diff options
Diffstat (limited to 'margfools')
| -rwxr-xr-x | margfools | 36 |
1 files changed, 17 insertions, 19 deletions
@@ -40,8 +40,8 @@ def sign(data, key, pin=None, engine=None): if __name__ == '__main__': parser = argparse.ArgumentParser(description='Fake the MargTools application.') parser.add_argument('url', type=urllib.parse.urlparse, help='bc-digsign:// url') - parser.add_argument('-k', '--user-key', type=pathlib.Path, help='key file') - parser.add_argument('-c', '--user-cert', type=pathlib.Path, help='certificate file') + parser.add_argument('-k', '--key', type=pathlib.Path, help='key file') + parser.add_argument('-c', '--cert', type=pathlib.Path, help='certificate file') parser.add_argument('-e', '--engine', type=str, help='"pkcs11" for smart card') args = parser.parse_args() @@ -51,30 +51,28 @@ if __name__ == '__main__': url = params['baseUrl'][0] token = params['accessToken'][0] - # if missing, get user key and cert from section [url] in ~/.margfools + # if missing, get key and cert from section [url] in ~/.margfools config = configparser.ConfigParser() config.read(os.path.expanduser('~') + '/.margfools') - if not args.user_key: - args.user_key = config.get(url, 'user-key') - if not args.user_cert: - args.user_cert = config.get(url, 'user-cert', fallback=None) - if not args.user_key: - print('user key not specified', file=sys.stderr) + if not args.key: + args.key = config.get(url, 'key') + if not args.cert: + args.cert = config.get(url, 'cert', fallback=None) + if not args.key: + print('key not specified', file=sys.stderr) sys.exit(1) if not args.engine: args.engine = config.get(url, 'engine') - engine = args.engine - user_keyfile = args.user_key pin = None - if engine is None: - if not args.user_cert: - print('user cert not specified', file=sys.stderr) + if args.engine is None: + if not args.cert: + print('certificate not specified', file=sys.stderr) sys.exit(1) - user_cert = ''.join(line.strip() for line in open(args.user_cert) if not line.startswith('-----')) - elif engine == 'pkcs11': - user_cert = base64.b64encode(subprocess.run(['pkcs11-tool', '--read-object', '--type', 'cert', '--id', user_keyfile], capture_output=True).stdout).decode() + args.cert = ''.join(line.strip() for line in open(args.cert) if not line.startswith('-----')) + elif args.engine == 'pkcs11': + args.cert = base64.b64encode(subprocess.run(['pkcs11-tool', '--read-object', '--type', 'cert', '--id', args.key], capture_output=True).stdout).decode() pin = getpass.getpass('PIN: ') session = requests.Session() headers = {'Authorization': f'Bearer {token}'} @@ -93,12 +91,12 @@ if __name__ == '__main__': # get signature request and mix in my secrets and publics request = json.loads(r.text) request['AuthenticationToken'] = token - request['CertificatePublicKey'] = user_cert + request['CertificatePublicKey'] = args.cert # keep signing whatever they send us while True: for name in ('AttachmentHashes', 'XmlHashes'): if request.get(name) is not None: - request[f'Signed{name}'] = [sign(e, user_keyfile, pin, engine=engine) for e in request[name]] + request[f'Signed{name}'] = [sign(e, args.key, pin, engine=args.engine) for e in request[name]] d = json.dumps(request) d = d.encode() r = session.put(f'{url}signatures/{request["SignatureRequestId"]}', |