def piv_can_parse(self, file_url):
file_path = self._get_file_path(file_url)
with open(file_path, 'r+b') as file:
data = file.read()
try:
parse_certificates(data, password=None)
return success()
except (ValueError, TypeError):
pass
try:
parse_private_key(data, password=None)
return success()
except (ValueError, TypeError):
pass
raise ValueError('Failed to parse certificate or key')
def test_is_pkcs12(self):
with self.assertRaises(TypeError):
is_pkcs12(None)
with open_file("rsa_2048_key.pem") as rsa_2048_key_pem:
self.assertFalse(is_pkcs12(rsa_2048_key_pem.read()))
with open_file("rsa_2048_key_encrypted.pem") as f:
self.assertFalse(is_pkcs12(f.read()))
with open_file("rsa_2048_cert.pem") as rsa_2048_cert_pem:
self.assertFalse(is_pkcs12(rsa_2048_cert_pem.read()))
with open_file("rsa_2048_key_cert.pfx") as rsa_2048_key_cert_pfx:
data = rsa_2048_key_cert_pfx.read()
self.assertTrue(is_pkcs12(data))
parse_private_key(data, None)
parse_certificates(data, None)
with open_file(
"rsa_2048_key_cert_encrypted.pfx"
) as rsa_2048_key_cert_encrypted_pfx:
self.assertTrue(is_pkcs12(rsa_2048_key_cert_encrypted_pfx.read()))
def piv_import_file(self,
slot,
file_url,
password=None,
pin=None,
mgm_key=None):
is_cert = False
is_private_key = False
file_path = self._get_file_path(file_url)
if password:
password = password.encode()
with open(file_path, 'r+b') as file:
data = file.read()
try:
certs = parse_certificates(data, password)
is_cert = True
except (ValueError, TypeError):
pass
try:
private_key = parse_private_key(data, password)
is_private_key = True
except (ValueError, TypeError, InvalidPasswordError):
pass
if not (is_cert or is_private_key):
return failure('failed_parsing')
with self._open_device([SmartCardConnection]) as conn:
session = PivSession(conn)
with PromptTimeout():
auth_failed = self._piv_ensure_authenticated(
session, pin, mgm_key)
if auth_failed:
return auth_failed
if is_private_key:
session.put_key(SLOT[slot], private_key)
if is_cert:
if len(certs) > 1:
leafs = get_leaf_certificates(certs)
cert_to_import = leafs[0]
else:
cert_to_import = certs[0]
session.put_certificate(SLOT[slot], cert_to_import)
session.put_object(OBJECT_ID.CHUID, generate_chuid())
return success({
'imported_cert': is_cert,
'imported_key': is_private_key
})
def piv_import_file(self,
slot,
file_url,
password=None,
pin=None,
mgm_key=None):
is_cert = False
is_private_key = False
file_path = self._get_file_path(file_url)
if password:
password = password.encode()
with open(file_path, 'r+b') as file:
data = file.read()
try:
certs = parse_certificates(data, password)
is_cert = True
except (ValueError, TypeError):
pass
try:
private_key = parse_private_key(data, password)
is_private_key = True
except (ValueError, TypeError):
pass
if not (is_cert or is_private_key):
return failure('failed_parsing')
with self._open_piv() as controller:
auth_failed = self._piv_ensure_authenticated(
controller, pin, mgm_key)
if auth_failed:
return auth_failed
if is_private_key:
controller.import_key(SLOT[slot], private_key)
if is_cert:
if len(certs) > 1:
leafs = get_leaf_certificates(certs)
cert_to_import = leafs[0]
else:
cert_to_import = certs[0]
controller.import_certificate(SLOT[slot], cert_to_import)
return success({
'imported_cert': is_cert,
'imported_key': is_private_key
})
def get_test_cert():
with open_file("rsa_2048_cert.pem") as f:
return parse_certificates(f.read(), None)[0]
def get_test_cert():
with open_file('rsa_2048_cert.pem') as f:
return parse_certificates(f.read(), None)[0]
