def test_get_certificate_cont_provider():
cert_by_thumb = cryptoapi.get_certificate(get_test_thumb(),
cont=test_container,
provider=test_provider)
cert_by_name = cryptoapi.get_certificate(name=test_cn,
cont=test_container,
provider=test_provider)
assert cert_by_thumb == cert_by_name
def test_bind_to_container():
cert = cryptoapi.get_certificate(get_test_thumb())
assert cert
assert cryptoapi.bind_cert_to_key(test_container,
cert,
local=test_local,
store=True)
c = cryptoapi.get_certificate(cont=test_container)
assert c == cert
def test_cert_info():
thumb = get_test_thumb()
cert = cryptoapi.get_certificate(thumb)
ci = cryptoapi.cert_info(cert)
assert ci
assert ci['Thumbprint'] == thumb
assert ci.get('PublicKeyAlgorithm')
assert ci.get('SignatureAlgorithm')
def test_signing():
thumb = get_test_thumb()
cert = cryptoapi.get_certificate(thumb)
signed_data = cryptoapi.sign(thumb, msg, True)
assert signed_data
signed_and_encrypted = cryptoapi.sign_and_encrypt(thumb, [cert], msg)
assert signed_and_encrypted
return signed_data
def test_encrypt_for_certs():
certs = [
open(case_path(x), 'rb').read()
for x in ('res1.cer', 'res2.cer', 'res3.cer')
]
our_cert = cryptoapi.get_certificate(name=test_cn)
certs.append(our_cert)
data = open(case_path('res.bin'), 'rb').read()
res = cryptoapi.encrypt(certs, data)
assert res
def test_encrypt_decrypt_cont_provider():
cert = cryptoapi.get_certificate(None,
cont=test_container,
provider=test_provider)
certs = [cert]
encrypted_data = cryptoapi.encrypt(certs, msg)
assert encrypted_data
decrypted_data = cryptoapi.decrypt(encrypted_data,
None,
cont=test_container,
provider=test_provider)
assert msg == decrypted_data
def test_block_encrypt_decrypt():
thumb = get_test_thumb()
cert = cryptoapi.get_certificate(thumb)
data = b'hello world'
encryptedData, ephemData, sessionKeyData, ivData = cryptoapi.block_encrypt(
cert, data)
assert len(encryptedData)
assert len(ephemData)
assert len(sessionKeyData)
assert len(ivData)
open('encdata.bin', 'wb').write(encryptedData)
decryptedData = cryptoapi.block_decrypt(test_container, encryptedData,
ephemData, sessionKeyData, ivData)
open('decdata.bin', 'wb').write(decryptedData)
assert decryptedData[:len(data)] == data
def test_hash_sign_verify():
data = os.urandom(1024)
bad_data = os.urandom(1024)
thumb = get_test_thumb()
cert = cryptoapi.get_certificate(thumb)
length = 0 if test_cn.endswith(b'2012') else 2001
h = cryptoapi.SignedHash(thumb, data)
sig = h.sign()
good = cryptoapi.Hash(data, length=length)
assert good.verify(cert, sig)
bad = cryptoapi.Hash(bad_data, length=length)
assert not bad.verify(cert, sig)
def _test_verifying():
thumb = get_test_thumb()
cert = cryptoapi.get_certificate(thumb)
cs = csp.CertStore(None, b'My')
wrong_certs = list(x.extract() for x in cs
if hexlify(x.thumbprint()) != thumb)
sig = cryptoapi.sign(thumb, msg, False)
assert sig
assert cryptoapi.check_signature(cert, sig, msg)
assert not cryptoapi.check_signature(cert, sig, msg[:-1])
assert cryptoapi.check_signature(None, sig, msg)
assert not cryptoapi.check_signature(None, sig, msg[:-1])
if len(wrong_certs):
assert not any(
cryptoapi.check_signature(c, sig, msg) for c in wrong_certs)
return sig
def test_hash_sign_verify_cont_provider():
data = os.urandom(1024)
bad_data = os.urandom(1024)
length = 0 if test_cn.endswith(b'2012') else 2001
h = cryptoapi.SignedHash(None,
data,
cont=test_container,
provider=test_provider)
sig = h.sign()
cert = cryptoapi.get_certificate(None,
cont=test_container,
provider=test_provider)
assert cert
good = cryptoapi.Hash(data, length=length)
assert good.verify(cert, sig)
bad = cryptoapi.Hash(bad_data, length=length)
assert not bad.verify(cert, sig)
def test_signing_cont_provider():
thumb = get_test_thumb()
cert = cryptoapi.get_certificate(thumb,
cont=test_container,
provider=test_provider)
signed_data = cryptoapi.sign(thumb,
msg,
True,
cont=test_container,
provider=test_provider)
assert signed_data
signed_and_encrypted = cryptoapi.sign_and_encrypt(thumb, [cert],
msg,
cont=test_container,
provider=test_provider)
assert signed_and_encrypted
return signed_data
def test_encrypt_decrypt():
thumb = get_test_thumb()
cert = cryptoapi.get_certificate(thumb)
cs = csp.CertStore(None, b'My')
certs = []
for x in ('res1.cer', ):
certs.append(open(case_path(x), 'rb').read())
certs.append(cert)
wrong_thumbs = list(t for t in (hexlify(c.thumbprint()) for c in cs)
if t != thumb)
encrypted_data = cryptoapi.encrypt(certs, msg)
open('encrypted_data.bin', 'wb').write(encrypted_data)
assert encrypted_data
decrypted_data = cryptoapi.decrypt(encrypted_data, thumb)
assert msg == decrypted_data
bad_thumbs = []
for th in wrong_thumbs[:1]:
try:
cryptoapi.decrypt(encrypted_data, th)
except Exception:
bad_thumbs.append(th)
assert bad_thumbs == wrong_thumbs[:1]
def test_cert_key_id():
thumb = get_test_thumb()
cert = cryptoapi.get_certificate(thumb)
si = cryptoapi.cert_subject_id(cert)
assert si
def test_get_certificate():
cert_by_thumb = cryptoapi.get_certificate(get_test_thumb())
cert_by_name = cryptoapi.get_certificate(name=test_cn)
assert cert_by_thumb == cert_by_name
[('1.2.643.3.141.1.1', '123123456')])],
ValidTo=datetime.now() + timedelta(days=31))
req = cryptoapi.create_request(cont, req_params)
print('request data:', b64encode(req))
open('cer_test.req', 'wb').write(b64encode(req))
open('cer_test.der', 'wb').write(req)
# Импорт серта из файла (требуется отправить запрос в УЦ и сохранить
# полученный серт в файл 'cer_test.cer')
certdata = open('cer_test.cer', 'rb').read()
print(cryptoapi.cert_info(certdata))
thumb = cryptoapi.bind_cert_to_key(cont, certdata)
print('bound cert thumb:', thumb)
# Получение данных о сертификате
cert = cryptoapi.get_certificate(thumb)
print(len(cert))
print(cryptoapi.cert_info(cert))
cert = b64decode('''
MIIFgzCCA2ugAwIBAgIJANaJNbHYaE1HMA0GCSqGSIb3DQEBBQUAMFgxCzAJBgNV
BAYTAlJVMQ8wDQYDVQQIDAZNb3Njb3cxDzANBgNVBAcMBk1vc2NvdzEPMA0GA1UE
CgwGTXlEZWFsMRYwFAYDVQQDDA1Nb3Njb3cgTXlEZWFsMB4XDTEzMDcxNjA3MTIx
M1oXDTE0MDcxNjA3MTIxM1owWDELMAkGA1UEBhMCUlUxDzANBgNVBAgMBk1vc2Nv
dzEPMA0GA1UEBwwGTW9zY293MQ8wDQYDVQQKDAZNeURlYWwxFjAUBgNVBAMMDU1v
c2NvdyBNeURlYWwwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDEqx3b
pbaAv5Uju7RlDJUwATH3ENmD5mh7rK/WCOdC42lM5Of95N9w9vmn8475NM2iIlu/
l+ZNJFNF2StNyhsY25b0k3T4RRgI3Q84fNCu7RVKTsjAQIAlsz7MjSMd8wcWbDjt
4oUIt4yosNkSy9QGqkZUuhGVlwznbS2uumRqNKsw7TmAEnkleQmOJ2/hE/O2EDw9
+ESyStFhP5EesT1T+phqn4j6WPkZX1enU5Fc5fkkPJ1Vo+aeTEoUuTdTnPJ2ubp3
4W4x7X+dDbqX4QHEQoOpREDR3SwXJif7+morqr/a4syNJp6R/EjaQOvdsxQE/WgA
IHQvO7ycq+bS1usjHXZY4UeTvcaSmEEawiwda5suyZf+Ruzz8EWBWLOd3fAah2r0