def test_generate_ecc_signing_key_unsupported(patch_default_backend, patch_ec, patch_verify_interface):
patch_verify_interface.side_effect = InterfaceNotImplemented
mock_algorithm_info = MagicMock(return_value=sentinel.algorithm_info)
mock_algorithm = MagicMock(signing_algorithm_info=mock_algorithm_info)
with pytest.raises(NotSupportedError) as excinfo:
generate_ecc_signing_key(algorithm=mock_algorithm)
excinfo.match(r'Unsupported signing algorithm info')
assert not patch_ec.generate_private_key.called
assert not patch_default_backend.called
def test_generate_ecc_signing_key_supported(patch_default_backend, patch_ec, patch_verify_interface):
patch_ec.generate_private_key.return_value = sentinel.raw_signing_key
mock_algorithm_info = MagicMock(return_value=sentinel.algorithm_info)
mock_algorithm = MagicMock(signing_algorithm_info=mock_algorithm_info)
test_signing_key = generate_ecc_signing_key(algorithm=mock_algorithm)
patch_verify_interface.assert_called_once_with(patch_ec.EllipticCurve, mock_algorithm_info)
patch_ec.generate_private_key.assert_called_once_with(
curve=sentinel.algorithm_info, backend=patch_default_backend.return_value
)
assert test_signing_key is sentinel.raw_signing_key
def _generate_signing_key_and_update_encryption_context(
self, algorithm, encryption_context):
"""Generates a signing key based on the provided algorithm.
:param algorithm: Algorithm for which to generate signing key
:type algorithm: aws_encryption_sdk.identifiers.Algorithm
:param dict encryption_context: Encryption context from request
:returns: Signing key bytes
:rtype: bytes or None
"""
_LOGGER.debug("Generating signing key")
if algorithm.signing_algorithm_info is None:
return None
signer = Signer(algorithm=algorithm,
key=generate_ecc_signing_key(algorithm=algorithm))
encryption_context[ENCODED_SIGNER_KEY] = to_str(
signer.encoded_public_key())
return signer.key_bytes()