updated test

This commit is contained in:
Oscar Krause 2025-03-27 08:05:56 +01:00
parent f7e084c5c2
commit a923e7e321

View File

@ -1,3 +1,4 @@
import base64
import json
from calendar import timegm
from datetime import datetime, UTC, timedelta
@ -19,9 +20,10 @@ Any variables prefixed with `MY_` or `my_` are variables which are set by fastap
### FILES
FILE_REQUEST_ROUTING_SI = f'../../doc/database/3-after-upload-license/request_routing.service_instance.json'
FILE_CONFIG_TOKEN = f'../../doc/files/config-token.json'
FILE_SI_ARTIFACT = f'../../doc/database/3-after-upload-license/si_d8c07e4af6a449d0b2dc3faf0e1bf2bd.service_instance_artifact.json'
FILE_REQUEST_ROUTING_SI = '../../doc/database/3-after-upload-license/request_routing.service_instance.json'
FILE_CONFIG_TOKEN = '../../doc/files/config-token.json'
FILE_SI_ARTIFACT = '../../doc/database/3-after-upload-license/si_d8c07e4af6a449d0b2dc3faf0e1bf2bd.service_instance_artifact.json'
FILE_SI_CONFIG = '../../doc/database/3-after-upload-license/si_d8c07e4af6a449d0b2dc3faf0e1bf2bd.configuration.json'
### DEFAULTS
@ -32,8 +34,8 @@ with open(FILE_CONFIG_TOKEN, 'r') as f:
NV_CONFIG_TOKEN_RESPONSE = json.loads(f.read())
with open(FILE_SI_ARTIFACT, 'r') as f:
rows = json.loads(f.read())
si_identity_rows = list(filter(lambda _: _.get('namespace') == 'service_instance.client.all', rows))
si_artifact_rows = json.loads(f.read())
si_identity_rows = list(filter(lambda _: _.get('namespace') == 'service_instance.client.all', si_artifact_rows))
si_identity_private_key = next(filter(lambda _: _.get('name') == 'private_key', si_identity_rows))
si_identity_public_key = next(filter(lambda _: _.get('name') == 'public_key', si_identity_rows))
NV_SI_KEY_RSA = si_identity_private_key.get('value')
@ -177,15 +179,34 @@ def test_our_config_token():
},
}
# todo: maybe DLS_SI_CERTIFICATE['private_key'] todo: try different files
# our_correct_sign_key = load_key('our_correct_private_key.pem').export_key().decode('utf-8')
# todo: maybe DLS_SI_CERTIFICATE['private_key'], but how to decrypt?!
# our_correct_sign_key = load_key('where_is_our_correct_private_key.pem').export_key().decode('utf-8')
# our_correct_sign_key = jwk.construct(our_correct_sign_key, algorithm=ALGORITHMS.RS256)
nv_sign_key = jwk.construct(nv_si_private_key_pem.decode('utf-8'), algorithm=ALGORITHMS.RS256)
# our_correct_config_token = jws.sign(payload, key=our_correct_sign_key, headers=None, algorithm=ALGORITHMS.RS256)
# until we have not found the correct private key,
# fails:
# - Table: "service_instance_artifact" => "service_instance.client.all" => "private_key"
# - Table: "service_instance_artifact" => "service_instance.identity" => "private_key"
# - Table: "public_private_key_pair" => "private_key"
# this will fail, until we have not found the correct private key
# "jwt_encode_key" has invalid signature (can't be verified with DLS_SI_CERTIFICATE['certificate'])
my_config_token = jws.sign(my_payload, key=nv_sign_key, headers=None, algorithm=ALGORITHMS.RS256)
with open(FILE_SI_CONFIG, 'r') as f:
rows = json.loads(f.read())
dls_si_certificate = next(filter(lambda _: _.get('property_name') == 'DLS_SI_CERTIFICATE', rows))
dls_si_certificate = dls_si_certificate.get('property_value')
dls_si_certificate_private_key = dls_si_certificate.get('private_key')
dls_si_certificate_private_key = base64.b64decode(dls_si_certificate_private_key)
# Mengsk @ discord:
# I think it's AES-GCM encrypted, from the cert I saw key length is 2048b,
# which should be 1732 bytes in pem format.
# private_key is 1744 bytes looks like pem + 12 bytes gcm
assert 1744 == len(dls_si_certificate_private_key)
# So that this does not work currently, we'll use code below to have a "working" test example.
# In the future, this lines will replace the "placeholder" below
# my_sign_key = jwk.construct(dls_si_certificate_private_key.decode('utf-8'), algorithm=ALGORITHMS.RS256)
# my_config_token = jws.sign(my_payload, key=my_sign_key, headers=None, algorithm=ALGORITHMS.RS256)
placeholder_sign_key = jwk.construct(nv_si_private_key_pem, algorithm=ALGORITHMS.RS256)
my_config_token = jws.sign(my_payload, key=placeholder_sign_key, headers=None, algorithm=ALGORITHMS.RS256)
my_response = {
"certificateConfiguration": {