Beispiel #1
0
    def generate_raw_signed_model(
            self,
            key_pair,
            add_self_sign=False,
            virgil_key_pair=None,
            extra_key_pair=None,
            previous_card_id=None
    ):
        create_time = 1515686245
        raw_card_content = RawCardContent(
            created_at=create_time,
            identity="test",
            public_key=key_pair.public_key,
            version="5.0",
            previous_card_id=previous_card_id
        )
        model = RawSignedModel(raw_card_content.content_snapshot)
        signer = ModelSigner(CardCrypto())

        if add_self_sign:
            signer.self_sign(model, key_pair.private_key)

        if virgil_key_pair:
            signer.sign(model, ModelSigner.VIRGIL_SIGNER, virgil_key_pair.private_key)

        if extra_key_pair:
            signer.sign(model, "extra", extra_key_pair.private_key)

        return model
Beispiel #2
0
 def test_self_sign_signature_snapshot_valid_signature(self):
     # STC-9
     self_key_pair = self._crypto.generate_keys()
     raw_signed_model = self._data_generator.generate_raw_signed_model(
         self_key_pair)
     signer = ModelSigner(CardCrypto())
     self.assertEqual(len(raw_signed_model.signatures), 0)
     signature_snapshot = os.urandom(32)
     signer.self_sign(raw_signed_model,
                      self_key_pair.private_key,
                      signature_snapshot=signature_snapshot)
     self_signature = raw_signed_model.signatures[0]
     self.assertEqual(self_signature.signer, ModelSigner.SELF_SIGNER)
     self.assertEqual(self_signature.snapshot, signature_snapshot)
Beispiel #3
0
 def test_extra_sign_valid_signature(self):
     self_key_pair = self._crypto.generate_keys()
     extra_key_pair = self._crypto.generate_keys()
     raw_signed_model = self._data_generator.generate_raw_signed_model(
         self_key_pair, add_self_sign=True)
     signer = ModelSigner(CardCrypto())
     self.assertEqual(len(raw_signed_model.signatures), 1)
     signer.sign(raw_signed_model, "test_id", extra_key_pair.private_key)
     self.assertEqual(len(raw_signed_model.signatures), 2)
     extra_signature = raw_signed_model.signatures[-1]
     self.assertEqual(extra_signature.signer, "test_id")
     self.assertTrue(
         self._crypto.verify(
             bytearray(Utils.b64_decode(raw_signed_model.content_snapshot)),
             extra_signature.signature, extra_key_pair.public_key))
Beispiel #4
0
 def test_self_sign_valid_signature(self):
     # STC-8
     self_key_pair = self._crypto.generate_keys()
     raw_signed_model = self._data_generator.generate_raw_signed_model(
         self_key_pair)
     signer = ModelSigner(CardCrypto())
     self.assertEqual(len(raw_signed_model.signatures), 0)
     signer.self_sign(raw_signed_model, self_key_pair.private_key)
     self.assertEqual(len(raw_signed_model.signatures), 1)
     self_signature = raw_signed_model.signatures[0]
     self.assertEqual(self_signature.signer, ModelSigner.SELF_SIGNER)
     self.assertEqual(self_signature.snapshot, None)
     self.assertTrue(
         self._crypto.verify(
             bytearray(Utils.b64_decode(raw_signed_model.content_snapshot)),
             self_signature.signature, self_key_pair.public_key))
Beispiel #5
0
 def test_second_self_sign_exception(self):
     # STC-8
     self_key_pair = self._crypto.generate_keys()
     raw_signed_model = self._data_generator.generate_raw_signed_model(
         self_key_pair, add_self_sign=True)
     signer = ModelSigner(CardCrypto())
     self.assertRaises(ValueError, signer.self_sign, raw_signed_model,
                       self_key_pair.private_key)
Beispiel #6
0
    def test_gets_card_with_different_id(self):
        class PositiveVerifier(object):
            def verify_card(self):
                return True

        class FakeCardClient(object):
            def __init__(self, raw_signed_model):
                self._raw_signed_model = raw_signed_model

            def get_card(self, card_id, access_token):
                return self._raw_signed_model, False

        validator = PositiveVerifier()
        key_pair = self._crypto.generate_keys()
        raw_card_content = RawCardContent(identity="test",
                                          public_key=key_pair.public_key,
                                          created_at=Utils.to_timestamp(
                                              datetime.datetime.now()),
                                          version="5.0")
        model = RawSignedModel(raw_card_content.content_snapshot)
        signer = ModelSigner(CardCrypto())
        signer.self_sign(model,
                         key_pair.private_key,
                         extra_fields={"info": "some_additional_info"})
        jwt_generator = JwtGenerator(config.VIRGIL_APP_ID,
                                     self._app_private_key,
                                     config.VIRGIL_API_KEY_ID,
                                     datetime.timedelta(minutes=10).seconds,
                                     AccessTokenSigner())
        identity = Utils.b64encode(os.urandom(20))
        token = jwt_generator.generate_token(identity)
        access_token_provider = self.EchoTokenProvider(token)
        card_id = self._data_generator.generate_app_id()
        manager = CardManager(
            card_crypto=CardCrypto(),
            access_token_provider=access_token_provider,
            card_verifier=validator,
        )
        manager.card_client = FakeCardClient(model)
        self.assertRaises(CardVerificationException, manager.get_card, card_id)