Blame - cpisign.py - cbrstools

blob: 545ca9f00fd464bc924a1fc287e3488c531d127c [file] [log] [blame]

Zack Williams	7af92fe	2021-08-15 15:37:50 -0700	[diff] [blame^]	1	#!/usr/bin/env python3
				2	"""
				3	cpisign.py
				4
				5	Utility for signing CPI data
				6	"""
				7
				8	# SPDX-FileCopyrightText: © 2021 Open Networking Foundation <support@opennetworking.org>
				9	# SPDX-License-Identifier: Apache-2.0
				10
				11	import getpass
				12	from jose import jws
				13
				14	from cryptography.hazmat.primitives.serialization import pkcs12
				15	from cryptography.hazmat.primitives import serialization
				16
				17	CPI_KEY_PATH = "./YOUR_CPI_KEY.p12"
				18
				19	cpiSignedData = {
				20	"fccId": "P27-SCE4255W",
				21	"cbsdSerialNumber": "2009CW5000016",
				22	"installationParam": {
				23	"latitude": 32.344752,
				24	"longitude": -111.012302,
				25	"height": 1,
				26	"heightType": "AGL",
				27	"indoorDeployment": True,
				28	},
				29	"professionalInstallerData": {
				30	"cpiId": "GOOG-001212",
				31	"cpiName": "Wei-Yu Chen",
				32	"installCertificationTime": "2021-08-14T00:00:00Z",
				33	},
				34	}
				35
				36	# get password
				37	cpi_password = bytes(getpass.getpass(), "ascii")
				38
				39	with open(CPI_KEY_PATH, "rb") as key_file:
				40	(pkey, cert, addl_cert) = pkcs12.load_key_and_certificates(
				41	key_file.read(), cpi_password
				42	)
				43
				44	pkey_raw = pkey.private_bytes(
				45	encoding=serialization.Encoding.PEM,
				46	format=serialization.PrivateFormat.TraditionalOpenSSL,
				47	encryption_algorithm=serialization.NoEncryption(),
				48	)
				49
				50	(protectedHeader, encodedCpiSignedData, digitalSignature) = jws.sign(
				51	cpiSignedData, pkey_raw, algorithm="RS256"
				52	).split(".")
				53
				54	print(protectedHeader)
				55	print(encodedCpiSignedData)
				56	print(digitalSignature)