def test_truncated_extension(self): """ Include an extension without as much data as it specifies. """ self.assert_raises(certificate(extension_data = [b'']), 'Ed25519 extension is missing header field data') self.assert_raises(certificate(extension_data = [b'\x50\x00\x00\x00\x15\x12']), "Ed25519 extension is truncated. It should have 20480 bytes of data but there's only 2.")
def test_with_invalid_cert_type(self): """ Provide an invalid certificate version. Tor specifies a couple ranges that are reserved. """ self.assert_raises(certificate(cert_type = 0), 'Ed25519 certificate cannot have a type of 0. This is reserved to avoid conflicts with tor CERTS cells.') self.assert_raises(certificate(cert_type = 7), 'Ed25519 certificate cannot have a type of 7. This is reserved for RSA identity cross-certification.')
def test_truncated_extension(self): """ Include an extension without as much data as it specifies. """ exc_msg = 'Ed25519 extension is missing header fields' self.assertRaisesWith(ValueError, exc_msg, Ed25519Certificate.from_base64, certificate(extension_data = [b''])) exc_msg = "Ed25519 extension is truncated. It should have 20480 bytes of data but there's only 2." self.assertRaisesWith(ValueError, exc_msg, Ed25519Certificate.from_base64, certificate(extension_data = [b'\x50\x00\x00\x00\x15\x12']))
def test_truncated_extension(self): """ Include an extension without as much data as it specifies. """ self.assert_raises(certificate(extension_data=[b'']), 'Ed25519 extension is missing header field data') self.assert_raises( certificate(extension_data=[b'\x50\x00\x00\x00\x15\x12']), "Ed25519 extension is truncated. It should have 20480 bytes of data but there's only 2." )
def test_with_invalid_cert_type(self): """ Provide an invalid certificate version. Tor specifies a couple ranges that are reserved. """ exc_msg = 'Ed25519 certificate cannot have a type of 0. This is reserved to avoid conflicts with tor CERTS cells.' self.assertRaisesWith(ValueError, exc_msg, Ed25519Certificate.parse, certificate(cert_type=0)) exc_msg = 'Ed25519 certificate cannot have a type of 7. This is reserved for RSA identity cross-certification.' self.assertRaisesWith(ValueError, exc_msg, Ed25519Certificate.parse, certificate(cert_type=7))
def test_with_invalid_cert_type(self): """ Provide an invalid certificate version. Tor specifies a couple ranges that are reserved. """ self.assert_raises( certificate(cert_type=0), 'Ed25519 certificate cannot have a type of 0. This is reserved to avoid conflicts with tor CERTS cells.' ) self.assert_raises( certificate(cert_type=7), 'Ed25519 certificate cannot have a type of 7. This is reserved for RSA identity cross-certification.' )
def test_with_invalid_cert_type(self): """ Provide an invalid certificate version. Tor specifies a couple ranges that are reserved. """ exc_msg = 'Ed25519 certificate type 0 is unrecognized' self.assertRaisesWith(ValueError, exc_msg, Ed25519Certificate.from_base64, certificate(cert_type = 0)) exc_msg = 'Ed25519 certificate cannot have a type of 1. This is reserved for CERTS cells.' self.assertRaisesWith(ValueError, exc_msg, Ed25519Certificate.from_base64, certificate(cert_type = 1)) exc_msg = 'Ed25519 certificate cannot have a type of 7. This is reserved for RSA identity cross-certification.' self.assertRaisesWith(ValueError, exc_msg, Ed25519Certificate.from_base64, certificate(cert_type = 7))
def test_truncated_signing_key(self): """ Include an extension with an incorrect signing key size. """ exc_msg = 'Ed25519 HAS_SIGNING_KEY extension must be 32 bytes, but was 2.' self.assertRaisesWith(ValueError, exc_msg, Ed25519Certificate.from_base64, certificate(extension_data = [b'\x00\x02\x04\x07\11\12']))
def test_extra_extension_data(self): """ Include an extension with more data than it specifies. """ exc_msg = 'Ed25519 certificate had 1 bytes of unused extension data' self.assertRaisesWith(ValueError, exc_msg, Ed25519Certificate.from_base64, certificate(extension_data = [b'\x00\x01\x00\x00\x15\x12']))
def test_basic_parsing(self): """ Parse a basic test certificate. """ signing_key = b'\x11' * 32 cert_bytes = certificate(extension_data = [b'\x00\x20\x04\x07' + signing_key, b'\x00\x00\x05\x04']) cert = Ed25519Certificate.parse(cert_bytes) self.assertEqual(Ed25519CertificateV1, type(cert)) self.assertEqual(1, cert.version) self.assertEqual(cert_bytes, cert.encoded) self.assertEqual(CertType.SIGNING, cert.type) self.assertEqual(datetime.datetime(1970, 1, 1, 0, 0), cert.expiration) self.assertEqual(1, cert.key_type) self.assertEqual(b'\x03' * 32, cert.key) self.assertEqual(b'\x01' * ED25519_SIGNATURE_LENGTH, cert.signature) self.assertEqual([ Ed25519Extension(type = ExtensionType.HAS_SIGNING_KEY, flags = [ExtensionFlag.AFFECTS_VALIDATION, ExtensionFlag.UNKNOWN], flag_int = 7, data = signing_key), Ed25519Extension(type = 5, flags = [ExtensionFlag.UNKNOWN], flag_int = 4, data = b''), ], cert.extensions) self.assertEqual(ExtensionType.HAS_SIGNING_KEY, cert.extensions[0].type) self.assertTrue(cert.is_expired())
def test_with_invalid_version(self): """ We cannot support other certificate versions until they're documented. Assert we raise if we don't handle a cert version yet. """ self.assert_raises(certificate(version = 2), 'Ed25519 certificate is version 2. Parser presently only supports version 1.')
def test_basic_parsing(self): """ Parse a basic test certificate. """ signing_key = b'\x11' * 32 cert_bytes = certificate(extension_data=[ b'\x00\x20\x04\x07' + signing_key, b'\x00\x00\x05\x04' ]) cert = Ed25519Certificate.from_base64(cert_bytes) self.assertEqual(Ed25519CertificateV1, type(cert)) self.assertEqual(1, cert.version) self.assertEqual(stem.util.str_tools._to_unicode(cert_bytes), cert.to_base64().replace('\n', '')) self.assertEqual(CertType.ED25519_SIGNING, cert.type) self.assertEqual(datetime.datetime(1970, 1, 1, 0, 0), cert.expiration) self.assertEqual(1, cert.key_type) self.assertEqual(b'\x03' * 32, cert.key) self.assertEqual(b'\x01' * ED25519_SIGNATURE_LENGTH, cert.signature) self.assertEqual([ Ed25519Extension(ExtensionType.HAS_SIGNING_KEY, 7, signing_key), Ed25519Extension(5, 4, b''), ], cert.extensions) self.assertEqual(ExtensionType.HAS_SIGNING_KEY, cert.extensions[0].type) self.assertTrue(cert.is_expired())
def test_basic_parsing(self): """ Parse a basic test certificate. """ signing_key = b'\x11' * 32 cert_bytes = certificate(extension_data=[ b'\x00\x20\x04\x07' + signing_key, b'\x00\x00\x05\x04' ]) cert = Ed25519Certificate.parse(cert_bytes) self.assertEqual(Ed25519CertificateV1, type(cert)) self.assertEqual(1, cert.version) self.assertEqual(cert_bytes, cert.encoded) self.assertEqual(CertType.SIGNING, cert.type) self.assertEqual(datetime.datetime(1970, 1, 1, 0, 0), cert.expiration) self.assertEqual(1, cert.key_type) self.assertEqual(b'\x03' * 32, cert.key) self.assertEqual(b'\x01' * ED25519_SIGNATURE_LENGTH, cert.signature) self.assertEqual([ Ed25519Extension(type=ExtensionType.HAS_SIGNING_KEY, flags=[ ExtensionFlag.AFFECTS_VALIDATION, ExtensionFlag.UNKNOWN ], flag_int=7, data=signing_key), Ed25519Extension( type=5, flags=[ExtensionFlag.UNKNOWN], flag_int=4, data=b''), ], cert.extensions) self.assertEqual(ExtensionType.HAS_SIGNING_KEY, cert.extensions[0].type) self.assertTrue(cert.is_expired())
def test_extra_extension_data(self): """ Include an extension with more data than it specifies. """ self.assert_raises( certificate(extension_data=[b'\x00\x01\x00\x00\x15\x12']), "Ed25519 certificate had 1 bytes of unused extension data")
def test_truncated_signing_key(self): """ Include an extension with an incorrect signing key size. """ self.assert_raises( certificate(extension_data=[b'\x00\x02\x04\x07\11\12']), "Ed25519 HAS_SIGNING_KEY extension must be 32 bytes, but was 2.")
def test_with_invalid_version(self): """ We cannot support other certificate versions until they're documented. Assert we raise if we don't handle a cert version yet. """ exc_msg = 'Ed25519 certificate is version 2. Parser presently only supports version 1.' self.assertRaisesWith(ValueError, exc_msg, Ed25519Certificate.from_base64, certificate(version = 2))
def test_validation_with_invalid_descriptor(self): """ Validate a descriptor without a valid signature. """ with open(get_resource('server_descriptor_with_ed25519'), 'rb') as descriptor_file: desc = next(stem.descriptor.parse_file(descriptor_file, validate = False)) cert = Ed25519Certificate.parse(certificate()) self.assertRaisesRegexp(ValueError, re.escape('Ed25519KeyCertificate signing key is invalid (Signature was forged or corrupt)'), cert.validate, desc)
def test_validation_with_invalid_descriptor(self): """ Validate a descriptor without a valid signature. """ with open(get_resource('server_descriptor_with_ed25519'), 'rb') as descriptor_file: desc = next(stem.descriptor.parse_file(descriptor_file, validate = False)) cert = Ed25519Certificate.from_base64(certificate()) self.assertRaisesWith(ValueError, 'Ed25519KeyCertificate signing key is invalid (signature forged or corrupt)', cert.validate, desc)
def test_with_invalid_version(self): """ We cannot support other certificate versions until they're documented. Assert we raise if we don't handle a cert version yet. """ self.assert_raises( certificate(version=2), 'Ed25519 certificate is version 2. Parser presently only supports version 1.' )
def test_truncated_signing_key(self): """ Include an extension with an incorrect signing key size. """ self.assert_raises(certificate(extension_data = [b'\x00\x02\x04\x07\11\12']), "Ed25519 HAS_SIGNING_KEY extension must be 32 bytes, but was 2.")
def test_extra_extension_data(self): """ Include an extension with more data than it specifies. """ self.assert_raises(certificate(extension_data = [b'\x00\x01\x00\x00\x15\x12']), "Ed25519 certificate had 1 bytes of unused extension data")