updated test
This commit is contained in:
parent
f7e084c5c2
commit
a923e7e321
@ -1,3 +1,4 @@
|
||||
import base64
|
||||
import json
|
||||
from calendar import timegm
|
||||
from datetime import datetime, UTC, timedelta
|
||||
@ -19,9 +20,10 @@ Any variables prefixed with `MY_` or `my_` are variables which are set by fastap
|
||||
|
||||
### FILES
|
||||
|
||||
FILE_REQUEST_ROUTING_SI = f'../../doc/database/3-after-upload-license/request_routing.service_instance.json'
|
||||
FILE_CONFIG_TOKEN = f'../../doc/files/config-token.json'
|
||||
FILE_SI_ARTIFACT = f'../../doc/database/3-after-upload-license/si_d8c07e4af6a449d0b2dc3faf0e1bf2bd.service_instance_artifact.json'
|
||||
FILE_REQUEST_ROUTING_SI = '../../doc/database/3-after-upload-license/request_routing.service_instance.json'
|
||||
FILE_CONFIG_TOKEN = '../../doc/files/config-token.json'
|
||||
FILE_SI_ARTIFACT = '../../doc/database/3-after-upload-license/si_d8c07e4af6a449d0b2dc3faf0e1bf2bd.service_instance_artifact.json'
|
||||
FILE_SI_CONFIG = '../../doc/database/3-after-upload-license/si_d8c07e4af6a449d0b2dc3faf0e1bf2bd.configuration.json'
|
||||
|
||||
### DEFAULTS
|
||||
|
||||
@ -32,8 +34,8 @@ with open(FILE_CONFIG_TOKEN, 'r') as f:
|
||||
NV_CONFIG_TOKEN_RESPONSE = json.loads(f.read())
|
||||
|
||||
with open(FILE_SI_ARTIFACT, 'r') as f:
|
||||
rows = json.loads(f.read())
|
||||
si_identity_rows = list(filter(lambda _: _.get('namespace') == 'service_instance.client.all', rows))
|
||||
si_artifact_rows = json.loads(f.read())
|
||||
si_identity_rows = list(filter(lambda _: _.get('namespace') == 'service_instance.client.all', si_artifact_rows))
|
||||
si_identity_private_key = next(filter(lambda _: _.get('name') == 'private_key', si_identity_rows))
|
||||
si_identity_public_key = next(filter(lambda _: _.get('name') == 'public_key', si_identity_rows))
|
||||
NV_SI_KEY_RSA = si_identity_private_key.get('value')
|
||||
@ -177,15 +179,34 @@ def test_our_config_token():
|
||||
},
|
||||
}
|
||||
|
||||
# todo: maybe DLS_SI_CERTIFICATE['private_key'] todo: try different files
|
||||
# our_correct_sign_key = load_key('our_correct_private_key.pem').export_key().decode('utf-8')
|
||||
# todo: maybe DLS_SI_CERTIFICATE['private_key'], but how to decrypt?!
|
||||
# our_correct_sign_key = load_key('where_is_our_correct_private_key.pem').export_key().decode('utf-8')
|
||||
# our_correct_sign_key = jwk.construct(our_correct_sign_key, algorithm=ALGORITHMS.RS256)
|
||||
nv_sign_key = jwk.construct(nv_si_private_key_pem.decode('utf-8'), algorithm=ALGORITHMS.RS256)
|
||||
|
||||
# our_correct_config_token = jws.sign(payload, key=our_correct_sign_key, headers=None, algorithm=ALGORITHMS.RS256)
|
||||
# until we have not found the correct private key,
|
||||
# fails:
|
||||
# - Table: "service_instance_artifact" => "service_instance.client.all" => "private_key"
|
||||
# - Table: "service_instance_artifact" => "service_instance.identity" => "private_key"
|
||||
# - Table: "public_private_key_pair" => "private_key"
|
||||
# this will fail, until we have not found the correct private key
|
||||
# "jwt_encode_key" has invalid signature (can't be verified with DLS_SI_CERTIFICATE['certificate'])
|
||||
my_config_token = jws.sign(my_payload, key=nv_sign_key, headers=None, algorithm=ALGORITHMS.RS256)
|
||||
with open(FILE_SI_CONFIG, 'r') as f:
|
||||
rows = json.loads(f.read())
|
||||
dls_si_certificate = next(filter(lambda _: _.get('property_name') == 'DLS_SI_CERTIFICATE', rows))
|
||||
dls_si_certificate = dls_si_certificate.get('property_value')
|
||||
dls_si_certificate_private_key = dls_si_certificate.get('private_key')
|
||||
dls_si_certificate_private_key = base64.b64decode(dls_si_certificate_private_key)
|
||||
# Mengsk @ discord:
|
||||
# I think it's AES-GCM encrypted, from the cert I saw key length is 2048b,
|
||||
# which should be 1732 bytes in pem format.
|
||||
# private_key is 1744 bytes looks like pem + 12 bytes gcm
|
||||
assert 1744 == len(dls_si_certificate_private_key)
|
||||
# So that this does not work currently, we'll use code below to have a "working" test example.
|
||||
# In the future, this lines will replace the "placeholder" below
|
||||
# my_sign_key = jwk.construct(dls_si_certificate_private_key.decode('utf-8'), algorithm=ALGORITHMS.RS256)
|
||||
# my_config_token = jws.sign(my_payload, key=my_sign_key, headers=None, algorithm=ALGORITHMS.RS256)
|
||||
placeholder_sign_key = jwk.construct(nv_si_private_key_pem, algorithm=ALGORITHMS.RS256)
|
||||
|
||||
my_config_token = jws.sign(my_payload, key=placeholder_sign_key, headers=None, algorithm=ALGORITHMS.RS256)
|
||||
|
||||
my_response = {
|
||||
"certificateConfiguration": {
|
||||
|
||||
Loading…
Reference in New Issue
Block a user