mirror of
https://github.com/trezor/trezor-firmware.git
synced 2024-11-13 19:18:56 +00:00
trezorctl: Implement credential management command.
This commit is contained in:
parent
091053507d
commit
3e2ae5e469
@ -82,4 +82,7 @@ Use the following command to see all options:
|
||||
tezos-sign-tx Sign Tezos transaction.
|
||||
verify-message Verify message.
|
||||
version Show version of trezorctl/trezorlib.
|
||||
webauthn-add-credential Add the credential with the given ID as a resident credential.
|
||||
webauthn-list-credentials List all resident credentials on the device.
|
||||
webauthn-remove-credential Remove the resident credential at the given index.
|
||||
wipe-device Reset device to factory defaults and remove all private data.
|
||||
|
@ -54,6 +54,7 @@ from trezorlib import (
|
||||
tezos,
|
||||
tools,
|
||||
ui,
|
||||
webauthn,
|
||||
)
|
||||
from trezorlib.client import TrezorClient
|
||||
from trezorlib.transport import enumerate_devices, get_transport
|
||||
@ -1929,6 +1930,58 @@ def binance_sign_tx(connect, address, file):
|
||||
return binance.sign_tx(client, address_n, json.load(file))
|
||||
|
||||
|
||||
#
|
||||
# WebAuthn functions
|
||||
#
|
||||
|
||||
|
||||
@cli.command(help="List all resident credentials on the device.")
|
||||
@click.pass_obj
|
||||
def webauthn_list_credentials(connect):
|
||||
creds = webauthn.list_credentials(connect())
|
||||
for cred in creds:
|
||||
click.echo("")
|
||||
click.echo("WebAuthn credential at index {}:".format(cred.index))
|
||||
if cred.rp_id is not None:
|
||||
click.echo(" Relying party ID: {}".format(cred.rp_id))
|
||||
if cred.rp_name is not None:
|
||||
click.echo(" Relying party name: {}".format(cred.rp_name))
|
||||
if cred.user_id is not None:
|
||||
click.echo(" User ID: {}".format(cred.user_id.hex()))
|
||||
if cred.user_name is not None:
|
||||
click.echo(" User name: {}".format(cred.user_name))
|
||||
if cred.user_display_name is not None:
|
||||
click.echo(" User display name: {}".format(cred.user_display_name))
|
||||
if cred.creation_time is not None:
|
||||
click.echo(" Creation time: {}".format(cred.creation_time))
|
||||
if cred.hmac_secret is not None:
|
||||
click.echo(" hmac-secret enabled: {}".format(cred.hmac_secret))
|
||||
click.echo(" Credential ID: {}".format(cred.id.hex()))
|
||||
|
||||
if not creds:
|
||||
click.echo("There are no resident credentials stored on the device.")
|
||||
|
||||
|
||||
@cli.command()
|
||||
@click.argument("hex_credential_id")
|
||||
@click.pass_obj
|
||||
def webauthn_add_credential(connect, hex_credential_id):
|
||||
"""Add the credential with the given ID as a resident credential.
|
||||
|
||||
HEX_CREDENTIAL_ID is the credential ID as a hexadecimal string.
|
||||
"""
|
||||
return webauthn.add_credential(connect(), bytes.fromhex(hex_credential_id))
|
||||
|
||||
|
||||
@cli.command(help="Remove the resident credential at the given index.")
|
||||
@click.option(
|
||||
"-i", "--index", required=True, type=click.IntRange(0, 15), help="Credential index."
|
||||
)
|
||||
@click.pass_obj
|
||||
def webauthn_remove_credential(connect, index):
|
||||
return webauthn.remove_credential(connect(), index)
|
||||
|
||||
|
||||
#
|
||||
# Main
|
||||
#
|
||||
|
34
python/src/trezorlib/webauthn.py
Normal file
34
python/src/trezorlib/webauthn.py
Normal file
@ -0,0 +1,34 @@
|
||||
# This file is part of the Trezor project.
|
||||
#
|
||||
# Copyright (C) 2019 SatoshiLabs and contributors
|
||||
#
|
||||
# This library is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU Lesser General Public License version 3
|
||||
# as published by the Free Software Foundation.
|
||||
#
|
||||
# This library is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU Lesser General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the License along with this library.
|
||||
# If not, see <https://www.gnu.org/licenses/lgpl-3.0.html>.
|
||||
|
||||
|
||||
from . import messages as proto
|
||||
from .tools import expect
|
||||
|
||||
|
||||
@expect(proto.WebAuthnCredentials, field="credentials")
|
||||
def list_credentials(client):
|
||||
return client.call(proto.WebAuthnListResidentCredentials())
|
||||
|
||||
|
||||
@expect(proto.Success, field="message")
|
||||
def add_credential(client, credential_id):
|
||||
return client.call(proto.WebAuthnAddResidentCredential(credential_id))
|
||||
|
||||
|
||||
@expect(proto.Success, field="message")
|
||||
def remove_credential(client, index):
|
||||
return client.call(proto.WebAuthnRemoveResidentCredential(index))
|
Loading…
Reference in New Issue
Block a user