def encode_dsa_public_key(key): """ Encode DSA public key into RFC 3279 DER-encoded format. :param PublicKey key: public key :rtype: bytes """ asn1 = Integer(int.from_bytes(key[Attribute.VALUE], byteorder='big')) return asn1.dump()
def decode_dsa_public_key(der): """ Decode a DSA public key from RFC 3279 DER-encoded format. Returns a `biginteger` encoded as bytes. :param bytes der: DER-encoded public key :rtype: bytes """ asn1 = Integer.load(der) return biginteger(asn1)
def encode_cert_id_key(self, hkey): issuer_name_hash, issuer_key_hash, serial_number = hkey issuer_name_hash = OctetString.load(issuer_name_hash) issuer_key_hash = OctetString.load(issuer_key_hash) serial_number = Integer.load(serial_number) cert_id = CertId({ 'hash_algorithm': DigestAlgorithm({ 'algorithm': 'sha1', 'parameters': None}), 'issuer_name_hash': issuer_name_hash, 'issuer_key_hash': issuer_key_hash, 'serial_number': serial_number, }) return cert_id
def test_grp_call() -> None: grp = QrGroup(mpz(23)) assert int(grp(1)) == 1 assert int(grp(81)) == 12 assert int(grp(ImgGroupValue.load(b"\02\x01\x0c"))) == 12 assert int(grp(Integer(12))) == 12 with pytest.raises(ValueError, match="0 not in group"): grp(46) with pytest.raises(TypeError): grp(ImgGroupValue.load(b"\x04\x01\x0c")) with pytest.raises(ValueError, match="Not a valid group element"): grp(ImgGroupValue.load(b"\x02\x01\x23")) with pytest.raises(ValueError, match="Not a valid group element"): grp(ImgGroupValue.load(b"\x02\x01\x05"))
def encode_cert_id_key(self, hkey): issuer_name_hash, issuer_key_hash, serial_number = hkey issuer_name_hash = OctetString.load(issuer_name_hash) issuer_key_hash = OctetString.load(issuer_key_hash) serial_number = Integer.load(serial_number) cert_id = CertId({ "hash_algorithm": DigestAlgorithm({ "algorithm": "sha1", "parameters": None }), "issuer_name_hash": issuer_name_hash, "issuer_key_hash": issuer_key_hash, "serial_number": serial_number, }) return cert_id
def encode(byte_string, is_der = None, alg = 'Curve25519' ): try: raw = OctetString(byte_string) except Exception as e: raise FailedToParseByteString privateKey = PrivateKey(raw.dump()) privateKeyAlgorithmIdentifier = PrivateKeyAlgorithmIdentifier( {'algorithm': alg }); oneAsymmetricKey = OneAsymmetricKey({ 'version': Integer(0), 'privateKeyAlgorithm': privateKeyAlgorithmIdentifier, 'privateKey': privateKey}) der = oneAsymmetricKey.dump() if is_der: return der return pem.armor('PRIVATE KEY',der).decode('ASCII')
def asn1(self) -> ImgGroupValue: """ Convert to ASN.1 Integer type """ return ImgGroupValue({"QrValue": Integer(int(self))})
def build(self, signing_private_key_path, debug=False): """ Validates the certificate information, constructs the ASN.1 structure and then signs it :param signing_private_key: path to a .pem file with a private key :return: An m2m.Certificate object of the newly signed certificate """ if self._self_signed is not True and self._issuer is None: raise ValueError(_pretty_message( ''' Certificate must be self-signed, or an issuer must be specified ''' )) if self._self_signed: self._issuer = self._subject if self.serial_number is None: time_part = int_to_bytes(int(time.time())) random_part = random.getrandbits(24).to_bytes(3, byteorder='big') # Must contain at least 20 randomly generated BITS self.serial_number = int_from_bytes(time_part + random_part) # Only re non-optionals are always in this dict properties = { 'version':Integer(value=self._version), 'serialNumber':OctetString(value=self.serial_number.to_bytes(20, byteorder='big')), 'subject':self.subject, } # Optional fields are only added if they're not None if self.ca_algorithm is not None: properties['cAAlgorithm'] = self.ca_algorithm if self.ca_algorithm_parameters is not None: properties['cAAlgParams'] = OctetString(value=self.ca_algorithm_parameters) if self.issuer is not None: properties['issuer'] = self.issuer if self.valid_from is not None: properties['validFrom'] = self.valid_from if self.valid_duration is not None: properties['validDuration'] = self.valid_duration if self.pk_algorithm is not None: properties['pKAlgorithm'] = self.pk_algorithm if self.pk_algorithm_parameters is not None: properties['pKAlgParams'] = OctetString(value=self.pk_algorithm_parameters) if self.public_key is not None: properties['pubKey'] = OctetString(value=self.public_key) if self.authkey_id is not None: properties['authKeyId'] = self.authkey_id if self.subject_key_id is not None: properties['subjKeyId'] = OctetString(value=self.subject_key_id) if self.key_usage is not None: properties['keyUsage'] = OctetString(value=self.key_usage) if self.basic_constraints is not None: properties['basicConstraints'] = Integer(value=self.basic_constraints) if self.certificate_policy is not None: properties['certificatePolicy'] = self.certificate_policy if self.subject_alternative_name is not None: properties['subjectAltName'] = self.subject_alternative_name if self.issuer_alternative_name is not None: properties['issuerAltName'] = self.issuer_alternative_name if self.extended_key_usage is not None: properties['extendedKeyUsage'] = self.extended_key_usage if self.auth_info_access_ocsp is not None: properties['authInfoAccessOCSP'] = self.auth_info_access_ocsp if self.crl_distribution_point_uri is not None: properties['cRLDistribPointURI'] = self.crl_distribution_point_uri if self.x509_extensions is not None: properties['x509extensions'] = self.x509_extensions # import ipdb; ipdb.set_trace() # break /usr/local/lib/python3.5/dist-packages/asn1crypto/core.py:2786 tbs_cert = TBSCertificate(properties) bytes_to_sign = tbs_cert.dump() signature = generate_signature(bytes_to_sign, signing_private_key_path) # assert verify_signature(bytes_to_sign, signature, "public.pem") if debug: print("Build - Signed_bytes ({len}): {content}".format(len=len(bytes_to_sign), content=hexlify(bytes_to_sign))) print("Build - Signature ({len}): {content}".format(len=len(signature), content=hexlify(signature))) return Certificate({ 'tbsCertificate': tbs_cert, 'cACalcValue': signature })