| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
This adds docstrings to public methods and cleans up a few other
docstrings to pass most flake8 docstring related tests.
This also adds noqa statements in a few places so we can remove most
entries from the global flake8 ignore list.
|
| |
|
|
|
|
|
|
| |
In some cases a PSKC file can be written with a MAC algorithm but
without a MAC key. This is possible when the MAC key is not supplied
(allowed in older PSKC versions) and a fallback to the encryption key is
done. If we have not yet decrypted the file the MAC key is not yet
available and so can't be included in the written file.
|
| |
|
|
|
|
|
| |
This ensures that the encryption IV, which should be per encrypted value
is written out per encrypted value instead of globally. This is mostly
useful for when reading an old format PSKC file and writing out a RFC
6030 compliant one.
|
| |
|
|
|
|
|
|
| |
This ensures that an encrypted MAC key is hanled in the same way as
normal encrypted data values.
This also ensures consistent fallback to the globally configured
encryption algorithm if no value has been set in the EncryptedValue.
|
| |
|
|
|
| |
This ignores the value of the version attribute in the PSKC object and
always writes a PSKC 1.0 (RFC 6030) format file.
|
| |
|
|
| |
Fixes 1ff3237f, 84bfb8a6 and 20bf9c5
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds support for creating and verifying embedded XML signatures in
PSKC files. This uses the third-party signxml library for actual signing
and verification.
The signxml library has a dependency on lxml and defusedxml (and a few
others) but all parts of python-pskc still work correctly with our
without lxml and/or defusedxml and signxml is only required when working
with embedded signatures.
This modifies the tox configuration to skip the signature checks if
singxml is not installed and to only require 100% code coverage if the
signature tests are done.
|
| |
|
|
|
| |
This makes the old name (pin_max_failed_attemtps) available as a
deprecated property.
|
| |
|
|
|
|
|
|
|
|
|
| |
This changes the way encrypted values are stored internally before being
decrypted. For example, the internal _secret property can now be a
decrypted plain value or an EncryptedValue instance instead of always
being a DataType, simplifying some things (e.g. all XML
encoding/decoding is now done in the corresponding module).
This should not change the public API but does have consequences for
those who use custom serialisers or parsers.
|
| |
|
|
|
|
| |
This avoids a using xml.dom.minidom to indent the XML tree and keep the
attributes ordered alphabetically. This also allows for customisations
to the XML formatting.
|
| |
|
|
|
|
|
| |
The PBKDF2 salt was saved in the wrong way (b'base64encodeddata' instead
of base64encodeddata) when using Python 3. This fixes that problem and
tests that saving and loading of a file that uses PBKDF2 key derivation
works.
|
| |
|
|
|
| |
This also makes a few small code formatting changes to ensure that the
flake8 tests pass.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
This allows having multiple keys per device while also maintaining the
previous API.
Note that having multiple keys per device is not allowed by the RFC 6030
schema but is allowed by some older internet drafts.
|
|
|
Similar to the change for parsing, move the XML serialisation of PSKC
data to a single class in a separate module.
|