Example Request Certificate Script

To implement the function on the device site, the following shows an example script to use for demonstration purposes.

Demo Script: Request Certificate

import subprocess
import requests
import json
import base64

URL = 'http://192.168.5.91:8080/json/'
# PEM, B64_DER, HEX_DER available
KEY_FORMAT = 'B64_DER'
CERT_FORMAT = 'PEM'

CERT_TYPE = 'prime_product'


def send_status_req_primeproduct(url):

    primeproduct_status_req = {
        'method': 'STATUS_REQ',
        'params': {
            'method': 'CERT_REQ',
            'rule_chain': CERT_TYPE.lower()
        }
    }

    print('Sending STATUS_REQ:')
    print(primeproduct_status_req)

    primeproduct_status_resp = requests.post(url=url, json=primeproduct_status_req)
    primeproduct_status_resp_json = json.loads(primeproduct_status_resp.content.decode('utf-8'))

    print('\nGot STATUS_RESP:')
    print(primeproduct_status_resp_json)

    return primeproduct_status_resp_json


def send_cert_req_primeproduct(url, key_format, cert_format):

    # if key_format == 'B64_DER':
    #     with open('pubkey_base.txt', 'r') as f:
    #         pub_key = f.read()

    if key_format == 'PEM':
        subprocess.run('openssl ecparam -name prime256v1 -genkey -noout -outform PEM -out key.key', shell=True)
        subprocess.run('openssl ec -in key.key -inform PEM -pubout -outform PEM -out pub_key.key', shell=True)

        with open('pub_key.key', 'r') as f:
            pub_key = f.read()

    elif key_format == 'B64_DER' or key_format == 'HEX_DER':
        subprocess.run('openssl ecparam -name prime256v1 -genkey -noout -outform DER -out key.key', shell=True)
        subprocess.run('openssl ec -in key.key -inform DER -pubout -outform DER -out pub_key.key', shell=True)

        with open('pub_key.key', 'rb') as f:
            pub_key = f.read()

        if key_format == 'B64_DER':
            pub_key = base64.b64encode(pub_key).decode('utf-8')
        else:
            pub_key = pub_key.hex()

    else:
        return None

    primeproduct_cert_req = {
            'method': 'CERT_REQ',
            'params': {
                'rule_chain': CERT_TYPE.lower(),
                # oid sha512WithRSAEncryption:
                # 1.2.840.113549.1.1.13
                'signature_algorithm': '1.2.840.113549.1.1.13',
                'cert_format': cert_format,
                'client_public_key': pub_key,
                'client_key_format': key_format,
                # oid 256-bit Elliptic Curve Cryptography (ECC),
                # also known as National Institute of Standards and Technology (NIST) P-256:
                # 1.2.840.10045.3.1.7
                'client_key_params': '1.2.840.10045.3.1.7',
                # oid Elliptic curve public key cryptography:
                # 1.2.840.10045.2.1
                'client_key_algorithm': '1.2.840.10045.2.1',
                'article_type': 'PrimeProductone',
                'mlfb': '6FC5372-0AA30-0AB0',
                'serial_number': 'T-JN6282398',
                'mac_addresses': [
                    '00-A0-03-11-95-2A',
                    '00-A0-03-11-95-2B',
                    '00-A0-03-11-95-2C'
                ]
            }
    }
    print('\nSending CERT_REQ:')
    print(primeproduct_cert_req)

    resp = requests.post(url=url, json=primeproduct_cert_req)
    primeproduct_cert_resp_json = json.loads(resp.content.decode('utf-8'))

    print('\nGot CERT_RESP:')
    print(primeproduct_cert_resp_json)

    return primeproduct_cert_resp_json


def send_cert_final_req_primeproduct(url):

    cert_final_req = {
        'method': 'CERT_FINAL_REQ',
        'params': {
            'serial_number': '0123456789',
            'status_message': 'SUCCESS',
            'status_code': '200',
            'rule_chain': CERT_TYPE.lower(),
            'text_message': ''
        }
    }
    print('\nSending CERT_FINAL_REQ:')
    print(cert_final_req)

    cert_final_resp = requests.post(url=url, json=cert_final_req)
    cert_final_resp_json = json.loads(cert_final_resp.content.decode('utf-8'))

    print('\nGot CERT_FINAL_RESP:')
    print(cert_final_resp_json)

    return cert_final_resp_json


def clean_up():
    subprocess.run('rm *.key', shell=True)


if __name__ == "__main__":

    status_resp_primeproduct = send_status_req_primeproduct(url=URL)

    if status_resp_primeproduct['method'] == 'STATUS_RESP' and status_resp_primeproduct['params']['status_code'] == '200':
        cert_resp_primeproduct = send_cert_req_primeproduct(url=URL, cert_format=CERT_FORMAT, key_format=KEY_FORMAT)

        if cert_resp_primeproduct['method'] == 'CERT_RESP' and cert_resp_primeproduct['params']['status_code'] == '200':
            cert_final_resp_primeproduct = send_cert_final_req_primeproduct(url=URL)

            print('\n\n')
            print('Received Certificate:')
            print(cert_resp_primeproduct['params']['certificate'])

    clean_up()

Next Step: Define Rule Chains

For information on defining rule chains for certificate creation, see Implement Process Workflow.