def test_create_request(provider=None): req_params = { 'SubjectAltName': [('ediPartyName', '9876543210')], # req_params = {'SubjectAltName': [('ediPartyName', ('9876543210', 'asldkj'))], # req_params = {'SubjectAltName': [('directoryName', # [('2.5.4.6', 'R')])], 'KeyUsage': [ 'digitalSignature', 'nonRepudiation', 'keyEncipherment', 'dataEncipherment' ], 'CertificatePolicies': [('1.2.643.100.113.1', [])], 'Attributes': [ ('1.2.643.100.1', '1111111111111'), ('2.5.4.9', 'Лизюкова ул 3 3'), ('1.2.643.3.131.1.1', '000000000000'), ('2.5.4.6', 'R'), ('2.5.4.7', 'Воронеж'), ('2.5.4.8', '36 г. Воронеж'), ('2.5.4.10', 'тестБегемот'), ('2.5.4.3', 'тестБегемот'), ('2.5.4.4', 'Иванов'), # ('2.5.4.42', 'Иван Иванович'), ('2.5.4.42', 'Иван'), ('2.5.4.12', 'Гениальный директор'), ('1.2.643.100.3', '22222222222') ], 'EK': ['1.3.6.1.5.5.7.3.2', '1.3.6.1.5.5.7.3.4'], 'ValidFrom': datetime.now(), 'ValidTo': datetime.now() + timedelta(days=365), } req = cryptoapi.create_request(test_container, req_params, test_local, provider) assert req is not None and len(req)
def setup_package(): ''' Создание тестового ключевого контейнера и сертификата. ''' assert cryptoapi.gen_key(test_container, local=test_local) cs = csp.CertStore(None, b"MY") certs = list(cs.find_by_name(test_cn)) if not certs: if not os.path.isfile(test_cer_fn): req_params = dict( Attributes=[(CN, test_cn)], KeyUsage=[ 'dataEncipherment', 'nonRepudiation', 'keyEncipherment', 'digitalSignature' ], EKU=[ csp.szOID_PKIX_KP_EMAIL_PROTECTION, csp.szOID_PKIX_KP_CLIENT_AUTH ], # CertificatePolicies=[('1.2.643.100.113.1', []), # ('1.2.643.100.113.2', [])], ) request = cryptoapi.create_request(test_container, req_params, local=test_local) open(test_req_fn, 'wb').write(b64encode(request)) print(''' Creating certificate request in file '{req}'. Submit request to CA and save certificate in file '{cer}'. Then re-run tests. '''.format(req=test_req_fn, cer=test_cer_fn)) assert False else: cert = open(test_cer_fn, 'rb').read() cryptoapi.bind_cert_to_key(test_container, cert, local=test_local) os.remove(test_cer_fn)
def test_request_valid_time(): req_params = dict(Attributes=[(CN, test_cn)], ValidFrom=datetime.now(), ValidTo=datetime.now() + timedelta(days=30), KeyUsage=[ 'dataEncipherment', 'nonRepudiation', 'keyEncipherment', 'digitalSignature' ], EKU=[ csp.szOID_PKIX_KP_EMAIL_PROTECTION, csp.szOID_PKIX_KP_CLIENT_AUTH ]) request1 = cryptoapi.create_request(test_container, req_params, local=test_local) del req_params['ValidFrom'] del req_params['ValidTo'] request2 = cryptoapi.create_request(test_container, req_params, local=test_local) assert b"\x06\x0A\x2A\x85\x03\x02\x04\x01\x01\x01\x01\x02" in request1 assert b"\x06\x0A\x2A\x85\x03\x02\x04\x01\x01\x01\x01\x02" not in request2
def test_request_fields_encoding(): req_params = dict(Attributes=[(CN, test_cn), ('1.2.643.100.5', '111111111111111')], ValidFrom=datetime.now(), ValidTo=datetime.now() + timedelta(days=30), KeyUsage=[ 'dataEncipherment', 'nonRepudiation', 'keyEncipherment', 'digitalSignature' ], EKU=[ csp.szOID_PKIX_KP_EMAIL_PROTECTION, csp.szOID_PKIX_KP_CLIENT_AUTH ]) request = cryptoapi.create_request(test_container, req_params, local=test_local) assert b"\x30\x18\x06\x05\x2A\x85\x03\x64\x05\x12\x0F\x31\x31\x31\x31\x31\x31\x31\x31\x31\x31\x31\x31\x31\x31\x31" in request
def tease(s): for f in range(10): cs = csp.CertStore(None, "MY") lst = list(cs) print(len(lst)) del lst del cs for n in range(10): cc = csp.Cert(s) print(list(cc.eku())) del cc for n in range(100): cont = b'123456789abcdefj' ctx = csp.Crypt(cont, 75, 0) del ctx req = cryptoapi.create_request(cont, req_params) del req del cont
print('key generated:', cryptoapi.gen_key(cont)) # Запрос на серт req_params = dict(Attributes=[(CN, cont), (GN, 'Вася')], KeyUsage=['dataEncipherment', 'digitalSignature'], EKU=[csp.szOID_PKIX_KP_EMAIL_PROTECTION, csp.szOID_PKIX_KP_CLIENT_AUTH], CertificatePolicies=[('1.2.643.100.113.1', []), ('1.2.643.100.113.2', [])], RawExtensions=[], ValidFrom=datetime.utcnow(), SubjectAltName=[('directoryName', [('1.2.643.3.141.1.1', '123123456')])], ValidTo=datetime.now() + timedelta(days=31)) req = cryptoapi.create_request(cont, req_params) print('request data:', b64encode(req)) open('cer_test.req', 'wb').write(b64encode(req)) open('cer_test.der', 'wb').write(req) # Импорт серта из файла (требуется отправить запрос в УЦ и сохранить # полученный серт в файл 'cer_test.cer') certdata = open('cer_test.cer', 'rb').read() print(cryptoapi.cert_info(certdata)) thumb = cryptoapi.bind_cert_to_key(cont, certdata) print('bound cert thumb:', thumb) # Получение данных о сертификате cert = cryptoapi.get_certificate(thumb) print(len(cert)) print(cryptoapi.cert_info(cert))