def _add_certificate_auth(self, params, certificate, challenge): params.UserIdentityToken = ua.X509IdentityToken() params.UserIdentityToken.CertificateData = uacrypto.der_from_x509( certificate) # specs part 4, 5.6.3.1: the data to sign is created by appending # the last serverNonce to the serverCertificate params.UserTokenSignature = ua.SignatureData() if certificate.signature_hash_algorithm.name == "sha256": params.UserIdentityToken.PolicyId = self.server_policy_id( ua.UserTokenType.Certificate, "certificate_basic256sha256") sig = uacrypto.sign_sha256(self.user_private_key, challenge) params.UserTokenSignature.Algorithm = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" params.UserTokenSignature.Signature = sig else: params.UserIdentityToken.PolicyId = self.server_policy_id( ua.UserTokenType.Certificate, "certificate_basic256") sig = uacrypto.sign_sha1(self.user_private_key, challenge) params.UserTokenSignature.Algorithm = "http://www.w3.org/2000/09/xmldsig#rsa-sha1" params.UserTokenSignature.Signature = sig
def signature(self, data): return uacrypto.sign_sha256(self.client_pk, data)