Fix trusted name PKI depending on name source in Python client

LedgerHQ · Jan 10, 2025 · 21d5294 · 21d5294
1 parent b0d9bb9
commit 21d5294
Showing 1 changed file with 26 additions and 15 deletions.
diff --git a/client/src/ledger_app_clients/ethereum/client.py b/client/src/ledger_app_clients/ethereum/client.py
@@ -272,28 +272,39 @@ def perform_privacy_operation(self,
                                                                           pubkey))
 
     def _provide_trusted_name_common(self, payload: bytes, name_source: TrustedNameSource) -> RAPDU:
-        if self._pki_client is None:
-            print(f"Ledger-PKI Not supported on '{self._firmware.name}'")
-        else:
-            # pylint: disable=line-too-long
-            if self._firmware == Firmware.NANOSP:
-                cert_apdu = "01010102010210040102000011040000000212010013020002140101160400000000200b446f6d61696e5f4e616d6530020007310108320121332102b91fbec173e3ba4a714e014ebc827b6f899a9fa7f4ac769cde284317a00f4f653401013501031546304402201b5188f5af5cd4d40d2e5eee85609323ee129b789082d079644c89c0df9b6ce0022076c5d26bb5c8db8ab02771ecd577f63f68eaf1c90523173f161f9c12f6e978bd"  # noqa: E501
-            elif self._firmware == Firmware.NANOX:
-                cert_apdu = "01010102010211040000000212010013020002140101160400000000200B446F6D61696E5F4E616D6530020007310108320121332102B91FBEC173E3BA4A714E014EBC827B6F899A9FA7F4AC769CDE284317A00F4F653401013501021546304402202CD052029B756890F0C56713409C58C24785FEFFD1A997E9C840A7BDB176B512022059A30E04E491CD27BD1DA1B5CB810CF8E4EAE67F6406F054FDFC371F7EB9F2C4"  # noqa: E501
-            elif self._firmware == Firmware.STAX:
-                cert_apdu = "01010102010211040000000212010013020002140101160400000000200B446F6D61696E5F4E616D6530020007310108320121332102B91FBEC173E3BA4A714E014EBC827B6F899A9FA7F4AC769CDE284317A00F4F65340101350104154630440220741DB4E738749D4188436419B20B9AEF8F07581312A9B3C9BAA3F3E879690F6002204C4A3510569247777BC43DB830D129ACA8985B88552E2E234E14D8AA2863026B"  # noqa: E501
-            elif self._firmware == Firmware.FLEX:
-                cert_apdu = "01010102010211040000000212010013020002140101160400000000200B446F6D61696E5F4E616D6530020007310108320121332102B91FBEC173E3BA4A714E014EBC827B6F899A9FA7F4AC769CDE284317A00F4F65340101350105154730450221008B6BBCE1716C0A06F110C77FE181F8395D1692441459A106411463F01A45D4A7022044AB69037E6FA9D1D1A409E00B202C2D4451D464C8E5D4962D509FE63153FE93"  # noqa: E501
-            # pylint: enable=line-too-long
-
-            self._pki_client.send_certificate(PKIPubKeyUsage.PUBKEY_USAGE_COIN_META, bytes.fromhex(cert_apdu))
         payload += format_tlv(FieldTag.STRUCT_TYPE, 3)  # TrustedName
         if name_source == TrustedNameSource.CAL:
+            if self._pki_client is not None:
+                # pylint: disable=line-too-long
+                if self._firmware == Firmware.NANOSP:
+                    cert_apdu = "010101020102110400000002120100130200021401011604000000002010547275737465645F4E616D655F43414C300200073101043201213321024CCA8FAD496AA5040A00A7EB2F5CC3B85376D88BA147A7D7054A99C64056188734010135010315473045022100CD7F858EDED3A6F2EFECA4D7392618533FDD13BB9920C2CA9AD551B2C3C45D1A022041AAE52DCB50BD9E97D859417D5DA1463AB2A8CBF30B9D06DBF7C84863E6076D"  # noqa: E501
+                elif self._firmware == Firmware.NANOX:
+                    cert_apdu = "010101020102110400000002120100130200021401011604000000002010547275737465645F4E616D655F43414C300200073101043201213321024CCA8FAD496AA5040A00A7EB2F5CC3B85376D88BA147A7D7054A99C64056188734010135010215473045022100E017EA39279846D531D3A7986178B2A2E25ECA27D89C3C75B61FF936C1A5E78E02202C5F6686186A9314A1DCCF9292F9494C3DA4C1568ED020DD7941D60B39A7C95C"  # noqa: E501
+                elif self._firmware == Firmware.STAX:
+                    cert_apdu = "010101020102110400000002120100130200021401011604000000002010547275737465645F4E616D655F43414C300200073101043201213321024CCA8FAD496AA5040A00A7EB2F5CC3B85376D88BA147A7D7054A99C64056188734010135010415473045022100D072546754CEDC1A94C1821A998900C1022D109AFC8FA83D534C1D9193D9EEEC022056906F4A0FDCC7EB5AD37874E556DE4925AD0C654831DB255FDACFAF339AE9B6"  # noqa: E501
+                elif self._firmware == Firmware.FLEX:
+                    cert_apdu = "010101020102110400000002120100130200021401011604000000002010547275737465645F4E616D655F43414C300200073101043201213321024CCA8FAD496AA5040A00A7EB2F5CC3B85376D88BA147A7D7054A99C6405618873401013501051546304402206FB5CBEDAC961D6D64750FC6AFF1C2797B1C6809CC42FAEAA44D15398A3E20D5022042B53D6C0D07703FAC2B2A70864178F82B0AEDC4C451AB438AE7D1883714C5A9"  # noqa: E501
+                # pylint: enable=line-too-long
             key_id = 6
             key = Key.CAL
         else:
+            if self._pki_client is not None:
+                # pylint: disable=line-too-long
+                if self._firmware == Firmware.NANOSP:
+                    cert_apdu = "01010102010211040000000212010013020002140101160400000000200C547275737465645F4E616D6530020007310104320121332102B91FBEC173E3BA4A714E014EBC827B6F899A9FA7F4AC769CDE284317A00F4F6534010135010315473045022100F394484C045418507E0F76A3231F233B920C733D3E5BB68AFBAA80A55195F70D022012BC1FD796CD2081D8355DEEFA051FBB9329E34826FF3125098F4C6A0C29992A"  # noqa: E501
+                elif self._firmware == Firmware.NANOX:
+                    cert_apdu = "01010102010211040000000212010013020002140101160400000000200C547275737465645F4E616D6530020007310104320121332102B91FBEC173E3BA4A714E014EBC827B6F899A9FA7F4AC769CDE284317A00F4F65340101350102154730450221009D97646C49EE771BE56C321AB59C732E10D5D363EBB9944BF284A3A04EC5A14102200633518E851984A7EA00C5F81EDA9DAA58B4A6C98E57DA1FBB9074AEFF0FE49F"  # noqa: E501
+                elif self._firmware == Firmware.STAX:
+                    cert_apdu = "01010102010211040000000212010013020002140101160400000000200C547275737465645F4E616D6530020007310104320121332102B91FBEC173E3BA4A714E014EBC827B6F899A9FA7F4AC769CDE284317A00F4F6534010135010415473045022100A57DC7AB3F0E38A8D10783C7449024D929C60843BB75E5FF7B8088CB71CB130C022045A03E6F501F3702871466473BA08CE1F111357ED9EF395959733477165924C4"  # noqa: E501
+                elif self._firmware == Firmware.FLEX:
+                    cert_apdu = "01010102010211040000000212010013020002140101160400000000200C547275737465645F4E616D6530020007310104320121332102B91FBEC173E3BA4A714E014EBC827B6F899A9FA7F4AC769CDE284317A00F4F6534010135010515473045022100D5BB77756C3D7C1B4254EA8D5351B94A89B13BA69C3631A523F293A10B7144B302201519B29A882BB22DCDDF6BE79A9CBA76566717FA877B7CA4B9CC40361A2D579E"  # noqa: E501
+                # pylint: enable=line-too-long
             key_id = 3
             key = Key.TRUSTED_NAME
+
+        if self._pki_client is not None:
+            self._pki_client.send_certificate(PKIPubKeyUsage.PUBKEY_USAGE_TRUSTED_NAME, bytes.fromhex(cert_apdu))
+
         payload += format_tlv(FieldTag.SIGNER_KEY_ID, key_id)  # test key
         payload += format_tlv(FieldTag.SIGNER_ALGO, 1)  # secp256k1
         payload += format_tlv(FieldTag.DER_SIGNATURE,