def test_get_certificate_cont_provider(): cert_by_thumb = cryptoapi.get_certificate(get_test_thumb(), cont=test_container, provider=test_provider) cert_by_name = cryptoapi.get_certificate(name=test_cn, cont=test_container, provider=test_provider) assert cert_by_thumb == cert_by_name
def test_bind_to_container(): cert = cryptoapi.get_certificate(get_test_thumb()) assert cert assert cryptoapi.bind_cert_to_key(test_container, cert, local=test_local, store=True) c = cryptoapi.get_certificate(cont=test_container) assert c == cert
def test_cert_info(): thumb = get_test_thumb() cert = cryptoapi.get_certificate(thumb) ci = cryptoapi.cert_info(cert) assert ci assert ci['Thumbprint'] == thumb assert ci.get('PublicKeyAlgorithm') assert ci.get('SignatureAlgorithm')
def test_signing(): thumb = get_test_thumb() cert = cryptoapi.get_certificate(thumb) signed_data = cryptoapi.sign(thumb, msg, True) assert signed_data signed_and_encrypted = cryptoapi.sign_and_encrypt(thumb, [cert], msg) assert signed_and_encrypted return signed_data
def test_encrypt_for_certs(): certs = [ open(case_path(x), 'rb').read() for x in ('res1.cer', 'res2.cer', 'res3.cer') ] our_cert = cryptoapi.get_certificate(name=test_cn) certs.append(our_cert) data = open(case_path('res.bin'), 'rb').read() res = cryptoapi.encrypt(certs, data) assert res
def test_encrypt_decrypt_cont_provider(): cert = cryptoapi.get_certificate(None, cont=test_container, provider=test_provider) certs = [cert] encrypted_data = cryptoapi.encrypt(certs, msg) assert encrypted_data decrypted_data = cryptoapi.decrypt(encrypted_data, None, cont=test_container, provider=test_provider) assert msg == decrypted_data
def test_block_encrypt_decrypt(): thumb = get_test_thumb() cert = cryptoapi.get_certificate(thumb) data = b'hello world' encryptedData, ephemData, sessionKeyData, ivData = cryptoapi.block_encrypt( cert, data) assert len(encryptedData) assert len(ephemData) assert len(sessionKeyData) assert len(ivData) open('encdata.bin', 'wb').write(encryptedData) decryptedData = cryptoapi.block_decrypt(test_container, encryptedData, ephemData, sessionKeyData, ivData) open('decdata.bin', 'wb').write(decryptedData) assert decryptedData[:len(data)] == data
def test_hash_sign_verify(): data = os.urandom(1024) bad_data = os.urandom(1024) thumb = get_test_thumb() cert = cryptoapi.get_certificate(thumb) length = 0 if test_cn.endswith(b'2012') else 2001 h = cryptoapi.SignedHash(thumb, data) sig = h.sign() good = cryptoapi.Hash(data, length=length) assert good.verify(cert, sig) bad = cryptoapi.Hash(bad_data, length=length) assert not bad.verify(cert, sig)
def _test_verifying(): thumb = get_test_thumb() cert = cryptoapi.get_certificate(thumb) cs = csp.CertStore(None, b'My') wrong_certs = list(x.extract() for x in cs if hexlify(x.thumbprint()) != thumb) sig = cryptoapi.sign(thumb, msg, False) assert sig assert cryptoapi.check_signature(cert, sig, msg) assert not cryptoapi.check_signature(cert, sig, msg[:-1]) assert cryptoapi.check_signature(None, sig, msg) assert not cryptoapi.check_signature(None, sig, msg[:-1]) if len(wrong_certs): assert not any( cryptoapi.check_signature(c, sig, msg) for c in wrong_certs) return sig
def test_hash_sign_verify_cont_provider(): data = os.urandom(1024) bad_data = os.urandom(1024) length = 0 if test_cn.endswith(b'2012') else 2001 h = cryptoapi.SignedHash(None, data, cont=test_container, provider=test_provider) sig = h.sign() cert = cryptoapi.get_certificate(None, cont=test_container, provider=test_provider) assert cert good = cryptoapi.Hash(data, length=length) assert good.verify(cert, sig) bad = cryptoapi.Hash(bad_data, length=length) assert not bad.verify(cert, sig)
def test_signing_cont_provider(): thumb = get_test_thumb() cert = cryptoapi.get_certificate(thumb, cont=test_container, provider=test_provider) signed_data = cryptoapi.sign(thumb, msg, True, cont=test_container, provider=test_provider) assert signed_data signed_and_encrypted = cryptoapi.sign_and_encrypt(thumb, [cert], msg, cont=test_container, provider=test_provider) assert signed_and_encrypted return signed_data
def test_encrypt_decrypt(): thumb = get_test_thumb() cert = cryptoapi.get_certificate(thumb) cs = csp.CertStore(None, b'My') certs = [] for x in ('res1.cer', ): certs.append(open(case_path(x), 'rb').read()) certs.append(cert) wrong_thumbs = list(t for t in (hexlify(c.thumbprint()) for c in cs) if t != thumb) encrypted_data = cryptoapi.encrypt(certs, msg) open('encrypted_data.bin', 'wb').write(encrypted_data) assert encrypted_data decrypted_data = cryptoapi.decrypt(encrypted_data, thumb) assert msg == decrypted_data bad_thumbs = [] for th in wrong_thumbs[:1]: try: cryptoapi.decrypt(encrypted_data, th) except Exception: bad_thumbs.append(th) assert bad_thumbs == wrong_thumbs[:1]
def test_cert_key_id(): thumb = get_test_thumb() cert = cryptoapi.get_certificate(thumb) si = cryptoapi.cert_subject_id(cert) assert si
def test_get_certificate(): cert_by_thumb = cryptoapi.get_certificate(get_test_thumb()) cert_by_name = cryptoapi.get_certificate(name=test_cn) assert cert_by_thumb == cert_by_name
[('1.2.643.3.141.1.1', '123123456')])], ValidTo=datetime.now() + timedelta(days=31)) req = cryptoapi.create_request(cont, req_params) print('request data:', b64encode(req)) open('cer_test.req', 'wb').write(b64encode(req)) open('cer_test.der', 'wb').write(req) # Импорт серта из файла (требуется отправить запрос в УЦ и сохранить # полученный серт в файл 'cer_test.cer') certdata = open('cer_test.cer', 'rb').read() print(cryptoapi.cert_info(certdata)) thumb = cryptoapi.bind_cert_to_key(cont, certdata) print('bound cert thumb:', thumb) # Получение данных о сертификате cert = cryptoapi.get_certificate(thumb) print(len(cert)) print(cryptoapi.cert_info(cert)) cert = b64decode(''' MIIFgzCCA2ugAwIBAgIJANaJNbHYaE1HMA0GCSqGSIb3DQEBBQUAMFgxCzAJBgNV BAYTAlJVMQ8wDQYDVQQIDAZNb3Njb3cxDzANBgNVBAcMBk1vc2NvdzEPMA0GA1UE CgwGTXlEZWFsMRYwFAYDVQQDDA1Nb3Njb3cgTXlEZWFsMB4XDTEzMDcxNjA3MTIx M1oXDTE0MDcxNjA3MTIxM1owWDELMAkGA1UEBhMCUlUxDzANBgNVBAgMBk1vc2Nv dzEPMA0GA1UEBwwGTW9zY293MQ8wDQYDVQQKDAZNeURlYWwxFjAUBgNVBAMMDU1v c2NvdyBNeURlYWwwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDEqx3b pbaAv5Uju7RlDJUwATH3ENmD5mh7rK/WCOdC42lM5Of95N9w9vmn8475NM2iIlu/ l+ZNJFNF2StNyhsY25b0k3T4RRgI3Q84fNCu7RVKTsjAQIAlsz7MjSMd8wcWbDjt 4oUIt4yosNkSy9QGqkZUuhGVlwznbS2uumRqNKsw7TmAEnkleQmOJ2/hE/O2EDw9 +ESyStFhP5EesT1T+phqn4j6WPkZX1enU5Fc5fkkPJ1Vo+aeTEoUuTdTnPJ2ubp3 4W4x7X+dDbqX4QHEQoOpREDR3SwXJif7+morqr/a4syNJp6R/EjaQOvdsxQE/WgA IHQvO7ycq+bS1usjHXZY4UeTvcaSmEEawiwda5suyZf+Ruzz8EWBWLOd3fAah2r0