def generate(config: TextIO, output: BinaryIO, encoding: str,
force: bool) -> None:
"""Generate certificate."""
logger.info("Generating Certificate...")
logger.info("Loading configuration from yml file...")
check_destination_dir(output.name, force)
check_file_exists(output.name, force)
config_data = load_configuration(config.name)
cert_config = CertificateParametersConfig(config_data)
priv_key = load_private_key(cert_config.issuer_private_key)
pub_key = load_public_key(cert_config.subject_public_key)
certificate = generate_certificate(
subject=cert_config.subject_name,
issuer=cert_config.issuer_name,
subject_public_key=pub_key,
issuer_private_key=priv_key,
serial_number=cert_config.serial_number,
duration=cert_config.duration,
if_ca=cert_config.BasicConstrains_ca,
path_length=cert_config.BasicConstrains_path_length,
)
logger.info("Saving the generated certificate to the specified path...")
encoding_type = Encoding.PEM if encoding.lower() == "pem" else Encoding.DER
save_crypto_item(certificate, output.name, encoding_type=encoding_type)
logger.info("Certificate generated successfully...")
click.echo(
f"The certificate file has been created: {os.path.abspath(output.name)}"
)
def gendc(
protocol: str,
plugin: click.Path,
dc_file_path: str,
config: click.File,
elf2sb_config: click.File,
force: bool,
) -> None:
"""Generate debug certificate (DC).
\b
PATH - path to dc file
"""
if plugin:
# if a plugin is present simply load it
# The SignatureProvider will automatically pick up any implementation(s)
from importlib.util import ( # pylint: disable=import-outside-toplevel
module_from_spec, spec_from_file_location,
)
spec = spec_from_file_location(name="plugin",
location=plugin) # type: ignore
assert spec
mod = module_from_spec(spec)
spec.loader.exec_module(mod) # type: ignore
is_rsa = determine_protocol_version(protocol)
check_destination_dir(dc_file_path, force)
check_file_exists(dc_file_path, force)
logger.info("Loading configuration from yml file...")
yaml_content = load_configuration(config.name)
if elf2sb_config:
logger.info("Loading configuration from elf2sb config file...")
rot_info = RootOfTrustInfo(load_configuration(
elf2sb_config.name)) # type: ignore
yaml_content["rot_meta"] = rot_info.public_keys
yaml_content["rotk"] = rot_info.private_key
yaml_content["rot_id"] = rot_info.public_key_index
# enforcing rot_id presence in yaml config...
assert "rot_id" in yaml_content, "Config file doesn't contain the 'rot_id' field"
logger.info(
f"Creating {'RSA' if is_rsa else 'ECC'} debug credential object...")
dc = DebugCredential.create_from_yaml_config(version=protocol,
yaml_config=yaml_content)
dc.sign()
data = dc.export()
logger.info("Saving the debug credential to a file...")
with open(dc_file_path, "wb") as f:
f.write(data)
print_output(True, "Creating Debug credential file")
def get_cfg_template(output: click.Path, force: bool) -> None:
"""Generate the template of Debug Credentials YML configuration file.
\b
PATH - file name path to write template config file
"""
check_destination_dir(str(output), force)
check_file_exists(str(output), force)
with open(os.path.join(NXPDEBUGMBOX_DATA_FOLDER, "template_config.yml"), "r") as file:
template = file.read()
with open(str(output), "w") as file:
file.write(template)
click.echo("The configuration template file has been created.")
def get_cfg_template(output: click.Path, force: bool) -> None:
"""Generate the template of Certificate generation YML configuration file.
\b
PATH - file name path to write template config file
"""
logger.info("Creating Certificate template...")
check_destination_dir(str(output), force)
check_file_exists(str(output), force)
with open(os.path.join(NXPCERTGEN_DATA_FOLDER, "certgen_config.yml"),
"r") as file:
template = file.read()
with open(str(output), "w") as file:
file.write(template)
click.echo(
f"The configuration template file has been created: {os.path.abspath(str(output))}"
)
def main(log_level: str, key_type: str, path: str, password: str,
force: bool) -> int:
"""NXP Key Generator Tool.
\b
PATH - output file path, where the key pairs (private and public key) will be stored.
Each key will be stored in separate file (.pub and .pem).
"""
logging.basicConfig(level=log_level.upper())
key_param = key_type.lower().strip()
is_rsa = "rsa" in key_param
check_destination_dir(path, force)
check_file_exists(path, force)
pub_key_path = os.path.splitext(path)[0] + ".pub"
check_file_exists(pub_key_path, force)
if is_rsa:
logger.info("Generating RSA private key...")
priv_key_rsa = generate_rsa_private_key(
key_size=int(key_param.replace("rsa", "")))
logger.info("Generating RSA corresponding public key...")
pub_key_rsa = generate_rsa_public_key(priv_key_rsa)
logger.info("Saving RSA key pair...")
save_rsa_private_key(priv_key_rsa, path,
password if password else None)
save_rsa_public_key(pub_key_rsa, pub_key_path)
else:
logger.info("Generating ECC private key...")
priv_key_ec = generate_ecc_private_key(curve_name=key_param)
logger.info("Generating ECC public key...")
pub_key_ec = generate_ecc_public_key(priv_key_ec)
logger.info("Saving ECC key pair...")
save_ecc_private_key(priv_key_ec, path, password if password else None)
save_ecc_public_key(pub_key_ec, pub_key_path)
return 0
