def test_generate_and_write_ed25519_keypair(self):
# Test normal case.
temporary_directory = tempfile.mkdtemp(dir=self.temporary_directory)
test_keypath = os.path.join(temporary_directory, 'ecdsa_key')
interface.generate_and_write_ecdsa_keypair(test_keypath, password='******')
self.assertTrue(os.path.exists(test_keypath))
self.assertTrue(os.path.exists(test_keypath + '.pub'))
# Ensure the generated key files are importable.
imported_pubkey = \
interface.import_ecdsa_publickey_from_file(test_keypath + '.pub')
self.assertTrue(securesystemslib.formats.ECDSAKEY_SCHEMA.matches(imported_pubkey))
imported_privkey = \
interface.import_ecdsa_privatekey_from_file(test_keypath, 'pw')
self.assertTrue(securesystemslib.formats.ECDSAKEY_SCHEMA.matches(imported_privkey))
# Test improperly formatted arguments.
self.assertRaises(securesystemslib.exceptions.FormatError,
interface.generate_and_write_ecdsa_keypair, 3, password='******')
self.assertRaises(securesystemslib.exceptions.FormatError,
interface.generate_and_write_ecdsa_keypair, test_keypath, password=3)
def test_import_ecdsa_privatekey_from_file(self):
# Test normal case.
# Generate ecdsa keys that can be imported.
temporary_directory = tempfile.mkdtemp(dir=self.temporary_directory)
ecdsa_keypath = os.path.join(temporary_directory, 'ecdsa_key')
interface.generate_and_write_ecdsa_keypair(ecdsa_keypath, password='******')
imported_ecdsa_key = \
interface.import_ecdsa_privatekey_from_file(ecdsa_keypath, 'pw')
self.assertTrue(securesystemslib.formats.ECDSAKEY_SCHEMA.matches(imported_ecdsa_key))
# Test improperly formatted argument.
self.assertRaises(securesystemslib.exceptions.FormatError,
interface.import_ecdsa_privatekey_from_file, 3, 'pw')
# Test invalid argument.
# Non-existent key file.
nonexistent_keypath = os.path.join(temporary_directory, 'nonexistent_keypath')
self.assertRaises(IOError, interface.import_ecdsa_privatekey_from_file,
nonexistent_keypath, 'pw')
# Invalid key file argument.
invalid_keyfile = os.path.join(temporary_directory, 'invalid_keyfile')
with open(invalid_keyfile, 'wb') as file_object:
file_object.write(b'bad keyfile')
self.assertRaises(securesystemslib.exceptions.Error,
interface.import_ecdsa_privatekey_from_file, invalid_keyfile, 'pw')
# Invalid private key imported (contains unexpected keytype.)
imported_ecdsa_key['keytype'] = 'invalid_keytype'
# Use 'pyca_crypto_keys.py' to bypass the key format validation performed
# by 'keys.py'.
salt, iterations, derived_key = \
securesystemslib.pyca_crypto_keys._generate_derived_key('pw')
# Store the derived key info in a dictionary, the object expected
# by the non-public _encrypt() routine.
derived_key_information = {'salt': salt, 'iterations': iterations,
'derived_key': derived_key}
# Convert the key object to json string format and encrypt it with the
# derived key.
encrypted_key = \
securesystemslib.pyca_crypto_keys._encrypt(json.dumps(imported_ecdsa_key),
derived_key_information)
with open(ecdsa_keypath, 'wb') as file_object:
file_object.write(encrypted_key.encode('utf-8'))
self.assertRaises(securesystemslib.exceptions.FormatError,
interface.import_ecdsa_privatekey_from_file, ecdsa_keypath, 'pw')
def test_import_ecdsa_publickey_from_file(self):
# Test normal case.
# Generate ecdsa keys that can be imported.
temporary_directory = tempfile.mkdtemp(dir=self.temporary_directory)
ecdsa_keypath = os.path.join(temporary_directory, 'ecdsa_key')
interface.generate_and_write_ecdsa_keypair(ecdsa_keypath,
password='******')
imported_ecdsa_key = \
interface.import_ecdsa_publickey_from_file(ecdsa_keypath + '.pub')
self.assertTrue(
securesystemslib.formats.ECDSAKEY_SCHEMA.matches(
imported_ecdsa_key))
# Test improperly formatted argument.
self.assertRaises(securesystemslib.exceptions.FormatError,
interface.import_ecdsa_publickey_from_file, 3)
# Test invalid argument.
# Non-existent key file.
nonexistent_keypath = os.path.join(temporary_directory,
'nonexistent_keypath')
self.assertRaises(securesystemslib.exceptions.StorageError,
interface.import_ecdsa_publickey_from_file,
nonexistent_keypath)
# Invalid key file argument.
invalid_keyfile = os.path.join(temporary_directory, 'invalid_keyfile')
with open(invalid_keyfile, 'wb') as file_object:
file_object.write(b'bad keyfile')
self.assertRaises(securesystemslib.exceptions.Error,
interface.import_ecdsa_publickey_from_file,
invalid_keyfile)
# Invalid public key imported (contains unexpected keytype.)
keytype = imported_ecdsa_key['keytype']
keyval = imported_ecdsa_key['keyval']
scheme = imported_ecdsa_key['scheme']
ecdsakey_metadata_format = \
securesystemslib.keys.format_keyval_to_metadata(keytype,
scheme, keyval, private=False)
ecdsakey_metadata_format['keytype'] = 'invalid_keytype'
with open(ecdsa_keypath + '.pub', 'wb') as file_object:
file_object.write(
json.dumps(ecdsakey_metadata_format).encode('utf-8'))
self.assertRaises(securesystemslib.exceptions.FormatError,
interface.import_ecdsa_publickey_from_file,
ecdsa_keypath + '.pub')
def test_generate_and_write_ecdsa_keypair(self):
# Test normal case.
temporary_directory = tempfile.mkdtemp(dir=self.temporary_directory)
test_keypath = os.path.join(temporary_directory, 'ecdsa_key')
returned_path = interface.generate_and_write_ecdsa_keypair(
test_keypath, password='******')
self.assertTrue(os.path.exists(test_keypath))
self.assertTrue(os.path.exists(test_keypath + '.pub'))
self.assertEqual(returned_path, test_keypath)
# Ensure the generated key files are importable.
imported_pubkey = \
interface.import_ecdsa_publickey_from_file(test_keypath + '.pub')
self.assertTrue(
securesystemslib.formats.ECDSAKEY_SCHEMA.matches(imported_pubkey))
imported_privkey = \
interface.import_ecdsa_privatekey_from_file(test_keypath, 'pw')
self.assertTrue(
securesystemslib.formats.ECDSAKEY_SCHEMA.matches(imported_privkey))
# Test for a default filepath. If 'filepath' is not given, the key's
# KEYID is used as the filename. The key is saved to the current working
# directory.
default_keypath = interface.generate_and_write_ecdsa_keypair(
password='******')
self.assertTrue(os.path.exists(default_keypath))
self.assertTrue(os.path.exists(default_keypath + '.pub'))
written_key = interface.import_ecdsa_publickey_from_file(
default_keypath + '.pub')
self.assertEqual(written_key['keyid'],
os.path.basename(default_keypath))
os.remove(default_keypath)
os.remove(default_keypath + '.pub')
# Test improperly formatted arguments.
self.assertRaises(securesystemslib.exceptions.FormatError,
interface.generate_and_write_ecdsa_keypair,
3,
password='******')
self.assertRaises(securesystemslib.exceptions.FormatError,
interface.generate_and_write_ecdsa_keypair,
test_keypath,
password=3)