def test_piv_generate_csr(self): ykman_cli('piv', 'generate-key', '9a', '-m', DEFAULT_MANAGEMENT_KEY, '/tmp/test-pub-key.pem') output = ykman_cli('piv', 'generate-csr', '9a', '/tmp/test-pub-key.pem', '-s', 'test-subject', '-P', '123456', '-') self.assertIn('BEGIN CERTIFICATE REQUEST', output)
def test_piv_generate_self_signed(self): ykman_cli('piv', 'generate-key', '9a', '-m', DEFAULT_MANAGEMENT_KEY, '/tmp/test-pub-key.pem') ykman_cli('piv', 'generate-certificate', '9a', '-m', DEFAULT_MANAGEMENT_KEY, '/tmp/test-pub-key.pem', '-s', 'test-subject', '-P', '123456') output = ykman_cli('piv', 'info') self.assertIn('test-subject', output)
def test_piv_change_management_key_protect(self): ykman_cli('piv', 'change-management-key', '-p', '-P', '123456', '-m', DEFAULT_MANAGEMENT_KEY) output = ykman_cli('piv', 'info') self.assertIn( 'Management key is stored on device and protected by PIN', output) ykman_cli('piv', 'reset', '-f') # Cleanup, should maybe be done always?
def test_calculate_totp(self): ykman_cli('slot', 'delete', '2', '-f') ykman_cli('slot', 'chalresp', '2', 'abba', '-f') output = ykman_cli('slot', 'calculate', '2', '999', '-T') self.assertEqual('533486', output.strip()) output = ykman_cli('slot', 'calculate', '2', '999', '-T', '-d', '8') self.assertEqual('04533486', output.strip()) output = ykman_cli('slot', 'calculate', '2', '-T') self.assertEqual(6, len(output.strip())) output = ykman_cli('slot', 'calculate', '2', '-T', '-d', '8') self.assertEqual(8, len(output.strip()))
def test_oath_info(self): output = ykman_cli('oath', 'info') self.assertIn('OATH version:', output)
def test_piv_attest_key(self): ykman_cli('piv', 'generate-key', '9a', '-m', DEFAULT_MANAGEMENT_KEY, '-') output = ykman_cli('piv', 'attest', '9a', '-') self.assertIn('BEGIN CERTIFICATE', output)
def test_oath_add_credential_with_space(self): ykman_cli('oath', 'add', 'test-name-space', 'ab ba') creds = ykman_cli('oath', 'list') self.assertIn('test-name-space', creds)
def test_ykman_version(self): output = ykman_cli('-v') # Test that major version is 1 on all libs self.assertIn('libykpers 1', output) self.assertIn('libusb 1', output)
def test_openpgp_reset(self): output = ykman_cli('openpgp', 'reset', '-f') self.assertIn( 'Success! All data has been cleared and default PINs are set.', output)
def test_oath_add_uri_hotp(self): ykman_cli('oath', 'uri', URI_HOTP_EXAMPLE) creds = ykman_cli('oath', 'list') self.assertIn('Example:demo', creds)
def test_ykman_version_not_found(self): output = ykman_cli('-v') self.assertNotIn('not found!', output) self.assertNotIn('<pyusb backend missing>', output)
def test_piv_change_pin(self): ykman_cli('piv', 'change-pin', '-P', '123456', '-n', '654321') ykman_cli('piv', 'change-pin', '-P', '654321', '-n', '123456')
def test_ykman_info(self): time.sleep(3) info = ykman_cli('info') self.assertIn('Device name:', info) self.assertIn('Serial number:', info) self.assertIn('Firmware version:', info)
def test_oath_reset(self): output = ykman_cli('oath', 'reset', '-f') self.assertIn( 'Success! All credentials have been cleared from the device.', output)
def test_oath_hotp_code(self): ykman_cli('oath', 'add', '-o', 'HOTP', 'hotp-cred', 'abba') cred = ykman_cli('oath', 'code', 'hotp-cred') self.assertIn('659165', cred)
def test_oath_code_query(self): ykman_cli('oath', 'add', 'query-me', 'abba') creds = ykman_cli('oath', 'code', 'query-me') self.assertIn('query-me', creds)
def test_oath_code(self): ykman_cli('oath', 'add', 'test-name2', 'abba') creds = ykman_cli('oath', 'code') self.assertIn('test-name2', creds)
def test_oath_add_uri_totp(self): ykman_cli('oath', 'uri', URI_TOTP_EXAMPLE) creds = ykman_cli('oath', 'list') self.assertIn('john.doe', creds)
def test_piv_export_attestation_certificate(self): output = ykman_cli('piv', 'export-certificate', 'f9', '-') self.assertIn('BEGIN CERTIFICATE', output)
def test_ykman_swap_slots(self): output = ykman_cli('slot', 'swap', '-f') self.assertIn('Swapping slots...', output) output = ykman_cli('slot', 'swap', '-f') self.assertIn('Swapping slots...', output)
def test_oath_hotp_steam_code(self): ykman_cli('oath', 'add', '-o', 'HOTP', 'Steam:steam-cred', 'abba') cred = ykman_cli('oath', 'code', 'steam-cred') self.assertIn('CGC3K', cred)
def test_oath_hidden_cred(self): ykman_cli('oath', 'add', '_hidden:name', 'abba') creds = ykman_cli('oath', 'code') self.assertNotIn('_hidden:name', creds) creds = ykman_cli('oath', 'code', '-H') self.assertIn('_hidden:name', creds)
def test_piv_change_puk(self): ykman_cli('piv', 'change-puk', '-p', '12345678', '-n', '87654321') ykman_cli('piv', 'change-puk', '-p', '87654321', '-n', '12345678')
def test_oath_delete(self): ykman_cli('oath', 'add', 'delete-me', 'abba') ykman_cli('oath', 'delete', 'delete-me') self.assertNotIn('delete-me', ykman_cli('oath', 'list'))
def test_ykman_slot_info(self): info = ykman_cli('slot', 'info') self.assertIn('Slot 1:', info) self.assertIn('Slot 2:', info)
def test_piv_info(self): output = ykman_cli('piv', 'info') self.assertIn('PIV version:', output)
def test_ykman_program_otp_slot_2(self): output = ykman_cli('slot', 'otp', '2', '-f') self.assertIn('Using device serial as public ID:', output) self.assertIn('Using a randomly generated private ID:', output) self.assertIn('Using a randomly generated secret key:', output) self._check_slot_2_programmed()
def test_piv_reset(self): output = ykman_cli('piv', 'reset', '-f') self.assertIn('Success!', output)
def test_ykman_version(self): output = ykman_cli('-v') # Test that major version is 1 on all libs self.assertIn('libykpers 1', output) self.assertIn('libu2f-host 1', output) self.assertIn('libusb 1', output)
def test_piv_generate_key_eccp384(self): output = ykman_cli('piv', 'generate-key', '9a', '-a', 'ECCP384', '-m', DEFAULT_MANAGEMENT_KEY, '-') self.assertIn('BEGIN PUBLIC KEY', output)
def test_ykman_version_not_found(self): output = ykman_cli('-v') self.assertNotIn('not found!', output) self.assertNotIn('<pyusb backend missing>', output)
def test_piv_generate_key_touch_policy_always(self): output = ykman_cli('piv', 'generate-key', '9a', '--touch-policy', 'ALWAYS', '-m', DEFAULT_MANAGEMENT_KEY, '-') self.assertIn('BEGIN PUBLIC KEY', output)