Exemplo n.º 1
0
 def serialise_signature(cls, signature, container):
     """Provide an XML structure for embedded XML signature."""
     if not signature.key:
         return container
     # move the namespace to the root element and reformat before signing
     mk_elem(container, 'ds:Signature', Id='placeholder')
     container = move_namespaces(container)
     reformat(container)
     # sign the document
     return signature.sign_xml(container)
Exemplo n.º 2
0
 def serialise_signature(cls, signature, container):
     """Provide an XML structure for embedded XML signature."""
     if not signature.key:
         return container
     # move the namespace to the root element and reformat before signing
     mk_elem(container, 'ds:Signature', Id='placeholder')
     container = move_namespaces(container)
     reformat(container)
     # sign the document
     return signature.sign_xml(container)
Exemplo n.º 3
0
 def serialise_encryption(cls, encryption, container):
     if all(x is None
            for x in (encryption.id, encryption.key_name, encryption.key,
                      encryption.derivation.algorithm)):
         return
     encryption_key = mk_elem(container, 'pskc:EncryptionKey',
                              Id=encryption.id, empty=True)
     if encryption.derivation.algorithm:
         cls.serialise_key_derivation(
             encryption.derivation, encryption_key, encryption.key_names)
     else:
         for name in encryption.key_names:
             mk_elem(encryption_key, 'ds:KeyName', name)
Exemplo n.º 4
0
    def make_xml(self, key, tag):
        from pskc.xml import find, mk_elem

        # skip empty values
        value = self.get_value()
        if value is None:
            return
        # find the data tag and create our tag under it
        data = find(key, "pskc:Data")
        if data is None:
            data = mk_elem(key, "pskc:Data", empty=True)
        element = mk_elem(data, tag, empty=True)
        mk_elem(element, "pskc:PlainValue", self.to_text(self.value))
Exemplo n.º 5
0
 def serialise_encryption(cls, encryption, container):
     """Provide an XML element tree for the encryption information."""
     if all(x is None
            for x in (encryption.id, encryption.key_name, encryption.key,
                      encryption.derivation.algorithm)):
         return
     encryption_key = mk_elem(container, 'pskc:EncryptionKey',
                              Id=encryption.id, empty=True)
     if encryption.derivation.algorithm:
         cls.serialise_key_derivation(
             encryption.derivation, encryption_key, encryption.key_names)
     else:
         for name in encryption.key_names:
             mk_elem(encryption_key, 'ds:KeyName', name)
Exemplo n.º 6
0
 def make_xml(self):
     from pskc.xml import mk_elem
     container = mk_elem('pskc:KeyContainer', Version=self.version,
                         Id=self.id)
     for key in self.keys:
         key.make_xml(container)
     return container
Exemplo n.º 7
0
 def serialise_document(cls, pskc):
     """Convert the PSKC structure to an element tree structure."""
     container = mk_elem('pskc:KeyContainer', Version='1.0', Id=pskc.id)
     cls.serialise_encryption(pskc.encryption, container)
     cls.serialise_mac(pskc.mac, container)
     for device in pskc.devices:
         cls.serialise_key_package(device, container)
     return cls.serialise_signature(pskc.signature, container)
Exemplo n.º 8
0
 def serialise_document(cls, pskc):
     container = mk_elem('pskc:KeyContainer', Version=pskc.version,
                         Id=pskc.id)
     cls.serialise_encryption(pskc.encryption, container)
     cls.serialise_mac(pskc.mac, container)
     for device in pskc.devices:
         cls.serialise_key_package(device, container)
     return container
Exemplo n.º 9
0
 def serialise_document(cls, pskc):
     """Convert the PSKC structure to an element tree structure."""
     container = mk_elem('pskc:KeyContainer', Version='1.0', Id=pskc.id)
     cls.serialise_encryption(pskc.encryption, container)
     cls.serialise_mac(pskc.mac, container)
     for device in pskc.devices:
         cls.serialise_key_package(device, container)
     return cls.serialise_signature(pskc.signature, container)
Exemplo n.º 10
0
 def serialise_mac(cls, mac, container):
     if not mac.algorithm and not mac.key:
         return
     mac_method = mk_elem(
         container, 'pskc:MACMethod', Algorithm=mac.algorithm, empty=True)
     mac_key = mk_elem(mac_method, 'pskc:MACKey', empty=True)
     mk_elem(
         mac_key, 'xenc:EncryptionMethod',
         Algorithm=mac.pskc.encryption.algorithm)
     cipher_data = mk_elem(mac_key, 'xenc:CipherData', empty=True)
     if mac.key_cipher_value:
         mk_elem(cipher_data, 'xenc:CipherValue',
                 base64.b64encode(mac.key_cipher_value).decode())
     elif mac.key_plain_value:
         mk_elem(cipher_data, 'xenc:CipherValue',
                 base64.b64encode(mac.pskc.encryption.encrypt_value(
                     mac.key_plain_value)).decode())
Exemplo n.º 11
0
 def serialise_mac(cls, mac, container):
     """Provide an XML structure for the encrypted MAC key."""
     key_value = getattr(mac, '_key', None) or mac.pskc.encryption.key
     if not mac.algorithm and not key_value:
         return
     mac_method = mk_elem(
         container, 'pskc:MACMethod', Algorithm=mac.algorithm, empty=True)
     if not key_value:
         return
     # encrypt the mac key if needed
     if not hasattr(key_value, 'get_value'):
         key_value = EncryptedValue.create(mac.pskc, key_value)
     # construct encrypted MACKey
     algorithm = key_value.algorithm or mac.pskc.encryption.algorithm
     cipher_value = key_value.cipher_value
     if mac.pskc.encryption.iv:
         cipher_value = mac.pskc.encryption.iv + cipher_value
     mac_key = mk_elem(mac_method, 'pskc:MACKey', empty=True)
     mk_elem(mac_key, 'xenc:EncryptionMethod', Algorithm=algorithm)
     cipher_data = mk_elem(mac_key, 'xenc:CipherData', empty=True)
     mk_elem(cipher_data, 'xenc:CipherValue',
             base64.b64encode(cipher_value).decode())
Exemplo n.º 12
0
 def serialise_mac(cls, mac, container):
     """Provide an XML structure for the encrypted MAC key."""
     key_value = getattr(mac, '_key', None) or mac.pskc.encryption.key
     if not mac.algorithm and not key_value:
         return
     mac_method = mk_elem(container,
                          'pskc:MACMethod',
                          Algorithm=mac.algorithm,
                          empty=True)
     if not key_value:
         return
     # encrypt the mac key if needed
     if not hasattr(key_value, 'get_value'):
         key_value = EncryptedValue.create(mac.pskc, key_value)
     # construct encrypted MACKey
     algorithm = key_value.algorithm or mac.pskc.encryption.algorithm
     cipher_value = key_value.cipher_value
     if mac.pskc.encryption.iv:
         cipher_value = mac.pskc.encryption.iv + cipher_value
     mac_key = mk_elem(mac_method, 'pskc:MACKey', empty=True)
     mk_elem(mac_key, 'xenc:EncryptionMethod', Algorithm=algorithm)
     cipher_data = mk_elem(mac_key, 'xenc:CipherData', empty=True)
     mk_elem(cipher_data, 'xenc:CipherValue',
             base64.b64encode(cipher_value).decode())
Exemplo n.º 13
0
 def serialise_key_derivation(cls, derivation, encryption_key, key_names):
     """Provide an XML structure for the key derivation properties."""
     derived_key = mk_elem(encryption_key, 'xenc11:DerivedKey', empty=True)
     key_derivation = mk_elem(derived_key,
                              'xenc11:KeyDerivationMethod',
                              Algorithm=derivation.algorithm)
     if derivation.algorithm.endswith('#pbkdf2'):
         pbkdf2 = mk_elem(key_derivation,
                          'xenc11:PBKDF2-params',
                          empty=True)
         if derivation.pbkdf2_salt:
             salt = mk_elem(pbkdf2, 'Salt', empty=True)
             mk_elem(salt, 'Specified',
                     base64.b64encode(derivation.pbkdf2_salt).decode())
         mk_elem(pbkdf2, 'IterationCount', derivation.pbkdf2_iterations)
         mk_elem(pbkdf2, 'KeyLength', derivation.pbkdf2_key_length)
         mk_elem(pbkdf2, 'PRF', derivation.pbkdf2_prf)
     # TODO: serialise ReferenceList/DataReference
     for name in key_names:
         mk_elem(derived_key, 'xenc11:MasterKeyName', name)
Exemplo n.º 14
0
    def make_xml(self, container):
        from pskc.xml import mk_elem

        key_package = mk_elem(container, "pskc:KeyPackage", empty=True)

        if any(
            x is not None
            for x in (
                self.manufacturer,
                self.serial,
                self.model,
                self.issue_no,
                self.device_binding,
                self.start_date,
                self.expiry_date,
                self.device_userid,
            )
        ):
            device_info = mk_elem(key_package, "pskc:DeviceInfo", empty=True)
            mk_elem(device_info, "pskc:Manufacturer", self.manufacturer)
            mk_elem(device_info, "pskc:SerialNo", self.serial)
            mk_elem(device_info, "pskc:Model", self.model)
            mk_elem(device_info, "pskc:IssueNo", self.issue_no)
            mk_elem(device_info, "pskc:DeviceBinding", self.device_binding)
            mk_elem(device_info, "pskc:StartDate", self.start_date)
            mk_elem(device_info, "pskc:ExpiryDate", self.expiry_date)
            mk_elem(device_info, "pskc:UserId", self.device_userid)

        if self.crypto_module is not None:
            crypto_module = mk_elem(key_package, "pskc:CryptoModuleInfo", empty=True)
            mk_elem(crypto_module, "pskc:Id", self.crypto_module)

        key = mk_elem(key_package, "pskc:Key", empty=True, Id=self.id, Algorithm=self.algorithm)
        mk_elem(key, "pskc:Issuer", self.issuer)

        if any((self.algorithm_suite, self.challenge_encoding, self.response_encoding, self.response_length)):
            parameters = mk_elem(key, "pskc:AlgorithmParameters", empty=True)
            mk_elem(parameters, "pskc:Suite", self.algorithm_suite)
            mk_elem(
                parameters,
                "pskc:ChallengeFormat",
                Encoding=self.challenge_encoding,
                Min=self.challenge_min_length,
                Max=self.challenge_max_length,
                CheckDigits=self.challenge_check,
            )
            mk_elem(
                parameters,
                "pskc:ResponseFormat",
                Encoding=self.response_encoding,
                Length=self.response_length,
                CheckDigits=self.response_check,
            )

        mk_elem(key, "pskc:KeyProfileId", self.key_profile)
        mk_elem(key, "pskc:KeyReference", self.key_reference)
        mk_elem(key, "pskc:FriendlyName", self.friendly_name)
        self._secret.make_xml(key, "pskc:Secret")
        self._counter.make_xml(key, "pskc:Counter")
        self._time_offset.make_xml(key, "pskc:Time")
        self._time_interval.make_xml(key, "pskc:TimeInterval")
        self._time_drift.make_xml(key, "pskc:TimeDrift")
        mk_elem(key, "pskc:UserId", self.key_userid)

        self.policy.make_xml(key)
Exemplo n.º 15
0
    def make_xml(self, key):
        from pskc.xml import mk_elem
        # check if any policy attribute is set
        if not self.key_usage and all(x is None for x in (
                self.start_date, self.expiry_date,
                self.number_of_transactions, self.pin_key_id, self.pin_usage,
                self.pin_max_failed_attemtps, self.pin_min_length,
                self.pin_max_length, self.pin_encoding)):
            return
        # TODO: raise exception if unknown_policy_elements is set

        policy = mk_elem(key, 'pskc:Policy', empty=True)
        mk_elem(policy, 'pskc:StartDate', self.start_date)
        mk_elem(policy, 'pskc:ExpiryDate', self.expiry_date)
        mk_elem(policy, 'pskc:PINPolicy',
                PINKeyId=self.pin_key_id,
                PINUsageMode=self.pin_usage,
                MaxFailedAttempts=self.pin_max_failed_attemtps,
                MinLength=self.pin_min_length,
                MaxLength=self.pin_max_length,
                PINEncoding=self.pin_encoding)
        for usage in self.key_usage:
            mk_elem(policy, 'pskc:KeyUsage', usage)
        mk_elem(policy, 'pskc:NumberOfTransactions',
                self.number_of_transactions)
Exemplo n.º 16
0
 def serialise_datatype(cls, dt, key_elm, tag, field):
     # skip empty values
     if dt.value in (None, '') and not dt.cipher_value:
         return
     # find the data tag and create our tag under it
     data = find(key_elm, 'pskc:Data')
     if data is None:
         data = mk_elem(key_elm, 'pskc:Data', empty=True)
     element = mk_elem(data, tag, empty=True)
     # see if we should encrypt
     if field in dt.pskc.encryption.fields and not dt.cipher_value:
         dt.cipher_value = dt.pskc.encryption.encrypt_value(
             dt._to_bin(dt.value))
         dt.algorithm = dt.pskc.encryption.algorithm
         dt.value = None
     # write out value
     if dt.cipher_value:
         encrypted_value = mk_elem(
             element, 'pskc:EncryptedValue', empty=True)
         mk_elem(
             encrypted_value, 'xenc:EncryptionMethod',
             Algorithm=dt.algorithm)
         cipher_data = mk_elem(
             encrypted_value, 'xenc:CipherData', empty=True)
         mk_elem(
             cipher_data, 'xenc:CipherValue',
             base64.b64encode(dt.cipher_value).decode())
         if dt.value_mac:
             mk_elem(element, 'pskc:ValueMAC', base64.b64encode(
                 dt.value_mac).decode())
         elif dt.pskc.mac.algorithm:
             mk_elem(element, 'pskc:ValueMAC', base64.b64encode(
                 dt.pskc.mac.generate_mac(dt.cipher_value)
             ).decode())
     else:
         mk_elem(element, 'pskc:PlainValue', dt._to_text(dt.value))
Exemplo n.º 17
0
 def serialise_data(cls, key, field, key_elm, tag):
     """Provide an XML structure for the key material."""
     value = getattr(key, '_%s' % field, None)
     pskc = key.device.pskc
     # skip empty values
     if value in (None, ''):
         return
     # get the value2text and encryption storage
     if field == 'secret':
         value2text = my_b64encode
         encrypted_value_cls = EncryptedValue
     else:
         value2text = str
         encrypted_value_cls = EncryptedIntegerValue
     # find the data tag and create our tag under it
     data = find(key_elm, 'pskc:Data')
     if data is None:
         data = mk_elem(key_elm, 'pskc:Data', empty=True)
     element = mk_elem(data, tag, empty=True)
     # see if we should encrypt the value
     if field in pskc.encryption.fields and not hasattr(value, 'get_value'):
         value = encrypted_value_cls.create(pskc, value)
     # write out value
     if not hasattr(value, 'get_value'):
         # unencrypted value
         mk_elem(element, 'pskc:PlainValue', value2text(value))
     else:
         # encrypted value
         algorithm = value.algorithm or pskc.encryption.algorithm
         cipher_value = value.cipher_value
         if pskc.encryption.iv:
             cipher_value = pskc.encryption.iv + cipher_value
         encrypted_value = mk_elem(element,
                                   'pskc:EncryptedValue',
                                   empty=True)
         mk_elem(encrypted_value,
                 'xenc:EncryptionMethod',
                 Algorithm=algorithm)
         cipher_data = mk_elem(encrypted_value,
                               'xenc:CipherData',
                               empty=True)
         mk_elem(cipher_data, 'xenc:CipherValue',
                 base64.b64encode(cipher_value).decode())
         if value.mac_value:
             mk_elem(element, 'pskc:ValueMAC',
                     base64.b64encode(value.mac_value).decode())
Exemplo n.º 18
0
 def serialise_policy(cls, policy, key_elm):
     """Provide an XML structure with the key policy information."""
     # check if any policy attribute is set
     if not policy.key_usage and all(
             x is None
             for x in (policy.start_date, policy.expiry_date,
                       policy.number_of_transactions, policy.pin_key_id,
                       policy.pin_usage, policy.pin_max_failed_attempts,
                       policy.pin_min_length, policy.pin_max_length,
                       policy.pin_encoding)):
         return
     policy_elm = mk_elem(key_elm, 'pskc:Policy', empty=True)
     mk_elem(policy_elm, 'pskc:StartDate', policy.start_date)
     mk_elem(policy_elm, 'pskc:ExpiryDate', policy.expiry_date)
     mk_elem(policy_elm,
             'pskc:PINPolicy',
             PINKeyId=policy.pin_key_id,
             PINUsageMode=policy.pin_usage,
             MaxFailedAttempts=policy.pin_max_failed_attempts,
             MinLength=policy.pin_min_length,
             MaxLength=policy.pin_max_length,
             PINEncoding=policy.pin_encoding)
     for usage in policy.key_usage:
         mk_elem(policy_elm, 'pskc:KeyUsage', usage)
     mk_elem(policy_elm, 'pskc:NumberOfTransactions',
             policy.number_of_transactions)
Exemplo n.º 19
0
 def serialise_key_package(cls, device, container):
     """Provide an XML structure for key package."""
     key_package = mk_elem(container, 'pskc:KeyPackage', empty=True)
     if any(x is not None
            for x in (device.manufacturer, device.serial, device.model,
                      device.issue_no, device.device_binding,
                      device.start_date, device.expiry_date,
                      device.device_userid)):
         device_info = mk_elem(key_package, 'pskc:DeviceInfo', empty=True)
         mk_elem(device_info, 'pskc:Manufacturer', device.manufacturer)
         mk_elem(device_info, 'pskc:SerialNo', device.serial)
         mk_elem(device_info, 'pskc:Model', device.model)
         mk_elem(device_info, 'pskc:IssueNo', device.issue_no)
         mk_elem(device_info, 'pskc:DeviceBinding', device.device_binding)
         mk_elem(device_info, 'pskc:StartDate', device.start_date)
         mk_elem(device_info, 'pskc:ExpiryDate', device.expiry_date)
         mk_elem(device_info, 'pskc:UserId', device.device_userid)
     if device.crypto_module is not None:
         crypto_module = mk_elem(key_package,
                                 'pskc:CryptoModuleInfo',
                                 empty=True)
         mk_elem(crypto_module, 'pskc:Id', device.crypto_module)
     for key in device.keys:
         cls.serialise_key(key, key_package)
Exemplo n.º 20
0
 def serialise_key(cls, key, key_package):
     """Provide an XML structure for the key information."""
     key_elm = mk_elem(key_package,
                       'pskc:Key',
                       empty=True,
                       Id=key.id,
                       Algorithm=key.algorithm)
     mk_elem(key_elm, 'pskc:Issuer', key.issuer)
     if any((key.algorithm_suite, key.challenge_encoding,
             key.response_encoding, key.response_length)):
         parameters = mk_elem(key_elm,
                              'pskc:AlgorithmParameters',
                              empty=True)
         mk_elem(parameters, 'pskc:Suite', key.algorithm_suite)
         mk_elem(parameters,
                 'pskc:ChallengeFormat',
                 Encoding=key.challenge_encoding,
                 Min=key.challenge_min_length,
                 Max=key.challenge_max_length,
                 CheckDigits=key.challenge_check)
         mk_elem(parameters,
                 'pskc:ResponseFormat',
                 Encoding=key.response_encoding,
                 Length=key.response_length,
                 CheckDigits=key.response_check)
     mk_elem(key_elm, 'pskc:KeyProfileId', key.key_profile)
     mk_elem(key_elm, 'pskc:KeyReference', key.key_reference)
     mk_elem(key_elm, 'pskc:FriendlyName', key.friendly_name)
     cls.serialise_data(key, 'secret', key_elm, 'pskc:Secret')
     cls.serialise_data(key, 'counter', key_elm, 'pskc:Counter')
     cls.serialise_data(key, 'time_offset', key_elm, 'pskc:Time')
     cls.serialise_data(key, 'time_interval', key_elm, 'pskc:TimeInterval')
     cls.serialise_data(key, 'time_drift', key_elm, 'pskc:TimeDrift')
     mk_elem(key_elm, 'pskc:UserId', key.key_userid)
     cls.serialise_policy(key.policy, key_elm)
Exemplo n.º 21
0
 def serialise_key_package(cls, device, container):
     """Provide an XML structure for key package."""
     key_package = mk_elem(container, 'pskc:KeyPackage', empty=True)
     if any(x is not None
            for x in (device.manufacturer, device.serial, device.model,
                      device.issue_no, device.device_binding,
                      device.start_date, device.expiry_date,
                      device.device_userid)):
         device_info = mk_elem(key_package, 'pskc:DeviceInfo', empty=True)
         mk_elem(device_info, 'pskc:Manufacturer', device.manufacturer)
         mk_elem(device_info, 'pskc:SerialNo', device.serial)
         mk_elem(device_info, 'pskc:Model', device.model)
         mk_elem(device_info, 'pskc:IssueNo', device.issue_no)
         mk_elem(device_info, 'pskc:DeviceBinding', device.device_binding)
         mk_elem(device_info, 'pskc:StartDate', device.start_date)
         mk_elem(device_info, 'pskc:ExpiryDate', device.expiry_date)
         mk_elem(device_info, 'pskc:UserId', device.device_userid)
     if device.crypto_module is not None:
         crypto_module = mk_elem(key_package, 'pskc:CryptoModuleInfo',
                                 empty=True)
         mk_elem(crypto_module, 'pskc:Id', device.crypto_module)
     for key in device.keys:
         cls.serialise_key(key, key_package)
Exemplo n.º 22
0
 def serialise_key_derivation(cls, derivation, encryption_key, key_names):
     """Provide an XML structure for the key derivation properties."""
     derived_key = mk_elem(encryption_key, 'xenc11:DerivedKey', empty=True)
     key_derivation = mk_elem(derived_key, 'xenc11:KeyDerivationMethod',
                              Algorithm=derivation.algorithm)
     if derivation.algorithm.endswith('#pbkdf2'):
         pbkdf2 = mk_elem(key_derivation, 'xenc11:PBKDF2-params',
                          empty=True)
         if derivation.pbkdf2_salt:
             salt = mk_elem(pbkdf2, 'Salt', empty=True)
             mk_elem(salt, 'Specified',
                     base64.b64encode(derivation.pbkdf2_salt).decode())
         mk_elem(pbkdf2, 'IterationCount', derivation.pbkdf2_iterations)
         mk_elem(pbkdf2, 'KeyLength', derivation.pbkdf2_key_length)
         mk_elem(pbkdf2, 'PRF', derivation.pbkdf2_prf)
     # TODO: serialise ReferenceList/DataReference
     for name in key_names:
         mk_elem(derived_key, 'xenc11:MasterKeyName', name)
Exemplo n.º 23
0
 def serialise_key(cls, key, key_package):
     """Provide an XML structure for the key information."""
     key_elm = mk_elem(key_package, 'pskc:Key', empty=True, Id=key.id,
                       Algorithm=key.algorithm)
     mk_elem(key_elm, 'pskc:Issuer', key.issuer)
     if any((key.algorithm_suite, key.challenge_encoding,
             key.response_encoding, key.response_length)):
         parameters = mk_elem(key_elm, 'pskc:AlgorithmParameters',
                              empty=True)
         mk_elem(parameters, 'pskc:Suite', key.algorithm_suite)
         mk_elem(parameters, 'pskc:ChallengeFormat',
                 Encoding=key.challenge_encoding,
                 Min=key.challenge_min_length,
                 Max=key.challenge_max_length,
                 CheckDigits=key.challenge_check)
         mk_elem(parameters, 'pskc:ResponseFormat',
                 Encoding=key.response_encoding,
                 Length=key.response_length,
                 CheckDigits=key.response_check)
     mk_elem(key_elm, 'pskc:KeyProfileId', key.key_profile)
     mk_elem(key_elm, 'pskc:KeyReference', key.key_reference)
     mk_elem(key_elm, 'pskc:FriendlyName', key.friendly_name)
     cls.serialise_data(
         key, 'secret', key_elm, 'pskc:Secret')
     cls.serialise_data(
         key, 'counter', key_elm, 'pskc:Counter')
     cls.serialise_data(
         key, 'time_offset', key_elm, 'pskc:Time')
     cls.serialise_data(
         key, 'time_interval', key_elm, 'pskc:TimeInterval')
     cls.serialise_data(
         key, 'time_drift', key_elm, 'pskc:TimeDrift')
     mk_elem(key_elm, 'pskc:UserId', key.key_userid)
     cls.serialise_policy(key.policy, key_elm)
Exemplo n.º 24
0
 def serialise_data(cls, key, field, key_elm, tag):
     """Provide an XML structure for the key material."""
     value = getattr(key, '_%s' % field, None)
     pskc = key.device.pskc
     # skip empty values
     if value in (None, ''):
         return
     # get the value2text and encryption storage
     if field == 'secret':
         value2text = my_b64encode
         encrypted_value_cls = EncryptedValue
     else:
         value2text = str
         encrypted_value_cls = EncryptedIntegerValue
     # find the data tag and create our tag under it
     data = find(key_elm, 'pskc:Data')
     if data is None:
         data = mk_elem(key_elm, 'pskc:Data', empty=True)
     element = mk_elem(data, tag, empty=True)
     # see if we should encrypt the value
     if field in pskc.encryption.fields and not hasattr(
             value, 'get_value'):
         value = encrypted_value_cls.create(pskc, value)
     # write out value
     if not hasattr(value, 'get_value'):
         # unencrypted value
         mk_elem(element, 'pskc:PlainValue', value2text(value))
     else:
         # encrypted value
         algorithm = value.algorithm or pskc.encryption.algorithm
         cipher_value = value.cipher_value
         if pskc.encryption.iv:
             cipher_value = pskc.encryption.iv + cipher_value
         encrypted_value = mk_elem(
             element, 'pskc:EncryptedValue', empty=True)
         mk_elem(encrypted_value, 'xenc:EncryptionMethod',
                 Algorithm=algorithm)
         cipher_data = mk_elem(
             encrypted_value, 'xenc:CipherData', empty=True)
         mk_elem(cipher_data, 'xenc:CipherValue',
                 base64.b64encode(cipher_value).decode())
         if value.mac_value:
             mk_elem(element, 'pskc:ValueMAC',
                     base64.b64encode(value.mac_value).decode())
Exemplo n.º 25
0
 def serialise_policy(cls, policy, key_elm):
     """Provide an XML structure with the key policy information."""
     # check if any policy attribute is set
     if not policy.key_usage and all(x is None for x in (
             policy.start_date, policy.expiry_date,
             policy.number_of_transactions, policy.pin_key_id,
             policy.pin_usage, policy.pin_max_failed_attempts,
             policy.pin_min_length, policy.pin_max_length,
             policy.pin_encoding)):
         return
     policy_elm = mk_elem(key_elm, 'pskc:Policy', empty=True)
     mk_elem(policy_elm, 'pskc:StartDate', policy.start_date)
     mk_elem(policy_elm, 'pskc:ExpiryDate', policy.expiry_date)
     mk_elem(policy_elm, 'pskc:PINPolicy',
             PINKeyId=policy.pin_key_id,
             PINUsageMode=policy.pin_usage,
             MaxFailedAttempts=policy.pin_max_failed_attempts,
             MinLength=policy.pin_min_length,
             MaxLength=policy.pin_max_length,
             PINEncoding=policy.pin_encoding)
     for usage in policy.key_usage:
         mk_elem(policy_elm, 'pskc:KeyUsage', usage)
     mk_elem(policy_elm, 'pskc:NumberOfTransactions',
             policy.number_of_transactions)