Use tkinter for PIN entry
This commit is contained in:
Timotej Lazar
parent
6fdcb01012
commit
9e0161b4ee
10
marginaltool
10
marginaltool
|
|
@ -9,7 +9,6 @@ import pathlib
|
||||||
import subprocess
|
import subprocess
|
||||||
import sys
|
import sys
|
||||||
import urllib.parse
|
import urllib.parse
|
||||||
import getpass
|
|
||||||
|
|
||||||
# use requests instead of urllib.request for keep-alive connection
|
# use requests instead of urllib.request for keep-alive connection
|
||||||
import requests
|
import requests
|
||||||
|
|
@ -35,13 +34,18 @@ def init(args):
|
||||||
if not args.keyfile or not args.certfile:
|
if not args.keyfile or not args.certfile:
|
||||||
raise Exception('key or certificate file not specified')
|
raise Exception('key or certificate file not specified')
|
||||||
args.cert = ''.join(line.strip() for line in open(args.certfile) if not line.startswith('-----'))
|
args.cert = ''.join(line.strip() for line in open(args.certfile) if not line.startswith('-----'))
|
||||||
|
|
||||||
case 'pkcs11':
|
case 'pkcs11':
|
||||||
if not args.id:
|
if not args.id:
|
||||||
args.id = config.get(args.url, 'id', fallback=None)
|
args.id = config.get(args.url, 'id', fallback=None)
|
||||||
if not args.id:
|
if not args.id:
|
||||||
raise Exception('key ID not specified')
|
raise Exception('key ID not specified')
|
||||||
args.cert = base64.b64encode(subprocess.run(['pkcs11-tool', '--read-object', '--type', 'cert', '--id', args.id], capture_output=True).stdout).decode()
|
args.cert = base64.b64encode(subprocess.run(['pkcs11-tool', '--read-object', '--type', 'cert', '--id', args.id], capture_output=True).stdout).decode()
|
||||||
args.pin = getpass.getpass('PIN: ')
|
|
||||||
|
# read the PIN once to avoid prompting for each document
|
||||||
|
import tkinter.simpledialog # only needed for PIN entry
|
||||||
|
args.pin = tkinter.simpledialog.askstring('marginaltool', 'PIN', show="*")
|
||||||
|
|
||||||
case '_':
|
case '_':
|
||||||
raise Exception(f'invalid engine {args.engine}')
|
raise Exception(f'invalid engine {args.engine}')
|
||||||
|
|
||||||
|
|
@ -53,6 +57,7 @@ def sign(b64data, args):
|
||||||
cmd = ['openssl', 'pkeyutl', '-sign', '-inkey', args.keyfile, '-pkeyopt', 'digest:sha256']
|
cmd = ['openssl', 'pkeyutl', '-sign', '-inkey', args.keyfile, '-pkeyopt', 'digest:sha256']
|
||||||
env = None
|
env = None
|
||||||
data = base64.b64decode(b64data)
|
data = base64.b64decode(b64data)
|
||||||
|
|
||||||
case 'pkcs11':
|
case 'pkcs11':
|
||||||
if not args.id:
|
if not args.id:
|
||||||
raise Exception('key ID not specified')
|
raise Exception('key ID not specified')
|
||||||
|
|
@ -67,6 +72,7 @@ def sign(b64data, args):
|
||||||
cmd = ['pkcs11-tool', '--id', args.id, '-s', '-m', 'RSA-PKCS', '-p', 'env:PIN']
|
cmd = ['pkcs11-tool', '--id', args.id, '-s', '-m', 'RSA-PKCS', '-p', 'env:PIN']
|
||||||
env = {'PIN': args.pin}
|
env = {'PIN': args.pin}
|
||||||
data = bytes.fromhex(digest_info['SHA-256']) + base64.b64decode(b64data)
|
data = bytes.fromhex(digest_info['SHA-256']) + base64.b64decode(b64data)
|
||||||
|
|
||||||
case '_':
|
case '_':
|
||||||
raise Exception(f'invalid engine {args.engine}')
|
raise Exception(f'invalid engine {args.engine}')
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue