def activate_session(self, username=None, password=None, certificate=None): """ Activate session using either username and password or private_key """ params = ua.ActivateSessionParameters() challenge = self.security_policy.server_certificate + self._server_nonce params.ClientSignature.Algorithm = b"http://www.w3.org/2000/09/xmldsig#rsa-sha1" params.ClientSignature.Signature = self.security_policy.asymmetric_cryptography.signature( challenge) params.LocaleIds.append("en") if not username and not certificate: params.UserIdentityToken = ua.AnonymousIdentityToken() params.UserIdentityToken.PolicyId = self.server_policy_id( ua.UserTokenType.Anonymous, b"anonymous") elif certificate: params.UserIdentityToken = ua.X509IdentityToken() params.UserIdentityToken.PolicyId = self.server_policy_id( ua.UserTokenType.Certificate, b"certificate_basic256") params.UserIdentityToken.CertificateData = uacrypto.der_from_x509( certificate) # specs part 4, 5.6.3.1: the data to sign is created by appending # the last serverNonce to the serverCertificate sig = uacrypto.sign_sha1(self.user_private_key, challenge) params.UserTokenSignature = ua.SignatureData() params.UserTokenSignature.Algorithm = b"http://www.w3.org/2000/09/xmldsig#rsa-sha1" params.UserTokenSignature.Signature = sig else: params.UserIdentityToken = ua.UserNameIdentityToken() params.UserIdentityToken.UserName = username if self.server_url.password: pubkey = uacrypto.x509_from_der( self.security_policy.server_certificate).public_key() # see specs part 4, 7.36.3: if the token is encrypted, password # shall be converted to UTF-8 and serialized with server nonce etoken = ua.pack_bytes( bytes(password, "utf8") + self._server_nonce) #data = uacrypto.encrypt_basic256(pubkey, etoken) data = uacrypto.encrypt_rsa_oaep(pubkey, etoken) params.UserIdentityToken.Password = data params.UserIdentityToken.PolicyId = self.server_policy_id( ua.UserTokenType.UserName, b"username_basic256") params.UserIdentityToken.EncryptionAlgorithm = 'http://www.w3.org/2001/04/xmlenc#rsa-oaep' return self.bclient.activate_session(params)
def activate_session(self, username=None, password=None, certificate=None): """ Activate session using either username and password or private_key """ params = ua.ActivateSessionParameters() challenge = self.security_policy.server_certificate + self._server_nonce params.ClientSignature.Algorithm = b"http://www.w3.org/2000/09/xmldsig#rsa-sha1" params.ClientSignature.Signature = self.security_policy.asymmetric_cryptography.signature(challenge) params.LocaleIds.append("en") if not username and not certificate: params.UserIdentityToken = ua.AnonymousIdentityToken() params.UserIdentityToken.PolicyId = self.server_policy_id(ua.UserTokenType.Anonymous, b"anonymous") elif certificate: params.UserIdentityToken = ua.X509IdentityToken() params.UserIdentityToken.PolicyId = self.server_policy_id(ua.UserTokenType.Certificate, b"certificate_basic256") params.UserIdentityToken.CertificateData = uacrypto.der_from_x509(certificate) # specs part 4, 5.6.3.1: the data to sign is created by appending # the last serverNonce to the serverCertificate sig = uacrypto.sign_sha1(self.user_private_key, challenge) params.UserTokenSignature = ua.SignatureData() params.UserTokenSignature.Algorithm = b"http://www.w3.org/2000/09/xmldsig#rsa-sha1" params.UserTokenSignature.Signature = sig else: params.UserIdentityToken = ua.UserNameIdentityToken() params.UserIdentityToken.UserName = username if self.server_url.password: pubkey = uacrypto.x509_from_der(self.security_policy.server_certificate).public_key() # see specs part 4, 7.36.3: if the token is encrypted, password # shall be converted to UTF-8 and serialized with server nonce etoken = ua.pack_bytes(bytes(password, "utf8") + self._server_nonce) #data = uacrypto.encrypt_basic256(pubkey, etoken) data = uacrypto.encrypt_rsa_oaep(pubkey, etoken) params.UserIdentityToken.Password = data params.UserIdentityToken.PolicyId = self.server_policy_id(ua.UserTokenType.UserName, b"username_basic256") params.UserIdentityToken.EncryptionAlgorithm = 'http://www.w3.org/2001/04/xmlenc#rsa-oaep' return self.bclient.activate_session(params)
def encrypt_asymmetric(pubkey, data): return uacrypto.encrypt_rsa_oaep(pubkey, data)