def test_load_decryption_key_pkcs1_4096bits_pem(self):
key_path = resource_path("keys/test_key_pkcs1-4096.pem")
key = to_test.load_decryption_key(key_path)
self.assertIsNotNone(key)
self.assertIsInstance(key, RSA.RsaKey, "Must be RSA key")
self.assertEqual(self._pkcs1_4096, self.__strip_key(key),
"Decryption key does not match")
def test_load_decryption_key_pkcs8_der(self):
key_path = resource_path("keys/test_key_pkcs8-2048.der")
key = to_test.load_decryption_key(key_path)
self.assertIsNotNone(key)
self.assertIsInstance(key, RSA.RsaKey, "Must be RSA key")
self.assertEqual(self._pkcs8_2048, self.__strip_key(key),
"Decryption key does not match")
def test_load_decryption_key_pkcs12(self):
key_path = resource_path("keys/test_key.p12")
key_password = "******"
p12_key = to_test.load_decryption_key(key_path, key_password)
self.assertIsNotNone(p12_key)
self.assertIsInstance(p12_key, RSA.RsaKey, "Must be RSA key")
self.assertEqual(self._pkcs12, self.__strip_key(p12_key),
"Decryption key does not match")
def __init__(self, conf):
if type(conf) is str:
json_config = json.loads(conf)
elif type(conf) is dict:
json_config = conf
else:
raise ValueError(
"Invalid configuration format. Must be valid json string or dict."
)
if not json_config["paths"]:
raise KeyError(
"Invalid configuration. Must provide at least one service path."
)
self._paths = dict()
for path, opt in json_config["paths"].items():
self._paths[path] = EncryptionPathConfig(opt)
if "encryptionCertificate" in json_config:
x509_cert = load_encryption_certificate(
json_config["encryptionCertificate"])
self._encryption_certificate = dump_certificate(
FILETYPE_ASN1, x509_cert)
self._encryption_key_fingerprint = \
json_config.get("encryptionKeyFingerprint",
self.__compute_fingerprint(
dump_publickey(FILETYPE_ASN1, x509_cert.get_pubkey())))
self._encryption_certificate_fingerprint = \
json_config.get("encryptionCertificateFingerprint",
self.__compute_fingerprint(self._encryption_certificate))
else:
self._encryption_certificate = None
self._encryption_key_fingerprint = None
self._encryption_certificate_fingerprint = None
if "decryptionKey" in json_config:
decryption_key_password = json_config.get("decryptionKeyPassword",
None)
self._decryption_key = load_decryption_key(
json_config["decryptionKey"], decryption_key_password)
else:
self._decryption_key = None
self._oaep_padding_digest_algorithm = validate_hash_algorithm(
json_config["oaepPaddingDigestAlgorithm"])
data_enc = Encoding(json_config["dataEncoding"].upper())
self._data_encoding = data_enc
self._iv_field_name = json_config["ivFieldName"]
self._encrypted_key_field_name = json_config["encryptedKeyFieldName"]
self._encrypted_value_field_name = json_config[
"encryptedValueFieldName"]
self._encryption_certificate_fingerprint_field_name =\
json_config.get("encryptionCertificateFingerprintFieldName", None)
self._encryption_key_fingerprint_field_name =\
json_config.get("encryptionKeyFingerprintFieldName", None)
self._oaep_padding_digest_algorithm_field_name =\
json_config.get("oaepPaddingDigestAlgorithmFieldName", None)
self._use_http_headers = json_config.get("useHttpHeaders", False)