SCAutolib 1.1.0__py3-none-any.whl → 3.0.0__py3-none-any.whl

SCAutolib/models/CA.py

@@ -19,12 +19,15 @@ from socket import gethostname
 from SCAutolib import TEMPLATES_DIR, logger, run, LIB_DIR, LIB_DUMP_CAS
 from SCAutolib.exceptions import SCAutolibException
 from SCAutolib.models.file import OpensslCnf
+from SCAutolib.enums import CAType
 
 
 class BaseCA:
     dump_file: Path = None
+    ca_type: str = None
     _ca_cert: Path = None
     _ca_key: Path = None
+    _ca_pki_db: Path = Path("/etc/sssd/pki/sssd_auth_ca_db.pem")
 
     @property
     def cert(self):
@@ -49,13 +52,35 @@ class BaseCA:
     def setup(self):
         """
         Configure the CA
-
-        :param force: In case if CA is already configured, specifies if it
-            should be reconfigured with force
-        :type force: bool
         """
         ...
 
+    def update_ca_db(self):
+        """
+        Update /etc/sssd/pki/sssd_auth_ca_db.pem with certificate defined in CA
+        object.
+        """
+        with self._ca_cert.open("r") as f_cert:
+            root_cert = f_cert.read()
+
+        if self._ca_pki_db.exists():
+            # Check if current CA cert is already present in the sssd auth db
+            with self._ca_pki_db.open("a+") as f:
+                f.seek(0)
+                data = f.read()
+                if root_cert not in data:
+                    f.write(root_cert)
+        else:
+            # Create /etc/sssd/pki directory if it doesn't exist
+            self._ca_pki_db.parents[0].mkdir(exist_ok=True)
+            with self._ca_pki_db.open("w") as f:
+                f.write(root_cert)
+        logger.debug(
+            f"CA certificate {self._ca_cert} is copied to {self._ca_pki_db}")
+        # Restoring SELinux context on the sssd auth db
+        run(f"restorecon -v {self._ca_pki_db}")
+        logger.info("Local CA is updated")
+
     def sign_cert(self):
         """
         Sign the certificate
@@ -80,7 +105,7 @@ class BaseCA:
         with json_file.open("r") as f:
             cnt = json.load(f)
 
-        if "_ipa_server_ip" in cnt.keys():
+        if cnt["ca_type"] == CAType.ipa:
             ca = IPAServerCA(ip_addr=cnt["_ipa_server_ip"],
                              server_hostname=cnt["_ipa_server_hostname"],
                              root_passwd=cnt["_ipa_server_root_passwd"],
@@ -88,15 +113,27 @@ class BaseCA:
                              client_hostname=cnt["_ipa_client_hostname"],
                              domain=cnt["_ipa_server_domain"],
                              realm=cnt["_ipa_server_realm"])
-        else:
+        elif cnt["ca_type"] == CAType.custom:
+            ca = CustomCA(cnt)
+        elif cnt["ca_type"] == CAType.local:
             ca = LocalCA(root_dir=cnt["root_dir"])
-        logger.debug(f"CA {type(ca)} is restored from file {json_file}")
+        else:
+            raise SCAutolibException("CA object has unknown type. Only ipa, "
+                                     "custom and local types are supported. CA "
+                                     "object not loaded")
+
+        logger.debug(f"CA {cnt['name']} is loaded from file {json_file}")
         return ca
 
 
 class LocalCA(BaseCA):
+    """
+    Represents local CA that is created as CA for virtual cards.
+    """
     template = Path(TEMPLATES_DIR, "ca.cnf")
-    dump_file = LIB_DUMP_CAS.joinpath("local-ca.json")
+    ca_type = CAType.local
+    ca_name = "local_ca"
+    dump_file = LIB_DUMP_CAS.joinpath(f"{ca_name}.json")
 
     def __init__(self, root_dir: Path = None, cnf: OpensslCnf = None):
         """
@@ -106,15 +143,20 @@ class LocalCA(BaseCA):
         :param root_dir: Path to root directory of the CA. By default, is in
             /etc/SCAutolib/ca
         :type: Path
+        :param cnf: object representing openssl cnf file
+        :type cnf: OpensslCnf
         """
+        self.name = LocalCA.ca_name
+        self.ca_type = LocalCA.ca_type
         self.root_dir: Path = Path("/etc/SCAutolib/ca") if root_dir is None \
-            else root_dir
-        assert self.root_dir is not None
+            else Path(root_dir)
+        if not self.root_dir.exists():
+            raise FileNotFoundError("Root directory of CA does not exist.")
         self._conf_dir: Path = self.root_dir.joinpath("conf")
         self._newcerts: Path = self.root_dir.joinpath("newcerts")
         self._certs: Path = self.root_dir.joinpath("certs")
         self._crl: Path = self.root_dir.joinpath("crl", "root.pem")
-        self._ca_pki_db: Path = Path("/etc/sssd/pki/sssd_auth_ca_db.pem")
+        self._ca_pki_db = BaseCA._ca_pki_db
 
         self._ca_cnf: OpensslCnf = cnf if cnf else OpensslCnf(
             conf_type="CA",
@@ -177,10 +219,7 @@ class LocalCA(BaseCA):
 
     def setup(self):
         """
-        Creates directory and file structure needed by local CA. If directory
-        already exists and force = True, directory would be recursively deleted
-        and new local CA would be created. Otherwise, configuration would be
-        skipped.
+        Creates directory and file structure needed by local CA.
         """
         if self._ca_cnf is None:
             raise SCAutolibException("CA CNF file is not set")
@@ -211,31 +250,12 @@ class LocalCA(BaseCA):
         run(['openssl', 'ca', '-config', self._ca_cnf.path, '-gencrl',
              '-out', self._crl], check=True)
 
-        with self._ca_cert.open("r") as f_cert:
-            root_cert = f_cert.read()
-
-        if self._ca_pki_db.exists():
-            # Check if current CA cert doesn't present in the sssd auth db
-            with self._ca_pki_db.open("a+") as f:
-                data = f.read()
-                if root_cert not in data:
-                    f.write(root_cert)
-        else:
-            # Create /etc/sssd/pki directory if it doesn't exist
-            self._ca_pki_db.parents[0].mkdir(exist_ok=True)
-            with self._ca_pki_db.open("w") as f:
-                f.write(root_cert)
-        logger.debug(
-            f"CA certificate {self._ca_cert} is copied to {self._ca_pki_db}")
-        # Restoring SELinux context on the sssd auth db
-        run(f"restorecon -v {self._ca_pki_db}")
-
-        logger.info("Local CA is configured")
+        logger.info("Local CA files are prepared")
 
     def request_cert(self, csr: Path, username: str,
                      cert_out: Path = None) -> Path:
         """
-        Create the certificate from CSR and sign it. Certificate is store
+        Create the certificate from CSR and sign it. Certificate is stored
         in the <root ca directory>/ca/newcerts directory with name username.pem
 
         :param csr: path to CSR
@@ -292,6 +312,53 @@ class LocalCA(BaseCA):
         logger.info(f"Local CA from {self.root_dir} is removed")
 
 
+class CustomCA(BaseCA):
+    """
+    :TODO: CustomCA is not tested yet and it's not functional until physical
+        cards testing with removinator is implemented
+    Represents CA for physical cards. Physical cards are often read-only and
+    rootCA certs or bundles are provided with a card. This class provides
+    methods for manipulation with rootCA certs of physical cards.
+    """
+    ca_type = CAType.custom
+
+    def __init__(self, card: dict):
+        """
+        Initialize required attributes
+        """
+        self.ca_type = CustomCA.ca_type
+        self.name = card["ca_name"]
+        self.ca_cert = card["ca_cert"]
+        self.dump_file = LIB_DUMP_CAS.joinpath(f"{self.name}.json")
+        self.root_dir: Path = LIB_DIR.joinpath(self.name)
+        self._ca_cert = self.root_dir.joinpath(f"{self.name}.pem")
+        self._ca_pki_db: Path = BaseCA._ca_pki_db
+
+    def setup(self):
+        """
+        Create rootCA file. Actually, copy cert from conf.json
+        """
+        self.root_dir.mkdir(parents=True, exist_ok=True)
+        if self.ca_cert is None:
+            raise SCAutolibException(
+                f"CA cerf for {self.name} not found")
+        with self._ca_cert.open('w') as newcert:
+            newcert.write(self.ca_cert)
+        logger.info("Local CA files are prepared")
+
+    def to_dict(self):
+        """
+        Customising default property for better serialisation for storing to
+        JSON format.
+
+        :return: dictionary with all values. Path objects are typed to string.
+        :rtype: dict
+        """
+        dict_ = {k: str(v) if type(v) is PosixPath else v
+                 for k, v in super().__dict__.items()}
+        return dict_
+
+
 class IPAServerCA(BaseCA):
     """
     Class represents IPA server with integrated CA. Through this class
@@ -304,7 +371,8 @@ class IPAServerCA(BaseCA):
     connection is made to the server and the script is fetched in frame of
     ``IPAServerCA.create()`` method.
     """
-
+    ca_type = CAType.ipa
+    ca_name = "IPA"
     _ca_cert: Path = Path("/etc/ipa/ca.crt")
     _ipa_server_ip: str = None
     _ipa_server_hostname: str = None
@@ -343,6 +411,8 @@ class IPAServerCA(BaseCA):
                       be used instead
         :type realm: str
         """
+        self.ca_type = IPAServerCA.ca_type
+        self.name = IPAServerCA.ca_name
         self._ipa_server_ip = ip_addr
         self._ipa_server_hostname = server_hostname
         self._add_to_hosts()  # So we can log in to the IPA before setup
@@ -438,7 +508,8 @@ class IPAServerCA(BaseCA):
         if "365" not in policy["krbmaxpwdlife"]:
             self.meta_client.pwpolicy_mod(a_cn="global_policy",
                                           o_krbmaxpwdlife=365)
-            logger.debug("Maximum kerberos password lifetime is set to 365 days")
+            logger.debug(
+                "Maximum kerberos password lifetime is set to 365 days")
 
         # TODO: add to restore client host name
         logger.info("IPA client is configured on the system.")
@@ -543,7 +614,8 @@ class IPAServerCA(BaseCA):
             # in_stream = False is required because while testing with pytest
             # it collision appears with capturing of the output.
             logger.debug("Running kinit on the IPA server")
-            c.run("kinit admin", pty=True, watchers=[kinitpass], in_stream=False)
+            c.run("kinit admin", pty=True,
+                  watchers=[kinitpass], in_stream=False)
             result = c.run("ipa-advise config-client-for-smart-card-auth",
                            hide=True, in_stream=False)
             logger.debug("Script is generated on server side")

SCAutolib/models/card.py

@@ -11,6 +11,7 @@ from traceback import format_exc
 
 from SCAutolib import run, logger, TEMPLATES_DIR, LIB_DUMP_CARDS
 from SCAutolib.exceptions import SCAutolibException
+from SCAutolib.enums import CardType, UserType
 
 
 class Card:
@@ -21,22 +22,27 @@ class Card:
     uri: str = None
     dump_file: Path = None
     type: str = None
-    _user = None
     _pattern: str = None
 
     def _set_uri(self):
         """
         Sets URI for given smart card. Uri is matched from ``p11tool`` command
-        with regular expression. If URI is not matched, assertion exception
-        would be raised
+        with regular expression. If URI is not matched, exception is raised.
 
-        :raise: AssertionError
+        :raise: SCAutolibException
         """
         cmd = ["p11tool", "--list-token-urls"]
         out = run(cmd).stdout
         urls = re.findall(self._pattern, out)
-        assert len(urls) == 1, f"Card URI is not matched. Matched URIs: {urls}"
-        self.uri = urls[0]
+        if len(urls) == 1:
+            self.uri = urls[0]
+            logger.info(f"Card URI is set to {self.uri}")
+        elif len(urls) == 0:
+            logger.warning("URI not set")
+            raise SCAutolibException("URI matching expected pattern not found.")
+        else:
+            logger.warning("Multiple matching URIs found. URI not set")
+            raise SCAutolibException("Multiple URIs match expected pattern.")
 
     def insert(self):
         """
@@ -57,26 +63,25 @@ class Card:
         ...
 
     @staticmethod
-    def load(json_file, **kwars):
+    def load(json_file):
         with json_file.open("r") as f:
             cnt = json.load(f)
 
         card = None
-        if cnt["type"] == "virtual":
-            assert "user" in kwars.keys(),\
-                "No user is provided to load the card."
-            card = VirtualCard(user=kwars["user"],
-                               softhsm2_conf=Path(cnt["softhsm"]))
-            card.uri = cnt["uri"]
+        if cnt["card_type"] == CardType.virtual:
+            card = VirtualCard(cnt, softhsm2_conf=Path(cnt["softhsm"]))
+#            card.uri = cnt["uri"]
+        elif cnt["card_type"] == CardType.physical:
+            card = PhysicalCard(cnt)
         else:
             raise SCAutolibException(
-                f"Unknown card type: {cnt['type']}")
+                f"Unknown card type: {cnt['card_type']}")
         return card
 
 
 class VirtualCard(Card):
     """
-    This class provides method for manipulating with virtual smart card. Virtual
+    This class provides methods for operations on virtual smart card. Virtual
     smart card by itself is represented by the systemd service in the system.
     The card relates to some user, so providing the user is essential for
     correct functioning of methods for the virtual smart card.
@@ -92,34 +97,60 @@ class VirtualCard(Card):
     _pattern = r"(pkcs11:model=PKCS%2315%20emulated;" \
                r"manufacturer=Common%20Access%20Card;serial=.*)"
     _inserted: bool = False
-    type = "virtual"
 
-    def __init__(self, user, softhsm2_conf: Path = None):
+    name: str = None
+    pin: str = None
+    cardholder: str = None
+    CN: str = None
+    UID: str = None
+    key: Path = None
+    cert: Path = None
+    card_dir: Path = None
+    card_type: str = None
+    ca_name: str = None
+    slot: str = None
+    user = None
+    cnf = None
+
+    def __init__(self, card_data, softhsm2_conf: Path = None,
+                 card_dir: Path = None, key: Path = None, cert: Path = None):
         """
         Initialise virtual smart card. Constructor of the base class is also
         used.
 
-        :param user: User of this card
-        :type user: SCAutolib.models.user.User
+        :param card_data: dict containing card details as pin, cardholder etc.
+        :type card_data: dict
         :param softhsm2_conf: path to SoftHSM2 configuration file
         :type softhsm2_conf: pathlib.Path
+        :param card_dir: path to card directory where card files will be saved
+        :type card_dir: pathlib.Path
+        :param key: path to key - if the key exist it will be used with the card
+        :type key: pathlib.Path
+        :param cert: path to certificate. If file exist it will be used with the
+            card
+        :type cert: pathlib.Path
         """
-
-        self.user = user
-        assert self.user.card_dir.exists(), "Card root directory doesn't exists"
-
-        self.dump_file = LIB_DUMP_CARDS.joinpath(f"card-{user.username}.json")
-
-        self._private_key = self.user.key
-        self._cert = self.user.cert
-
-        self._service_name = f"virt-sc-{self.user.username}"
+        self.name = card_data["name"]
+        self.pin = card_data["pin"]
+        self.cardholder = card_data["cardholder"]
+        self.card_type = card_data["card_type"]
+        self.CN = card_data["CN"]
+        self.ca_name = card_data["ca_name"]
+        self.card_dir = card_dir if card_dir is not None \
+            else Path(card_data["card_dir"])
+        if not self.card_dir.exists():
+            raise FileNotFoundError("Card root directory doesn't exists")
+        self.dump_file = LIB_DUMP_CARDS.joinpath(f"{self.name}.json")
+        self.key = key \
+            if key else self.card_dir.joinpath(f"key-{self.name}.pem")
+        self.cert = cert \
+            if cert else self.card_dir.joinpath(f"cert-{self.name}.pem")
+        self._service_name = self.name
         self._service_location = Path(
             f"/etc/systemd/system/{self._service_name}.service")
-        self.dump_file = LIB_DUMP_CARDS.joinpath(
-            f"card-{self._user.username}.json")
+        self._nssdb = self.card_dir.joinpath("db")
         self._softhsm2_conf = softhsm2_conf if softhsm2_conf \
-            else Path("/home", self.user.username, "softhsm2.conf")
+            else Path(self.card_dir, "softhsm2.conf")
 
     def __call__(self, insert: bool):
         """
@@ -140,8 +171,8 @@ class VirtualCard(Card):
 
         :return: self
         """
-        assert self._service_location.exists(), \
-            "Service for virtual sc doesn't exists."
+        if not self._service_location.exists():
+            raise FileNotFoundError("Service for virtual sc doesn't exists.")
         return self
 
     def __exit__(self, exp_type, exp_value, exp_traceback):
@@ -161,10 +192,18 @@ class VirtualCard(Card):
 
     def to_dict(self):
         return {
-            "softhsm": str(self._softhsm2_conf),
-            "type": "virtual",
+            "name": self.name,
+            "pin": self.pin,
+            "cardholder": self.cardholder,
+            "card_type": self.card_type,
+            "CN": self.CN,
+            "card_dir": str(self.card_dir),
+            "key": str(self.key),
+            "cert": str(self.cert),
             "uri": self.uri,
-            "username": self.user.username
+            "softhsm": str(self._softhsm2_conf),
+            "ca_name": self.ca_name,
+            "slot": self.slot
         }
 
     @property
@@ -173,18 +212,10 @@ class VirtualCard(Card):
 
     @softhsm2_conf.setter
     def softhsm2_conf(self, conf: Path):
-        assert conf.exists(), "File doesn't exist"
+        if not conf.exists():
+            raise FileNotFoundError(f"File {conf} doesn't exist")
         self._softhsm2_conf = conf
 
-    @property
-    def user(self):
-        return self._user
-
-    @user.setter
-    def user(self, system_user):
-        self._user = system_user
-        self._nssdb = self.user.card_dir.joinpath("db")
-
     @property
     def service_location(self):
         return self._service_location
@@ -217,19 +248,19 @@ class VirtualCard(Card):
         NSS database) with pkcs11-tool.
         """
         cmd = ["pkcs11-tool", "--module", "libsofthsm2.so", "--slot-index",
-               '0', "-w", self._user.key, "-y", "privkey", "--label",
-               f"'{self._user.username}'", "-p", self._user.pin, "--set-id", "0",
+               '0', "-w", self.key, "-y", "privkey", "--label",
+               "test_key", "-p", self.pin, "--set-id", "0",
                "-d", "0"]
         run(cmd, env={"SOFTHSM2_CONF": self._softhsm2_conf})
         logger.debug(
-            f"User key {self._user.key} is added to virtual smart card")
+            f"User key {self.key} is added to virtual smart card")
 
         cmd = ['pkcs11-tool', '--module', 'libsofthsm2.so', '--slot-index', "0",
-               '-w', self._user.cert, '-y', 'cert', '-p', self._user.pin,
-               '--label', f"'{self._user.username}'", '--set-id', "0", '-d', "0"]
+               '-w', self.cert, '-y', 'cert', '-p', self.pin,
+               '--label', "test_cert", '--set-id', "0", '-d', "0"]
         run(cmd, env={"SOFTHSM2_CONF": self._softhsm2_conf})
         logger.debug(
-            f"User certificate {self._user.cert} is added to virtual smart card")
+            f"User certificate {self.cert} is added to virtual smart card")
 
         # To get URI of the card, the card has to be inserted
         # Virtual smart card can't be started without a cert and a key uploaded
@@ -245,23 +276,23 @@ class VirtualCard(Card):
         required for each virtual card.
         """
 
-        assert self._softhsm2_conf.exists(), \
-            "Can't proceed, SoftHSM2 conf doesn't exist"
+        if not self._softhsm2_conf.exists():
+            raise FileNotFoundError("Can't proceed, SoftHSM2 conf not found.")
 
-        self.user.card_dir.joinpath("tokens").mkdir(exist_ok=True)
+        self.card_dir.joinpath("tokens").mkdir(exist_ok=True)
 
         p11lib = "/usr/lib64/pkcs11/libsofthsm2.so"
         # Initialize SoftHSM2 token. An error would be raised if token with same
         # label would be created.
         cmd = ["softhsm2-util", "--init-token", "--free", "--label",
-               self.user.username, "--so-pin", "12345678",
-               "--pin", self.user.pin]
+               self.name, "--so-pin", "12345678",
+               "--pin", self.pin]
         run(cmd, env={"SOFTHSM2_CONF": self._softhsm2_conf}, check=True)
         logger.debug(
-            f"SoftHSM token is initialized with label '{self.user.username}'")
+            f"SoftHSM token is initialized with label '{self.cardholder}'")
 
         # Initialize NSS db
-        self._nssdb = self.user.card_dir.joinpath("db")
+        self._nssdb = self.card_dir.joinpath("db")
         self._nssdb.mkdir(exist_ok=True)
         run(f"modutil -create -dbdir sql:{self._nssdb} -force", check=True)
         logger.debug(f"NSS database is initialized in {self._nssdb}")
@@ -275,11 +306,140 @@ class VirtualCard(Card):
         # Create systemd service
         with self._template.open() as tmp:
             with self._service_location.open("w") as f:
-                f.write(tmp.read().format(username=self.user.username,
+                f.write(tmp.read().format(username=self.cardholder,
                                           softhsm2_conf=self._softhsm2_conf,
-                                          card_dir=self.user.card_dir))
+                                          card_dir=self.card_dir))
 
         logger.debug(f"Service is created in {self._service_location}")
         run("systemctl daemon-reload")
 
         return self
+
+    def gen_csr(self):
+        """
+        Method for generating user specific CSR file that would be sent to the
+        CA for generating the certificate. CSR is generated using 'openssl`
+        command based on template CNF file.
+        """
+        csr_path = self.card_dir.joinpath(f"csr-{self.cardholder}.csr")
+        if self.user.user_type == UserType.local:
+            cmd = ["openssl", "req", "-new", "-nodes", "-key", self.key,
+                   "-reqexts", "req_exts", "-config", self.cnf,
+                   "-out", csr_path]
+        else:
+            if not self.key:
+                raise SCAutolibException("Can't generate CSR because private "
+                                         "key is not set")
+            cmd = ["openssl", "req", "-new", "-days", "365",
+                   "-nodes", "-key", self.key, "-out",
+                   csr_path, "-subj", f"/CN={self.cardholder}"]
+        run(cmd)
+        return csr_path
+
+
+class PhysicalCard(Card):
+    """
+    :TODO PhysicalCard is not yet tested, it's Work In Progress
+        This class provides methods allowing to manipulate physical cards
+        connected via removinator.
+    """
+    _inserted: bool = False
+
+    name: str = None
+    pin: str = None
+    cardholder: str = None
+    CN: str = None
+    UID: str = None
+    expires: str = None
+    card_type: str = None
+    ca_name: str = None
+    slot: str = None
+    uri: str = None
+    card_dir: Path = None
+
+    def __init__(self, card_data: dict = None, card_dir: Path = None):
+        """
+        TODO this is not yet tested, insert and remove methods need to be
+            implemented with removinator
+        Initialise object for physical smart card. Constructor of the base class
+        is also used.
+        """
+        self.card_data = card_data
+        # Not sure we will need following, let's see later
+        self.name = card_data["name"]
+        self.pin = card_data["pin"]
+        self.cardholder = card_data["cardholder"]
+        self.CN = card_data["CN"]
+        self.UID = card_data["UID"]
+#        self.expires = card_data["expires"]
+#        self.card_type = card_data["card_type"]
+#        self.ca_name = card_data["ca_name"]
+        self.slot = card_data["slot"]
+        self.uri = card_data["uri"]
+        self.card_dir = card_dir
+        if not self.card_dir.exists():
+            raise FileNotFoundError("Card root directory doesn't exists")
+
+        self.dump_file = LIB_DUMP_CARDS.joinpath(f"{self.name}.json")
+
+    def __call__(self, insert: bool):
+        """
+        Call method for physical smart card. It would be used in the context
+        manager.
+
+        :param insert: True if the card should be inserted, False otherwise
+        :type insert: bool
+        """
+        if insert:
+            self.insert()
+        return self.__enter__()
+
+    def __enter__(self):
+        """
+        Start of context manager for physical smart card. The card would be
+        inserted if ``insert`` parameter in constructor is specified.
+
+        :return: self
+        """
+        return self
+
+    def __exit__(self, exp_type, exp_value, exp_traceback):
+        """
+        End of context manager for physical smart card. If any exception was
+        raised in the current context, it would be logged as an error.
+
+        :param exp_type: Type of the exception
+        :param exp_value: Value for the exception
+        :param exp_traceback: Traceback of the exception
+        """
+        if exp_type is not None:
+            logger.error("Exception in physical smart card context")
+            logger.error(format_exc())
+        if self._inserted:
+            self.remove()
+
+    def to_dict(self):
+        """
+        Customising default property for better serialisation for storing to
+        JSON format.
+
+        :return: dictionary with all values. Path objects are typed to string.
+        :rtype: dict
+        """
+        return self.card_data
+
+    @property
+    def user(self):
+        return self.cardholder
+
+    def insert(self):
+        """
+        Insert physical card using removinator
+        """
+        ...
+
+    def remove(self):
+        """
+        Remove physical card using removinator
+        """
+        ...