def piv_export_certificate(self, slot, file_url):
file_path = self._get_file_path(file_url)
with self._open_device([SmartCardConnection]) as conn:
session = PivSession(conn)
cert = session.get_certificate(SLOT[slot])
with open(file_path, 'wb') as file:
file.write(
cert.public_bytes(encoding=serialization.Encoding.PEM))
return success()
def list_certificates(session: PivSession) -> Mapping[SLOT, Optional[x509.Certificate]]:
"""Reads out and parses stored certificates.
Only certificates which are successfully parsed are returned.
"""
certs = OrderedDict()
for slot in set(SLOT) - {SLOT.ATTESTATION}:
try:
certs[slot] = session.get_certificate(slot)
except ApduError:
pass
except BadResponseError:
certs[slot] = None # type: ignore
return certs
def get_certificate(self):
try:
conn = self._connect()
with conn:
session = PivSession(conn)
if self.pin:
try:
session.verify_pin(self.pin)
except InvalidPinError as err:
controlflow.system_error_exit(7, f'YubiKey - {err}')
try:
cert = session.get_certificate(self.slot)
except ApduError as err:
controlflow.system_error_exit(9, f'YubiKey - {err}')
cert_pem = cert.public_bytes(serialization.Encoding.PEM).decode()
publicKeyData = b64encode(cert_pem.encode())
if isinstance(publicKeyData, bytes):
publicKeyData = publicKeyData.decode()
return publicKeyData
except ValueError as err:
controlflow.system_error_exit(9, f'YubiKey - {err}')
