def test_load_private_key_from_buffer(mock_file_name, expected_fingerprint):
rsa_path = pathlib.Path(__file__).parent / 'mocks' / mock_file_name
pk = PrivateKey.from_buffer(rsa_path.read_text())
public_key_content = pk.get_public_key().split()[1]
key_bytes = base64.b64decode(public_key_content)
fingerprint = hashlib.md5(key_bytes).hexdigest()
assert fingerprint == expected_fingerprint
def test_create(self):
private_key = PrivateKey.from_pem(self.unencrypted_pem.content)
csr = Certificate.create_certificate_signing_request(private_key)
csr_content = Certificate.get_certificate_signing_request_content(csr)
certificate = self.api_client.signing_certificates.create(CertificateType.IOS_DEVELOPMENT, csr_content)
assert isinstance(certificate, SigningCertificate)
assert certificate.attributes.displayName == 'Created via API'
assert certificate.type is ResourceType.CERTIFICATES
def test_p12_to_certificate(mock_certificate_p12):
p12_bytes = mock_certificate_p12.read_bytes()
certificate = Certificate.from_p12(p12_bytes, '123456')
assert certificate.is_signed_with(PrivateKey.from_pem(private_key))
assert certificate.as_pem() == certificate_pem
assert certificate.serial == 17878171000481113533
assert certificate.issuer == {'C': 'UK', 'L': 'London', 'O': 'Nevercode'}
def _get_certificate_key(
certificate_key: Optional[Types.CertificateKeyArgument] = None,
certificate_key_password: Optional[Types.CertificateKeyPasswordArgument] = None) -> Optional[PrivateKey]:
password = certificate_key_password.value if certificate_key_password else None
if certificate_key is not None:
try:
return PrivateKey.from_buffer(certificate_key.value, password)
except ValueError:
CertificateArgument.PRIVATE_KEY.raise_argument_error('Not a valid certificate private key')
return None
def test_pem_to_rsa_with_unencrypted_key_wrong_password(unencrypted_pem):
pk = PrivateKey.from_pem(unencrypted_pem.content, b'wrong password')
# Unencrypted keys can be opened with any password
assert pk.rsa_key.key_size == unencrypted_pem.key_size
def test_pem_to_rsa_with_encrypted_key_wrong_password(encrypted_pem):
with pytest.raises(ValueError) as exception_info:
PrivateKey.from_pem(encrypted_pem.content, b'wrong password')
error = exception_info.value
assert str(error) == 'Invalid private key passphrase'
def test_private_key_invalid_key(pem):
with pytest.raises(ValueError) as exception_info:
PrivateKey.from_pem(pem.content + b'not a good suffix', pem.password)
error = exception_info.value
assert str(error) == 'Invalid private key PEM content'
def test_get_public_key(pem):
pk = PrivateKey.from_pem(pem.content, pem.password)
assert pem.public_key == pk.get_public_key()
def test_certificate_does_not_have_key(certificate_asn1, encrypted_pem):
pk = PrivateKey.from_pem(encrypted_pem.content, encrypted_pem.password)
certificate = Certificate.from_ans1(certificate_asn1)
assert certificate.is_signed_with(pk) is False
def test_certificate_has_key(certificate_asn1, unencrypted_pem):
pk = PrivateKey.from_pem(unencrypted_pem.content)
certificate = Certificate.from_ans1(certificate_asn1)
assert certificate.is_signed_with(pk) is True
def test_create_certificate_signing_request(unencrypted_pem):
pk = PrivateKey.from_pem(unencrypted_pem.content)
csr = Certificate.create_certificate_signing_request(pk)
assert csr.signature_hash_algorithm.name == 'sha256'
assert csr.is_signature_valid is True
assert csr.public_bytes(serialization.Encoding.PEM) == public_bytes