From f1410bbf046abfdcf028a6b77ce90779654260e8 Mon Sep 17 00:00:00 2001
From: Pol Henarejos <pol.henarejos@cttc.es>
Date: Fri, 8 Nov 2024 17:45:48 +0100
Subject: [PATCH] Only request and upload the device certificate if needed.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
---
 tools/pico-hsm-tool.py | 31 +++++++++++++++++--------------
 1 file changed, 17 insertions(+), 14 deletions(-)

diff --git a/tools/pico-hsm-tool.py b/tools/pico-hsm-tool.py
index c124a06..8edd4e9 100644
--- a/tools/pico-hsm-tool.py
+++ b/tools/pico-hsm-tool.py
@@ -217,24 +217,27 @@ def initialize(picohsm, args):
         so_pin = '57621880'
 
     picohsm.initialize(pin=pin, sopin=so_pin)
-    response = picohsm.get_contents(DOPrefixes.EE_CERTIFICATE_PREFIX, 0x00)
+    try:
+        picohsm.select_file(0x2f02)
+    except APDUResponse:
+        response = picohsm.get_contents(DOPrefixes.EE_CERTIFICATE_PREFIX, 0x00)
 
-    cert = bytearray(response)
-    Y = CVC().decode(cert).pubkey().find(0x86).data()
-    print(f'Public Point: {hexlify(Y).decode()}')
+        cert = bytearray(response)
+        Y = CVC().decode(cert).pubkey().find(0x86).data()
+        print(f'Public Point: {hexlify(Y).decode()}')
 
-    pbk = base64.urlsafe_b64encode(Y)
-    data = urllib.parse.urlencode({'pubkey': pbk}).encode()
-    j = get_pki_data('cvc', data=data)
-    print('Device name: '+j['devname'])
-    dataef = base64.urlsafe_b64decode(
-        j['cvcert']) + base64.urlsafe_b64decode(j['dvcert']) + base64.urlsafe_b64decode(j['cacert'])
+        pbk = base64.urlsafe_b64encode(Y)
+        data = urllib.parse.urlencode({'pubkey': pbk}).encode()
+        j = get_pki_data('cvc', data=data)
+        print('Device name: '+j['devname'])
+        dataef = base64.urlsafe_b64decode(
+            j['cvcert']) + base64.urlsafe_b64decode(j['dvcert']) + base64.urlsafe_b64decode(j['cacert'])
 
-    picohsm.select_file(0x2f02)
-    response = picohsm.put_contents(0x0000, data=dataef)
+        picohsm.select_file(0x2f02)
+        response = picohsm.put_contents(0x0000, data=dataef)
 
-    print('Certificate uploaded successfully!')
-    print('')
+        print('Certificate uploaded successfully!')
+        print('')
     print('Note that the device is initialized with a default PIN and '
         'configuration.')
     print('Now you can initialize the device as usual with your chosen PIN '