def makeCACert(issuer, subject, intermediate): perm = spki.eval(sexp.parseText('(* set CATrusted)')) c = spki.makeCert(issuer.getPrincipal(), subject.getPrincipal(), spki.Tag(perm), intermediate) sig = issuer.sign(c) seq = spki.Sequence(c, sig, issuer.getPublicKey()) return seq
def parseHash(self, hashstr): """Create a hash object from user-supplied input""" if hashstr[0] == '(': hash = sexp.parseText(hashstr) if not isinstance(hash, spki.Hash): raise ValueError, "invalid hash object: %s" % hash else: digest = sexp.b64_to_str(hashstr) hash = spki.Hash('md5', digest) return hash
def test_spkilib(): """Test based on spki examples draft The base64 encoded s-expressions form the draft are include in test/sexps. """ from pisces.spkilib import sexp chunks = [] chunk = [] for line in fileinput.input('test/sexps'): if line.strip(): chunk.append(line) else: chunks.append("\n".join(chunk)) chunk = [] chunks.append("\n".join(chunk)) consts = eval(open("test/sexps.py").read()) assert len(consts) == len(chunks), \ "pisces.spkilib: error loading spkilib tests" for i in range(len(consts)): chunk = chunks[i] const = consts[i] sx1 = sexp.parse(chunk) sx2 = sexp.construct_seq(_cleanup(const)) assert sx1 == sx2, \ "pisces.spkilib: #%d: parsed s-exp differs " \ "from constructed s-exp" % i enc1 = sx1.encode_canonical() enc2 = sx1.encode_base64() sx11 = sexp.parse(enc1) sx12 = sexp.parse(enc2) assert sx11 == sx12, "pisces.spkilib: s-exp parsing failed" assert sx11 == sx1, "pisces.spkilib: s-exp parsing failed" buf = str(sx1) if '\n' in buf: continue # parseText doesn't handle multi-line base64 data sx3 = sexp.parseText(buf) assert sx1 == sx3, "pisces.spkilib: parseText failed"
def test_getCertSubjectHash(ks): keystore = ks[0] defaultKey = ks[1][0] otherKey = ks[1][1] cert = makeNameCert(defaultKey[1], otherKey[0], 'Alice') keystore.addCert(cert) name = spki.FullyQualifiedName(defaultKey[1].getPrincipal, ['Alice']) perm = spki.Tag(spki.eval(sexp.parseText('(*)'))) c = spki.makeCert(ks[1][2][0].getPrincipal(), name, perm) sig = ks[1][2][1].sign(c) otherCert = spki.Sequence(c, sig) res = getCertSubjectHash(cert, keystore) assert res == otherKey[0].getPrincipal() res = getCertSubjectHash(otherCert, keystore) assert res == otherKey[0].getPrincipal() with pytest.raises(ValueError): getCertSubjectHash(otherCert, InMemKeyStore())
def initACL(acl, keystore): key = keystore.getDefaultKey() perm = spki.eval(sexp.parseText('(*)')) c = spki.makeAclEntry(key, [], 1, perm) acl.add(c)
def parseText(s): return eval(sexp.parseText(s))