cpisign.py - cbrstools - Gitiles

 #!/usr/bin/env python3
 """
 cpisign.py

 Utility for signing CPI data
 """

 # SPDX-FileCopyrightText: © 2021 Open Networking Foundation <support@opennetworking.org>
 # SPDX-License-Identifier: Apache-2.0

 import os
 import json
 import getpass
 import argparse
 from jose import jws

 from cryptography.hazmat.primitives.serialization import pkcs12
 from cryptography.hazmat.primitives import serialization

 parser = argparse.ArgumentParser(description="CBSD CPI signature data generator")
 parser.add_argument("-k", "--key", help="The file name of CPI key")
 parser.add_argument(
     "signFiles",
     type=str,
     nargs="+",
     help="The file name of sigature data, can accept multiple files in a time.",
 )
 args = parser.parse_args()

 if __name__ == "__main__":
     # get password
     cpi_password = bytes(
         getpass.getpass(prompt="Password for CPI Key %s: " % args.key), "ascii"
     )

     with open(args.key, "rb") as key_file:
         (pkey, cert, addl_cert) = pkcs12.load_key_and_certificates(
             key_file.read(), cpi_password
         )

     pkey_raw = pkey.private_bytes(
         encoding=serialization.Encoding.PEM,
         format=serialization.PrivateFormat.TraditionalOpenSSL,
         encryption_algorithm=serialization.NoEncryption(),
     )

     if not os.path.exists("output"):
         os.makedirs("output")

     for signFile in args.signFiles:
         with open(signFile, "r") as inFile:
             inFileJson = json.loads(inFile.read())
             # The output is 3 parameters concat with dot to a string
             # 3 params are: protectedHeader, encodedCpiSignedData, digitalSignature
             SIGNED = jws.sign(inFileJson, pkey_raw, algorithm="RS256")

         print(f"* {inFileJson['cbsdSerialNumber']} data was signed")
         with open(f"output/{signFile}.signed", "w") as out_file:
             out_file.write(SIGNED)
	#!/usr/bin/env python3
	"""
	cpisign.py

	Utility for signing CPI data
	"""

	# SPDX-FileCopyrightText: © 2021 Open Networking Foundation <support@opennetworking.org>
	# SPDX-License-Identifier: Apache-2.0

	import os
	import json
	import getpass
	import argparse
	from jose import jws

	from cryptography.hazmat.primitives.serialization import pkcs12
	from cryptography.hazmat.primitives import serialization

	parser = argparse.ArgumentParser(description="CBSD CPI signature data generator")
	parser.add_argument("-k", "--key", help="The file name of CPI key")
	parser.add_argument(
	"signFiles",
	type=str,
	nargs="+",
	help="The file name of sigature data, can accept multiple files in a time.",
	)
	args = parser.parse_args()

	if __name__ == "__main__":
	# get password
	cpi_password = bytes(
	getpass.getpass(prompt="Password for CPI Key %s: " % args.key), "ascii"
	)

	with open(args.key, "rb") as key_file:
	(pkey, cert, addl_cert) = pkcs12.load_key_and_certificates(
	key_file.read(), cpi_password
	)

	pkey_raw = pkey.private_bytes(
	encoding=serialization.Encoding.PEM,
	format=serialization.PrivateFormat.TraditionalOpenSSL,
	encryption_algorithm=serialization.NoEncryption(),
	)

	if not os.path.exists("output"):
	os.makedirs("output")

	for signFile in args.signFiles:
	with open(signFile, "r") as inFile:
	inFileJson = json.loads(inFile.read())
	# The output is 3 parameters concat with dot to a string
	# 3 params are: protectedHeader, encodedCpiSignedData, digitalSignature
	SIGNED = jws.sign(inFileJson, pkey_raw, algorithm="RS256")

	print(f"* {inFileJson['cbsdSerialNumber']} data was signed")
	with open(f"output/{signFile}.signed", "w") as out_file:
	out_file.write(SIGNED)