123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103 |
- '''Created Oct 12, 2021 Levi'''
- #!/home/deeejas/.virtualenvs/python3.12/bin/python3
- # *-* coding: utf-8 *-*
- import datetime
- import os
- import platform
- import keyring
- from keyring import backends
- import PyKCS11 as PK11
- from PyKCS11.LowLevel import (CKA_CLASS, CKO_CERTIFICATE,
- CKA_VALUE, CKA_ID, CKO_PRIVATE_KEY,
- CKM_SHA256_RSA_PKCS)
- from endesive import pdf, hsm
- if platform.system() == 'Linux':
- keyring.backend._load_plugins()
- keyring.set_keyring(backends.SecretService.Keyring())
- dllpath = os.getenv('PKCS11_MODULE')
- class Signer(hsm.HSM):
- def certificate(self):
- slot = self.pkcs11.getSlotList(tokenPresent=True)[0]
- inf = self.pkcs11.getTokenInfo(slot)
- self.LABEL = inf.label.strip()
- # print(self.pkcs11.getTokenInfo(2))
- # print(self.pkcs11.getSlotInfo(1))
- self.login(self.LABEL, keyring.get_password('sig', 'token')) # WF PROXKey is token name.
- keyid = [0x38, 0x7b, 0x4b, 0x49, 0xe2, 0xe7, 0x10, 0x4f, 0x60, 0x15, 0xc1, 0x42, 0x38, 0x6c, 0x3d, 0x41, 0x43, 0x5e, 0x91, 0x9b]
- keyid = bytes(keyid)
- try:
- pk11objects = self.session.findObjects([(CKA_CLASS, CKO_CERTIFICATE)])
- all_attributes = [
- # PK11.CKA_SUBJECT,
- CKA_VALUE,
- # PK11.CKA_ISSUER,
- # PK11.CKA_CERTIFICATE_CATEGORY,
- # PK11.CKA_END_DATE,
- CKA_ID,
- ]
- for pk11object in pk11objects:
- try:
- attributes = self.session.getAttributeValue(pk11object, all_attributes)
- except PK11.PyKCS11Error as _:
- continue
- attrDict = dict(list(zip(all_attributes, attributes)))
- cert = bytes(attrDict[CKA_VALUE])
- # if keyid == bytes(attrDict[PK11.CKA_ID]):
- return bytes(attrDict[CKA_ID]), cert
- finally:
- self.logout()
- # self.closeSession()
- return None, None
- def sign(self, keyid, data, mech):
- self.login(self.LABEL, keyring.get_password('sig', 'token'))
- try:
- privKey = self.session.findObjects([(CKA_CLASS, CKO_PRIVATE_KEY), (CKA_ID, keyid)])[0]
- mech = getattr(PK11, 'CKM_%s_RSA_PKCS' % mech.upper())
- sig = self.session.sign(privKey, data, PK11.Mechanism(CKM_SHA256_RSA_PKCS, None))
- return bytes(sig)
- finally:
- self.logout()
- def signer(fname, reasen, folder='pdf/'):
- date = datetime.datetime.utcnow() # - datetime.timedelta(hours=12)
- date = date.strftime('%Y%m%d%H%M%S+00\'00\'')
- dct = {
- 'sigflags': 3,
- 'sigpage': 0,
- 'sigbutton': True,
- 'contact': 'Levente Marton <levente.marton@mzk.ro>',
- 'location': 'Romania Cluj Napoca',
- 'signingdate': date.encode(),
- 'reason': f'{reasen}',
- 'signature': f'Digitally signed by\n\
- Levente Marton\n\
- Date: {datetime.datetime.now()}',
- 'signaturebox': (5, 5, 150, 100),
- }
- clshsm = Signer(dllpath)
- # fname = fname
- with open(folder + fname, 'rb') as datau:
- datau = datau.read()
- datas = pdf.cms.sign(datau, dct,
- None, None,
- [],
- 'sha256',
- clshsm,
- )
- fname = fname.replace('.pdf', '_signed.pdf')
- with open(folder + fname, 'wb') as fp:
- fp.write(datau)
- fp.write(datas)
- if __name__ == '__main__':
- for file in filter(lambda f: f.endswith('.pdf'), os.listdir('pdf')):
- signer(file, reasen='signature')
|