コード例 #1
0
ファイル: cli.py プロジェクト: slad99/pyHanko 
def _open_for_signing(infile_path, signer_cert=None, signer_key=None):
    from pyhanko.pdf_utils import crypt
    infile = open(infile_path, 'rb')
    writer = IncrementalPdfFileWriter(infile)

    # TODO make this an option higher up the tree
    # TODO mention filename in prompt
    if writer.prev.encrypted:
        sh = writer.prev.security_handler
        if isinstance(sh, crypt.StandardSecurityHandler):
            pdf_pass = getpass.getpass(
                prompt='Password for encrypted file \'%s\': ' % infile_path)
            writer.encrypt(pdf_pass)
        elif isinstance(sh, crypt.PubKeySecurityHandler) \
                and signer_key is not None:
            # attempt to decrypt using signer's credentials
            cred = SimpleEnvelopeKeyDecrypter(signer_cert, signer_key)
            logger.warning(
                "The file \'%s\' appears to be encrypted using public-key "
                "encryption. This is only partially supported in pyHanko's "
                "CLI. PyHanko will attempt to decrypt the document using the "
                "signer's public key, but be aware that using the same key "
                "for both signing and decryption is considered bad practice. "
                "Never use the same RSA key that you use to decrypt messages to"
                "sign hashes that you didn't compute yourself!" % infile_path)
            writer.encrypt_pubkey(cred)
        else:
            raise click.ClickException(
                "Input file appears to be encrypted, but appropriate "
                "credentials are not available.")
    return writer
コード例 #2
0
ファイル: cli.py プロジェクト: slad99/pyHanko 
def decrypt_with_pkcs12(infile, outfile, pfx, passfile, force):
    if passfile is None:
        passphrase = getpass.getpass(prompt='Key passphrase: ').encode('utf-8')
    else:
        passphrase = passfile.read()
        passfile.close()
    sedk = SimpleEnvelopeKeyDecrypter.load_pkcs12(pfx, passphrase=passphrase)

    _decrypt_pubkey(sedk, infile, outfile, force)
コード例 #3
0
ファイル: samples.py プロジェクト: terminalkitten/pdf-stamp 
        stream2 = generic.StreamObject(
            stream_data=stream_data(ascii_text, 100))
        if compress:
            stream2.compress()
        contents = generic.ArrayObject(
            [pdf_out.add_object(stream),
             pdf_out.add_object(stream2)])
    else:
        contents = pdf_out.add_object(stream)
    return writer.PageObject(contents=contents,
                             media_box=media_box,
                             resources=resources)


PUBKEY_TEST_DECRYPTER = SimpleEnvelopeKeyDecrypter.load(
    f"{CRYPTO_DATA_DIR}/keys-rsa/signer.key.pem",
    f"{CRYPTO_DATA_DIR}/testing-ca/interm/decrypter1.cert.pem", b'secret')

# no keyEncipherment bit on this one
PUBKEY_SELFSIGNED_DECRYPTER = SimpleEnvelopeKeyDecrypter.load(
    "pyhanko_tests/data/crypto/selfsigned.key.pem",
    "pyhanko_tests/data/crypto/selfsigned.cert.pem", b'secret')

CERTOMANCER_CONFIG_PATH = CRYPTO_DATA_DIR + '/certomancer.yml'


def _configure_certomancer():
    with open(CERTOMANCER_CONFIG_PATH, 'r') as inf:
        cfg_text = inf.read()
    cfg = yaml.safe_load(cfg_text)
コード例 #4
0
ファイル: samples.py プロジェクト: jackii/pyHanko 
        generic.DictionaryObject({pdf_name('/F1'): get_courier()})
    })
    media_box = generic.ArrayObject(map(generic.NumberObject,
                                        (0, 0, 300, 144)))

    def stream_data(txt, y):
        return f'BT /F1 18 Tf 0 {y} Td ({txt}) Tj ET'.encode('ascii')

    stream = generic.StreamObject(stream_data=stream_data(ascii_text, 0))
    if compress:
        stream.compress()

    if extra_stream:
        stream2 = generic.StreamObject(
            stream_data=stream_data(ascii_text, 100))
        if compress:
            stream2.compress()
        contents = generic.ArrayObject(
            [pdf_out.add_object(stream),
             pdf_out.add_object(stream2)])
    else:
        contents = pdf_out.add_object(stream)
    return writer.PageObject(contents=contents,
                             media_box=media_box,
                             resources=resources)


PUBKEY_TEST_DECRYPTER = SimpleEnvelopeKeyDecrypter.load(
    "pyhanko_tests/data/crypto/selfsigned.key.pem",
    "pyhanko_tests/data/crypto/selfsigned.cert.pem", b'secret')
コード例 #5
0
    stream = generic.StreamObject(stream_data=stream_data(ascii_text, 0))
    if compress:
        stream.compress()

    if extra_stream:
        stream2 = generic.StreamObject(
            stream_data=stream_data(ascii_text, 100))
        if compress:
            stream2.compress()
        contents = generic.ArrayObject(
            [pdf_out.add_object(stream),
             pdf_out.add_object(stream2)])
    else:
        contents = pdf_out.add_object(stream)
    return writer.PageObject(contents=contents,
                             media_box=media_box,
                             resources=resources)


# These certs have the keyEncipherment extension active (yes, I know that
# that isn't good key hygiene, esp. with RSA, but it's a testing setup)
PUBKEY_TEST_DECRYPTER = SimpleEnvelopeKeyDecrypter.load(
    "pyhanko_tests/data/crypto/testing-ca/keys/signer.key.pem",
    "pyhanko_tests/data/crypto/testing-ca/intermediate/newcerts/signer.cert.pem",
    b'secret')

# no keyEncipherment bit on this one
PUBKEY_SELFSIGNED_DECRYPTER = SimpleEnvelopeKeyDecrypter.load(
    "pyhanko_tests/data/crypto/selfsigned.key.pem",
    "pyhanko_tests/data/crypto/selfsigned.cert.pem", b'secret')