def generate_raw_signed_model(
self,
key_pair,
add_self_sign=False,
virgil_key_pair=None,
extra_key_pair=None,
previous_card_id=None
):
create_time = 1515686245
raw_card_content = RawCardContent(
created_at=create_time,
identity="test",
public_key=key_pair.public_key,
version="5.0",
previous_card_id=previous_card_id
)
model = RawSignedModel(raw_card_content.content_snapshot)
signer = ModelSigner(CardCrypto())
if add_self_sign:
signer.self_sign(model, key_pair.private_key)
if virgil_key_pair:
signer.sign(model, ModelSigner.VIRGIL_SIGNER, virgil_key_pair.private_key)
if extra_key_pair:
signer.sign(model, "extra", extra_key_pair.private_key)
return model
def test_self_sign_signature_snapshot_valid_signature(self):
# STC-9
self_key_pair = self._crypto.generate_keys()
raw_signed_model = self._data_generator.generate_raw_signed_model(
self_key_pair)
signer = ModelSigner(CardCrypto())
self.assertEqual(len(raw_signed_model.signatures), 0)
signature_snapshot = os.urandom(32)
signer.self_sign(raw_signed_model,
self_key_pair.private_key,
signature_snapshot=signature_snapshot)
self_signature = raw_signed_model.signatures[0]
self.assertEqual(self_signature.signer, ModelSigner.SELF_SIGNER)
self.assertEqual(self_signature.snapshot, signature_snapshot)
def test_extra_sign_valid_signature(self):
self_key_pair = self._crypto.generate_keys()
extra_key_pair = self._crypto.generate_keys()
raw_signed_model = self._data_generator.generate_raw_signed_model(
self_key_pair, add_self_sign=True)
signer = ModelSigner(CardCrypto())
self.assertEqual(len(raw_signed_model.signatures), 1)
signer.sign(raw_signed_model, "test_id", extra_key_pair.private_key)
self.assertEqual(len(raw_signed_model.signatures), 2)
extra_signature = raw_signed_model.signatures[-1]
self.assertEqual(extra_signature.signer, "test_id")
self.assertTrue(
self._crypto.verify(
bytearray(Utils.b64_decode(raw_signed_model.content_snapshot)),
extra_signature.signature, extra_key_pair.public_key))
def test_self_sign_valid_signature(self):
# STC-8
self_key_pair = self._crypto.generate_keys()
raw_signed_model = self._data_generator.generate_raw_signed_model(
self_key_pair)
signer = ModelSigner(CardCrypto())
self.assertEqual(len(raw_signed_model.signatures), 0)
signer.self_sign(raw_signed_model, self_key_pair.private_key)
self.assertEqual(len(raw_signed_model.signatures), 1)
self_signature = raw_signed_model.signatures[0]
self.assertEqual(self_signature.signer, ModelSigner.SELF_SIGNER)
self.assertEqual(self_signature.snapshot, None)
self.assertTrue(
self._crypto.verify(
bytearray(Utils.b64_decode(raw_signed_model.content_snapshot)),
self_signature.signature, self_key_pair.public_key))
def test_second_self_sign_exception(self):
# STC-8
self_key_pair = self._crypto.generate_keys()
raw_signed_model = self._data_generator.generate_raw_signed_model(
self_key_pair, add_self_sign=True)
signer = ModelSigner(CardCrypto())
self.assertRaises(ValueError, signer.self_sign, raw_signed_model,
self_key_pair.private_key)
def test_gets_card_with_different_id(self):
class PositiveVerifier(object):
def verify_card(self):
return True
class FakeCardClient(object):
def __init__(self, raw_signed_model):
self._raw_signed_model = raw_signed_model
def get_card(self, card_id, access_token):
return self._raw_signed_model, False
validator = PositiveVerifier()
key_pair = self._crypto.generate_keys()
raw_card_content = RawCardContent(identity="test",
public_key=key_pair.public_key,
created_at=Utils.to_timestamp(
datetime.datetime.now()),
version="5.0")
model = RawSignedModel(raw_card_content.content_snapshot)
signer = ModelSigner(CardCrypto())
signer.self_sign(model,
key_pair.private_key,
extra_fields={"info": "some_additional_info"})
jwt_generator = JwtGenerator(config.VIRGIL_APP_ID,
self._app_private_key,
config.VIRGIL_API_KEY_ID,
datetime.timedelta(minutes=10).seconds,
AccessTokenSigner())
identity = Utils.b64encode(os.urandom(20))
token = jwt_generator.generate_token(identity)
access_token_provider = self.EchoTokenProvider(token)
card_id = self._data_generator.generate_app_id()
manager = CardManager(
card_crypto=CardCrypto(),
access_token_provider=access_token_provider,
card_verifier=validator,
)
manager.card_client = FakeCardClient(model)
self.assertRaises(CardVerificationException, manager.get_card, card_id)