def test_pdf_sign_invalid_date(self): data = pdf.sign(pdf_bytes=self.pdf_bytes, sign_date='Not a date') (hashok, signatureok, certok) = verify(data, self.trusted_cert_pems) self.assertTrue(signatureok, 'There is an error with the signature') self.assertTrue(hashok, 'There is an error with the hash') self.assertTrue(certok, 'There is an error with the certificate')
def test_pdf(self): dct = { b'sigflags': 3, b'contact': b'*****@*****.**', b'location': b'Szczecin', b'signingdate': b'20180731082642+02\'00\'', b'reason': b'Dokument podpisany cyfrowo', } p12 = load_pkcs12(open(fixture('demo2_user1.p12'), 'rb').read(), '1234') fname = fixture('pdf.pdf') datau = open(fname, 'rb').read() datas = pdf.cms.sign(datau, dct, p12.get_privatekey().to_cryptography_key(), p12.get_certificate().to_cryptography(), [], 'sha256' ) fname = fname.replace('.pdf', '-signed-cms.pdf') with open(fname, 'wb') as fp: fp.write(datau) fp.write(datas) trusted_cert_pems = (open(fixture('demo2_ca.crt.pem'), 'rt').read(),) data = open(fname, 'rb').read() (hashok, signatureok, certok) = pdf.verify(data, trusted_cert_pems) assert signatureok and hashok and certok
def main(): trusted_cert_pems = ( # certum chain open('ca-certum.pem', 'rt').read(), open('ca-ncc.pem', 'rt').read(), # actalis chain open('ca-actalis-cag1.pem', 'rt').read(), open('ca-actalis.pem', 'rt').read(), # demo ca chain open('demo2_ca.crt.pem', 'rt').read(), # demo hsm ca chain open('cert-hsm-ca.pem', 'rt').read(), ) for fname in ( 'pdf-signed-cms-hsm-certum.pdf', 'pdf-signed-cms-hsm.pdf', 'pdf-signed-cms-m32.pdf', 'pdf-signed-cms-pfx.pdf', 'pdf-signed-cms.pdf', 'pdf-signed-fpdf.pdf', 'test-PDFXRef-signed-cms.pdf', 'test-PDFXRefStream-signed-cms.pdf' ): print('*' * 20, fname) try: data = open(fname, 'rb').read() except: continue (hashok, signatureok, certok) = pdf.verify(data, trusted_cert_pems) print('signature ok?', signatureok) print('hash ok?', hashok) print('cert ok?', certok)
def test_pdf(self): dct = { b'sigflags': 3, b'contact': b'*****@*****.**', b'location': b'Szczecin', b'signingdate': b'20180731082642+02\'00\'', b'reason': b'Dokument podpisany cyfrowo', } with open(fixture('demo2_user1.p12'), 'rb') as fp: p12 = pkcs12.load_key_and_certificates(fp.read(), b'1234', backends.default_backend()) fname = fixture('pdf.pdf') with open(fname, 'rb') as fh: datau = fh.read() datas = pdf.cms.sign(datau, dct, p12[0], p12[1], p12[2], 'sha256') fname = fname.replace('.pdf', '-signed-cms.pdf') with open(fname, 'wb') as fp: fp.write(datau) fp.write(datas) with open(fixture('demo2_ca.crt.pem'), 'rt') as fh: trusted_cert_pems = (fh.read(), ) with open(fname, 'rb') as fh: data = fh.read() (hashok, signatureok, certok) = pdf.verify(data, trusted_cert_pems) assert signatureok and hashok and certok
def is_file_signed(file): try: file_data = open(file, "rb").read() (hash_ok, signature_ok, cert_ok) = pdf.verify(file_data) return signature_ok or hash_ok or cert_ok except: return False
def verify_certificate(): post_data = request.json course_code = post_data["course_code"] student_rollno = session.get("user_rollno") root_path = os.path.dirname(app.instance_path) keys_path = root_path + '/media/keys/' trusted_cert_pems = (open(keys_path + 'private.pem', 'rt').read(), ) fname = root_path + '/media/' + Config.STUDENT_CERTIFICATE_FOLDER + '/' + session.get( 'user_rollno') + '/' + course_code + ".pdf" try: data = open(fname, 'rb').read() except: return jsonify({ "signature_ok": False, "hashok": False, "certok": False }) (hashok, signatureok, certok) = pdf.verify(data, trusted_cert_pems) return jsonify({ "signature_ok": signatureok, "hashok": hashok, "certok": certok })
def main(): trusted_cert_pems = (open('demo2_ca.crt.pem', 'rt').read(), ) for fname in ('pdf-signed-cms.pdf', 'pdf-signed-fpdf.pdf', 'test-PDFXRef-signed-cms.pdf', 'test-PDFXRefStream-signed-cms.pdf'): print('*' * 20, fname) try: data = open(fname, 'rb').read() except: continue (hashok, signatureok, certok) = pdf.verify(data, trusted_cert_pems) print('signature ok?', signatureok) print('hash ok?', hashok) print('cert ok?', certok)
def main(): trusted_cert_pems = ( # certum chain open('private.pem', 'rt').read(), ) fname = 'digitest-signed-cms.pdf' print('*' * 20, fname) try: data = open(fname, 'rb').read() except: print("DH") (hashok, signatureok, certok) = pdf.verify(data, trusted_cert_pems) print('signature ok?', signatureok) print('hash ok?', hashok) print('cert ok?', certok)
def run_veririca_pdf_tem_assinatura(self): global sss sss = 1 def tree_print(field_name, fields): global sss ss = " " print(ss * sss, field_name, '.............') if not isinstance(fields, dict): ByteStringObject if field_name == '/Contents': try: signed_data = cms.ContentInfo.load(fields)['content'] for cert in signed_data['certificates']: print('cert.issuer:', cert.native['tbs_certificate']['issuer']) print('cert.subject:', cert.native['tbs_certificate']['subject']) except Exception as e: pass with open( '/home/leandro/Downloads/content{}.ext'.format( sss), 'wb') as f: f.write(fields) f.close() return else: print(' ' * sss, fields) return for field_name, value in fields.items(): sss += 2 tree_print(field_name, value) sss -= 2 ifile = '/home/leandro/Downloads/016 - Projeto da LDO 2021_Assinado.pdf' ifile = '/home/leandro/Downloads/plol_violencia_nas_escolas.pdf' (hashok, signatureok, certok) = pdf.verify(open(ifile, 'rb').read()) print('signature ok?', signatureok) print('hash ok?', hashok) print('cert ok?', certok) r = PdfFileReader(open(ifile, "rb")) fields = r.getFields() tree_print('file', fields)
def main(self): cakeyID = bytes((0x1,)) ca_cert_pem = asn1pem.armor('CERTIFICATE', self.cert_load(cakeyID)) trusted_cert_pems = (ca_cert_pem,) for fname in ( 'pdf-signed-cms-hsm.pdf', ): print('*' * 20, fname) try: data = open(fname, 'rb').read() except: continue (hashok, signatureok, certok) = pdf.verify(data, trusted_cert_pems) print('signature ok?', signatureok) print('hash ok?', hashok) print('cert ok?', certok)
async def verify_pdf(filepdf: UploadFile = File(...)): try: suffix = Path(filepdf.filename).suffix with NamedTemporaryFile(delete=False, suffix=suffix) as tmp: shutil.copyfileobj(filepdf.file, tmp) pdf_tmp_path = Path(tmp.name) teststr = str(pdf_tmp_path) finally: filepdf.file.close() temp_list = [] for x in os.listdir("./cert_pems"): temp_list.append(open("./cert_pems/"+x).read()) certs_tuple = tuple(temp_list) data = open(teststr, 'rb').read() (hashok, signatureok, certok) = pdf.verify(data, certs_tuple) return {"Is signature valid": signatureok, "Is hash valid": hashok, "Is cert valid": certok, }
#!/usr/bin/env python3 from endesive import pdf import glob pems = [] for f in glob.glob('/example-certs/*.pem') + glob.glob('/etc/ssl/certs/*'): pem = open(f, 'rt').read() pems.append(pem) fname = 'example.pdf' data = open(fname, 'rb').read() (hashok, signatureok, certok) = pdf.verify(data, tuple(pems)) print('signature ok?', signatureok, 'hash', hashok, 'cert', certok)
def test_pdf_sign_no_cert(self): data = pdf.sign(pdf_bytes=self.pdf_bytes) with self.assertRaises(AssertionError): verify(data, self.trusted_cert_pems)
def verifica_pdf(arquivo, certificados_de_confianca): return pdf.verify(data=arquivo, trusted_cert_pems=certificados_de_confianca)