def ca_gen(self, label, keyID, subject):
privKey = self.session.findObjects([(PyKCS11.CKA_CLASS,
PyKCS11.CKO_PRIVATE_KEY),
(PyKCS11.CKA_ID, keyID)])[0]
pubKey = self.session.findObjects([(PyKCS11.CKA_CLASS,
PyKCS11.CKO_PUBLIC_KEY),
(PyKCS11.CKA_ID, keyID)])[0]
pubKey = self.session.findObjects([(PyKCS11.CKA_CLASS,
PyKCS11.CKO_PUBLIC_KEY),
(PyKCS11.CKA_ID, keyID)])[0]
modulus = self.session.getAttributeValue(pubKey,
[PyKCS11.CKA_MODULUS])[0]
modulus = binascii.hexlify(bytearray(modulus)).decode("utf-8")
exponent = self.session.getAttributeValue(
pubKey, [PyKCS11.CKA_PUBLIC_EXPONENT])[0]
exponent = binascii.hexlify(bytearray(exponent)).decode("utf-8")
pubKey = asn1keys.RSAPublicKey({
'modulus':
int('0x' + modulus, 16),
'public_exponent':
int('0x' + exponent, 16)
})
#pubKey = asn1keys.RSAPublicKey.load(pubKey.dump())
self.ca(1, pubKey, privKey, label, subject, keyID)
def ca_sign(self, keyID, label, sn, subject, days, cakeyID):
caprivKey = self.session.findObjects([(PyKCS11.CKA_CLASS,
PyKCS11.CKO_PRIVATE_KEY),
(PyKCS11.CKA_ID, cakeyID)])[0]
pubKey = self.session.findObjects([(PyKCS11.CKA_CLASS,
PyKCS11.CKO_PUBLIC_KEY),
(PyKCS11.CKA_ID, keyID)])[0]
modulus = self.session.getAttributeValue(pubKey,
[PyKCS11.CKA_MODULUS])[0]
modulus = binascii.hexlify(bytearray(modulus)).decode("utf-8")
exponent = self.session.getAttributeValue(
pubKey, [PyKCS11.CKA_PUBLIC_EXPONENT])[0]
exponent = binascii.hexlify(bytearray(exponent)).decode("utf-8")
pubKey = asn1keys.RSAPublicKey({
'modulus':
int('0x' + modulus, 16),
'public_exponent':
int('0x' + exponent, 16)
})
#pubKey = asn1keys.RSAPublicKey.load(pubKey.dump())
until = datetime.datetime.now(
tz=asn1util.timezone.utc) + datetime.timedelta(days=days)
der_bytes = self.certsign(sn, pubKey, subject, until, caprivKey)
self.cert_save(der_bytes, label, subject, keyID)
def export_public_der(self) -> bytes:
return keys.PublicKeyInfo.wrap(
keys.RSAPublicKey({
"modulus": self.modulus,
"public_exponent": self.public_exponent
}), "rsa").dump()