File: test_sig_validate.py

package info (click to toggle)
python-pyhanko-certvalidator 0.30.1-1
  • links: PTS, VCS
  • area: main
  • in suites: forky
  • size: 4,088 kB
  • sloc: python: 10,014; sh: 58; makefile: 4
file content (72 lines) | stat: -rw-r--r-- 2,523 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
 
import pytest
from asn1crypto import algos, keys
from pyhanko_certvalidator.errors import (
    AlgorithmNotSupported,
    DSAParametersUnavailable,
    PSSParameterMismatch,
)
from pyhanko_certvalidator.sig_validate import DefaultSignatureValidator

from .common import load_cert_object, load_nist_cert


def test_dsa_inheritance_missing_params():
    pubkey = load_nist_cert('DSACACert.crt').public_key
    pubkey_stripped = keys.PublicKeyInfo(
        {
            'algorithm': {
                'algorithm': pubkey['algorithm']['algorithm'],
            },
            'public_key': pubkey['public_key'],
        }
    )
    issued_cert = load_nist_cert('InvalidDSASignatureTest6EE.crt')
    payload = issued_cert['tbs_certificate'].dump()
    signature = issued_cert['signature_value'].native
    algo_stripped = algos.SignedDigestAlgorithm(
        {'algorithm': issued_cert['signature_algorithm']['algorithm']}
    )
    with pytest.raises(DSAParametersUnavailable):
        DefaultSignatureValidator().validate_signature(
            signature, payload, pubkey_stripped, algo_stripped
        )


def test_pss_parameter_mismatch():
    pubkey = load_cert_object('testing-ca-pss', 'root.cert.pem').public_key
    pubkey_mangled = keys.PublicKeyInfo(
        {
            'algorithm': {
                'algorithm': 'rsassa_pss',
                'parameters': keys.RSASSAPSSParams(
                    {'hash_algorithm': {'algorithm': 'sha3_256'}}
                ),
            },
            'public_key': pubkey['public_key'],
        }
    )

    issued_cert = load_cert_object('testing-ca-pss', 'interm.cert.pem')
    payload = issued_cert['tbs_certificate'].dump()
    signature = issued_cert['signature_value'].native
    with pytest.raises(PSSParameterMismatch):
        DefaultSignatureValidator().validate_signature(
            signature,
            payload,
            pubkey_mangled,
            issued_cert['signature_algorithm'],
        )


def test_algorithm_not_supported():
    pubkey = load_cert_object('testing-ca-pss', 'root.cert.pem').public_key
    issued_cert = load_cert_object('testing-ca-pss', 'interm.cert.pem')
    payload = issued_cert['tbs_certificate'].dump()
    signature = issued_cert['signature_value'].native
    algo = algos.SignedDigestAlgorithm(
        {'algorithm': algos.SignedDigestAlgorithmId('2.999')}
    )
    with pytest.raises(AlgorithmNotSupported):
        DefaultSignatureValidator().validate_signature(
            signature, payload, pubkey, algo
        )