Squashed commits

Yubico · May 24, 2024 · 338b092 · 338b092
1 parent fbdae2b
commit 338b092
Show file tree

Hide file tree

Showing 44 changed files with 3,416 additions and 1,104 deletions.
diff --git a/examples/piv_certificate.py b/examples/piv_certificate.py
@@ -26,7 +26,6 @@
  PivSession,
  SLOT,
  KEY_TYPE,
- MANAGEMENT_KEY_TYPE,
  DEFAULT_MANAGEMENT_KEY,
 )
 from ykman.piv import sign_certificate_builder
@@ -57,7 +56,8 @@
 key = click.prompt(
  "Enter management key", default=DEFAULT_MANAGEMENT_KEY.hex(), hide_input=True
 )
-piv.authenticate(MANAGEMENT_KEY_TYPE.TDES, bytes.fromhex(key))
+
+piv.authenticate(bytes.fromhex(key))
 
 # Generate a private key on the YubiKey
 print(f"Generating {key_type.name} key in slot {slot:X}...")

diff --git a/tests/device/cli/conftest.py b/tests/device/cli/conftest.py
@@ -1,34 +1,28 @@
 from yubikit.core import TRANSPORT
-from ykman._cli.__main__ import cli, _DefaultFormatter
+from ykman._cli.__main__ import cli
 from ykman._cli.aliases import apply_aliases
 from ykman._cli.util import CliFail
 from click.testing import CliRunner
 from functools import partial
-import logging
 import pytest
 
 
-@pytest.fixture(scope="module")
-def ykman_cli(device, info):
+@pytest.fixture()
+def ykman_cli(capsys, device, info):
+ def _ykman_cli(*argv, **kwargs):
+ argv = apply_aliases(["ykman"] + [str(a) for a in argv])
+ runner = CliRunner(mix_stderr=False)
+ with capsys.disabled():
+ result = runner.invoke(cli, argv[1:], obj={}, **kwargs)
+ if result.exit_code != 0:
+ if isinstance(result.exception, CliFail):
+ raise SystemExit()
+ raise result.exception
+ return result
+
  if device.transport == TRANSPORT.NFC:
  return partial(_ykman_cli, "--reader", device.reader.name)
  elif info.serial is not None:
  return partial(_ykman_cli, "--device", info.serial)
  else:
  return _ykman_cli
-
-
-def _ykman_cli(*argv, **kwargs):
- handler = logging.StreamHandler()
- handler.setLevel(logging.WARNING)
- handler.setFormatter(_DefaultFormatter())
- logging.getLogger().addHandler(handler)
-
- argv = apply_aliases(["ykman"] + [str(a) for a in argv])
- runner = CliRunner(mix_stderr=False)
- result = runner.invoke(cli, argv[1:], obj={}, **kwargs)
- if result.exit_code != 0:
- if isinstance(result.exception, CliFail):
- raise SystemExit()
- raise result.exception
- return result
diff --git a/tests/device/cli/piv/conftest.py b/tests/device/cli/piv/conftest.py
@@ -1,9 +1,53 @@
 from yubikit.management import CAPABILITY
 from ... import condition
+from .util import DEFAULT_PIN, DEFAULT_PUK, DEFAULT_MANAGEMENT_KEY
+from typing import NamedTuple
 import pytest
 
 
 @pytest.fixture(autouse=True)
 @condition.capability(CAPABILITY.PIV)
 def ensure_piv(ykman_cli):
  ykman_cli("piv", "reset", "-f")
+
+
+class Keys(NamedTuple):
+ pin: str
+ puk: str
+ mgmt: str
+
+
+@pytest.fixture
+def default_keys():
+ yield Keys(DEFAULT_PIN, DEFAULT_PUK, DEFAULT_MANAGEMENT_KEY)
+
+
+@pytest.fixture
+def keys(ykman_cli, info, default_keys):
+ if CAPABILITY.PIV in info.fips_capable:
+ new_keys = Keys(
+ "12345679",
+ "12345670",
+ "010203040506070801020304050607080102030405060709",
+ )
+
+ ykman_cli(
+ "piv", "access", "change-pin", "-P", default_keys.pin, "-n", new_keys.pin
+ )
+ ykman_cli(
+ "piv", "access", "change-puk", "-p", default_keys.puk, "-n", new_keys.puk
+ )
+ ykman_cli(
+ "piv",
+ "access",
+ "change-management-key",
+ "-m",
+ default_keys.mgmt,
+ "-n",
+ new_keys.mgmt,
+ "-f",
+ )
+
+ yield new_keys
+ else:
+ yield default_keys