def activate_session(self, username=None, password=None, certificate=None):
"""
Activate session using either username and password or private_key
"""
params = ua.ActivateSessionParameters()
challenge = self.security_policy.server_certificate + self._server_nonce
params.ClientSignature.Algorithm = b"http://www.w3.org/2000/09/xmldsig#rsa-sha1"
params.ClientSignature.Signature = self.security_policy.asymmetric_cryptography.signature(
challenge)
params.LocaleIds.append("en")
if not username and not certificate:
params.UserIdentityToken = ua.AnonymousIdentityToken()
params.UserIdentityToken.PolicyId = self.server_policy_id(
ua.UserTokenType.Anonymous, b"anonymous")
elif certificate:
params.UserIdentityToken = ua.X509IdentityToken()
params.UserIdentityToken.PolicyId = self.server_policy_id(
ua.UserTokenType.Certificate, b"certificate_basic256")
params.UserIdentityToken.CertificateData = uacrypto.der_from_x509(
certificate)
# specs part 4, 5.6.3.1: the data to sign is created by appending
# the last serverNonce to the serverCertificate
sig = uacrypto.sign_sha1(self.user_private_key, challenge)
params.UserTokenSignature = ua.SignatureData()
params.UserTokenSignature.Algorithm = b"http://www.w3.org/2000/09/xmldsig#rsa-sha1"
params.UserTokenSignature.Signature = sig
else:
params.UserIdentityToken = ua.UserNameIdentityToken()
params.UserIdentityToken.UserName = username
if self.server_url.password:
pubkey = uacrypto.x509_from_der(
self.security_policy.server_certificate).public_key()
# see specs part 4, 7.36.3: if the token is encrypted, password
# shall be converted to UTF-8 and serialized with server nonce
etoken = ua.pack_bytes(
bytes(password, "utf8") + self._server_nonce)
#data = uacrypto.encrypt_basic256(pubkey, etoken)
data = uacrypto.encrypt_rsa_oaep(pubkey, etoken)
params.UserIdentityToken.Password = data
params.UserIdentityToken.PolicyId = self.server_policy_id(
ua.UserTokenType.UserName, b"username_basic256")
params.UserIdentityToken.EncryptionAlgorithm = 'http://www.w3.org/2001/04/xmlenc#rsa-oaep'
return self.bclient.activate_session(params)
def activate_session(self, username=None, password=None, certificate=None):
"""
Activate session using either username and password or private_key
"""
params = ua.ActivateSessionParameters()
challenge = self.security_policy.server_certificate + self._server_nonce
params.ClientSignature.Algorithm = b"http://www.w3.org/2000/09/xmldsig#rsa-sha1"
params.ClientSignature.Signature = self.security_policy.asymmetric_cryptography.signature(challenge)
params.LocaleIds.append("en")
if not username and not certificate:
params.UserIdentityToken = ua.AnonymousIdentityToken()
params.UserIdentityToken.PolicyId = self.server_policy_id(ua.UserTokenType.Anonymous, b"anonymous")
elif certificate:
params.UserIdentityToken = ua.X509IdentityToken()
params.UserIdentityToken.PolicyId = self.server_policy_id(ua.UserTokenType.Certificate, b"certificate_basic256")
params.UserIdentityToken.CertificateData = uacrypto.der_from_x509(certificate)
# specs part 4, 5.6.3.1: the data to sign is created by appending
# the last serverNonce to the serverCertificate
sig = uacrypto.sign_sha1(self.user_private_key, challenge)
params.UserTokenSignature = ua.SignatureData()
params.UserTokenSignature.Algorithm = b"http://www.w3.org/2000/09/xmldsig#rsa-sha1"
params.UserTokenSignature.Signature = sig
else:
params.UserIdentityToken = ua.UserNameIdentityToken()
params.UserIdentityToken.UserName = username
if self.server_url.password:
pubkey = uacrypto.x509_from_der(self.security_policy.server_certificate).public_key()
# see specs part 4, 7.36.3: if the token is encrypted, password
# shall be converted to UTF-8 and serialized with server nonce
etoken = ua.pack_bytes(bytes(password, "utf8") + self._server_nonce)
#data = uacrypto.encrypt_basic256(pubkey, etoken)
data = uacrypto.encrypt_rsa_oaep(pubkey, etoken)
params.UserIdentityToken.Password = data
params.UserIdentityToken.PolicyId = self.server_policy_id(ua.UserTokenType.UserName, b"username_basic256")
params.UserIdentityToken.EncryptionAlgorithm = 'http://www.w3.org/2001/04/xmlenc#rsa-oaep'
return self.bclient.activate_session(params)
def encrypt_asymmetric(pubkey, data):
return uacrypto.encrypt_rsa_oaep(pubkey, data)