def test_create_request(provider=None):
req_params = {
'SubjectAltName': [('ediPartyName', '9876543210')],
# req_params = {'SubjectAltName': [('ediPartyName', ('9876543210', 'asldkj'))],
# req_params = {'SubjectAltName': [('directoryName',
# [('2.5.4.6', 'R')])],
'KeyUsage': [
'digitalSignature', 'nonRepudiation', 'keyEncipherment',
'dataEncipherment'
],
'CertificatePolicies': [('1.2.643.100.113.1', [])],
'Attributes': [
('1.2.643.100.1', '1111111111111'),
('2.5.4.9', 'Лизюкова ул 3 3'),
('1.2.643.3.131.1.1', '000000000000'),
('2.5.4.6', 'R'),
('2.5.4.7', 'Воронеж'),
('2.5.4.8', '36 г. Воронеж'),
('2.5.4.10', 'тестБегемот'),
('2.5.4.3', 'тестБегемот'),
('2.5.4.4', 'Иванов'),
# ('2.5.4.42', 'Иван Иванович'),
('2.5.4.42', 'Иван'),
('2.5.4.12', 'Гениальный директор'),
('1.2.643.100.3', '22222222222')
],
'EK': ['1.3.6.1.5.5.7.3.2', '1.3.6.1.5.5.7.3.4'],
'ValidFrom':
datetime.now(),
'ValidTo':
datetime.now() + timedelta(days=365),
}
req = cryptoapi.create_request(test_container, req_params, test_local,
provider)
assert req is not None and len(req)
def setup_package():
'''
Создание тестового ключевого контейнера и сертификата.
'''
assert cryptoapi.gen_key(test_container, local=test_local)
cs = csp.CertStore(None, b"MY")
certs = list(cs.find_by_name(test_cn))
if not certs:
if not os.path.isfile(test_cer_fn):
req_params = dict(
Attributes=[(CN, test_cn)],
KeyUsage=[
'dataEncipherment', 'nonRepudiation', 'keyEncipherment',
'digitalSignature'
],
EKU=[
csp.szOID_PKIX_KP_EMAIL_PROTECTION,
csp.szOID_PKIX_KP_CLIENT_AUTH
],
# CertificatePolicies=[('1.2.643.100.113.1', []),
# ('1.2.643.100.113.2', [])],
)
request = cryptoapi.create_request(test_container,
req_params,
local=test_local)
open(test_req_fn, 'wb').write(b64encode(request))
print('''
Creating certificate request in file '{req}'. Submit request to
CA and save certificate in file '{cer}'. Then re-run tests.
'''.format(req=test_req_fn, cer=test_cer_fn))
assert False
else:
cert = open(test_cer_fn, 'rb').read()
cryptoapi.bind_cert_to_key(test_container, cert, local=test_local)
os.remove(test_cer_fn)
def test_request_valid_time():
req_params = dict(Attributes=[(CN, test_cn)],
ValidFrom=datetime.now(),
ValidTo=datetime.now() + timedelta(days=30),
KeyUsage=[
'dataEncipherment', 'nonRepudiation',
'keyEncipherment', 'digitalSignature'
],
EKU=[
csp.szOID_PKIX_KP_EMAIL_PROTECTION,
csp.szOID_PKIX_KP_CLIENT_AUTH
])
request1 = cryptoapi.create_request(test_container,
req_params,
local=test_local)
del req_params['ValidFrom']
del req_params['ValidTo']
request2 = cryptoapi.create_request(test_container,
req_params,
local=test_local)
assert b"\x06\x0A\x2A\x85\x03\x02\x04\x01\x01\x01\x01\x02" in request1
assert b"\x06\x0A\x2A\x85\x03\x02\x04\x01\x01\x01\x01\x02" not in request2
def test_request_fields_encoding():
req_params = dict(Attributes=[(CN, test_cn),
('1.2.643.100.5', '111111111111111')],
ValidFrom=datetime.now(),
ValidTo=datetime.now() + timedelta(days=30),
KeyUsage=[
'dataEncipherment', 'nonRepudiation',
'keyEncipherment', 'digitalSignature'
],
EKU=[
csp.szOID_PKIX_KP_EMAIL_PROTECTION,
csp.szOID_PKIX_KP_CLIENT_AUTH
])
request = cryptoapi.create_request(test_container,
req_params,
local=test_local)
assert b"\x30\x18\x06\x05\x2A\x85\x03\x64\x05\x12\x0F\x31\x31\x31\x31\x31\x31\x31\x31\x31\x31\x31\x31\x31\x31\x31" in request
def tease(s):
for f in range(10):
cs = csp.CertStore(None, "MY")
lst = list(cs)
print(len(lst))
del lst
del cs
for n in range(10):
cc = csp.Cert(s)
print(list(cc.eku()))
del cc
for n in range(100):
cont = b'123456789abcdefj'
ctx = csp.Crypt(cont, 75, 0)
del ctx
req = cryptoapi.create_request(cont, req_params)
del req
del cont
print('key generated:', cryptoapi.gen_key(cont))
# Запрос на серт
req_params = dict(Attributes=[(CN, cont), (GN, 'Вася')],
KeyUsage=['dataEncipherment', 'digitalSignature'],
EKU=[csp.szOID_PKIX_KP_EMAIL_PROTECTION,
csp.szOID_PKIX_KP_CLIENT_AUTH],
CertificatePolicies=[('1.2.643.100.113.1', []),
('1.2.643.100.113.2', [])],
RawExtensions=[],
ValidFrom=datetime.utcnow(),
SubjectAltName=[('directoryName',
[('1.2.643.3.141.1.1', '123123456')])],
ValidTo=datetime.now() + timedelta(days=31))
req = cryptoapi.create_request(cont, req_params)
print('request data:', b64encode(req))
open('cer_test.req', 'wb').write(b64encode(req))
open('cer_test.der', 'wb').write(req)
# Импорт серта из файла (требуется отправить запрос в УЦ и сохранить
# полученный серт в файл 'cer_test.cer')
certdata = open('cer_test.cer', 'rb').read()
print(cryptoapi.cert_info(certdata))
thumb = cryptoapi.bind_cert_to_key(cont, certdata)
print('bound cert thumb:', thumb)
# Получение данных о сертификате
cert = cryptoapi.get_certificate(thumb)
print(len(cert))
print(cryptoapi.cert_info(cert))