Fix trusted name PKI in Python client

LedgerHQ · Jan 9, 2025 · 1a24883 · 1a24883
1 parent 96c142f
commit 1a24883
Showing 1 changed file with 28 additions and 15 deletions.
diff --git a/client/src/ledger_app_clients/ethereum/client.py b/client/src/ledger_app_clients/ethereum/client.py
@@ -272,28 +272,41 @@ def perform_privacy_operation(self,
                                                                           pubkey))
 
     def _provide_trusted_name_common(self, payload: bytes, name_source: TrustedNameSource) -> RAPDU:
-        if self._pki_client is None:
-            print(f"Ledger-PKI Not supported on '{self._firmware.name}'")
-        else:
-            # pylint: disable=line-too-long
-            if self._firmware == Firmware.NANOSP:
-                cert_apdu = "01010102010210040102000011040000000212010013020002140101160400000000200b446f6d61696e5f4e616d6530020007310108320121332102b91fbec173e3ba4a714e014ebc827b6f899a9fa7f4ac769cde284317a00f4f653401013501031546304402201b5188f5af5cd4d40d2e5eee85609323ee129b789082d079644c89c0df9b6ce0022076c5d26bb5c8db8ab02771ecd577f63f68eaf1c90523173f161f9c12f6e978bd"  # noqa: E501
-            elif self._firmware == Firmware.NANOX:
-                cert_apdu = "01010102010211040000000212010013020002140101160400000000200B446F6D61696E5F4E616D6530020007310108320121332102B91FBEC173E3BA4A714E014EBC827B6F899A9FA7F4AC769CDE284317A00F4F653401013501021546304402202CD052029B756890F0C56713409C58C24785FEFFD1A997E9C840A7BDB176B512022059A30E04E491CD27BD1DA1B5CB810CF8E4EAE67F6406F054FDFC371F7EB9F2C4"  # noqa: E501
-            elif self._firmware == Firmware.STAX:
-                cert_apdu = "01010102010211040000000212010013020002140101160400000000200B446F6D61696E5F4E616D6530020007310108320121332102B91FBEC173E3BA4A714E014EBC827B6F899A9FA7F4AC769CDE284317A00F4F65340101350104154630440220741DB4E738749D4188436419B20B9AEF8F07581312A9B3C9BAA3F3E879690F6002204C4A3510569247777BC43DB830D129ACA8985B88552E2E234E14D8AA2863026B"  # noqa: E501
-            elif self._firmware == Firmware.FLEX:
-                cert_apdu = "01010102010211040000000212010013020002140101160400000000200B446F6D61696E5F4E616D6530020007310108320121332102B91FBEC173E3BA4A714E014EBC827B6F899A9FA7F4AC769CDE284317A00F4F65340101350105154730450221008B6BBCE1716C0A06F110C77FE181F8395D1692441459A106411463F01A45D4A7022044AB69037E6FA9D1D1A409E00B202C2D4451D464C8E5D4962D509FE63153FE93"  # noqa: E501
-            # pylint: enable=line-too-long
-
-            self._pki_client.send_certificate(PKIPubKeyUsage.PUBKEY_USAGE_COIN_META, bytes.fromhex(cert_apdu))
         payload += format_tlv(FieldTag.STRUCT_TYPE, 3)  # TrustedName
         if name_source == TrustedNameSource.CAL:
+            if self._pki_client is not None:
+                # pylint: disable=line-too-long
+                if self._firmware == Firmware.NANOSP:
+                    cert_apdu = "010101020102110400000002120100130200021401011604000000002010547275737465645F4E616D655F43414C300200073101083201213321024CCA8FAD496AA5040A00A7EB2F5CC3B85376D88BA147A7D7054A99C64056188734010135010315473045022100A9ACB0B4C810240B36BA63A47EFF762BF16DA90E5731949DD5A8BB36C4B4D5A002205A9A4634731E365A40A32790177E005406CE08B1C7DC02AFA37F218AB5CC0B09"  # noqa: E501
+                elif self._firmware == Firmware.NANOX:
+                    cert_apdu = "010101020102110400000002120100130200021401011604000000002010547275737465645F4E616D655F43414C300200073101083201213321024CCA8FAD496AA5040A00A7EB2F5CC3B85376D88BA147A7D7054A99C6405618873401013501021546304402203100ABD07AFA48732587DE14A8647C4437A0C237F1CC6507144B35C9F513207202207BCBFB037ADD9F84E6B01662BE549A9AF7B4EA1D37C17FD1B387F77B567218D0"  # noqa: E501
+                elif self._firmware == Firmware.STAX:
+                    cert_apdu = "010101020102110400000002120100130200021401011604000000002010547275737465645F4E616D655F43414C300200073101083201213321024CCA8FAD496AA5040A00A7EB2F5CC3B85376D88BA147A7D7054A99C64056188734010135010415473045022100CC9571B9F2CFAA09AEEF64BE3B021CCB095C4B6CD6818B2D57FB0DCE221B277802201CA3E16C707B476EAEA3B4B15E0C4D405E8E79E6F1FA19D2EAF3502DB1604B85"  # noqa: E501
+                elif self._firmware == Firmware.FLEX:
+                    cert_apdu = "010101020102110400000002120100130200021401011604000000002010547275737465645F4E616D655F43414C300200073101083201213321024CCA8FAD496AA5040A00A7EB2F5CC3B85376D88BA147A7D7054A99C64056188734010135010515473045022100DB199998A9F8F0F3D078ABF5D1D19900F0E11720B2F3C8C102067206BE88CB9902205D247B1FC5EC470E6B16B7923BABC516B10015F058DCC13B9EC28C73689AD202"  # noqa: E501
+                # pylint: enable=line-too-long
+                key_usage = PKIPubKeyUsage.PUBKEY_USAGE_COIN_META
             key_id = 6
             key = Key.CAL
         else:
+            if self._pki_client is not None:
+                # pylint: disable=line-too-long
+                if self._firmware == Firmware.NANOSP:
+                    cert_apdu = "01010102010211040000000212010013020002140101160400000000200C547275737465645F4E616D6530020007310104320121332102B91FBEC173E3BA4A714E014EBC827B6F899A9FA7F4AC769CDE284317A00F4F6534010135010315473045022100F394484C045418507E0F76A3231F233B920C733D3E5BB68AFBAA80A55195F70D022012BC1FD796CD2081D8355DEEFA051FBB9329E34826FF3125098F4C6A0C29992A"  # noqa: E501
+                elif self._firmware == Firmware.NANOX:
+                    cert_apdu = "01010102010211040000000212010013020002140101160400000000200C547275737465645F4E616D6530020007310104320121332102B91FBEC173E3BA4A714E014EBC827B6F899A9FA7F4AC769CDE284317A00F4F65340101350102154730450221009D97646C49EE771BE56C321AB59C732E10D5D363EBB9944BF284A3A04EC5A14102200633518E851984A7EA00C5F81EDA9DAA58B4A6C98E57DA1FBB9074AEFF0FE49F"  # noqa: E501
+                elif self._firmware == Firmware.STAX:
+                    cert_apdu = "01010102010211040000000212010013020002140101160400000000200C547275737465645F4E616D6530020007310104320121332102B91FBEC173E3BA4A714E014EBC827B6F899A9FA7F4AC769CDE284317A00F4F6534010135010415473045022100A57DC7AB3F0E38A8D10783C7449024D929C60843BB75E5FF7B8088CB71CB130C022045A03E6F501F3702871466473BA08CE1F111357ED9EF395959733477165924C4"  # noqa: E501
+                elif self._firmware == Firmware.FLEX:
+                    cert_apdu = "01010102010211040000000212010013020002140101160400000000200C547275737465645F4E616D6530020007310104320121332102B91FBEC173E3BA4A714E014EBC827B6F899A9FA7F4AC769CDE284317A00F4F6534010135010515473045022100D5BB77756C3D7C1B4254EA8D5351B94A89B13BA69C3631A523F293A10B7144B302201519B29A882BB22DCDDF6BE79A9CBA76566717FA877B7CA4B9CC40361A2D579E"  # noqa: E501
+                # pylint: enable=line-too-long
+                key_usage = PKIPubKeyUsage.PUBKEY_USAGE_TRUSTED_NAME
             key_id = 3
             key = Key.TRUSTED_NAME
+
+        if self._pki_client is not None:
+            self._pki_client.send_certificate(key_usage, bytes.fromhex(cert_apdu))
+
         payload += format_tlv(FieldTag.SIGNER_KEY_ID, key_id)  # test key
         payload += format_tlv(FieldTag.SIGNER_ALGO, 1)  # secp256k1
         payload += format_tlv(FieldTag.DER_SIGNATURE,