aoki.tests.client¶

AOKI Client for testing purposes.

Please run from /rootdir/trustpoint with “uv run -m aoki.tests.client” for paths and imports to work.

Attributes¶

`log`
`CURRENT_DIR`
`CERTS_DIR`
`HTTP_STATUS_OK`
`client`

Exceptions¶

`AokiClientInitResponseError`	Exception raised when the AOKI client initialization response is invalid.
`AokiClientNoSupportedProtocolError`	Exception raised when no PKI protocol supported by this client is found in the AOKI client init response.
`AokiClientOwnerIdCertVerificationError`	Exception raised when the provided Owner ID certificate is invalid or not corresponding to the IDevID.
`AokiClientSignatureError`	Exception raised when signature by the Owner ID private key provided by the server could not be verified.
`AokiClientCertLoadError`	Exception raised when a certificate could not be loaded from the provided path.

Classes¶

AokiClient

AOKI Client for testing purposes.

Module Contents¶

aoki.tests.client.log[source]¶

aoki.tests.client.CURRENT_DIR[source]¶

aoki.tests.client.CERTS_DIR[source]¶

aoki.tests.client.HTTP_STATUS_OK = 200[source]¶

exception aoki.tests.client.AokiClientInitResponseError[source]¶

Bases: Exception

Exception raised when the AOKI client initialization response is invalid.

exception aoki.tests.client.AokiClientNoSupportedProtocolError[source]¶

Bases: Exception

Exception raised when no PKI protocol supported by this client is found in the AOKI client init response.

exception aoki.tests.client.AokiClientOwnerIdCertVerificationError[source]¶

Bases: Exception

Exception raised when the provided Owner ID certificate is invalid or not corresponding to the IDevID.

exception aoki.tests.client.AokiClientSignatureError[source]¶

Bases: Exception

Exception raised when signature by the Owner ID private key provided by the server could not be verified.

exception aoki.tests.client.AokiClientCertLoadError[source]¶

Bases: Exception

Exception raised when a certificate could not be loaded from the provided path.

class aoki.tests.client.AokiClient(server_url, cert_file, key_file, owner_truststore_file, *args, **kwargs)[source]¶

AOKI Client for testing purposes.

Parameters:

server_url (str)
cert_file (str)
key_file (str)
owner_truststore_file (str)
args (str)
kwargs (str)

idevid_subj_sn: str = '_'[source]¶

static _load_certificate(cert_path)[source]¶

Parameters:: cert_path (pathlib.Path)
Return type:: cryptography.x509.Certificate

static _load_certificates(cert_path)[source]¶

Parameters:: cert_path (pathlib.Path)
Return type:: list[cryptography.x509.Certificate]

static _parse_json_pem_cert(pem_str)[source]¶

Parse a PEM certificate from a JSON string.

Parameters:: pem_str (str)
Return type:: cryptography.x509.Certificate

_get_idevid_owner_san_uri(idevid_cert)[source]¶

Get the Owner ID SAN URI corresponding to a IDevID certificate.

Formatted as “dev-owner:<idevid_subj_sn>.<idevid_x509_sn>.<idevid_sha256_fingerprint>”

Parameters:: idevid_cert (cryptography.x509.Certificate)
Return type:: str

_verify_matches_idevid_cert(owner_id_cert, idevid_cert)[source]¶

Verify the Owner ID certificate is valid for the device IDevID.

Parameters:

owner_id_cert (cryptography.x509.Certificate)
idevid_cert (cryptography.x509.Certificate)

Return type:

None

_verify_owner_id_cert(owner_id_cert, truststore, idevid_cert)[source]¶

Verify the Owner ID certificate against the provided truststore.

Parameters:

owner_id_cert (cryptography.x509.Certificate)
truststore (list[cryptography.x509.Certificate])
idevid_cert (cryptography.x509.Certificate)

Return type:

None

_verify_owner_signature(signature, owner_key, data)[source]¶

Verify the signature using the Owner ID public key.

Parameters:

signature (bytes)
owner_key (cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey | cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey)
data (bytes)

Return type: