def test_blob(tmpdir):
test_data = b"xyzzy"
b = trustme.Blob(test_data)
# bytes
assert b.bytes() == test_data
# write_to_path
b.write_to_path(str(tmpdir / "test1"))
with (tmpdir / "test1").open("rb") as f:
assert f.read() == test_data
# append=False overwrites
with (tmpdir / "test2").open("wb") as f:
f.write(b"asdf")
b.write_to_path(str(tmpdir / "test2"))
with (tmpdir / "test2").open("rb") as f:
assert f.read() == test_data
# append=True appends
with (tmpdir / "test2").open("wb") as f:
f.write(b"asdf")
b.write_to_path(str(tmpdir / "test2"), append=True)
with (tmpdir / "test2").open("rb") as f:
assert f.read() == b"asdf" + test_data
# tempfile
with b.tempfile(dir=str(tmpdir)) as path:
assert path.startswith(str(tmpdir))
assert path.endswith(".pem")
with open(path, "rb") as f:
assert f.read() == test_data
def encrypted_private_key_pem(self):
return trustme.Blob(
self._private_key.private_bytes(
Encoding.PEM,
PrivateFormat.TraditionalOpenSSL,
BestAvailableEncryption(password=b"password"),
))
def encrypt_key_pem(private_key_pem, password):
private_key = serialization.load_pem_private_key(private_key_pem.bytes(),
password=None,
backend=default_backend())
encrypted_key = private_key.private_bytes(
serialization.Encoding.PEM,
serialization.PrivateFormat.TraditionalOpenSSL,
serialization.BestAvailableEncryption(password),
)
return trustme.Blob(encrypted_key)
def test_upload_study_invalid_certificate_failure(ca: trustme.CA, httpserver: HTTPServer):
with trustme.Blob(b"invalid ca").tempfile() as ca_filename:
eas_client = EasClient(
LOCALHOST,
httpserver.port,
verify_certificate=True,
ca_filename=ca_filename
)
httpserver.expect_oneshot_request("/api/graphql").respond_with_data("OK")
with pytest.raises(requests.exceptions.SSLError):
eas_client.upload_study(Study("Test study", "description", ["tag"], [Result("Huge success")], []))
def cert_encrypted_private_key_file(localhost_cert):
# Deserialize the private key and then reserialize with a password
private_key = load_pem_private_key(localhost_cert.private_key_pem.bytes(),
password=None,
backend=default_backend())
encrypted_private_key_pem = trustme.Blob(
private_key.private_bytes(
Encoding.PEM,
PrivateFormat.TraditionalOpenSSL,
BestAvailableEncryption(password=b"password"),
))
with encrypted_private_key_pem.tempfile() as tmp:
yield tmp
def tls_ca_certificate_private_key_encrypted_path(tls_certificate_authority):
private_key = serialization.load_pem_private_key(
tls_certificate_authority.private_key_pem.bytes(),
password=None,
backend=default_backend(),
)
encrypted_key = private_key.private_bytes(
serialization.Encoding.PEM,
serialization.PrivateFormat.TraditionalOpenSSL,
serialization.BestAvailableEncryption(b"uvicorn password for the win"),
)
with trustme.Blob(encrypted_key).tempfile() as private_encrypted_key:
yield private_encrypted_key
def encrypt_key_pem(private_key_pem: trustme.Blob,
password: bytes) -> trustme.Blob:
private_key = serialization.load_pem_private_key(
private_key_pem.bytes(),
password=None,
backend=default_backend() # type: ignore[no-untyped-call]
)
encrypted_key = private_key.private_bytes(
serialization.Encoding.PEM,
serialization.PrivateFormat.TraditionalOpenSSL,
serialization.BestAvailableEncryption(password),
)
return trustme.Blob(encrypted_key)
