Beispiel #1
0
 def test_non_bytes(self, backend):
     with pytest.raises(TypeError):
         load_key_and_certificates(
             b"irrelevant",
             object(),
             backend  # type: ignore[arg-type]
         )
Beispiel #2
0
 def test_create(self):
     root = parse_xml("data/free-sample.xml")
     signature = xmlsig.template.create(
         xmlsig.constants.TransformInclC14N,
         xmlsig.constants.TransformRsaSha1,
         "Signature",
     )
     signature_id = utils.get_unique_id()
     ref = xmlsig.template.add_reference(
         signature, xmlsig.constants.TransformSha1, uri="", name="REF"
     )
     xmlsig.template.add_transform(ref, xmlsig.constants.TransformEnveloped)
     xmlsig.template.add_reference(
         signature, xmlsig.constants.TransformSha1, uri="#KI"
     )
     xmlsig.template.add_reference(
         signature, xmlsig.constants.TransformSha1, uri="#" + signature_id
     )
     ki = xmlsig.template.ensure_key_info(signature, name="KI")
     data = xmlsig.template.add_x509_data(ki)
     xmlsig.template.x509_data_add_certificate(data)
     serial = xmlsig.template.x509_data_add_issuer_serial(data)
     xmlsig.template.x509_issuer_serial_add_issuer_name(serial)
     xmlsig.template.x509_issuer_serial_add_serial_number(serial)
     xmlsig.template.add_key_value(ki)
     qualifying = template.create_qualifying_properties(
         signature, name=utils.get_unique_id()
     )
     props = template.create_signed_properties(qualifying, name=signature_id)
     template.add_claimed_role(props, "Supp2")
     template.add_production_place(props, city="Madrid")
     template.add_production_place(
         props, state="BCN", postal_code="08000", country="ES"
     )
     template.add_claimed_role(props, "Supp")
     policy = GenericPolicyId(
         "http://www.facturae.es/politica_de_firma_formato_facturae/"
         "politica_de_firma_formato_facturae_v3_1.pdf",
         "Politica de Firma FacturaE v3.1",
         xmlsig.constants.TransformSha1,
     )
     root.append(signature)
     with open(path.join(BASE_DIR, "data/keyStore.p12"), "rb") as key_file:
         certificate = pkcs12.load_key_and_certificates(key_file.read(), None)
     with open(path.join(BASE_DIR, "data/keyStore2.p12"), "rb") as key_file:
         certificate2 = pkcs12.load_key_and_certificates(key_file.read(), None)
     ctx = XAdESContext(policy, [certificate2[1], certificate[1]])
     ctx.load_pkcs12(certificate)
     with patch("xades.policy.urllib.urlopen") as mock:
         mock.return_value = UrllibMock()
         ctx.sign(signature)
         ctx.verify(signature)
Beispiel #3
0
 def _load_key_and_certificates(self):
     """
     :return:
     """
     return load_key_and_certificates(data=self._arquivo,
                                      password=self._senha.encode(),
                                      backend=default_backend())
Beispiel #4
0
def extract_cert_from_pkcs12(acc, device_key):
    _, cert, _ = pkcs12.load_key_and_certificates(base64.b64decode(acc.pkcs12),
                                                  device_key)

    cert_der = cert.public_bytes(crypto_serialization.Encoding.DER)

    return cert_der
Beispiel #5
0
def crypto_sign(certificate_filename, password, pdf_filename):

    backend = default_backend()

    with open(certificate_filename, 'rb') as cert_in:
        cert_data = cert_in.read()
    cert = load_key_and_certificates(cert_data, password.encode('utf-8'),
                                     backend)

    with open(pdf_filename, 'rb') as decl_file:
        decl_pdf = decl_file.read()

    timestamp = datetime.datetime.now().strftime("%Y%m%d%H%M%S+02'00'")

    dct = {
        b'sigflags': 3,
        b'sigpage': 0,
        b'sigbutton': True,
        b'contact': b'*****@*****.**',
        b'location': b'Athens',
        b'signingdate': timestamp.encode('utf-8'),
        b'reason': b'GRNET Signing Service',
        b'signature': f'Verified by GRNET S.A. {timestamp}'.encode('utf-8'),
        b'signaturebox': (450, 0, 600, 100),
    }

    decl_signed = endesivepdf.cms.sign(decl_pdf, dct, cert[0], cert[1],
                                       cert[2], 'sha256')

    filename, file_extension = os.path.splitext(pdf_filename)
    signed_pdf_filename = f'{filename}-signed{file_extension}'
    with open(signed_pdf_filename, 'wb') as decl_signed_file:
        decl_signed_file.write(decl_pdf)
        decl_signed_file.write(decl_signed)
Beispiel #6
0
 def _test_load_pkcs12_ec_keys(self, filename, password, backend):
     cert = load_vectors_from_file(
         os.path.join("x509", "custom", "ca", "ca.pem"),
         lambda pemfile: x509.load_pem_x509_certificate(
             pemfile.read(), backend
         ),
         mode="rb",
     )
     key = load_vectors_from_file(
         os.path.join("x509", "custom", "ca", "ca_key.pem"),
         lambda pemfile: load_pem_private_key(
             pemfile.read(), None, backend
         ),
         mode="rb",
     )
     assert isinstance(key, ec.EllipticCurvePrivateKey)
     parsed_key, parsed_cert, parsed_more_certs = load_vectors_from_file(
         os.path.join("pkcs12", filename),
         lambda derfile: load_key_and_certificates(
             derfile.read(), password, backend
         ),
         mode="rb",
     )
     assert isinstance(parsed_key, ec.EllipticCurvePrivateKey)
     assert parsed_cert == cert
     assert parsed_key.private_numbers() == key.private_numbers()
     assert parsed_more_certs == []
Beispiel #7
0
    def test_generate_each_supported_keytype(self, backend, kgenerator, ktype,
                                             kparam, name, algorithm,
                                             password):
        if ktype == ec.EllipticCurvePrivateKey:
            _skip_curve_unsupported(backend, *kparam)

        key = kgenerator(*kparam)

        assert isinstance(key, ktype)
        cacert, cakey = _load_ca(backend)
        now = datetime.utcnow()
        cert = (x509.CertificateBuilder().subject_name(
            cacert.subject).issuer_name(cacert.subject).public_key(
                key.public_key()).serial_number(
                    x509.random_serial_number()).not_valid_before(
                        now).not_valid_after(now).sign(cakey, hashes.SHA256()))
        assert isinstance(cert, x509.Certificate)
        p12 = serialize_key_and_certificates(name, key, cert, [cacert],
                                             algorithm)
        parsed_key, parsed_cert, parsed_more_certs = load_key_and_certificates(
            p12, password, backend)
        assert parsed_cert == cert
        assert isinstance(parsed_key, ktype)
        assert parsed_key.public_key().public_bytes(
            Encoding.PEM, PublicFormat.SubjectPublicKeyInfo) == key.public_key(
            ).public_bytes(Encoding.PEM, PublicFormat.SubjectPublicKeyInfo)
        assert parsed_more_certs == [cacert]
Beispiel #8
0
def main():
    date = datetime.datetime.utcnow() - datetime.timedelta(hours=12)
    date = date.strftime('%Y%m%d%H%M%S+00\'00\'')
    dct = {
        b'sigflags': 3,
        # b'sigpage': 0,
        b'sigbutton': True,
        b'signature_img': b'sign.png',
        b'contact': b'*****@*****.**',
        b'location': b'India',
        b'signingdate': date.encode(),
        b'reason': b'Verified Document',
        b'signature': b'Approved By Goverment',
        b'signaturebox': (470, 0, 570, 100),
    }
    with open('Key.p12', 'rb') as fp:
        p12 = pkcs12.load_key_and_certificates(fp.read(), b'Sky@76445',
                                               backends.default_backend())
    fname = 'resume.pdf'
    if len(sys.argv) > 1:
        fname = sys.argv[1]
    datau = open(fname, 'rb').read()
    datas = pdf.cms.sign(datau, dct, p12[0], p12[1], p12[2], 'sha256')
    fname = fname.replace('.pdf', '-signed-cms.pdf')
    with open(fname, 'wb') as fp:
        fp.write(datau)
        fp.write(datas)
Beispiel #9
0
def main():
    date = datetime.datetime.utcnow() - datetime.timedelta(hours=12)
    date = date.strftime('%Y%m%d%H%M%S+00\'00\'')
    img = Image.open('signature_test.png')
    dct = {
        b'sigflags': 3,
        # b'sigpage': 0,
        b'sigbutton': True,
        b'signature_img': img,
        b'contact': b'*****@*****.**',
        b'location': b'Szczecin',
        b'signingdate': date.encode(),
        b'reason': b'Dokument podpisany cyfrowo',
        b'signature': b'Dokument podpisany cyfrowo',
        b'signaturebox': (470, 0, 570, 100),
    }
    with open('demo2_user1.p12', 'rb') as fp:
        p12 = pkcs12.load_key_and_certificates(fp.read(), b'1234',
                                               backends.default_backend())
    fname = 'pdf.pdf'
    if len(sys.argv) > 1:
        fname = sys.argv[1]
    datau = open(fname, 'rb').read()
    datas = pdf.cms.sign(datau, dct, p12[0], p12[1], p12[2], 'sha256')
    fname = fname.replace('.pdf', '-signed-cms-pil.pdf')
    with open(fname, 'wb') as fp:
        fp.write(datau)
        fp.write(datas)
Beispiel #10
0
    def run_test_add_sign_pil(self):
        m = MateriaLegislativa.objects.get(pk=17738)
        print(m.texto_original.original_path)

        date = timezone.localtime()
        date = date.strftime('%Y%m%d%H%M%S+00\'00\'')
        img = Image.open('/home/leandro/Câmara/logo/logo_256.jpg')
        dct = {
            b'sigflags': 3,
            # b'sigpage': 0,
            b'sigbutton': True,
            b'signature_img': img,
            b'contact': b'*****@*****.**',
            b'location': b'CMJ',
            b'signingdate': date.encode(),
            b'reason': b'Certificar Protocolo',
            b'signature': b'Leandro Roberto da Silva',
            b'signaturebox': (100, 100, 100, 100),
        }
        with open(settings.CERT_PRIVATE_KEY_ID, 'rb') as fp:
            p12 = pkcs12.load_key_and_certificates(
                fp.read(), settings.CERT_PRIVATE_KEY_ACCESS.encode(),
                backends.default_backend())

        #fname = m.texto_original.original_path
        fname = '/home/leandro/Downloads/ed_020_assinado.pdf'

        datau = open(fname, 'rb').read()
        datas = pdf.cms.sign(datau, dct, p12[0], p12[1], p12[2], 'sha256')
        fname = '/home/leandro/TEMP/teste.pdf'
        with open(fname, 'wb') as fp:
            fp.write(datau)
            fp.write(datas)
Beispiel #11
0
    def test_pdf(self):
        dct = {
            b'sigflags': 3,
            b'contact': b'*****@*****.**',
            b'location': b'Szczecin',
            b'signingdate': b'20180731082642+02\'00\'',
            b'reason': b'Dokument podpisany cyfrowo',
        }
        with open(fixture('demo2_user1.p12'), 'rb') as fp:
            p12 = pkcs12.load_key_and_certificates(fp.read(), b'1234',
                                                   backends.default_backend())
        fname = fixture('pdf.pdf')
        with open(fname, 'rb') as fh:
            datau = fh.read()
        datas = pdf.cms.sign(datau, dct, p12[0], p12[1], p12[2], 'sha256')
        fname = fname.replace('.pdf', '-signed-cms.pdf')
        with open(fname, 'wb') as fp:
            fp.write(datau)
            fp.write(datas)

        with open(fixture('demo2_ca.crt.pem'), 'rt') as fh:
            trusted_cert_pems = (fh.read(), )
        with open(fname, 'rb') as fh:
            data = fh.read()
        (hashok, signatureok, certok) = pdf.verify(data, trusted_cert_pems)
        assert signatureok and hashok and certok
Beispiel #12
0
 def _load_key_and_certificates(self):
     """
     :return:
     """
     return load_key_and_certificates(data=self.abre_arquivo(),
                                      password=self.senha,
                                      backend=default_backend())
Beispiel #13
0
async def _retrieve_credentials(session: aiohttp.ClientSession,
                                arch, cert_label, **kwargs):
    url = f"{CERTOMANCER_HOST_URL}/_certomancer/pfx-download/{arch}"
    data = {
        "cert": cert_label,
        "passphrase": TEST_PASSPHRASE.decode("ascii")
    }
    async with session.post(url=url, data=data, raise_for_status=True,
                            timeout=TIMEOUT) as response:
        pfx_bytes = await response.read()
    (private_key, cert, other_certs_pkcs12) \
        = pkcs12.load_key_and_certificates(pfx_bytes, TEST_PASSPHRASE)

    kinfo = _translate_pyca_cryptography_key_to_asn1(private_key)
    cert = _translate_pyca_cryptography_cert_to_asn1(cert)
    other_certs_pkcs12 = set(map(
        _translate_pyca_cryptography_cert_to_asn1,
        other_certs_pkcs12
    ))

    cs = SimpleCertificateStore()
    cs.register_multiple(other_certs_pkcs12)
    return SimpleSigner(
        signing_key=kinfo, signing_cert=cert,
        cert_registry=cs, **kwargs
    )
Beispiel #14
0
def load_pkcs12_data(p12_data, input_password) -> (bytes, bytes, bytes):
    """ loads a key and certificate from a p12 data.
    Returns:	
        - A tuple of (private_key, certificate, additional_certificates)
    """
    return pkcs12.load_key_and_certificates(p12_data, input_password,
                                            default_backend())
Beispiel #15
0
def load_pkcs12_certificate(certificate_data, password):
    # type: (bytes, Optional[bytes]) -> _Cert
    from cryptography.hazmat.primitives.serialization import Encoding, NoEncryption, pkcs12, PrivateFormat

    try:
        private_key, cert, additional_certs = pkcs12.load_key_and_certificates(
            certificate_data, password, backend=default_backend()
        )
    except ValueError as ex:
        # mentioning PEM here because we raise this error when certificate_data is garbage
        six.raise_from(ValueError("Failed to deserialize certificate in PEM or PKCS12 format"), ex)
    if not private_key:
        raise ValueError("The certificate must include its private key")
    if not cert:
        raise ValueError("Failed to deserialize certificate in PEM or PKCS12 format")

    # This serializes the private key without any encryption it may have had. Doing so doesn't violate security
    # boundaries because this representation of the key is kept in memory. We already have the key and its
    # password, if any, in memory.
    key_bytes = private_key.private_bytes(Encoding.PEM, PrivateFormat.PKCS8, NoEncryption())
    pem_sections = [key_bytes] + [c.public_bytes(Encoding.PEM) for c in [cert] + additional_certs]
    pem_bytes = b"".join(pem_sections)

    fingerprint = cert.fingerprint(hashes.SHA1())  # nosec

    return _Cert(pem_bytes, private_key, fingerprint)
Beispiel #16
0
 def get_p12(self):
     """
     :return: cryptography.pkcs12
     """
     self.ensure_one()
     return pkcs12.load_key_and_certificates(self.get_p12_buffer(),
                                             self.password.encode())
Beispiel #17
0
def _load_certificate_and_key():
    """
    Extracts the key & certificate from the p12 file specified with CERTIFICATE_PATH & CERTIFICATE_PASSWORD
    """
    return pkcs12.load_key_and_certificates(b64decode(P12_CERTIFICATE),
                                            str.encode(CERTIFICATE_PASSWORD),
                                            backends.default_backend())
Beispiel #18
0
 def get_keys(self):
     record = self.env["l10n.es.aeat.certificate"].browse(
         self.env.context.get("active_id")
     )
     directory = os.path.join(
         os.path.abspath(config["data_dir"]),
         "certificates",
         release.series,
         self.env.cr.dbname,
         record.folder,
     )
     file = base64.decodebytes(record.file)
     if tuple(map(int, cryptography.__version__.split("."))) < (3, 0):
         raise exceptions.UserError(
             _("Cryptography version is not supported. Upgrade to 3.0.0 or greater.")
         )
     try:
         if directory and not os.path.exists(directory):
             os.makedirs(directory)
         pfx_password = self.password
         if isinstance(pfx_password, str):
             pfx_password = bytes(pfx_password, "utf-8")
         p12 = pkcs12.load_key_and_certificates(file, pfx_password)
         vals = self._process_certificate_vals(record, p12, directory)
         record.write(vals)
     except Exception as e:
         if e.args:
             args = list(e.args)
         raise ValidationError(args[-1]) from e
Beispiel #19
0
def main():
    date = datetime.datetime.utcnow() - datetime.timedelta(hours=12)
    date = date.strftime('%Y%m%d%H%M%S+00\'00\'')
    dct = {
        'sigflags': 3,
        'contact': '*****@*****.**',
        'location': 'Szczecin',
        'signingdate': date,
        'reason': 'Dokument podpisany cyfrowo',
    }
    with open('demo2_user1.p12', 'rb') as fp:
        p12 = pkcs12.load_key_and_certificates(fp.read(), b'1234',
                                               backends.default_backend())
    doc = pdf.FPDF()
    doc.pkcs11_setup(dct, p12[0], p12[1], p12[2], 'sha256')
    for i in range(2):
        doc.add_page()
        doc.set_font('helvetica', '', 13.0)
        doc.cell(w=75.0,
                 h=22.0,
                 align='C',
                 txt='Hello, world page=%d.' % i,
                 border=0,
                 ln=0)
    doc.output('pdf-signed-fpdf.pdf', "F")
Beispiel #20
0
def test_p12():

    p12filename = "bin/0xea5d262806c5771ae57e8fe4051c91d62b1d67bf.p12"
    with open(p12filename, "rb") as f:

        p12buff = f.read()
        pwd = b"123456"
        (key, cert,
         additional_certificates) = pkcs12.load_key_and_certificates(
             bytes(p12buff), password=pwd, backend=default_backend())
        print("p12 privkey :", key)
        print("p12 privkey size:", key.key_size)
        print("p12 public  bytes:", key.public_key)

        # 用crypto加载p12文件,会有warning "PKCS#12 support in pyOpenSSL is deprecated.
        # You should use the APIs in cryptography."
        crypto_p12 = crypto.load_pkcs12(p12buff, pwd)
        print("crypto_p12: ", crypto_p12)
        print("crypto_p12 privatekey  : ", crypto_p12.get_privatekey())

        # 用cryto可以导出私钥到pem,但目前不能导出到p12
        privatekey = crypto.dump_privatekey(crypto.FILETYPE_PEM,
                                            crypto_p12.get_privatekey())
        print("private pem :", privatekey)
        key = SigningKey.from_pem(privatekey)
        print("privkey : ", encode_hex(key.to_string()))
        ac2 = Account.from_key(encode_hex(key.to_string()))
        print("pubkey: ", ac2.publickey)
        print("address: ", ac2.address)
        f.close()
Beispiel #21
0
def main():
    with open('demo2_user1.p12', 'rb') as fp:
        p12 = pkcs12.load_key_and_certificates(fp.read(), b'1234',
                                               backends.default_backend())
    datau = open('smime-unsigned.txt', 'rb').read()
    datas = email.sign(datau, p12[0], p12[1], p12[2], 'sha256', attrs=False)
    open('smime-signed-noattr.txt', 'wb').write(datas)
Beispiel #22
0
    def test_plain_signed_noattr(self):
        with open(fixture('demo2_user1.p12'), 'rb') as fp:
            p12 = pkcs12.load_key_and_certificates(fp.read(), b'1234',
                                                   backends.default_backend())
        with open(fixture('plain-unsigned.txt'), 'rb') as fh:
            datau = fh.read()
        datas = plain.sign(datau,
                           p12[0],
                           p12[1],
                           p12[2],
                           'sha256',
                           attrs=False)
        fname = fixture('plain-signed-noattr.txt')
        with open(fname, 'wb') as fh:
            fh.write(datas)

        cmd = [
            'openssl',
            'smime',
            '-verify',
            '-CAfile',
            fixture('demo2_ca.crt.pem'),
            '-content',
            fixture('plain-unsigned.txt'),
            '-in',
            fname,
            '-inform',
            'der',
        ]
        process = Popen(cmd, stdout=PIPE, stderr=PIPE)
        stdout, stderr = process.communicate()
        assert stderr == b'Verification successful\n'
        assert datau == stdout
Beispiel #23
0
 def test_invalid_password(self, backend):
     with pytest.raises(ValueError):
         load_vectors_from_file(os.path.join("pkcs12",
                                             "cert-key-aes256cbc.p12"),
                                lambda derfile: load_key_and_certificates(
                                    derfile.read(), b"invalid", backend),
                                mode="rb")
Beispiel #24
0
def main():
    date = datetime.datetime.utcnow() - datetime.timedelta(hours=12)
    date = date.strftime("D:%Y%m%d%H%M%S+00'00'")
    dct = {
        "aligned": 0,
        "sigflags": 3,
        "sigflagsft": 132,
        "sigpage": 0,
        "sigbutton": True,
        "sigfield": "Signature1",
        "sigandcertify": True,
        "signaturebox": (470, 840, 570, 640),
        "signature": "Dokument podpisany cyfrowo ąćęłńóśżź",
        #        "signature_img": "signature_test.png",
        "contact": "*****@*****.**",
        "location": "Szczecin",
        "signingdate": date,
        "reason": "Dokument podpisany cyfrowo aą cć eę lł nń oó sś zż zź",
        "password": "******",
    }
    with open("demo2_user1.p12", "rb") as fp:
        p12 = pkcs12.load_key_and_certificates(fp.read(), b"1234",
                                               backends.default_backend())
    fname = "pdf.pdf"
    if len(sys.argv) > 1:
        fname = sys.argv[1]
    datau = open(fname, "rb").read()
    datas = cms.sign(datau, dct, p12[0], p12[1], p12[2], "sha256")
    fname = fname.replace(".pdf", "-signed-cms.pdf")
    with open(fname, "wb") as fp:
        fp.write(datau)
        fp.write(datas)
Beispiel #25
0
def main():
    date = datetime.datetime.utcnow() - datetime.timedelta(hours=12)
    date = date.strftime("D:%Y%m%d%H%M%S+00'00'")
    dct = {
        "sigflags": 3,
        'signature_img': 'sign.png',
        "sigbutton": True,
        "signaturebox": (470, 0, 570, 100),
        # "signature": "This Document is digitally signed.",
        #        "signature_img": "signature_test.png",
        "contact": "*****@*****.**",
        "location": "India",
        "signingdate": date,
        "reason": "This Document is digitally signed.",
        "password": "******",

        # b'sigpage': 0,
    }
    with open("Key.p12", "rb") as fp:
        p12 = pkcs12.load_key_and_certificates(fp.read(), b"Sky@76445",
                                               backends.default_backend())
    fname = "combine.pdf"
    if len(sys.argv) > 1:
        fname = sys.argv[1]
    datau = open(fname, "rb").read()
    datas = cms.sign(datau, dct, p12[0], p12[1], p12[2], "sha256")
    fname = 'combineupload.pdf'
    with open(fname, "wb") as fp:
        fp.write(datau)
        fp.write(datas)
Beispiel #26
0
def main():
    with open('demo2_user1.p12', 'rb') as fp:
        p12pk, p12pc, p12oc = pkcs12.load_key_and_certificates(
            fp.read(), b'1234', backends.default_backend())
    signature = p12pk.sign(b"message", padding.PKCS1v15(), hashes.SHA1())
    cert = cert2asn(p12pc)
    print('issuer', cert.issuer.native)
    print('subject', cert.subject.native)
Beispiel #27
0
    def set_sign_certificate(self, certificate, password):
        certificate_data = certificate.read()

        self._private_key, self._certificate, self._ca = load_key_and_certificates(
            certificate_data, password.encode(), backend=default_backend())

        self._cert_serial = self._certificate.serial_number
        self._issuer_name = self._certificate.issuer
Beispiel #28
0
 def from_string(cls, key_strings, key_id=None):
   del key_id
   key_string, password = (_helpers.to_bytes(k) for k in key_strings)
   from cryptography.hazmat.primitives.serialization import pkcs12  # pylint: disable=g-import-not-at-top
   from cryptography.hazmat import backends  # pylint: disable=g-import-not-at-top
   key, _, _ = pkcs12.load_key_and_certificates(
       key_string, password, backend=backends.default_backend())
   return cls(key)
Beispiel #29
0
 def test_generate_no_cert(self, backend):
     _, key = _load_ca(backend)
     p12 = serialize_key_and_certificates(None, key, None, None,
                                          serialization.NoEncryption())
     parsed_key, parsed_cert, parsed_more_certs = load_key_and_certificates(
         p12, None, backend)
     assert parsed_cert is None
     assert parsed_key.private_numbers() == key.private_numbers()
     assert parsed_more_certs == []
Beispiel #30
0
 def test_generate_cas_only(self, encryption_algorithm, password, backend):
     cert, _ = _load_ca(backend)
     p12 = serialize_key_and_certificates(None, None, None, [cert],
                                          encryption_algorithm)
     parsed_key, parsed_cert, parsed_more_certs = load_key_and_certificates(
         p12, password, backend)
     assert parsed_cert is None
     assert parsed_key is None
     assert parsed_more_certs == [cert]