Revize e8face67
Přidáno uživatelem Stanislav Král před více než 3 roky(ů)
| src/services/cryptography.py | ||
|---|---|---|
| 231 | 231 |
# the process failed because of some other reason (incorrect cert format) |
| 232 | 232 |
raise CryptographyException(OPENSSL_EXECUTABLE, args, err.decode()) |
| 233 | 233 |
|
| 234 |
def extract_public_key(self, cert_pem: str) -> str:
|
|
| 234 |
def extract_public_key(self, private_key_pem: str, passphrase=None) -> str:
|
|
| 235 | 235 |
""" |
| 236 |
Extracts a public key from the given certificate passed in PEM format |
|
| 237 |
:param cert_pem: PEM data representing a certificate from which a public key should be extracted |
|
| 236 |
Extracts a public key from the given private key passed in PEM format |
|
| 237 |
:param private_key_pem: PEM data representing the private key from which a public key should be extracted |
|
| 238 |
:param passphrase: passphrase to be provided when the supplied private key is encrypted |
|
| 238 | 239 |
:return: a string containing the extracted public key in PEM format |
| 239 | 240 |
""" |
| 240 |
args = ["x509", "-in", "-", "-noout", "-pubkey"] |
|
| 241 |
return self.__run_for_output(args, proc_input=bytes(cert_pem, encoding="utf-8")).decode() |
|
| 241 |
args = ["rsa", "-in", "-", "-pubout"] |
|
| 242 |
if passphrase is not None: |
|
| 243 |
args.extend(["-passin", f"pass:{passphrase}"])
|
|
| 244 |
return self.__run_for_output(args, proc_input=bytes(private_key_pem, encoding="utf-8")).decode() |
|
| 242 | 245 |
|
| 243 | 246 |
def parse_cert_pem(self, cert_pem): |
| 244 | 247 |
""" |
| tests/unit_tests/services/cryptography/conftest.py | ||
|---|---|---|
| 7 | 7 |
def service(): |
| 8 | 8 |
# provide a CryptographyService fixture |
| 9 | 9 |
return CryptographyService() |
| 10 |
|
|
| 11 |
|
|
| 12 |
@pytest.fixture |
|
| 13 |
def private_key_pem(): |
|
| 14 |
return """ |
|
| 15 |
-----BEGIN RSA PRIVATE KEY----- |
|
| 16 |
MIIEpgIBAAKCAQEA8Ue4iYHc7ECrdHij9JHLRPhw9YXsK09ojPZaMW+GnhJrh//V |
|
| 17 |
uOlUsA3Qb2xrdpwcevpTy8+96FU+w/laDA0KGsRPDfZnRYFGfonzuhJKDNkU7p2H |
|
| 18 |
sqKp+ttxNEFm2ZTPo9KvrvQrg286RUMu+b0e/PlSG9X3L/+OMx3GsblBbXKNQmSq |
|
| 19 |
T5qdWmoFMRSR4Z7wufAGebJXBTn8Z5r1KkhLLViRYdWC4V9+/ZcCg8eMHG2StRGI |
|
| 20 |
MutrhidznFaTvOSiw6ehdFmv7qlEeUPj6kiSHMe6duwrFP2p9fyp4hWjjW72CUhJ |
|
| 21 |
JadXNzVk5/HPb/BxFGmpdkVvDZJbUQ17IotW9QIDAQABAoIBAQDUzohBp+t96LAQ |
|
| 22 |
o1Mgo/Kf22xt8PfTX098fNAiKBaYlvCG3CvZ0tqiCR0dGYhS7e/ku6Nq8Mi0AXPB |
|
| 23 |
j81PMbUG1LxROVHuqM3PT8dLB1SOrmza5NBJy1SW8DORflnDcJAPEwVnDu7OFy1S |
|
| 24 |
56WoGZkaUKCN8pL5n7IA/bNBD39YkmkBonzWRhqaPnkq54chHpkg0a0dnGkftHbM |
|
| 25 |
j6mY3s+LfK5TP+mSgGKD2eWBxEuYjYoqIZhGLQ3/L7dC8vBy7plfgpxaJkI8AQfg |
|
| 26 |
SVg821yU3Ms65W8JEQga5sm0SPxbxUkoMvQR4WWsWLVszKoOZ8kQBLOTtHasC4WH |
|
| 27 |
vXkg53khAoGBAPjz1BCYrhpPFlSiSnQ2sIS2GbqYIYVaSjCuDrmHzCQDJaGfrQs8 |
|
| 28 |
OZJDrikZUFxmSTKk38CUEqWQrhMR8YERnc5MgdYjX2HqmrBhFBrNMzH7EUVLhbRp |
|
| 29 |
Dppe4DSB1b6P8lvaERrjmtPZ9FxZML8uJDw0aaVBKYVmKlJREnQP+ADNAoGBAPgc |
|
| 30 |
Snsksn/GM4jVeHzkxw6uCuS//iek6lHMgEvpqdWnvN1X+KQipxZTQZV3OvhmgtJI |
|
| 31 |
zg3Kv5TPn0Sr4oEw87eRGKQj0G/wh27fhe22beWrQMPxMq6R9ny/gvBnfxz/keIW |
|
| 32 |
wAs3wRMHKiVub8FRMEdIOHEMeWrD+dfaGuuV5Y7JAoGBALelXsWTa7N6rfVm9td9 |
|
| 33 |
1H9Buf8c5HVz4pDAhZo1Y9EZBTSSDtvf5HRSOvKUeuR+i/axC2ILmSnLba4hqW7V |
|
| 34 |
6PxbEdg+pckcgFomcudGgkKXe+kLSimI6j3UST5SnLODinxZhA664ebvvEQ3gy80 |
|
| 35 |
wYQsAdbnF9MRR50Lszos4XztAoGBAMQCnbjhif811zrP4stQdg4b41FKeIBbYh7T |
|
| 36 |
X7wZUmoPhT6cpDsPgU864QIy2qypV8rHZ7ovpeDrkdjPrjcANFqeT4hFHwOAU459 |
|
| 37 |
GjJtQC8EdzsVT0Po3oE5TzmbmimPonGqJXf3SRo+O8ask69285ws6yIsh7OYNcaY |
|
| 38 |
cVIS7vM5AoGBAPK2UieUMGTfK/SJ7tizApFkvonaInY8rKmiEeF9zuOxJBJ+mjXC |
|
| 39 |
2dGH5h6itrdbQw7ykrnf4KgmS1ZDamrCYlhMRewbk1gzEvBV1I6W67DaMgIHxzrc |
|
| 40 |
kXs8LBdrpkP93JM50KBFORHJvr9zmPjQ5VJdjipmqmwAI75qIBcdmlYG |
|
| 41 |
-----END RSA PRIVATE KEY----- |
|
| 42 |
""" |
|
| 43 |
|
|
| 44 |
|
|
| 45 |
@pytest.fixture |
|
| 46 |
def private_key_encrypted_pem(): |
|
| 47 |
return """ |
|
| 48 |
-----BEGIN RSA PRIVATE KEY----- |
|
| 49 |
Proc-Type: 4,ENCRYPTED |
|
| 50 |
DEK-Info: AES-256-CBC,3D2BFBB1BD0EB9CECF062FB4E3DFBB58 |
|
| 51 |
|
|
| 52 |
U1YtKQOBkvoqM/9ChVBtDgz7fUazZG3GK58F/p1B+vHsfk3W025Enw0bXs0k3nUL |
|
| 53 |
gbV/6x8Xx2it2FCo31eupHTXi3UhdzrCY4sNu3fz9y4twUouMQpcbSvz8CB6xNvb |
|
| 54 |
y74BbIDdkpHHNPCkYQ6uzuS1nvZsdgulU9ukKLr7iyiJN4bPsuOox+4LKPJkXpuB |
|
| 55 |
zNh5gKI5qvHucq5fiMWQvQUUJSkGKkF89psGwgNlTfJLmKfJmBSZytHpcJJVReI6 |
|
| 56 |
IQNT+Lge5zfYW4cDVfX1aiYS7L19a69mPIGoRTepS1IAecD6pxTMNastaRvpvEfc |
|
| 57 |
k1u42eYczBKQ/EMhW5DoWlRkgr0hAfpuy9akl/oCCA82JDyTyAHsooHSiPqKJ5Qh |
|
| 58 |
4NcKEBxxJzrBl1G27BrOlhkdOpz0IQv8WBRav6+KLCgu8g6wj2qNkPmxE0G8awrw |
|
| 59 |
h+d77hdosewXHUon9rp2rNwn+xBYnLomV/wWd1h4BJD9bjdxoKE2aWdSjMg2+Tk7 |
|
| 60 |
n4PSgusayKLjA9dgEoompdJw0WKHpEBuX6owxia/Mjp7Jah65wJZ3s2dUW3eKJ+X |
|
| 61 |
h0lskIaNGJmTCDcJnfHP7/722S5H4zVNS5rIhRhAp/ySjhFQ7fZZU9ALYyBEwzRT |
|
| 62 |
giviaDdZOVEpIV1XLLD3Va7eSuQU5YmbLbKzFj5eik/i5PDxbdacAfLSuxkNPfvu |
|
| 63 |
2FvxJbnb9XfocvSobx476q7GzZXZCAQ98elpjGngYPnBGa6kk1Um7EcAwnwdVVuK |
|
| 64 |
UDE5ifpVyWOwivtgl3Ljmv8i93gD86qyCaULamVMaNoUs1SQXnVtGlUNm56KmpKH |
|
| 65 |
MYIoSK18unUVeo5GoROC9RuNbFGdG5QSejc+9pcbFpLXsMlFpeW2Amw06Gz/Mor8 |
|
| 66 |
UUk6MOjUHXRyLyM9JaPWYNJgbL2LIhFssURuGV0NzWQCl6TPq7i96+ZlMZxl6DNO |
|
| 67 |
4GUC1eaUbT5OVWpbi6rf6M9FK/RvxGVWQ4Mp7lKtkzxCTJokKPa8O51OFWGsnyQt |
|
| 68 |
E1stBq9obJQKzDE5yd0v50YEJnoeIdk8YNUZujwnM6fmUtNRytqx7qcf9QS7G9bi |
|
| 69 |
OjPup932VHd/QxJwaq2F6bhZyAQ+TLtO7fQ5rkIX4NctJxtHipgl+yAbcYFC5hL1 |
|
| 70 |
yRCRxnXebvAQyiGYeUAH1+vnTZiaF9c44EiPLHbZ+a4hmWKtxaamZQuGaB8Ks1yr |
|
| 71 |
oQmOg4Ixq7cAFW4vSuUjh12SYxuEoAqlW29YaeQ0y/RQV48JjmQgjvoXnworvV/m |
|
| 72 |
h8ER2svSTW5NwDjYCqNzTC0MZehvMpv0mLxfM6QW8rwOJD6HFHSi5l4NsKr0Fx4a |
|
| 73 |
j2LinyBMVFKWbST5Z7yHgwAQydfl3Y5z2rul/ovcy3j+euNdvMpQPc5Ww+p793Y/ |
|
| 74 |
bo7IXBu5trMI1zTr2cPJ/p+ei8E53frScoQnbxVnR/qF4puwKCa1RYbcRYIjsFyH |
|
| 75 |
b5fAiVPUfZUsI3xw17ZLCmVX9Jq2yzLS8Kyrlvd9rLyMeEVFb4R5ho3F+uLopVrC |
|
| 76 |
qRz7WctkmA9/SOxoF6EPaEhIyXNjjFOQbjsXVc+i0Bnw2DjY3s5SYJg6yycwdaHz |
|
| 77 |
-----END RSA PRIVATE KEY----- |
|
| 78 |
""", "pass" |
|
| tests/unit_tests/services/cryptography/extract_public_key_test.py | ||
|---|---|---|
| 1 |
def test_extract_public_key(service): |
|
| 2 |
cert_pem = """ |
|
| 3 |
-----BEGIN CERTIFICATE----- |
|
| 4 |
MIIGITCCBAmgAwIBAgIUb7xAdXd6AkevhmeQqy2BASDqv/IwDQYJKoZIhvcNAQEL |
|
| 5 |
BQAwgZ8xCzAJBgNVBAYTAkNaMRYwFAYDVQQIDA1QaWxzZW4gUmVnaW9uMQ8wDQYD |
|
| 6 |
VQQHDAZQaWxzZW4xFjAUBgNVBAoMDVJvb3RpbmcgUm9vdHMxHDAaBgNVBAsME0Rl |
|
| 7 |
cGFydG1lbnQgb2YgUk9vdHMxFDASBgNVBAMMC01haW4gUm9vdGVyMRswGQYJKoZI |
|
| 8 |
hvcNAQkBFgxyb290QHJvb3QuY3owHhcNMjEwMzIxMTAwMTUyWhcNMjYwMzIxMTAw |
|
| 9 |
MTUyWjCBnzELMAkGA1UEBhMCQ1oxFjAUBgNVBAgMDVBpbHNlbiBSZWdpb24xDzAN |
|
| 10 |
BgNVBAcMBlBpbHNlbjEWMBQGA1UECgwNUm9vdGluZyBSb290czEcMBoGA1UECwwT |
|
| 11 |
RGVwYXJ0bWVudCBvZiBST290czEUMBIGA1UEAwwLTWFpbiBSb290ZXIxGzAZBgkq |
|
| 12 |
hkiG9w0BCQEWDHJvb3RAcm9vdC5jejCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC |
|
| 13 |
AgoCggIBAMKozynv+ja1VkNWpldsrl6tEGYrkNuG9umyqF0ZOZmzWzR7PiszV8DW |
|
| 14 |
o+OQ3SY7MQ7o3qoE/pSiaApmNFxgarWvGxnVgouncrai1AKB92tFY1VnVfQYICD3 |
|
| 15 |
gdjSzo4Lbfc8+67DHTPc0N70oBZuMueQ6ifUQhrjuVaONwAOsZBdal+VWvctJcrf |
|
| 16 |
fd+s6Jkgb/qWuld21Bzea36PLmgwoe8/RNyS9yzspC8jwdU68BemAPy9NBf9Q8Is |
|
| 17 |
0R7aZ0YwKPsdln3lR5GixrNy+sQl0qwy0NgklWIbqpGbMAInJBbTBmBGIbS0zV3t |
|
| 18 |
Nwi+g1u2WaFn63NeoUswAoDtHDm6FXBFI2BabG5tFVRNdfzGU1PEbILprqk214rt |
|
| 19 |
5+j5xTtpaI07akjozYJfal8c6igKXmNJf+xxtASq5EESNLT0YHwVPlT1S/odGvkN |
|
| 20 |
Hk6OJv2dmcH6nHCgT72aUhaVPP9aUIxlnchPD/iprMqkOkfm/k/LZLmPTsZbfmax |
|
| 21 |
VB1PWRFSWozAR4R562QFNRLLzZBlqiN++XMRBnjX4rRNTjZZyrYG3rIv8SytY8N7 |
|
| 22 |
UU0Ya/k+iYs5inbbHBkC3vI2DT6evxlfaXw8b1QTL4mNwR0aK0HjmVU6XdNcmGYr |
|
| 23 |
/PAxyZNNDM+k9wkcj+Xf4iqVrmk9pHEfkRHHjRpOXvFaLogmx/drAgMBAAGjUzBR |
|
| 24 |
MB0GA1UdDgQWBBQSP3MTbRoAP80MfEriCKa9qoqlFDAfBgNVHSMEGDAWgBQSP3MT |
|
| 25 |
bRoAP80MfEriCKa9qoqlFDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUA |
|
| 26 |
A4ICAQCXV3PxhN6U/vhRaXriAOr4RNhvGjdT7XnAC7r21GsfyH3omXPqD/RrrUov |
|
| 27 |
9ZWinxTiQ4xg3f+Iz9DCLXOmwmWoEpPU/LPa2UMENey2XOloQSO4JfdrbVVItWm6 |
|
| 28 |
F0W0aqdMxR9lzt7xoOwT/5wkAEJtHkUyCHB0xv6ZVRJYt07FGt8oipaJl3SlkyhH |
|
| 29 |
onKiCPsjwfcZ7W/lJ4PAFRY1DOLL+2CsLQjE9N2TAViY1HBpI3BfzfsDnXKEV2hS |
|
| 30 |
bNS25bpXbyLKGHqhcD9Y/wQID3fmKQilSSKezEn0nnPfnnb2WF32rWFR2pzgeym/ |
|
| 31 |
Q5vWcJRGSKcD0W58Ob1eLF8pG/FOijgjvHxWiotl2bB2rdEAR8BDJrzhRVxYavft |
|
| 32 |
zpLWb5NGJSjPO29cJ170OyBhXYS+/kpgFf3sxDtOacS6k7LOXcydlckAAHGFwllb |
|
| 33 |
0jkyZ0A2q+RGHIKirs1hWQpOb1O6Pvw+mNtxfghZsq8lnceHIUG9BduTXzWm0MEc |
|
| 34 |
Gh+KpX/I0JzuOc91ydNtvMEOjfIAp8mjLAqDCWRd0OzvE45rPbBAHJXPc4P76B1A |
|
| 35 |
XXwUYr8GuSFQZb1Q4BpCayCYvTLj+7q3z72BCqAA+jMJYV/qU0EpsuFjPvzU8apg |
|
| 36 |
7l9NhB7vf/qhW0XHDa4pv5+d+CXUiHPlW+UTIlni1AfgAel1Ww== |
|
| 37 |
-----END CERTIFICATE----- |
|
| 38 |
""" |
|
| 39 |
public_key = service.extract_public_key(cert_pem) |
|
| 1 |
import pytest |
|
| 2 |
|
|
| 3 |
from src.services.cryptography import CryptographyException |
|
| 4 |
|
|
| 5 |
|
|
| 6 |
def test_extract_public_key_encrypted(service, private_key_encrypted_pem): |
|
| 7 |
public_key = service.extract_public_key(private_key_encrypted_pem[0], passphrase=private_key_encrypted_pem[1]) |
|
| 8 |
|
|
| 9 |
assert "-----BEGIN PUBLIC KEY-----" in public_key |
|
| 10 |
|
|
| 11 |
|
|
| 12 |
def test_extract_public_key_2(service, private_key_pem): |
|
| 13 |
public_key = service.extract_public_key(private_key_pem) |
|
| 40 | 14 |
|
| 41 | 15 |
# TODO test whether public key matches a private key |
| 42 | 16 |
assert "-----BEGIN PUBLIC KEY-----" in public_key |
| 17 |
|
|
| 18 |
|
|
| 19 |
def test_extract_public_key_encrypted_fails(service, private_key_encrypted_pem): |
|
| 20 |
# try to extract it using no passphrase |
|
| 21 |
with pytest.raises(CryptographyException) as e: |
|
| 22 |
service.extract_public_key(private_key_encrypted_pem[0]) |
|
| 23 |
|
|
| 24 |
assert "bad decrypt" in e.value.message |
|
| 25 |
|
|
| 26 |
# try to extract it using an empty passphrase |
|
| 27 |
with pytest.raises(CryptographyException) as e: |
|
| 28 |
service.extract_public_key(private_key_encrypted_pem[0], passphrase="") |
|
| 29 |
|
|
| 30 |
assert "bad decrypt" in e.value.message |
|
| 31 |
|
|
| 32 |
# try to extract it using a wrong passphrase |
|
| 33 |
with pytest.raises(CryptographyException) as e: |
|
| 34 |
service.extract_public_key(private_key_encrypted_pem[0], passphrase="foo") |
|
| 35 |
|
|
| 36 |
assert "bad decrypt" in e.value.message |
|
Také k dispozici: Unified diff
Re #8573 - Changed extract_public_key method in such way that it now extracts a public key from a private key instead of a certificate