'''Created Feb 24, 2021 Levi''' import os import pkcs11 import asn1crypto.pem import urllib.request import tempfile import ssl import requests lib = pkcs11.lib(os.getenv('PKCS11_MODULE')) LABEL = str(list(lib.get_tokens())[0]) token = lib.get_token(token_label=LABEL) # print(list(lib.get_tokens())[0]) pem = None with token.open(user_pin=os.getenv('PKCS11PIN')) as sess: pkcs11_certificates = sess.get_objects( { # pkcs11.Attribute.CLASS: pkcs11.constants.ObjectClass.PUBLIC_KEY, pkcs11.Attribute.CLASS: pkcs11.ObjectClass.CERTIFICATE, pkcs11.Attribute.LABEL: "Levente Marton" }) # hopefully the selector above is sufficient pkcs11_certificates = list(pkcs11_certificates) assert len(pkcs11_certificates) == 1 # for cert in pkcs11_certificates: # pkcs11_cert = cert pkcs11_cert = pkcs11_certificates[0] der_encoded_certificate = pkcs11_cert.__getitem__(pkcs11.Attribute.VALUE) print(der_encoded_certificate) # the ssl library expects to be given PEM armored certificates pem_armored_certificate = asn1crypto.pem.armor("CERTIFICATE", der_encoded_certificate) # this is the ugly part: persisting the certificate on disk # i deliberately did not go with a sophisticated solution here since it's # such a big caveat to have to do this... # certfile = tempfile.mkstemp() # with open(certfile[1], 'w') as certfile_handle: # certfile_handle.write(pem_armored_certificate.decode("utf-8")) # this will instruct the ssl library to provide the certificate # if asked by the server. # sslctx = ssl.create_default_context() # sslctx.load_cert_chain(certfile=certfile[1]) # if your certificate does not contain the private key, find it elsewhere # sslctx.load_cert_chain(certfile=certfile[1], # keyfile="/path/to/privatekey.pem", # password="") # response = urllib.request.urlopen("https://webserviced.anaf.ro/SPVWS2/rest/listaMesaje?zile=5", context=sslctx) s = requests.Session() s.cert = 'cert.pem' r = s.get("https://webserviced.anaf.ro/SPVWS2/rest/listaMesaje?zile=5", cert='cert.pem') # Cleanup and delete the "temporary" certificate from disk # os.remove(certfile[1]) # data = b'INPUT DATA' #............................................................................... # data = 'plaintext' # priv_key = b'INPUT DATA' # with token.open(user_pin='111555') as session: # pubs = list(session.get_objects( # {pkcs11.Attribute.CLASS: pkcs11.constants.ObjectClass.PUBLIC_KEY} # )) # privs = list(session.get_objects( # {pkcs11.Attribute.CLASS: pkcs11.constants.ObjectClass.PRIVATE_KEY} # )) # #........................................................................... # # for obj in session.get_objects( # # {pkcs11.Attribute.CLASS: pkcs11.constants.ObjectClass.PUBLIC_KEY} # # ): # # print(obj) # #........................................................................... # #........................................................................... # # for key in session.get_key(object_class=pkcs11.constants.ObjectClass.PUBLIC_KEY): # # print(key) # #........................................................................... # pub, priv = pubs[0], privs[0] # # print(priv.key_length) # signature = priv.sign(data) # #........................................................................... # # with open('test.txt', 'wb') as test: # # test.write(data) # #........................................................................... # assert pub.verify(data, signature) # # print(pub) # # print(priv) # # priv = session.get_key(id=b'9c0be6eee41e1bbfebf3c36c58064e04a5a29688', object_class=pkcs11.constants.ObjectClass.PRIVATE_KEY) # # print(pub) # # session.get_objects(label='certSIGN') # # Generate an RSA keypair in this session # # pub, priv = session.generate_keypair(pkcs11.KeyType.RSA, 2048) # # Encrypt as one block # # crypttext = pub.encrypt(data) #...............................................................................