def index(): # Get an instance of the Authentication class. auth = Authentication() # Set PKI default options (see utils.py). set_pki_defaults(auth) # Start the authentication. Receive as response a AuthStartResult instance # containing the following fields: # - nonce: The nonce to be signed. This value is also used on "complete" # action. # - digest_algorithm: The digest algorithm that will inform the Web PKI # component to compute the signature. result = auth.start() # Render the fields received form start() method as hidden field to be used # on the javascript and on the "complete" step. We pass the nonce as base64 # to be rendered on page. response = make_response( render_template('authentication_express/index.html', nonce=result.nonce, digest_algorithm=result.digest_algorithm)) # The nonce acquired above can only be used for a single authentication # attempt. In order to retry the signature it is necessary to get a new # token. This can be a problem if the user uses the back button of the # browser, since the browser might show a cached page that we rendered # previously, with a now stale token. To prevent this from happening, we # call the method set_no_cache_headers(), which sets HTTP headers to prevent # caching of the page. get_expired_page_headers(response.headers) return response
def index(file_id): # Verify if the provided "file_id" exists. file_path = join(current_app.config['APPDATA_FOLDER'], file_id) if not exists(file_path): return render_template('error.html', msg='File not found') # Get an instance of the PadesSigner class, responsible for receiving # the signature elements and performing the local signature. signer = PadesSigner() # Set PKI default options (see utils.py). set_pki_defaults(signer) # Set signature policy. signer.signature_policy = standard_signature_policies.PADES_BASIC_WITH_LTV # Set PDF to be signed. signer.set_pdf_to_sign_from_path(file_path) # The PKCS #12 certificate path. signer.set_pkcs12_from_path( join(current_app.static_folder, 'Pierre de Fermat.pfx')) # Set the certificate's PIN. signer.cert_password = '******' # Set a file reference for the stamp file. Note that this file can be # referenced later by "fref://{alias}" at the "url" field on the visual # representation (see content/vr.json or get_visual_representation() # method). signer.add_file_reference('stamp', get_pdf_stamp_path()) # Set visual representation. We provide a dictionary that represents the # visual representation JSON model. signer.set_visual_representation( PadesVisualElementsExpress.get_visual_representation()) # Generate path for output file and add to signer object. create_app_data() # Guarantees that "app data" folder exists. output_file = '%s.pdf' % (str(uuid.uuid4())) signer.output_file = join(current_app.config['APPDATA_FOLDER'], output_file) # Perform the signature. signer_cert = signer.sign(get_cert=True) response = make_response( render_template('pades_server_key_express/index.html', signer_cert=signer_cert, signed_pdf=output_file)) get_expired_page_headers(response.headers) return response
def index(file_id=None): # Verify if the provided "file_id" exists. file_path = join(current_app.config['APPDATA_FOLDER'], file_id) if not exists(file_path): return render_template('error.html', msg='File not found') # Get an instance of the CadesSigner class, responsible for receiving # the signature elements and performing the local signature. signer = CadesSigner() # Set PKI default options (see utils.py). set_pki_defaults(signer) # Set signature policy. signer.signature_policy = \ standard_signature_policies.PKI_BRAZIL_CADES_ADR_BASICA # Set file to be signed. If the file is a CSM, the PKI Express will # recognize that and will co-sign that file. signer.set_file_to_sign_from_path(file_path) # The PKCS #12 certificate path. signer.set_pkcs12_from_path( join(current_app.static_folder, 'Pierre de Fermat.pfx')) # Set the certificate's PIN. signer.cert_password = '******' # Set 'encapsulate content' option (default: True). signer.encapsulated_content = True # Generate path for output file and add to signer object. create_app_data() # Guarantees that "app_data" folder exists. output_file = '%s.p7s' % (str(uuid.uuid4())) signer.output_file = join(current_app.config['APPDATA_FOLDER'], output_file) # Perform the signature. signer_cert = signer.sign(get_cert=True) response = make_response( render_template('cades_server_key_express/index.html', signer_cert=signer_cert, cms_file=output_file)) get_expired_page_headers(response.headers) return response
def full(): """ This function initiates a XML element signature using REST PKI and renders the signature page. The full XML signature is recommended in cases which there is a need to sign the whole XML file. """ try: # Get an instance of the FullXmlSignatureStarter class, responsible for # receiving the signature elements and start the signature process. signature_starter = FullXmlSignatureStarter(get_restpki_client()) # Set the XML to be signed, a sample XML Document. signature_starter.set_xml_to_sign(get_sample_xml_document_path()) # Set the location on which to insert the signature node. If the # location is not specified, the signature will appended to the root # element (which is most usual with enveloped signatures). nsm = NamespaceManager() nsm.add_namespace('ls', 'http://www.lacunasoftware.com/sample') signature_starter.set_signature_element_location( '//ls:signaturePlaceholder', XmlInsertionOptions.APPEND_CHILD, nsm) # Set the signature policy. signature_starter.signature_policy = \ StandardSignaturePolicies.XADES_BES # Set the security context to be used to determine trust in the # certificate chain. We have encapsulated the security context choice on # util.py. signature_starter.security_context = get_security_context_id() # Call the start_with_webpki() method, which initiates the signature. # This yields the token, a 43-character case-sensitive URL-safe string, # which identifies this signature process. We'll use this value to call # the signWithRestPki() method on the Web PKI component (see # signature-form.js javascript) and also to complete the signature after # the form is submitted (see method pades_signature_action()). This # should not be mistaken with the API access token. result = signature_starter.start_with_webpki() # The token acquired above can only be used for a single signature # attempt. In order to retry the signature it is necessary to get a new # token. This can be a problem if the user uses the back button of the # browser, since the browser might show a cached page that we rendered # previously, with a now stale token. To prevent this from happen, we # force page expiration through HTTP headers to prevent caching of the # page. response = make_response( render_template('xml_signature/full.html', token=result.token)) response.headers = get_expired_page_headers() return response except Exception as e: return render_template('error.html', msg=e)
def index(): # Instantiate the XmlElementSignatureStarter class, responsible for # receiving the signature elements and start the signature process. signature_starter = XmlElementSignatureStarter(get_rest_pki_client()) # Set the XML to be signed, a sample XML Document. signature_starter.set_xml_to_sign(get_sample_nfe_path()) # Set the ID of the element to be signed. signature_starter.to_sign_element_id = \ 'NFe35141214314050000662550010001084271182362300' # Set the signature policy. signature_starter.signature_policy = \ StandardSignaturePolicies.NFE_PADRAO_NACIONAL # Set a security context to be used to determine trust in the # certificate chain. We have encapsulated the security context choice on # util.py. signature_starter.security_context = get_security_context_id() # Call the start_with_webpki() method, which initiates the signature. # This yields the token, a 43-character case-sensitive URL-safe string, # which identifies this signature process. We'll use this value to call # the signWithRestPki() method on the Web PKI component (see # signature-form.js javascript) and also to complete the signature after # the form is submitted (see method action()). This should not be # mistaken with the API access token. result = signature_starter.start_with_webpki() # The token acquired above can only be used for a single signature # attempt. In order to retry the signature it is necessary to get a new # token. This can be a problem if the user uses the back button of the # browser, since the browser might show a cached page that we rendered # previously, with a now stale token. We force page expiration through # HTTP headers to prevent caching of the page. response = make_response( render_template('xml_nfe_signature_rest/index.html', token=result.token)) get_expired_page_headers(response.headers) return response
def index(): """ This view function initiates an authentication with REST PKI and renders the authentication page. """ try: # Get an instance of the Authentication class. auth = get_rest_pki_client().get_authentication() # Call the start_with_web_pki() method, which initiates the # authentication. This yields the "token", a 22-character case-sensitive # URL-safe string, which represents this authentication process. We'll # use this value to call the signWithRestPki() method on the Web PKI # component (see signature-form.js) and also to call the # complete_with_web_pki() method on the route /authentication/action. # This should not be mistaken with the API access token. We have # encapsulated the security context choice on util.py. token = auth.start_with_web_pki(get_security_context_id()) # The token acquired above can only be used for a single # authentication. In order to retry authenticating it is necessary to # get a new token. This can be a problem if the user uses the back # button of the browser, since the browser might show a cached page that # we rendered previously, with a now stale token. To prevent this from # happening, we force page expiration through HTTP headers to prevent # caching of the page. response = make_response( render_template('authentication_rest/index.html', token=token)) get_expired_page_headers(response.headers) return response except Exception as e: return render_template('error.html', msg=e)
def index(file_to_sign=None, file_to_cosign=None): """ This function initiates a CAdES signature using REST PKI and renders the signature page. All CAdES signature examples converge to this action, but with different URL arguments: 1. Signature with a server file : no arguments filled 2. Signature with a file uploaded by the user : "******" filled 3. Co-signature of a previously signed CMS : "cmsfile" filled """ try: # Get an instantiate of the CadesSignatureStarter class, responsible for # receiving the signature elements and start the signature process. signature_starter = CadesSignatureStarter(get_restpki_client()) if file_to_cosign is not None: # If the URL argument "cmsfile" is filled, the user has asked to # co-sign a previously signed CMS. We'll set the path to the CMS to # be co-signed, which was previously saved in the "app-data" folder # by the action() step. Note two important things: # # 1. The CMS to be co-signed must be set using the method # "set_cms_to_cosign", not the method "set_file_to_sign". # # 2. Since we're creating CMSs with encapsulated content (see call # to encapsulated_content property below), we don't need to set # the content to be signed, REST PKI will get the content from # the CMS being co-signed. # signature_starter.set_cms_to_cosign_path( '%s/%s' % (current_app.config['APPDATA_FOLDER'], file_to_cosign)) else: # If the URL argument "userfile" is filled, it means the user was # redirected here by "upload" view (signature with file uploaded by # user). We'll set the path of the file to be signed, which was # saved in the app_data folder by "upload" view. signature_starter.set_file_to_sign_path( '%s/%s' % (current_app.config['APPDATA_FOLDER'], file_to_sign)) # Set the signature policy. signature_starter.signature_policy =\ StandardSignaturePolicies.PKI_BRAZIL_CADES_ADR_BASICA # Set a security context to be used to determine trust in the # certificate chain. We have encapsulated the security context choice on # util.py. signature_starter.security_context = get_security_context_id() # Optionally, set whether the content should be encapsulated in the # resulting CMS. If this parameter is ommitted, the following rules # apply: # # - If no CmsToCoSign is given, the resulting CMS will include the # content. # - If a CmsToCoSign is given, the resulting CMS will include the # content if and only if the CmsToCoSign also includes the content. # signature_starter.encapsulate_content = True # Call the start_with_webpki() method, which initiates the signature. # This yields the token, a 43-character case-sensitive URL-safe string, # which identifies this signature process. We'll use this value to call # the signWithRestPki() method on the Web PKI component (see # signature-form.js) and also to complete the signature after # the form is submitted (see method action()). This should not be # mistaken with the API access token. result = signature_starter.start_with_webpki() # The token acquired above can only be used for a single signature # attempt. In order to retry the signature it is necessary to get a # new token. This can be a problem if the user uses the back button of # the browser, since the browser might show a cached page that we # rendered previously, with a now stale token. To prevent this from # happening, we call the method get_expired_page_headers(). To prevent # this from happen, we force page expiration through HTTP headers to # prevent caching of the page. response = make_response( render_template('cades_signature_restpki/index.html', token=result.token)) get_expired_page_headers(response.headers) return response except Exception as e: return render_template('error.html', msg=e)
def complete(): """ This action will complete the authentication process and create a signature using a session token returned by user. Also, we recover the parameter "customState" containing the id of the file that will be signed. """ try: # Recover variables from query parameters. code = request.args.get('code') state = request.args.get('state') # Get an instance of the TrustServiceManager class, responsible for communicating with # PSCs and handling the OAuth flow. manager = TrustServicesManager() # Complete the authentication process, recovering the session info to be used on the # signature and the custom state (fileId). result = manager.complete_auth(code, state) # Recover file id on custom state parameter. file_id = result.custom_state # Verify if the provided file_id exists. file_path = join(current_app.config['APPDATA_FOLDER'], file_id) if not exists(file_path): return render_template('error.html', msg='File not found') # Get an instance of the PadesSigner class, responsible for receiving # the signature elements and performing the local signature. signer = PadesSigner() # Set PKI default options (see utils.py). set_pki_defaults(signer) # Set signature policy. signer.signature_policy = standard_signature_policies.PADES_BASIC_WITH_LTV # Set PDF to be signed. signer.set_pdf_to_sign_from_path(file_path) # Set trust session acquired on the following steps of this sample. signer.trust_service_session = result.session # Set a file reference for the stamp file. Note that this file can be # referenced later by "fref://{alias}" at the "url" field on the visual # representation (see content/vr.json or get_visual_representation() # method). signer.add_file_reference('stamp', get_pdf_stamp_path()) # Set visual representation. We provide a dictionary that represents the # visual representation JSON model. signer.set_visual_representation( PadesVisualElementsExpress.get_visual_representation()) # Generate path for output file and add to signer object. create_app_data() # Guarantees that "app data" folder exists. output_file = '%s.pdf' % (str(uuid.uuid4())) signer.output_file = join(current_app.config['APPDATA_FOLDER'], output_file) # Perform the signature. signer_cert = signer.sign(get_cert=False) response = make_response(render_template( 'pades_cloud_oauth_express/signature-info.html', signed_pdf=output_file)) get_expired_page_headers(response.headers) return response except Exception as e: return render_template('error.html', msg=e)
def index(userfile=None): """ This function initiates a PAdES signature using REST PKI and renders the signature page. Both PAdES signature examples, with a server file and with a file uploaded by the user, converge to this function. The difference is that, when the file is uploaded by the user, the function is called with a URL argument named "userfile". """ try: # Get an instantiate of the PadesSignatureStarter class, responsible for # receiving the signature elements and start the signature process. signature_starter = PadesSignatureStarter(get_restpki_client()) # If the URL argument "userfile" is filled, it means the user was # redirected here by "upload" view (signature with file uploaded by # user). We'll set the path of the file to be signed, which was saved # in the app_data folder by "upload" view. if userfile is not None: signature_starter.set_pdf_to_sign( '%s/%s' % (current_app.config['APPDATA_FOLDER'], userfile)) else: signature_starter.set_pdf_to_sign(get_sample_doc_path()) # Set the signature policy. signature_starter.signature_policy =\ StandardSignaturePolicies.PADES_BASIC # Set a security context to be used to determine trust in the # certificate chain. We have encapsulated the security context choice on # util.py. signature_starter.security_context = get_security_context_id() # Set the visual representation for the signature. We have encapsulated # this code (on util-pades.py) to be used on various PAdES examples. signature_starter.visual_representation = get_visual_representation() # Call the start_with_webpki() method, which initiates the signature. # This yields the token, a 43-character case-sensitive URL-safe string, # which identifies this signature process. We'll use this value to call # the signWithRestPki() method on the Web PKI component (see # signature-form.js javascript) and also to complete the signature after # the form is submitted (see method pades_signature_action()). This # should not be mistaken with the API access token. result = signature_starter.start_with_webpki() # The token acquired above can only be used for a single signature # attempt. In order to retry the signature it is necessary to get a new # token. This can be a problem if the user uses the back button of the # browser, since the browser might show a cached page that we rendered # previously, with a now stale token. To prevent this from happen, we # force page expiration through HTTP headers to prevent caching of the # page. response = make_response(render_template('pades_signature/index.html', token=result.token, userfile=userfile)) response.headers = get_expired_page_headers() return response except Exception as e: return render_template('error.html', msg=e)
def authorize(file_id): """" This action is called after the form after the user press the button "Sign". This action will receive the user's CPF and current password. """ try: # Recover variables from the POST arguments. cpf = request.form['cpf'] service = request.form['service'] password = request.form['password'] # Process cpf, removing all formatting. plainCpf = cpf.replace(".", "").replace("-", "") # Get an instance of the TrustServiceManager class, responsible for communicating with # PSCs and handling the password flow. manager = TrustServicesManager() # Complete authentication using CPF and current password. The following method has three sessionTypes: # - SINGLE_SIGNATURE: The returned token can only be used for one single signature request. # - MULTI_SIGNATURE: The returned token can only be used for one multi signature request. # - SIGNATURE_SESSION: The return token can only be used for one or more signature requests. result = manager.password_authorize(service, plainCpf, password, trust_service_session_types.SIGNATURE_SESSION) # Verify if the provided file_id exists. file_path = join(current_app.config['APPDATA_FOLDER'], file_id) if not exists(file_path): return render_template('error.html', msg='File not found') # Get an instance of the PadesSigner class, responsible for receiving # the signature elements and performing the local signature. signer = PadesSigner() # Set PKI default options (see utils.py). set_pki_defaults(signer) # Set signature policy. signer.signature_policy = standard_signature_policies.PADES_BASIC_WITH_LTV # Set PDF to be signed. signer.set_pdf_to_sign_from_path(file_path) # Set trust session acquired on the following steps of this sample. signer.trust_service_session = result.session # Set a file reference for the stamp file. Note that this file can be # referenced later by "fref://{alias}" at the "url" field on the visual # representation (see content/vr.json or get_visual_representation() # method). signer.add_file_reference('stamp', get_pdf_stamp_path()) # Set visual representation. We provide a dictionary that represents the # visual representation JSON model. signer.set_visual_representation( PadesVisualElementsExpress.get_visual_representation()) # Generate path for output file and add to signer object. create_app_data() # Guarantees that "app data" folder exists. output_file = '%s.pdf' % (str(uuid.uuid4())) signer.output_file = join(current_app.config['APPDATA_FOLDER'], output_file) # Perform the signature. signer_cert = signer.sign(get_cert=False) response = make_response(render_template( 'pades_cloud_pwd_express/signature-info.html', signed_pdf=output_file)) get_expired_page_headers(response.headers) return response except Exception as e: return render_template('error.html', msg=e)