def test_helpers_hcert_load_pem_hcert_dsc_with_unsupported_cert(self):
dsc = "-----BEGIN CERTIFICATE-----\nMIIBBDCBtwIUOcchiKGSdnTvMvPyRR41dCGs7LwwBQYDK2VwMCUxCzAJBgNVBAYTAkpQMRYwFAYDVQQDDA1oY2VydC5leGFtcGxlMB4XDTIxMDcwNTEzMTM1OVoXDTMxMDcwMzEzMTM1OVowJTELMAkGA1UEBhMCSlAxFjAUBgNVBAMMDWhjZXJ0LmV4YW1wbGUwKjAFBgMrZXADIQCF3lYyJUSPHn4Hauiri7/5Jqg807DnrBQk5p0B7Gm/rjAFBgMrZXADQQCWMCmiIWFhfIVw1nZwUZrzeFUps0WOU74WCFKHcxhIHtjr6cJqxdUqjf+wORxUqdqLT3xKrYcWZjqSEYHruJkP\n-----END CERTIFICATE-----"
with pytest.raises(ValueError) as err:
load_pem_hcert_dsc(dsc)
pytest.fail("load_pem_hcert_dsc() should fail.")
assert (
"Unsupported or unknown key type: <class 'cryptography.hazmat.backends.openssl.ed25519._Ed25519PublicKey'>."
in str(err.value))
def test_sample_hcert_testdata_AT_2DCode_raw_1_with_cert_file(self):
eudcc = bytes.fromhex(
"d2844da20448d919375fc1e7b6b20126a0590133a4041a61817ca0061a60942ea001624154390103a101a4617681aa62646e01626d616d4f52472d3130303033303231356276706a313131393334393030376264746a323032312d30322d313862636f624154626369783155524e3a555643493a30313a41543a31303830373834334639344145453045453530393346424332353442443831332342626d706c45552f312f32302f31353238626973781b4d696e6973747279206f66204865616c74682c20417573747269616273640262746769383430353339303036636e616da463666e74754d5553544552465241553c474f455353494e47455262666e754d7573746572667261752d47c3b6c39f696e67657263676e74684741425249454c4562676e684761627269656c656376657265312e302e3063646f626a313939382d30322d323658405812fce67cb84c3911d78e3f61f890d0c80eb9675806aebed66aa2d0d0c91d1fc98d7bcb80bf00e181806a9502e11b071325901bd0d2c1b6438747b8cc50f521"
)
with open(key_path("hcert_testdata_cert_at.pem")) as key_file:
dsc = key_file.read()
public_key = load_pem_hcert_dsc(dsc)
decoded = cwt.decode(eudcc, keys=[public_key], no_verify=True)
claims = Claims.new(decoded)
assert 1 in claims.hcert
assert isinstance(claims.hcert[1], dict)
assert "v" in claims.hcert[1]
assert "nam" in claims.hcert[1]
assert "dob" in claims.hcert[1]
assert "ver" in claims.hcert[1]
assert isinstance(claims.hcert[1]["v"], list)
assert len(claims.hcert[1]["v"]) == 1
assert isinstance(claims.hcert[1]["v"][0], dict)
assert isinstance(claims.hcert[1]["nam"], dict)
assert "fnt" in claims.hcert[1]["nam"]
assert claims.hcert[1]["nam"]["fnt"] == "MUSTERFRAU<GOESSINGER"
assert claims.hcert[1]["dob"] == "1998-02-26"
assert claims.hcert[1]["ver"] == "1.0.0"
def test_sample_hcert_testdata_AT_2DCode_raw_1(self):
# A DSC(Document Signing Certificate) issued by a CSCA (Certificate Signing Certificate Authority).
dsc = "-----BEGIN CERTIFICATE-----\nMIIBvTCCAWOgAwIBAgIKAXk8i88OleLsuTAKBggqhkjOPQQDAjA2MRYwFAYDVQQDDA1BVCBER0MgQ1NDQSAxMQswCQYDVQQGEwJBVDEPMA0GA1UECgwGQk1TR1BLMB4XDTIxMDUwNTEyNDEwNloXDTIzMDUwNTEyNDEwNlowPTERMA8GA1UEAwwIQVQgRFNDIDExCzAJBgNVBAYTAkFUMQ8wDQYDVQQKDAZCTVNHUEsxCjAIBgNVBAUTATEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASt1Vz1rRuW1HqObUE9MDe7RzIk1gq4XW5GTyHuHTj5cFEn2Rge37+hINfCZZcozpwQKdyaporPUP1TE7UWl0F3o1IwUDAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0OBBYEFO49y1ISb6cvXshLcp8UUp9VoGLQMB8GA1UdIwQYMBaAFP7JKEOflGEvef2iMdtopsetwGGeMAoGCCqGSM49BAMCA0gAMEUCIQDG2opotWG8tJXN84ZZqT6wUBz9KF8D+z9NukYvnUEQ3QIgdBLFSTSiDt0UJaDF6St2bkUQuVHW6fQbONd731/M4nc=\n-----END CERTIFICATE-----"
# An EUDCC (EU Digital COVID Certificate)
eudcc = bytes.fromhex(
"d2844da20448d919375fc1e7b6b20126a0590133a4041a61817ca0061a60942ea001624154390103a101a4617681aa62646e01626d616d4f52472d3130303033303231356276706a313131393334393030376264746a323032312d30322d313862636f624154626369783155524e3a555643493a30313a41543a31303830373834334639344145453045453530393346424332353442443831332342626d706c45552f312f32302f31353238626973781b4d696e6973747279206f66204865616c74682c20417573747269616273640262746769383430353339303036636e616da463666e74754d5553544552465241553c474f455353494e47455262666e754d7573746572667261752d47c3b6c39f696e67657263676e74684741425249454c4562676e684761627269656c656376657265312e302e3063646f626a313939382d30322d323658405812fce67cb84c3911d78e3f61f890d0c80eb9675806aebed66aa2d0d0c91d1fc98d7bcb80bf00e181806a9502e11b071325901bd0d2c1b6438747b8cc50f521"
)
public_key = load_pem_hcert_dsc(dsc)
decoded = cwt.decode(eudcc, keys=[public_key], no_verify=True)
claims = Claims.new(decoded)
assert 1 in claims.hcert
assert isinstance(claims.hcert[1], dict)
assert "v" in claims.hcert[1]
assert "nam" in claims.hcert[1]
assert "dob" in claims.hcert[1]
assert "ver" in claims.hcert[1]
assert isinstance(claims.hcert[1]["v"], list)
assert len(claims.hcert[1]["v"]) == 1
assert isinstance(claims.hcert[1]["v"][0], dict)
assert isinstance(claims.hcert[1]["nam"], dict)
assert "fnt" in claims.hcert[1]["nam"]
assert claims.hcert[1]["nam"]["fnt"] == "MUSTERFRAU<GOESSINGER"
assert claims.hcert[1]["dob"] == "1998-02-26"
assert claims.hcert[1]["ver"] == "1.0.0"
def refresh_trustlist(self):
status = 200
headers = None
# Get new DSCs
x_resume_token = self._trustlist[
len(self._trustlist) -
1]["x_resume_token"] if self._trustlist else ""
while status == 200:
if x_resume_token:
headers = {"X-RESUME-TOKEN": x_resume_token}
r = requests.get(self._base_url + "/signercertificateUpdate",
headers=headers)
status = r.status_code
if status == 204:
break
if status != 200:
raise Exception(
f"Received {status} from signercertificateUpdate")
x_resume_token = r.headers["X-RESUME-TOKEN"]
self._trustlist.append({
"x_kid": r.headers["X-KID"],
"x_resume_token": x_resume_token,
"dsc": r.text,
})
# Filter expired/revoked DSCs
r = requests.get(self._base_url + "/signercertificateStatus")
if r.status_code != 200:
raise Exception(
f"Received {r.status_code} from signercertificateStatus")
active_kids = r.json()
self._dscs = []
for v in self._trustlist:
if v["x_kid"] not in active_kids:
continue
dsc = f"-----BEGIN CERTIFICATE-----\n{v['dsc']}\n-----END CERTIFICATE-----"
self._dscs.append(load_pem_hcert_dsc(dsc))
# Update trustlist store.
with open(self._trustlist_store_path, "w") as f:
json.dump(
[v for v in self._trustlist if v["x_kid"] in active_kids],
f,
indent=4)
return
def test_helpers_hcert_load_pem_hcert_dsc_es256(self):
dsc = "-----BEGIN CERTIFICATE-----\nMIIBvTCCAWOgAwIBAgIKAXk8i88OleLsuTAKBggqhkjOPQQDAjA2MRYwFAYDVQQDDA1BVCBER0MgQ1NDQSAxMQswCQYDVQQGEwJBVDEPMA0GA1UECgwGQk1TR1BLMB4XDTIxMDUwNTEyNDEwNloXDTIzMDUwNTEyNDEwNlowPTERMA8GA1UEAwwIQVQgRFNDIDExCzAJBgNVBAYTAkFUMQ8wDQYDVQQKDAZCTVNHUEsxCjAIBgNVBAUTATEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASt1Vz1rRuW1HqObUE9MDe7RzIk1gq4XW5GTyHuHTj5cFEn2Rge37+hINfCZZcozpwQKdyaporPUP1TE7UWl0F3o1IwUDAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0OBBYEFO49y1ISb6cvXshLcp8UUp9VoGLQMB8GA1UdIwQYMBaAFP7JKEOflGEvef2iMdtopsetwGGeMAoGCCqGSM49BAMCA0gAMEUCIQDG2opotWG8tJXN84ZZqT6wUBz9KF8D+z9NukYvnUEQ3QIgdBLFSTSiDt0UJaDF6St2bkUQuVHW6fQbONd731/M4nc=\n-----END CERTIFICATE-----"
public_key = load_pem_hcert_dsc(dsc)
assert public_key.alg == -7
def test_helpers_hcert_load_pem_hcert_dsc_with_invalid_cert(self):
dsc = "xxx"
with pytest.raises(ValueError) as err:
load_pem_hcert_dsc(dsc)
pytest.fail("load_pem_hcert_dsc() should fail.")
assert "Invalid PEM data." in str(err.value)
def test_helpers_hcert_load_pem_hcert_dsc_ps256_with_bytes(self):
dsc = b"-----BEGIN CERTIFICATE-----\nMIIEFzCCAf8CAhI8MA0GCSqGSIb3DQEBBAUAMIGDMQswCQYDVQQGEwJYWDEaMBgGA1UECAwRRXVyb3BlYW4gQ29tbWlzb24xETAPBgNVBAcMCEJydXNzZWxzMQ4wDAYDVQQKDAVESUdJVDEUMBIGA1UECwwLUGVuIFRlc3RpbmcxHzAdBgNVBAMMFlBlbiBUZXN0ZXJzIEFDQyAoQ1NDQSkwHhcNMjEwNTA3MTM0MTE0WhcNMjIwNTA3MTM0MTE0WjAeMQswCQYDVQQGEwJYWDEPMA0GA1UEAwwGUm9iZXJ0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqrScBZXVoF4+UcbE8+eRVMsDjvdA9CvxE+f077zYJ6/xaVzNooafTvWI/QHCxNKT8diNoo1uylhvbvCY1sWsjPwCFkTJE49LGm5IetPRHX9zKTsd+fyMj2+yQxx3tkj6d9jO6hmozJhjxSMGvV0IyXIv3fsXHH3kOHpT43mf9MxFBYua4Qxci0RgGYCIJSwZk9jiHRKAFFiDf5hMcqmcezzcMDJc17FhJ7TenqbtzVfr3L9yzZLURqDylVeOit/w5PGyN+KhJRGjPqReqreaFGQsviy3VVf0wKfKMOovHobj7+DYBpyXFuUKE6u0P+3NQfnwwzt6bxLasHwhSmwCCwIDAQABMA0GCSqGSIb3DQEBBAUAA4ICAQBiKvNcpS9aVn58UbUgRLNgOkjhzd5qby/s0bV1XHT7te7rmfoPeB1wypP4XMt6Sfz1hiQcBGTnpbox4/HPkHHGgpJ5RFdFeCUYj4oqIB+MWOqpnQxKIu2f4a2TqgoW2zdvxk9eO9kdoTbxU4xQn/Y6/Wovw29B9nCiMRwa39ZGScDRMQMTbesd/6lJYtSZyjNls2Guxv4kCy3ekFktXQzsUXIrm+Yvhe68+dPgKe26S1xLNRt3kAR30HM5kB3vM8jTGiqubOe6W6YfcX4XoVfmwVfttk2BLPl0u/SXt/SsRHWuYzJ48AUXkK6vd3HR5FG39YSvEZ1Tlf9GRmR2uXO/TnnZiGd+cyjLgAPGtjg1oq0MdzlIFsoFe9cN/XVGjkmRYZ7FzdiSn6IQWUyyoGmFN5B7Q6ZdBMAb58Z3jcTwzmkkHZlfqpUSoK+Hpah515SgjwfY5s9g8vEqefWVmLlYGAiDkfaTYUie53wCXBC+xBJBL7VJnaxqmTKWwM5cRx5uZyOUs6ZQT7CKD1SDk1+C7PAevGKNFTatFn4puITVgQ0NFiIf7ZKOy1w8Zf5aVk0vP3gfOg3SK38RgD81iLTPWr07XTfMZBTaTUr+ph6hxtwSIhHVFsF6n8adl5RynuYDfCCts5E9mOGLqC7ruMKRoOIBOPEwGS5/wIhMO7UEgQ==\n-----END CERTIFICATE-----"
public_key = load_pem_hcert_dsc(dsc)
assert public_key.alg == -37
