コード例 #1
0
 def test_helpers_hcert_load_pem_hcert_dsc_with_unsupported_cert(self):
     dsc = "-----BEGIN CERTIFICATE-----\nMIIBBDCBtwIUOcchiKGSdnTvMvPyRR41dCGs7LwwBQYDK2VwMCUxCzAJBgNVBAYTAkpQMRYwFAYDVQQDDA1oY2VydC5leGFtcGxlMB4XDTIxMDcwNTEzMTM1OVoXDTMxMDcwMzEzMTM1OVowJTELMAkGA1UEBhMCSlAxFjAUBgNVBAMMDWhjZXJ0LmV4YW1wbGUwKjAFBgMrZXADIQCF3lYyJUSPHn4Hauiri7/5Jqg807DnrBQk5p0B7Gm/rjAFBgMrZXADQQCWMCmiIWFhfIVw1nZwUZrzeFUps0WOU74WCFKHcxhIHtjr6cJqxdUqjf+wORxUqdqLT3xKrYcWZjqSEYHruJkP\n-----END CERTIFICATE-----"
     with pytest.raises(ValueError) as err:
         load_pem_hcert_dsc(dsc)
         pytest.fail("load_pem_hcert_dsc() should fail.")
     assert (
         "Unsupported or unknown key type: <class 'cryptography.hazmat.backends.openssl.ed25519._Ed25519PublicKey'>."
         in str(err.value))
コード例 #2
0
ファイル: test_cwt_sample.py プロジェクト: dajiaji/python-cwt
    def test_sample_hcert_testdata_AT_2DCode_raw_1_with_cert_file(self):
        eudcc = bytes.fromhex(
            "d2844da20448d919375fc1e7b6b20126a0590133a4041a61817ca0061a60942ea001624154390103a101a4617681aa62646e01626d616d4f52472d3130303033303231356276706a313131393334393030376264746a323032312d30322d313862636f624154626369783155524e3a555643493a30313a41543a31303830373834334639344145453045453530393346424332353442443831332342626d706c45552f312f32302f31353238626973781b4d696e6973747279206f66204865616c74682c20417573747269616273640262746769383430353339303036636e616da463666e74754d5553544552465241553c474f455353494e47455262666e754d7573746572667261752d47c3b6c39f696e67657263676e74684741425249454c4562676e684761627269656c656376657265312e302e3063646f626a313939382d30322d323658405812fce67cb84c3911d78e3f61f890d0c80eb9675806aebed66aa2d0d0c91d1fc98d7bcb80bf00e181806a9502e11b071325901bd0d2c1b6438747b8cc50f521"
        )

        with open(key_path("hcert_testdata_cert_at.pem")) as key_file:
            dsc = key_file.read()
            public_key = load_pem_hcert_dsc(dsc)
        decoded = cwt.decode(eudcc, keys=[public_key], no_verify=True)
        claims = Claims.new(decoded)

        assert 1 in claims.hcert
        assert isinstance(claims.hcert[1], dict)
        assert "v" in claims.hcert[1]
        assert "nam" in claims.hcert[1]
        assert "dob" in claims.hcert[1]
        assert "ver" in claims.hcert[1]
        assert isinstance(claims.hcert[1]["v"], list)
        assert len(claims.hcert[1]["v"]) == 1
        assert isinstance(claims.hcert[1]["v"][0], dict)
        assert isinstance(claims.hcert[1]["nam"], dict)
        assert "fnt" in claims.hcert[1]["nam"]
        assert claims.hcert[1]["nam"]["fnt"] == "MUSTERFRAU<GOESSINGER"
        assert claims.hcert[1]["dob"] == "1998-02-26"
        assert claims.hcert[1]["ver"] == "1.0.0"
コード例 #3
0
ファイル: test_cwt_sample.py プロジェクト: dajiaji/python-cwt
    def test_sample_hcert_testdata_AT_2DCode_raw_1(self):

        # A DSC(Document Signing Certificate) issued by a CSCA (Certificate Signing Certificate Authority).
        dsc = "-----BEGIN CERTIFICATE-----\nMIIBvTCCAWOgAwIBAgIKAXk8i88OleLsuTAKBggqhkjOPQQDAjA2MRYwFAYDVQQDDA1BVCBER0MgQ1NDQSAxMQswCQYDVQQGEwJBVDEPMA0GA1UECgwGQk1TR1BLMB4XDTIxMDUwNTEyNDEwNloXDTIzMDUwNTEyNDEwNlowPTERMA8GA1UEAwwIQVQgRFNDIDExCzAJBgNVBAYTAkFUMQ8wDQYDVQQKDAZCTVNHUEsxCjAIBgNVBAUTATEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASt1Vz1rRuW1HqObUE9MDe7RzIk1gq4XW5GTyHuHTj5cFEn2Rge37+hINfCZZcozpwQKdyaporPUP1TE7UWl0F3o1IwUDAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0OBBYEFO49y1ISb6cvXshLcp8UUp9VoGLQMB8GA1UdIwQYMBaAFP7JKEOflGEvef2iMdtopsetwGGeMAoGCCqGSM49BAMCA0gAMEUCIQDG2opotWG8tJXN84ZZqT6wUBz9KF8D+z9NukYvnUEQ3QIgdBLFSTSiDt0UJaDF6St2bkUQuVHW6fQbONd731/M4nc=\n-----END CERTIFICATE-----"

        # An EUDCC (EU Digital COVID Certificate)
        eudcc = bytes.fromhex(
            "d2844da20448d919375fc1e7b6b20126a0590133a4041a61817ca0061a60942ea001624154390103a101a4617681aa62646e01626d616d4f52472d3130303033303231356276706a313131393334393030376264746a323032312d30322d313862636f624154626369783155524e3a555643493a30313a41543a31303830373834334639344145453045453530393346424332353442443831332342626d706c45552f312f32302f31353238626973781b4d696e6973747279206f66204865616c74682c20417573747269616273640262746769383430353339303036636e616da463666e74754d5553544552465241553c474f455353494e47455262666e754d7573746572667261752d47c3b6c39f696e67657263676e74684741425249454c4562676e684761627269656c656376657265312e302e3063646f626a313939382d30322d323658405812fce67cb84c3911d78e3f61f890d0c80eb9675806aebed66aa2d0d0c91d1fc98d7bcb80bf00e181806a9502e11b071325901bd0d2c1b6438747b8cc50f521"
        )

        public_key = load_pem_hcert_dsc(dsc)
        decoded = cwt.decode(eudcc, keys=[public_key], no_verify=True)
        claims = Claims.new(decoded)

        assert 1 in claims.hcert
        assert isinstance(claims.hcert[1], dict)
        assert "v" in claims.hcert[1]
        assert "nam" in claims.hcert[1]
        assert "dob" in claims.hcert[1]
        assert "ver" in claims.hcert[1]
        assert isinstance(claims.hcert[1]["v"], list)
        assert len(claims.hcert[1]["v"]) == 1
        assert isinstance(claims.hcert[1]["v"][0], dict)
        assert isinstance(claims.hcert[1]["nam"], dict)
        assert "fnt" in claims.hcert[1]["nam"]
        assert claims.hcert[1]["nam"]["fnt"] == "MUSTERFRAU<GOESSINGER"
        assert claims.hcert[1]["dob"] == "1998-02-26"
        assert claims.hcert[1]["ver"] == "1.0.0"
コード例 #4
0
ファイル: verifier.py プロジェクト: dajiaji/python-cwt
    def refresh_trustlist(self):
        status = 200
        headers = None

        # Get new DSCs
        x_resume_token = self._trustlist[
            len(self._trustlist) -
            1]["x_resume_token"] if self._trustlist else ""
        while status == 200:
            if x_resume_token:
                headers = {"X-RESUME-TOKEN": x_resume_token}
            r = requests.get(self._base_url + "/signercertificateUpdate",
                             headers=headers)
            status = r.status_code
            if status == 204:
                break
            if status != 200:
                raise Exception(
                    f"Received {status} from signercertificateUpdate")

            x_resume_token = r.headers["X-RESUME-TOKEN"]
            self._trustlist.append({
                "x_kid": r.headers["X-KID"],
                "x_resume_token": x_resume_token,
                "dsc": r.text,
            })

        # Filter expired/revoked DSCs
        r = requests.get(self._base_url + "/signercertificateStatus")
        if r.status_code != 200:
            raise Exception(
                f"Received {r.status_code} from signercertificateStatus")
        active_kids = r.json()
        self._dscs = []
        for v in self._trustlist:
            if v["x_kid"] not in active_kids:
                continue
            dsc = f"-----BEGIN CERTIFICATE-----\n{v['dsc']}\n-----END CERTIFICATE-----"
            self._dscs.append(load_pem_hcert_dsc(dsc))

        # Update trustlist store.
        with open(self._trustlist_store_path, "w") as f:
            json.dump(
                [v for v in self._trustlist if v["x_kid"] in active_kids],
                f,
                indent=4)
        return
コード例 #5
0
    def test_helpers_hcert_load_pem_hcert_dsc_es256(self):

        dsc = "-----BEGIN CERTIFICATE-----\nMIIBvTCCAWOgAwIBAgIKAXk8i88OleLsuTAKBggqhkjOPQQDAjA2MRYwFAYDVQQDDA1BVCBER0MgQ1NDQSAxMQswCQYDVQQGEwJBVDEPMA0GA1UECgwGQk1TR1BLMB4XDTIxMDUwNTEyNDEwNloXDTIzMDUwNTEyNDEwNlowPTERMA8GA1UEAwwIQVQgRFNDIDExCzAJBgNVBAYTAkFUMQ8wDQYDVQQKDAZCTVNHUEsxCjAIBgNVBAUTATEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASt1Vz1rRuW1HqObUE9MDe7RzIk1gq4XW5GTyHuHTj5cFEn2Rge37+hINfCZZcozpwQKdyaporPUP1TE7UWl0F3o1IwUDAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0OBBYEFO49y1ISb6cvXshLcp8UUp9VoGLQMB8GA1UdIwQYMBaAFP7JKEOflGEvef2iMdtopsetwGGeMAoGCCqGSM49BAMCA0gAMEUCIQDG2opotWG8tJXN84ZZqT6wUBz9KF8D+z9NukYvnUEQ3QIgdBLFSTSiDt0UJaDF6St2bkUQuVHW6fQbONd731/M4nc=\n-----END CERTIFICATE-----"
        public_key = load_pem_hcert_dsc(dsc)
        assert public_key.alg == -7
コード例 #6
0
 def test_helpers_hcert_load_pem_hcert_dsc_with_invalid_cert(self):
     dsc = "xxx"
     with pytest.raises(ValueError) as err:
         load_pem_hcert_dsc(dsc)
         pytest.fail("load_pem_hcert_dsc() should fail.")
     assert "Invalid PEM data." in str(err.value)
コード例 #7
0
    def test_helpers_hcert_load_pem_hcert_dsc_ps256_with_bytes(self):

        dsc = b"-----BEGIN CERTIFICATE-----\nMIIEFzCCAf8CAhI8MA0GCSqGSIb3DQEBBAUAMIGDMQswCQYDVQQGEwJYWDEaMBgGA1UECAwRRXVyb3BlYW4gQ29tbWlzb24xETAPBgNVBAcMCEJydXNzZWxzMQ4wDAYDVQQKDAVESUdJVDEUMBIGA1UECwwLUGVuIFRlc3RpbmcxHzAdBgNVBAMMFlBlbiBUZXN0ZXJzIEFDQyAoQ1NDQSkwHhcNMjEwNTA3MTM0MTE0WhcNMjIwNTA3MTM0MTE0WjAeMQswCQYDVQQGEwJYWDEPMA0GA1UEAwwGUm9iZXJ0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqrScBZXVoF4+UcbE8+eRVMsDjvdA9CvxE+f077zYJ6/xaVzNooafTvWI/QHCxNKT8diNoo1uylhvbvCY1sWsjPwCFkTJE49LGm5IetPRHX9zKTsd+fyMj2+yQxx3tkj6d9jO6hmozJhjxSMGvV0IyXIv3fsXHH3kOHpT43mf9MxFBYua4Qxci0RgGYCIJSwZk9jiHRKAFFiDf5hMcqmcezzcMDJc17FhJ7TenqbtzVfr3L9yzZLURqDylVeOit/w5PGyN+KhJRGjPqReqreaFGQsviy3VVf0wKfKMOovHobj7+DYBpyXFuUKE6u0P+3NQfnwwzt6bxLasHwhSmwCCwIDAQABMA0GCSqGSIb3DQEBBAUAA4ICAQBiKvNcpS9aVn58UbUgRLNgOkjhzd5qby/s0bV1XHT7te7rmfoPeB1wypP4XMt6Sfz1hiQcBGTnpbox4/HPkHHGgpJ5RFdFeCUYj4oqIB+MWOqpnQxKIu2f4a2TqgoW2zdvxk9eO9kdoTbxU4xQn/Y6/Wovw29B9nCiMRwa39ZGScDRMQMTbesd/6lJYtSZyjNls2Guxv4kCy3ekFktXQzsUXIrm+Yvhe68+dPgKe26S1xLNRt3kAR30HM5kB3vM8jTGiqubOe6W6YfcX4XoVfmwVfttk2BLPl0u/SXt/SsRHWuYzJ48AUXkK6vd3HR5FG39YSvEZ1Tlf9GRmR2uXO/TnnZiGd+cyjLgAPGtjg1oq0MdzlIFsoFe9cN/XVGjkmRYZ7FzdiSn6IQWUyyoGmFN5B7Q6ZdBMAb58Z3jcTwzmkkHZlfqpUSoK+Hpah515SgjwfY5s9g8vEqefWVmLlYGAiDkfaTYUie53wCXBC+xBJBL7VJnaxqmTKWwM5cRx5uZyOUs6ZQT7CKD1SDk1+C7PAevGKNFTatFn4puITVgQ0NFiIf7ZKOy1w8Zf5aVk0vP3gfOg3SK38RgD81iLTPWr07XTfMZBTaTUr+ph6hxtwSIhHVFsF6n8adl5RynuYDfCCts5E9mOGLqC7ruMKRoOIBOPEwGS5/wIhMO7UEgQ==\n-----END CERTIFICATE-----"
        public_key = load_pem_hcert_dsc(dsc)
        assert public_key.alg == -37