def test_basic_parsing(self):
"""
Parse a basic test certificate.
"""
signing_key = b'\x11' * 32
cert_bytes = certificate(extension_data = [b'\x00\x20\x04\x07' + signing_key, b'\x00\x00\x05\x04'])
cert = Ed25519Certificate.parse(cert_bytes)
self.assertEqual(Ed25519CertificateV1, type(cert))
self.assertEqual(1, cert.version)
self.assertEqual(cert_bytes, cert.encoded)
self.assertEqual(CertType.SIGNING, cert.type)
self.assertEqual(datetime.datetime(1970, 1, 1, 0, 0), cert.expiration)
self.assertEqual(1, cert.key_type)
self.assertEqual(b'\x03' * 32, cert.key)
self.assertEqual(b'\x01' * ED25519_SIGNATURE_LENGTH, cert.signature)
self.assertEqual([
Ed25519Extension(type = ExtensionType.HAS_SIGNING_KEY, flags = [ExtensionFlag.AFFECTS_VALIDATION, ExtensionFlag.UNKNOWN], flag_int = 7, data = signing_key),
Ed25519Extension(type = 5, flags = [ExtensionFlag.UNKNOWN], flag_int = 4, data = b''),
], cert.extensions)
self.assertEqual(ExtensionType.HAS_SIGNING_KEY, cert.extensions[0].type)
self.assertTrue(cert.is_expired())
def test_certificate_encoding(self):
"""
Pack a certificate back into what we read.
"""
cert = Ed25519Certificate.from_base64(ED25519_CERT)
self.assertEqual(ED25519_CERT, cert.to_base64())
def test_basic_parsing(self):
"""
Parse a basic test certificate.
"""
signing_key = b'\x11' * 32
cert_bytes = certificate(extension_data=[
b'\x00\x20\x04\x07' + signing_key, b'\x00\x00\x05\x04'
])
cert = Ed25519Certificate.from_base64(cert_bytes)
self.assertEqual(Ed25519CertificateV1, type(cert))
self.assertEqual(1, cert.version)
self.assertEqual(stem.util.str_tools._to_unicode(cert_bytes),
cert.to_base64().replace('\n', ''))
self.assertEqual(CertType.ED25519_SIGNING, cert.type)
self.assertEqual(datetime.datetime(1970, 1, 1, 0, 0), cert.expiration)
self.assertEqual(1, cert.key_type)
self.assertEqual(b'\x03' * 32, cert.key)
self.assertEqual(b'\x01' * ED25519_SIGNATURE_LENGTH, cert.signature)
self.assertEqual([
Ed25519Extension(ExtensionType.HAS_SIGNING_KEY, 7, signing_key),
Ed25519Extension(5, 4, b''),
], cert.extensions)
self.assertEqual(ExtensionType.HAS_SIGNING_KEY,
cert.extensions[0].type)
self.assertTrue(cert.is_expired())
def test_basic_parsing(self):
"""
Parse a basic test certificate.
"""
signing_key = b'\x11' * 32
cert_bytes = certificate(extension_data=[
b'\x00\x20\x04\x07' + signing_key, b'\x00\x00\x05\x04'
])
cert = Ed25519Certificate.parse(cert_bytes)
self.assertEqual(Ed25519CertificateV1, type(cert))
self.assertEqual(1, cert.version)
self.assertEqual(cert_bytes, cert.encoded)
self.assertEqual(CertType.SIGNING, cert.type)
self.assertEqual(datetime.datetime(1970, 1, 1, 0, 0), cert.expiration)
self.assertEqual(1, cert.key_type)
self.assertEqual(b'\x03' * 32, cert.key)
self.assertEqual(b'\x01' * ED25519_SIGNATURE_LENGTH, cert.signature)
self.assertEqual([
Ed25519Extension(type=ExtensionType.HAS_SIGNING_KEY,
flags=[
ExtensionFlag.AFFECTS_VALIDATION,
ExtensionFlag.UNKNOWN
],
flag_int=7,
data=signing_key),
Ed25519Extension(
type=5, flags=[ExtensionFlag.UNKNOWN], flag_int=4, data=b''),
], cert.extensions)
self.assertEqual(ExtensionType.HAS_SIGNING_KEY,
cert.extensions[0].type)
self.assertTrue(cert.is_expired())
def test_certificate_encoding(self):
"""
Pack a certificate back into what we read.
"""
cert = Ed25519Certificate.from_base64(ED25519_CERT)
self.assertEqual(ED25519_CERT, cert.encoded) # read base64 encoding (getting removed in stem 2.x)
self.assertEqual(ED25519_CERT, cert.to_base64()) # computed base64 encoding
def test_validation_with_invalid_descriptor(self):
"""
Validate a descriptor without a valid signature.
"""
with open(get_resource('server_descriptor_with_ed25519'), 'rb') as descriptor_file:
desc = next(stem.descriptor.parse_file(descriptor_file, validate = False))
cert = Ed25519Certificate.parse(certificate())
self.assertRaisesRegexp(ValueError, re.escape('Ed25519KeyCertificate signing key is invalid (Signature was forged or corrupt)'), cert.validate, desc)
def test_validation_with_invalid_descriptor(self):
"""
Validate a descriptor without a valid signature.
"""
with open(get_resource('server_descriptor_with_ed25519'), 'rb') as descriptor_file:
desc = next(stem.descriptor.parse_file(descriptor_file, validate = False))
cert = Ed25519Certificate.from_base64(certificate())
self.assertRaisesWith(ValueError, 'Ed25519KeyCertificate signing key is invalid (signature forged or corrupt)', cert.validate, desc)
def test_extension_encoding(self):
"""
Pack an extension back into what we read.
"""
extension = Ed25519Certificate.from_base64(ED25519_CERT).extensions[0]
expected = Size.SHORT.pack(len(EXPECTED_EXTENSION_DATA)) + Size.CHAR.pack(4) + Size.CHAR.pack(0) + EXPECTED_EXTENSION_DATA
self.assertEqual(4, extension.type)
self.assertEqual(0, extension.flag_int)
self.assertEqual(EXPECTED_EXTENSION_DATA, extension.data)
self.assertEqual(expected, extension.pack())
def test_with_real_cert(self):
"""
Parse a certificate from a real server descriptor.
"""
cert = Ed25519Certificate.parse(ED25519_CERT)
self.assertEqual(Ed25519CertificateV1, type(cert))
self.assertEqual(1, cert.version)
self.assertEqual(ED25519_CERT, cert.encoded)
self.assertEqual(CertType.SIGNING, cert.type)
self.assertEqual(datetime.datetime(2015, 8, 28, 17, 0), cert.expiration)
self.assertEqual(1, cert.key_type)
self.assertEqual(EXPECTED_CERT_KEY, cert.key)
self.assertEqual([Ed25519Extension(type = 4, flags = [], flag_int = 0, data = EXPECTED_EXTENSION_DATA)], cert.extensions)
self.assertEqual(EXPECTED_SIGNATURE, cert.signature)
def test_with_real_cert(self):
"""
Parse a certificate from a real server descriptor.
"""
cert = Ed25519Certificate.from_base64(ED25519_CERT)
self.assertEqual(Ed25519CertificateV1, type(cert))
self.assertEqual(1, cert.version)
self.assertEqual(ED25519_CERT, cert.encoded)
self.assertEqual(CertType.ED25519_SIGNING, cert.type)
self.assertEqual(datetime.datetime(2015, 8, 28, 17, 0), cert.expiration)
self.assertEqual(1, cert.key_type)
self.assertEqual(EXPECTED_CERT_KEY, cert.key)
self.assertEqual([Ed25519Extension(4, 0, EXPECTED_EXTENSION_DATA)], cert.extensions)
self.assertEqual(EXPECTED_SIGNATURE, cert.signature)
def _parse_exit_policy(descriptor: 'stem.descriptor.Descriptor',
entries: ENTRY_TYPE) -> None:
if hasattr(descriptor, '_unparsed_exit_policy'):
if descriptor._unparsed_exit_policy and stem.util.str_tools._to_unicode(
descriptor._unparsed_exit_policy[0]) == 'reject *:*':
descriptor.exit_policy = REJECT_ALL_POLICY
else:
descriptor.exit_policy = stem.exit_policy.ExitPolicy(
*descriptor._unparsed_exit_policy)
del descriptor._unparsed_exit_policy
_parse_identity_ed25519_line = Ed25519Certificate._from_descriptor(
'identity-ed25519', 'certificate')
_parse_master_key_ed25519_line = _parse_simple_line('master-key-ed25519',
'ed25519_master_key')
_parse_master_key_ed25519_for_hash_line = _parse_simple_line(
'master-key-ed25519', 'ed25519_certificate_hash')
_parse_contact_line = _parse_bytes_line('contact', 'contact')
_parse_published_line = _parse_timestamp_line('published', 'published')
_parse_read_history_line = functools.partial(_parse_history_line,
'read-history',
'read_history_end',
'read_history_interval',
'read_history_values')
_parse_write_history_line = functools.partial(_parse_history_line,
'write-history',
'write_history_end',
'write_history_interval',