File: check_azure_signer.py

package info (click to toggle)
python-securesystemslib 1.3.0-3
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 3,316 kB
  • sloc: python: 5,319; sh: 38; makefile: 5
file content (66 lines) | stat: -rw-r--r-- 2,210 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
 
"""
This module confirms that signing using Azure KMS keys works.

The purpose is to do a smoke test, not to exhaustively test every possible
key and environment combination.

For Azure, the requirements to successfully test are:
* Azure authentication details have to be available in the environment
* The key defined in the test has to be available to the authenticated user

NOTE: the filename is purposefully check_ rather than test_ so that tests are
only run when explicitly invoked.
"""

import unittest

from securesystemslib.exceptions import UnverifiedSignatureError
from securesystemslib.signer import AzureSigner, Key, Signer


class TestAzureKeys(unittest.TestCase):
    """Test that KMS keys can be used to sign."""

    azure_pubkey = Key.from_dict(
        "8b4af6aec66518bc66718474aa15c8becd3286e8e2b958c497a60a828d591d04",
        {
            "keytype": "ecdsa",
            "scheme": "ecdsa-sha2-nistp256",
            "keyval": {
                "public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE95qxD+/kX6oCace7hrfChtz2IYGK\nHNBmUwtf3wXH0VEdLPWVoFgGITonvA7vxqYrF8ZzAeeZYNyEBbod7SEeaw==\n-----END PUBLIC KEY-----\n"
            },
        },
    )
    azure_id = "azurekms://fsn-vault-1.vault.azure.net/keys/ec-key-1/b1089bbf068742d483970282f02090de"

    def test_azure_sign(self):
        """Test that Azure KMS key works for signing

        Note that this test requires valid credentials available.
        """

        data = b"data"

        signer = Signer.from_priv_key_uri(self.azure_id, self.azure_pubkey)
        sig = signer.sign(data)

        print(sig.signature)

        self.azure_pubkey.verify_signature(sig, data)
        with self.assertRaises(UnverifiedSignatureError):
            self.azure_pubkey.verify_signature(sig, b"NOT DATA")

    def test_azure_import(self):
        """Test that Azure KMS key works for signing

        Note that this test requires valid credentials available.
        """

        uri, pubkey = AzureSigner.import_("fsn-vault-1", "ec-key-1")

        self.assertEqual(pubkey, self.azure_pubkey)
        self.assertEqual(uri, self.azure_id)


if __name__ == "__main__":
    unittest.main(verbosity=1, buffer=True)