Renamed CryptoUtil to CryptoProvider.

The CryptoUtil classes in the Python client library has been renamed
to CryptoProvider for consistency with the Java client library. The
cryptoutil.py module has been renamed to crypto.py.

Ticket #1042

1 files changed, 0 insertions, 268 deletions

diff --git a/base/common/python/pki/cryptoutil.py b/base/common/python/pki/cryptoutil.py
deleted file mode 100644
index 44adb3fb6..000000000
--- a/base/common/python/pki/cryptoutil.py
+++ /dev/null
@@ -1,268 +0,0 @@
-#!/usr/bin/python
-# Authors:
-#     Ade Lee <alee@redhat.com>
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; version 2 of the License.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License along
-# with this program; if not, write to the Free Software Foundation, Inc.,
-# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Copyright (C) 2013 Red Hat, Inc.
-# All rights reserved.
-#
-"""
-Module containing crypto classes.
-"""
-import abc
-import exceptions
-import nss.nss as nss
-import os
-import shutil
-import subprocess
-import tempfile
-
-
-class CryptoUtil(object):
-    """
-    Abstract class containing methods to do cryptographic operations.
-    """
-    __metaclass__ = abc.ABCMeta
-
-    def __init__(self):
-        """ Constructor """
-        pass
-
-    @abc.abstractmethod
-    def initialize(self):
-        """ Initialization code """
-        pass
-
-    @staticmethod
-    @abc.abstractmethod
-    def generate_nonce_iv(mechanism):
-        """ Create a random initialization vector """
-        pass
-
-    @abc.abstractmethod
-    def generate_symmetric_key(self, mechanism=None, size=0):
-        """ Generate and return a symmetric key """
-        pass
-
-    @abc.abstractmethod
-    def generate_session_key(self):
-        """ Generate a session key to be used for wrapping data to the DRM
-        This must return a 3DES 168 bit key """
-        pass
-
-    @abc.abstractmethod
-    def symmetric_wrap(self, data, wrapping_key, mechanism=None, nonce_iv=None):
-        """ encrypt data using a symmetric key (wrapping key)"""
-        pass
-
-    @abc.abstractmethod
-    def symmetric_unwrap(self, data, wrapping_key, mechanism=None,
-                         nonce_iv=None):
-        """ decrypt data originally encrypted with symmetric key (wrapping key)
-
-        We expect the data and nonce_iv values to be base64 encoded.
-        The mechanism is the type of key used to do the wrapping.  It defaults
-        to a 56 bit DES3 key.
-        """
-        pass
-
-    @abc.abstractmethod
-    def asymmetric_wrap(self, data, wrapping_cert, mechanism=None):
-        """ encrypt a symmetric key with the public key of a transport cert.
-
-        The mechanism is the type of symmetric key, which defaults to a 56 bit
-        DES3 key.
-        """
-        pass
-
-    #abc.abstractmethod
-    def get_cert(self, cert_nick):
-        """ Get the certificate for the specified cert_nick. """
-        pass
-
-
-class NSSCryptoUtil(CryptoUtil):
-    """
-    Class that defines NSS implementation of CryptoUtil.
-    Requires an NSS database to have been set up and initialized.
-
-    Note that all inputs and outputs are unencoded.
-    """
-
-    @staticmethod
-    def setup_database(db_dir, password, over_write=False):
-        """ Create an NSS database """
-        if os.path.exists(db_dir):
-            if not over_write:
-                raise exceptions.IOError("Directory already exists.")
-            if os.path.isdir(db_dir):
-                shutil.rmtree(db_dir)
-            else:
-                os.remove(db_dir)
-        os.makedirs(db_dir)
-
-        home = os.path.expanduser("~")
-        with tempfile.NamedTemporaryFile(dir=home) as pwd_file:
-            pwd_file.write(password)
-            pwd_file.flush()
-            command = ['certutil', '-N', '-d', db_dir, '-f', pwd_file.name]
-            subprocess.check_call(command)
-
-    def __init__(self, certdb_dir, certdb_password):
-        """ Initialize nss and nss related parameters
-
-            This method expects a NSS database to have already been created at
-            certdb_dir with password certdb_password.
-        """
-        CryptoUtil.__init__(self)
-        self.certdb_dir = certdb_dir
-        self.certdb_password = certdb_password
-        self.nonce_iv = "e4:bb:3b:d3:c3:71:2e:58"
-
-    def initialize(self):
-        """
-        Initialize the nss db. Must be done before any crypto operations
-        """
-        nss.nss_init(self.certdb_dir)
-
-    def import_cert(self, cert_nick, cert, trust):
-        """ Import a certificate into the nss database
-        """
-        # certutil -A -d db_dir -n cert_nick -t trust -i cert_file -a
-        with tempfile.NamedTemporaryFile() as cert_file:
-            cert_file.write(cert)
-            cert_file.flush()
-            command = ['certutil', '-A', '-d', self.certdb_dir,
-                       '-n', cert_nick, '-t', trust,
-                       '-i', cert_file.name]
-            subprocess.check_call(command)
-
-    @staticmethod
-    def generate_nonce_iv(mechanism=nss.CKM_DES3_CBC_PAD):
-        """ Create a random initialization vector """
-        iv_length = nss.get_iv_length(mechanism)
-        if iv_length > 0:
-            iv_data = nss.generate_random(iv_length)
-            return iv_data
-        else:
-            return None
-
-    @classmethod
-    def setup_contexts(cls, mechanism, sym_key, nonce_iv):
-        """ Set up contexts to do wrapping/unwrapping by symmetric keys. """
-        # Get a PK11 slot based on the cipher
-        slot = nss.get_best_slot(mechanism)
-
-        if sym_key is None:
-            sym_key = slot.key_gen(mechanism,
-                                   None,
-                                   slot.get_best_key_length(mechanism))
-
-        # If initialization vector was supplied use it, otherwise set it to None
-        if nonce_iv:
-            iv_si = nss.SecItem(nonce_iv)
-            iv_param = nss.param_from_iv(mechanism, iv_si)
-        else:
-            iv_data = cls.generate_nonce_iv(mechanism)
-            if iv_data is not None:
-                iv_si = nss.SecItem(iv_data)
-                iv_param = nss.param_from_iv(mechanism, iv_si)
-            else:
-                iv_param = None
-
-        # Create an encoding context
-        encoding_ctx = nss.create_context_by_sym_key(mechanism, nss.CKA_ENCRYPT,
-                                                     sym_key, iv_param)
-
-        # Create a decoding context
-        decoding_ctx = nss.create_context_by_sym_key(mechanism, nss.CKA_DECRYPT,
-                                                     sym_key, iv_param)
-
-        return encoding_ctx, decoding_ctx
-
-    def generate_symmetric_key(self, mechanism=nss.CKM_DES3_CBC_PAD, size=0):
-        """ Returns a symmetric key.
-
-        Note that for fixed length keys, this length should be 0.  If no length
-        is provided, then the function will either use 0 (for fixed length keys)
-        or the maximum available length for that algorithm and the token.
-        """
-        slot = nss.get_best_slot(mechanism)
-        if size == 0:
-            size = slot.get_best_key_length(mechanism)
-        return slot.key_gen(mechanism, None, size)
-
-    def generate_session_key(self):
-        """ Returns a session key to be used when wrapping secrets for the DRM
-        This will return a 168 bit 3DES key.
-        """
-        return self.generate_symmetric_key(mechanism=nss.CKM_DES3_CBC_PAD)
-
-    def symmetric_wrap(self, data, wrapping_key, mechanism=nss.CKM_DES3_CBC_PAD,
-                       nonce_iv=None):
-        """
-        :param data            Data to be wrapped
-        :param wrapping_key    Symmetric key to wrap data
-
-        Wrap (encrypt) data using the supplied symmetric key
-        """
-        if nonce_iv is None:
-            nonce_iv = nss.read_hex(self.nonce_iv)
-
-        encoding_ctx, _decoding_ctx = self.setup_contexts(mechanism,
-                                                          wrapping_key,
-                                                          nonce_iv)
-        wrapped_data = encoding_ctx.cipher_op(data) +\
-            encoding_ctx.digest_final()
-        return wrapped_data
-
-    def symmetric_unwrap(self, data, wrapping_key,
-                         mechanism=nss.CKM_DES3_CBC_PAD, nonce_iv=None):
-        """
-        :param data            Data to be unwrapped
-        :param wrapping_key    Symmetric key to unwrap data
-        :param nonce_iv        iv data
-
-        Unwrap (decrypt) data using the supplied symmetric key
-        """
-        if nonce_iv is None:
-            nonce_iv = nss.read_hex(self.nonce_iv)
-
-        _encoding_ctx, decoding_ctx = self.setup_contexts(mechanism,
-                                                          wrapping_key,
-                                                          nonce_iv)
-        unwrapped_data = decoding_ctx.cipher_op(data) \
-            + decoding_ctx.digest_final()
-        return unwrapped_data
-
-    def asymmetric_wrap(self, data, wrapping_cert,
-                        mechanism=nss.CKM_DES3_CBC_PAD):
-        """
-        :param data             Data to be wrapped
-        :param wrapping_cert    Public key to wrap data
-        :param mechanism        algorithm of symmetric key to be wrapped
-
-        Wrap (encrypt) data using the supplied asymmetric key
-        """
-        public_key = wrapping_cert.subject_public_key_info.public_key
-        return nss.pub_wrap_sym_key(mechanism, public_key, data)
-
-    def get_cert(self, cert_nick):
-        """
-        :param cert_nick       Nickname for the certificate to be returned
-
-        Searches NSS database and returns SecItem object for this certificate.
-        """
-        return nss.find_cert_from_nickname(cert_nick)