def test_parse_leaf_only_and_rsa_key(): chain_bytes = read_bytes('3-good-leaf-only.pem') key_bytes = read_bytes('3-key-pkcs8-rsa.pem') x509_svid = X509Svid.parse(chain_bytes, key_bytes) expected_spiffe_id = SpiffeId.parse('spiffe://example.org/workload-1') assert x509_svid.spiffe_id() == expected_spiffe_id assert len(x509_svid.cert_chain()) == 1 assert isinstance(x509_svid.leaf(), Certificate) assert isinstance(x509_svid.private_key(), rsa.RSAPrivateKey) assert _extract_spiffe_id(x509_svid.leaf()) == expected_spiffe_id
def test_parse_raw_chain_and_ec_key(): chain_bytes = read_bytes('1-chain.der') key_bytes = read_bytes('1-key.der') x509_svid = X509Svid.parse_raw(chain_bytes, key_bytes) expected_spiffe_id = SpiffeId.parse('spiffe://example.org/service') assert x509_svid.spiffe_id() == expected_spiffe_id assert len(x509_svid.cert_chain()) == 2 assert isinstance(x509_svid.leaf(), Certificate) assert isinstance(x509_svid.private_key(), ec.EllipticCurvePrivateKey) assert _extract_spiffe_id(x509_svid.leaf()) == expected_spiffe_id
def test_load_from_der_files(): chain_path = _TEST_CERTS_PATH.format('1-chain.der') key_path = _TEST_CERTS_PATH.format('1-key.der') x509_svid = X509Svid.load(chain_path, key_path, serialization.Encoding.DER) expected_spiffe_id = SpiffeId.parse('spiffe://example.org/service') assert x509_svid.spiffe_id() == expected_spiffe_id assert len(x509_svid.cert_chain()) == 2 assert isinstance(x509_svid.leaf(), Certificate) assert isinstance(x509_svid.cert_chain()[1], Certificate) assert isinstance(x509_svid.private_key(), ec.EllipticCurvePrivateKey) assert _extract_spiffe_id(x509_svid.leaf()) == expected_spiffe_id
def test_save_chain_and_rsa_key_as_der(tmpdir): chain_bytes = read_bytes('3-good-leaf-only.pem') key_bytes = read_bytes('3-key-pkcs8-rsa.pem') # create the X509Svid to be saved x509_svid = X509Svid.parse(chain_bytes, key_bytes) # temp files to store the certs and private_key chain_der_file = tmpdir.join('chain.der') key_der_file = tmpdir.join('key.der') x509_svid.save(chain_der_file, key_der_file, serialization.Encoding.DER) # now load the saved svid, and check that everything was stored correctly saved_svid = X509Svid.load(chain_der_file, key_der_file, serialization.Encoding.DER) expected_spiffe_id = SpiffeId.parse('spiffe://example.org/workload-1') assert saved_svid.spiffe_id() == expected_spiffe_id assert len(saved_svid.cert_chain()) == 1 assert isinstance(saved_svid.leaf(), Certificate) assert isinstance(saved_svid.private_key(), rsa.RSAPrivateKey) assert _extract_spiffe_id(saved_svid.leaf()) == expected_spiffe_id
def test_save_chain_and_ec_key_as_pem(tmpdir): chain_bytes = read_bytes('2-chain.pem') key_bytes = read_bytes('2-key.pem') # create the X509Svid to be saved x509_svid = X509Svid.parse(chain_bytes, key_bytes) # temp files to store the certs and private_key chain_pem_file = tmpdir.join('chain.pem') key_pem_file = tmpdir.join('key.pem') x509_svid.save(chain_pem_file, key_pem_file, serialization.Encoding.PEM) # now load the saved svid, and check that everything was stored correctly saved_svid = X509Svid.load(chain_pem_file, key_pem_file, serialization.Encoding.PEM) expected_spiffe_id = SpiffeId.parse('spiffe://example.org/service') assert saved_svid.spiffe_id() == expected_spiffe_id assert len(saved_svid.cert_chain()) == 2 assert isinstance(saved_svid.leaf(), Certificate) assert isinstance(x509_svid.cert_chain()[1], Certificate) assert isinstance(saved_svid.private_key(), ec.EllipticCurvePrivateKey) assert _extract_spiffe_id(saved_svid.leaf()) == expected_spiffe_id