def auth_session(pytestconfig, session):
"""
Logs into the created admin session
"""
slot = test_config["test_slot"]
usertype = 0 if pytestconfig.getoption("user") == "SO" else 1
login(session, slot, test_config["password"], usertype)
yield session
c_logout(session)
from pypkcs11.defines import *
from pypkcs11.key_generator import c_generate_key_pair
from pypkcs11.default_templates import CKM_RSA_PKCS_KEY_PAIR_GEN_PUBTEMP, CKM_RSA_PKCS_KEY_PAIR_GEN_PRIVTEMP
from pypkcs11.unbound import dyc_create_x509_request
from pypkcs11.token_management import get_token_by_label
organizationId = 123456 # DigiCert ID of your organisation
devkey = 'YOUR-DC-DEVKEY'
userPin = ''
c_initialize()
rv, slot = get_token_by_label(b'demopartition')
assert rv == CKR_OK
rv, session = c_open_session(slot, CKF_SERIAL_SESSION | CKF_RW_SESSION)
assert rv == CKR_OK
rv = login(session, 0, userPin)
assert rv == CKR_OK
csrSubj = 'C=IL, L=Petah Tikva, O=Unbound Tech Ltd, OU=Test1, CN=www.unboundtech.com'
pbkey_template, prkey_template = (CKM_RSA_PKCS_KEY_PAIR_GEN_PUBTEMP,
CKM_RSA_PKCS_KEY_PAIR_GEN_PRIVTEMP)
pbkey_template[CKA_LABEL] = b'DemoPublicKey'
prkey_template[CKA_LABEL] = b'DemoPrivateKey'
ret, pub_key, priv_key = c_generate_key_pair(
session,
mechanism=CKM_RSA_PKCS_KEY_PAIR_GEN,
pbkey_template=pbkey_template,
prkey_template=prkey_template)
assert rv == CKR_OK
ret, csrDer = dyc_create_x509_request(session, priv_key, CKM_SHA256, csrSubj)
assert rv == CKR_OK
key_files = [
f for f in os.listdir(keys_dir) if path.isfile(path.join(keys_dir, f))
]
rv = c_initialize()
check_rv(rv, "c_initialize()")
(rv, slot_list) = sess_mng.c_get_slot_list()
check_rv(rv, "c_get_slot_list()")
slot = slot_list[0]
(rv, session) = c_open_session(slot)
check_rv(rv, "c_open_session()")
rv = login(session, slot, args.creds)
check_rv(rv, "login()")
(rv, handles) = c_find_objects(session, {CKA_CLASS: CKO_DATA}, 1000)
check_rv(rv, "c_find_objects()")
# 1. Download missing keys
for handle in handles:
(rv, attrs) = c_get_attribute_value(session, handle, {
CKA_ID: None,
CKA_VALUE: None
})
check_rv(rv, "c_get_attribute_value()")
fname = attrs[CKA_ID].decode('utf-8') + '.key'
if fname not in key_files:
from pypkcs11.misc import c_create_object
from pypkcs11.attributes import to_byte_array
from pypkcs11.token_management import get_token_by_label
devkey = 'YOUR-DC-DEVKEY'
if len(sys.argv) != 2:
print("Usage: " + sys.argv[0] + " <order_id>")
exit(0)
orderId = sys.argv[1]
userPin = ''
c_initialize()
rv, slot = get_token_by_label(b'demopartition')
assert rv == CKR_OK
rv, session = c_open_session(slot, CKF_SERIAL_SESSION | CKF_RW_SESSION)
assert rv == CKR_OK
assert login(session, 0, userPin) == CKR_OK
conn = http.client.HTTPSConnection('www.digicert.com')
headers = {"Accept": "application/json", 'X-DC-DEVKEY': devkey}
# Obtain Certificate ID from Order ID
conn.request("GET", "/services/v2/order/certificate/" + orderId, None, headers)
resp = conn.getresponse()
assert resp.status == 200, resp.reason
data = resp.read()
jata = json.loads(data)
certificateId = jata['certificate']['id']
print('Certificate ID:', certificateId)
# Download certificate
headers = {'Accept': '*/*', 'X-DC-DEVKEY': devkey}