def test_load_decryption_key_pkcs1_4096bits_pem(self): key_path = resource_path("keys/test_key_pkcs1-4096.pem") key = to_test.load_decryption_key(key_path) self.assertIsNotNone(key) self.assertIsInstance(key, RSA.RsaKey, "Must be RSA key") self.assertEqual(self._pkcs1_4096, self.__strip_key(key), "Decryption key does not match")
def test_load_decryption_key_pkcs8_der(self): key_path = resource_path("keys/test_key_pkcs8-2048.der") key = to_test.load_decryption_key(key_path) self.assertIsNotNone(key) self.assertIsInstance(key, RSA.RsaKey, "Must be RSA key") self.assertEqual(self._pkcs8_2048, self.__strip_key(key), "Decryption key does not match")
def test_load_decryption_key_pkcs12(self): key_path = resource_path("keys/test_key.p12") key_password = "******" p12_key = to_test.load_decryption_key(key_path, key_password) self.assertIsNotNone(p12_key) self.assertIsInstance(p12_key, RSA.RsaKey, "Must be RSA key") self.assertEqual(self._pkcs12, self.__strip_key(p12_key), "Decryption key does not match")
def __init__(self, conf): if type(conf) is str: json_config = json.loads(conf) elif type(conf) is dict: json_config = conf else: raise ValueError( "Invalid configuration format. Must be valid json string or dict." ) if not json_config["paths"]: raise KeyError( "Invalid configuration. Must provide at least one service path." ) self._paths = dict() for path, opt in json_config["paths"].items(): self._paths[path] = EncryptionPathConfig(opt) if "encryptionCertificate" in json_config: x509_cert = load_encryption_certificate( json_config["encryptionCertificate"]) self._encryption_certificate = dump_certificate( FILETYPE_ASN1, x509_cert) self._encryption_key_fingerprint = \ json_config.get("encryptionKeyFingerprint", self.__compute_fingerprint( dump_publickey(FILETYPE_ASN1, x509_cert.get_pubkey()))) self._encryption_certificate_fingerprint = \ json_config.get("encryptionCertificateFingerprint", self.__compute_fingerprint(self._encryption_certificate)) else: self._encryption_certificate = None self._encryption_key_fingerprint = None self._encryption_certificate_fingerprint = None if "decryptionKey" in json_config: decryption_key_password = json_config.get("decryptionKeyPassword", None) self._decryption_key = load_decryption_key( json_config["decryptionKey"], decryption_key_password) else: self._decryption_key = None self._oaep_padding_digest_algorithm = validate_hash_algorithm( json_config["oaepPaddingDigestAlgorithm"]) data_enc = Encoding(json_config["dataEncoding"].upper()) self._data_encoding = data_enc self._iv_field_name = json_config["ivFieldName"] self._encrypted_key_field_name = json_config["encryptedKeyFieldName"] self._encrypted_value_field_name = json_config[ "encryptedValueFieldName"] self._encryption_certificate_fingerprint_field_name =\ json_config.get("encryptionCertificateFingerprintFieldName", None) self._encryption_key_fingerprint_field_name =\ json_config.get("encryptionKeyFingerprintFieldName", None) self._oaep_padding_digest_algorithm_field_name =\ json_config.get("oaepPaddingDigestAlgorithmFieldName", None) self._use_http_headers = json_config.get("useHttpHeaders", False)