def makeCACert(issuer, subject, intermediate):
perm = spki.eval(sexp.parseText('(* set CATrusted)'))
c = spki.makeCert(issuer.getPrincipal(), subject.getPrincipal(),
spki.Tag(perm), intermediate)
sig = issuer.sign(c)
seq = spki.Sequence(c, sig, issuer.getPublicKey())
return seq
def reload(self, create=0):
try:
f = open(self.path, "r")
except IOError:
if create:
return
else:
raise
sexps = SPKIDatabase.read(f)
f.close()
for raw in sexps:
obj = spki.eval(raw)
self.loadObject(obj)
def test_getCertSubjectHash(ks):
keystore = ks[0]
defaultKey = ks[1][0]
otherKey = ks[1][1]
cert = makeNameCert(defaultKey[1], otherKey[0], 'Alice')
keystore.addCert(cert)
name = spki.FullyQualifiedName(defaultKey[1].getPrincipal, ['Alice'])
perm = spki.Tag(spki.eval(sexp.parseText('(*)')))
c = spki.makeCert(ks[1][2][0].getPrincipal(), name, perm)
sig = ks[1][2][1].sign(c)
otherCert = spki.Sequence(c, sig)
res = getCertSubjectHash(cert, keystore)
assert res == otherKey[0].getPrincipal()
res = getCertSubjectHash(otherCert, keystore)
assert res == otherKey[0].getPrincipal()
with pytest.raises(ValueError):
getCertSubjectHash(otherCert, InMemKeyStore())
def initACL(acl, keystore):
key = keystore.getDefaultKey()
perm = spki.eval(sexp.parseText('(*)'))
c = spki.makeAclEntry(key, [], 1, perm)
acl.add(c)
