def getPublicKey(self, format='JWK'):
"""
Return public key as a PEM or JWK string or as a JCS in an JSONObjectWriter
"""
if exportFormatCheck(format) == 'PEM':
return exportPublicKeyAsPem(self.nativePublicKey)
if format == 'JWK':
return serializeJson(self.publicKey)
return JSONObjectWriter(self.publicKey)
def getPublicKey(self, format='JWK'):
"""
Return public key as a PEM or JWK string or as a JCS in an JSONObjectWriter
"""
if exportFormatCheck(format) == 'PEM':
return exportPublicKeyAsPem(self.nativePublicKey)
if format == 'JWK':
jwk = OrderedDict()
for item in self.publicKey:
key = item
if key == 'type':
key = 'kty'
elif key == 'curve':
key = 'crv'
jwk[key] = self.publicKey[item]
return serializeJson(jwk)
return JSONObjectWriter(self.publicKey)
def readFile(name):
return codecs.open(name, "r", "utf-8").read()
keyString = readFile(sys.argv[1])
signatureKey = SignatureKey.new(keyString)
if signatureKey.isRSA():
print "RSA key"
else:
print "EC key"
if len(sys.argv) == 3:
jsonObject = JSONObjectWriter(parseJson(readFile(sys.argv[2])))
else:
jsonObject = JSONObjectWriter()
jsonObject.setInt("an_int", 7)
jsonObject.setString("a_string", "Sure")
jsonObject.setObject("an_object").setString(
"another_string",
"Yeah").setFloat("a_float", 1e+5).setBinary("a_blob",
'\x00\x01\x03\x04\x05')
jsonObject.setArray("an_array").setInt(45).setString("Nope").setObject()
jsonObject.setArray("two_dimensional").setArray().setString("Bye")
jsonObject.setSignature(signatureKey)
print jsonObject.serialize().encode("utf-8")
def getPublicKey(self, format='JWK'):
"""
Return public key as a PEM or JWK string or as a JCS/JWK in an JSONObjectWriter
"""
if exportFormatCheck(format) == 'PEM':
if self.isRSA():
return exportPublicKeyAsPem(self.nativePrivateKey.publickey())
return exportPublicKeyAsPem(
self.nativePrivateKey.get_verifying_key())
publicKey = JSONObjectWriter()
if self.isRSA():
publicKey.setString('kty', 'RSA')
publicKey.setCryptoBigNum('n', self.nativePrivateKey.n)
publicKey.setCryptoBigNum('e', self.nativePrivateKey.e)
else:
publicKey.setString('kty', 'EC')
publicKey.setString('crv', getEcCurveName(self.nativePrivateKey))
point = self.nativePrivateKey.get_verifying_key().to_string()
length = len(point)
if length % 2:
raise ValueError('EC point length error')
length >>= 1
publicKey.setBinary('x', point[:length])
publicKey.setBinary('y', point[length:])
if format == 'JWK':
return publicKey.serialize()
return publicKey
# This is a short program showing a possible CSR using JCS for the
# ACME (Automatic Certificate Management Environment) system
theKey = ('{'
' "kty":"EC",'
' "crv":"P-256",'
' "x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4",'
' "y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM",'
' "d":"870MB6gfuTJ4HtUnUvYMyJpr5eUZNP4Bk43bVdj3eAE"'
'}')
from org.webpki.json import SignatureKey
from org.webpki.json.Writer import JSONObjectWriter
jsonObject = JSONObjectWriter().setString(
"@context",
"https://letsencrypt.org/acme/v1").setString("@qualifier",
"CertificateRequest")
jsonObject.setString("domain", "example.com")
jsonObject.setBinary("secret", '\x56\x23\x23\x00\x10')
jsonObject.setSignature(SignatureKey.new(theKey))
print jsonObject.serialize()
class CustomSigner(BaseKey):
def __init__(self, privateKeyString, algorithm):
# Custom constructor
self.nativePrivateKey = RSA.importKey(privateKeyString)
self.algorithm = algorithm
def signData(self, data):
# Implementation: bare-bones and hard-coded
return PKCS1_v1_5.new(self.nativePrivateKey).sign(SHA256.new(data))
def setSignatureMetaData(self, jsonObjectWriter):
# Implementation: bare-bones and hard-coded
jsonObjectWriter.setString('algorithm', self.algorithm)
publicKey = jsonObjectWriter.setObject('publicKey')
publicKey.setString('type', 'RSA')
publicKey.setCryptoBigNum('n', self.nativePrivateKey.n)
publicKey.setCryptoBigNum('e', self.nativePrivateKey.e)
jsonObject = JSONObjectWriter().setString(
"@context",
"https://letsencrypt.org/acme/v1").setString("@qualifier",
"CertificateRequest")
jsonObject.setString("domain", "example.com")
jsonObject.setBinary("secret", '\x56\x23\x23\x00\x10')
jsonObject.setSignature(CustomSigner(theKey,
'RS256')) # Custom init parameters
print jsonObject.serialize()
# Our test program
if not len(sys.argv) in (2,3):
print 'Private-key [JSON-in-file]'
sys.exit(1)
def readFile(name):
return codecs.open(name, "r", "utf-8").read()
keyString = readFile(sys.argv[1])
signatureKey = SignatureKey.new(keyString)
if signatureKey.isRSA():
print "RSA key"
else:
print "EC key"
if len(sys.argv) == 3:
jsonObject = JSONObjectWriter(parseJson(readFile(sys.argv[2])))
else:
jsonObject = JSONObjectWriter()
jsonObject.setInt("an_int", 7)
jsonObject.setString("a_string", "Sure")
jsonObject.setObject("an_object").setString("another_string","Yeah").setFloat("a_float",1e+5).setBinary("a_blob",'\x00\x01\x03\x04\x05')
jsonObject.setArray("an_array").setInt(45).setString("Nope").setObject()
jsonObject.setArray("two_dimensional").setArray().setString("Bye")
jsonObject.setSignature(signatureKey)
print jsonObject.serialize().encode("utf-8")
# ACME (Automatic Certificate Management Environment) system
# This variation uses a declared rather than programmatic message
theKey = (
'{'
' "kty":"EC",'
' "crv":"P-256",'
' "x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4",'
' "y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM",'
' "d":"870MB6gfuTJ4HtUnUvYMyJpr5eUZNP4Bk43bVdj3eAE"'
'}')
from collections import OrderedDict
from org.webpki.json import SignatureKey
from org.webpki.json.Writer import JSONObjectWriter
from org.webpki.json.Utils import base64UrlEncode
message = OrderedDict([
("@context" , "https://letsencrypt.org/acme/v1"),
("@qualifier", "CertificateRequest"),
("domain" , "example.com"),
("an_object" , OrderedDict([("key1", 5),
("key2","hi")])),
("secret" , base64UrlEncode('\x56\x23\x23\x00\x10'))
])
jsonObject = JSONObjectWriter(message)
jsonObject.setSignature(SignatureKey.new(theKey))
print jsonObject.serialize()
# This variation uses a declared rather than programmatic message
theKey = (
"{"
' "kty":"EC",'
' "crv":"P-256",'
' "x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4",'
' "y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM",'
' "d":"870MB6gfuTJ4HtUnUvYMyJpr5eUZNP4Bk43bVdj3eAE"'
"}"
)
from collections import OrderedDict
from org.webpki.json import SignatureKey
from org.webpki.json.Writer import JSONObjectWriter
from org.webpki.json.Utils import base64UrlEncode
message = OrderedDict(
[
("@context", "https://letsencrypt.org/acme/v1"),
("@qualifier", "CertificateRequest"),
("domain", "example.com"),
("an_object", OrderedDict([("key1", 5), ("key2", "hi")])),
("secret", base64UrlEncode("\x56\x23\x23\x00\x10")),
]
)
jsonObject = JSONObjectWriter(message)
jsonObject.setSignature(SignatureKey.new(theKey))
print jsonObject.serialize()
'0BM+HmsiWnYEud7gU0Qi9MTzf4DMkabb0b01AMsA3WXUIoUxYXb0hdUHeWAivylo\n'
'6b2Vz0bkF04+Q0Bos9yMFQtOqkl1x7IfW5SrxZn07c/sWoStfA8nuFkayaf24p09\n'
'LLXUVQKBgDjFqNGi34b0Du1LcWNhHKc1UV8JjvMTXgynfte2BeptG994fXHvFt6G\n'
'+N3RpzlSgNk1QuHLze3qmAOqYfwNR/dXNDmiOIZ2vEb+F8pNvajAR/7A3GVbE/Ex\n'
'WzQhroBt4fEiJusZfznJVTjnzeTmIGxpNTyHMznbVDA9eY+tW1du\n'
'-----END RSA PRIVATE KEY-----\n')
class CustomSigner(BaseKey):
def __init__(self,privateKeyString,algorithm):
# Custom constructor
self.nativePrivateKey = RSA.importKey(privateKeyString)
self.algorithm = algorithm
def signData(self,data):
# Implementation: bare-bones and hard-coded
return PKCS1_v1_5.new(self.nativePrivateKey).sign(SHA256.new(data))
def setSignatureMetaData(self,jsonObjectWriter):
# Implementation: bare-bones and hard-coded
jsonObjectWriter.setString('algorithm',self.algorithm)
publicKey = jsonObjectWriter.setObject('publicKey')
publicKey.setString('type','RSA')
publicKey.setCryptoBigNum('n',self.nativePrivateKey.n)
publicKey.setCryptoBigNum('e',self.nativePrivateKey.e)
jsonObject = JSONObjectWriter().setString("@context","https://letsencrypt.org/acme/v1").setString("@qualifier","CertificateRequest")
jsonObject.setString("domain","example.com")
jsonObject.setBinary("secret",'\x56\x23\x23\x00\x10');
jsonObject.setSignature(CustomSigner(theKey,'RS256')) # Custom init parameters
print jsonObject.serialize()
# This is a short program showing a possible CSR using JCS for the
# ACME (Automatic Certificate Management Environment) system
theKey = (
'{'
' "kty":"EC",'
' "crv":"P-256",'
' "x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4",'
' "y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM",'
' "d":"870MB6gfuTJ4HtUnUvYMyJpr5eUZNP4Bk43bVdj3eAE"'
'}')
from org.webpki.json import SignatureKey
from org.webpki.json.Writer import JSONObjectWriter
jsonObject = JSONObjectWriter().setString("@context","https://letsencrypt.org/acme/v1").setString("@qualifier","CertificateRequest")
jsonObject.setString("domain","example.com")
jsonObject.setBinary("secret",'\x56\x23\x23\x00\x10');
jsonObject.setSignature(SignatureKey.new(theKey))
print jsonObject.serialize()
