def generate_key(bits, expiry_timestamp, price_limit, issuer): now = time.time(); rsaObj = M2Crypto.RSA.gen_key(bits, 0x10001, NoOp) # The certification is a JWT containing a JWK: pubKey = rsaObj.pub() # 2-ple of (exp, mod) certificate = { "typ": "certified-key", "key": [ { "alg": "RSA", "mod": base64.b64encode(pubKey[1]), "exp": base64.b64encode(pubKey[0]) } ], "nbf": now, "exp": expiry_timestamp, "iat": now, "price_limit": price_limit, "iss": issuer } serialized = json.dumps(certificate) # Certify it: certified = crypto.sign_jwt(serialized) return (rsaObj.as_pem(None), certified)
def certify_key(privkey, expiry_timestamp, price_limit, issuer=None, issued_at=None): """ Expects an M2Crypto.RSA.RSA key for privkey """ serialized = certificate(privkey, expiry_timestamp, price_limit, issuer, issued_at) # Certify it: certified = crypto.sign_jwt(serialized) return certified
def sign_receipt(request): # validators already confirmed the payload is valid JSON receipt = request.json_body # Part one of the certified receipt is # our ephemeral key's certificate result = [crypto.get_certificate()] # Part two of the certified_receipt is the # input receipt, signed with our software key. # Sign the receipt with our current ephemeral key result.append(crypto.sign_jwt(receipt)) return {"receipt": "~".join(result)}
def sign_receipt(request): # validators already confirmed the payload is valid JSON receipt = request.json_body # Part one of the certified receipt is # our ephemeral key's certificate result = [crypto.get_certificate()] # Part two of the certified_receipt is the # input receipt, signed with our software key. # Sign the receipt with our current ephemeral key result.append(crypto.sign_jwt(receipt)) return {'receipt': '~'.join(result)}
def certify_receipt(aReceipt): # Part one of the certified receipt is # our ephemeral key's certificate result = cStringIO.StringIO() result.write(crypto.get_certificate()) # Delimiter: result.write("~") # Part two of the certified_receipt is the # input receipt, signed with our software key. # Sign the receipt with our current ephemeral key signed_receipt = crypto.sign_jwt(aReceipt) result.write(signed_receipt) return result.getvalue()