From f1d9b1a291c31b1e11ae13419c5e4679352232ab Mon Sep 17 00:00:00 2001 From: Timotej Lazar Date: Tue, 4 Jul 2023 22:47:41 +0200 Subject: First commit Heavily amended. --- fauxsign.py | 78 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 78 insertions(+) create mode 100755 fauxsign.py (limited to 'fauxsign.py') diff --git a/fauxsign.py b/fauxsign.py new file mode 100755 index 0000000..c2c2349 --- /dev/null +++ b/fauxsign.py @@ -0,0 +1,78 @@ +#!/usr/bin/env python3 + +import argparse +import http.server +import json +import pathlib +import ssl +import urllib.parse + +import lxml +import signxml + +version = '2.2.9.276' +identifier = 'f8e5f470-bcff-4c50-8fd6-ccfa2fea12d6' + +def sign(xml, key, cert): + original = lxml.etree.fromstring(xml) + signed = signxml.XMLSigner().sign(original, key=key, cert=cert) + return ('' + + lxml.etree.tostring(signed, encoding='unicode')) + +class Handler(http.server.BaseHTTPRequestHandler): + def reply(self, data): + self.send_response(200) + self.send_header('Access-Control-Allow-Headers', 'Origin, X-Requested-With, Content-Type, Accept') + self.send_header('Access-Control-Allow-Methods', 'POST,GET,OPTIONS') + self.send_header('Access-Control-Allow-Origin', '*') + self.send_header('Access-Control-Allow-Private-Network', 'true') + self.end_headers() + self.wfile.write(json.dumps(data).encode()) + + def do_GET(self): + url = urllib.parse.urlparse(self.path) + match url.path: + case '/version': + self.reply({'identifier': identifier, 'version': version}) + + def do_POST(self): + url = urllib.parse.urlparse(self.path) + match url.path: + case '/updateLicense': + self.reply({'error': 1, 'errorMessage': 'OK'}) + case '/signXML': + length = int(self.headers['content-length']) + data = json.loads(self.rfile.read(length).decode()) + xml = data['bytes'][0].removeprefix('XML:').encode() + print(f'{self.headers.get("origin", "unknown")} wants to sign:\n{xml}\nConfirm?', end=' ') + if input() in ('y', 'yes'): + signed = sign(xml, key=self.server.user_key, cert=self.server.user_cert) + self.reply({ + 'error': 1, + 'errorMessage': '', + 'filename': '', + 'result': signed, + 'signatures': [], + 'timestamps': [] + }) + else: + self.reply({'error': -1, 'errorMessage': 'aborted'}) + +if __name__ == '__main__': + parser = argparse.ArgumentParser(description='Fake the proXSign® application.') + parser.add_argument('-k', '--user-key', type=open, required=True, help='key file') + parser.add_argument('-c', '--user-cert', type=open, required=True, help='certificate file') + parser.add_argument('-K', '--app-key', type=pathlib.Path, required=True, help='app key file') + parser.add_argument('-C', '--app-cert', type=pathlib.Path, required=True, help='app certificate file') + parser.add_argument('-p', '--port', type=int, default=14972, help='port to listen on') + args = parser.parse_args() + + tls_context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER) + tls_context.check_hostname = False + tls_context.load_cert_chain(keyfile=args.app_key, certfile=args.app_cert) + + httpd = http.server.HTTPServer(('localhost', args.port), Handler) + httpd.user_key = args.user_key.read() + httpd.user_cert = args.user_cert.read() + httpd.socket = tls_context.wrap_socket(httpd.socket, server_side=True) + httpd.serve_forever() -- cgit v1.3