Beispiel #1
0
	def generate_key(self, 
		# the smart cards pin code.
		pin=None,
	):

		# check params.
		response = r3sponse.check_parameters(
			empty_value=None,
			parameters={
				"pin":pin,
			})
		if not response["success"]: return response

		# do.
		command = f"printf '\\n\\n' | ykman --device {self.serial_number} piv generate-key 9a public.pem --pin-policy ALWAYS  --pin {pin} --management-key 010203040506070801020304050607080102030405060708"
		output = utils.__execute_script__(command, shell=True)
		
		# handle error.
		response = self.__handle_default_output__(output)
		if not response["success"]: return response
		elif output != "":
			return r3sponse.error(f"Unknown error during key generation, output: [{output}].")

		# do.
		command = f'ykman --device {self.serial_number} piv generate-certificate -s "/CN=SSH-key/" 9a public.pem --pin {pin} --management-key 010203040506070801020304050607080102030405060708'
		output = utils.__execute_script__(command, shell=True)
		
		# handle error.
		response = self.__handle_default_output__(output)
		if not response["success"]: return response
		elif output != "":
			return r3sponse.error(f"Unknown error during certificate generation, output: [{output}].")

		# handle success.
		return r3sponse.success(f"Successfully generated a signed certificate & key for smart card [{self.serial_number}].")
Beispiel #2
0
	def change_puk(self, 
		# the smart cards new puk code.
		new=None, 
		# the smart cards old puk code.
		old=12345678,
	):

		# check params.
		response = r3sponse.check_parameters(
			empty_value=None,
			parameters={
				"new":new,
				"old":old,
			})
		if not response["success"]: return response

		# do.
		command = f"ykman --device {self.serial_number} piv change-puk -p{old} -n{new}"
		output = utils.__execute_script__(command, shell=True)

		# handle defaults.
		response = self.__handle_default_output__(output)
		if not response["success"]: return response


		# handle success.
		elif "New PUK set." in output: 
			return r3sponse.success(f"Successfully changed the puk of smart card [{self.serial_number}].")

		# unknown error.
		else:
			return r3sponse.error(f"Unknown error while changing puk, output: [{output}].")
Beispiel #3
0
	def unblock_pin(self, 
		# the new pin code.
		pin=None, 
		# the smart cards puk code
		puk=None,
	):
		
		# check params.
		response = r3sponse.check_parameters(
			empty_value=None,
			parameters={
				"pin":pin,
				"puk":puk,
			})
		if not response["success"]: return response

		# unblock.
		output = utils.__execute_script__(f"ykman --device {self.serial_number} piv unblock-pin --puk {puk} --new-pin {pin}", shell=True)

		# handle defaults.
		response = self.__handle_default_output__(output)
		if not response["success"]: return response

		# handle error.
		if output != "":
			return r3sponse.error(f"Unknown error pin unblocking, output: [{output}].")

		# handle success.
		return r3sponse.success(f"Successfully unblocked the pin code of smart card [{self.serial_number}].")
Beispiel #4
0
    def export_keys(
        self,
        # optionally save the keys to a file.
        path=None,
    ):

        # output.
        command = f"ssh-keygen -D {self.path} -e"
        output = utils.__execute_script__(command,
                                          shell=True,
                                          return_format="array")

        # error.
        if len(output) == 0 or "ssh-rsa " not in output[0]:
            return dev0s.response.error(
                f"Failed to export smart card [{self.serial_number}].")
        else:

            # write out.
            if path != None:
                try:
                    Files.save(path,
                               utils.__array_to_string__(output, joiner="\n"))
                except:
                    return dev0s.response.error(
                        f"Failed to write out the exported key from smart card [{self.serial_number}]."
                    )

            # success.
            return dev0s.response.success(
                f"Successfully exported smart card [{self.serial_number}].",
                {"public_keys": output})
Beispiel #5
0
    def generate_management_key(
        self,
        # the smart cards pin code.
        pin=None,
    ):

        # check params.
        response = dev0s.response.parameters.check(
            default=None,
            traceback=self.__traceback__(function="generate_management_key"),
            parameters={
                "pin": pin,
            })
        if not response["success"]: return response

        # do.
        command = f'ykman --device {self.serial_number} piv change-management-key --generate --protect --pin {pin} --management-key "010203040506070801020304050607080102030405060708"'
        output = utils.__execute_script__(command, shell=True)

        # handle success.
        response = self.__handle_default_output__(output)
        if not response["success"]: return response
        elif output != "":
            return dev0s.response.error(
                f"Unknown error during management key generation, output: [{output}]."
            )
        else:
            return dev0s.response.success(
                f"Successfully generated a management key for smart card [{self.serial_number}]."
            )
Beispiel #6
0
	def mount(self, 
		# the directory paths.
		server_path=None, 
		client_path=None, 
		# the ssh params.
		# option 1:
		alias=None,
		# option 2:
		username=None, 
		ip=None, 
		port=22,
		key_path=None,
	):

		# checks.
		base = ""
		if alias == None:
			response = r3sponse.check_parameters(empty_value=None, parameters={
				"username":username,
				"ip":ip,
				"server_path":server_path,
				"client_path":client_path,
				"key_path":key_path,
				"port":port,
			})
			if not response["success"]: return response
			base += f"sshfs -p {port} -o IdentityFile={key_path} {username}@{ip}"
		else:
			response = r3sponse.check_parameters(empty_value=None, parameters={
				"alias":alias,
				"server_path":server_path,
				"client_path":client_path,
			})
			if not response["success"]: return response
			base += f'sshfs {alias}'

		# do.
		command = f'{base}:{server_path} {client_path}'
		print(f"COMMAND: [{command}]")
		output = utils.__execute_script__(command)
		#output = utils.__execute__(base + [f'{alias}:{server_path}', client_path])
		#output = utils.__execute_script__(utils.__array_to_string__(base + [f'{alias}:{server_path}', client_path], joiner="\n"))

		# check fails.
		if "mount_osxfuse: mount point " in output and "is itself" in output:
			return r3sponse.error(f"Client path [{client_path}] is already mounted.")
		elif "No such file or directory" in output:
			return r3sponse.error(f"Server path [{server_path}] does not exist.")
		elif "" == output:
			if not Files.exists(client_path):
				return r3sponse.error(f"Could not connect with server [{alias}].")
			# check success.	
			else:
				return r3sponse.success(f"Successfully mounted directory [{client_path}].")

		# unknown.
		else:
			l = f"Failed to mount directory [{client_path}]"
			return r3sponse.error((f"{l}, error: "+output.replace("\n", ". ").replace(". .", ".")+".)").replace(". .",".").replace("\r","").replace("..","."))
Beispiel #7
0
	def reset_piv(self): # for when both pin & puk codes are blocked.

		# do.
		#output = utils.__execute_script__(f"printf 'y\\n' | ykman --device {self.serial_number} piv reset", shell=True)
		output = utils.__execute_script__(f"printf 'y\\n' | ykman --device {self.serial_number} piv reset", shell=True)
		
		# handle success.
		if "Success!" in output:
			return r3sponse.success("Successfully resetted the smart card.")

		# handle error.
		else:
			return r3sponse.error("Failed to reset the smart card.")
Beispiel #8
0
    def change_pin(
        self,
        # the smart cards new pin code.
        new=None,
        # the smart cards old pin code.
        old=123456,
    ):

        # check params.
        response = dev0s.response.parameters.check(
            default=None,
            traceback=self.__traceback__(function="change_pin"),
            parameters={
                "new": new,
                "old": old,
            })
        if not response["success"]: return response

        # do.
        command = f"ykman --device {self.serial_number} piv change-pin -P{old} -n{new}"
        output = utils.__execute_script__(command, shell=True)

        # handle defaults.
        response = self.__handle_default_output__(output)
        if not response["success"]:
            return response

            # handle success.
        elif "New PIN set." in output:
            return dev0s.response.success(
                f"Successfully changed the pin of smart card [{self.serial_number}]."
            )

        # unknown error.
        else:
            return dev0s.response.error(
                f"Unknown error while changing pin, output: [{output}].")