Shared
/
pkcs11


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103
							'''Created Oct 12, 2021 Levi'''
#!/home/deeejas/.virtualenvs/python3.12/bin/python3
# *-* coding: utf-8 *-*
import datetime
import os
import platform

import keyring
from keyring import backends
import PyKCS11 as PK11
from PyKCS11.LowLevel import (CKA_CLASS, CKO_CERTIFICATE,
                              CKA_VALUE, CKA_ID, CKO_PRIVATE_KEY,
                              CKM_SHA256_RSA_PKCS)
from endesive import pdf, hsm

if platform.system() == 'Linux':
    keyring.backend._load_plugins()
    keyring.set_keyring(backends.SecretService.Keyring())

dllpath = os.getenv('PKCS11_MODULE')


class Signer(hsm.HSM):
    def certificate(self):
        slot = self.pkcs11.getSlotList(tokenPresent=True)[0]
        inf = self.pkcs11.getTokenInfo(slot)
        self.LABEL = inf.label.strip()
        # print(self.pkcs11.getTokenInfo(2))
        # print(self.pkcs11.getSlotInfo(1))
        self.login(self.LABEL, keyring.get_password('sig', 'token'))  # WF PROXKey is token name.
        keyid = [0x38, 0x7b, 0x4b, 0x49, 0xe2, 0xe7, 0x10, 0x4f, 0x60, 0x15, 0xc1, 0x42, 0x38, 0x6c, 0x3d, 0x41, 0x43, 0x5e, 0x91, 0x9b]
        keyid = bytes(keyid)
        try:
            pk11objects = self.session.findObjects([(CKA_CLASS, CKO_CERTIFICATE)])
            all_attributes = [
                # PK11.CKA_SUBJECT,
                CKA_VALUE,
                # PK11.CKA_ISSUER,
                # PK11.CKA_CERTIFICATE_CATEGORY,
                # PK11.CKA_END_DATE,
                CKA_ID,
            ]

            for pk11object in pk11objects:
                try:
                    attributes = self.session.getAttributeValue(pk11object, all_attributes)
                except PK11.PyKCS11Error as _:
                    continue

                attrDict = dict(list(zip(all_attributes, attributes)))
                cert = bytes(attrDict[CKA_VALUE])
                # if keyid == bytes(attrDict[PK11.CKA_ID]):
                return bytes(attrDict[CKA_ID]), cert
        finally:
            self.logout()
            # self.closeSession()
        return None, None

    def sign(self, keyid, data, mech):
        self.login(self.LABEL, keyring.get_password('sig', 'token'))
        try:
            privKey = self.session.findObjects([(CKA_CLASS, CKO_PRIVATE_KEY), (CKA_ID, keyid)])[0]
            mech = getattr(PK11, 'CKM_%s_RSA_PKCS' % mech.upper())
            sig = self.session.sign(privKey, data, PK11.Mechanism(CKM_SHA256_RSA_PKCS, None))
            return bytes(sig)
        finally:
            self.logout()

def signer(fname, reasen, folder='pdf/'):
    date = datetime.datetime.utcnow()  # - datetime.timedelta(hours=12)
    date = date.strftime('%Y%m%d%H%M%S+00\'00\'')
    dct = {
        'sigflags': 3,
        'sigpage': 0,
        'sigbutton': True,
        'contact': 'Levente Marton <levente.marton@mzk.ro>',
        'location': 'Romania Cluj Napoca',
        'signingdate': date.encode(),
        'reason': f'{reasen}',
        'signature': f'Digitally signed by\n\
        Levente Marton\n\
        Date: {datetime.datetime.now()}',
        'signaturebox': (5, 5, 150, 100),
    }
    clshsm = Signer(dllpath)
    # fname = fname
    with open(folder + fname, 'rb') as datau:
        datau = datau.read()
    datas = pdf.cms.sign(datau, dct,
                         None, None,
                         [],
                         'sha256',
                         clshsm,
                         )
    fname = fname.replace('.pdf', '_signed.pdf')
    with open(folder + fname, 'wb') as fp:
        fp.write(datau)
        fp.write(datas)


if __name__ == '__main__':
    for file in filter(lambda f: f.endswith('.pdf'), os.listdir('pdf')):
        signer(file, reasen='signature')