Revize 7ff4be59
Přidáno uživatelem Stanislav Král před asi 4 roky(ů)
| tests/unit_tests/services/cryptography/conftest.py | ||
|---|---|---|
| 105 | 105 |
""" |
| 106 | 106 |
|
| 107 | 107 |
|
| 108 |
# contains certificate, private key as well as PK passphrase |
|
| 108 | 109 |
@pytest.fixture |
| 109 | 110 |
def certificate_with_encrypted_pk_pem(): |
| 110 | 111 |
return """ |
| ... | ... | |
| 129 | 130 |
c2xJmcA3t2cFCHYKXDmlBJJ5Kvkuak9U+TZLl7+Y7+SmyJIv9nRN2THwDKpaRtff |
| 130 | 131 |
94wl65n2IoG1YP4XyjyX |
| 131 | 132 |
-----END CERTIFICATE----- |
| 132 |
""", "pass" |
|
| 133 |
""", """ |
|
| 134 |
-----BEGIN RSA PRIVATE KEY----- |
|
| 135 |
Proc-Type: 4,ENCRYPTED |
|
| 136 |
DEK-Info: AES-256-CBC,CC2F8ACBF28E244F2DCD4239D38EE3A5 |
|
| 137 |
|
|
| 138 |
75uLZWsoCKfzOlp//IbWVkISUsrG2MqrJi8JIRKWeR63jGCuskju87U+LoPP7EZ+ |
|
| 139 |
xBm9uP0voayUIXPnGOJS/1veUfV8477RGhqK0/pM/MLWcYnggeoBu7EIzUVi80tQ |
|
| 140 |
chC1DJxB+mi1DG3lytyzvuDq8AsQ7iK7VWmST9pJHDgw9K19zBLRtPjZLYs09A0e |
|
| 141 |
PJE74IgZySOctZxwidmdwYDysGaMK35nxP6tPUngQjuA2TdDQxOKBTG17g4drqcJ |
|
| 142 |
ddJFpw3HKiSRyHtl8DQoQwHXvgSFNz/dAnXRRAA+8ogyCyzcroekBGqaMJWpJMNp |
|
| 143 |
sbJgochbFZ+ayAQuQQGxDQHkzpTlYP4HCeDW7hR79HUWLziPXCjoE5PcEz/z/Be1 |
|
| 144 |
dxYzK3zArFSHthvhKWNhwsFhCmseAlR8jtOBOncAG4F1wkkwIGjfrWFTUmvBBS+m |
|
| 145 |
KbUzDM2H4caUnG8gWiGht/EZU6M4fEuFy6Ms8ZXUZLnz3k4wfw5KKIGgdZ4BsVt0 |
|
| 146 |
zTLkrvuy/wCRo6j5EQT7fBr2RAhakIBOOmXBD5ZukJljvP2EF8z33AgeOO2CE1Uw |
|
| 147 |
fq460dOHuk7A89pGfYHmy9KVpL2q70xswYbv+2yjaDOhRRHoNNGtIK9b+aTo0dxD |
|
| 148 |
ixHgrxQeJnkwpLBhuax0pMzL1vbG0jujlApVRUodUo2xkZjwjgwp95Ss4RJr124U |
|
| 149 |
pLjQJ+9V1BUl1i0VqrC8IyABQH2hpPXk/yxGsAZ2xOXCsGKd1IT997SroA8vnJBf |
|
| 150 |
umGVl88GowzSVRdVwZozb5JGyh/pV+haNgHM8NBwZEqD8kB+4038l3dwtr115Ogi |
|
| 151 |
8zRqUgvcBXTaXOJ04qpZmnhILFTu36Z5OtE1VRT+7e/9viAsvTzrGpoVd8rPSima |
|
| 152 |
Vxus94+yDgakkXpF7nyoP/r0PVZNpcB2Iq1c8jqln6YL+9uxGnkAcCWerYx75lpv |
|
| 153 |
TSXCw9IS07f3ggiJ77d3IleEFA5ohCKoAZndxmRS+M1/EsZn4ShsN71CCY3UTofV |
|
| 154 |
T4Gadwk5nKKVDF2BP7nVOu4KBN0ws9ENweZjFVbr/uRghbt2fxQlFCcMSR+huTcU |
|
| 155 |
p2JNCXNhhqCtswjr2nt1Ti/LyFwxSrJqTw1HNIeTHYHp/YPfGCq8O3gBT4DOxQ5D |
|
| 156 |
0vg7+yNV4tmfgKxjA+MgHBFo1SffRKYtMy9ILZyo2yb+AyjZWfl6ab0tyhK517jD |
|
| 157 |
YSClJgqlzYCe1sWU/Vot0/GrPn4jI/0o2cIXOXRf2LH8JEkXC8qxxWl3gLzTmznG |
|
| 158 |
s+r8D6UAmo6cCXaB4bquRooIi1BT1bINOixASa6BF/58VXnnpE8ItqIp4o2gb4Nq |
|
| 159 |
TD+620Jn9JZOdaq5heDObfg6wIH8PS/1VDdcFflayX9YxdMDJ4RGG6CRLWplJWT/ |
|
| 160 |
Q7Kex+qupynM4gwXfpg9AuM3uAaIlUYU45zgTC9cF+vBWFtao0tZCmjJEXaik9L/ |
|
| 161 |
H1WudWhZjp6RflnLKTcLvYslutwUb4q23mPUim03H/7YZ5tPLDWgSHiOk4phHVPG |
|
| 162 |
pIeQ6WxVbfVqyCBrTAsKUvkfs+rGvyM0iXgPw5As7M2nRE3emwpw8PskqLUnTMyK |
|
| 163 |
-----END RSA PRIVATE KEY----- |
|
| 164 |
""", "pass" |
|
| tests/unit_tests/services/cryptography/extract_public_key_from_certificate_test.py | ||
|---|---|---|
| 1 |
import subprocess |
|
| 2 |
|
|
| 1 | 3 |
|
| 2 | 4 |
def test_extract_public_key_encrypted(service, certificate_with_encrypted_pk_pem): |
| 3 | 5 |
public_key = service.extract_public_key_from_certificate(certificate_with_encrypted_pk_pem[0]) |
| 4 | 6 |
|
| 5 |
assert "-----BEGIN PUBLIC KEY-----" in public_key |
|
| 7 |
# get modulus from the private key |
|
| 8 |
modulus_pk = subprocess.check_output( |
|
| 9 |
["openssl", "rsa", "-noout", "-in", "-", "-modulus", "-passin", f"pass:{certificate_with_encrypted_pk_pem[2]}"],
|
|
| 10 |
input=bytes(certificate_with_encrypted_pk_pem[1], encoding="utf-8"), |
|
| 11 |
stderr=subprocess.STDOUT).decode() |
|
| 12 |
|
|
| 13 |
# get the modulus from the extracted public key |
|
| 14 |
modulus_from_extracted_public_key = subprocess.check_output( |
|
| 15 |
["openssl", "rsa", "-noout", "-pubin", "-in", "-", "-modulus"], |
|
| 16 |
input=bytes(public_key, |
|
| 17 |
encoding="utf-8"), |
|
| 18 |
stderr=subprocess.STDOUT).decode() |
|
| 19 |
|
|
| 20 |
# moduli should match |
|
| 21 |
assert modulus_pk == modulus_from_extracted_public_key |
|
| 6 | 22 |
|
| 7 | 23 |
|
| 8 | 24 |
def test_extract_public_key(service, certificate_pem): |
| 9 | 25 |
public_key = service.extract_public_key_from_certificate(certificate_pem) |
| 10 | 26 |
|
| 11 |
# TODO test whether public key matches a private key |
|
| 12 |
assert "-----BEGIN PUBLIC KEY-----" in public_key |
|
| 27 |
# get public key from the certificate |
|
| 28 |
expected_public_key = subprocess.check_output( |
|
| 29 |
["openssl", "x509", "-in", "-", "-noout", "-pubkey"], |
|
| 30 |
input=bytes(certificate_pem, encoding="utf-8"), |
|
| 31 |
stderr=subprocess.STDOUT).decode() |
|
| 32 |
|
|
| 33 |
assert expected_public_key == public_key |
|
| 13 | 34 |
|
| tests/unit_tests/services/cryptography/extract_public_key_test.py | ||
|---|---|---|
| 1 |
import subprocess |
|
| 2 |
|
|
| 1 | 3 |
import pytest |
| 2 | 4 |
|
| 3 | 5 |
from src.services.cryptography import CryptographyException |
| ... | ... | |
| 7 | 9 |
public_key = service.extract_public_key_from_private_key(private_key_encrypted_pem[0], |
| 8 | 10 |
passphrase=private_key_encrypted_pem[1]) |
| 9 | 11 |
|
| 10 |
assert "-----BEGIN PUBLIC KEY-----" in public_key |
|
| 12 |
# get modulus from the private key |
|
| 13 |
modulus_pk = subprocess.check_output( |
|
| 14 |
["openssl", "rsa", "-noout", "-in", "-", "-modulus", "-passin", f"pass:{private_key_encrypted_pem[1]}"],
|
|
| 15 |
input=bytes(private_key_encrypted_pem[0], encoding="utf-8"), |
|
| 16 |
stderr=subprocess.STDOUT).decode() |
|
| 17 |
|
|
| 18 |
# get the modulus from the extracted public key |
|
| 19 |
modulus_from_extracted_public_key = subprocess.check_output( |
|
| 20 |
["openssl", "rsa", "-noout", "-pubin", "-in", "-", "-modulus"], |
|
| 21 |
input=bytes(public_key, |
|
| 22 |
encoding="utf-8"), |
|
| 23 |
stderr=subprocess.STDOUT).decode() |
|
| 24 |
|
|
| 25 |
# moduli should match |
|
| 26 |
assert modulus_pk == modulus_from_extracted_public_key |
|
| 11 | 27 |
|
| 12 | 28 |
|
| 13 | 29 |
def test_extract_public_key(service, private_key_pem): |
| 14 | 30 |
public_key = service.extract_public_key_from_private_key(private_key_pem) |
| 15 | 31 |
|
| 16 |
# TODO test whether public key matches a private key |
|
| 17 |
assert "-----BEGIN PUBLIC KEY-----" in public_key |
|
| 32 |
# get modulus from the private key |
|
| 33 |
modulus_pk = subprocess.check_output( |
|
| 34 |
["openssl", "rsa", "-noout", "-in", "-", "-modulus"], |
|
| 35 |
input=bytes(private_key_pem, encoding="utf-8"), |
|
| 36 |
stderr=subprocess.STDOUT).decode() |
|
| 37 |
|
|
| 38 |
# get the modulus from the extracted public key |
|
| 39 |
modulus_from_extracted_public_key = subprocess.check_output( |
|
| 40 |
["openssl", "rsa", "-noout", "-pubin", "-in", "-", "-modulus"], |
|
| 41 |
input=bytes(public_key, |
|
| 42 |
encoding="utf-8"), |
|
| 43 |
stderr=subprocess.STDOUT).decode() |
|
| 44 |
|
|
| 45 |
# moduli should match |
|
| 46 |
assert modulus_pk == modulus_from_extracted_public_key |
|
| 18 | 47 |
|
| 19 | 48 |
|
| 20 | 49 |
def test_extract_public_key_encrypted_fails(service, private_key_encrypted_pem): |
Také k dispozici: Unified diff
Re #8573 - Improved testing of extract_public_key_from_certificate and extract_public_key_from_private_key methods