예제 #1
0
파일: pfr.py 프로젝트: mstarecek/spsdk_try 
def _extract_public_key(file_path: str, password: Optional[str]) -> crypto.RSAPublicKey:
    cert_candidate = crypto.load_certificate(file_path)
    if cert_candidate:
        return cert_candidate.public_key()
    private_candidate = crypto.load_private_key(file_path, password.encode() if password else None)
    if private_candidate:
        return private_candidate.public_key()
    public_candidate = crypto.load_public_key(file_path)
    if public_candidate:
        return public_candidate
    assert False, f"Unable to load secret file '{file_path}'."
예제 #2
0
def test_certificate_generation_cli(tmpdir, data_dir):
    with use_working_directory(data_dir):
        cert_path = os.path.join(tmpdir, "cert.crt")
        cmd = f'-j {os.path.join(data_dir, "certgen_config.json")} -c {cert_path}'
        runner = CliRunner()
        result = runner.invoke(main, cmd.split())
        assert result.exit_code == 0
        assert os.path.isfile(cert_path)

    generated_cert = load_certificate(cert_path)
    assert isinstance(generated_cert, Certificate)
    assert generated_cert.issuer.get_attributes_for_oid(
        NameOID.COMMON_NAME).pop(0).value == 'ONE'
    assert generated_cert.subject.get_attributes_for_oid(
        NameOID.COMMON_NAME).pop(0).value == 'TWO'
    assert generated_cert.extensions.get_extension_for_oid(
        ExtensionOID.BASIC_CONSTRAINTS).value.ca
    assert generated_cert.serial_number == 777
예제 #3
0
def main() -> None:
    """Main function."""
    # Set the folder for data (certificates, keys)
    data_dir = path.join(path.dirname(__file__), "data")
    os.makedirs(data_dir, exist_ok=True)
    # Load public key of CA certificate
    ca0_pubkey_rsa2048 = load_public_key(
        path.join(data_dir, "ca_publickey_rsa2048.pem"))
    # Load CA certificate
    ca0_cert = load_certificate(path.join(data_dir, "ca_cert_pem.crt"))
    # Obtain public key from CA certificate
    pubkey_from_ca0_cert = get_public_key_from_certificate(ca0_cert)
    # Check if public key of certificate has proper format
    assert isinstance(pubkey_from_ca0_cert, RSAPublicKey)
    # Compare CA's public key from file and the one from certificate
    if ca0_pubkey_rsa2048.public_numbers(
    ) != pubkey_from_ca0_cert.public_numbers():
        raise SPSDKError(
            "Keys are not the same (the one from disc and the one from cert)")
    # Load certificate, which is singed by CA
    crt = load_certificate(path.join(data_dir, "crt_pem.crt"))
    if not validate_certificate(crt, ca0_cert):
        raise SPSDKError("The certificate is not valid")
    print("The certificate was signed by the CA.")
    # Load chain of certificate
    chain = ["chain_crt2_pem.crt", "chain_crt_pem.crt", "ca_cert_pem.crt"]
    chain_cert = [
        load_certificate(path.join(data_dir, cert_name)) for cert_name in chain
    ]
    ch3_crt2 = load_certificate(path.join(data_dir, "chain_crt2_pem.crt"))
    ch3_crt = load_certificate(path.join(data_dir, "chain_crt_pem.crt"))
    ch3_ca = load_certificate(path.join(data_dir, "ca_cert_pem.crt"))
    # Validate the chain (if corresponding items in chain are singed by one another)
    if not validate_certificate_chain(chain_cert):
        raise SPSDKError("The certificate chain is not valid")
    print("The chain of certificates is valid.")
    # Checks if CA flag is set correctly
    if is_ca_flag_set(ch3_crt2):
        raise SPSDKError("CA flag is set")
    if not is_ca_flag_set(ch3_crt):
        raise SPSDKError("CA flag is not set")
    if not is_ca_flag_set(ch3_ca):
        raise SPSDKError("CA flag is not set")
예제 #4
0
def test_is_cert(data_dir, file_name, expect_cer):
    cert_path = path.join(data_dir, file_name)
    result = bool(load_certificate(cert_path))
    assert result is expect_cer
예제 #5
0
def get_certificate(data_dir, cert_file_name: str) -> Certificate:
    cert = load_certificate(path.join(data_dir, cert_file_name))
    return cert
예제 #6
0
#!/usr/bin/env python
# -*- coding: UTF-8 -*-
#
# Copyright 2021 NXP
#
# SPDX-License-Identifier: BSD-3-Clause

from spsdk.crypto import load_certificate, save_rsa_public_key

cert = load_certificate("keys_and_certs/root_k0_signed_cert0_noca.der.cert")
pub_key = cert.public_key()
save_rsa_public_key(pub_key, "keys_and_cers/root_k0_public_key.pub")