class NEGOEX_EXCHANGE_NTLM_ITEM(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE(
ASN1F_SEQUENCE(ASN1F_SEQUENCE(ASN1F_OID("oid", ""),
ASN1F_PRINTABLE_STRING("token", ""),
explicit_tag=0x31),
explicit_tag=0x80))
class SAPPSE_Obj(ASN1_Packet):
"""SAP PSEv2 Object definition"""
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE(
ASN1F_PRINTABLE_STRING("object_name", "PKRoot"),
ASN1F_GENERALIZED_TIME("created", None),
ASN1F_OID("object_type", sappse_obj_oid["PKRoot"]),
ASN1F_CHOICE_SAFE("object_value", None,
X509_SubjectPublicKeyInfo, # SKnew, SKold, DECSKnew, DECSKold, SignSK
X509_Cert, # Cert, SignCert, EncCert
SAPPSE_Obj_PKRoot, # PKRoot
SAPPSE_Obj_CertList, # CertList, CSet, SignCSet, EncCSet
#ASN1F_SET_OF("cert_pairs", None, X509_CertPair), # CrossCSet
#ASN1F_SEQUENCE_OF("forward_certification_path", None, # FCPath
# ASN1F_SET_OF("cross_certs", None,
# X509_Cert)),
#ASN1F_SET_OF("pklist", SAPPSE_Obj_PKList(), SAPPSE_Obj_PKList), # PKList, EKList, PCAList
#ASN1F_SET_OF("crlset", SAPPSE_Obj_CRLSet(), SAPPSE_Obj_CRLSet), # CRLSet
#ASN1F_STRING("serial_number"), # SerialNumber
#ASN1F_STRING("quipu_password"), # QuipuPWD
#SAPPSE_Obj_EDBKey, # EDBKey
)
)
class SAPCredv2_Cred_LPS(ASN1_Packet):
"""SAP Credv2 Credential with LPS definition"""
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE(
ASN1F_INTEGER("version", 2),
ASN1F_SEQUENCE(
ASN1F_SET(
ASN1F_SEQUENCE(ASN1F_OID("oid", "2.5.4.3"),
ASN1F_PRINTABLE_STRING("value", None)))),
ASN1F_UTF8_STRING("pse_path", None),
ASN1F_BIT_STRING("cipher", None),
)
@property
def common_name(self):
return self.value.val
@property
def pse_file_path(self):
return self.pse_path.val
@property
def lps_type(self):
return ord(self.cipher.val_readable[1])
@property
def lps_type_str(self):
if self.lps_type in SAP_LPS_Cipher.lps_types:
lps = SAP_LPS_Cipher.lps_types[self.lps_type]
else:
lps = "OFF"
return lps
@property
def cipher_format_version(self):
return ord(self.cipher.val_readable[0])
@property
def cipher_algorithm(self):
if self.version == 2:
return CIPHER_ALGORITHM_AES256
else:
return CIPHER_ALGORITHM_3DES
def decrypt(self, username=None):
"""Decrypt a credential file using LPS.
:param username: Username to use when decrypting. Not used but kept to match signature
:type username: string
:return: decrypted object
:rtype: SAPCredv2_Cred_Plain
"""
cipher = SAP_LPS_Cipher(self.cipher.val_readable)
log_cred.debug(
"Obtained LPS cipher object (version={}, lps={})".format(
cipher.version, cipher.lps_type))
plain = cipher.decrypt()
# Get the pin from the raw data
plain_size = ord(plain[0])
pin = plain[plain_size + 1:]
# Create a plain credential container
plain_cred = SAPCredv2_Cred_Plain()
plain_cred.pin = ASN1_IA5_STRING(pin)
return plain_cred