def createSignature(self, manifest, certificate, key, wwdr_certificate, password): open('manifest.json', 'w').write(manifest) def passwordCallback(*args, **kwds): return password smime = SMIME.SMIME() #we need to attach wwdr cert as X509 wwdrcert = X509.load_cert(wwdr_certificate) stack = X509_Stack() stack.push(wwdrcert) smime.set_x509_stack(stack) smime.load_key(key, certificate, callback=passwordCallback) pk7 = smime.sign(SMIME.BIO.MemoryBuffer(manifest), flags=SMIME.PKCS7_DETACHED | SMIME.PKCS7_BINARY) pem = SMIME.BIO.MemoryBuffer() pk7.write(pem) # convert pem to der # print pem.read() der = ''.join(l.strip() for l in pem.read().split('-----') [2].splitlines()).decode('base64') open('signature', 'w').write(der)
def _createSignature(self, manifest, certificate=None, certificate_str=None, key=None, key_str=None, wwdr_certificate=None, wwdr_certificate_str=None, password=None): def passwordCallback(*args, **kwds): return password # we need to attach wwdr cert as X509 if wwdr_certificate: wwdrcert = X509.load_cert(wwdr_certificate) elif wwdr_certificate_str: # handle raw certificate strings wwdrcert = X509.load_cert_string(wwdr_certificate_str) else: raise Exception('No WWDR certificate passed to _createSignature') stack = X509_Stack() stack.push(wwdrcert) smime = SMIME.SMIME() smime.set_x509_stack(stack) if certificate and key: # need to cast to string since load_key doesnt work with unicode paths smime.load_key(str(key), certificate, callback=passwordCallback) elif certificate_str and key_str: # handle raw key and certificate strings keybio = SMIME.BIO.MemoryBuffer(key_str.encode('utf8')) certbio = SMIME.BIO.MemoryBuffer(certificate_str.encode('utf8')) smime.load_key_bio(keybio, certbio, callback=passwordCallback) else: raise Exception( 'No valid combination of certificate and key passed to _createSignature' ) pk7 = smime.sign(SMIME.BIO.MemoryBuffer(manifest), flags=SMIME.PKCS7_DETACHED | SMIME.PKCS7_BINARY) pem = SMIME.BIO.MemoryBuffer() pk7.write(pem) # convert pem to der der = ''.join(l.strip() for l in pem.read().split('-----') [2].splitlines()).decode('base64') return der
def _get_smime(self, certificate, key, wwdr_certificate, password): """ :return: M2Crypto.SMIME.SMIME """ def passwordCallback(*args, **kwds): return bytes(password, encoding='ascii') smime = SMIME.SMIME() wwdrcert = X509.load_cert(wwdr_certificate) stack = X509_Stack() stack.push(wwdrcert) smime.set_x509_stack(stack) smime.load_key(key, certfile=certificate, callback=passwordCallback) return smime
def get_signature_serial_number(pkcs7): """ Extracts the serial number out of a DER formatted, detached PKCS7 signature buffer """ pkcs7_buf = MemoryBuffer(pkcs7) if pkcs7_buf is None: raise BIOError(Err.get_error()) p7_ptr = pkcs7_read_bio_der(pkcs7_buf.bio) p = PKCS7(p7_ptr, 1) # Fetch the certificate stack that is the list of signers # Since there should only be one in this use case, take the zeroth # cert in the stack and return its serial number return p.get0_signers(X509_Stack())[0].get_serial_number()
def _get_smime(self, certificate, key, wwdr_certificate, password): """ :return: M2Crypto.SMIME.SMIME """ def passwordCallback(*args, **kwds): return bytes(password, encoding='utf8') smime = SMIME.SMIME() wwdrcert = X509.load_cert(wwdr_certificate) stack = X509_Stack() stack.push(wwdrcert) smime.set_x509_stack(stack) key_bio = BIO.MemoryBuffer(open(key, 'rb').read()) certificate_bio = BIO.MemoryBuffer(open(certificate, 'rb').read()) smime.load_key_bio(key_bio, certificate_bio, callback=passwordCallback) return smime
def sign(self, data, wwdrcert_data, cert_data, key_data, passphrase = None): """ https://github.com/devartis/passbook """ def passwordCallback(*args, **kwds): return passphrase wwdrcert_bio = SMIME.BIO.MemoryBuffer(wwdrcert_data) key_bio = SMIME.BIO.MemoryBuffer(key_data) cert_bio = SMIME.BIO.MemoryBuffer(cert_data) smime = SMIME.SMIME() wwdrcert = X509.load_cert_bio(wwdrcert_bio) stack = X509_Stack() stack.push(wwdrcert) smime.set_x509_stack(stack) smime.load_key_bio(key_bio, cert_bio, callback=passwordCallback) pk7 = smime.sign(SMIME.BIO.MemoryBuffer(data), flags = SMIME.PKCS7_DETACHED | SMIME.PKCS7_BINARY) pem = SMIME.BIO.MemoryBuffer() pk7.write(pem) der = ''.join(l.strip() for l in pem.read().split('----')[2].splitlines()).decode('base64') return der
def _createSignature(self, manifest, certificate, key, wwdr_certificate, password): def passwordCallback(*args, **kwds): return password smime = SMIME.SMIME() # we need to attach wwdr cert as X509 wwdrcert = X509.load_cert(wwdr_certificate) stack = X509_Stack() stack.push(wwdrcert) smime.set_x509_stack(stack) # need to cast to string since load_key doesnt work with unicode paths smime.load_key(str(key), certificate, callback=passwordCallback) pk7 = smime.sign(SMIME.BIO.MemoryBuffer(manifest), flags=SMIME.PKCS7_DETACHED | SMIME.PKCS7_BINARY) pem = SMIME.BIO.MemoryBuffer() pk7.write(pem) # convert pem to der der = ''.join(l.strip() for l in pem.read().split('-----')[2].splitlines()).decode('base64') return der
def get_signature_cert_subject(pkcs7): # Fetch the certificate stack that is the list of signers. # Since there should only be one in this use case, take the zeroth # cert in the stack and return its serial number return pkcs7.get0_signers(X509_Stack())[0].get_subject().as_text()