Revize 6abfb037
Přidáno uživatelem Stanislav Král před asi 4 roky(ů)
| src/services/key_service.py | ||
|---|---|---|
| 68 | 68 |
:param private_key: private key from which a public key should be extracted |
| 69 | 69 |
:return: a string containing the extracted public key in PEM format |
| 70 | 70 |
""" |
| 71 |
return self.cryptography_service.extract_public_key_from_private_key(private_key.private_key, private_key.password) |
|
| 71 |
return self.cryptography_service.extract_public_key_from_private_key(private_key.private_key, |
|
| 72 |
private_key.password) |
|
| tests/integration_tests/services/certificate_service_test.py | ||
|---|---|---|
| 243 | 243 |
assert subject.locality is None |
| 244 | 244 |
assert subject.state is None |
| 245 | 245 |
assert subject.country == "CZ" |
| 246 |
|
|
| 247 |
|
|
| 248 |
def test_extract_public_key_from_certificate(private_key_service, certificate_service, cryptography_service): |
|
| 249 |
private_key = private_key_service.create_new_key() |
|
| 250 |
|
|
| 251 |
certificate = certificate_service.create_root_ca(private_key, Subject(common_name="CZ")) |
|
| 252 |
|
|
| 253 |
pub_key_extracted_from_cert = certificate_service.get_public_key_from_certificate(certificate) |
|
| 254 |
|
|
| 255 |
expected_pub_key_from_cert = cryptography_service.extract_public_key_from_certificate(certificate.pem_data) |
|
| 256 |
expected_pub_key_from_key = cryptography_service.extract_public_key_from_private_key(private_key.private_key) |
|
| 257 |
|
|
| 258 |
assert expected_pub_key_from_cert == expected_pub_key_from_key == pub_key_extracted_from_cert |
|
| 259 |
|
|
| 260 |
|
|
| 261 |
def test_extract_public_key_from_certificate_encrypted(private_key_service, certificate_service, cryptography_service): |
|
| 262 |
private_key = private_key_service.create_new_key(passphrase="foobar") |
|
| 263 |
|
|
| 264 |
certificate = certificate_service.create_root_ca(private_key, Subject(common_name="CZ")) |
|
| 265 |
|
|
| 266 |
pub_key_extracted_from_cert = certificate_service.get_public_key_from_certificate(certificate) |
|
| 267 |
|
|
| 268 |
expected_pub_key_from_cert = cryptography_service.extract_public_key_from_certificate(certificate.pem_data) |
|
| 269 |
expected_pub_key_from_key = cryptography_service.extract_public_key_from_private_key(private_key.private_key, |
|
| 270 |
passphrase="foobar") |
|
| 271 |
|
|
| 272 |
assert expected_pub_key_from_cert == expected_pub_key_from_key == pub_key_extracted_from_cert |
|
| tests/unit_tests/services/cryptography/conftest.py | ||
|---|---|---|
| 79 | 79 |
|
| 80 | 80 |
|
| 81 | 81 |
@pytest.fixture |
| 82 |
def certificate_pem():
|
|
| 82 |
def certificate_pk():
|
|
| 83 | 83 |
return """ |
| 84 | 84 |
-----BEGIN CERTIFICATE----- |
| 85 | 85 |
MIIDazCCAlOgAwIBAgIUTQwIafNfZdJmqZ+TvhtWT3dKLbMwDQYJKoZIhvcNAQEL |
| ... | ... | |
| 102 | 102 |
NyJXVOPghVAqaFbgaeBsXkL3QQYVR5wQl7delo0dn36crlckUPi+13INDhnLYgq7 |
| 103 | 103 |
GO9Jbty2Qeomxyf+i+SB |
| 104 | 104 |
-----END CERTIFICATE----- |
| 105 |
""", """ |
|
| 106 |
-----BEGIN RSA PRIVATE KEY----- |
|
| 107 |
MIIEpAIBAAKCAQEA4fzrmp2RO1YNgsbyVEgGPlt5QxwjiVC6hGsXA0TX698Xd9si |
|
| 108 |
L+gZ8KjtapXIXsdinjDdj1ri0DRSNEkOwn2NEooYmz6qwClFtl8DU9pajAeDpzg9 |
|
| 109 |
CRg3vlkQCRJlW2m5wH2LYT2dINgWwoqwuXF6S+TUw6+XM4+Xdh/9VyvLnszWx0ax |
|
| 110 |
Helvj9F9utoIShnm4w95quYvdnmTIxPF62p7kz7VZ/RvpRoy1vTMYDQtEDl+9azA |
|
| 111 |
5EyBFWo+q9JCFYoLvHUiC9wD1+a6nTojxDw2H/ZNQGfJod9dz9xH9f+P1hadqqiG |
|
| 112 |
in84wHRGRt0rs0LRN1yrk3rwJuD3/Iyl60nDdQIDAQABAoIBADj1TFSt/hrcd49M |
|
| 113 |
oWtIs/oniAq4HuTPKhOSAjzarylOE1YsLxOwBkm36g8BLX1l958zZcRp/dzIMyfm |
|
| 114 |
egffKR1RHR6Tzumb/WwXynjqAgRlKHOPIyMVrYcWX4pJzq4Zma3Ads7Nfrr2e9YQ |
|
| 115 |
qrYyucZDKLUhnpRqTpyBN5MvAKVHNlmJXCiw2bo4K4D5D/qc7++H+Uq6fxJ4Qvgg |
|
| 116 |
+wUbPkgIFsWpi5ADaVbg1IZa4VismDGxXPQk9zBc8JEliXjPlEgT2f4dLt2JyiGA |
|
| 117 |
MPatCCr5pUN+XKsJtAVEF1fFS1tJ6HtcrUSablq1qV2l2ucNnccugJmNUZ85U7De |
|
| 118 |
AdmSxsECgYEA9s858JhVWR65eGQsYdYzcRaBUiGJLhblRkYZRkV0byNO41HCpc26 |
|
| 119 |
4evzmPw+e3Rb1bMj3Ip3nuK6Vqm9YB32NgBreTX3qA4Cc2KrtikesljTe539WFcy |
|
| 120 |
mcXgnVVsYB/RGEemB1gAd41145EVH8lSy84EY3YWZ0WVmZrvkMT4bvkCgYEA6mc1 |
|
| 121 |
LRoJN4eJcPjADCBRyuCMp2LecyWAkG3zKmgWitooEV2yzs69flLHPx6pKwdssk5x |
|
| 122 |
ukPrFmAgQQ9I0r4QDUkZxs9FhHHh7XlRutXyWsT4Gh4Y+zRSFasxrxfHDplFLwLH |
|
| 123 |
WIZYZa4MrH4P02yUaePG0Y1qUBYJJWAxRAXay10CgYEAxCZbgOhAZGyzsIfEchkf |
|
| 124 |
lw/wxUpb0OJnYxtQ+PU4HR+tkaIoFUfU77prRjmqmskWN1eA98SgXwkIWNnb5OjL |
|
| 125 |
BY393D5Uzh4cOoG/wC0b9Vf887DTaQMb9vQ5mDEMybRfpHFE9W8uJ9WoTKzAYhvJ |
|
| 126 |
jqnz+Owf0AGQbJyjKqYwX1kCgYAtENqwaSkMfAp4pdqGelA/aRyhseiCytsE6Z6u |
|
| 127 |
sIRk/bxmWlVeXXEhMFkOUZ7EnxDO1zYWUaiJDMImwAGIQvJjG4LRLlh3Nk3xkjmc |
|
| 128 |
ajXGLchlfRPgeBawA9Hxj+i9bcpXV3lsE6g7JFNbdoEkbOO72AcJkt61twbbILtY |
|
| 129 |
EKgYIQKBgQC8L1pRnK/GIJztjh04leZHDubPc7yNuXu24nWzjVfqKP7Lt4cxg+3p |
|
| 130 |
T+QipcFdlQbEPC3crNu3MW42Zal2O6X7EzEmr1HXbBeZb0+jZ9ecmKS+LrDPMj7C |
|
| 131 |
IHZQtBxUbmbi8uNWqos/l0lhJdE9BBt5sLqfXAe+qz6g21alg1Vttg== |
|
| 132 |
-----END RSA PRIVATE KEY----- |
|
| 105 | 133 |
""" |
| 106 | 134 |
|
| 107 | 135 |
|
| 108 | 136 |
# contains certificate, private key as well as PK passphrase |
| 109 | 137 |
@pytest.fixture |
| 110 |
def certificate_with_encrypted_pk_pem():
|
|
| 138 |
def certificate_encrypted_pk():
|
|
| 111 | 139 |
return """ |
| 112 | 140 |
-----BEGIN CERTIFICATE----- |
| 113 | 141 |
MIIDazCCAlOgAwIBAgIUAWW0ebo18+AtvjzxLvIPEa4lIUkwDQYJKoZIhvcNAQEL |
| tests/unit_tests/services/cryptography/extract_public_key_from_certificate_test.py | ||
|---|---|---|
| 1 | 1 |
import subprocess |
| 2 | 2 |
|
| 3 | 3 |
|
| 4 |
def test_extract_public_key_encrypted(service, certificate_with_encrypted_pk_pem):
|
|
| 5 |
public_key = service.extract_public_key_from_certificate(certificate_with_encrypted_pk_pem[0])
|
|
| 4 |
def test_extract_public_key_encrypted(service, certificate_encrypted_pk):
|
|
| 5 |
public_key = service.extract_public_key_from_certificate(certificate_encrypted_pk[0])
|
|
| 6 | 6 |
|
| 7 | 7 |
# get modulus from the private key |
| 8 | 8 |
modulus_pk = subprocess.check_output( |
| 9 |
["openssl", "rsa", "-noout", "-in", "-", "-modulus", "-passin", f"pass:{certificate_with_encrypted_pk_pem[2]}"],
|
|
| 10 |
input=bytes(certificate_with_encrypted_pk_pem[1], encoding="utf-8"),
|
|
| 9 |
["openssl", "rsa", "-noout", "-in", "-", "-modulus", "-passin", f"pass:{certificate_encrypted_pk[2]}"],
|
|
| 10 |
input=bytes(certificate_encrypted_pk[1], encoding="utf-8"),
|
|
| 11 | 11 |
stderr=subprocess.STDOUT).decode() |
| 12 | 12 |
|
| 13 | 13 |
# get the modulus from the extracted public key |
| ... | ... | |
| 21 | 21 |
assert modulus_pk == modulus_from_extracted_public_key |
| 22 | 22 |
|
| 23 | 23 |
|
| 24 |
def test_extract_public_key(service, certificate_pem):
|
|
| 25 |
public_key = service.extract_public_key_from_certificate(certificate_pem)
|
|
| 24 |
def test_extract_public_key(service, certificate_pk):
|
|
| 25 |
public_key = service.extract_public_key_from_certificate(certificate_pk[0])
|
|
| 26 | 26 |
|
| 27 | 27 |
# get public key from the certificate |
| 28 | 28 |
expected_public_key = subprocess.check_output( |
| 29 | 29 |
["openssl", "x509", "-in", "-", "-noout", "-pubkey"], |
| 30 |
input=bytes(certificate_pem, encoding="utf-8"),
|
|
| 30 |
input=bytes(certificate_pk[0], encoding="utf-8"),
|
|
| 31 | 31 |
stderr=subprocess.STDOUT).decode() |
| 32 | 32 |
|
| 33 | 33 |
assert expected_public_key == public_key |
| 34 | 34 |
|
| 35 |
# get modulus from the private key |
|
| 36 |
modulus_pk = subprocess.check_output( |
|
| 37 |
["openssl", "rsa", "-noout", "-in", "-", "-modulus"], |
|
| 38 |
input=bytes(certificate_pk[1], encoding="utf-8"), |
|
| 39 |
stderr=subprocess.STDOUT).decode() |
|
| 40 |
|
|
| 41 |
# get the modulus from the extracted public key |
|
| 42 |
modulus_from_extracted_public_key = subprocess.check_output( |
|
| 43 |
["openssl", "rsa", "-noout", "-pubin", "-in", "-", "-modulus"], |
|
| 44 |
input=bytes(public_key, |
|
| 45 |
encoding="utf-8"), |
|
| 46 |
stderr=subprocess.STDOUT).decode() |
|
| 47 |
|
|
| 48 |
# moduli should match |
|
| 49 |
assert modulus_pk == modulus_from_extracted_public_key |
|
| 50 |
|
|
Také k dispozici: Unified diff
Re #8573 - Added some CertificateService tests and improved CryptographyService tests of methods that extract public keys