def test_basic_parsing(self):
"""
Parse a basic test certificate.
"""
signing_key = b'\x11' * 32
cert_bytes = certificate(extension_data=[
b'\x00\x20\x04\x07' + signing_key, b'\x00\x00\x05\x04'
])
cert = Ed25519Certificate.from_base64(cert_bytes)
self.assertEqual(Ed25519CertificateV1, type(cert))
self.assertEqual(1, cert.version)
self.assertEqual(stem.util.str_tools._to_unicode(cert_bytes),
cert.to_base64().replace('\n', ''))
self.assertEqual(CertType.ED25519_SIGNING, cert.type)
self.assertEqual(datetime.datetime(1970, 1, 1, 0, 0), cert.expiration)
self.assertEqual(1, cert.key_type)
self.assertEqual(b'\x03' * 32, cert.key)
self.assertEqual(b'\x01' * ED25519_SIGNATURE_LENGTH, cert.signature)
self.assertEqual([
Ed25519Extension(ExtensionType.HAS_SIGNING_KEY, 7, signing_key),
Ed25519Extension(5, 4, b''),
], cert.extensions)
self.assertEqual(ExtensionType.HAS_SIGNING_KEY,
cert.extensions[0].type)
self.assertTrue(cert.is_expired())
def test_basic_parsing(self):
"""
Parse a basic test certificate.
"""
signing_key = b'\x11' * 32
cert_bytes = certificate(extension_data=[
b'\x00\x20\x04\x07' + signing_key, b'\x00\x00\x05\x04'
])
cert = Ed25519Certificate.parse(cert_bytes)
self.assertEqual(Ed25519CertificateV1, type(cert))
self.assertEqual(1, cert.version)
self.assertEqual(cert_bytes, cert.encoded)
self.assertEqual(CertType.SIGNING, cert.type)
self.assertEqual(datetime.datetime(1970, 1, 1, 0, 0), cert.expiration)
self.assertEqual(1, cert.key_type)
self.assertEqual(b'\x03' * 32, cert.key)
self.assertEqual(b'\x01' * ED25519_SIGNATURE_LENGTH, cert.signature)
self.assertEqual([
Ed25519Extension(type=ExtensionType.HAS_SIGNING_KEY,
flags=[
ExtensionFlag.AFFECTS_VALIDATION,
ExtensionFlag.UNKNOWN
],
flag_int=7,
data=signing_key),
Ed25519Extension(
type=5, flags=[ExtensionFlag.UNKNOWN], flag_int=4, data=b''),
], cert.extensions)
self.assertEqual(ExtensionType.HAS_SIGNING_KEY,
cert.extensions[0].type)
self.assertTrue(cert.is_expired())
def test_with_real_cert(self):
"""
Parse a certificate from a real server descriptor.
"""
cert = Ed25519Certificate.from_base64(ED25519_CERT)
self.assertEqual(Ed25519CertificateV1, type(cert))
self.assertEqual(1, cert.version)
self.assertEqual(ED25519_CERT, cert.encoded)
self.assertEqual(CertType.ED25519_SIGNING, cert.type)
self.assertEqual(datetime.datetime(2015, 8, 28, 17, 0), cert.expiration)
self.assertEqual(1, cert.key_type)
self.assertEqual(EXPECTED_CERT_KEY, cert.key)
self.assertEqual([Ed25519Extension(4, 0, EXPECTED_EXTENSION_DATA)], cert.extensions)
self.assertEqual(EXPECTED_SIGNATURE, cert.signature)
def _recertify_ed_certificate(self, ed_cert, descriptor_signing_key):
"""
Recertify an HSv3 intro point certificate using the new descriptor signing
key so that it can be accepted as part of a new descriptor.
"Recertifying" means taking the certified key and signing it with a new
key.
Return the new certificate.
"""
# pylint: disable=no-member
extensions = [
Ed25519Extension(ExtensionType.HAS_SIGNING_KEY, None,
stem.util._pubkey_bytes(descriptor_signing_key))
]
new_cert = Ed25519CertificateV1(cert_type=ed_cert.type,
expiration=ed_cert.expiration,
key_type=ed_cert.key_type,
key=ed_cert.key,
extensions=extensions,
signing_key=descriptor_signing_key)
return new_cert