def test_read_write_certificate_as_object(self):
with self.assertRaises(SystemExit):
ykman_cli('piv', 'read-object', hex(OBJ.AUTHENTICATION))
cert = generate_self_signed_certificate()
cert_bytes_der = cert.public_bytes(
encoding=serialization.Encoding.DER)
input_tlv = (Tlv(TAG.CERTIFICATE, cert_bytes_der) +
Tlv(TAG.CERT_INFO, b'\0') + Tlv(TAG.LRC, b''))
ykman_cli('piv',
'write-object',
hex(OBJ.AUTHENTICATION),
'-',
'-m',
DEFAULT_MANAGEMENT_KEY,
input=input_tlv)
output1 = ykman_cli.with_bytes_output('piv', 'read-object',
hex(OBJ.AUTHENTICATION))
output_cert_bytes = Tlv.parse_dict(output1)[TAG.CERTIFICATE]
self.assertEqual(output_cert_bytes, cert_bytes_der)
output2 = ykman_cli.with_bytes_output('piv', 'export-certificate',
hex(SLOT.AUTHENTICATION),
'-', '--format', 'DER')
self.assertEqual(output2, cert_bytes_der)
def _sign_cert(key, builder):
cert = builder.sign(key, hashes.SHA256(), default_backend())
sig = key.sign(cert.tbs_certificate_bytes, ec.ECDSA(hashes.SHA256()))
seq = Tlv.parse_list(Tlv.unwrap(0x30, cert.public_bytes(Encoding.DER)))
# Replace signature, add unused bits = 0
seq[2] = Tlv(seq[2].tag, b"\0" + sig)
# Re-assemble sequence
der = Tlv(0x30, b"".join(seq))
return x509.load_der_x509_certificate(der, default_backend())
def test_tlv(self):
self.assertEqual(Tlv(b'\xff\6foobar'), Tlv(0xff, b'foobar'))
tlv1 = Tlv(b'\0\5hello')
tlv2 = Tlv(0xff, b'')
tlv3 = Tlv(0x12, b'hi' * 200)
self.assertEqual(b'\0\5hello', tlv1)
self.assertEqual(b'\xff\0', tlv2)
self.assertEqual(b'\x12\x82\x01\x90' + b'hi' * 200, tlv3)
self.assertEqual(b'\0\5hello\xff\0\x12\x82\x01\x90' + b'hi' * 200,
tlv1 + tlv2 + tlv3)