def makeCACert(issuer, subject, intermediate):
perm = spki.eval(sexp.parseText('(* set CATrusted)'))
c = spki.makeCert(issuer.getPrincipal(), subject.getPrincipal(),
spki.Tag(perm), intermediate)
sig = issuer.sign(c)
seq = spki.Sequence(c, sig, issuer.getPublicKey())
return seq
def parseHash(self, hashstr):
"""Create a hash object from user-supplied input"""
if hashstr[0] == '(':
hash = sexp.parseText(hashstr)
if not isinstance(hash, spki.Hash):
raise ValueError, "invalid hash object: %s" % hash
else:
digest = sexp.b64_to_str(hashstr)
hash = spki.Hash('md5', digest)
return hash
def test_spkilib():
"""Test based on spki examples draft
The base64 encoded s-expressions form the draft are include in
test/sexps.
"""
from pisces.spkilib import sexp
chunks = []
chunk = []
for line in fileinput.input('test/sexps'):
if line.strip():
chunk.append(line)
else:
chunks.append("\n".join(chunk))
chunk = []
chunks.append("\n".join(chunk))
consts = eval(open("test/sexps.py").read())
assert len(consts) == len(chunks), \
"pisces.spkilib: error loading spkilib tests"
for i in range(len(consts)):
chunk = chunks[i]
const = consts[i]
sx1 = sexp.parse(chunk)
sx2 = sexp.construct_seq(_cleanup(const))
assert sx1 == sx2, \
"pisces.spkilib: #%d: parsed s-exp differs " \
"from constructed s-exp" % i
enc1 = sx1.encode_canonical()
enc2 = sx1.encode_base64()
sx11 = sexp.parse(enc1)
sx12 = sexp.parse(enc2)
assert sx11 == sx12, "pisces.spkilib: s-exp parsing failed"
assert sx11 == sx1, "pisces.spkilib: s-exp parsing failed"
buf = str(sx1)
if '\n' in buf:
continue # parseText doesn't handle multi-line base64 data
sx3 = sexp.parseText(buf)
assert sx1 == sx3, "pisces.spkilib: parseText failed"
def test_getCertSubjectHash(ks):
keystore = ks[0]
defaultKey = ks[1][0]
otherKey = ks[1][1]
cert = makeNameCert(defaultKey[1], otherKey[0], 'Alice')
keystore.addCert(cert)
name = spki.FullyQualifiedName(defaultKey[1].getPrincipal, ['Alice'])
perm = spki.Tag(spki.eval(sexp.parseText('(*)')))
c = spki.makeCert(ks[1][2][0].getPrincipal(), name, perm)
sig = ks[1][2][1].sign(c)
otherCert = spki.Sequence(c, sig)
res = getCertSubjectHash(cert, keystore)
assert res == otherKey[0].getPrincipal()
res = getCertSubjectHash(otherCert, keystore)
assert res == otherKey[0].getPrincipal()
with pytest.raises(ValueError):
getCertSubjectHash(otherCert, InMemKeyStore())
def initACL(acl, keystore):
key = keystore.getDefaultKey()
perm = spki.eval(sexp.parseText('(*)'))
c = spki.makeAclEntry(key, [], 1, perm)
acl.add(c)
def parseText(s):
return eval(sexp.parseText(s))
