Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Require authentication for partial restore #554

Merged
merged 2 commits into from
Aug 1, 2024
Merged

Require authentication for partial restore #554

merged 2 commits into from
Aug 1, 2024

Conversation

mmerklinger
Copy link
Contributor

@mmerklinger mmerklinger commented Jul 24, 2024
edited
Loading

This PR adds a check for the NetHSM restore command, to determine if the authentication is required based on the state. Also raises the version for nethsm-sdk-py.

Depends on Nitrokey/nethsm-sdk-py#124

Changes

  • Adds a check for the state of NetHSM, to decided if authentication is required (partial restore) or not (unprovisioned restore).
  • Bump version of nethsm-sdk-py to 1.2.1.

Checklist

Make sure to run make check and make fix before creating a PR, otherwise the CI will fail.

  • tested with Python3.9
  • signed commits
  • updated documentation (e.g. parameter description, inline doc, docs.nitrokey)
  • added labels

Test Environment and Execution

  • OS:
  • device's model:
  • device's firmware version:

Relevant Output Example

Fixes #

@mmerklinger mmerklinger added the bug Something isn't working label Jul 24, 2024
@mmerklinger mmerklinger self-assigned this Jul 24, 2024
@mmerklinger mmerklinger force-pushed the nethsm-partial-restore-authentication branch 2 times, most recently from c2c9e25 to cc4cdf1 Compare July 24, 2024 11:03
@mmerklinger
Copy link
Contributor Author

This includes now latest nethsm-sdk-py and can be reviewed.

robin-nitrokey
robin-nitrokey approved these changes Jul 31, 2024
View reviewed changes
Copy link
Member

@robin-nitrokey robin-nitrokey left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. Should I still perform some tests or can we directly merge and release?

robin-nitrokey
robin-nitrokey requested changes Jul 31, 2024
View reviewed changes
pynitrokey/cli/nethsm.py Outdated
Comment on lines 1420 to 1453
if state == State.UNPROVISIONED:
require_auth = False
elif state == State.OPERATIONAL:
require_auth = True
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what happens in the else case? maybe just check for one of the two states, or directly raise an exception

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I change this to have a default to require_auth = False. Only the state Operational will change this. Otherwise the error is handled by the SDK, with error message from the NetHSM.

@mmerklinger mmerklinger force-pushed the nethsm-partial-restore-authentication branch from fb56e31 to 0a1d765 Compare July 31, 2024 14:15
@mmerklinger
Copy link
Contributor Author

Looks good. Should I still perform some tests or can we directly merge and release?

I tested it with the latest container, but feel free to test if you want.

@robin-nitrokey robin-nitrokey force-pushed the nethsm-partial-restore-authentication branch from 0a1d765 to f526fce Compare August 1, 2024 07:07
@robin-nitrokey robin-nitrokey merged commit f526fce into master Aug 1, 2024
8 checks passed
@robin-nitrokey robin-nitrokey deleted the nethsm-partial-restore-authentication branch August 1, 2024 07:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@robin-nitrokey robin-nitrokey robin-nitrokey approved these changes

Assignees

@mmerklinger mmerklinger

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mmerklinger @robin-nitrokey