123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899 |
- '''Created Feb 24, 2021 Levi'''
- import os
- import pkcs11
- import asn1crypto.pem
- import urllib.request
- import tempfile
- import ssl
- import requests
- lib = pkcs11.lib(os.getenv('PKCS11_MODULE'))
- LABEL = str(list(lib.get_tokens())[0])
- token = lib.get_token(token_label=LABEL)
- # print(list(lib.get_tokens())[0])
- pem = None
- with token.open(user_pin=os.getenv('PKCS11PIN')) as sess:
- pkcs11_certificates = sess.get_objects(
- {
- # pkcs11.Attribute.CLASS: pkcs11.constants.ObjectClass.PUBLIC_KEY,
- pkcs11.Attribute.CLASS: pkcs11.ObjectClass.CERTIFICATE,
- pkcs11.Attribute.LABEL: "Levente Marton"
- })
- # hopefully the selector above is sufficient
- pkcs11_certificates = list(pkcs11_certificates)
- assert len(pkcs11_certificates) == 1
- # for cert in pkcs11_certificates:
- # pkcs11_cert = cert
- pkcs11_cert = pkcs11_certificates[0]
- der_encoded_certificate = pkcs11_cert.__getitem__(pkcs11.Attribute.VALUE)
- print(der_encoded_certificate)
- # the ssl library expects to be given PEM armored certificates
- pem_armored_certificate = asn1crypto.pem.armor("CERTIFICATE",
- der_encoded_certificate)
- # this is the ugly part: persisting the certificate on disk
- # i deliberately did not go with a sophisticated solution here since it's
- # such a big caveat to have to do this...
- # certfile = tempfile.mkstemp()
- # with open(certfile[1], 'w') as certfile_handle:
- # certfile_handle.write(pem_armored_certificate.decode("utf-8"))
- # this will instruct the ssl library to provide the certificate
- # if asked by the server.
- # sslctx = ssl.create_default_context()
- # sslctx.load_cert_chain(certfile=certfile[1])
- # if your certificate does not contain the private key, find it elsewhere
- # sslctx.load_cert_chain(certfile=certfile[1],
- # keyfile="/path/to/privatekey.pem",
- # password="<private_key_password_if_applicable>")
- # response = urllib.request.urlopen("https://webserviced.anaf.ro/SPVWS2/rest/listaMesaje?zile=5", context=sslctx)
- s = requests.Session()
- s.cert = 'cert.pem'
- r = s.get("https://webserviced.anaf.ro/SPVWS2/rest/listaMesaje?zile=5", cert='cert.pem')
- # Cleanup and delete the "temporary" certificate from disk
- # os.remove(certfile[1])
- # data = b'INPUT DATA'
- #...............................................................................
- # data = 'plaintext'
- # priv_key = b'INPUT DATA'
- # with token.open(user_pin='111555') as session:
- # pubs = list(session.get_objects(
- # {pkcs11.Attribute.CLASS: pkcs11.constants.ObjectClass.PUBLIC_KEY}
- # ))
- # privs = list(session.get_objects(
- # {pkcs11.Attribute.CLASS: pkcs11.constants.ObjectClass.PRIVATE_KEY}
- # ))
- # #...........................................................................
- # # for obj in session.get_objects(
- # # {pkcs11.Attribute.CLASS: pkcs11.constants.ObjectClass.PUBLIC_KEY}
- # # ):
- # # print(obj)
- # #...........................................................................
- # #...........................................................................
- # # for key in session.get_key(object_class=pkcs11.constants.ObjectClass.PUBLIC_KEY):
- # # print(key)
- # #...........................................................................
- # pub, priv = pubs[0], privs[0]
- # # print(priv.key_length)
- # signature = priv.sign(data)
- # #...........................................................................
- # # with open('test.txt', 'wb') as test:
- # # test.write(data)
- # #...........................................................................
- # assert pub.verify(data, signature)
- # # print(pub)
- # # print(priv)
- # # priv = session.get_key(id=b'9c0be6eee41e1bbfebf3c36c58064e04a5a29688', object_class=pkcs11.constants.ObjectClass.PRIVATE_KEY)
- # # print(pub)
- # # session.get_objects(label='certSIGN')
- # # Generate an RSA keypair in this session
- # # pub, priv = session.generate_keypair(pkcs11.KeyType.RSA, 2048)
- # # Encrypt as one block
- # # crypttext = pub.encrypt(data)
- #...............................................................................
|