class RSAES_OAEP_params(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType('hashFunc', AlgorithmIdentifier().subtype(
implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
namedtype.NamedType('maskGenFunc', AlgorithmIdentifier().subtype(
implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
namedtype.NamedType('pSourceFunc', AlgorithmIdentifier().subtype(
implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2)))
)
def create_tsq(file_: str, hash_digest: str = 'sha512', nonce: bool = True):
"""
Create TimeStampReq byte string
:param file_: File path
:param hash_digest: Hash algorithm
:param nonce: Random integer value
:return: Byte string
"""
try:
logging.info('Creating TimeStampReq object...')
message_imprint = MessageImprint()
hash_algorithm = AlgorithmIdentifier()
if hash_digest in digest_algorithms:
hash_algorithm['algorithm'] = digest_algorithms.get(hash_digest)
else:
logging.error(
f'{hash_digest} is not listed in list of digest algorithms')
raise Exception
message_imprint['hashAlgorithm'] = hash_algorithm
message_imprint['hashedMessage'] = compute_hash(
file_, hashlib.new(hash_digest))
tsq = TimeStampReq()
tsq['version'] = 1
tsq['messageImprint'] = message_imprint
if nonce:
tsq['nonce'] = unpack('<q', urandom(8))[0]
logging.info('Creating TimeStampReq: Success')
return encoder.encode(tsq)
except Exception as e:
logging.error('Creating TimeStampReq: Failure', exc_info=True)
raise e
def encrypt(self, key_password):
"""
Encrypts the private key, so that it can be saved to a keystore.
This will make it necessary to decrypt it again if it is going to be used later.
Has no effect if the entry is already encrypted.
:param str key_password: The password to encrypt the entry with.
"""
if not self.is_decrypted():
return
encrypted_private_key = sun_crypto.jks_pkey_encrypt(
self.pkey_pkcs8, key_password)
a = AlgorithmIdentifier()
a.setComponentByName('algorithm', sun_crypto.SUN_JKS_ALGO_ID)
a.setComponentByName('parameters', '\x05\x00')
epki = rfc5208.EncryptedPrivateKeyInfo()
epki.setComponentByName('encryptionAlgorithm', a)
epki.setComponentByName('encryptedData', encrypted_private_key)
self._encrypted = encoder.encode(epki)
self._pkey = None
self._pkey_pkcs8 = None
self._algorithm_oid = None
def new(cls, alias, certs, key, key_format='pkcs8'):
"""
Helper function to create a new PrivateKeyEntry.
:param str alias: The alias for the Private Key Entry
:param list certs: An list of certificates, as byte strings.
The first one should be the one belonging to the private key,
the others the chain (in correct order).
:param str key: A byte string containing the private key in the
format specified in the key_format parameter (default pkcs8).
:param str key_format: The format of the provided private key.
Valid options are pkcs8 or rsa_raw. Defaults to pkcs8.
:returns: A loaded :class:`PrivateKeyEntry` instance, ready
to be placed in a keystore.
:raises UnsupportedKeyFormatException: If the key format is
unsupported.
"""
timestamp = int(time.time()) * 1000
cert_chain = []
for cert in certs:
cert_chain.append(('X.509', cert))
pke = cls(
timestamp=timestamp,
# Alias must be lower case or it will corrupt the keystore for Java Keytool and Keytool Explorer
alias=alias.lower(),
cert_chain=cert_chain)
if key_format == 'pkcs8':
private_key_info = decoder.decode(
key, asn1Spec=rfc5208.PrivateKeyInfo())[0]
pke._algorithm_oid = private_key_info['privateKeyAlgorithm'][
'algorithm'].asTuple()
pke.pkey = private_key_info['privateKey'].asOctets()
pke.pkey_pkcs8 = key
elif key_format == 'rsa_raw':
pke._algorithm_oid = RSA_ENCRYPTION_OID
# We must encode it to pkcs8
private_key_info = rfc5208.PrivateKeyInfo()
private_key_info.setComponentByName('version', 'v1')
a = AlgorithmIdentifier()
a.setComponentByName('algorithm', pke._algorithm_oid)
a.setComponentByName('parameters', '\x05\x00')
private_key_info.setComponentByName('privateKeyAlgorithm', a)
private_key_info.setComponentByName('privateKey', key)
pke.pkey_pkcs8 = encoder.encode(private_key_info, ifNotEmpty=True)
pke.pkey = key
else:
raise UnsupportedKeyFormatException(
"Key Format '%s' is not supported" % key_format)
return pke
class MessageImprint(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType('hashAlgorithm', AlgorithmIdentifier()),
namedtype.NamedType('hashedMessage', univ.OctetString()),
)
@property
def hash_algorithm(self):
return self[0]
@property
def hashed_message(self):
return self[1]
class MessageImprint(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType('hashAlgorithm', AlgorithmIdentifier()),
namedtype.NamedType('hashedMessage', univ.OctetString())
)
