def test_parse_raw_corrupted_certificate():
chain_bytes = read_bytes('corrupted')
key_bytes = read_bytes('1-key.der')
with pytest.raises(ParseCertificateError) as exception:
X509Svid.parse_raw(chain_bytes, key_bytes)
assert str(exception.value) == 'Unable to parse DER X.509 certificate.'
def test_parse_raw_corrupted_private_key():
chain_bytes = read_bytes('1-chain.der')
key_bytes = read_bytes('corrupted')
with pytest.raises(ParsePrivateKeyError) as exception:
X509Svid.parse_raw(chain_bytes, key_bytes)
assert str(exception.value) == (
'Error parsing private key: Could not deserialize key data. The data may be in an incorrect format '
'or it may be encrypted with an unsupported algorithm.')
def test_parse_raw_missing_certificate():
chain_bytes = read_bytes('1-key.der')
key_bytes = read_bytes('1-key.der')
with pytest.raises(ParseCertificateError) as exception:
X509Svid.parse_raw(chain_bytes, key_bytes)
assert (str(
exception.value
) == 'Error parsing certificate: Unable to parse DER X.509 certificate.')
def test_get_chain_returns_a_copy():
chain_bytes = read_bytes('1-chain.der')
key_bytes = read_bytes('1-key.der')
x509_svid = X509Svid.parse_raw(chain_bytes, key_bytes)
assert x509_svid.cert_chain() is not x509_svid._cert_chain
def _create_x509_svid(svid: workload_pb2.X509SVID) -> X509Svid:
cert = svid.x509_svid
key = svid.x509_svid_key
try:
return X509Svid.parse_raw(cert, key)
except Exception as e:
raise FetchX509SvidError(str(e))
def test_parse_raw_chain_and_ec_key():
chain_bytes = read_bytes('1-chain.der')
key_bytes = read_bytes('1-key.der')
x509_svid = X509Svid.parse_raw(chain_bytes, key_bytes)
expected_spiffe_id = SpiffeId.parse('spiffe://example.org/service')
assert x509_svid.spiffe_id() == expected_spiffe_id
assert len(x509_svid.cert_chain()) == 2
assert isinstance(x509_svid.leaf(), Certificate)
assert isinstance(x509_svid.private_key(), ec.EllipticCurvePrivateKey)
assert _extract_spiffe_id(x509_svid.leaf()) == expected_spiffe_id
import pytest
from pyspiffe.bundle.x509_bundle.x509_bundle_set import X509BundleSet
from pyspiffe.exceptions import ArgumentError
from pyspiffe.svid.x509_svid import X509Svid
from pyspiffe.workloadapi.x509_context import X509Context
from test.utils.utils import read_file_bytes
_TEST_CERTS_PATH = 'test/svid/x509svid/certs/{}'
_CHAIN = read_file_bytes(_TEST_CERTS_PATH.format('1-chain.der'))
_KEY = read_file_bytes(_TEST_CERTS_PATH.format('1-key.der'))
_SVID1 = X509Svid.parse_raw(_CHAIN, _KEY)
_SVID2 = X509Svid.parse_raw(_CHAIN, _KEY)
_BUNDLE_SET = X509BundleSet()
def test_default_svid():
svids = [_SVID1, _SVID2]
x509_context = X509Context(svids, _BUNDLE_SET)
assert x509_context.default_svid() == _SVID1
def test_x509_bundle_set():
svids = [_SVID1, _SVID2]
x509_context = X509Context(svids, _BUNDLE_SET)
assert x509_context.x509_bundle_set() == _BUNDLE_SET
def test_default_svid_emtpy_list():
with pytest.raises(ArgumentError) as err:
X509Context([], _BUNDLE_SET)
def _create_x509_svid(svid: workload_pb2.X509SVID) -> X509Svid:
cert = svid.x509_svid
key = svid.x509_svid_key
return X509Svid.parse_raw(cert, key)