diff --git a/acme/challenges_test.py b/acme/challenges_test.py index 40a2455d5..a1214c2f9 100644 --- a/acme/challenges_test.py +++ b/acme/challenges_test.py @@ -1,10 +1,6 @@ """Tests for acme.challenges.""" -import os -import pkg_resources import unittest -from cryptography.hazmat.backends import default_backend -from cryptography.hazmat.primitives import serialization import mock import OpenSSL import requests @@ -12,15 +8,11 @@ import urlparse from acme import jose from acme import other +from acme import test_util -CERT = jose.ComparableX509(OpenSSL.crypto.load_certificate( - OpenSSL.crypto.FILETYPE_PEM, pkg_resources.resource_string( - 'acme', os.path.join('testdata', 'cert.pem')))) -KEY = serialization.load_pem_private_key( - pkg_resources.resource_string( - 'acme', os.path.join('testdata', 'rsa512_key.pem')), - password=None, backend=default_backend()) +CERT = test_util.load_cert('cert.pem') +KEY = test_util.load_rsa_private_key('rsa512_key.pem') class ChallengeResponseTest(unittest.TestCase): diff --git a/acme/client_test.py b/acme/client_test.py index abd5e7172..3e3380a16 100644 --- a/acme/client_test.py +++ b/acme/client_test.py @@ -2,8 +2,6 @@ import datetime import httplib import json -import os -import pkg_resources import unittest import mock @@ -15,14 +13,12 @@ from acme import jose from acme import jws as acme_jws from acme import messages from acme import messages_test +from acme import test_util -CERT_DER = pkg_resources.resource_string( - 'acme', os.path.join('testdata', 'cert.der')) -KEY = jose.JWKRSA.load(pkg_resources.resource_string( - 'acme', os.path.join('testdata', 'rsa512_key.pem'))) -KEY2 = jose.JWKRSA.load(pkg_resources.resource_string( - 'acme', os.path.join('testdata', 'rsa256_key.pem'))) +CERT_DER = test_util.load_vector('cert.der') +KEY = jose.JWKRSA.load(test_util.load_vector('rsa512_key.pem')) +KEY2 = jose.JWKRSA.load(test_util.load_vector('rsa256_key.pem')) class ClientTest(unittest.TestCase): diff --git a/acme/jose/json_util_test.py b/acme/jose/json_util_test.py index 458d3b87c..9e2a87858 100644 --- a/acme/jose/json_util_test.py +++ b/acme/jose/json_util_test.py @@ -1,23 +1,18 @@ """Tests for acme.jose.json_util.""" import itertools -import os -import pkg_resources import unittest import mock -import OpenSSL + +from acme import test_util from acme.jose import errors from acme.jose import interfaces from acme.jose import util -CERT = util.ComparableX509(OpenSSL.crypto.load_certificate( - OpenSSL.crypto.FILETYPE_PEM, pkg_resources.resource_string( - 'acme', os.path.join('testdata', 'cert.pem')))) -CSR = util.ComparableX509(OpenSSL.crypto.load_certificate_request( - OpenSSL.crypto.FILETYPE_PEM, pkg_resources.resource_string( - 'acme', os.path.join('testdata', 'csr.pem')))) +CERT = test_util.load_cert('cert.pem') +CSR = test_util.load_csr('csr.pem') class FieldTest(unittest.TestCase): diff --git a/acme/jose/jwa_test.py b/acme/jose/jwa_test.py index 898773716..1a3896f4a 100644 --- a/acme/jose/jwa_test.py +++ b/acme/jose/jwa_test.py @@ -1,19 +1,14 @@ """Tests for acme.jose.jwa.""" -import os -import pkg_resources import unittest -from cryptography.hazmat.backends import default_backend -from cryptography.hazmat.primitives import serialization +from acme import test_util from acme.jose import errors -from acme.jose import jwk_test -RSA1024_KEY = serialization.load_pem_private_key( - pkg_resources.resource_string( - 'acme', os.path.join('testdata', 'rsa1024_key.pem')), - password=None, backend=default_backend()) +RSA256_KEY = test_util.load_rsa_private_key('rsa256_key.pem') +RSA512_KEY = test_util.load_rsa_private_key('rsa512_key.pem') +RSA1024_KEY = test_util.load_rsa_private_key('rsa1024_key.pem') class JWASignatureTest(unittest.TestCase): @@ -76,13 +71,13 @@ class JWARSTest(unittest.TestCase): def test_sign_no_private_part(self): from acme.jose.jwa import RS256 self.assertRaises( - errors.Error, RS256.sign, jwk_test.RSA512_KEY.public_key(), 'foo') + errors.Error, RS256.sign, RSA512_KEY.public_key(), 'foo') def test_sign_key_too_small(self): from acme.jose.jwa import RS256 from acme.jose.jwa import PS256 - self.assertRaises(errors.Error, RS256.sign, jwk_test.RSA256_KEY, 'foo') - self.assertRaises(errors.Error, PS256.sign, jwk_test.RSA256_KEY, 'foo') + self.assertRaises(errors.Error, RS256.sign, RSA256_KEY, 'foo') + self.assertRaises(errors.Error, PS256.sign, RSA256_KEY, 'foo') def test_rs(self): from acme.jose.jwa import RS256 @@ -92,11 +87,10 @@ class JWARSTest(unittest.TestCase): '\xa4\x99\x1e\x19&\xd8\xc7\x99S\x97\xfc\x85\x0cOV\xe6\x07\x99' '\xd2\xb9.>}\xfd' ) - self.assertEqual(RS256.sign(jwk_test.RSA512_KEY, 'foo'), sig) - self.assertTrue(RS256.verify( - jwk_test.RSA512_KEY.public_key(), 'foo', sig)) + self.assertEqual(RS256.sign(RSA512_KEY, 'foo'), sig) + self.assertTrue(RS256.verify(RSA512_KEY.public_key(), 'foo', sig)) self.assertFalse(RS256.verify( - jwk_test.RSA512_KEY.public_key(), 'foo', sig + '!')) + RSA512_KEY.public_key(), 'foo', sig + '!')) def test_ps(self): from acme.jose.jwa import PS256 diff --git a/acme/jose/jwk_test.py b/acme/jose/jwk_test.py index 2e317d3cc..86674b726 100644 --- a/acme/jose/jwk_test.py +++ b/acme/jose/jwk_test.py @@ -1,25 +1,15 @@ """Tests for acme.jose.jwk.""" -import os -import pkg_resources import unittest -from cryptography.hazmat.backends import default_backend -from cryptography.hazmat.primitives import serialization +from acme import test_util from acme.jose import errors from acme.jose import util -DSA_PEM = pkg_resources.resource_string( - 'acme', os.path.join('testdata', 'dsa512_key.pem')) -RSA256_KEY = serialization.load_pem_private_key( - pkg_resources.resource_string( - 'acme', os.path.join('testdata', 'rsa256_key.pem')), - password=None, backend=default_backend()) -RSA512_KEY = serialization.load_pem_private_key( - pkg_resources.resource_string( - 'acme', os.path.join('testdata', 'rsa512_key.pem')), - password=None, backend=default_backend()) +DSA_PEM = test_util.load_vector('dsa512_key.pem') +RSA256_KEY = test_util.load_rsa_private_key('rsa256_key.pem') +RSA512_KEY = test_util.load_rsa_private_key('rsa512_key.pem') class JWKTest(unittest.TestCase): @@ -73,8 +63,8 @@ class JWKRSATest(unittest.TestCase): 'e': 'AQAB', 'n': 'm2Fylv-Uz7trgTW8EBHP3FQSMeZs2GNQ6VRo1sIVJEk', } - self.jwk256_comparable = JWKRSA(key=util.ComparableRSAKey( - RSA256_KEY.public_key())) + # pylint: disable=protected-access + self.jwk256_not_comparable = JWKRSA(key=RSA256_KEY.public_key()._wrapped) self.jwk512 = JWKRSA(key=RSA512_KEY.public_key()) self.jwk512json = { 'kty': 'RSA', @@ -96,9 +86,10 @@ class JWKRSATest(unittest.TestCase): 'qi': 'oi45cEkbVoJjAbnQpFY87Q', }) - def test_init_comparable(self): - self.assertTrue(isinstance(self.jwk256.key, util.ComparableRSAKey)) - self.assertEqual(self.jwk256, self.jwk256_comparable) + def test_init_auto_comparable(self): + self.assertTrue(isinstance( + self.jwk256_not_comparable.key, util.ComparableRSAKey)) + self.assertEqual(self.jwk256, self.jwk256_not_comparable) def test_equals(self): self.assertEqual(self.jwk256, self.jwk256) @@ -110,9 +101,8 @@ class JWKRSATest(unittest.TestCase): def test_load(self): from acme.jose.jwk import JWKRSA - self.assertEqual( - self.private, JWKRSA.load(pkg_resources.resource_string( - 'acme', os.path.join('testdata', 'rsa256_key.pem')))) + self.assertEqual(self.private, JWKRSA.load( + test_util.load_vector('rsa256_key.pem'))) def test_public_key(self): self.assertEqual(self.jwk256, self.private.public_key()) diff --git a/acme/jose/jws_test.py b/acme/jose/jws_test.py index ecfb11be7..7a3e8cb83 100644 --- a/acme/jose/jws_test.py +++ b/acme/jose/jws_test.py @@ -1,28 +1,20 @@ """Tests for acme.jose.jws.""" import base64 -import os -import pkg_resources import unittest -from cryptography.hazmat.backends import default_backend -from cryptography.hazmat.primitives import serialization import mock import OpenSSL +from acme import test_util + from acme.jose import b64 from acme.jose import errors from acme.jose import jwa from acme.jose import jwk -from acme.jose import util -CERT = util.ComparableX509(OpenSSL.crypto.load_certificate( - OpenSSL.crypto.FILETYPE_PEM, pkg_resources.resource_string( - 'acme', 'testdata/cert.pem'))) -RSA512_KEY = serialization.load_pem_private_key( - pkg_resources.resource_string( - 'acme', os.path.join('testdata', 'rsa512_key.pem')), - password=None, backend=default_backend()) +CERT = test_util.load_cert('cert.pem') +KEY = jwk.JWKRSA.load(test_util.load_vector('rsa512_key.pem')) class MediaTypeTest(unittest.TestCase): @@ -112,7 +104,7 @@ class JWSTest(unittest.TestCase): """Tests for acme.jose.jws.JWS.""" def setUp(self): - self.privkey = jwk.JWKRSA(key=RSA512_KEY) + self.privkey = KEY self.pubkey = self.privkey.public_key() from acme.jose.jws import JWS @@ -209,8 +201,7 @@ class JWSTest(unittest.TestCase): class CLITest(unittest.TestCase): def setUp(self): - self.key_path = pkg_resources.resource_filename( - 'acme', os.path.join('testdata', 'rsa512_key.pem')) + self.key_path = test_util.vector_path('rsa512_key.pem') def test_unverified(self): from acme.jose.jws import CLI diff --git a/acme/jose/util_test.py b/acme/jose/util_test.py index 8d36de09b..1bde9ebd9 100644 --- a/acme/jose/util_test.py +++ b/acme/jose/util_test.py @@ -1,31 +1,22 @@ """Tests for acme.jose.util.""" import functools -import os -import pkg_resources import unittest -from cryptography.hazmat.backends import default_backend -from cryptography.hazmat.primitives import serialization -import OpenSSL +from acme import test_util class ComparableX509Test(unittest.TestCase): """Tests for acme.jose.util.ComparableX509.""" def setUp(self): - from acme.jose.util import ComparableX509 - def _load(method, filename): # pylint: disable=missing-docstring - return ComparableX509(method( - OpenSSL.crypto.FILETYPE_PEM, pkg_resources.resource_string( - 'acme', os.path.join('testdata', filename)))) + # test_util.load_{csr,cert} return ComparableX509 + self.req1 = test_util.load_csr('csr.pem') + self.req2 = test_util.load_csr('csr.pem') + self.req_other = test_util.load_csr('csr-san.pem') - self.req1 = _load(OpenSSL.crypto.load_certificate_request, 'csr.pem') - self.req2 = _load(OpenSSL.crypto.load_certificate_request, 'csr.pem') - self.req_other = _load(OpenSSL.crypto.load_certificate_request, 'csr-san.pem') - - self.cert1 = _load(OpenSSL.crypto.load_certificate, 'cert.pem') - self.cert2 = _load(OpenSSL.crypto.load_certificate, 'cert.pem') - self.cert_other = _load(OpenSSL.crypto.load_certificate, 'cert-san.pem') + self.cert1 = test_util.load_cert('cert.pem') + self.cert2 = test_util.load_cert('cert.pem') + self.cert_other = test_util.load_cert('cert-san.pem') def test_eq(self): self.assertEqual(self.req1, self.req2) @@ -56,19 +47,10 @@ class ComparableRSAKeyTest(unittest.TestCase): """Tests for acme.jose.util.ComparableRSAKey.""" def setUp(self): - from acme.jose.util import ComparableRSAKey - backend = default_backend() - def load_key(): # pylint: disable=missing-docstring - return ComparableRSAKey(serialization.load_pem_private_key( - pkg_resources.resource_string( - 'acme', os.path.join('testdata', 'rsa256_key.pem')), - password=None, backend=backend)) - self.key = load_key() - self.key_same = load_key() - self.key2 = ComparableRSAKey(serialization.load_pem_private_key( - pkg_resources.resource_string( - 'acme', os.path.join('testdata', 'rsa512_key.pem')), - password=None, backend=backend)) + # test_utl.load_rsa_private_key return ComparableRSAKey + self.key = test_util.load_rsa_private_key('rsa256_key.pem') + self.key_same = test_util.load_rsa_private_key('rsa256_key.pem') + self.key2 = test_util.load_rsa_private_key('rsa512_key.pem') def test_getattr_proxy(self): self.assertEqual(256, self.key.key_size) diff --git a/acme/jws_test.py b/acme/jws_test.py index 989a6697a..07361581c 100644 --- a/acme/jws_test.py +++ b/acme/jws_test.py @@ -1,19 +1,12 @@ """Tests for acme.jws.""" -import os -import pkg_resources import unittest -from cryptography.hazmat.backends import default_backend -from cryptography.hazmat.primitives import serialization - from acme import errors from acme import jose +from acme import test_util -RSA512_KEY = serialization.load_pem_private_key( - pkg_resources.resource_string( - 'acme', os.path.join('testdata', 'rsa512_key.pem')), - password=None, backend=default_backend()) +KEY = jose.JWKRSA.load(test_util.load_vector('rsa512_key.pem')) class HeaderTest(unittest.TestCase): @@ -46,7 +39,7 @@ class JWSTest(unittest.TestCase): """Tests for acme.jws.JWS.""" def setUp(self): - self.privkey = jose.JWKRSA(key=RSA512_KEY) + self.privkey = KEY self.pubkey = self.privkey.public_key() self.nonce = jose.b64encode('Nonce') diff --git a/acme/messages_test.py b/acme/messages_test.py index 71bf25963..2ed0dd669 100644 --- a/acme/messages_test.py +++ b/acme/messages_test.py @@ -1,30 +1,16 @@ """Tests for acme.messages.""" -import os -import pkg_resources import unittest -from cryptography.hazmat.backends import default_backend -from cryptography.hazmat.primitives import serialization import mock -import OpenSSL from acme import challenges from acme import jose +from acme import test_util -CERT = jose.ComparableX509(OpenSSL.crypto.load_certificate( - OpenSSL.crypto.FILETYPE_ASN1, pkg_resources.resource_string( - 'acme', os.path.join('testdata', 'cert.der')))) -CSR = jose.ComparableX509(OpenSSL.crypto.load_certificate_request( - OpenSSL.crypto.FILETYPE_ASN1, pkg_resources.resource_string( - 'acme', os.path.join('testdata', 'csr.der')))) -KEY = serialization.load_pem_private_key( - pkg_resources.resource_string( - 'acme', os.path.join('testdata', 'rsa512_key.pem')), - password=None, backend=default_backend()) -CERT = jose.ComparableX509(OpenSSL.crypto.load_certificate( - OpenSSL.crypto.FILETYPE_ASN1, pkg_resources.resource_string( - 'acme', os.path.join('testdata', 'cert.der')))) +CERT = test_util.load_cert('cert.der') +CSR = test_util.load_csr('csr.der') +KEY = test_util.load_rsa_private_key('rsa512_key.pem') class ErrorTest(unittest.TestCase): diff --git a/acme/other_test.py b/acme/other_test.py index 25b07bcde..428fca81f 100644 --- a/acme/other_test.py +++ b/acme/other_test.py @@ -1,18 +1,11 @@ """Tests for acme.sig.""" -import os -import pkg_resources import unittest -from cryptography.hazmat.backends import default_backend -from cryptography.hazmat.primitives import serialization - from acme import jose +from acme import test_util -KEY = serialization.load_pem_private_key( - pkg_resources.resource_string( - 'acme', os.path.join('testdata', 'rsa512_key.pem')), - password=None, backend=default_backend()) +KEY = test_util.load_rsa_private_key('rsa512_key.pem') class SignatureTest(unittest.TestCase): diff --git a/acme/test_util.py b/acme/test_util.py new file mode 100644 index 000000000..cec732625 --- /dev/null +++ b/acme/test_util.py @@ -0,0 +1,55 @@ +"""Test utilities. + +.. warning:: This module is not part of the public API. + +""" +import os +import pkg_resources + +from cryptography.hazmat.backends import default_backend +from cryptography.hazmat.primitives import serialization +import OpenSSL + +from acme import jose + + +def vector_path(*names): + """Path to a test vector.""" + return pkg_resources.resource_filename( + __name__, os.path.join('testdata', *names)) + +def load_vector(*names): + """Load contents of a test vector.""" + # luckily, resource_string opens file in binary mode + return pkg_resources.resource_string( + __name__, os.path.join('testdata', *names)) + +def _guess_loader(filename, loader_pem, loader_der): + _, ext = os.path.splitext(filename) + if ext.lower() == '.pem': + return loader_pem + elif ext.lower() == '.der': + return loader_der + else: # pragma: no cover + raise ValueError("Loader could not be recognized based on extension") + +def load_cert(*names): + """Load certificate.""" + loader = _guess_loader( + names[-1], OpenSSL.crypto.FILETYPE_PEM, OpenSSL.crypto.FILETYPE_ASN1) + return jose.ComparableX509(OpenSSL.crypto.load_certificate( + loader, load_vector(*names))) + +def load_csr(*names): + """Load certificate request.""" + loader = _guess_loader( + names[-1], OpenSSL.crypto.FILETYPE_PEM, OpenSSL.crypto.FILETYPE_ASN1) + return jose.ComparableX509(OpenSSL.crypto.load_certificate_request( + loader, load_vector(*names))) + +def load_rsa_private_key(*names): + """Load RSA private key.""" + loader = _guess_loader(names[-1], serialization.load_pem_private_key, + serialization.load_der_private_key) + return jose.ComparableRSAKey(loader( + load_vector(*names), password=None, backend=default_backend())) diff --git a/acme/testdata/README b/acme/testdata/README index be3d8b2f7..11bca55e5 100644 --- a/acme/testdata/README +++ b/acme/testdata/README @@ -1,3 +1,7 @@ +In order for acme.test_util._guess_loader to work properly, make sure +to use appropriate extension for vector filenames: .pem for PEM and +.der for DER. + The following command has been used to generate test keys: for x in 256 512 1024; do openssl genrsa -out rsa${k}_key.pem $k; done