def createSignature(self, manifest, certificate, key, wwdr_certificate,
password):
open('manifest.json', 'w').write(manifest)
def passwordCallback(*args, **kwds):
return password
smime = SMIME.SMIME()
#we need to attach wwdr cert as X509
wwdrcert = X509.load_cert(wwdr_certificate)
stack = X509_Stack()
stack.push(wwdrcert)
smime.set_x509_stack(stack)
smime.load_key(key, certificate, callback=passwordCallback)
pk7 = smime.sign(SMIME.BIO.MemoryBuffer(manifest),
flags=SMIME.PKCS7_DETACHED | SMIME.PKCS7_BINARY)
pem = SMIME.BIO.MemoryBuffer()
pk7.write(pem)
# convert pem to der
# print pem.read()
der = ''.join(l.strip() for l in pem.read().split('-----')
[2].splitlines()).decode('base64')
open('signature', 'w').write(der)
def _createSignature(self,
manifest,
certificate=None,
certificate_str=None,
key=None,
key_str=None,
wwdr_certificate=None,
wwdr_certificate_str=None,
password=None):
def passwordCallback(*args, **kwds):
return password
# we need to attach wwdr cert as X509
if wwdr_certificate:
wwdrcert = X509.load_cert(wwdr_certificate)
elif wwdr_certificate_str:
# handle raw certificate strings
wwdrcert = X509.load_cert_string(wwdr_certificate_str)
else:
raise Exception('No WWDR certificate passed to _createSignature')
stack = X509_Stack()
stack.push(wwdrcert)
smime = SMIME.SMIME()
smime.set_x509_stack(stack)
if certificate and key:
# need to cast to string since load_key doesnt work with unicode paths
smime.load_key(str(key), certificate, callback=passwordCallback)
elif certificate_str and key_str:
# handle raw key and certificate strings
keybio = SMIME.BIO.MemoryBuffer(key_str.encode('utf8'))
certbio = SMIME.BIO.MemoryBuffer(certificate_str.encode('utf8'))
smime.load_key_bio(keybio, certbio, callback=passwordCallback)
else:
raise Exception(
'No valid combination of certificate and key passed to _createSignature'
)
pk7 = smime.sign(SMIME.BIO.MemoryBuffer(manifest),
flags=SMIME.PKCS7_DETACHED | SMIME.PKCS7_BINARY)
pem = SMIME.BIO.MemoryBuffer()
pk7.write(pem)
# convert pem to der
der = ''.join(l.strip() for l in pem.read().split('-----')
[2].splitlines()).decode('base64')
return der
def _get_smime(self, certificate, key, wwdr_certificate, password):
"""
:return: M2Crypto.SMIME.SMIME
"""
def passwordCallback(*args, **kwds):
return bytes(password, encoding='ascii')
smime = SMIME.SMIME()
wwdrcert = X509.load_cert(wwdr_certificate)
stack = X509_Stack()
stack.push(wwdrcert)
smime.set_x509_stack(stack)
smime.load_key(key, certfile=certificate, callback=passwordCallback)
return smime
def get_signature_serial_number(pkcs7):
"""
Extracts the serial number out of a DER formatted, detached PKCS7
signature buffer
"""
pkcs7_buf = MemoryBuffer(pkcs7)
if pkcs7_buf is None:
raise BIOError(Err.get_error())
p7_ptr = pkcs7_read_bio_der(pkcs7_buf.bio)
p = PKCS7(p7_ptr, 1)
# Fetch the certificate stack that is the list of signers
# Since there should only be one in this use case, take the zeroth
# cert in the stack and return its serial number
return p.get0_signers(X509_Stack())[0].get_serial_number()
def _get_smime(self, certificate, key, wwdr_certificate, password):
"""
:return: M2Crypto.SMIME.SMIME
"""
def passwordCallback(*args, **kwds):
return bytes(password, encoding='utf8')
smime = SMIME.SMIME()
wwdrcert = X509.load_cert(wwdr_certificate)
stack = X509_Stack()
stack.push(wwdrcert)
smime.set_x509_stack(stack)
key_bio = BIO.MemoryBuffer(open(key, 'rb').read())
certificate_bio = BIO.MemoryBuffer(open(certificate, 'rb').read())
smime.load_key_bio(key_bio, certificate_bio, callback=passwordCallback)
return smime
def sign(self, data, wwdrcert_data, cert_data, key_data, passphrase = None):
""" https://github.com/devartis/passbook """
def passwordCallback(*args, **kwds):
return passphrase
wwdrcert_bio = SMIME.BIO.MemoryBuffer(wwdrcert_data)
key_bio = SMIME.BIO.MemoryBuffer(key_data)
cert_bio = SMIME.BIO.MemoryBuffer(cert_data)
smime = SMIME.SMIME()
wwdrcert = X509.load_cert_bio(wwdrcert_bio)
stack = X509_Stack()
stack.push(wwdrcert)
smime.set_x509_stack(stack)
smime.load_key_bio(key_bio, cert_bio, callback=passwordCallback)
pk7 = smime.sign(SMIME.BIO.MemoryBuffer(data), flags = SMIME.PKCS7_DETACHED | SMIME.PKCS7_BINARY)
pem = SMIME.BIO.MemoryBuffer()
pk7.write(pem)
der = ''.join(l.strip() for l in pem.read().split('----')[2].splitlines()).decode('base64')
return der
def _createSignature(self, manifest, certificate, key,
wwdr_certificate, password):
def passwordCallback(*args, **kwds):
return password
smime = SMIME.SMIME()
# we need to attach wwdr cert as X509
wwdrcert = X509.load_cert(wwdr_certificate)
stack = X509_Stack()
stack.push(wwdrcert)
smime.set_x509_stack(stack)
# need to cast to string since load_key doesnt work with unicode paths
smime.load_key(str(key), certificate, callback=passwordCallback)
pk7 = smime.sign(SMIME.BIO.MemoryBuffer(manifest), flags=SMIME.PKCS7_DETACHED | SMIME.PKCS7_BINARY)
pem = SMIME.BIO.MemoryBuffer()
pk7.write(pem)
# convert pem to der
der = ''.join(l.strip() for l in pem.read().split('-----')[2].splitlines()).decode('base64')
return der
def get_signature_cert_subject(pkcs7):
# Fetch the certificate stack that is the list of signers.
# Since there should only be one in this use case, take the zeroth
# cert in the stack and return its serial number
return pkcs7.get0_signers(X509_Stack())[0].get_subject().as_text()
