def recipient_info(self, cert, session_key):
public_key = cert.get_pubkey().to_cryptography_key()
encrypted_key = public_key.encrypt(session_key, padding.PKCS1v15())
cert = signer.cert2asn(cert.to_cryptography())
tbs_cert = cert['tbs_certificate']
# TODO: use subject_key_identifier when available
return cms.RecipientInfo(name=u'ktri',
value={
'version':
u'v0',
'rid':
cms.RecipientIdentifier(
name=u'issuer_and_serial_number',
value={
'issuer':
tbs_cert['issuer'],
'serial_number':
tbs_cert['serial_number']
}),
'key_encryption_algorithm': {
'algorithm': u'rsa',
},
'encrypted_key':
core.OctetString(encrypted_key)
})
def recipient_info(self, cert, session_key, oaep):
public_key = cert.public_key()
cert = signer.cert2asn(cert)
tbs_cert = cert['tbs_certificate']
# TODO: use subject_key_identifier when available
if oaep:
encrypted_key = public_key.encrypt(
session_key,
padding.OAEP(mgf=padding.MGF1(hashes.SHA512()),
algorithm=hashes.SHA512(),
label=None))
kea = cms.KeyEncryptionAlgorithm({
'algorithm':
cms.KeyEncryptionAlgorithmId('rsaes_oaep'),
'parameters':
algos.RSAESOAEPParams({
'hash_algorithm':
algos.DigestAlgorithm({'algorithm': 'sha512'}),
'mask_gen_algorithm':
algos.MaskGenAlgorithm({
'algorithm':
algos.MaskGenAlgorithmId('mgf1'),
'parameters': {
'algorithm': algos.DigestAlgorithmId('sha512'),
}
}),
'p_source_algorithm':
algos.PSourceAlgorithm({
'algorithm':
algos.PSourceAlgorithmId('p_specified'),
'parameters':
b'',
})
})
})
else:
kea = {'algorithm': 'rsa'}
encrypted_key = public_key.encrypt(session_key, padding.PKCS1v15())
result = cms.RecipientInfo(name='ktri',
value={
'version':
'v0',
'rid':
cms.RecipientIdentifier(
name='issuer_and_serial_number',
value={
'issuer':
tbs_cert['issuer'],
'serial_number':
tbs_cert['serial_number']
}),
'key_encryption_algorithm':
kea,
'encrypted_key':
core.OctetString(encrypted_key)
})
return result
def assina_xml(self, arquivo):
def signproc(tosign, algosig):
key = self.certificado.key
signed_value_signature = key.sign(
tosign, padding.PKCS1v15(),
getattr(hashes, algosig.upper())())
return signed_value_signature
cert = self.certificado.cert
certcontent = signer.cert2asn(cert).dump()
cls = xades.BES()
doc = cls.build('documento.xml', arquivo, 'application/xml', cert,
certcontent, signproc, False, True)
return etree.tostring(doc,
encoding='UTF-8',
xml_declaration=True,
standalone=False)
def main():
p12 = load_pkcs12(open('demo2_user1.p12', 'rb').read(), '1234')
def signproc(tosign, algosig):
key = p12.get_privatekey().to_cryptography_key()
signed_value_signature = key.sign(tosign, padding.PKCS1v15(),
getattr(hashes, algosig.upper())())
return signed_value_signature
data = open('xml.xml', 'rb').read()
cert = p12.get_certificate().to_cryptography()
certcontent = signer.cert2asn(cert).dump()
cls = xades.BES()
doc = cls.build('xml.xml', data, 'text/xml', cert, certcontent, signproc,
False, False, True)
data = etree.tostring(doc,
encoding='UTF-8',
xml_declaration=True,
standalone=False)
open('xml-xades-bes-detached.xml', 'wb').write(data)
def main():
with open('demo2_user1.p12', 'rb') as fp:
p12 = pkcs12.load_key_and_certificates(fp.read(), b'1234', backends.default_backend())
def signproc(tosign, algosig):
key = p12[0]
signed_value_signature = key.sign(
tosign,
padding.PKCS1v15(),
getattr(hashes, algosig.upper())()
)
return signed_value_signature
data = open('xml.xml', 'rb').read()
cert = p12[1]
certcontent = signer.cert2asn(cert).dump()
cls = xades.BES()
doc = cls.build('xml.xml', data, 'text/xml', cert, certcontent, signproc, False, False, True)
data = etree.tostring(doc, encoding='UTF-8', xml_declaration=True, standalone=False)
open('xml-xades-bes-detached.xml', 'wb').write(data)
def showCert(self, der):
pem = cert2asn(der, False)
# pem.debug()
print(pem.serial_number)
print(pem.issuer.native)
print(pem.subject.native)
