PyPI - SCAutolib - Versions diffs - 1.1.0__tar.gz → 3.0.0__tar.gz - Mend

SCAutolib 1.1.0tar.gz → 3.0.0tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (48) hide show

{SCAutolib-1.1.0/SCAutolib.egg-info → SCAutolib-3.0.0}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: SCAutolib
-Version: 1.1.0
+Version: 3.0.0
 Summary: Python library for automation tests of smart cards using virtualization.
 Home-page: https://github.com/redhat-qe-security/SCAutolib
 Author: Pavel Yadlouski
@@ -15,8 +15,23 @@ Classifier: Topic :: Software Development :: Testing
 Classifier: Topic :: Software Development :: Testing :: Acceptance
 Requires-Python: >=3
 Description-Content-Type: text/markdown
-Provides-Extra: graphical
 License-File: LICENSE
+Requires-Dist: click>=8
+Requires-Dist: coloredlogs>=15
+Requires-Dist: paramiko>=2.10
+Requires-Dist: fabric>=2.7
+Requires-Dist: invoke>=1.7
+Requires-Dist: pytest>=7
+Requires-Dist: schema>=0.7
+Requires-Dist: python_freeipa>=1.0
+Requires-Dist: pexpect>=4
+Provides-Extra: graphical
+Requires-Dist: python-uinput; extra == "graphical"
+Requires-Dist: opencv-python; extra == "graphical"
+Requires-Dist: pandas; extra == "graphical"
+Requires-Dist: numpy; extra == "graphical"
+Requires-Dist: pytesseract; extra == "graphical"
+Requires-Dist: keyboard; extra == "graphical"
 # Smart Card Automation library (SCAutolib)
 Test automation library for Smart Cards.

{SCAutolib-1.1.0 → SCAutolib-3.0.0}/SCAutolib/__init__.py RENAMED Viewed

@@ -1,5 +1,3 @@
-from enum import Enum, auto
 import coloredlogs
 import logging
 import subprocess
@@ -7,6 +5,8 @@ from pathlib import Path
 import time
 from schema import Schema, Use, Or, And, Optional
+from SCAutolib.enums import CardType, UserType
 fmt = "%(name)s:%(module)s.%(funcName)s.%(lineno)d [%(levelname)s] %(message)s"
 date_fmt = "%H:%M:%S"
 coloredlogs.install(level="DEBUG", fmt=fmt, datefmt=date_fmt,
@@ -49,24 +49,23 @@ schema_cas = Schema(And(
 # Specify validation schema for all users
 schema_user = Schema({'name': Use(str),
                       'passwd': Use(str),
-                      'pin': Use(str),
-                      Optional('card_dir', default=None): Use(Path),
-                      'card_type': Or("virtual", "real", "removinator"),
-                      Optional('cert', default=None): Use(Path),
-                      Optional('key', default=None): Use(Path),
-                      'local': Use(bool)})
+                      'user_type': Or(UserType.local, UserType.ipa)})
-class ReturnCode(Enum):
-    """
-    Enum for return codes
-    """
-    SUCCESS = 0
-    MISSING_CA = auto()
-    FAILURE = auto()
-    ERROR = auto()
-    EXCEPTION = auto()
-    UNKNOWN = auto()
+# Specify validation schema for all cards
+schema_card = Schema({'name': Use(str),
+                      'pin': Use(str),
+                      Optional('card_details', default=None): Use(str),
+                      'cardholder': Use(str),
+                      'CN': Use(str),
+                      Optional('UID', default=None): Use(str),
+                      Optional('expires', default=None): Use(str),
+                      'card_type': Or(CardType.virtual, CardType.physical),
+                      'ca_name': Use(str),
+                      Optional('ca_cert', default=None): Use(str),
+                      Optional('slot', default=None): Use(str),
+                      Optional('uri', default=None): Use(str),
+                      Optional('cert', default=None): Use(str),
+                      Optional('key', default=None): Use(str)})
 def run(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE, check=True,
@@ -85,7 +84,7 @@ def run(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE, check=True,
     :type sleep: int
     :param return_code: acceptable return codes from given commands.
         If check=True, and the return code of the cmd is not in the return_code
-        list an subprocess.CalledProcessError exception would be raised.
+        list a subprocess.CalledProcessError exception would be raised.
     :type return_code: list
     :param cmd: Command to be executed
     :type cmd: list or str
@@ -111,7 +110,7 @@ def run(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE, check=True,
     """
     if return_code is None:
         return_code = [0]
-    if type(cmd) == str:
+    if isinstance(cmd, str):
         cmd = cmd.split(" ")
     logger.debug(f"run: {' '.join([str(i) for i in cmd])}")
     out = subprocess.run(cmd, stdout=stdout, stderr=stderr, encoding="utf-8",

{SCAutolib-1.1.0 → SCAutolib-3.0.0}/SCAutolib/cli_commands.py RENAMED Viewed

@@ -6,8 +6,9 @@ import click
 from pathlib import Path
 from sys import exit
-from SCAutolib import logger, exceptions, schema_user, ReturnCode
+from SCAutolib import logger, exceptions, schema_user
 from SCAutolib.controller import Controller
+from SCAutolib.enums import ReturnCode
 @click.group()

{SCAutolib-1.1.0 → SCAutolib-3.0.0}/SCAutolib/controller.py RENAMED Viewed

@@ -4,15 +4,16 @@ from schema import Schema, Use
 from shutil import rmtree
 from typing import Union
-from SCAutolib import exceptions, schema_cas, schema_user
+from SCAutolib import exceptions, schema_cas, schema_user, schema_card
 from SCAutolib import (logger, run, LIB_DIR, LIB_BACKUP, LIB_DUMP,
                        LIB_DUMP_USERS, LIB_DUMP_CAS, LIB_DUMP_CARDS,
                        TEMPLATES_DIR)
 from SCAutolib.models import CA, file, user, card, authselect as auth
-from SCAutolib.models.file import File
-from SCAutolib.utils import (OSVersion, _check_selinux, _gen_private_key,
+from SCAutolib.models.file import File, OpensslCnf
+from SCAutolib.enums import (OSVersion, CardType, UserType)
+from SCAutolib.utils import (_check_selinux, _gen_private_key,
                              _get_os_version, _install_packages,
-                             _check_packages, dump_to_json, local_ca_factory)
+                             _check_packages, dump_to_json, ca_factory)
 class Controller:
@@ -68,12 +69,31 @@ class Controller:
     def prepare(self, force: bool, gdm: bool, install_missing: bool,
                 graphical: bool):
         """
-        Method for setting up whole system based on configuration file and
-        CLI commands
+        Prepare system for testing. This method provides complex configuration
+        of system under test for testing including creation of CAs, users and
+        smart cards in the system and objects that represents them in SCAutolib.
+        Configuration is based on config file and CLI options.
+        :param force: Defines if existing objects, files, users, services etc.
+            should be erased or overwritten if they already exist. True stands
+            for erase/overwrite. This parameter is forwarded to several methods
+            and it can have slightly different meaning in each of them.
+            For details see docstrings of the methods.
+        :type force: bool
+        :param gdm: If True, GDM package would be installed
+        :type gdm: bool
+        :param install_missing: If True, all missing packages would be
+            installed
+        :type install_missing: bool
+        :param graphical: If True, GUI tests dependencies are installed
+        :type graphical: bool
         """
         self.setup_system(install_missing, gdm, graphical)
-        # In this method not having section for local CA and/or for IPA CA is OK
+        # Prepare CAs: Virtual cards are populated by certificates that are: a)
+        # created locally and signed by local CA configured on the system under
+        # test, or b) created and signed using FreeIPA.
         try:
             self.setup_local_ca(force=force)
         except exceptions.SCAutolibWrongConfig as e:
@@ -82,9 +102,20 @@ class Controller:
             self.setup_ipa_client(force=force)
         except exceptions.SCAutolibWrongConfig as e:
             logger.info(e)
         for usr in self.lib_conf["users"]:
-            u = self.setup_user(usr, force=force)
-            self.enroll_card(u)
+            self.setup_user(usr, force=force)
+        # Create cards defined in config. For physical cards only objects will
+        # be created while for virtual cards tokens will be created and enrolled
+        for token in self.lib_conf["cards"]:
+            # prepare CA objects for physical cards
+            if token["card_type"] == CardType.physical:
+                self.setup_custom_ca(token)
+                self.setup_card(token)
+            elif token["card_type"] == CardType.virtual:
+                c = self.setup_card(token)
+                self.enroll_card(c)
     def setup_system(self, install_missing: bool, gdm: bool, graphical: bool):
         """
@@ -97,6 +128,8 @@ class Controller:
         :type install_missing: bool
         :param gdm: If True, GDM package would be installed
         :type gdm: bool
+        :param graphical: If True, GUI tests dependencies are installed
+        :type graphical: bool
         :return:
         """
         for d in (LIB_DIR, LIB_BACKUP, LIB_DUMP, LIB_DUMP_USERS, LIB_DUMP_CAS,
@@ -112,13 +145,15 @@ class Controller:
             packages += ["tesseract", "ffmpeg-free"]
         # Prepare for virtual cards
-        if "virtual" in [u["card_type"] for u in self.lib_conf["users"]]:
+        if any(c["card_type"] == CardType.virtual
+                for c in self.lib_conf["cards"]):
             packages += ["pcsc-lite-ccid", "pcsc-lite", "virt_cacard",
                          "vpcd", "softhsm"]
             run("dnf -y copr enable jjelen/vsmartcard")
         # Add IPA packages if needed
-        if not all([u["local"] for u in self.lib_conf["users"]]):
+        if any([u["user_type"] != UserType.local
+                for u in self.lib_conf["users"]]):
             packages += self._general_steps_for_ipa()
         # Check for installed packages
@@ -133,7 +168,7 @@ class Controller:
         if graphical:
             run(['dnf', 'groupinstall', 'Server with GUI', '-y'])
-            # disable subsription message
+            # disable subscription message
             run(['systemctl', '--global', 'mask',
                  'org.gnome.SettingsDaemon.Subscription.target'])
             # disable welcome message
@@ -148,16 +183,16 @@ class Controller:
         self.sssd_conf.save()
         self._general_steps_for_virtual_sc()
-        base_user = user.BaseUser("base-user", "redhat")
+        base_user = user.User("base-user", "redhat")
         base_user.add_user()
         dump_to_json(base_user)
-        dump_to_json(user.BaseUser(username="root",
-                                   password=self.lib_conf["root_passwd"]))
+        dump_to_json(user.User(username="root",
+                               password=self.lib_conf["root_passwd"]))
     def setup_local_ca(self, force: bool = False):
         """
         Setup local CA based on configuration from the configuration file. All
-        necessary file for this operation (e.g. CNF file for self-signed root
+        necessary files for this operation (e.g. CNF file for self-signed root
         certificate) would be created along the way.
         :param force: If local CA already exists in given directory, specifies
@@ -171,11 +206,31 @@ class Controller:
             raise exceptions.SCAutolibWrongConfig(msg)
         ca_dir: Path = self.lib_conf["ca"]["local_ca"]["dir"]
-        self.local_ca = local_ca_factory(ca_dir, force)
+        ca_dir.mkdir(exist_ok=True, parents=True)
+        cnf = OpensslCnf(ca_dir.joinpath("ca.cnf"), "CA", str(ca_dir))
+        self.local_ca = ca_factory(path=ca_dir, cnf=cnf, create=True)
+        if force:
+            logger.warning(f"Removing previous local CA from {ca_dir}")
+            self.local_ca.cleanup()
+        cnf.create()
+        cnf.save()
+        self.local_ca.setup()
+        self.local_ca.update_ca_db()
+        run(["systemctl", "restart", "sssd"], sleep=5)
         logger.info(f"Local CA is configured in {ca_dir}")
         dump_to_json(self.local_ca)
+    def setup_custom_ca(self, card_data: dict):
+        if card_data["card_type"] == CardType.physical:
+            ca = ca_factory(create=True, card_data=card_data)
+            ca.setup()
+            if not ca._ca_cert.is_file():
+                raise FileNotFoundError(f"File not found: {ca._ca_cert}")
+            dump_to_json(ca)
     def setup_ipa_client(self, force: bool = False):
         """
         Configure IPA client for given IPA server on current host. IPA server
@@ -210,8 +265,7 @@ class Controller:
     def setup_user(self, user_dict: dict, force: bool = False):
         """
-        Configure the user on the specified system (local machine/CA). The user
-        would be configured along with the card based on configurations.
+        Configure the user on the specified system (local machine/CA).
         :param force: specify if the user should be re-created with its
             card directory
@@ -221,41 +275,14 @@ class Controller:
         :return: the user object
         """
         new_user = None
-        card_dir: Path = user_dict["card_dir"]
-        # Card dir is home dir of the user home directory
-        if force and card_dir.exists():
-            rmtree(card_dir)
-        if user_dict["local"]:
+        if user_dict["user_type"] == UserType.local:
             new_user = user.User(username=user_dict["name"],
-                                 pin=user_dict["pin"],
-                                 password=user_dict["passwd"],
-                                 card_dir=card_dir,
-                                 cert=user_dict["cert"], key=user_dict["key"],
-                                 local=True)
+                                 password=user_dict["passwd"])
             if force:
-                if new_user.cert and new_user.cert.exists():
-                    self.local_ca.revoke_cert(new_user.cert)
                 new_user.delete_user()
-            user_dict["card_dir"].mkdir(exist_ok=True)
             new_user.add_user()
-            csr_path = new_user.card_dir.joinpath(f"csr-{new_user.username}.csr")
-            cnf = file.OpensslCnf(filepath=csr_path, conf_type="user",
-                                  replace=new_user.username)
-            cnf.create()
-            cnf.save()
-            new_user.cnf = cnf.path
-            self.sssd_conf.set(
-                section=f"certmap/shadowutils/{new_user.username}",
-                key="matchrule",
-                value=f"<SUBJECT>.*CN={new_user.username}.*")
-            self.sssd_conf.save()
-            self.sssd_conf.update_default_content()
-            run(["systemctl", "restart", "sssd"])
-            logger.debug(f"Match rule for user {new_user.username} is added "
-                         f"to /etc/sssd/sssd.conf")
         else:
             if self.ipa_ca is None:
                 msg = "Can't proceed in configuration of IPA user because no " \
@@ -263,75 +290,109 @@ class Controller:
                 raise exceptions.SCAutolibException(msg)
             new_user = user.IPAUser(ipa_server=self.ipa_ca,
                                     username=user_dict["name"],
-                                    pin=user_dict["pin"],
-                                    password=user_dict["passwd"],
-                                    card_dir=card_dir,
-                                    cert=user_dict["cert"],
-                                    key=user_dict["key"],
-                                    local=False)
+                                    password=user_dict["passwd"])
             if force:
-                if new_user.cert and new_user.cert.exists():
-                    self.ipa_ca.revoke_cert(new_user.cert)
                 new_user.delete_user()
-            user_dict["card_dir"].mkdir(exist_ok=True)
             new_user.add_user()
-        if user_dict["card_type"] == "virtual":
-            hsm_conf = file.SoftHSM2Conf(
-                new_user.card_dir.joinpath("sofhtsm2.conf"),
-                new_user.card_dir)
-            hsm_conf.create()
-            hsm_conf.save()
-            new_user.card = card.VirtualCard(new_user,
-                                             softhsm2_conf=hsm_conf.path)
-        else:
-            raise NotImplementedError("Other card type than 'virtual' does"
-                                      "not supported yet")
-        new_user.card.create()
         self.users.append(new_user)
         dump_to_json(new_user)
         return new_user
-    def enroll_card(self, user_: user.User, force: bool = False):
+    def setup_card(self, card_dict: dict, force: bool = False):
         """
-        Enroll the card of a given user with configured CA. If private key
-        and/or the certificate do not exists, new one's would be requested
-        from corresponding CA.
+        Create card object. Card object should contain its root CA cert as it
+        represents general card (i.e. including physical read-only cards).
-        :param force:
-        :param user_: User with a card to be enrolled.
+        :param card_dict: Dictionary containing card attributes
+        :type card_dict: dict
+        :param force: If its true and card directory exists it will be removed
+        :type force: bool
         """
-        logger.debug(f"Starting enrollment of the card for user "
-                     f"{user_.username}")
-        if not user_.card:
-            raise exceptions.SCAutolibException(
-                f"Card for the user {user_.username} is not initialized")
+        card_dir: Path = Path("/root/cards", card_dict["name"])
+        card_dir.mkdir(parents=True, exist_ok=True)
-        if not user_.key.exists():
-            _gen_private_key(user_.key)
+        if force and card_dir.exists():
+            rmtree(card_dir)
-        if not user_.cert.exists():
-            # Creating a new private key makes sense only if the certificate
-            # doesn't exist yet
+        if card_dict["card_type"] == CardType.physical:
+            new_card = card.PhysicalCard(card_dict, card_dir=card_dir)
+        elif card_dict["card_type"] == CardType.virtual:
+            hsm_conf = self.prepare_softhsm_config(card_dir)
+            new_card = card.VirtualCard(card_dict, softhsm2_conf=hsm_conf.path,
+                                        card_dir=card_dir)
+            # card needs to know some details of its user
+            new_card.user = self.link_user_to_card(new_card)
+            if new_card.user.user_type == UserType.local:
+                new_card.cnf = self.prepare_user_cnf(new_card)
+            if force:
+                self.revoke_certs(new_card)
+            new_card.create()
+        else:
+            raise NotImplementedError("Other card types than 'physical' and "
+                                      "'virtual' are not supported")
+        dump_to_json(new_card)
+        return new_card
+    def link_user_to_card(self, card: card.VirtualCard):
+        for card_user in self.users:
+            if card_user.username == card.cardholder:
+                return card_user
+    def prepare_softhsm_config(self, card_dir: Path = None):
+        """Prepare SoftHSM2 config for virtual card"""
+        filepath = card_dir.joinpath("sofhtsm2.conf")
+        hsm_conf = file.SoftHSM2Conf(filepath, card_dir=card_dir)
+        hsm_conf.create()
+        hsm_conf.save()
+        return hsm_conf
+    def prepare_user_cnf(self, card: card.VirtualCard):
+        """Prepare user openssl cnf"""
+        cnf_path = card.card_dir.joinpath(f"{card.cardholder}.cnf")
+        cnf = file.OpensslCnf(filepath=cnf_path, conf_type="user",
+                              replace=[card.cardholder, card.CN])
+        cnf.create()
+        cnf.save()
+        return cnf.path
+    def revoke_certs(self, card: card.VirtualCard):
+        if card.cert and card.cert.exists():
+            if card.user.user_type == UserType.local:
+                self.local_ca.revoke_cert(card.cert)
+            else:
+                self.ipa_ca.revoke_cert(card.cert)
+    def enroll_card(self, card: card.VirtualCard):
+        """
+        Enroll the card - i.e. upload keys and certs to card. If private key
+        and/or the certificate do not exist, new one's would be requested
+        from corresponding CA.
+        :param card: card object
+        :type card: card.VirtualCard
+        """
+        logger.debug(f"Starting enrollment of the card {card.name}")
+        if not card:
+            raise exceptions.SCAutolibException(
+                f"Card {card.name} is not initialized")
-            csr = user_.gen_csr()
+        if not card.key.exists():
+            _gen_private_key(card.key)
+        if not card.cert.exists():
+            csr = card.gen_csr()
             ca = self.ipa_ca \
-                if isinstance(user_, user.IPAUser) else self.local_ca
-            user_.cert = ca.request_cert(csr, user_.username, user_.cert)
+                if isinstance(card.user, user.IPAUser) else self.local_ca
+            card.cert = ca.request_cert(csr, card.cardholder, card.cert)
-        user_.card.enroll()
-        dump_to_json(user_.card)
-        # Update the dump for current user to link it with the card
-        dump_to_json(user_)
+        card.enroll()
+        dump_to_json(card)
     def cleanup(self):
+        # FIXME Card.delete is not yet implemented, sssd_conf.clean is broken,
+        #  authselect.cleanup is not implemented, local_ca.cleanup is not
+        #  sufficient
         """
         Clean the system after setup. This method restores the SSSD config file,
         deletes created users with cards, remove CA's (local and/or IPA Client)
@@ -339,18 +400,18 @@ class Controller:
         self.sssd_conf.clean()
         for user_file in LIB_DUMP_USERS.iterdir():
-            usr = user.BaseUser.load(user_file)
-            usr.delete()
-            card_file = LIB_DUMP_CARDS.joinpath(f"card-{usr.username}.json")
+            usr = user.User.load(user_file)
+            usr.delete_user()
+        for card_file in LIB_DUMP_CARDS.iterdir():
             if card_file.exists():
-                card.Card.load(card_file, user=user).delete()
+                card.Card.load(card_file).delete()  # TODO implement card.delete
         if self.local_ca:
-            self.local_ca.cleanup()
+            self.local_ca.cleanup()  # FIXME restore sssd_auth_ca_db.pem file
         if self.ipa_ca:
             self.ipa_ca.cleanup()
-        self.authselect.cleanup()
+        self.authselect.cleanup()  # TODO implement authselect.cleanup
     @staticmethod
     def _validate_configuration(conf: dict, params: {} = None) -> dict:
@@ -376,7 +437,8 @@ class Controller:
         # Specify general schema for whole config file
         schema = Schema({"root_passwd": Use(str),
                          "ca": schema_cas,
-                         "users": [schema_user]})
+                         "users": [schema_user],
+                         "cards": [schema_card]})
         return schema.validate(conf)

SCAutolib-3.0.0/SCAutolib/enums.py ADDED Viewed

@@ -0,0 +1,40 @@
+from enum import Enum, auto
+class OSVersion(Enum):
+    """
+    Enumeration for Linux versions. Used for more convenient checks.
+    """
+    Fedora = 1
+    RHEL_9 = 2
+    RHEL_8 = 3
+    CentOS_8 = 4
+    CentOS_9 = 5
+class CardType(str, Enum):
+    physical = "physical"
+    virtual = "virtual"
+class UserType(str, Enum):
+    local = "local"
+    ipa = "ipa"
+class CAType(str, Enum):
+    local = "local"
+    custom = "custom"
+    ipa = "IPA"
+class ReturnCode(Enum):
+    """
+    Enum for return codes
+    """
+    SUCCESS = 0
+    MISSING_CA = auto()
+    FAILURE = auto()
+    ERROR = auto()
+    EXCEPTION = auto()
+    UNKNOWN = auto()

SCAutolib 1.1.0__tar.gz → 3.0.0__tar.gz

SCAutolib 1.1.0tar.gz → 3.0.0tar.gz