def __str__(self):
s = """initial_time = %s
end_time = %s
public_key = %s
min_generation = %s""" %\
(Time.posixTimeToStr(self.initial_time),
Time.posixTimeToStr(self.end_time),
self.public_key,
self.min_generation)
return s
def printHelp():
s = Time.posixTimeToStr(time.time())
print(
"""Creates a TACK based on a target certificate.
sign -k KEY -c CERT
-k KEY : Use this TACK key file ("-" for stdin)
-c CERT : Sign this certificate's public key ("-" for stdin)
Optional arguments:
-v : Verbose
-x : Use python crypto (not OpenSSL)
-o FILE : Write the output to this file (instead of stdout)
-p PASSWORD : Use this TACK key password instead of prompting
-m MIN_GENERATION : Use this min_generation number (0-255)
-g GENERATION : Use this generation number (0-255)
-e EXPIRATION : Use this UTC time for expiration
("%s", "%sZ",
"%sZ", "%sZ" etc.)
Or, specify a delta from current time:
("5m", "30d", "1d12h5m", "0m", etc.)
If not specified, the certificate's notAfter is used.
-n NUM@INTERVAL : Generate NUM TACKs, with expiration times spaced
out by INTERVAL (see -e for delta syntax). The
-o argument is used as a filename prefix, and the
-e argument is used as the first expiration time.
""" % (s, s[:13], s[:10], s[:4]))
def addPemComments(self, inStr):
"""Add pre-PEM metadata/comments to PEM strings."""
versionStr = __version__
timeStr = Time.posixTimeToStr(time.time(), True)
outStr = "Created by tack.py %s\nCreated at %s\n%s" %\
(versionStr, timeStr, inStr)
return outStr
def test_Certificate(self):
s = """
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgIHJ6JvWHUrOTANBgkqhkiG9w0BAQUFADCByjELMAkGA1UE
BhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAY
BgNVBAoTEUdvRGFkZHkuY29tLCBJbmMuMTMwMQYDVQQLEypodHRwOi8vY2VydGlm
aWNhdGVzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkxMDAuBgNVBAMTJ0dvIERhZGR5
IFNlY3VyZSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTERMA8GA1UEBRMIMDc5Njky
ODcwHhcNMTEwNzA4MDAxOTU3WhcNMTIwNzA4MDAxOTU3WjBPMRQwEgYDVQQKFAsq
LnRyZXZwLm5ldDEhMB8GA1UECxMYRG9tYWluIENvbnRyb2wgVmFsaWRhdGVkMRQw
EgYDVQQDFAsqLnRyZXZwLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMgawQKi4zY4TTz1RNL7klt/ibvjG+jGqBYlc6qjUiTQORD3fUrdAF83Alav
JiC3rrwfvarL8KpPn7zQQOOk+APwzFxn0sVphDvAN8E7xI/cC7es08EYA9/DDN7r
VTe/wvbs77CL5AniRSJyAP5puvSUHgixingTgYmnkIgC+3ZFqyfz2uenxvkPkoUT
QEBkm2uEcBOwBMXAih1fdsuhEiJ9qpmejpIEvxLIDoMnCWTPs897zhwr3epQkn5g
lKQ9H+FnEo5Jf8YBM4YhAzwG/8pyfc8NtOHafKUb5PhSIC7Vy7N2EBQ4y9kDOZc+
r0Vguq4p+Nncc32JI/i1Cdj/lO0CAwEAAaOCAa4wggGqMA8GA1UdEwEB/wQFMAMB
AQAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA4GA1UdDwEB/wQEAwIF
oDAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLmdvZGFkZHkuY29tL2dkczEt
NTIuY3JsME0GA1UdIARGMEQwQgYLYIZIAYb9bQEHFwEwMzAxBggrBgEFBQcCARYl
aHR0cHM6Ly9jZXJ0cy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5LzCBgAYIKwYBBQUH
AQEEdDByMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5nb2RhZGR5LmNvbS8wSgYI
KwYBBQUHMAKGPmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3Np
dG9yeS9nZF9pbnRlcm1lZGlhdGUuY3J0MB8GA1UdIwQYMBaAFP2sYTKTbEXW4u6F
X5q653aZaMznMCEGA1UdEQQaMBiCCyoudHJldnAubmV0ggl0cmV2cC5uZXQwHQYD
VR0OBBYEFCYv4a9+enZGS27wqAv+TPfJOOb7MA0GCSqGSIb3DQEBBQUAA4IBAQA+
2OKO77vpwKtoKddDtamBokiVhHrfw0c7ALGysOXtss1CKV2WgH4FdNuh9pFkVZB2
mKZ7keS7EMW11OzgBR3pRRk0AkNYtDsOJEXA2+1NLFgrtdujHrDX4WIoi9MGbqB5
TfK08XufM7OP3yXDLtMxyUtyjprFhdxPE+9p/GJ0IVdZrMmzYTjyCOO8+okY9zAQ
RVUKuxd+eEaH3BpPAau4MP2n24gy6WEsJ2auB81ee9fDnx/tfKPqvyuc4r4/Z4aL
5CvQvlPHaG/TTXXNh3pZFl3d/J5/76ZfeQzQtZ+dCrE4a4601Q4hBBXEq5gQfaof
H4yTGzfDv+JLIICAIcCs
-----END CERTIFICATE-----"""
sslc = TlsCertificate.createFromPem(s)
assert(sslc.key_sha256 == a2b_hex("ffd30bcb84dbbc211a510875694354c58863d84fb7fc5853dfe36f4be2eb2e50"))
assert(sslc.cert_sha256 == a2b_hex("1a50e3de3a153f33b314b67c1aacc2f59fc99c49b8449c33dcc3665663e2bff1"))
assert(Time.posixTimeToStr(sslc.notAfter, True) == "2012-07-08T00:19:57Z")
# Write to binary and re-parse it, then check again
b = sslc.serialize()
sslc2 = TlsCertificate(b)
assert(sslc2.key_sha256 == a2b_hex("ffd30bcb84dbbc211a510875694354c58863d84fb7fc5853dfe36f4be2eb2e50"))
assert(sslc2.cert_sha256 == a2b_hex("1a50e3de3a153f33b314b67c1aacc2f59fc99c49b8449c33dcc3665663e2bff1"))
assert(Time.posixTimeToStr(sslc2.notAfter, True) == "2012-07-08T00:19:57Z")
return 1
def writeText(self):
s =\
"""key_sha256 = 0x%s
notAfter = %s
""" % (\
Util.writeBytes(self.key_sha256),
Time.posixTimeToStr(self.notAfter, True))
if self.tackExt:
s += "\n" + str(self.tackExt)
return s
def __str__(self):
"""Return a readable string describing this TACK.
Used by the "TACK view" command to display TACK objects."""
s =\
"""TACK ID = %s
min_generation = %d
generation = %d
expiration = %s
target_hash = %s\n""" %\
(self.getTackId(),
self.min_generation,
self.generation,
Time.posixTimeToStr(self.expiration*60),
Util.writeBytes(self.target_hash))
return s
def test_Tack(self):
s = """
-----BEGIN TACK-----
TAmsAZIpzR+MYwQrsujLhesvpu3dRc5ROhfgySqUVkU1p1hdXo+PwQrmaQo9B9+o
hecRrWElh3yThwgYQRgbSwAAAY0cQDHeDLGfKtuw0c17GzHvjuPrWbdEWa75S0gL
7u64XGTJQUtzAwXIWOkQEQ0BRUlbzcGEa9a1PBhjmmWFNF+kGAswhLnXc5qL4y/Z
PDUV0rzIIYjXP58T5pphGKRgLlK3Aw==
-----END TACK-----"""
t = Tack().createFromPem(s)
assert(t.public_key.getRawKey() == a2b_hex("4c09ac019229cd1f8c63042bb2e8"
"cb85eb2fa6eddd45ce513a17e0c9"
"2a94564535a7585d5e8f8fc10ae6"
"690a3d07dfa885e711ad6125877c"
"9387081841181b4b"))
assert(Time.posixTimeToStr(t.expiration*60) == "2019-06-25T22:24Z")
assert(t.generation == 0)
assert(t.target_hash == a2b_hex("31de0cb19f2adbb0d1cd7b1b31ef8ee3eb59b74459aef94b480beeeeb85c64c9"))
assert(t.signature == a2b_hex("414b730305c858e910110d0145495"
"bcdc1846bd6b53c18639a6585345f"
"a4180b3084b9d7739a8be32fd93c3"
"515d2bcc82188d73f9f13e69a6118"
"a4602e52b703"))
def test_posix(self):
assert(Time.posixTimeToStr(1234567890, True) == "2009-02-13T23:31:30Z")
assert(Time.posixTimeToStr(1234567890) == "2009-02-13T23:31Z")
