def test_set_expiration():
'''Tests set_expiration()'''
card = keycard.EntryBase()
card.set_expiration(7)
expiration = datetime.datetime.utcnow() + datetime.timedelta(7)
assert card.fields['Expires'] == expiration.strftime(
"%Y%m%d"), "Expiration calculations failed"
def test_make_bytestring():
'''Tests make_bytestring()'''
basecard = keycard.EntryBase()
basecard.type = "Test"
basecard.field_names = [
'Name', 'User-ID', 'Workspace-ID', 'Domain', 'Time-To-Live', 'Expires'
]
basecard.signature_info = [{
'name': 'Custody',
'level': 1,
'optional': True,
'type': SIGINFO_SIGNATURE
}, {
'name': 'Organization',
'level': 2,
'optional': False,
'type': SIGINFO_SIGNATURE
}, {
'name': 'Hashes',
'level': 3,
'optional': False,
'type': SIGINFO_HASH
}, {
'name': 'User',
'level': 4,
'optional': False,
'type': SIGINFO_SIGNATURE
}]
basecard.set_fields({
'Name': 'Corbin Smith',
'User-ID': 'csmith',
'Workspace-ID': '4418bf6c-000b-4bb3-8111-316e72030468',
'Domain': 'example.com',
'Time-To-Live': '7',
'Expires': '20201002',
'Custody-Signature': '0000000000',
'Organization-Signature': '2222222222',
'User-Signature': '1111111111',
})
expected_out = \
b'Type:Test\r\n' \
b'Name:Corbin Smith\r\n' \
b'User-ID:csmith\r\n' \
b'Workspace-ID:4418bf6c-000b-4bb3-8111-316e72030468\r\n' \
b'Domain:example.com\r\n' \
b'Time-To-Live:7\r\n' \
b'Expires:20201002\r\n' \
b'Custody-Signature:0000000000\r\n' \
b'Organization-Signature:2222222222\r\n' \
b'User-Signature:1111111111\r\n' \
actual_out = basecard.make_bytestring(-1)
assert actual_out == expected_out, "user byte string didn't match"
def test_set_fields():
'''Tests setfields'''
card = keycard.EntryBase()
card.set_fields({
'Name': 'Example, Inc.',
'Contact-Admin': 'admin/example.com',
'noncompliant-field': 'foobar2000'
})
assert 'Name' in card.fields and 'Contact-Admin' in card.fields and \
'noncompliant-field' in card.fields, "set_fields() didn't work right"
def test_set():
'''Tests set()'''
# Note that the Type field is not set so that set() doesn't reject the data because it doesn't
# match the entry type
indata = \
b'Name:Acme, Inc.\r\n' \
b'Contact-Admin:admin/acme.com\r\n' \
b'Language:en\r\n' \
b'Primary-Verification-Key:ED25519:&JEq)5Ktu@jfM+Sa@+1GU6E&Ct2*<2ZYXh#l0FxP\r\n' \
b'Encryption-Key:CURVE25519:^fI7bdC(IEwC#(nG8Em-;nx98TcH<TnfvajjjDV@\r\n' \
b'Time-To-Live:14\r\n' \
b'Expires:730\r\n' \
b'Organization-Signature:x3)dYq@S0rd1Rfbie*J7kF{fkxQ=J=A)OoO1WGx97o-utWtfbwyn-$(js'\
b'_n^d6uTZY7p{gd60=rPZ|;m\r\n'
basecard = keycard.EntryBase()
status = basecard.set(indata)
assert not status.error(), "EntryBase.set() failed"
assert basecard.signatures['Organization'] == 'x3)dYq@S0rd1Rfbie*J7kF{fkxQ=J=A)OoO1WGx' \
'97o-utWtfbwyn-$(js_n^d6uTZY7p{gd60=rPZ|;m', \
"set() didn't handle the signature correctly"
def test_base_is_compliant():
'''Tests compliance testing for the base class'''
basecard = keycard.EntryBase()
status = basecard.is_compliant()
assert status.error(), "EntryBase met compliance and shouldn't"
def test_verify_signature():
'''Tests the signing of a test keycard entry'''
# This is an extensive test because while it doesn't utilize all the fields that a standard
# entry would normally have, it tests signing and verification of user, org, and entry
# signatures. This test is also only intended to confirm success states of the method.
# User signing key
skey = nacl.signing.SigningKey(b'p;XXU0XF#UO^}vKbC-wS(#5W6=OEIFmR2z`rS1j+',
Base85Encoder)
# Organization signing key
oskey = nacl.signing.SigningKey(
b'msvXw(nII<Qm6oBHc+92xwRI3>VFF-RcZ=7DEu3|', Base85Encoder)
# crekey = nacl.public.PrivateKey(b'VyFX5PC~?eL5)>q|6W7ciRrOJw$etlej<tY$f+t_', Base85Encoder)
# ekey = nacl.public.PrivateKey(b'Wsx6BC(HP~goS-C_`K=6Daqr97kapfc=vQUzi?KI', Base85Encoder)
basecard = keycard.EntryBase()
basecard.type = "Test"
basecard.field_names = [
'Name', 'Workspace-ID', 'Domain', 'Contact-Request-Verification-Key',
'Contact-Request-Encryption-Key', 'Public-Encryption-Key', 'Expires'
]
basecard.set_fields({
'Name': 'Corbin Simons',
'Workspace-ID': '4418bf6c-000b-4bb3-8111-316e72030468',
'Domain': 'example.com',
'Contact-Request-Verification-Key':
'ED25519:d0-oQb;{QxwnO{=!|^62+E=UYk2Y3mr2?XKScF4D',
'Contact-Request-Encryption-Key':
'CURVE25519:yBZ0{1fE9{2<b~#i^R+JT-yh-y5M(Wyw_)}_SZOn',
'Public-Encryption-Key':
'CURVE25519:_`UC|vltn_%P5}~vwV^)oY){#uvQSSy(dOD_l(yE',
'Expires': '20201002',
# These junk signatures will end up being cleared when sign('User') is called
'User-Signature': '1111111111',
'Organization-Signature': '2222222222',
'Entry-Signature': '3333333333'
})
basecard.signature_info = [{
'name': 'Custody',
'level': 1,
'optional': True,
'type': SIGINFO_SIGNATURE
}, {
'name': 'Organization',
'level': 2,
'optional': False,
'type': SIGINFO_SIGNATURE
}, {
'name': 'Hashes',
'level': 3,
'optional': False,
'type': SIGINFO_HASH
}, {
'name': 'User',
'level': 4,
'optional': False,
'type': SIGINFO_SIGNATURE
}]
# Organization sign and verify
okeystring = CryptoString()
okeystring.set('ED25519:' + base64.b85encode(oskey.encode()).decode())
rv = basecard.sign(okeystring, 'Organization')
assert not rv.error(), 'Unexpected RetVal error %s' % rv.error()
assert basecard.signatures['Organization'], 'entry failed to user sign'
expected_sig = \
'ED25519:>>6(c|MBt?66%ywF=2yw4k}%;-8J)218?T=4XtV**m9S4Wzo@%E0Xme7@op7Vky?>VnCb?h(%WGO9(g!'
assert basecard.signatures['Organization'] == expected_sig, \
"entry did not yield the expected org signature"
ovkey = nacl.signing.VerifyKey(oskey.verify_key.encode())
ovkeystring = CryptoString()
ovkeystring.prefix = 'ED25519'
ovkeystring.data = base64.b85encode(ovkey.encode()).decode()
rv = basecard.verify_signature(ovkeystring, 'Organization')
assert not rv.error(), 'entry failed to org verify'
# Set up the hashes
basecard.prev_hash = '1234567890'
rv = basecard.generate_hash('BLAKE2B-256')
assert not rv.error(), 'entry failed to BLAKE3 hash'
expected_hash = r'BLAKE2B-256:kBO4*3!t3M2PONHy>*Ew)Hw8!v)rZcvpo;azDJvx'
assert basecard.hash == expected_hash, "entry did not yield the expected hash"
# User sign and verify
keystring = CryptoString()
keystring.set('ED25519:' + base64.b85encode(skey.encode()).decode())
rv = basecard.sign(keystring, 'User')
assert not rv.error(), 'Unexpected RetVal error %s' % rv.error()
assert basecard.signatures['User'], 'entry failed to user sign'
expected_sig = \
'ED25519:@R53O{bS93YmZq5qs2`f0Uj)Ks^_cl{3Tl;lce#{hF-LsexWsbWqH_5erOQ+VY^pBkADo)@zxG)YZVU#'
assert basecard.signatures['User'] == expected_sig, \
"entry did not yield the expected user signature"
vkey = nacl.signing.VerifyKey(skey.verify_key.encode())
vkeystring = CryptoString()
vkeystring.prefix = 'ED25519'
vkeystring.data = base64.b85encode(vkey.encode()).decode()
rv = basecard.verify_signature(vkeystring, 'User')
assert not rv.error(), 'entry failed to user verify'
def test_sign():
'''Tests signing of a keycard entry'''
skey = nacl.signing.SigningKey(b'p;XXU0XF#UO^}vKbC-wS(#5W6=OEIFmR2z`rS1j+',
Base85Encoder)
# crskey = nacl.signing.SigningKey(b'msvXw(nII<Qm6oBHc+92xwRI3>VFF-RcZ=7DEu3|', Base85Encoder)
# crekey = nacl.public.PrivateKey(b'VyFX5PC~?eL5)>q|6W7ciRrOJw$etlej<tY$f+t_', Base85Encoder)
# ekey = nacl.public.PrivateKey(b'Wsx6BC(HP~goS-C_`K=6Daqr97kapfc=vQUzi?KI', Base85Encoder)
basecard = keycard.EntryBase()
basecard.type = "Test"
basecard.field_names = [
'Name', 'Workspace-ID', 'Domain', 'Contact-Request-Verification-Key',
'Contact-Request-Encryption-Key', 'Public-Encryption-Key', 'Expires'
]
basecard.set_fields({
'Name': 'Corbin Simons',
'Workspace-ID': '4418bf6c-000b-4bb3-8111-316e72030468',
'Domain': 'example.com',
'Contact-Request-Verification-Key':
'ED25519:7dfD==!Jmt4cDtQDBxYa7(dV|N$}8mYwe$=RZuW|',
'Contact-Request-Encryption-Key':
'CURVE25519:yBZ0{1fE9{2<b~#i^R+JT-yh-y5M(Wyw_)}_SZOn',
'Public-Encryption-Key':
'CURVE25519:_`UC|vltn_%P5}~vwV^)oY){#uvQSSy(dOD_l(yE',
'Expires': '20201002',
# These junk signatures will end up being cleared when sign('User') is called
'User-Signature': '1111111111',
'Organization-Signature': '2222222222',
'Entry-Signature': '3333333333'
})
basecard.signature_info = [{
'name': 'Custody',
'level': 1,
'optional': True,
'type': SIGINFO_SIGNATURE
}, {
'name': 'Organization',
'level': 2,
'optional': False,
'type': SIGINFO_SIGNATURE
}, {
'name': 'Hashes',
'level': 3,
'optional': False,
'type': SIGINFO_HASH
}, {
'name': 'User',
'level': 4,
'optional': False,
'type': SIGINFO_SIGNATURE
}]
keystring = CryptoString()
keystring.set('ED25519:' + base64.b85encode(skey.encode()).decode())
rv = basecard.sign(keystring, 'Organization')
assert not rv.error(), 'Unexpected RetVal error %s' % rv.error()
assert basecard.signatures['Organization'], 'entry failed to org sign'
rv = basecard.generate_hash('BLAKE2B-256')
assert not rv.error(), 'Unexpected RetVal error %s' % rv.error()
expected_sig = \
'ED25519:N~nZ1#wE%i`sO?wZ%b4;zrEk4D-rd{!oY=C26w0GepfvnArTHlw*HeIZB|oHZke`T*eGbw>GvYD8YQR)'
assert basecard.signatures['Organization'] == expected_sig, \
"entry did not yield the expected signature"
def test_set_field():
'''Tests setfield'''
card = keycard.EntryBase()
card.set_field('Name', 'Corbin Smith')
assert card.fields['Name'] == 'Corbin Smith', "set_field() didn't work"