Skip to content

Commit

Permalink
Merge pull request #124 from HanslettTheDev/update-signature
Browse files Browse the repository at this point in the history
Update signature #110

This resurrects old cryptography compatibility until we can remove python2 support.
  • Loading branch information
reingart authored Jul 5, 2023
2 parents 840f3f2 + 752908f commit 6d786a3
Show file tree
Hide file tree
Showing 2 changed files with 42 additions and 13 deletions.
4 changes: 2 additions & 2 deletions requirements.txt
Original file line number Diff line number Diff line change
Expand Up @@ -3,11 +3,11 @@ httplib2==0.20.4; python_version > '3'
pysimplesoap==1.08.14; python_version <= '2.7'
git+https://github.com/pysimplesoap/pysimplesoap.git@py311#pysimplesoap; python_version > '3'
cryptography==3.3.2; python_version <= '2.7'
cryptography==39.0.2; python_version > '3'
cryptography==41.0.1; python_version > '3'
fpdf>=1.7.2
dbf>=0.88.019
Pillow>=2.0.0
tabulate==0.8.5
certifi>=2020.4.5.1
qrcode==6.1
future==0.18.3
future==0.18.3
51 changes: 40 additions & 11 deletions wsaa.py
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,6 @@
from cryptography.hazmat.bindings.openssl.binding import Binding
from cryptography.hazmat.primitives.serialization import pkcs7


except ImportError:
ex = exception_info()
warnings.warn("No es posible importar cryptography (OpenSSL)")
Expand Down Expand Up @@ -115,9 +114,6 @@ def sign_tra(tra, cert=CERT, privatekey=PRIVATEKEY, passphrase=""):
tra = tra.encode("utf8")

if Binding:
_lib = Binding.lib
_ffi = Binding.ffi
# Crear un buffer desde el texto

# Leer privatekey y cert
if not privatekey.startswith(b"-----BEGIN RSA PRIVATE KEY-----"):
Expand All @@ -139,20 +135,53 @@ def sign_tra(tra, cert=CERT, privatekey=PRIVATEKEY, passphrase=""):
cert = cert.encode("utf-8")
cert = x509.load_pem_x509_certificate(cert)

if sys.version_info.major == 2:
_lib = Binding.lib
_ffi = Binding.ffi
# Crear un buffer desde el texto
# Se crea un buffer nuevo porque la firma lo consume
bio_in = _lib.BIO_new_mem_buf(tra, len(tra))

try:
# Firmar el texto (tra) usando cryptography (openssl bindings para python)
p7 = _lib.PKCS7_sign(
cert._x509, private_key._evp_pkey, _ffi.NULL, bio_in, 0
)
finally:
# Liberar memoria asignada
_lib.BIO_free(bio_in)
# Se crea un buffer nuevo porque la firma lo consume
bio_in = _lib.BIO_new_mem_buf(tra, len(tra))
try:
# Crear buffer de salida
bio_out = _lib.BIO_new(_lib.BIO_s_mem())
try:
# Instanciar un SMIME
_lib.SMIME_write_PKCS7(bio_out, p7, bio_in, 0)

# Tomar datos para la salida
result_buffer = _ffi.new("char**")
buffer_length = _lib.BIO_get_mem_data(bio_out, result_buffer)
p7 = _ffi.buffer(result_buffer[0], buffer_length)[:]
finally:
_lib.BIO_free(bio_out)
finally:
_lib.BIO_free(bio_in)

p7 = pkcs7.PKCS7SignatureBuilder().set_data(
else:
p7 = pkcs7.PKCS7SignatureBuilder().set_data(
tra
).add_signer(
cert, private_key, hashes.SHA256()
).sign(
serialization.Encoding.SMIME, [pkcs7.PKCS7Options.Binary]
)
).add_signer(
cert, private_key, hashes.SHA256()
).sign(
serialization.Encoding.SMIME, [pkcs7.PKCS7Options.Binary]
)

# Generar p7 en formato mail y recortar headers
msg = email.message_from_string(p7.decode("utf8"))
for part in msg.walk():
filename = part.get_filename()
if filename == "smime.p7s":
if filename and filename.startswith("smime.p7"):
# Es la parte firmada?
# Devolver CMS
return part.get_payload(decode=False)
Expand Down

0 comments on commit 6d786a3

Please sign in to comment.