def piv_can_parse(self, file_url): file_path = self._get_file_path(file_url) with open(file_path, 'r+b') as file: data = file.read() try: parse_certificates(data, password=None) return success() except (ValueError, TypeError): pass try: parse_private_key(data, password=None) return success() except (ValueError, TypeError): pass raise ValueError('Failed to parse certificate or key')
def test_is_pkcs12(self): with self.assertRaises(TypeError): is_pkcs12(None) with open_file("rsa_2048_key.pem") as rsa_2048_key_pem: self.assertFalse(is_pkcs12(rsa_2048_key_pem.read())) with open_file("rsa_2048_key_encrypted.pem") as f: self.assertFalse(is_pkcs12(f.read())) with open_file("rsa_2048_cert.pem") as rsa_2048_cert_pem: self.assertFalse(is_pkcs12(rsa_2048_cert_pem.read())) with open_file("rsa_2048_key_cert.pfx") as rsa_2048_key_cert_pfx: data = rsa_2048_key_cert_pfx.read() self.assertTrue(is_pkcs12(data)) parse_private_key(data, None) parse_certificates(data, None) with open_file( "rsa_2048_key_cert_encrypted.pfx" ) as rsa_2048_key_cert_encrypted_pfx: self.assertTrue(is_pkcs12(rsa_2048_key_cert_encrypted_pfx.read()))
def piv_import_file(self, slot, file_url, password=None, pin=None, mgm_key=None): is_cert = False is_private_key = False file_path = self._get_file_path(file_url) if password: password = password.encode() with open(file_path, 'r+b') as file: data = file.read() try: certs = parse_certificates(data, password) is_cert = True except (ValueError, TypeError): pass try: private_key = parse_private_key(data, password) is_private_key = True except (ValueError, TypeError, InvalidPasswordError): pass if not (is_cert or is_private_key): return failure('failed_parsing') with self._open_device([SmartCardConnection]) as conn: session = PivSession(conn) with PromptTimeout(): auth_failed = self._piv_ensure_authenticated( session, pin, mgm_key) if auth_failed: return auth_failed if is_private_key: session.put_key(SLOT[slot], private_key) if is_cert: if len(certs) > 1: leafs = get_leaf_certificates(certs) cert_to_import = leafs[0] else: cert_to_import = certs[0] session.put_certificate(SLOT[slot], cert_to_import) session.put_object(OBJECT_ID.CHUID, generate_chuid()) return success({ 'imported_cert': is_cert, 'imported_key': is_private_key })
def piv_import_file(self, slot, file_url, password=None, pin=None, mgm_key=None): is_cert = False is_private_key = False file_path = self._get_file_path(file_url) if password: password = password.encode() with open(file_path, 'r+b') as file: data = file.read() try: certs = parse_certificates(data, password) is_cert = True except (ValueError, TypeError): pass try: private_key = parse_private_key(data, password) is_private_key = True except (ValueError, TypeError): pass if not (is_cert or is_private_key): return failure('failed_parsing') with self._open_piv() as controller: auth_failed = self._piv_ensure_authenticated( controller, pin, mgm_key) if auth_failed: return auth_failed if is_private_key: controller.import_key(SLOT[slot], private_key) if is_cert: if len(certs) > 1: leafs = get_leaf_certificates(certs) cert_to_import = leafs[0] else: cert_to_import = certs[0] controller.import_certificate(SLOT[slot], cert_to_import) return success({ 'imported_cert': is_cert, 'imported_key': is_private_key })
def get_test_key(): with open_file("rsa_2048_key.pem") as f: return parse_private_key(f.read(), None)
def get_test_key(): with open_file('rsa_2048_key.pem') as f: return parse_private_key(f.read(), None)
def piv_import_key(self, slot_name, file_url, pin=None, mgm_key_hex=None, password=None, pin_policy=None, touch_policy=None): logger.debug('piv_import_key %s %s', slot_name, file_url) file_path = urllib.parse.urlparse(file_url).path with self._open_piv() as piv_controller: with open(file_path, 'r+b') as key_file: data = key_file.read() if password is not None: password = password.encode('utf-8') try: private_key = parse_private_key(data, password) except (ValueError, TypeError): if password is None: return { 'success': False, 'failure': { 'passwordRequired': True }, } else: return { 'success': False, 'failure': { 'wrongPassword': True }, } auth_failed = self._piv_ensure_authenticated( piv_controller, pin=pin, mgm_key_hex=mgm_key_hex) if auth_failed: return auth_failed unsupported_policy = self._piv_check_policies( piv_controller, pin_policy=pin_policy, touch_policy=touch_policy) if unsupported_policy: return unsupported_policy try: piv_controller.import_key( SLOT[slot_name], private_key, pin_policy=(PIN_POLICY.from_string(pin_policy) if pin_policy else PIN_POLICY.DEFAULT), touch_policy=(TOUCH_POLICY.from_string(touch_policy) if touch_policy else TOUCH_POLICY.DEFAULT)) return {'success': True} except Exception as e: logger.error('Failed to import key', exc_info=e) return { 'success': False, 'message': str(e), 'failure': { 'import': True }, } data = private_key.read()