Create src/utils/crypto_seal.py
Browse files- src/utils/crypto_seal.py +58 -0
src/utils/crypto_seal.py
ADDED
|
@@ -0,0 +1,58 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
import os
|
| 2 |
+
from pyhanko.sign import signers
|
| 3 |
+
from pyhanko.pdf_utils.incremental_writer import IncrementalPdfFileWriter
|
| 4 |
+
from pyhanko.sign.fields import SigFieldSpec
|
| 5 |
+
import hashlib
|
| 6 |
+
|
| 7 |
+
class SovereignSealer:
|
| 8 |
+
"""
|
| 9 |
+
Cryptographic Enactment Utility for ARAVALLI-1.
|
| 10 |
+
Signs model weights and ecological findings with Category 1-SN Authority.
|
| 11 |
+
"""
|
| 12 |
+
def __init__(self, key_path, cert_path, passphrase=None):
|
| 13 |
+
self.signer = signers.SimpleSigner.load(
|
| 14 |
+
key_path, cert_path, key_passphrase=passphrase
|
| 15 |
+
)
|
| 16 |
+
|
| 17 |
+
def sign_finding(self, pdf_path, output_path, reason="GOEC Category 1-SN Mandate"):
|
| 18 |
+
"""Signs a PDF finding (like Annexure A) to make it legally unrepudiable."""
|
| 19 |
+
print(f"Sealing Ecological Finding: {pdf_path}")
|
| 20 |
+
with open(pdf_path, 'rb') as doc:
|
| 21 |
+
w = IncrementalPdfFileWriter(doc)
|
| 22 |
+
# Create a visible signature field in the 'Sovereign Corner'
|
| 23 |
+
meta = signers.PdfSignatureMetadata(
|
| 24 |
+
field_name='GOEC_Secretariat_Seal',
|
| 25 |
+
reason=reason,
|
| 26 |
+
location='India Node'
|
| 27 |
+
)
|
| 28 |
+
|
| 29 |
+
with open(output_path, 'wb') as out_f:
|
| 30 |
+
signers.sign_pdf(
|
| 31 |
+
w, meta, signer=self.signer, output=out_f
|
| 32 |
+
)
|
| 33 |
+
print(f"Mandate Enacted: {output_path}")
|
| 34 |
+
|
| 35 |
+
def generate_weight_manifest(self, model_path):
|
| 36 |
+
"""Generates a signed SHA-256 manifest of the model weights."""
|
| 37 |
+
sha256_hash = hashlib.sha256()
|
| 38 |
+
with open(model_path, "rb") as f:
|
| 39 |
+
for byte_block in iter(lambda: f.read(4096), b""):
|
| 40 |
+
sha256_hash.update(byte_block)
|
| 41 |
+
|
| 42 |
+
weight_hash = sha256_hash.hexdigest()
|
| 43 |
+
manifest_content = f"ARAVALLI-1_MODEL_HASH: {weight_hash}\nSTATUS: CATEGORY-1-SN\n"
|
| 44 |
+
|
| 45 |
+
# Save as a text file for separate signing or inclusion in a PDF report
|
| 46 |
+
manifest_path = model_path + ".manifest"
|
| 47 |
+
with open(manifest_path, "w") as f:
|
| 48 |
+
f.write(manifest_content)
|
| 49 |
+
return manifest_path
|
| 50 |
+
|
| 51 |
+
if __name__ == "__main__":
|
| 52 |
+
# Example usage for the Secretariat
|
| 53 |
+
sealer = SovereignSealer(
|
| 54 |
+
key_path="certs/goec_private.pem",
|
| 55 |
+
cert_path="certs/goec_cert.pem",
|
| 56 |
+
passphrase=b"survival_priority_2026"
|
| 57 |
+
)
|
| 58 |
+
# sealer.sign_finding("annex_a.pdf", "annex_a_signed.pdf")
|