Ejemplo n.º 1
0
def test_parse_raw_corrupted_certificate():
    chain_bytes = read_bytes('corrupted')
    key_bytes = read_bytes('1-key.der')

    with pytest.raises(ParseCertificateError) as exception:
        X509Svid.parse_raw(chain_bytes, key_bytes)

    assert str(exception.value) == 'Unable to parse DER X.509 certificate.'
Ejemplo n.º 2
0
def test_parse_raw_corrupted_private_key():
    chain_bytes = read_bytes('1-chain.der')
    key_bytes = read_bytes('corrupted')

    with pytest.raises(ParsePrivateKeyError) as exception:
        X509Svid.parse_raw(chain_bytes, key_bytes)

    assert str(exception.value) == (
        'Error parsing private key: Could not deserialize key data. The data may be in an incorrect format '
        'or it may be encrypted with an unsupported algorithm.')
Ejemplo n.º 3
0
def test_parse_raw_missing_certificate():
    chain_bytes = read_bytes('1-key.der')
    key_bytes = read_bytes('1-key.der')

    with pytest.raises(ParseCertificateError) as exception:
        X509Svid.parse_raw(chain_bytes, key_bytes)

    assert (str(
        exception.value
    ) == 'Error parsing certificate: Unable to parse DER X.509 certificate.')
Ejemplo n.º 4
0
def test_get_chain_returns_a_copy():
    chain_bytes = read_bytes('1-chain.der')
    key_bytes = read_bytes('1-key.der')

    x509_svid = X509Svid.parse_raw(chain_bytes, key_bytes)

    assert x509_svid.cert_chain() is not x509_svid._cert_chain
Ejemplo n.º 5
0
 def _create_x509_svid(svid: workload_pb2.X509SVID) -> X509Svid:
     cert = svid.x509_svid
     key = svid.x509_svid_key
     try:
         return X509Svid.parse_raw(cert, key)
     except Exception as e:
         raise FetchX509SvidError(str(e))
Ejemplo n.º 6
0
def test_parse_raw_chain_and_ec_key():
    chain_bytes = read_bytes('1-chain.der')
    key_bytes = read_bytes('1-key.der')

    x509_svid = X509Svid.parse_raw(chain_bytes, key_bytes)

    expected_spiffe_id = SpiffeId.parse('spiffe://example.org/service')
    assert x509_svid.spiffe_id() == expected_spiffe_id
    assert len(x509_svid.cert_chain()) == 2
    assert isinstance(x509_svid.leaf(), Certificate)
    assert isinstance(x509_svid.private_key(), ec.EllipticCurvePrivateKey)
    assert _extract_spiffe_id(x509_svid.leaf()) == expected_spiffe_id
Ejemplo n.º 7
0
import pytest

from pyspiffe.bundle.x509_bundle.x509_bundle_set import X509BundleSet
from pyspiffe.exceptions import ArgumentError
from pyspiffe.svid.x509_svid import X509Svid
from pyspiffe.workloadapi.x509_context import X509Context
from test.utils.utils import read_file_bytes

_TEST_CERTS_PATH = 'test/svid/x509svid/certs/{}'
_CHAIN = read_file_bytes(_TEST_CERTS_PATH.format('1-chain.der'))
_KEY = read_file_bytes(_TEST_CERTS_PATH.format('1-key.der'))
_SVID1 = X509Svid.parse_raw(_CHAIN, _KEY)
_SVID2 = X509Svid.parse_raw(_CHAIN, _KEY)
_BUNDLE_SET = X509BundleSet()


def test_default_svid():
    svids = [_SVID1, _SVID2]
    x509_context = X509Context(svids, _BUNDLE_SET)
    assert x509_context.default_svid() == _SVID1


def test_x509_bundle_set():
    svids = [_SVID1, _SVID2]
    x509_context = X509Context(svids, _BUNDLE_SET)
    assert x509_context.x509_bundle_set() == _BUNDLE_SET


def test_default_svid_emtpy_list():
    with pytest.raises(ArgumentError) as err:
        X509Context([], _BUNDLE_SET)
Ejemplo n.º 8
0
 def _create_x509_svid(svid: workload_pb2.X509SVID) -> X509Svid:
     cert = svid.x509_svid
     key = svid.x509_svid_key
     return X509Svid.parse_raw(cert, key)