def __init__(self, cert_dict):
# Data transfer from initialization dictionary #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
self.cert_config_id = cert_dict['id']
self.chipset = cert_dict['chip']
self.dsa_type = cert_dict[
'dsa_type'] if 'dsa_type' in cert_dict else 'rsa'
self.cert_keysize = cert_dict['keysize']
self.cert_exponent = cert_dict['exponent']
if 'padding' in cert_dict and cert_dict['padding'] is not None:
self.cert_padding = cert_dict['padding'].upper()
else:
self.cert_padding = 'PKCS'
if 'hash_algorithm' in cert_dict and cert_dict[
'hash_algorithm'] is not None:
self.cert_hash_algorithm = cert_dict['hash_algorithm']
else:
self.cert_hash_algorithm = 'sha256'
if self.dsa_type == 'rsa':
self.cert_keysize = cert_dict['keysize']
self.cert_exponent = cert_dict['exponent']
self.ecdsa_curve = None
elif self.dsa_type == 'ecdsa':
self.ecdsa_curve = cert_dict['ecdsa_curve']
self.cert_keysize = None
self.cert_exponent = None
self.dp_basepath = cert_dict['dp_path']
self.dp_basepath = os.path.normpath(self.dp_basepath)
# LOCAL_STR changes for test assets #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
self.LOCAL_STR = LOCAL_STR
# Initialize data-provisioner with dp_basepath #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
if self.dp_basepath is not None:
self.data_prov = DataProvisioner(self.dp_basepath)
else:
raise RuntimeError(
"Invalid basepath provided to data provisioner.")
# Construct the asset dirname from cert_dict #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
get_asset_func = self.get_asset
try:
import sectools.features.isc.signer.signerutils.test.intf as tester
get_asset_func = lambda x: tester.get_test_asset(self, x)
except ImportError:
pass
self.LOCAL_STR, self.asset_dirname = get_asset_func(
self.cert_config_id)
self.message_print_set = set()
def __init__(self, config=None, base_path=None, target=None):
'''config file value will override the rest'''
if config is not None:
self.base_path = config.data_provisioning.base_path
self.target = target if target is not None else OPENSSL_TARGET
else:
raise RuntimeError("Config file is not provided.")
self.data_prov = DataProvisioner(self.base_path)
self.message_print_set = set()
def __init__(self, cert_dict):
# Data transfer from initialization dictionary #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
self.cert_config_id = cert_dict['id']
self.chipset = cert_dict['chip']
self.cert_keysize = cert_dict['keysize']
self.cert_exponent = cert_dict['exponent']
self.cert_mrc_index = cert_dict['mrc_index']
self.dp_basepath = cert_dict['dp_path']
self.dp_basepath = os.path.normpath(self.dp_basepath)
# LOCAL_STR changes for test assets #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
self.LOCAL_STR = LOCAL_STR
# Initialize data-provisioner with dp_basepath #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
if self.dp_basepath is not None:
self.data_prov = DataProvisioner(self.dp_basepath)
else:
raise RuntimeError(
"Invalid basepath provided to data provisioner.")
# Construct the asset dirname from cert_dict #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
get_asset_func = self.get_asset
try:
import sectools.features.isc.signer.signerutils.test.intf as tester
get_asset_func = lambda x: tester.get_test_asset(self, x)
except ImportError:
pass
self.LOCAL_STR, self.asset_dirname = get_asset_func(
self.cert_config_id)
# Initialize mrc_index string for injection into cert_path later #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
if self.is_mrc() == 'True':
if self.cert_mrc_index is not None:
self.cert_mrc_index = str(self.cert_mrc_index)
else:
raise RuntimeError(
"mrc_index not given in config file but is needed for multi-root certificates"
)
else:
self.cert_mrc_index = ''
self.message_print_set = set()
def __init__(self, config=None, base_path=None, chipset=None):
'''config file value will override the rest'''
if config is not None:
base_path = config.config.data_provisioning.base_path
chipset = config.chipset
if base_path is not None and chipset is not None:
self.base_path = base_path
self.chipset = chipset
else:
raise RuntimeError(
"Required parameters are not provided. Base path and chipset.")
self.data_prov = DataProvisioner(self.base_path)
self.message_print_set = set()
class DataProvEnquirer(object):
def log_once(self, msg):
if msg not in self.message_print_set:
logger.debug(msg)
self.message_print_set.add(msg)
def __init__(self, base_path=None):
self.data_prov = DataProvisioner(base_path)
self.message_print_set = set()
def query_data_prov(self, level1_namespace, level2_namespace, level3_namespace, asset_tag, return_file_path=False):
query_result = self.data_prov.query(level1_namespace, level2_namespace, level3_namespace)[0]
'''check if config.xml exists'''
if not query_result.config:
raise RuntimeError('DataProvisioner: ' + c_path.join(query_result.path, 'config.xml') + ' is not found')
'''check if config.xml is valid'''
try:
asset_file_name = str(getattr(query_result.config.METACONFIG, asset_tag))
except Exception:
raise RuntimeError('DataProvisioner: ' + asset_tag + ' is not found in config.xml')
'''check if asset file exists'''
asset_file_path = os.path.join(query_result.path, asset_file_name)
if not c_path.validate_file(asset_file_path):
raise RuntimeError('DataProvisioner: ' + asset_file_path + ' is not found')
self.log_once(asset_tag + " = " + asset_file_path)
logger.debug("DataProvisioner config: " + str(query_result.config))
if return_file_path:
return asset_file_path
else:
return query_result.files[asset_file_name]
class OpenSSL_DataService(object):
__metaclass__ = SingletonClass
def log_once(self, msg):
if msg not in self.message_print_set:
logger.info(msg)
self.message_print_set.add(msg)
def __init__(self, config=None, base_path=None, target=None):
'''config file value will override the rest'''
if config is not None:
self.base_path = config.data_provisioning.base_path
self.target = target if target is not None else OPENSSL_TARGET
else:
raise RuntimeError("Config file is not provided.")
self.data_prov = DataProvisioner(self.base_path)
self.message_print_set = set()
def query_data_prov(self, level1_namespace, level2_namespace, level3_namespace, asset_tag):
query_result = self.data_prov.query(level1_namespace, level2_namespace, level3_namespace)[0]
'''check if config.xml exists'''
if not query_result.config:
raise RuntimeError('DataProvisioner: ' + c_path.join(query_result.path, 'config.xml') + ' is not found')
'''check if config.xml is valid'''
try:
asset_file_name = str(getattr(query_result.config.METACONFIG, asset_tag))
except Exception:
raise RuntimeError('DataProvisioner: ' + asset_tag + ' is not found in config.xml')
'''check if asset file exists'''
asset_file_path = os.path.join(query_result.path, asset_file_name)
if not c_path.validate_file(asset_file_path):
raise RuntimeError('DataProvisioner: ' + asset_file_path + ' is not found')
self.log_once(asset_tag + " = " + asset_file_path)
logger.debug("DataProvisioner config: " + str(query_result.config))
return asset_file_path
def get_attest_ca_xts(self):
return self.query_data_prov(ASSETS_STR, SIGNING_STR, self.target, ATEST_CA_XTS_TAG)
def get_ca_cert_xts(self):
return self.query_data_prov(ASSETS_STR, SIGNING_STR, self.target, CA_CERT_XTS_TAG)
def get_openssl_config(self):
return self.query_data_prov(ASSETS_STR, SIGNING_STR, self.target, OPENSSL_CONFIG_TAG)
class CertData(object):
def log_once(self, msg):
if msg not in self.message_print_set:
self.message_print_set.add(msg)
def __init__(self, cert_dict):
# Data transfer from initialization dictionary #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
self.cert_config_id = cert_dict['id']
self.chipset = cert_dict['chip']
self.cert_keysize = cert_dict['keysize']
self.cert_exponent = cert_dict['exponent']
self.cert_mrc_index = cert_dict['mrc_index']
self.dp_basepath = cert_dict['dp_path']
self.dp_basepath = os.path.normpath(self.dp_basepath)
# LOCAL_STR changes for test assets #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
self.LOCAL_STR = LOCAL_STR
# Initialize data-provisioner with dp_basepath #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
if self.dp_basepath is not None:
self.data_prov = DataProvisioner(self.dp_basepath)
else:
raise RuntimeError("Invalid basepath provided to data provisioner.")
# Construct the asset dirname from cert_dict #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
get_asset_func = self.get_asset
try:
import sectools.features.isc.signer.signerutils.test.intf as tester
get_asset_func = lambda x: tester.get_test_asset(self, x)
except ImportError:
pass
self.LOCAL_STR, self.asset_dirname = get_asset_func(self.cert_config_id)
# Initialize mrc_index string for injection into cert_path later #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
if self.is_mrc() == 'True':
if self.cert_mrc_index is not None:
self.cert_mrc_index = str(self.cert_mrc_index)
else:
raise RuntimeError("mrc_index not given in config file but is needed for multi-root certificates")
else:
self.cert_mrc_index = ''
self.message_print_set = set()
def query_data_taginfo(self, T1_namespace, T2_namespace, T3_namespace, asset_tag):
query_result = self.data_prov.query(T1_namespace, T2_namespace, T3_namespace)[0]
# check if asset folder has been found correctly #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
if not query_result.config:
raise RuntimeError('DataProvisioner: ' + c_path.join(query_result.path, 'config.xml') + ' is not found')
'''check if config.xml is valid'''
try:
tag_info = str(getattr(query_result.config.METACONFIG, asset_tag))
return tag_info
except Exception:
raise RuntimeError('DataProvisioner: ' + asset_tag + ' is not found in config.xml')
return 'ERROR'
def query_data_path(self, T1_namespace, T2_namespace, T3_namespace, asset_tag):
query_result = self.data_prov.query(T1_namespace, T2_namespace, T3_namespace)[0]
# check if asset folder has been found correctly #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
if not query_result.config:
raise RuntimeError('DataProvisioner: ' + c_path.join(query_result.path, 'config.xml') + ' is not found')
# check if config.xml is valid #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
try:
asset_file_name = str(getattr(query_result.config.METACONFIG, asset_tag))
except Exception:
raise RuntimeError('DataProvisioner: ' + asset_tag + ' is not found in config.xml')
return 'ERROR'
# Inject the mrc_index into file string before the period #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
asset_file_name = string.replace(asset_file_name, '.', str(self.cert_mrc_index) + '.')
# check if asset file exists #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
asset_file_path = os.path.join(query_result.path, asset_file_name)
asset_file_path = os.path.normpath(asset_file_path)
if not c_path.validate_file(asset_file_path):
raise RuntimeError('DataProvisioner: ' + asset_file_path + ' is not found')
self.log_once(asset_tag + " = " + asset_file_path)
logger.debug("DataProvisioner config: " + str(query_result.config))
return asset_file_path
def get_crypto_params(self):
crypto_params_dict = {}
if self.get_root_pre() != 'ERROR':
crypto_params_dict['root_certificate_properties'] = self._extract_params('root')
else:
raise RuntimeError("No root field detected in asset's config file")
if self.get_attest_ca_pre() != 'ERROR':
crypto_params_dict['attest_ca_certificate_properties'] = self._extract_params('attest_ca')
else:
raise RuntimeError("No attest_ca field detected in asset's config file")
if self.get_attest_pre() != 'ERROR':
crypto_params_dict['attest_certificate_properties'] = self._extract_params('attest')
else:
raise RuntimeError("No attest field detected in asset's config file")
return crypto_params_dict
def _extract_params(self, tag_type):
if tag_type == 'root':
if self.get_root_pre() == 'True':
params = {}
params['certificate_path'] = self.get_root_cert()
params['private_key_path'] = self.get_root_priv_key()
else:
# get the cert parameters from config file #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
param_string = self.get_root_params()
param_list = filter(None, param_string.split('\n'))
params = utility_functions.normalize_param_list_into_dict(param_list)
elif tag_type == 'attest_ca':
if self.get_attest_ca_pre() == 'True':
params = {}
params['certificate_path'] = self.get_attest_ca_cert()
params['private_key_path'] = self.get_attest_ca_priv_key()
else:
# get the cert parameters from config file #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
param_string = self.get_attest_ca_params()
param_list = filter(None, param_string.split('\n'))
params = utility_functions.normalize_param_list_into_dict(param_list)
elif tag_type == 'attest':
if self.get_attest_pre() == 'True':
params = {}
params['certificate_path'] = self.get_attest_cert()
params['private_key_path'] = self.get_attest_priv_key()
else:
# get the cert parameters from config file #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
param_string = self.get_attest_cert_params()
param_list = filter(None, param_string.split('\n'))
params = utility_functions.normalize_param_list_into_dict(param_list)
else:
raise RuntimeError('invalid tag type passed to _extract_params()')
return params
def get_rootcerts(self, num_root_certs=None):
root_cert_list = []
if self.is_mrc() == 'True':
if num_root_certs is not None:
root_cert_list = self.get_cert_list(num_root_certs)
else:
raise RuntimeError('Cert_Data.get_rootcerts() must be called with num_root_certs on mrc\'s')
return root_cert_list
def get_cert_list(self, num_root_certs):
save_index = self.cert_mrc_index
cert_list = []
for i in range(0, num_root_certs):
self.cert_mrc_index = i
cert_path = self.get_root_cert()
if os.path.isfile(cert_path) is False:
err_str = "certificate_path does not exist: {0}!".format(cert_path)
raise RuntimeError(err_str)
cert = c_misc.load_data_from_file(cert_path)
cert_list.append(cert)
self.cert_mrc_index = save_index
return cert_list
def get_asset(self, asset_name):
key_str = KEY_PREFIX + str(self.cert_keysize)
exp_str = EXP_PREFIX + str(self.cert_exponent)
supported_options = [key_str + exp_str, '']
searched_paths = []
for option in supported_options:
try:
searched_paths.append(os.path.join(self.dp_basepath, SIGNING_STR, self.LOCAL_STR, asset_name + option))
self.data_prov.query(SIGNING_STR, self.LOCAL_STR, asset_name + option)[0]
return self.LOCAL_STR, asset_name + option
except Exception:
pass
else:
raise RuntimeError("Selected cert config: '" + asset_name + "' not found in any of the following locations: " + "\n" + "\n".join(searched_paths) + "\n")
def is_mrc(self):
return self.query_data_taginfo(SIGNING_STR, self.LOCAL_STR, self.asset_dirname, 'is_mrc')
def get_path_globals(self):
globals_list = {}
globals_list['SIGNING_STR'] = SIGNING_STR
globals_list['LOCAL_STR'] = LOCAL_STR
return globals_list
def get_root_pre(self):
return self.query_data_taginfo(SIGNING_STR, self.LOCAL_STR, self.asset_dirname, 'root_pre')
def get_attest_ca_pre(self):
return self.query_data_taginfo(SIGNING_STR, self.LOCAL_STR, self.asset_dirname, 'attest_ca_pre')
def get_attest_pre(self):
return self.query_data_taginfo(SIGNING_STR, self.LOCAL_STR, self.asset_dirname, 'attest_pre')
def get_root_params(self):
return self.query_data_taginfo(SIGNING_STR, self.LOCAL_STR, self.asset_dirname, 'root_cert_params')
def get_attest_ca_params(self):
return self.query_data_taginfo(SIGNING_STR, self.LOCAL_STR, self.asset_dirname, 'attest_ca_cert_params')
def get_attest_cert_params(self):
return self.query_data_taginfo(SIGNING_STR, self.LOCAL_STR, self.asset_dirname, 'attest_cert_params')
def get_root_cert(self):
return self.query_data_path(SIGNING_STR, self.LOCAL_STR, self.asset_dirname, CERT_TAG)
def get_root_priv_key(self):
return self.query_data_path(SIGNING_STR, self.LOCAL_STR, self.asset_dirname, PRIV_KEY_TAG)
def get_attest_ca_cert(self):
return self.query_data_path(SIGNING_STR, self.LOCAL_STR, self.asset_dirname, ATTEST_CA_CERT_TAG)
def get_attest_ca_priv_key(self):
return self.query_data_path(SIGNING_STR, self.LOCAL_STR, self.asset_dirname, ATTEST_CA_PRIV_KEY_TAG)
def get_attest_cert(self):
return self.query_data_path(SIGNING_STR, self.LOCAL_STR, self.asset_dirname, ATTEST_CERT_TAG)
def get_attest_priv_key(self):
return self.query_data_path(SIGNING_STR, self.LOCAL_STR, self.asset_dirname, ATTEST_PRIV_KEY_TAG)
class KeyService(object):
__metaclass__ = SingletonClass
def log_once(self, msg):
if msg not in self.message_print_set:
logger.info(msg)
self.message_print_set.add(msg)
def __init__(self, config=None, base_path=None, chipset=None):
'''config file value will override the rest'''
if config is not None:
base_path = config.config.data_provisioning.base_path
chipset = config.chipset
if base_path is not None and chipset is not None:
self.base_path = base_path
self.chipset = chipset
else:
raise RuntimeError(
"Required parameters are not provided. Base path and chipset.")
self.data_prov = DataProvisioner(self.base_path)
self.message_print_set = set()
def query_data_prov(self, level1_namespace, level2_namespace,
level3_namespace, asset_tag):
query_result = self.data_prov.query(level1_namespace, level2_namespace,
level3_namespace)[0]
'''check if config.xml exists'''
if not query_result.config:
raise RuntimeError('DataProvisioner: ' +
c_path.join(query_result.path, 'config.xml') +
' is not found')
'''check if config.xml is valid'''
try:
asset_file_name = str(
getattr(query_result.config.METACONFIG, asset_tag))
except Exception:
raise RuntimeError('DataProvisioner: ' + asset_tag +
' is not found in config.xml')
'''check if asset file exists'''
asset_file_path = os.path.join(query_result.path, asset_file_name)
if not c_path.validate_file(asset_file_path):
raise RuntimeError('DataProvisioner: ' + asset_file_path +
' is not found')
self.log_once(asset_tag + " = " + asset_file_path)
logger.debug("DataProvisioner config: " + str(query_result.config))
return query_result.files[asset_file_name]
def get_l1_key(self):
return self.query_data_prov(ENCRYPTION_STR, UNIFIED_STR, self.chipset,
L1_KEY_TAG)
def get_l2_key(self):
return self.query_data_prov(ENCRYPTION_STR, UNIFIED_STR, self.chipset,
L2_KEY_TAG)
def get_l3_key(self):
return self.query_data_prov(ENCRYPTION_STR, UNIFIED_STR, self.chipset,
L3_KEY_TAG)
def __init__(self, base_path=None):
self.data_prov = DataProvisioner(base_path)
self.message_print_set = set()
class CertDataBase(object):
def log_once(self, msg):
if msg not in self.message_print_set:
self.message_print_set.add(msg)
def __init__(self, cert_dict):
# Data transfer from initialization dictionary #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
self.cert_config_id = cert_dict['id']
self.chipset = cert_dict['chip']
self.dsa_type = cert_dict[
'dsa_type'] if 'dsa_type' in cert_dict else 'rsa'
self.cert_keysize = cert_dict['keysize']
self.cert_exponent = cert_dict['exponent']
if 'padding' in cert_dict and cert_dict['padding'] is not None:
self.cert_padding = cert_dict['padding'].upper()
else:
self.cert_padding = 'PKCS'
if 'hash_algorithm' in cert_dict and cert_dict[
'hash_algorithm'] is not None:
self.cert_hash_algorithm = cert_dict['hash_algorithm']
else:
self.cert_hash_algorithm = 'sha256'
if self.dsa_type == 'rsa':
self.cert_keysize = cert_dict['keysize']
self.cert_exponent = cert_dict['exponent']
self.ecdsa_curve = None
elif self.dsa_type == 'ecdsa':
self.ecdsa_curve = cert_dict['ecdsa_curve']
self.cert_keysize = None
self.cert_exponent = None
self.dp_basepath = cert_dict['dp_path']
self.dp_basepath = os.path.normpath(self.dp_basepath)
# LOCAL_STR changes for test assets #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
self.LOCAL_STR = LOCAL_STR
# Initialize data-provisioner with dp_basepath #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
if self.dp_basepath is not None:
self.data_prov = DataProvisioner(self.dp_basepath)
else:
raise RuntimeError(
"Invalid basepath provided to data provisioner.")
# Construct the asset dirname from cert_dict #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
get_asset_func = self.get_asset
try:
import sectools.features.isc.signer.signerutils.test.intf as tester
get_asset_func = lambda x: tester.get_test_asset(self, x)
except ImportError:
pass
self.LOCAL_STR, self.asset_dirname = get_asset_func(
self.cert_config_id)
self.message_print_set = set()
def query_data_taginfo(self,
T1_namespace,
T2_namespace,
T3_namespace,
asset_tag,
default=None):
query_result = self.data_prov.query(T1_namespace, T2_namespace,
T3_namespace)[0]
# check if asset folder has been found correctly #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
if not query_result.config:
raise RuntimeError('DataProvisioner: ' +
c_path.join(query_result.path, 'config.xml') +
' is not found')
try:
return str(getattr(query_result.config.METACONFIG, asset_tag))
except Exception:
return default
def query_data_path(self, T1_namespace, T2_namespace, T3_namespace,
asset_tag):
query_result = self.data_prov.query(T1_namespace, T2_namespace,
T3_namespace)[0]
# check if asset folder has been found correctly #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
if not query_result.config:
raise RuntimeError('DataProvisioner: ' +
c_path.join(query_result.path, 'config.xml') +
' is not found')
# check if config.xml is valid #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
try:
asset_file_name = str(
getattr(query_result.config.METACONFIG, asset_tag))
except Exception:
raise RuntimeError('DataProvisioner: ' + asset_tag +
' is not found in config.xml')
# return 'ERROR'
# check if asset file exists #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
asset_file_path = os.path.join(query_result.path, asset_file_name)
asset_file_path = os.path.normpath(asset_file_path)
if not c_path.validate_file(asset_file_path):
raise RuntimeError('DataProvisioner: ' + asset_file_path +
' is not found')
self.log_once(asset_tag + " = " + asset_file_path)
logger.debug("DataProvisioner config: " + str(query_result.config))
return asset_file_path
def get_certs_info(self, num_root_certs, crypto_params={}):
crypto_params_dict = self.get_crypto_params()
crypto_params_dict.update(crypto_params)
root_certs = self.get_rootcerts(num_root_certs)
certs_info = CertsInfo()
certs_info.root.init_from_params_dict(
crypto_params_dict['root_certificate_properties'])
certs_info.ca.init_from_params_dict(
crypto_params_dict['attest_ca_certificate_properties'])
certs_info.attest.init_from_params_dict(
crypto_params_dict['attest_certificate_properties'])
certs_info.root_certs = root_certs
return certs_info
def get_crypto_params(self):
crypto_params_dict = {}
crypto_params_dict[
'root_certificate_properties'] = self._extract_params('root')
crypto_params_dict[
'attest_ca_certificate_properties'] = self._extract_params(
'attest_ca')
crypto_params_dict[
'attest_certificate_properties'] = self._extract_params('attest')
return crypto_params_dict
def _extract_params(self, tag_type):
# set getter functions based on tag_type
params = {}
if tag_type == 'root':
get_pre_funct = self.get_root_pre
get_cert_funct = self.get_root_cert
get_key_funct = self.get_root_priv_key
get_params_funct = self.get_root_params
elif tag_type == 'attest_ca':
get_pre_funct = self.get_attest_ca_pre
get_cert_funct = self.get_attest_ca_cert
get_key_funct = self.get_attest_ca_priv_key
get_params_funct = self.get_attest_ca_params
elif tag_type == 'attest':
get_pre_funct = self.get_attest_pre
get_cert_funct = self.get_attest_cert
get_key_funct = self.get_attest_priv_key
get_params_funct = self.get_attest_cert_params
else:
raise RuntimeError('invalid tag type passed to _extract_params()')
if get_pre_funct() == 'True':
params['certificate_path'] = get_cert_funct()
params['private_key_path'] = get_key_funct()
else:
# get the cert parameters from config file #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
param_string = get_params_funct()
param_list = filter(None, param_string.split('\n'))
try:
params = crypto.cert.get_subject_params(','.join(param_list))
except IndexError:
pass
return params
def get_rootcerts(self, num_root_certs=None):
return []
def get_asset(self, asset_name):
if self.dsa_type == 'rsa' or self.dsa_type is None:
key_str = KEY_PREFIX + str(self.cert_keysize)
exp_str = EXP_PREFIX + str(self.cert_exponent)
pad_str = PAD_PREFIX + str(
self.cert_padding) if self.cert_padding == 'PSS' else ''
hash_str = ((HASH_PREFIX + str(self.cert_hash_algorithm.upper()))
if self.cert_hash_algorithm != 'sha256' else '')
supported_options = [key_str + exp_str + pad_str + hash_str, '']
else:
curve_str = CURVE_PREFIX + str(self.ecdsa_curve)
supported_options = [curve_str, '']
searched_paths = []
for option in supported_options:
try:
searched_paths.append(
os.path.join(self.dp_basepath, SIGNING_STR, self.LOCAL_STR,
asset_name + option))
_ = self.data_prov.query(SIGNING_STR, self.LOCAL_STR,
asset_name + option)[0]
return self.LOCAL_STR, asset_name + option
except Exception:
pass
else:
raise RuntimeError(
"Selected cert config: '" + asset_name +
"' not found in any of the following locations: " + "\n" +
"\n".join(searched_paths) + "\n")
def get_path_globals(self):
globals_list = {}
globals_list['SIGNING_STR'] = SIGNING_STR
globals_list['LOCAL_STR'] = LOCAL_STR
return globals_list
def get_root_pre(self):
return self.query_data_taginfo(SIGNING_STR,
self.LOCAL_STR,
self.asset_dirname,
'root_pre',
default="False")
def get_attest_ca_pre(self):
return self.query_data_taginfo(SIGNING_STR,
self.LOCAL_STR,
self.asset_dirname,
'attest_ca_pre',
default="False")
def get_attest_pre(self):
return self.query_data_taginfo(SIGNING_STR,
self.LOCAL_STR,
self.asset_dirname,
'attest_pre',
default="False")
def get_root_params(self):
return self.query_data_taginfo(SIGNING_STR,
self.LOCAL_STR,
self.asset_dirname,
'root_cert_params',
default="")
def get_attest_ca_params(self):
return self.query_data_taginfo(SIGNING_STR,
self.LOCAL_STR,
self.asset_dirname,
'attest_ca_cert_params',
default="")
def get_attest_cert_params(self):
return self.query_data_taginfo(SIGNING_STR,
self.LOCAL_STR,
self.asset_dirname,
'attest_cert_params',
default="")
def get_root_cert(self):
return self.query_data_path(SIGNING_STR, self.LOCAL_STR,
self.asset_dirname, CERT_TAG)
def get_root_priv_key(self):
return self.query_data_path(SIGNING_STR, self.LOCAL_STR,
self.asset_dirname, PRIV_KEY_TAG)
def get_attest_ca_cert(self):
return self.query_data_path(SIGNING_STR, self.LOCAL_STR,
self.asset_dirname, ATTEST_CA_CERT_TAG)
def get_attest_ca_priv_key(self):
return self.query_data_path(SIGNING_STR, self.LOCAL_STR,
self.asset_dirname, ATTEST_CA_PRIV_KEY_TAG)
def get_attest_cert(self):
return self.query_data_path(SIGNING_STR, self.LOCAL_STR,
self.asset_dirname, ATTEST_CERT_TAG)
def get_attest_priv_key(self):
return self.query_data_path(SIGNING_STR, self.LOCAL_STR,
self.asset_dirname, ATTEST_PRIV_KEY_TAG)