.PKey` object.
+        """
+        try:
+            assert isinstance(key, PKey), \
+                "getPublicKey expects type OpenSSL.crypto.PKey for parameter key"
+        except AssertionError as ae:
+            log.err(ae)
+        else:
+            pubkey = dump_privatekey(FILETYPE_PEM, key)
+            return pubkey
+
     def test_tlsv1_handshake(self):
         """xxx fill me in"""
 
@@ -570,12 +586,12 @@ class TLSHandshakeTest(nettest.NetTestCase):
             server_cert_chain = self.getPeerCert(connection, get_chain=True)
 
             s_cert          = connection.get_peer_certificate()
-            cert_subject    = getX509Name(s_cert.get_subject(),
-                                          get_components=True)
+            cert_subject    = self.getX509Name(s_cert.get_subject(),
+                                               get_components=True)
             cert_subj_hash  = s_cert.subject_name_hash()
-            cert_issuer     = getX509Name(s_cert.get_issuer(),
-                                          get_components=True)
-            cert_public_key = s_cert.get_pubkey()
+            cert_issuer     = self.getX509Name(s_cert.get_issuer(),
+                                               get_components=True)
+            cert_public_key = self.getPublicKey(s_cert.get_pubkey())
             cert_serial_no  = s_cert.get_serial_number()
             cert_sig_algo   = s_cert.get_signature_algorithm()
 



