updated test
This commit is contained in:
parent
f7e084c5c2
commit
a923e7e321
@ -1,3 +1,4 @@
|
|||||||
|
import base64
|
||||||
import json
|
import json
|
||||||
from calendar import timegm
|
from calendar import timegm
|
||||||
from datetime import datetime, UTC, timedelta
|
from datetime import datetime, UTC, timedelta
|
||||||
@ -19,9 +20,10 @@ Any variables prefixed with `MY_` or `my_` are variables which are set by fastap
|
|||||||
|
|
||||||
### FILES
|
### FILES
|
||||||
|
|
||||||
FILE_REQUEST_ROUTING_SI = f'../../doc/database/3-after-upload-license/request_routing.service_instance.json'
|
FILE_REQUEST_ROUTING_SI = '../../doc/database/3-after-upload-license/request_routing.service_instance.json'
|
||||||
FILE_CONFIG_TOKEN = f'../../doc/files/config-token.json'
|
FILE_CONFIG_TOKEN = '../../doc/files/config-token.json'
|
||||||
FILE_SI_ARTIFACT = f'../../doc/database/3-after-upload-license/si_d8c07e4af6a449d0b2dc3faf0e1bf2bd.service_instance_artifact.json'
|
FILE_SI_ARTIFACT = '../../doc/database/3-after-upload-license/si_d8c07e4af6a449d0b2dc3faf0e1bf2bd.service_instance_artifact.json'
|
||||||
|
FILE_SI_CONFIG = '../../doc/database/3-after-upload-license/si_d8c07e4af6a449d0b2dc3faf0e1bf2bd.configuration.json'
|
||||||
|
|
||||||
### DEFAULTS
|
### DEFAULTS
|
||||||
|
|
||||||
@ -32,8 +34,8 @@ with open(FILE_CONFIG_TOKEN, 'r') as f:
|
|||||||
NV_CONFIG_TOKEN_RESPONSE = json.loads(f.read())
|
NV_CONFIG_TOKEN_RESPONSE = json.loads(f.read())
|
||||||
|
|
||||||
with open(FILE_SI_ARTIFACT, 'r') as f:
|
with open(FILE_SI_ARTIFACT, 'r') as f:
|
||||||
rows = json.loads(f.read())
|
si_artifact_rows = json.loads(f.read())
|
||||||
si_identity_rows = list(filter(lambda _: _.get('namespace') == 'service_instance.client.all', rows))
|
si_identity_rows = list(filter(lambda _: _.get('namespace') == 'service_instance.client.all', si_artifact_rows))
|
||||||
si_identity_private_key = next(filter(lambda _: _.get('name') == 'private_key', si_identity_rows))
|
si_identity_private_key = next(filter(lambda _: _.get('name') == 'private_key', si_identity_rows))
|
||||||
si_identity_public_key = next(filter(lambda _: _.get('name') == 'public_key', si_identity_rows))
|
si_identity_public_key = next(filter(lambda _: _.get('name') == 'public_key', si_identity_rows))
|
||||||
NV_SI_KEY_RSA = si_identity_private_key.get('value')
|
NV_SI_KEY_RSA = si_identity_private_key.get('value')
|
||||||
@ -177,15 +179,34 @@ def test_our_config_token():
|
|||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
# todo: maybe DLS_SI_CERTIFICATE['private_key'] todo: try different files
|
# todo: maybe DLS_SI_CERTIFICATE['private_key'], but how to decrypt?!
|
||||||
# our_correct_sign_key = load_key('our_correct_private_key.pem').export_key().decode('utf-8')
|
# our_correct_sign_key = load_key('where_is_our_correct_private_key.pem').export_key().decode('utf-8')
|
||||||
# our_correct_sign_key = jwk.construct(our_correct_sign_key, algorithm=ALGORITHMS.RS256)
|
# our_correct_sign_key = jwk.construct(our_correct_sign_key, algorithm=ALGORITHMS.RS256)
|
||||||
nv_sign_key = jwk.construct(nv_si_private_key_pem.decode('utf-8'), algorithm=ALGORITHMS.RS256)
|
|
||||||
|
|
||||||
# our_correct_config_token = jws.sign(payload, key=our_correct_sign_key, headers=None, algorithm=ALGORITHMS.RS256)
|
# our_correct_config_token = jws.sign(payload, key=our_correct_sign_key, headers=None, algorithm=ALGORITHMS.RS256)
|
||||||
# until we have not found the correct private key,
|
# fails:
|
||||||
|
# - Table: "service_instance_artifact" => "service_instance.client.all" => "private_key"
|
||||||
|
# - Table: "service_instance_artifact" => "service_instance.identity" => "private_key"
|
||||||
|
# - Table: "public_private_key_pair" => "private_key"
|
||||||
|
# this will fail, until we have not found the correct private key
|
||||||
# "jwt_encode_key" has invalid signature (can't be verified with DLS_SI_CERTIFICATE['certificate'])
|
# "jwt_encode_key" has invalid signature (can't be verified with DLS_SI_CERTIFICATE['certificate'])
|
||||||
my_config_token = jws.sign(my_payload, key=nv_sign_key, headers=None, algorithm=ALGORITHMS.RS256)
|
with open(FILE_SI_CONFIG, 'r') as f:
|
||||||
|
rows = json.loads(f.read())
|
||||||
|
dls_si_certificate = next(filter(lambda _: _.get('property_name') == 'DLS_SI_CERTIFICATE', rows))
|
||||||
|
dls_si_certificate = dls_si_certificate.get('property_value')
|
||||||
|
dls_si_certificate_private_key = dls_si_certificate.get('private_key')
|
||||||
|
dls_si_certificate_private_key = base64.b64decode(dls_si_certificate_private_key)
|
||||||
|
# Mengsk @ discord:
|
||||||
|
# I think it's AES-GCM encrypted, from the cert I saw key length is 2048b,
|
||||||
|
# which should be 1732 bytes in pem format.
|
||||||
|
# private_key is 1744 bytes looks like pem + 12 bytes gcm
|
||||||
|
assert 1744 == len(dls_si_certificate_private_key)
|
||||||
|
# So that this does not work currently, we'll use code below to have a "working" test example.
|
||||||
|
# In the future, this lines will replace the "placeholder" below
|
||||||
|
# my_sign_key = jwk.construct(dls_si_certificate_private_key.decode('utf-8'), algorithm=ALGORITHMS.RS256)
|
||||||
|
# my_config_token = jws.sign(my_payload, key=my_sign_key, headers=None, algorithm=ALGORITHMS.RS256)
|
||||||
|
placeholder_sign_key = jwk.construct(nv_si_private_key_pem, algorithm=ALGORITHMS.RS256)
|
||||||
|
|
||||||
|
my_config_token = jws.sign(my_payload, key=placeholder_sign_key, headers=None, algorithm=ALGORITHMS.RS256)
|
||||||
|
|
||||||
my_response = {
|
my_response = {
|
||||||
"certificateConfiguration": {
|
"certificateConfiguration": {
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user