Unified vector loading in acme.

acme/challenges_test.py

@@ -1,10 +1,6 @@
 """Tests for acme.challenges."""
-import os
-import pkg_resources
 import unittest
 
-from cryptography.hazmat.backends import default_backend
-from cryptography.hazmat.primitives import serialization
 import mock
 import OpenSSL
 import requests
@@ -12,15 +8,11 @@ import urlparse
 
 from acme import jose
 from acme import other
+from acme import test_util
 
 
-CERT = jose.ComparableX509(OpenSSL.crypto.load_certificate(
-    OpenSSL.crypto.FILETYPE_PEM, pkg_resources.resource_string(
-        'acme', os.path.join('testdata', 'cert.pem'))))
-KEY = serialization.load_pem_private_key(
-    pkg_resources.resource_string(
-        'acme', os.path.join('testdata', 'rsa512_key.pem')),
-    password=None, backend=default_backend())
+CERT = test_util.load_cert('cert.pem')
+KEY = test_util.load_rsa_private_key('rsa512_key.pem')
 
 
 class ChallengeResponseTest(unittest.TestCase):

acme/client_test.py

@@ -2,8 +2,6 @@
 import datetime
 import httplib
 import json
-import os
-import pkg_resources
 import unittest
 
 import mock
@@ -15,14 +13,12 @@ from acme import jose
 from acme import jws as acme_jws
 from acme import messages
 from acme import messages_test
+from acme import test_util
 
 
-CERT_DER = pkg_resources.resource_string(
-    'acme', os.path.join('testdata', 'cert.der'))
-KEY = jose.JWKRSA.load(pkg_resources.resource_string(
-    'acme', os.path.join('testdata', 'rsa512_key.pem')))
-KEY2 = jose.JWKRSA.load(pkg_resources.resource_string(
-    'acme', os.path.join('testdata', 'rsa256_key.pem')))
+CERT_DER = test_util.load_vector('cert.der')
+KEY = jose.JWKRSA.load(test_util.load_vector('rsa512_key.pem'))
+KEY2 = jose.JWKRSA.load(test_util.load_vector('rsa256_key.pem'))
 
 
 class ClientTest(unittest.TestCase):

acme/jose/json_util_test.py

@@ -1,23 +1,18 @@
 """Tests for acme.jose.json_util."""
 import itertools
-import os
-import pkg_resources
 import unittest
 
 import mock
-import OpenSSL
+
+from acme import test_util
 
 from acme.jose import errors
 from acme.jose import interfaces
 from acme.jose import util
 
 
-CERT = util.ComparableX509(OpenSSL.crypto.load_certificate(
-    OpenSSL.crypto.FILETYPE_PEM, pkg_resources.resource_string(
-        'acme', os.path.join('testdata', 'cert.pem'))))
-CSR = util.ComparableX509(OpenSSL.crypto.load_certificate_request(
-    OpenSSL.crypto.FILETYPE_PEM, pkg_resources.resource_string(
-        'acme', os.path.join('testdata', 'csr.pem'))))
+CERT = test_util.load_cert('cert.pem')
+CSR = test_util.load_csr('csr.pem')
 
 
 class FieldTest(unittest.TestCase):

acme/jose/jwa_test.py

@@ -1,19 +1,14 @@
 """Tests for acme.jose.jwa."""
-import os
-import pkg_resources
 import unittest
 
-from cryptography.hazmat.backends import default_backend
-from cryptography.hazmat.primitives import serialization
+from acme import test_util
 
 from acme.jose import errors
-from acme.jose import jwk_test
 
 
-RSA1024_KEY = serialization.load_pem_private_key(
-    pkg_resources.resource_string(
-        'acme', os.path.join('testdata', 'rsa1024_key.pem')),
-    password=None, backend=default_backend())
+RSA256_KEY = test_util.load_rsa_private_key('rsa256_key.pem')
+RSA512_KEY = test_util.load_rsa_private_key('rsa512_key.pem')
+RSA1024_KEY = test_util.load_rsa_private_key('rsa1024_key.pem')
 
 
 class JWASignatureTest(unittest.TestCase):
@@ -76,13 +71,13 @@ class JWARSTest(unittest.TestCase):
     def test_sign_no_private_part(self):
         from acme.jose.jwa import RS256
         self.assertRaises(
-            errors.Error, RS256.sign, jwk_test.RSA512_KEY.public_key(), 'foo')
+            errors.Error, RS256.sign, RSA512_KEY.public_key(), 'foo')
 
     def test_sign_key_too_small(self):
         from acme.jose.jwa import RS256
         from acme.jose.jwa import PS256
-        self.assertRaises(errors.Error, RS256.sign, jwk_test.RSA256_KEY, 'foo')
-        self.assertRaises(errors.Error, PS256.sign, jwk_test.RSA256_KEY, 'foo')
+        self.assertRaises(errors.Error, RS256.sign, RSA256_KEY, 'foo')
+        self.assertRaises(errors.Error, PS256.sign, RSA256_KEY, 'foo')
 
     def test_rs(self):
         from acme.jose.jwa import RS256
@@ -92,11 +87,10 @@ class JWARSTest(unittest.TestCase):
             '\xa4\x99\x1e\x19&\xd8\xc7\x99S\x97\xfc\x85\x0cOV\xe6\x07\x99'
             '\xd2\xb9.>}\xfd'
         )
-        self.assertEqual(RS256.sign(jwk_test.RSA512_KEY, 'foo'), sig)
-        self.assertTrue(RS256.verify(
-            jwk_test.RSA512_KEY.public_key(), 'foo', sig))
+        self.assertEqual(RS256.sign(RSA512_KEY, 'foo'), sig)
+        self.assertTrue(RS256.verify(RSA512_KEY.public_key(), 'foo', sig))
         self.assertFalse(RS256.verify(
-            jwk_test.RSA512_KEY.public_key(), 'foo', sig + '!'))
+            RSA512_KEY.public_key(), 'foo', sig + '!'))
 
     def test_ps(self):
         from acme.jose.jwa import PS256

acme/jose/jwk_test.py

@@ -1,25 +1,15 @@
 """Tests for acme.jose.jwk."""
-import os
-import pkg_resources
 import unittest
 
-from cryptography.hazmat.backends import default_backend
-from cryptography.hazmat.primitives import serialization
+from acme import test_util
 
 from acme.jose import errors
 from acme.jose import util
 
 
-DSA_PEM = pkg_resources.resource_string(
-    'acme', os.path.join('testdata', 'dsa512_key.pem'))
-RSA256_KEY = serialization.load_pem_private_key(
-    pkg_resources.resource_string(
-        'acme', os.path.join('testdata', 'rsa256_key.pem')),
-    password=None, backend=default_backend())
-RSA512_KEY = serialization.load_pem_private_key(
-    pkg_resources.resource_string(
-        'acme', os.path.join('testdata', 'rsa512_key.pem')),
-    password=None, backend=default_backend())
+DSA_PEM = test_util.load_vector('dsa512_key.pem')
+RSA256_KEY = test_util.load_rsa_private_key('rsa256_key.pem')
+RSA512_KEY = test_util.load_rsa_private_key('rsa512_key.pem')
 
 
 class JWKTest(unittest.TestCase):
@@ -73,8 +63,8 @@ class JWKRSATest(unittest.TestCase):
             'e': 'AQAB',
             'n': 'm2Fylv-Uz7trgTW8EBHP3FQSMeZs2GNQ6VRo1sIVJEk',
         }
-        self.jwk256_comparable = JWKRSA(key=util.ComparableRSAKey(
-            RSA256_KEY.public_key()))
+        # pylint: disable=protected-access
+        self.jwk256_not_comparable = JWKRSA(key=RSA256_KEY.public_key()._wrapped)
         self.jwk512 = JWKRSA(key=RSA512_KEY.public_key())
         self.jwk512json = {
             'kty': 'RSA',
@@ -96,9 +86,10 @@ class JWKRSATest(unittest.TestCase):
             'qi': 'oi45cEkbVoJjAbnQpFY87Q',
         })
 
-    def test_init_comparable(self):
-        self.assertTrue(isinstance(self.jwk256.key, util.ComparableRSAKey))
-        self.assertEqual(self.jwk256, self.jwk256_comparable)
+    def test_init_auto_comparable(self):
+        self.assertTrue(isinstance(
+            self.jwk256_not_comparable.key, util.ComparableRSAKey))
+        self.assertEqual(self.jwk256, self.jwk256_not_comparable)
 
     def test_equals(self):
         self.assertEqual(self.jwk256, self.jwk256)
@@ -110,9 +101,8 @@ class JWKRSATest(unittest.TestCase):
 
     def test_load(self):
         from acme.jose.jwk import JWKRSA
-        self.assertEqual(
-            self.private, JWKRSA.load(pkg_resources.resource_string(
-                'acme', os.path.join('testdata', 'rsa256_key.pem'))))
+        self.assertEqual(self.private, JWKRSA.load(
+            test_util.load_vector('rsa256_key.pem')))
 
     def test_public_key(self):
         self.assertEqual(self.jwk256, self.private.public_key())

acme/jose/jws_test.py

@@ -1,28 +1,20 @@
 """Tests for acme.jose.jws."""
 import base64
-import os
-import pkg_resources
 import unittest
 
-from cryptography.hazmat.backends import default_backend
-from cryptography.hazmat.primitives import serialization
 import mock
 import OpenSSL
 
+from acme import test_util
+
 from acme.jose import b64
 from acme.jose import errors
 from acme.jose import jwa
 from acme.jose import jwk
-from acme.jose import util
 
 
-CERT = util.ComparableX509(OpenSSL.crypto.load_certificate(
-    OpenSSL.crypto.FILETYPE_PEM, pkg_resources.resource_string(
-        'acme', 'testdata/cert.pem')))
-RSA512_KEY = serialization.load_pem_private_key(
-    pkg_resources.resource_string(
-        'acme', os.path.join('testdata', 'rsa512_key.pem')),
-    password=None, backend=default_backend())
+CERT = test_util.load_cert('cert.pem')
+KEY = jwk.JWKRSA.load(test_util.load_vector('rsa512_key.pem'))
 
 
 class MediaTypeTest(unittest.TestCase):
@@ -112,7 +104,7 @@ class JWSTest(unittest.TestCase):
     """Tests for acme.jose.jws.JWS."""
 
     def setUp(self):
-        self.privkey = jwk.JWKRSA(key=RSA512_KEY)
+        self.privkey = KEY
         self.pubkey = self.privkey.public_key()
 
         from acme.jose.jws import JWS
@@ -209,8 +201,7 @@ class JWSTest(unittest.TestCase):
 class CLITest(unittest.TestCase):
 
     def setUp(self):
-        self.key_path = pkg_resources.resource_filename(
-            'acme', os.path.join('testdata', 'rsa512_key.pem'))
+        self.key_path = test_util.vector_path('rsa512_key.pem')
 
     def test_unverified(self):
         from acme.jose.jws import CLI

acme/jose/util_test.py

@@ -1,31 +1,22 @@
 """Tests for acme.jose.util."""
 import functools
-import os
-import pkg_resources
 import unittest
 
-from cryptography.hazmat.backends import default_backend
-from cryptography.hazmat.primitives import serialization
-import OpenSSL
+from acme import test_util
 
 
 class ComparableX509Test(unittest.TestCase):
     """Tests for acme.jose.util.ComparableX509."""
 
     def setUp(self):
-        from acme.jose.util import ComparableX509
-        def _load(method, filename):  # pylint: disable=missing-docstring
-            return ComparableX509(method(
-                OpenSSL.crypto.FILETYPE_PEM, pkg_resources.resource_string(
-                    'acme', os.path.join('testdata', filename))))
+        # test_util.load_{csr,cert} return ComparableX509
+        self.req1 = test_util.load_csr('csr.pem')
+        self.req2 = test_util.load_csr('csr.pem')
+        self.req_other = test_util.load_csr('csr-san.pem')
 
-        self.req1 = _load(OpenSSL.crypto.load_certificate_request, 'csr.pem')
-        self.req2 = _load(OpenSSL.crypto.load_certificate_request, 'csr.pem')
-        self.req_other = _load(OpenSSL.crypto.load_certificate_request, 'csr-san.pem')
-
-        self.cert1 = _load(OpenSSL.crypto.load_certificate, 'cert.pem')
-        self.cert2 = _load(OpenSSL.crypto.load_certificate, 'cert.pem')
-        self.cert_other = _load(OpenSSL.crypto.load_certificate, 'cert-san.pem')
+        self.cert1 = test_util.load_cert('cert.pem')
+        self.cert2 = test_util.load_cert('cert.pem')
+        self.cert_other = test_util.load_cert('cert-san.pem')
 
     def test_eq(self):
         self.assertEqual(self.req1, self.req2)
@@ -56,19 +47,10 @@ class ComparableRSAKeyTest(unittest.TestCase):
     """Tests for acme.jose.util.ComparableRSAKey."""
 
     def setUp(self):
-        from acme.jose.util import ComparableRSAKey
-        backend = default_backend()
-        def load_key():  # pylint: disable=missing-docstring
-            return ComparableRSAKey(serialization.load_pem_private_key(
-                pkg_resources.resource_string(
-                    'acme', os.path.join('testdata', 'rsa256_key.pem')),
-                password=None, backend=backend))
-        self.key = load_key()
-        self.key_same = load_key()
-        self.key2 = ComparableRSAKey(serialization.load_pem_private_key(
-            pkg_resources.resource_string(
-                'acme', os.path.join('testdata', 'rsa512_key.pem')),
-            password=None, backend=backend))
+        # test_utl.load_rsa_private_key return ComparableRSAKey
+        self.key = test_util.load_rsa_private_key('rsa256_key.pem')
+        self.key_same = test_util.load_rsa_private_key('rsa256_key.pem')
+        self.key2 = test_util.load_rsa_private_key('rsa512_key.pem')
 
     def test_getattr_proxy(self):
         self.assertEqual(256, self.key.key_size)

acme/jws_test.py

@@ -1,19 +1,12 @@
 """Tests for acme.jws."""
-import os
-import pkg_resources
 import unittest
 
-from cryptography.hazmat.backends import default_backend
-from cryptography.hazmat.primitives import serialization
-
 from acme import errors
 from acme import jose
+from acme import test_util
 
 
-RSA512_KEY = serialization.load_pem_private_key(
-    pkg_resources.resource_string(
-        'acme', os.path.join('testdata', 'rsa512_key.pem')),
-    password=None, backend=default_backend())
+KEY = jose.JWKRSA.load(test_util.load_vector('rsa512_key.pem'))
 
 
 class HeaderTest(unittest.TestCase):
@@ -46,7 +39,7 @@ class JWSTest(unittest.TestCase):
     """Tests for acme.jws.JWS."""
 
     def setUp(self):
-        self.privkey = jose.JWKRSA(key=RSA512_KEY)
+        self.privkey = KEY
         self.pubkey = self.privkey.public_key()
         self.nonce = jose.b64encode('Nonce')
 

acme/messages_test.py

@@ -1,30 +1,16 @@
 """Tests for acme.messages."""
-import os
-import pkg_resources
 import unittest
 
-from cryptography.hazmat.backends import default_backend
-from cryptography.hazmat.primitives import serialization
 import mock
-import OpenSSL
 
 from acme import challenges
 from acme import jose
+from acme import test_util
 
 
-CERT = jose.ComparableX509(OpenSSL.crypto.load_certificate(
-    OpenSSL.crypto.FILETYPE_ASN1, pkg_resources.resource_string(
-        'acme', os.path.join('testdata', 'cert.der'))))
-CSR = jose.ComparableX509(OpenSSL.crypto.load_certificate_request(
-    OpenSSL.crypto.FILETYPE_ASN1, pkg_resources.resource_string(
-        'acme', os.path.join('testdata', 'csr.der'))))
-KEY = serialization.load_pem_private_key(
-    pkg_resources.resource_string(
-        'acme', os.path.join('testdata', 'rsa512_key.pem')),
-    password=None, backend=default_backend())
-CERT = jose.ComparableX509(OpenSSL.crypto.load_certificate(
-    OpenSSL.crypto.FILETYPE_ASN1, pkg_resources.resource_string(
-        'acme', os.path.join('testdata', 'cert.der'))))
+CERT = test_util.load_cert('cert.der')
+CSR = test_util.load_csr('csr.der')
+KEY = test_util.load_rsa_private_key('rsa512_key.pem')
 
 
 class ErrorTest(unittest.TestCase):

acme/other_test.py

@@ -1,18 +1,11 @@
 """Tests for acme.sig."""
-import os
-import pkg_resources
 import unittest
 
-from cryptography.hazmat.backends import default_backend
-from cryptography.hazmat.primitives import serialization
-
 from acme import jose
+from acme import test_util
 
 
-KEY = serialization.load_pem_private_key(
-    pkg_resources.resource_string(
-        'acme', os.path.join('testdata', 'rsa512_key.pem')),
-    password=None, backend=default_backend())
+KEY = test_util.load_rsa_private_key('rsa512_key.pem')
 
 
 class SignatureTest(unittest.TestCase):

acme/test_util.py

@@ -0,0 +1,55 @@
+"""Test utilities.
+
+.. warning:: This module is not part of the public API.
+
+"""
+import os
+import pkg_resources
+
+from cryptography.hazmat.backends import default_backend
+from cryptography.hazmat.primitives import serialization
+import OpenSSL
+
+from acme import jose
+
+
+def vector_path(*names):
+    """Path to a test vector."""
+    return pkg_resources.resource_filename(
+        __name__, os.path.join('testdata', *names))
+
+def load_vector(*names):
+    """Load contents of a test vector."""
+    # luckily, resource_string opens file in binary mode
+    return pkg_resources.resource_string(
+        __name__, os.path.join('testdata', *names))
+
+def _guess_loader(filename, loader_pem, loader_der):
+    _, ext = os.path.splitext(filename)
+    if ext.lower() == '.pem':
+        return loader_pem
+    elif ext.lower() == '.der':
+        return loader_der
+    else:  # pragma: no cover
+        raise ValueError("Loader could not be recognized based on extension")
+
+def load_cert(*names):
+    """Load certificate."""
+    loader = _guess_loader(
+        names[-1], OpenSSL.crypto.FILETYPE_PEM, OpenSSL.crypto.FILETYPE_ASN1)
+    return jose.ComparableX509(OpenSSL.crypto.load_certificate(
+        loader, load_vector(*names)))
+
+def load_csr(*names):
+    """Load certificate request."""
+    loader = _guess_loader(
+        names[-1], OpenSSL.crypto.FILETYPE_PEM, OpenSSL.crypto.FILETYPE_ASN1)
+    return jose.ComparableX509(OpenSSL.crypto.load_certificate_request(
+        loader, load_vector(*names)))
+
+def load_rsa_private_key(*names):
+    """Load RSA private key."""
+    loader = _guess_loader(names[-1], serialization.load_pem_private_key,
+                           serialization.load_der_private_key)
+    return jose.ComparableRSAKey(loader(
+        load_vector(*names), password=None, backend=default_backend()))

acme/testdata/README

@@ -1,3 +1,7 @@
+In order for acme.test_util._guess_loader to work properly, make sure
+to use appropriate extension for vector filenames: .pem for PEM and
+.der for DER.
+
 The following command has been used to generate test keys:
 
   for x in 256 512 1024; do openssl genrsa -out rsa${k}_key.pem $k; done