def test_save_error_writing_private_key_to_file(mocker):
mocker.patch('pyspiffe.svid.x509_svid._write_x509_svid_to_file',
autospect=True)
mock_x509_svid = mocker.Mock(X509Svid)
mock_private_key = mocker.Mock()
mock_private_key.private_bytes.side_effect = Exception('Error msg')
mock_x509_svid.private_key.return_value = mock_private_key
with pytest.raises(X509SvidError) as exception:
X509Svid.save(mock_x509_svid, 'chain_file', 'key_file',
serialization.Encoding.PEM)
assert (str(exception.value) ==
'Could not extract private key bytes from object: Error msg.')
def test_save_error_writing_x509_svid_to_file(mocker):
mocker.patch('builtins.open',
side_effect=Exception('Error msg'),
autospect=True)
mock_x509_svid = mocker.Mock(X509Svid)
with pytest.raises(StoreCertificateError) as exception:
X509Svid.save(mock_x509_svid, 'chain_file', 'key_file',
serialization.Encoding.PEM)
assert (
str(exception.value) ==
'Error saving certificate to file: Error writing X.509 SVID to file: Error msg.'
)
def test_save_non_supported_encoding():
chain_bytes = read_bytes('3-good-leaf-only.pem')
key_bytes = read_bytes('3-key-pkcs8-rsa.pem')
# create the X509Svid to be saved
mock_x509_svid = X509Svid.parse(chain_bytes, key_bytes)
with pytest.raises(ArgumentError) as err:
X509Svid.save(mock_x509_svid, 'chain_file', 'key_file',
serialization.Encoding.Raw)
assert (str(
err.value
) == 'Encoding not supported: Encoding.Raw. Expected \'PEM\' or \'DER\'.')
def test_save_error_extracting_private_key(mocker):
mocker.patch('pyspiffe.svid.x509_svid._write_x509_svid_to_file',
autospect=True)
mocker.patch('builtins.open',
side_effect=Exception('Error msg'),
autospect=True)
x509_svid = mocker.Mock(X509Svid)
with pytest.raises(StorePrivateKeyError) as exception:
X509Svid.save(x509_svid, 'chain_file', 'key_file',
serialization.Encoding.PEM)
assert (
str(exception.value) ==
'Error saving private key to file: Could not write private key bytes to file: Error msg.'
)
def test_save_chain_and_rsa_key_as_der(tmpdir):
chain_bytes = read_bytes('3-good-leaf-only.pem')
key_bytes = read_bytes('3-key-pkcs8-rsa.pem')
# create the X509Svid to be saved
x509_svid = X509Svid.parse(chain_bytes, key_bytes)
# temp files to store the certs and private_key
chain_der_file = tmpdir.join('chain.der')
key_der_file = tmpdir.join('key.der')
X509Svid.save(x509_svid, chain_der_file, key_der_file,
serialization.Encoding.DER)
# now load the saved svid, and check that everything was stored correctly
saved_svid = X509Svid.load(chain_der_file, key_der_file,
serialization.Encoding.DER)
expected_spiffe_id = SpiffeId.parse('spiffe://example.org/workload-1')
assert saved_svid.spiffe_id() == expected_spiffe_id
assert len(saved_svid.cert_chain()) == 1
assert isinstance(saved_svid.leaf(), Certificate)
assert isinstance(saved_svid.private_key(), rsa.RSAPrivateKey)
assert _extract_spiffe_id(saved_svid.leaf()) == expected_spiffe_id
def test_save_chain_and_ec_key_as_pem(tmpdir):
chain_bytes = read_bytes('2-chain.pem')
key_bytes = read_bytes('2-key.pem')
# create the X509Svid to be saved
x509_svid = X509Svid.parse(chain_bytes, key_bytes)
# temp files to store the certs and private_key
chain_pem_file = tmpdir.join('chain.pem')
key_pem_file = tmpdir.join('key.pem')
X509Svid.save(x509_svid, chain_pem_file, key_pem_file,
serialization.Encoding.PEM)
# now load the saved svid, and check that everything was stored correctly
saved_svid = X509Svid.load(chain_pem_file, key_pem_file,
serialization.Encoding.PEM)
expected_spiffe_id = SpiffeId.parse('spiffe://example.org/service')
assert saved_svid.spiffe_id() == expected_spiffe_id
assert len(saved_svid.cert_chain()) == 2
assert isinstance(saved_svid.leaf(), Certificate)
assert isinstance(x509_svid.cert_chain()[1], Certificate)
assert isinstance(saved_svid.private_key(), ec.EllipticCurvePrivateKey)
assert _extract_spiffe_id(saved_svid.leaf()) == expected_spiffe_id