ccf 6.0.13__py3-none-any.whl → 6.0.15__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. ccf/receipt.py +22 -1
  2. {ccf-6.0.13.data → ccf-6.0.15.data}/scripts/submit_recovery_share.sh +3 -5
  3. {ccf-6.0.13.dist-info → ccf-6.0.15.dist-info}/METADATA +1 -1
  4. {ccf-6.0.13.dist-info → ccf-6.0.15.dist-info}/RECORD +9 -9
  5. {ccf-6.0.13.data → ccf-6.0.15.data}/scripts/keygenerator.sh +0 -0
  6. {ccf-6.0.13.dist-info → ccf-6.0.15.dist-info}/WHEEL +0 -0
  7. {ccf-6.0.13.dist-info → ccf-6.0.15.dist-info}/entry_points.txt +0 -0
  8. {ccf-6.0.13.dist-info → ccf-6.0.15.dist-info}/licenses/LICENSE +0 -0
  9. {ccf-6.0.13.dist-info → ccf-6.0.15.dist-info}/top_level.txt +0 -0
ccf/receipt.py CHANGED
@@ -5,6 +5,7 @@ import base64
5
5
  from hashlib import sha256
6
6
  from typing import List
7
7
  from cryptography.x509 import Certificate
8
+ from cryptography.x509.verification import PolicyBuilder, Store
8
9
  from cryptography.hazmat.primitives import hashes
9
10
  from cryptography.hazmat.primitives.asymmetric import ec, utils
10
11
 
@@ -54,7 +55,9 @@ def check_endorsement(endorsee: Certificate, endorser: Certificate):
54
55
 
55
56
 
56
57
  def check_endorsements(
57
- node_cert: Certificate, service_cert: Certificate, endorsements: List[Certificate]
58
+ node_cert: Certificate,
59
+ service_cert: Certificate,
60
+ endorsements: List[Certificate],
58
61
  ):
59
62
  """
60
63
  Check a node certificate is endorsed by a service certificate, transitively through a list of endorsements.
@@ -64,3 +67,21 @@ def check_endorsements(
64
67
  check_endorsement(cert_i, endorsement)
65
68
  cert_i = endorsement
66
69
  check_endorsement(cert_i, service_cert)
70
+
71
+
72
+ def check_cert_chain(
73
+ node_cert: Certificate,
74
+ service_cert: Certificate,
75
+ endorsements: List[Certificate],
76
+ ):
77
+ """
78
+ Use default cryptography policy to verify CCF cert chain
79
+ """
80
+ builder = PolicyBuilder()
81
+ builder = builder.store(Store([service_cert]))
82
+
83
+ # This would ideally be `build_server_verifier`, but that requires a
84
+ # Subject which is either a valid DNSName or IPAddress. Our node cert's
85
+ # Subject is "CCF Node", and we may not have a better value in SAN
86
+ verifier = builder.build_client_verifier()
87
+ verifier.verify(leaf=node_cert, intermediates=endorsements)
{ccf-6.0.13.data → ccf-6.0.15.data}/scripts/submit_recovery_share.sh RENAMED
@@ -66,12 +66,10 @@ if [ -z "${member_id_cert}" ]; then
66
66
  exit 1
67
67
  fi
68
68
 
69
- if [ ! -f "env/bin/activate" ]
70
- then
71
- python3 -m venv env
69
+ if ! command -v ccf_cose_sign1 > /dev/null; then
70
+ echo "Error: This script requires the ccf_cose_sign1 CLI tool, distributed as part of the CCF Python package. Please install it via 'pip install ccf' in the current Python environment"
71
+ exit 1
72
72
  fi
73
- source env/bin/activate
74
- pip install -q ccf
75
73
 
76
74
  # Compute member ID, as the SHA-256 fingerprint of the signing certificate
77
75
  member_id=$(openssl x509 -in "$member_id_cert" -noout -fingerprint -sha256 | cut -d "=" -f 2 | sed 's/://g' | awk '{print tolower($0)}')
{ccf-6.0.13.dist-info → ccf-6.0.15.dist-info}/METADATA RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: ccf
3
- Version: 6.0.13
3
+ Version: 6.0.15
4
4
  Summary: Set of tools and utilities for the Confidential Consortium Framework (CCF)
5
5
  Author-email: CCF Team <CCF-Sec@microsoft.com>
6
6
  Project-URL: Homepage, https://github.com/microsoft/ccf
{ccf-6.0.13.dist-info → ccf-6.0.15.dist-info}/RECORD RENAMED
@@ -7,15 +7,15 @@ ccf/ledger_viz.py,sha256=l1p2wKgLDayxquVa9-yzsMcLx9vvygCV8EZ_PrVpvMg,6430
7
7
  ccf/merkletree.py,sha256=JHUnGYYHJfi18YUNGiHmNCa1AwmCAwLAN3ias5j61ws,2931
8
8
  ccf/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
9
9
  ccf/read_ledger.py,sha256=UzmEKAMS2GJmwuaenKBJbkBDZIWeCa9xcXdpZB51SEg,9370
10
- ccf/receipt.py,sha256=jK8RGkGJwrW1yJC-GWx7DpxQXCCBdnZHIkrMXZgTOew,2079
10
+ ccf/receipt.py,sha256=dySVvy-IqvsB8pj5uooIokbQR853vpT7uC0TQ-IWIQk,2765
11
11
  ccf/split_ledger.py,sha256=wspNZUFPMSvMgGxmwP3QuSbx7QDzTjrC6ecFFJSp14o,5900
12
12
  ccf/tx_id.py,sha256=E7XJyUoJ-a8h7Fp36zNQdhSYdyuNdFV-r_aXhoWl1ks,736
13
13
  ccf/verify_ledger_secrets_chain.py,sha256=_UDc4wNro2mNUVbErDkhl24jLeJC0Vr-kECeZEdeHME,3590
14
- ccf-6.0.13.data/scripts/keygenerator.sh,sha256=r9i8rURcDUPU8c9NKkxrjweU1qU09Hv3SWc3IFQ648A,2391
15
- ccf-6.0.13.data/scripts/submit_recovery_share.sh,sha256=0NHCF7b_ffisUvBJIiO4Od-FC9kpICGK9Yac32HwKYc,3351
16
- ccf-6.0.13.dist-info/licenses/LICENSE,sha256=z8d0m5b2O9McPEK1xHG_dWgUBT6EfBDz6wA0F7xSPTA,11358
17
- ccf-6.0.13.dist-info/METADATA,sha256=u293Yc_MUpB9lQeyKa0C9OUDZjOJl-pUpekw91tOzqQ,990
18
- ccf-6.0.13.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
19
- ccf-6.0.13.dist-info/entry_points.txt,sha256=3hbXI2LSOY06QitxM8GQqT9NwY7rCp1RtSU9gGG20A4,365
20
- ccf-6.0.13.dist-info/top_level.txt,sha256=I0tWtkKe6KRqXt0nIp8W-ln8j431-vDBb39bQGKkL9Q,4
21
- ccf-6.0.13.dist-info/RECORD,,
14
+ ccf-6.0.15.data/scripts/keygenerator.sh,sha256=r9i8rURcDUPU8c9NKkxrjweU1qU09Hv3SWc3IFQ648A,2391
15
+ ccf-6.0.15.data/scripts/submit_recovery_share.sh,sha256=VxMfnbi82W1xrs5BwOqlJs-mFXjXeLnuF9ev37Ph034,3489
16
+ ccf-6.0.15.dist-info/licenses/LICENSE,sha256=z8d0m5b2O9McPEK1xHG_dWgUBT6EfBDz6wA0F7xSPTA,11358
17
+ ccf-6.0.15.dist-info/METADATA,sha256=ZxB2qhmCiUiV5RF-rEJt54yTw4nAirF0z-eh2hGOv1s,990
18
+ ccf-6.0.15.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
19
+ ccf-6.0.15.dist-info/entry_points.txt,sha256=3hbXI2LSOY06QitxM8GQqT9NwY7rCp1RtSU9gGG20A4,365
20
+ ccf-6.0.15.dist-info/top_level.txt,sha256=I0tWtkKe6KRqXt0nIp8W-ln8j431-vDBb39bQGKkL9Q,4
21
+ ccf-6.0.15.dist-info/RECORD,,
{ccf-6.0.13.dist-info → ccf-6.0.15.dist-info}/WHEEL RENAMED
File without changes