def piv_can_parse(self, file_url): file_path = self._get_file_path(file_url) with open(file_path, 'r+b') as file: data = file.read() try: parse_certificates(data, password=None) return success() except (ValueError, TypeError): pass try: parse_private_key(data, password=None) return success() except (ValueError, TypeError): pass raise ValueError('Failed to parse certificate or key')
def test_is_pkcs12(self): with self.assertRaises(TypeError): is_pkcs12(None) with open_file("rsa_2048_key.pem") as rsa_2048_key_pem: self.assertFalse(is_pkcs12(rsa_2048_key_pem.read())) with open_file("rsa_2048_key_encrypted.pem") as f: self.assertFalse(is_pkcs12(f.read())) with open_file("rsa_2048_cert.pem") as rsa_2048_cert_pem: self.assertFalse(is_pkcs12(rsa_2048_cert_pem.read())) with open_file("rsa_2048_key_cert.pfx") as rsa_2048_key_cert_pfx: data = rsa_2048_key_cert_pfx.read() self.assertTrue(is_pkcs12(data)) parse_private_key(data, None) parse_certificates(data, None) with open_file( "rsa_2048_key_cert_encrypted.pfx" ) as rsa_2048_key_cert_encrypted_pfx: self.assertTrue(is_pkcs12(rsa_2048_key_cert_encrypted_pfx.read()))
def piv_import_file(self, slot, file_url, password=None, pin=None, mgm_key=None): is_cert = False is_private_key = False file_path = self._get_file_path(file_url) if password: password = password.encode() with open(file_path, 'r+b') as file: data = file.read() try: certs = parse_certificates(data, password) is_cert = True except (ValueError, TypeError): pass try: private_key = parse_private_key(data, password) is_private_key = True except (ValueError, TypeError, InvalidPasswordError): pass if not (is_cert or is_private_key): return failure('failed_parsing') with self._open_device([SmartCardConnection]) as conn: session = PivSession(conn) with PromptTimeout(): auth_failed = self._piv_ensure_authenticated( session, pin, mgm_key) if auth_failed: return auth_failed if is_private_key: session.put_key(SLOT[slot], private_key) if is_cert: if len(certs) > 1: leafs = get_leaf_certificates(certs) cert_to_import = leafs[0] else: cert_to_import = certs[0] session.put_certificate(SLOT[slot], cert_to_import) session.put_object(OBJECT_ID.CHUID, generate_chuid()) return success({ 'imported_cert': is_cert, 'imported_key': is_private_key })
def piv_import_file(self, slot, file_url, password=None, pin=None, mgm_key=None): is_cert = False is_private_key = False file_path = self._get_file_path(file_url) if password: password = password.encode() with open(file_path, 'r+b') as file: data = file.read() try: certs = parse_certificates(data, password) is_cert = True except (ValueError, TypeError): pass try: private_key = parse_private_key(data, password) is_private_key = True except (ValueError, TypeError): pass if not (is_cert or is_private_key): return failure('failed_parsing') with self._open_piv() as controller: auth_failed = self._piv_ensure_authenticated( controller, pin, mgm_key) if auth_failed: return auth_failed if is_private_key: controller.import_key(SLOT[slot], private_key) if is_cert: if len(certs) > 1: leafs = get_leaf_certificates(certs) cert_to_import = leafs[0] else: cert_to_import = certs[0] controller.import_certificate(SLOT[slot], cert_to_import) return success({ 'imported_cert': is_cert, 'imported_key': is_private_key })
def get_test_cert(): with open_file("rsa_2048_cert.pem") as f: return parse_certificates(f.read(), None)[0]
def get_test_cert(): with open_file('rsa_2048_cert.pem') as f: return parse_certificates(f.read(), None)[0]