From 2ee45f388ca42d42d2a5a3a9e9fce03b7cc84e5e Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sat, 16 May 2020 21:21:42 +0200 Subject: [PATCH] crypto: validate PEM data before saving --- passbook/crypto/forms.py | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/passbook/crypto/forms.py b/passbook/crypto/forms.py index cbfb5de23..1276bd929 100644 --- a/passbook/crypto/forms.py +++ b/passbook/crypto/forms.py @@ -1,4 +1,7 @@ """passbook Crypto forms""" +from cryptography.hazmat.backends import default_backend +from cryptography.hazmat.primitives.serialization import load_pem_private_key +from cryptography.x509 import load_pem_x509_certificate from django import forms from django.utils.translation import gettext_lazy as _ @@ -8,6 +11,32 @@ from passbook.crypto.models import CertificateKeyPair class CertificateKeyPairForm(forms.ModelForm): """CertificateKeyPair Form""" + def clean_certificate_data(self): + """Verify that input is a valid PEM x509 Certificate""" + certificate_data = self.cleaned_data["certificate_data"] + try: + load_pem_x509_certificate( + certificate_data.encode("utf-8"), default_backend() + ) + except ValueError: + raise forms.ValidationError("Unable to load certificate.") + + def clean_key_data(self): + """Verify that input is a valid PEM RSA Key""" + key_data = self.cleaned_data["key_data"] + # Since this field is optional, data can be empty. + if key_data == "": + return + try: + load_pem_private_key( + str.encode("\n".join([x.strip() for x in key_data.split("\n")])), + password=None, + backend=default_backend(), + ) + load_pem_x509_certificate(key_data.encode("utf-8"), default_backend()) + except ValueError: + raise forms.ValidationError("Unable to load private key.") + class Meta: model = CertificateKeyPair