Home Explore Help
Sign In
SMusatov
/
ydb
mirror of https://github.com/ydb-platform/ydb.git
1
0
Fork 0
Files
Tree: 13f126ea43
Branches Tags
ydb
/
contrib
/
python
/
google-auth
/
py3
/
tests
/
crypt
/
test_es256.py

test_es256.py 6.1 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157 
  1. # Copyright 2016 Google Inc.
    2. 

  2. #
    3. 

  3. # Licensed under the Apache License, Version 2.0 (the "License");
    4. 

  4. # you may not use this file except in compliance with the License.
    5. 

  5. # You may obtain a copy of the License at
    6. 

  6. #
    7. 

  7. #      http://www.apache.org/licenses/LICENSE-2.0
    8. 

  8. #
    9. 

  9. # Unless required by applicable law or agreed to in writing, software
    10. 

  10. # distributed under the License is distributed on an "AS IS" BASIS,
    11. 

  11. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12. 

  12. # See the License for the specific language governing permissions and
    13. 

  13. # limitations under the License.
    14. 

  14. 

  15. import base64
    16. 

  16. import json
    17. 

  17. import os
    18. 

  18. import pickle
    19. 

  19. 

  20. from cryptography.hazmat.primitives.asymmetric import ec
    21. 

  21. import pytest  # type: ignore
    22. 

  22. 

  23. from google.auth import _helpers
    24. 

  24. from google.auth.crypt import base
    25. 

  25. from google.auth.crypt import es256
    26. 

  26. 

  27. 

  28. import yatest.common as yc
    29. 

  29. DATA_DIR = os.path.join(os.path.dirname(yc.source_path(__file__)), "..", "data")
    30. 

  30. 

  31. # To generate es256_privatekey.pem, es256_privatekey.pub, and
    32. 

  32. # es256_public_cert.pem:
    33. 

  33. #   $ openssl ecparam -genkey -name prime256v1 -noout -out es256_privatekey.pem
    34. 

  34. #   $ openssl ec -in es256-private-key.pem -pubout -out es256-publickey.pem
    35. 

  35. #   $ openssl req -new -x509 -key es256_privatekey.pem -out \
    36. 

  36. #   >     es256_public_cert.pem
    37. 

  37. 

  38. with open(os.path.join(DATA_DIR, "es256_privatekey.pem"), "rb") as fh:
    39. 

  39.     PRIVATE_KEY_BYTES = fh.read()
    40. 

  40.     PKCS1_KEY_BYTES = PRIVATE_KEY_BYTES
    41. 

  41. 

  42. with open(os.path.join(DATA_DIR, "es256_publickey.pem"), "rb") as fh:
    43. 

  43.     PUBLIC_KEY_BYTES = fh.read()
    44. 

  44. 

  45. with open(os.path.join(DATA_DIR, "es256_public_cert.pem"), "rb") as fh:
    46. 

  46.     PUBLIC_CERT_BYTES = fh.read()
    47. 

  47. 

  48. SERVICE_ACCOUNT_JSON_FILE = os.path.join(DATA_DIR, "es256_service_account.json")
    49. 

  49. 

  50. with open(SERVICE_ACCOUNT_JSON_FILE, "rb") as fh:
    51. 

  51.     SERVICE_ACCOUNT_INFO = json.load(fh)
    52. 

  52. 

  53. 

  54. class TestES256Verifier(object):
    55. 

  55.     def test_verify_success(self):
    56. 

  56.         to_sign = b"foo"
    57. 

  57.         signer = es256.ES256Signer.from_string(PRIVATE_KEY_BYTES)
    58. 

  58.         actual_signature = signer.sign(to_sign)
    59. 

  59. 

  60.         verifier = es256.ES256Verifier.from_string(PUBLIC_KEY_BYTES)
    61. 

  61.         assert verifier.verify(to_sign, actual_signature)
    62. 

  62. 

  63.     def test_verify_unicode_success(self):
    64. 

  64.         to_sign = u"foo"
    65. 

  65.         signer = es256.ES256Signer.from_string(PRIVATE_KEY_BYTES)
    66. 

  66.         actual_signature = signer.sign(to_sign)
    67. 

  67. 

  68.         verifier = es256.ES256Verifier.from_string(PUBLIC_KEY_BYTES)
    69. 

  69.         assert verifier.verify(to_sign, actual_signature)
    70. 

  70. 

  71.     def test_verify_failure(self):
    72. 

  72.         verifier = es256.ES256Verifier.from_string(PUBLIC_KEY_BYTES)
    73. 

  73.         bad_signature1 = b""
    74. 

  74.         assert not verifier.verify(b"foo", bad_signature1)
    75. 

  75.         bad_signature2 = b"a"
    76. 

  76.         assert not verifier.verify(b"foo", bad_signature2)
    77. 

  77. 

  78.     def test_verify_failure_with_wrong_raw_signature(self):
    79. 

  79.         to_sign = b"foo"
    80. 

  80. 

  81.         # This signature has a wrong "r" value in the "(r,s)" raw signature.
    82. 

  82.         wrong_signature = base64.urlsafe_b64decode(
    83. 

  83.             b"m7oaRxUDeYqjZ8qiMwo0PZLTMZWKJLFQREpqce1StMIa_yXQQ-C5WgeIRHW7OqlYSDL0XbUrj_uAw9i-QhfOJQ=="
    84. 

  84.         )
    85. 

  85. 

  86.         verifier = es256.ES256Verifier.from_string(PUBLIC_KEY_BYTES)
    87. 

  87.         assert not verifier.verify(to_sign, wrong_signature)
    88. 

  88. 

  89.     def test_from_string_pub_key(self):
    90. 

  90.         verifier = es256.ES256Verifier.from_string(PUBLIC_KEY_BYTES)
    91. 

  91.         assert isinstance(verifier, es256.ES256Verifier)
    92. 

  92.         assert isinstance(verifier._pubkey, ec.EllipticCurvePublicKey)
    93. 

  93. 

  94.     def test_from_string_pub_key_unicode(self):
    95. 

  95.         public_key = _helpers.from_bytes(PUBLIC_KEY_BYTES)
    96. 

  96.         verifier = es256.ES256Verifier.from_string(public_key)
    97. 

  97.         assert isinstance(verifier, es256.ES256Verifier)
    98. 

  98.         assert isinstance(verifier._pubkey, ec.EllipticCurvePublicKey)
    99. 

  99. 

  100.     def test_from_string_pub_cert(self):
    101. 

  101.         verifier = es256.ES256Verifier.from_string(PUBLIC_CERT_BYTES)
    102. 

  102.         assert isinstance(verifier, es256.ES256Verifier)
    103. 

  103.         assert isinstance(verifier._pubkey, ec.EllipticCurvePublicKey)
    104. 

  104. 

  105.     def test_from_string_pub_cert_unicode(self):
    106. 

  106.         public_cert = _helpers.from_bytes(PUBLIC_CERT_BYTES)
    107. 

  107.         verifier = es256.ES256Verifier.from_string(public_cert)
    108. 

  108.         assert isinstance(verifier, es256.ES256Verifier)
    109. 

  109.         assert isinstance(verifier._pubkey, ec.EllipticCurvePublicKey)
    110. 

  110. 

  111. 

  112. class TestES256Signer(object):
    113. 

  113.     def test_from_string_pkcs1(self):
    114. 

  114.         signer = es256.ES256Signer.from_string(PKCS1_KEY_BYTES)
    115. 

  115.         assert isinstance(signer, es256.ES256Signer)
    116. 

  116.         assert isinstance(signer._key, ec.EllipticCurvePrivateKey)
    117. 

  117. 

  118.     def test_from_string_pkcs1_unicode(self):
    119. 

  119.         key_bytes = _helpers.from_bytes(PKCS1_KEY_BYTES)
    120. 

  120.         signer = es256.ES256Signer.from_string(key_bytes)
    121. 

  121.         assert isinstance(signer, es256.ES256Signer)
    122. 

  122.         assert isinstance(signer._key, ec.EllipticCurvePrivateKey)
    123. 

  123. 

  124.     def test_from_string_bogus_key(self):
    125. 

  125.         key_bytes = "bogus-key"
    126. 

  126.         with pytest.raises(ValueError):
    127. 

  127.             es256.ES256Signer.from_string(key_bytes)
    128. 

  128. 

  129.     def test_from_service_account_info(self):
    130. 

  130.         signer = es256.ES256Signer.from_service_account_info(SERVICE_ACCOUNT_INFO)
    131. 

  131. 

  132.         assert signer.key_id == SERVICE_ACCOUNT_INFO[base._JSON_FILE_PRIVATE_KEY_ID]
    133. 

  133.         assert isinstance(signer._key, ec.EllipticCurvePrivateKey)
    134. 

  134. 

  135.     def test_from_service_account_info_missing_key(self):
    136. 

  136.         with pytest.raises(ValueError) as excinfo:
    137. 

  137.             es256.ES256Signer.from_service_account_info({})
    138. 

  138. 

  139.         assert excinfo.match(base._JSON_FILE_PRIVATE_KEY)
    140. 

  140. 

  141.     def test_from_service_account_file(self):
    142. 

  142.         signer = es256.ES256Signer.from_service_account_file(SERVICE_ACCOUNT_JSON_FILE)
    143. 

  143. 

  144.         assert signer.key_id == SERVICE_ACCOUNT_INFO[base._JSON_FILE_PRIVATE_KEY_ID]
    145. 

  145.         assert isinstance(signer._key, ec.EllipticCurvePrivateKey)
    146. 

  146. 

  147.     def test_pickle(self):
    148. 

  148.         signer = es256.ES256Signer.from_service_account_file(SERVICE_ACCOUNT_JSON_FILE)
    149. 

  149. 

  150.         assert signer.key_id == SERVICE_ACCOUNT_INFO[base._JSON_FILE_PRIVATE_KEY_ID]
    151. 

  151.         assert isinstance(signer._key, ec.EllipticCurvePrivateKey)
    152. 

  152. 

  153.         pickled_signer = pickle.dumps(signer)
    154. 

  154.         signer = pickle.loads(pickled_signer)
    155. 

  155. 

  156.         assert signer.key_id == SERVICE_ACCOUNT_INFO[base._JSON_FILE_PRIVATE_KEY_ID]
    157. 

  157.         assert isinstance(signer._key, ec.EllipticCurvePrivateKey)
    158.