def master_keys(self): """Get all usable DNSSEC master keys""" keys = self.find_keys(objclass=_ipap11helper.KEY_CLASS_SECRET_KEY, label=u'dnssec-master', cka_unwrap=True) for key in keys.values(): prefix = 'dnssec-master' assert key['ipk11label'] == prefix, \ 'secret key ipk11id=0x%s ipk11label="%s" with ipk11UnWrap ' \ '= TRUE does not have "%s" key label' % ( str_hexlify(key['ipk11id']), str(key['ipk11label']), prefix ) return keys
def __init__(self, p11, handle): self.p11 = p11 self.handle = handle # sanity check CKA_ID and CKA_LABEL try: cka_id = self.p11.get_attribute(handle, _ipap11helper.CKA_ID) assert len(cka_id) != 0, 'ipk11id length should not be 0' except _ipap11helper.NotFound: raise _ipap11helper.NotFound('key without ipk11id: handle %s' % handle) try: cka_label = self.p11.get_attribute(handle, _ipap11helper.CKA_LABEL) assert len(cka_label) != 0, 'ipk11label length should not be 0' except _ipap11helper.NotFound: raise _ipap11helper.NotFound( 'key without ipk11label: id 0x%s' % str_hexlify(cka_id))
def find_keys(self, **kwargs): """Return dict with Key objects matching given criteria. CKA_ID is used as key so all matching objects have to have unique ID.""" # this is a hack for old p11-kit URI parser # see https://bugs.freedesktop.org/show_bug.cgi?id=85057 if 'uri' in kwargs: kwargs['uri'] = kwargs['uri'].replace('type=', 'object-type=') handles = self.p11.find_keys(**kwargs) keys = {} for h in handles: key = Key(self.p11, h) o_id = key['ipk11id'] assert o_id not in keys, 'duplicate ipk11Id = 0x%s; keys = %s' % ( str_hexlify(o_id), keys) keys[o_id] = key return keys
params['unwrapping_key'] = unwrapping_key.handle h = self.p11.import_wrapped_private_key(**params) return Key(self.p11, h) if __name__ == '__main__': if 'SOFTHSM2_CONF' not in os.environ: os.environ['SOFTHSM2_CONF'] = paths.DNSSEC_SOFTHSM2_CONF localhsm = LocalHSM(paths.LIBSOFTHSM2_SO, SOFTHSM_DNSSEC_TOKEN_LABEL, open(paths.DNSSEC_SOFTHSM_PIN).read()) print('replica public keys: CKA_WRAP = TRUE') print('====================================') for pubkey_id, pubkey in localhsm.replica_pubkeys_wrap.items(): print(str_hexlify(pubkey_id)) pprint(pubkey) print('') print('replica public keys: all') print('========================') for pubkey_id, pubkey in localhsm.replica_pubkeys.items(): print(str_hexlify(pubkey_id)) pprint(pubkey) print('') print('master keys') print('===========') for mkey_id, mkey in localhsm.master_keys.items(): print(str_hexlify(mkey_id)) pprint(mkey)