Home Explore Help
Register Sign In
Shared
/
pkcs11
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: a68249fdb8
Branches Tags
pkcs11
/
pkcs_lib.py

pkcs_lib.py 4.1 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899 
  1. '''Created Feb 24, 2021 Levi'''
    2. 

  2. import os
    3. 

  3. import pkcs11
    4. 

  4. import asn1crypto.pem
    5. 

  5. import urllib.request
    6. 

  6. import tempfile
    7. 

  7. import ssl
    8. 

  8. import requests
    9. 

  9. 

  10. lib = pkcs11.lib(os.getenv('PKCS11_MODULE'))
    11. 

  11. LABEL = str(list(lib.get_tokens())[0])
    12. 

  12. token = lib.get_token(token_label=LABEL)
    13. 

  13. # print(list(lib.get_tokens())[0])
    14. 

  14. 

  15. 

  16. pem = None
    17. 

  17. with token.open(user_pin=os.getenv('PKCS11PIN')) as sess:
    18. 

  18.     pkcs11_certificates = sess.get_objects(
    19. 

  19.         {
    20. 

  20.             # pkcs11.Attribute.CLASS: pkcs11.constants.ObjectClass.PUBLIC_KEY,
    21. 

  21.             pkcs11.Attribute.CLASS: pkcs11.ObjectClass.CERTIFICATE,
    22. 

  22.             pkcs11.Attribute.LABEL: "Levente Marton"
    23. 

  23.         })
    24. 

  24. 

  25.     # hopefully the selector above is sufficient
    26. 

  26.     pkcs11_certificates = list(pkcs11_certificates)
    27. 

  27.     assert len(pkcs11_certificates) == 1
    28. 

  28.     # for cert in pkcs11_certificates:
    29. 

  29.     #     pkcs11_cert = cert
    30. 

  30.     pkcs11_cert = pkcs11_certificates[0]
    31. 

  31.     der_encoded_certificate = pkcs11_cert.__getitem__(pkcs11.Attribute.VALUE)
    32. 

  32.     print(der_encoded_certificate)
    33. 

  33.     # the ssl library expects to be given PEM armored certificates
    34. 

  34.     pem_armored_certificate = asn1crypto.pem.armor("CERTIFICATE",
    35. 

  35.                                                    der_encoded_certificate)
    36. 

  36. 

  37. # this is the ugly part: persisting the certificate on disk
    38. 

  38. # i deliberately did not go with a sophisticated solution here since it's
    39. 

  39. #   such a big caveat to have to do this...
    40. 

  40. # certfile = tempfile.mkstemp()
    41. 

  41. # with open(certfile[1], 'w') as certfile_handle:
    42. 

  42. #     certfile_handle.write(pem_armored_certificate.decode("utf-8"))
    43. 

  43. 

  44. # this will instruct the ssl library to provide the certificate
    45. 

  45. # if asked by the server.
    46. 

  46. # sslctx = ssl.create_default_context()
    47. 

  47. # sslctx.load_cert_chain(certfile=certfile[1])
    48. 

  48. # if your certificate does not contain the private key, find it elsewhere
    49. 

  49. # sslctx.load_cert_chain(certfile=certfile[1],
    50. 

  50. #     keyfile="/path/to/privatekey.pem",
    51. 

  51. #     password="<private_key_password_if_applicable>")
    52. 

  52. 

  53. # response = urllib.request.urlopen("https://webserviced.anaf.ro/SPVWS2/rest/listaMesaje?zile=5", context=sslctx)
    54. 

  54. s = requests.Session()
    55. 

  55. s.cert = 'cert.pem'
    56. 

  56. r = s.get("https://webserviced.anaf.ro/SPVWS2/rest/listaMesaje?zile=5", cert='cert.pem')
    57. 

  57. # Cleanup and delete the "temporary" certificate from disk
    58. 

  58. # os.remove(certfile[1])
    59. 

  59. # data = b'INPUT DATA'
    60. 

  60. #...............................................................................
    61. 

  61. # data = 'plaintext'
    62. 

  62. # priv_key = b'INPUT DATA'
    63. 

  63. # with token.open(user_pin='111555') as session:
    64. 

  64. #     pubs = list(session.get_objects(
    65. 

  65. #         {pkcs11.Attribute.CLASS: pkcs11.constants.ObjectClass.PUBLIC_KEY}
    66. 

  66. #     ))
    67. 

  67. 

  68. #     privs = list(session.get_objects(
    69. 

  69. #         {pkcs11.Attribute.CLASS: pkcs11.constants.ObjectClass.PRIVATE_KEY}
    70. 

  70. #     ))
    71. 

  71. #     #...........................................................................
    72. 

  72. #     # for obj in session.get_objects(
    73. 

  73. #     #     {pkcs11.Attribute.CLASS: pkcs11.constants.ObjectClass.PUBLIC_KEY}
    74. 

  74. #     # ):
    75. 

  75. #     #     print(obj)
    76. 

  76. #     #...........................................................................
    77. 

  77. #     #...........................................................................
    78. 

  78. #     # for key in session.get_key(object_class=pkcs11.constants.ObjectClass.PUBLIC_KEY):
    79. 

  79. #     #     print(key)
    80. 

  80. #     #...........................................................................
    81. 

  81. #     pub, priv = pubs[0], privs[0]
    82. 

  82. #     # print(priv.key_length)
    83. 

  83. #     signature = priv.sign(data)
    84. 

  84. #     #...........................................................................
    85. 

  85. #     # with open('test.txt', 'wb') as test:
    86. 

  86. #     #     test.write(data)
    87. 

  87. #     #...........................................................................
    88. 

  88. #     assert pub.verify(data, signature)
    89. 

  89. #     # print(pub)
    90. 

  90. #     # print(priv)
    91. 

  91. #     # priv = session.get_key(id=b'9c0be6eee41e1bbfebf3c36c58064e04a5a29688', object_class=pkcs11.constants.ObjectClass.PRIVATE_KEY)
    92. 

  92. #     # print(pub)
    93. 

  93. #     # session.get_objects(label='certSIGN')
    94. 

  94. #     # Generate an RSA keypair in this session
    95. 

  95. #     # pub, priv = session.generate_keypair(pkcs11.KeyType.RSA, 2048)
    96. 

  96. 

  97. #     # Encrypt as one block
    98. 

  98. #     # crypttext = pub.encrypt(data)
    99. 

  99. #...............................................................................
    100.