def pkcs11_init(pkcs11_engine, pkcs11_driver): """ Initializes Openssl pkcs11 engine with pkcs11 driver module and returns initialized engine for operations. """ # loading Dynamic engine to load the PKCS#11 engine Engine.load_dynamic_engine("pkcs11", pkcs11_engine) # loading pkcs#11 module pkcs11 = Engine.Engine("pkcs11") pkcs11.ctrl_cmd_string("MODULE_PATH", pkcs11_driver) pkcs11.init() return pkcs11
def robot_init(): e = Engine.load_dynamic_engine("pkcs11", "/usr/local/lib/engine_pkcs11.so") pk = Engine.Engine("pkcs11") pk.ctrl_cmd_string("MODULE_PATH", "/usr/lib/libeTPkcs11.so") ret = pk.init() print "Loading certificate DeRoberto" cert = e.load_certificate("30354530383037334131344144353636") print "Loading key ..." key = e.load_private_key("30354530383037334131344144353636", "indicate#2011") ctx = SSL.Context("sslv23") ctx.set_cipher_list("HIGH:!aNULL:!eNULL:@STRENGTH") ctx.set_session_id_ctx("foobar") m2.ssl_ctx_use_x509(ctx.ctx, cert.x509) m2.ssl_ctx_use_pkey_privkey(ctx.ctx, key.pkey) class SmartRedirectHandler(m2urllib2.HTTPRedirectHandler): def http_error_302(self, req, fp, code, msg, headers): redirect = headers['Location'] return redirect opener = m2urllib2.build_opener(ctx, SmartRedirectHandler()) return opener
def get_engine(cls): if cls._pkcs11 is not None: return engine_path = "/usr/lib/ssl/engines/engine_pkcs11.so" module_path = "/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so" #engine_path = "/usr/local/Cellar/engine_pkcs11/0.1.8/lib/engines/engine_pkcs11.so" #module_path = "/Library/OpenSC/lib/opensc-pkcs11.so" cls._pkcs11 = Engine.load_dynamic_engine("pkcs11", engine_path) cls._pkcs11.ctrl_cmd_string('MODULE_PATH', module_path) cls._pkcs11.set_default(m2.ENGINE_METHOD_RSA)
def load_engine(self): if self.pkcs11_engine is not None: # se l'engine e' gia stato caricato return True engine_drv_path = self.config.get_engine_driver_path() if engine_drv_path is None: return False self.engine_driver_path = engine_drv_path scard_drv_path = self.config.get_smartcard_driver_path( ) # ottengo il path della smartcard dalle config if scard_drv_path is None: # se non sono riuscito ad ottenere il driver della smartcard scard_atr = SmartcardFetcher.get_smartcard_atr( self.logger) # ottengo l'atr della smartcard if scard_atr is None: # se non sono riuscito ad ottenere l'atr return False scard_drv_path = SmartcardFetcher.get_smartcard_library( scard_atr, self.config, self.logger) # ottengo il path del driver della smarcard if scard_drv_path is None: # se non sono ancora riuscito ad ottenere il path return False self.smartcard_driver_path = scard_drv_path if Engine.load_dynamic_engine('pkcs11', self.engine_driver_path) is None: return False self.pkcs11_engine = Engine.Engine('pkcs11') self.pkcs11_engine.ctrl_cmd_string('MODULE_PATH', self.smartcard_driver_path) if self.must_fetch_pin: # se e' rischiesto un inserimento del pin pin = self.config.get_smartcard_pin() if pin is None: return False self.logger.debug('create engine using pin:%s' % pin) self.pkcs11_engine.ctrl_cmd_string( "PIN", pin) # senza il pin l'engine chiede il pin da prompt # TODO da controllare il login con un pin errate perche' non da' errore self.pkcs11_engine.init() return True
def load_engine(self): if self.pkcs11_engine is not None: # se l'engine e' gia stato caricato return True engine_drv_path = self.config.get_engine_driver_path() if engine_drv_path is None: return False self.engine_driver_path = engine_drv_path scard_drv_path = self.config.get_smartcard_driver_path() # ottengo il path della smartcard dalle config if scard_drv_path is None: # se non sono riuscito ad ottenere il driver della smartcard scard_atr = SmartcardFetcher.get_smartcard_atr(self.logger) # ottengo l'atr della smartcard if scard_atr is None: # se non sono riuscito ad ottenere l'atr return False scard_drv_path = SmartcardFetcher.get_smartcard_library( scard_atr, self.config, self.logger ) # ottengo il path del driver della smarcard if scard_drv_path is None: # se non sono ancora riuscito ad ottenere il path return False self.smartcard_driver_path = scard_drv_path if Engine.load_dynamic_engine('pkcs11', self.engine_driver_path) is None: return False self.pkcs11_engine = Engine.Engine('pkcs11') self.pkcs11_engine.ctrl_cmd_string('MODULE_PATH', self.smartcard_driver_path) if self.must_fetch_pin: # se e' rischiesto un inserimento del pin pin = self.config.get_smartcard_pin() if pin is None: return False self.logger.debug('create engine using pin:%s' % pin) self.pkcs11_engine.ctrl_cmd_string("PIN", pin) # senza il pin l'engine chiede il pin da prompt # TODO da controllare il login con un pin errate perche' non da' errore self.pkcs11_engine.init() return True
def __init__(self,engpath=""): self.pkcs11 = PyKCS11.PyKCS11Lib() self.engpath = engpath self.pkcs11.load(engpath + "\\" + etoken_dll) self.engine = Engine.load_dynamic_engine('pkcs11', self.engpath + "\\" + engine_dll) self.engine.ctrl_cmd_string('MODULE_PATH',self.engpath + "\\" + etoken_dll) self.engine.init() self.info = None # for slot in range(0,10): # try: # xx = self.pkcs11.getTokenInfo(slot) # if xx.model.strip() == "eToken": # self.info = xx # self.tokenSlot = slot # break # except PyKCS11.PyKCS11Error as e: # print e # pass # if self.info == None: # print "eToken not found" # raise # print "eToken in slot",self.tokenSlot self.tokenSlot=2
def _load_pkcs11(cls, engine_path, module_path): if cls._pkcs11 is None: cls._pkcs11 = Engine.load_dynamic_engine("pkcs11", engine_path) cls._pkcs11.ctrl_cmd_string('MODULE_PATH', module_path) cls._pkcs11.set_default(m2.ENGINE_METHOD_RSA)