def encode_dsa_public_key(key):
"""
Encode DSA public key into RFC 3279 DER-encoded format.
:param PublicKey key: public key
:rtype: bytes
"""
asn1 = Integer(int.from_bytes(key[Attribute.VALUE], byteorder='big'))
return asn1.dump()
def decode_dsa_public_key(der):
"""
Decode a DSA public key from RFC 3279 DER-encoded format.
Returns a `biginteger` encoded as bytes.
:param bytes der: DER-encoded public key
:rtype: bytes
"""
asn1 = Integer.load(der)
return biginteger(asn1)
def encode_cert_id_key(self, hkey):
issuer_name_hash, issuer_key_hash, serial_number = hkey
issuer_name_hash = OctetString.load(issuer_name_hash)
issuer_key_hash = OctetString.load(issuer_key_hash)
serial_number = Integer.load(serial_number)
cert_id = CertId({
'hash_algorithm': DigestAlgorithm({
'algorithm': 'sha1',
'parameters': None}),
'issuer_name_hash': issuer_name_hash,
'issuer_key_hash': issuer_key_hash,
'serial_number': serial_number,
})
return cert_id
def test_grp_call() -> None:
grp = QrGroup(mpz(23))
assert int(grp(1)) == 1
assert int(grp(81)) == 12
assert int(grp(ImgGroupValue.load(b"\02\x01\x0c"))) == 12
assert int(grp(Integer(12))) == 12
with pytest.raises(ValueError, match="0 not in group"):
grp(46)
with pytest.raises(TypeError):
grp(ImgGroupValue.load(b"\x04\x01\x0c"))
with pytest.raises(ValueError, match="Not a valid group element"):
grp(ImgGroupValue.load(b"\x02\x01\x23"))
with pytest.raises(ValueError, match="Not a valid group element"):
grp(ImgGroupValue.load(b"\x02\x01\x05"))
def encode_cert_id_key(self, hkey):
issuer_name_hash, issuer_key_hash, serial_number = hkey
issuer_name_hash = OctetString.load(issuer_name_hash)
issuer_key_hash = OctetString.load(issuer_key_hash)
serial_number = Integer.load(serial_number)
cert_id = CertId({
"hash_algorithm":
DigestAlgorithm({
"algorithm": "sha1",
"parameters": None
}),
"issuer_name_hash":
issuer_name_hash,
"issuer_key_hash":
issuer_key_hash,
"serial_number":
serial_number,
})
return cert_id
def encode(byte_string, is_der = None, alg = 'Curve25519' ):
try:
raw = OctetString(byte_string)
except Exception as e:
raise FailedToParseByteString
privateKey = PrivateKey(raw.dump())
privateKeyAlgorithmIdentifier = PrivateKeyAlgorithmIdentifier( {'algorithm': alg });
oneAsymmetricKey = OneAsymmetricKey({
'version': Integer(0),
'privateKeyAlgorithm': privateKeyAlgorithmIdentifier,
'privateKey': privateKey})
der = oneAsymmetricKey.dump()
if is_der:
return der
return pem.armor('PRIVATE KEY',der).decode('ASCII')
def asn1(self) -> ImgGroupValue:
"""
Convert to ASN.1 Integer type
"""
return ImgGroupValue({"QrValue": Integer(int(self))})
def build(self, signing_private_key_path, debug=False):
"""
Validates the certificate information, constructs the ASN.1 structure
and then signs it
:param signing_private_key:
path to a .pem file with a private key
:return:
An m2m.Certificate object of the newly signed
certificate
"""
if self._self_signed is not True and self._issuer is None:
raise ValueError(_pretty_message(
'''
Certificate must be self-signed, or an issuer must be specified
'''
))
if self._self_signed:
self._issuer = self._subject
if self.serial_number is None:
time_part = int_to_bytes(int(time.time()))
random_part = random.getrandbits(24).to_bytes(3, byteorder='big') # Must contain at least 20 randomly generated BITS
self.serial_number = int_from_bytes(time_part + random_part)
# Only re non-optionals are always in this dict
properties = {
'version':Integer(value=self._version),
'serialNumber':OctetString(value=self.serial_number.to_bytes(20, byteorder='big')),
'subject':self.subject,
}
# Optional fields are only added if they're not None
if self.ca_algorithm is not None:
properties['cAAlgorithm'] = self.ca_algorithm
if self.ca_algorithm_parameters is not None:
properties['cAAlgParams'] = OctetString(value=self.ca_algorithm_parameters)
if self.issuer is not None:
properties['issuer'] = self.issuer
if self.valid_from is not None:
properties['validFrom'] = self.valid_from
if self.valid_duration is not None:
properties['validDuration'] = self.valid_duration
if self.pk_algorithm is not None:
properties['pKAlgorithm'] = self.pk_algorithm
if self.pk_algorithm_parameters is not None:
properties['pKAlgParams'] = OctetString(value=self.pk_algorithm_parameters)
if self.public_key is not None:
properties['pubKey'] = OctetString(value=self.public_key)
if self.authkey_id is not None:
properties['authKeyId'] = self.authkey_id
if self.subject_key_id is not None:
properties['subjKeyId'] = OctetString(value=self.subject_key_id)
if self.key_usage is not None:
properties['keyUsage'] = OctetString(value=self.key_usage)
if self.basic_constraints is not None:
properties['basicConstraints'] = Integer(value=self.basic_constraints)
if self.certificate_policy is not None:
properties['certificatePolicy'] = self.certificate_policy
if self.subject_alternative_name is not None:
properties['subjectAltName'] = self.subject_alternative_name
if self.issuer_alternative_name is not None:
properties['issuerAltName'] = self.issuer_alternative_name
if self.extended_key_usage is not None:
properties['extendedKeyUsage'] = self.extended_key_usage
if self.auth_info_access_ocsp is not None:
properties['authInfoAccessOCSP'] = self.auth_info_access_ocsp
if self.crl_distribution_point_uri is not None:
properties['cRLDistribPointURI'] = self.crl_distribution_point_uri
if self.x509_extensions is not None:
properties['x509extensions'] = self.x509_extensions
# import ipdb; ipdb.set_trace()
# break /usr/local/lib/python3.5/dist-packages/asn1crypto/core.py:2786
tbs_cert = TBSCertificate(properties)
bytes_to_sign = tbs_cert.dump()
signature = generate_signature(bytes_to_sign, signing_private_key_path)
# assert verify_signature(bytes_to_sign, signature, "public.pem")
if debug:
print("Build - Signed_bytes ({len}): {content}".format(len=len(bytes_to_sign), content=hexlify(bytes_to_sign)))
print("Build - Signature ({len}): {content}".format(len=len(signature), content=hexlify(signature)))
return Certificate({
'tbsCertificate': tbs_cert,
'cACalcValue': signature
})
