ó Yé?_c@sZddlmZddlmZddlmZddlmZdefd„ƒYZdS(iÿÿÿÿ(t HSMSigner(tcomma_separated_string(tlogger(thexdumpt HSMOEMSignercBs>eZdZed„ƒZed„ƒZd„Zd„ZRS(s%Class to enable signing via OEM's HSMcCstS(s0Registers the class with the signer plugin manager. This allows the signer to be selected by the user from config/command line. Returns: is_plugin (bool): True if the signer should be enabled, False if the signer should be disabled. (tTrue(tcls((sx/local/mnt/workspace/CRMBuilds/Saipan.LA.2.0-00145-STD.PROD-1_20200821_083004/b/common/sectools/plugin/signer/hsm_oem.pyt is_plugins cCsdS(sÏSpecifies the unique id of the signer. This is the id that the user will use to select the signer from config/command line. Returns: signer_id (str): ID of the signer. thsm_oem((R((sx/local/mnt/workspace/CRMBuilds/Saipan.LA.2.0-00145-STD.PROD-1_20200821_083004/b/common/sectools/plugin/signer/hsm_oem.pyt signer_idsc Cs“tjdt|jƒƒtjd|jƒtjdt|jdƒƒtjdt|jƒƒd\}}}}t dƒ‚||||fS( s-This API replaces sign_req and enables inspection of the data being signed. Args: signing_attrs (object): An object containing the following signing attributes: - key_size: Size of the key for attestation key - exponent: Exponent for attestation key attest_cert_dict (dict): Dictionary containing the parameters to be put in the attestation certificate. image_hash (str): The image hash binary blob to be signed. data_to_hash (StructDynamic): An object which encapsulates the format of the authentication-relevant fields which were hashed to create image_hash. The authentication-relevant fields available for interrogation can be retrieved via the "fields" member. Returns: A tuple containing the root certificate, ca certificate, attestation certificate and the signature corresponding to the image hash. root_cert (str): - Binary blob of the root certificate. - None if root certificate is provided under: resources/data_prov_assets/Signing/Local ca_cert (str): - Binary blob of the ca certificate. - None if ca certificate is provided under: resources/data_prov_assets/Signing/Local attest_cert (str): Binary blob of the attestation certificate. signature (str): Binary blob of the signature. sData being signed: s5Format of authentication-relevant data being signed: s9Authentication-relevant fields within data being signed: tandsSW ID of image being signed: sOEM to implement hsm signerN(NNNN( RtinfoRt binary_datatformatRtfieldststrtsw_idtNonetNotImplementedError( tselft signing_attrstattest_cert_dictt image_hasht data_to_hasht root_certtca_certt attest_certt signature((sx/local/mnt/workspace/CRMBuilds/Saipan.LA.2.0-00145-STD.PROD-1_20200821_083004/b/common/sectools/plugin/signer/hsm_oem.pyt sign_req_data's  cCs.d\}}}}tdƒ‚||||fS(sLSigns the image_hash, generates the attestation certificate using the attest_cert_dict and signing_attrs and optionally returns the root certificate and the ca certificate. Args: signing_attrs (object): An object containing the following signing attributes: - key_size: Size of the key for attestation key. - exponent: Exponent for attestation key. attest_cert_dict (dict): Dictionary containing the parameters to be put in the attestation certificate. image_hash (str): The image hash binary blob to be signed. Returns: A tuple containing the root certificate, ca certificate, attestation certificate and the signature corresponding to the image hash. root_cert (str): - Binary blob of the root certificate. - None if root certificate is provided under: resources/data_prov_assets/Signing/Local ca_cert (str): - Binary blob of the ca certificate. - None if ca certificate is provided under: resources/data_prov_assets/Signing/Local attest_cert (str): Binary blob of the attestation certificate. signature (str): Binary blob of the signature. sOEM to implement hsm signerN(NNNN(RR(RRRRRRRR((sx/local/mnt/workspace/CRMBuilds/Saipan.LA.2.0-00145-STD.PROD-1_20200821_083004/b/common/sectools/plugin/signer/hsm_oem.pytsign_reqSs (t__name__t __module__t__doc__t classmethodRR RR(((sx/local/mnt/workspace/CRMBuilds/Saipan.LA.2.0-00145-STD.PROD-1_20200821_083004/b/common/sectools/plugin/signer/hsm_oem.pyRs   ,N( t plugin.signerRtsectools.common.utils.c_dataRtsectools.common.utils.c_loggingRtsectools.common.utils.c_miscRR(((sx/local/mnt/workspace/CRMBuilds/Saipan.LA.2.0-00145-STD.PROD-1_20200821_083004/b/common/sectools/plugin/signer/hsm_oem.pyt s