def test_blob(tmpdir): test_data = b"xyzzy" b = trustme.Blob(test_data) # bytes assert b.bytes() == test_data # write_to_path b.write_to_path(str(tmpdir / "test1")) with (tmpdir / "test1").open("rb") as f: assert f.read() == test_data # append=False overwrites with (tmpdir / "test2").open("wb") as f: f.write(b"asdf") b.write_to_path(str(tmpdir / "test2")) with (tmpdir / "test2").open("rb") as f: assert f.read() == test_data # append=True appends with (tmpdir / "test2").open("wb") as f: f.write(b"asdf") b.write_to_path(str(tmpdir / "test2"), append=True) with (tmpdir / "test2").open("rb") as f: assert f.read() == b"asdf" + test_data # tempfile with b.tempfile(dir=str(tmpdir)) as path: assert path.startswith(str(tmpdir)) assert path.endswith(".pem") with open(path, "rb") as f: assert f.read() == test_data
def encrypted_private_key_pem(self): return trustme.Blob( self._private_key.private_bytes( Encoding.PEM, PrivateFormat.TraditionalOpenSSL, BestAvailableEncryption(password=b"password"), ))
def encrypt_key_pem(private_key_pem, password): private_key = serialization.load_pem_private_key(private_key_pem.bytes(), password=None, backend=default_backend()) encrypted_key = private_key.private_bytes( serialization.Encoding.PEM, serialization.PrivateFormat.TraditionalOpenSSL, serialization.BestAvailableEncryption(password), ) return trustme.Blob(encrypted_key)
def test_upload_study_invalid_certificate_failure(ca: trustme.CA, httpserver: HTTPServer): with trustme.Blob(b"invalid ca").tempfile() as ca_filename: eas_client = EasClient( LOCALHOST, httpserver.port, verify_certificate=True, ca_filename=ca_filename ) httpserver.expect_oneshot_request("/api/graphql").respond_with_data("OK") with pytest.raises(requests.exceptions.SSLError): eas_client.upload_study(Study("Test study", "description", ["tag"], [Result("Huge success")], []))
def cert_encrypted_private_key_file(localhost_cert): # Deserialize the private key and then reserialize with a password private_key = load_pem_private_key(localhost_cert.private_key_pem.bytes(), password=None, backend=default_backend()) encrypted_private_key_pem = trustme.Blob( private_key.private_bytes( Encoding.PEM, PrivateFormat.TraditionalOpenSSL, BestAvailableEncryption(password=b"password"), )) with encrypted_private_key_pem.tempfile() as tmp: yield tmp
def tls_ca_certificate_private_key_encrypted_path(tls_certificate_authority): private_key = serialization.load_pem_private_key( tls_certificate_authority.private_key_pem.bytes(), password=None, backend=default_backend(), ) encrypted_key = private_key.private_bytes( serialization.Encoding.PEM, serialization.PrivateFormat.TraditionalOpenSSL, serialization.BestAvailableEncryption(b"uvicorn password for the win"), ) with trustme.Blob(encrypted_key).tempfile() as private_encrypted_key: yield private_encrypted_key
def encrypt_key_pem(private_key_pem: trustme.Blob, password: bytes) -> trustme.Blob: private_key = serialization.load_pem_private_key( private_key_pem.bytes(), password=None, backend=default_backend() # type: ignore[no-untyped-call] ) encrypted_key = private_key.private_bytes( serialization.Encoding.PEM, serialization.PrivateFormat.TraditionalOpenSSL, serialization.BestAvailableEncryption(password), ) return trustme.Blob(encrypted_key)