def test_pdf_sign_invalid_date(self):
data = pdf.sign(pdf_bytes=self.pdf_bytes, sign_date='Not a date')
(hashok, signatureok, certok) = verify(data, self.trusted_cert_pems)
self.assertTrue(signatureok, 'There is an error with the signature')
self.assertTrue(hashok, 'There is an error with the hash')
self.assertTrue(certok, 'There is an error with the certificate')
def test_pdf(self):
dct = {
b'sigflags': 3,
b'contact': b'*****@*****.**',
b'location': b'Szczecin',
b'signingdate': b'20180731082642+02\'00\'',
b'reason': b'Dokument podpisany cyfrowo',
}
p12 = load_pkcs12(open(fixture('demo2_user1.p12'), 'rb').read(), '1234')
fname = fixture('pdf.pdf')
datau = open(fname, 'rb').read()
datas = pdf.cms.sign(datau, dct,
p12.get_privatekey().to_cryptography_key(),
p12.get_certificate().to_cryptography(),
[],
'sha256'
)
fname = fname.replace('.pdf', '-signed-cms.pdf')
with open(fname, 'wb') as fp:
fp.write(datau)
fp.write(datas)
trusted_cert_pems = (open(fixture('demo2_ca.crt.pem'), 'rt').read(),)
data = open(fname, 'rb').read()
(hashok, signatureok, certok) = pdf.verify(data, trusted_cert_pems)
assert signatureok and hashok and certok
def main():
trusted_cert_pems = (
# certum chain
open('ca-certum.pem', 'rt').read(),
open('ca-ncc.pem', 'rt').read(),
# actalis chain
open('ca-actalis-cag1.pem', 'rt').read(),
open('ca-actalis.pem', 'rt').read(),
# demo ca chain
open('demo2_ca.crt.pem', 'rt').read(),
# demo hsm ca chain
open('cert-hsm-ca.pem', 'rt').read(),
)
for fname in (
'pdf-signed-cms-hsm-certum.pdf',
'pdf-signed-cms-hsm.pdf',
'pdf-signed-cms-m32.pdf',
'pdf-signed-cms-pfx.pdf',
'pdf-signed-cms.pdf',
'pdf-signed-fpdf.pdf',
'test-PDFXRef-signed-cms.pdf',
'test-PDFXRefStream-signed-cms.pdf'
):
print('*' * 20, fname)
try:
data = open(fname, 'rb').read()
except:
continue
(hashok, signatureok, certok) = pdf.verify(data, trusted_cert_pems)
print('signature ok?', signatureok)
print('hash ok?', hashok)
print('cert ok?', certok)
def test_pdf(self):
dct = {
b'sigflags': 3,
b'contact': b'*****@*****.**',
b'location': b'Szczecin',
b'signingdate': b'20180731082642+02\'00\'',
b'reason': b'Dokument podpisany cyfrowo',
}
with open(fixture('demo2_user1.p12'), 'rb') as fp:
p12 = pkcs12.load_key_and_certificates(fp.read(), b'1234',
backends.default_backend())
fname = fixture('pdf.pdf')
with open(fname, 'rb') as fh:
datau = fh.read()
datas = pdf.cms.sign(datau, dct, p12[0], p12[1], p12[2], 'sha256')
fname = fname.replace('.pdf', '-signed-cms.pdf')
with open(fname, 'wb') as fp:
fp.write(datau)
fp.write(datas)
with open(fixture('demo2_ca.crt.pem'), 'rt') as fh:
trusted_cert_pems = (fh.read(), )
with open(fname, 'rb') as fh:
data = fh.read()
(hashok, signatureok, certok) = pdf.verify(data, trusted_cert_pems)
assert signatureok and hashok and certok
def is_file_signed(file):
try:
file_data = open(file, "rb").read()
(hash_ok, signature_ok, cert_ok) = pdf.verify(file_data)
return signature_ok or hash_ok or cert_ok
except:
return False
def verify_certificate():
post_data = request.json
course_code = post_data["course_code"]
student_rollno = session.get("user_rollno")
root_path = os.path.dirname(app.instance_path)
keys_path = root_path + '/media/keys/'
trusted_cert_pems = (open(keys_path + 'private.pem', 'rt').read(), )
fname = root_path + '/media/' + Config.STUDENT_CERTIFICATE_FOLDER + '/' + session.get(
'user_rollno') + '/' + course_code + ".pdf"
try:
data = open(fname, 'rb').read()
except:
return jsonify({
"signature_ok": False,
"hashok": False,
"certok": False
})
(hashok, signatureok, certok) = pdf.verify(data, trusted_cert_pems)
return jsonify({
"signature_ok": signatureok,
"hashok": hashok,
"certok": certok
})
def main():
trusted_cert_pems = (open('demo2_ca.crt.pem', 'rt').read(), )
for fname in ('pdf-signed-cms.pdf', 'pdf-signed-fpdf.pdf',
'test-PDFXRef-signed-cms.pdf',
'test-PDFXRefStream-signed-cms.pdf'):
print('*' * 20, fname)
try:
data = open(fname, 'rb').read()
except:
continue
(hashok, signatureok, certok) = pdf.verify(data, trusted_cert_pems)
print('signature ok?', signatureok)
print('hash ok?', hashok)
print('cert ok?', certok)
def main():
trusted_cert_pems = (
# certum chain
open('private.pem', 'rt').read(), )
fname = 'digitest-signed-cms.pdf'
print('*' * 20, fname)
try:
data = open(fname, 'rb').read()
except:
print("DH")
(hashok, signatureok, certok) = pdf.verify(data, trusted_cert_pems)
print('signature ok?', signatureok)
print('hash ok?', hashok)
print('cert ok?', certok)
def run_veririca_pdf_tem_assinatura(self):
global sss
sss = 1
def tree_print(field_name, fields):
global sss
ss = " "
print(ss * sss, field_name, '.............')
if not isinstance(fields, dict):
ByteStringObject
if field_name == '/Contents':
try:
signed_data = cms.ContentInfo.load(fields)['content']
for cert in signed_data['certificates']:
print('cert.issuer:',
cert.native['tbs_certificate']['issuer'])
print('cert.subject:',
cert.native['tbs_certificate']['subject'])
except Exception as e:
pass
with open(
'/home/leandro/Downloads/content{}.ext'.format(
sss), 'wb') as f:
f.write(fields)
f.close()
return
else:
print(' ' * sss, fields)
return
for field_name, value in fields.items():
sss += 2
tree_print(field_name, value)
sss -= 2
ifile = '/home/leandro/Downloads/016 - Projeto da LDO 2021_Assinado.pdf'
ifile = '/home/leandro/Downloads/plol_violencia_nas_escolas.pdf'
(hashok, signatureok, certok) = pdf.verify(open(ifile, 'rb').read())
print('signature ok?', signatureok)
print('hash ok?', hashok)
print('cert ok?', certok)
r = PdfFileReader(open(ifile, "rb"))
fields = r.getFields()
tree_print('file', fields)
def main(self):
cakeyID = bytes((0x1,))
ca_cert_pem = asn1pem.armor('CERTIFICATE', self.cert_load(cakeyID))
trusted_cert_pems = (ca_cert_pem,)
for fname in (
'pdf-signed-cms-hsm.pdf',
):
print('*' * 20, fname)
try:
data = open(fname, 'rb').read()
except:
continue
(hashok, signatureok, certok) = pdf.verify(data, trusted_cert_pems)
print('signature ok?', signatureok)
print('hash ok?', hashok)
print('cert ok?', certok)
async def verify_pdf(filepdf: UploadFile = File(...)):
try:
suffix = Path(filepdf.filename).suffix
with NamedTemporaryFile(delete=False, suffix=suffix) as tmp:
shutil.copyfileobj(filepdf.file, tmp)
pdf_tmp_path = Path(tmp.name)
teststr = str(pdf_tmp_path)
finally:
filepdf.file.close()
temp_list = []
for x in os.listdir("./cert_pems"):
temp_list.append(open("./cert_pems/"+x).read())
certs_tuple = tuple(temp_list)
data = open(teststr, 'rb').read()
(hashok, signatureok, certok) = pdf.verify(data, certs_tuple)
return {"Is signature valid": signatureok,
"Is hash valid": hashok,
"Is cert valid": certok,
}
#!/usr/bin/env python3
from endesive import pdf
import glob
pems = []
for f in glob.glob('/example-certs/*.pem') + glob.glob('/etc/ssl/certs/*'):
pem = open(f, 'rt').read()
pems.append(pem)
fname = 'example.pdf'
data = open(fname, 'rb').read()
(hashok, signatureok, certok) = pdf.verify(data, tuple(pems))
print('signature ok?', signatureok, 'hash', hashok, 'cert', certok)
def test_pdf_sign_no_cert(self):
data = pdf.sign(pdf_bytes=self.pdf_bytes)
with self.assertRaises(AssertionError):
verify(data, self.trusted_cert_pems)
def verifica_pdf(arquivo, certificados_de_confianca):
return pdf.verify(data=arquivo,
trusted_cert_pems=certificados_de_confianca)
