def test_generate_and_write_rsa_keypair(self):
# Test normal case.
temporary_directory = tempfile.mkdtemp(dir=self.temporary_directory)
test_keypath = os.path.join(temporary_directory, 'rsa_key')
test_keypath_unencrypted = os.path.join(temporary_directory,
'rsa_key_unencrypted')
interface.generate_and_write_rsa_keypair(test_keypath, password='******')
self.assertTrue(os.path.exists(test_keypath))
self.assertTrue(os.path.exists(test_keypath + '.pub'))
# If an empty string is given for 'password', the private key file
# is written to disk unencrypted.
interface.generate_and_write_rsa_keypair(test_keypath_unencrypted,
password='')
self.assertTrue(os.path.exists(test_keypath_unencrypted))
self.assertTrue(os.path.exists(test_keypath_unencrypted + '.pub'))
# Ensure the generated key files are importable.
scheme = 'rsassa-pss-sha256'
imported_pubkey = \
interface.import_rsa_publickey_from_file(test_keypath + '.pub')
self.assertTrue(securesystemslib.formats.RSAKEY_SCHEMA.matches(imported_pubkey))
imported_privkey = interface.import_rsa_privatekey_from_file(test_keypath,
'pw')
self.assertTrue(securesystemslib.formats.RSAKEY_SCHEMA.matches(imported_privkey))
# Try to import the unencrypted key file.
imported_privkey = interface.import_rsa_privatekey_from_file(test_keypath_unencrypted,
'')
self.assertTrue(securesystemslib.formats.RSAKEY_SCHEMA.matches(imported_privkey))
# Custom 'bits' argument.
os.remove(test_keypath)
os.remove(test_keypath + '.pub')
interface.generate_and_write_rsa_keypair(test_keypath, bits=2048,
password='******')
self.assertTrue(os.path.exists(test_keypath))
self.assertTrue(os.path.exists(test_keypath + '.pub'))
# Test improperly formatted arguments.
self.assertRaises(securesystemslib.exceptions.FormatError,
interface.generate_and_write_rsa_keypair, 3, bits=2048, password='******')
self.assertRaises(securesystemslib.exceptions.FormatError,
interface.generate_and_write_rsa_keypair, test_keypath, bits='bad',
password='******')
self.assertRaises(securesystemslib.exceptions.FormatError,
interface.generate_and_write_rsa_keypair, test_keypath, bits=2048,
password=3)
# Test invalid 'bits' argument.
self.assertRaises(securesystemslib.exceptions.FormatError,
interface.generate_and_write_rsa_keypair, test_keypath, bits=1024,
password='******')
def set_up_keys(cls):
# Generated unencrypted keys
cls.rsa_key_path = generate_and_write_unencrypted_rsa_keypair()
cls.rsa_key_id = os.path.basename(cls.rsa_key_path)
cls.ed25519_key_path = generate_and_write_unencrypted_ed25519_keypair()
cls.ed25519_key_id = os.path.basename(cls.ed25519_key_path)
# Generate encrypted keys
cls.rsa_key_enc_path = generate_and_write_rsa_keypair(password=cls.key_pw)
cls.rsa_key_enc_id = os.path.basename(cls.rsa_key_enc_path)
cls.ed25519_key_enc_path = generate_and_write_ed25519_keypair(password=cls.key_pw)
cls.ed25519_key_enc_id = os.path.basename(cls.ed25519_key_enc_path)
def test_generate_and_write_rsa_keypair(self):
# Test normal case.
temporary_directory = tempfile.mkdtemp(dir=self.temporary_directory)
test_keypath = os.path.join(temporary_directory, 'rsa_key')
test_keypath_unencrypted = os.path.join(temporary_directory,
'rsa_key_unencrypted')
returned_path = interface.generate_and_write_rsa_keypair(test_keypath,
password='******')
self.assertTrue(os.path.exists(test_keypath))
self.assertTrue(os.path.exists(test_keypath + '.pub'))
self.assertEqual(returned_path, test_keypath)
# If an empty string is given for 'password', the private key file
# is written to disk unencrypted.
interface.generate_and_write_rsa_keypair(test_keypath_unencrypted,
password='')
self.assertTrue(os.path.exists(test_keypath_unencrypted))
self.assertTrue(os.path.exists(test_keypath_unencrypted + '.pub'))
# Ensure the generated key files are importable.
scheme = 'rsassa-pss-sha256'
imported_pubkey = \
interface.import_rsa_publickey_from_file(test_keypath + '.pub')
self.assertTrue(securesystemslib.formats.RSAKEY_SCHEMA.matches(imported_pubkey))
imported_privkey = interface.import_rsa_privatekey_from_file(test_keypath,
'pw')
self.assertTrue(securesystemslib.formats.RSAKEY_SCHEMA.matches(imported_privkey))
# Try to import the unencrypted key file, by not passing a password
imported_privkey = interface.import_rsa_privatekey_from_file(test_keypath_unencrypted)
self.assertTrue(securesystemslib.formats.RSAKEY_SCHEMA.matches(imported_privkey))
# Try to import the unencrypted key file, by entering an empty password
with mock.patch('securesystemslib.interface.get_password',
return_value=''):
imported_privkey = \
interface.import_rsa_privatekey_from_file(test_keypath_unencrypted,
prompt=True)
self.assertTrue(
securesystemslib.formats.RSAKEY_SCHEMA.matches(imported_privkey))
# Fail importing unencrypted key passing a password
with self.assertRaises(securesystemslib.exceptions.CryptoError):
interface.import_rsa_privatekey_from_file(test_keypath_unencrypted, 'pw')
# Fail importing encrypted key passing no password
with self.assertRaises(securesystemslib.exceptions.CryptoError):
interface.import_rsa_privatekey_from_file(test_keypath)
# Custom 'bits' argument.
os.remove(test_keypath)
os.remove(test_keypath + '.pub')
interface.generate_and_write_rsa_keypair(test_keypath, bits=2048,
password='******')
self.assertTrue(os.path.exists(test_keypath))
self.assertTrue(os.path.exists(test_keypath + '.pub'))
# Test for a default filepath. If 'filepath' is not given, the key's
# KEYID is used as the filename. The key is saved to the current working
# directory.
default_keypath = interface.generate_and_write_rsa_keypair(password='******')
self.assertTrue(os.path.exists(default_keypath))
self.assertTrue(os.path.exists(default_keypath + '.pub'))
written_key = interface.import_rsa_publickey_from_file(default_keypath + '.pub')
self.assertEqual(written_key['keyid'], os.path.basename(default_keypath))
os.remove(default_keypath)
os.remove(default_keypath + '.pub')
# Test improperly formatted arguments.
self.assertRaises(securesystemslib.exceptions.FormatError,
interface.generate_and_write_rsa_keypair, 3, bits=2048, password='******')
self.assertRaises(securesystemslib.exceptions.FormatError,
interface.generate_and_write_rsa_keypair, test_keypath, bits='bad',
password='******')
self.assertRaises(securesystemslib.exceptions.FormatError,
interface.generate_and_write_rsa_keypair, test_keypath, bits=2048,
password=3)
# Test invalid 'bits' argument.
self.assertRaises(securesystemslib.exceptions.FormatError,
interface.generate_and_write_rsa_keypair, test_keypath, bits=1024,
password='******')