added notes and example code for 76 char wide pem

src/test/test_config_token.py

@@ -1,7 +1,7 @@
 import json
 from calendar import timegm
 from datetime import datetime, UTC, timedelta
-
+from textwrap import wrap
 from cryptography import x509
 from cryptography.hazmat._oid import NameOID
 from cryptography.hazmat.primitives import serialization, hashes
@@ -376,7 +376,7 @@ def test_our_config_token_with_our_key():
         .add_extension(x509.SubjectAlternativeName([
             x509.DNSName('4e53a171-103b-4946-9ed8-5f4c0ee750d9')
         ]), critical=False)
-        .sign(my_si_private_key, hashes.SHA256()))
+        .sign(my_ca_private_key, hashes.SHA256()))
 
     my_si_public_key_exp = my_si_certificate.public_key().public_numbers().e
     my_si_public_key_mod = f'{my_si_certificate.public_key().public_numbers().n:x}'  # hex value without "0x" prefix
@@ -403,6 +403,7 @@ def test_our_config_token_with_our_key():
                 "mod": hex(my_si_public_key.public_numbers().n)[2:],
                 "exp": int(my_si_public_key.public_numbers().e),
             },
+            # 64 chars per line (pem default)
             "service_instance_public_key_pem": my_si_public_key_as_pem.decode('utf-8').strip(),
             "key_retention_mode": "LATEST_ONLY"
         },
@@ -411,10 +412,29 @@ def test_our_config_token_with_our_key():
     my_sign_key = jwk.construct(my_si_private_key_as_pem.decode('utf-8'), algorithm=ALGORITHMS.RS256)
     my_config_token = jws.sign(payload, key=my_sign_key, headers=None, algorithm=ALGORITHMS.RS256)
 
+    # generate a 76 char wide pem (does not work either, so this code can be removed)
+    response_ca_chain = my_ca_certificate.public_bytes(encoding=Encoding.PEM).decode('utf-8')
+    response_ca_chain = response_ca_chain.replace('-----BEGIN CERTIFICATE-----', '')
+    response_ca_chain = response_ca_chain.replace('-----END CERTIFICATE-----', '')
+    response_ca_chain = response_ca_chain.replace('\n', '')
+    response_ca_chain = wrap(response_ca_chain, 76)
+    response_ca_chain = '\r\n'.join(response_ca_chain)
+    response_ca_chain = f'-----BEGIN CERTIFICATE-----\r\n{response_ca_chain}\r\n-----END CERTIFICATE-----'
+
+    response_si_certificate = my_si_certificate.public_bytes(encoding=Encoding.PEM).decode('utf-8')
+    response_si_certificate = response_si_certificate.replace('-----BEGIN CERTIFICATE-----', '')
+    response_si_certificate = response_si_certificate.replace('-----END CERTIFICATE-----', '')
+    response_si_certificate = response_si_certificate.replace('\n', '')
+    response_si_certificate = wrap(response_si_certificate, 76)
+    response_si_certificate = '\r\n'.join(response_si_certificate)
+    response_si_certificate = f'-----BEGIN CERTIFICATE-----\r\n{response_si_certificate}\r\n-----END CERTIFICATE-----'
+
     response = {
         "certificateConfiguration": {
-            "caChain": [my_ca_certificate.public_bytes(encoding=Encoding.PEM).decode('utf-8').strip().replace('\n','\r\n')],
+            # 76 chars per line
-            "publicCert": my_si_certificate.public_bytes(encoding=Encoding.PEM).decode('utf-8').strip().replace('\n','\r\n'),
+            "caChain": [response_ca_chain],
+            # 76 chars per line
+            "publicCert": response_si_certificate,
             "publicKey": {
                 "exp": int(my_si_certificate.public_key().public_numbers().e),
                 "mod": [hex(my_si_certificate.public_key().public_numbers().n)[2:]],