def generate_key(self,
# the smart cards pin code.
pin=None,
):
# check params.
response = r3sponse.check_parameters(
empty_value=None,
parameters={
"pin":pin,
})
if not response["success"]: return response
# do.
command = f"printf '\\n\\n' | ykman --device {self.serial_number} piv generate-key 9a public.pem --pin-policy ALWAYS --pin {pin} --management-key 010203040506070801020304050607080102030405060708"
output = utils.__execute_script__(command, shell=True)
# handle error.
response = self.__handle_default_output__(output)
if not response["success"]: return response
elif output != "":
return r3sponse.error(f"Unknown error during key generation, output: [{output}].")
# do.
command = f'ykman --device {self.serial_number} piv generate-certificate -s "/CN=SSH-key/" 9a public.pem --pin {pin} --management-key 010203040506070801020304050607080102030405060708'
output = utils.__execute_script__(command, shell=True)
# handle error.
response = self.__handle_default_output__(output)
if not response["success"]: return response
elif output != "":
return r3sponse.error(f"Unknown error during certificate generation, output: [{output}].")
# handle success.
return r3sponse.success(f"Successfully generated a signed certificate & key for smart card [{self.serial_number}].")
def change_puk(self,
# the smart cards new puk code.
new=None,
# the smart cards old puk code.
old=12345678,
):
# check params.
response = r3sponse.check_parameters(
empty_value=None,
parameters={
"new":new,
"old":old,
})
if not response["success"]: return response
# do.
command = f"ykman --device {self.serial_number} piv change-puk -p{old} -n{new}"
output = utils.__execute_script__(command, shell=True)
# handle defaults.
response = self.__handle_default_output__(output)
if not response["success"]: return response
# handle success.
elif "New PUK set." in output:
return r3sponse.success(f"Successfully changed the puk of smart card [{self.serial_number}].")
# unknown error.
else:
return r3sponse.error(f"Unknown error while changing puk, output: [{output}].")
def unblock_pin(self,
# the new pin code.
pin=None,
# the smart cards puk code
puk=None,
):
# check params.
response = r3sponse.check_parameters(
empty_value=None,
parameters={
"pin":pin,
"puk":puk,
})
if not response["success"]: return response
# unblock.
output = utils.__execute_script__(f"ykman --device {self.serial_number} piv unblock-pin --puk {puk} --new-pin {pin}", shell=True)
# handle defaults.
response = self.__handle_default_output__(output)
if not response["success"]: return response
# handle error.
if output != "":
return r3sponse.error(f"Unknown error pin unblocking, output: [{output}].")
# handle success.
return r3sponse.success(f"Successfully unblocked the pin code of smart card [{self.serial_number}].")
def export_keys(
self,
# optionally save the keys to a file.
path=None,
):
# output.
command = f"ssh-keygen -D {self.path} -e"
output = utils.__execute_script__(command,
shell=True,
return_format="array")
# error.
if len(output) == 0 or "ssh-rsa " not in output[0]:
return dev0s.response.error(
f"Failed to export smart card [{self.serial_number}].")
else:
# write out.
if path != None:
try:
Files.save(path,
utils.__array_to_string__(output, joiner="\n"))
except:
return dev0s.response.error(
f"Failed to write out the exported key from smart card [{self.serial_number}]."
)
# success.
return dev0s.response.success(
f"Successfully exported smart card [{self.serial_number}].",
{"public_keys": output})
def generate_management_key(
self,
# the smart cards pin code.
pin=None,
):
# check params.
response = dev0s.response.parameters.check(
default=None,
traceback=self.__traceback__(function="generate_management_key"),
parameters={
"pin": pin,
})
if not response["success"]: return response
# do.
command = f'ykman --device {self.serial_number} piv change-management-key --generate --protect --pin {pin} --management-key "010203040506070801020304050607080102030405060708"'
output = utils.__execute_script__(command, shell=True)
# handle success.
response = self.__handle_default_output__(output)
if not response["success"]: return response
elif output != "":
return dev0s.response.error(
f"Unknown error during management key generation, output: [{output}]."
)
else:
return dev0s.response.success(
f"Successfully generated a management key for smart card [{self.serial_number}]."
)
def mount(self,
# the directory paths.
server_path=None,
client_path=None,
# the ssh params.
# option 1:
alias=None,
# option 2:
username=None,
ip=None,
port=22,
key_path=None,
):
# checks.
base = ""
if alias == None:
response = r3sponse.check_parameters(empty_value=None, parameters={
"username":username,
"ip":ip,
"server_path":server_path,
"client_path":client_path,
"key_path":key_path,
"port":port,
})
if not response["success"]: return response
base += f"sshfs -p {port} -o IdentityFile={key_path} {username}@{ip}"
else:
response = r3sponse.check_parameters(empty_value=None, parameters={
"alias":alias,
"server_path":server_path,
"client_path":client_path,
})
if not response["success"]: return response
base += f'sshfs {alias}'
# do.
command = f'{base}:{server_path} {client_path}'
print(f"COMMAND: [{command}]")
output = utils.__execute_script__(command)
#output = utils.__execute__(base + [f'{alias}:{server_path}', client_path])
#output = utils.__execute_script__(utils.__array_to_string__(base + [f'{alias}:{server_path}', client_path], joiner="\n"))
# check fails.
if "mount_osxfuse: mount point " in output and "is itself" in output:
return r3sponse.error(f"Client path [{client_path}] is already mounted.")
elif "No such file or directory" in output:
return r3sponse.error(f"Server path [{server_path}] does not exist.")
elif "" == output:
if not Files.exists(client_path):
return r3sponse.error(f"Could not connect with server [{alias}].")
# check success.
else:
return r3sponse.success(f"Successfully mounted directory [{client_path}].")
# unknown.
else:
l = f"Failed to mount directory [{client_path}]"
return r3sponse.error((f"{l}, error: "+output.replace("\n", ". ").replace(". .", ".")+".)").replace(". .",".").replace("\r","").replace("..","."))
def reset_piv(self): # for when both pin & puk codes are blocked.
# do.
#output = utils.__execute_script__(f"printf 'y\\n' | ykman --device {self.serial_number} piv reset", shell=True)
output = utils.__execute_script__(f"printf 'y\\n' | ykman --device {self.serial_number} piv reset", shell=True)
# handle success.
if "Success!" in output:
return r3sponse.success("Successfully resetted the smart card.")
# handle error.
else:
return r3sponse.error("Failed to reset the smart card.")
def change_pin(
self,
# the smart cards new pin code.
new=None,
# the smart cards old pin code.
old=123456,
):
# check params.
response = dev0s.response.parameters.check(
default=None,
traceback=self.__traceback__(function="change_pin"),
parameters={
"new": new,
"old": old,
})
if not response["success"]: return response
# do.
command = f"ykman --device {self.serial_number} piv change-pin -P{old} -n{new}"
output = utils.__execute_script__(command, shell=True)
# handle defaults.
response = self.__handle_default_output__(output)
if not response["success"]:
return response
# handle success.
elif "New PIN set." in output:
return dev0s.response.success(
f"Successfully changed the pin of smart card [{self.serial_number}]."
)
# unknown error.
else:
return dev0s.response.error(
f"Unknown error while changing pin, output: [{output}].")