def jwkthumb(e, n):
"""
JSON Web Key Thumbprint SHA256 from RSA exponent end modulus
"""
js = '{"e":"%s","kty":"RSA","n":"%s"}' % (tobase64(e), tobase64(n))
return tobase64(hashlib.sha256(tobytes(js)).digest())
def jwkthumb(e, n):
"""
JSON Web Key Thumbprint SHA256 from RSA exponent end modulus
"""
js = '{"e":"%s","kty":"RSA","n":"%s"}' % (tobase64(e), tobase64(n))
return tobase64(hashlib.sha256(tobytes(js)).digest())
def main(fin, fout, meth):
if meth is None:
meth = 'mkpy'
xs = fin.read()
insize = fin.tell()
fin.close()
que = mkprioque(xs)
squ = serializq(que)
fout.write(b'\x7fZ')
fout.write(meth.upper().encode('utf-8'))
fout.write(struct.pack('I', insize))
fout.write(tobytes(squ))
bmp = mkht_methods[meth](que).tomap()
bs = ''.join(bmp[x] for x in xs)
res = bits2bytes(bs)
fout.write(tobytes(res))
fout.close()
def _sslutils_req(domains=[], cfg="", key="", ecdsa=False):
"""
Create new RSA key and simple CSR request.
XXX TODO - remove dependency on openssl
"""
if len(domains) == 0:
raise Exception("no domains")
i = 1
subject = "/CN="
config = "[req]\n"
config += "distinguished_name = req_distinguished_name\n"
config += "req_extensions=v3_req\n"
config += "[req_distinguished_name]\n"
config += "[v3_req]\n"
config += "basicConstraints=CA:FALSE\n"
config += "keyUsage=nonRepudiation,digitalSignature,keyEncipherment\n"
config += "subjectAltName=@alt_names\n"
config += "[alt_names]\n"
for domain in domains:
if domain.find('/') >= 0:
raise Exception("bad domain %s" % (domain))
if domain.find('*') >= 0:
raise Exception("bad domain %s" % (domain))
config += "DNS.%d=%s\n" % (i, domain)
if i == 1:
subject += domain
i += 1
savesync(cfg, tobytes(config))
if ecdsa:
#create ECDSA key
_sslutils_ecdsa_makekey(key)
else:
#create RSA key
_sslutils_rsa_makekey(key, "", 2048)
#create request
cmd = [
'openssl', 'req', '-sha256', '-nodes', '-subj', subject, '-key', key,
'-new', '-outform', 'der', '-config', cfg
]
p = subprocess.Popen(cmd, stdout=subprocess.PIPE, stdin=subprocess.PIPE)
ret = p.communicate('')[0]
if (p.returncode != 0):
raise Exception("%s: failed" % (" ".join(cmd)))
return ret
def _sslutils_req(domains = [], cfg = "", key = ""):
"""
Create new RSA key and simple CSR request.
XXX TODO - remove dependency on openssl
"""
if len(domains) == 0:
raise Exception("no domains")
i = 1
subject = "/CN="
config = "[req]\n"
config += "distinguished_name = req_distinguished_name\n"
config += "req_extensions=v3_req\n"
config += "[req_distinguished_name]\n"
config += "[v3_req]\n"
config += "basicConstraints=CA:FALSE\n"
config += "keyUsage=nonRepudiation,digitalSignature,keyEncipherment\n"
config += "subjectAltName=@alt_names\n"
config += "[alt_names]\n"
for domain in domains:
if domain.find('/') >= 0:
raise Exception("bad domain %s" % (domain))
if domain.find('*') >= 0:
raise Exception("bad domain %s" % (domain))
config += "DNS.%d=%s\n" % (i, domain)
if i == 1:
subject += domain
i += 1
savesync(cfg, tobytes(config))
if 1 == 1:
#create RSA key
_sslutils_rsa_makekey(key, "", 2048)
else:
#create ECDSA key - XXX TODO
_sslutils_ecdsa_makekey(key)
#create request
cmd = ['openssl', 'req', '-sha256', '-nodes', '-subj', subject, '-key', key, '-new', '-outform', 'der', '-config', cfg]
p = subprocess.Popen(cmd, stdout = subprocess.PIPE, stdin = subprocess.PIPE)
ret = p.communicate('')[0]
if (p.returncode != 0):
raise Exception("%s: failed" % (" ".join(cmd)))
return ret
def main(fin, fout, meth):
if fin.read(2) != b'\x7fZ':
raise Exception('wrong file format!')
meth = fin.read(4).decode('utf-8').lower()
if meth not in mkht_methods:
raise Exception('unknown compressing method!')
outsize = unpack('I', fin.read(calcsize('I')))
if isinstance(outsize, tuple):
outsize = outsize[0]
que = unserializq(fin)
htr = mkht_methods[meth](que)
res = fin.read()
fin.close()
bs = bytes2bits(res)
res = unapplyhtr(bs, htr)
if len(res) < outsize:
res += ['\n' for i in range(outsize - len(res))]
else:
res = res[:outsize]
fout.write(tobytes(res))
fout.close()
def tobase64(x):
"""
python2/3 compatible conversion to urlsafe base64 encoding
"""
return tostr(base64.urlsafe_b64encode(tobytes(x))).replace('=', '')
def tobase64(x):
"""
python2/3 compatible conversion to urlsafe base64 encoding
"""
return tostr(base64.urlsafe_b64encode(tobytes(x))).replace('=', '')
def tojson(x):
"""
python2/3 compatible conversion to json string
"""
return tobytes(json.dumps(x))
