def test_certificate_chain_verification_error(data_dir): chain = ["ca.pem", "NXPInternalPolicyCAG2.crt", "NXPEnterpriseCA4.crt", "NXPROOTCAG2.crt"] chain_cert = get_certificates(data_dir, chain) assert not all(validate_certificate_chain(chain_cert)) list_cert_files = ["satyr.crt", "img.pem", "srk.pem"] chain_prov = get_certificates(data_dir, list_cert_files) assert not all(validate_certificate_chain(chain_prov))
def test_certificate_chain_verification(data_dir): chain = ["satyr.crt", "NXPEnterpriseCA4.crt", "NXPInternalPolicyCAG2.crt", "NXPROOTCAG2.crt"] chain_cert = [ get_certificate(data_dir, file_name) for file_name in chain if file_name.startswith("NXP") ] assert all(validate_certificate_chain(chain_cert)) list_cert_files = ["img.pem", "srk.pem", "ca.pem"] chain_prov = get_certificates(data_dir, list_cert_files) assert all(validate_certificate_chain(chain_prov))
def main() -> None: """Main function.""" # Set the folder for data (certificates, keys) data_dir = path.join(path.dirname(__file__), "data") os.makedirs(data_dir, exist_ok=True) # Load public key of CA certificate ca0_pubkey_rsa2048 = load_public_key( path.join(data_dir, "ca_publickey_rsa2048.pem")) # Load CA certificate ca0_cert = load_certificate(path.join(data_dir, "ca_cert_pem.crt")) # Obtain public key from CA certificate pubkey_from_ca0_cert = get_public_key_from_certificate(ca0_cert) # Check if public key of certificate has proper format assert isinstance(pubkey_from_ca0_cert, RSAPublicKey) # Compare CA's public key from file and the one from certificate if ca0_pubkey_rsa2048.public_numbers( ) != pubkey_from_ca0_cert.public_numbers(): raise SPSDKError( "Keys are not the same (the one from disc and the one from cert)") # Load certificate, which is singed by CA crt = load_certificate(path.join(data_dir, "crt_pem.crt")) if not validate_certificate(crt, ca0_cert): raise SPSDKError("The certificate is not valid") print("The certificate was signed by the CA.") # Load chain of certificate chain = ["chain_crt2_pem.crt", "chain_crt_pem.crt", "ca_cert_pem.crt"] chain_cert = [ load_certificate(path.join(data_dir, cert_name)) for cert_name in chain ] ch3_crt2 = load_certificate(path.join(data_dir, "chain_crt2_pem.crt")) ch3_crt = load_certificate(path.join(data_dir, "chain_crt_pem.crt")) ch3_ca = load_certificate(path.join(data_dir, "ca_cert_pem.crt")) # Validate the chain (if corresponding items in chain are singed by one another) if not validate_certificate_chain(chain_cert): raise SPSDKError("The certificate chain is not valid") print("The chain of certificates is valid.") # Checks if CA flag is set correctly if is_ca_flag_set(ch3_crt2): raise SPSDKError("CA flag is set") if not is_ca_flag_set(ch3_crt): raise SPSDKError("CA flag is not set") if not is_ca_flag_set(ch3_ca): raise SPSDKError("CA flag is not set")
def test_invalid_certificate_chain(): with pytest.raises(SPSDKError): validate_certificate_chain(chain_list=[])