commit python-pynitrokey for openSUSE:Factory

Thu, 22 May 2025 07:56:59 -0700 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package python-pynitrokey for 
openSUSE:Factory checked in at 2025-05-22 16:56:08
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-pynitrokey (Old)
 and      /work/SRC/openSUSE:Factory/.python-pynitrokey.new.2732 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "python-pynitrokey"

Thu May 22 16:56:08 2025 rev:17 rq:1278934 version:0.8.4

Changes:
--------
--- /work/SRC/openSUSE:Factory/python-pynitrokey/python-pynitrokey.changes      
2025-05-08 18:22:15.485712705 +0200
+++ 
/work/SRC/openSUSE:Factory/.python-pynitrokey.new.2732/python-pynitrokey.changes
    2025-05-22 16:56:23.116684867 +0200
@@ -1,0 +2,7 @@
+Wed May 21 05:20:25 UTC 2025 - Johannes Kastl 
<opensuse_buildserv...@ojkastl.de>
+
+- update to 0.8.4:
+  * PIV certificate list properties by @mmerklinger in #648
+  * Windows certificate mapping for PIV by @mmerklinger in #649
+
+-------------------------------------------------------------------

Old:
----
  pynitrokey-0.8.3.tar.gz

New:
----
  pynitrokey-0.8.4.tar.gz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ python-pynitrokey.spec ++++++
--- /var/tmp/diff_new_pack.LedrjG/_old  2025-05-22 16:56:25.424782709 +0200
+++ /var/tmp/diff_new_pack.LedrjG/_new  2025-05-22 16:56:25.452783896 +0200
@@ -18,7 +18,7 @@
 
 %{?sle15_python_module_pythons}
 Name:           python-pynitrokey
-Version:        0.8.3
+Version:        0.8.4
 Release:        0
 Summary:        Python Library for Nitrokey devices
 License:        Apache-2.0 OR MIT

++++++ pynitrokey-0.8.3.tar.gz -> pynitrokey-0.8.4.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/pynitrokey-0.8.3/PKG-INFO 
new/pynitrokey-0.8.4/PKG-INFO
--- old/pynitrokey-0.8.3/PKG-INFO       1970-01-01 01:00:00.000000000 +0100
+++ new/pynitrokey-0.8.4/PKG-INFO       1970-01-01 01:00:00.000000000 +0100
@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: pynitrokey
-Version: 0.8.3
+Version: 0.8.4
 Summary: Python Library for Nitrokey devices.
 Author-email: Nitrokey <p...@nitrokey.com>
 Requires-Python: >=3.9
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/pynitrokey-0.8.3/pynitrokey/VERSION 
new/pynitrokey-0.8.4/pynitrokey/VERSION
--- old/pynitrokey-0.8.3/pynitrokey/VERSION     2025-05-06 16:06:04.000000000 
+0200
+++ new/pynitrokey-0.8.4/pynitrokey/VERSION     2025-05-20 15:32:33.000000000 
+0200
@@ -1 +1 @@
-0.8.3
+0.8.4
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/pynitrokey-0.8.3/pynitrokey/cli/nk3/piv.py 
new/pynitrokey-0.8.4/pynitrokey/cli/nk3/piv.py
--- old/pynitrokey-0.8.3/pynitrokey/cli/nk3/piv.py      2025-05-06 
16:06:04.000000000 +0200
+++ new/pynitrokey-0.8.4/pynitrokey/cli/nk3/piv.py      2025-05-20 
15:32:33.000000000 +0200
@@ -779,7 +779,7 @@
     def list_certificates() -> None:
         device = PivApp()
 
-        headers = ["Slot", "Algorithm", "Subject"]
+        headers = ["Slot", "Algorithm", "Subject", "Serial Number", "Issuer"]
         data = []
 
         for key, slot in KEY_TO_CERT_OBJ_ID_MAP.items():
@@ -791,6 +791,8 @@
                         key,
                         parsed_cert.signature_algorithm_oid._name,
                         parsed_cert.subject.rfc4514_string(),
+                        f"{parsed_cert.serial_number:x}",
+                        parsed_cert.issuer.rfc4514_string(),
                     ]
                 )
 
@@ -799,6 +801,50 @@
         else:
             local_print("No certificate found.")
 
+    @piv.command(help="Get Windows authentication certificate mapping.")
+    def get_windows_auth_mapping() -> None:
+        device = PivApp()
+
+        cert = 
device.cert(bytes(bytearray.fromhex(KEY_TO_CERT_OBJ_ID_MAP["9A"])))
+        if cert is not None:
+            parsed_cert = x509.load_der_x509_certificate(cert)
+
+            issuer_name = parsed_cert.issuer
+            issuer_name.rdns.reverse()
+            issuer_name_reversed = issuer_name.rfc4514_string()
+
+            serial_number = bytearray.fromhex(f"{parsed_cert.serial_number:x}")
+            serial_number.reverse()
+            serial_number_reversed = serial_number.hex()
+
+            subject_key_identifier: Union[None, str]
+            try:
+                subject_key_identifier = 
parsed_cert.extensions.get_extension_for_class(
+                    x509.SubjectKeyIdentifier
+                ).value.digest.hex()
+            except x509.ExtensionNotFound:
+                subject_key_identifier = None
+
+            public_key = parsed_cert.public_bytes(Encoding.DER)
+            digest = hashes.Hash(hashes.SHA1())
+            digest.update(public_key)
+            public_key_hash = digest.finalize()
+            sha1_public_key = public_key_hash.hex()
+
+            local_print(
+                "Set mapping in 'altSecurityIdentities' attribute to one of 
the following:"
+            )
+            local_print(
+                f"X509IssuerSerialNumber: 
X509:<I>{issuer_name_reversed}<SR>{serial_number_reversed}"
+            )
+            if subject_key_identifier:
+                local_print(
+                    f"               X509SKI: 
X509:<SKI>{subject_key_identifier}"
+                )
+            local_print(f"     X509SHA1PublicKey: 
X509:<SHA1-PUKEY>{sha1_public_key}")
+        else:
+            local_print("No certificate found.")
+
 except ImportError:
     from pynitrokey.cli.nk3.pcsc_absent import PCSC_ABSENT

Reply via email to