2012-06-27 04:42:00 +00:00
|
|
|
import os
|
2014-03-10 04:29:27 +00:00
|
|
|
from netlib import certutils, certffi
|
2014-03-05 00:19:16 +00:00
|
|
|
import OpenSSL
|
2012-06-27 04:42:00 +00:00
|
|
|
import tutils
|
|
|
|
|
2014-07-18 20:55:25 +00:00
|
|
|
# class TestDNTree:
|
|
|
|
# def test_simple(self):
|
|
|
|
# d = certutils.DNTree()
|
|
|
|
# d.add("foo.com", "foo")
|
|
|
|
# d.add("bar.com", "bar")
|
|
|
|
# assert d.get("foo.com") == "foo"
|
|
|
|
# assert d.get("bar.com") == "bar"
|
|
|
|
# assert not d.get("oink.com")
|
|
|
|
# assert not d.get("oink")
|
|
|
|
# assert not d.get("")
|
|
|
|
# assert not d.get("oink.oink")
|
|
|
|
#
|
|
|
|
# d.add("*.match.org", "match")
|
|
|
|
# assert not d.get("match.org")
|
|
|
|
# assert d.get("foo.match.org") == "match"
|
|
|
|
# assert d.get("foo.foo.match.org") == "match"
|
|
|
|
#
|
|
|
|
# def test_wildcard(self):
|
|
|
|
# d = certutils.DNTree()
|
|
|
|
# d.add("foo.com", "foo")
|
|
|
|
# assert not d.get("*.foo.com")
|
|
|
|
# d.add("*.foo.com", "wild")
|
|
|
|
#
|
|
|
|
# d = certutils.DNTree()
|
|
|
|
# d.add("*", "foo")
|
|
|
|
# assert d.get("foo.com") == "foo"
|
|
|
|
# assert d.get("*.foo.com") == "foo"
|
|
|
|
# assert d.get("com") == "foo"
|
2014-03-05 00:19:16 +00:00
|
|
|
|
2012-06-27 04:42:00 +00:00
|
|
|
|
2013-01-05 12:15:53 +00:00
|
|
|
class TestCertStore:
|
2015-05-27 09:18:54 +00:00
|
|
|
|
2013-01-05 12:15:53 +00:00
|
|
|
def test_create_explicit(self):
|
|
|
|
with tutils.tmpdir() as d:
|
2014-03-04 01:12:58 +00:00
|
|
|
ca = certutils.CertStore.from_store(d, "test")
|
|
|
|
assert ca.get_cert("foo", [])
|
|
|
|
|
|
|
|
ca2 = certutils.CertStore.from_store(d, "test")
|
|
|
|
assert ca2.get_cert("foo", [])
|
|
|
|
|
2014-10-08 18:46:30 +00:00
|
|
|
assert ca.default_ca.get_serial_number() == ca2.default_ca.get_serial_number()
|
2013-01-05 12:15:53 +00:00
|
|
|
|
|
|
|
def test_create_tmp(self):
|
|
|
|
with tutils.tmpdir() as d:
|
2014-03-04 01:12:58 +00:00
|
|
|
ca = certutils.CertStore.from_store(d, "test")
|
|
|
|
assert ca.get_cert("foo.com", [])
|
|
|
|
assert ca.get_cert("foo.com", [])
|
|
|
|
assert ca.get_cert("*.foo.com", [])
|
2013-01-05 12:15:53 +00:00
|
|
|
|
2014-03-05 00:19:16 +00:00
|
|
|
r = ca.get_cert("*.foo.com", [])
|
2014-10-08 22:15:39 +00:00
|
|
|
assert r[1] == ca.default_privatekey
|
2014-03-05 00:19:16 +00:00
|
|
|
|
|
|
|
def test_add_cert(self):
|
|
|
|
with tutils.tmpdir() as d:
|
|
|
|
ca = certutils.CertStore.from_store(d, "test")
|
|
|
|
|
|
|
|
def test_sans(self):
|
|
|
|
with tutils.tmpdir() as d:
|
|
|
|
ca = certutils.CertStore.from_store(d, "test")
|
|
|
|
c1 = ca.get_cert("foo.com", ["*.bar.com"])
|
|
|
|
c2 = ca.get_cert("foo.bar.com", [])
|
2014-07-18 20:55:25 +00:00
|
|
|
# assert c1 == c2
|
2014-03-05 00:19:16 +00:00
|
|
|
c3 = ca.get_cert("bar.com", [])
|
|
|
|
assert not c1 == c3
|
|
|
|
|
2014-07-16 23:47:24 +00:00
|
|
|
def test_sans_change(self):
|
|
|
|
with tutils.tmpdir() as d:
|
|
|
|
ca = certutils.CertStore.from_store(d, "test")
|
|
|
|
_ = ca.get_cert("foo.com", ["*.bar.com"])
|
2014-10-08 18:46:30 +00:00
|
|
|
cert, key, chain_file = ca.get_cert("foo.bar.com", ["*.baz.com"])
|
2014-07-16 23:47:24 +00:00
|
|
|
assert "*.baz.com" in cert.altnames
|
|
|
|
|
2014-03-05 00:19:16 +00:00
|
|
|
def test_overrides(self):
|
|
|
|
with tutils.tmpdir() as d:
|
|
|
|
ca1 = certutils.CertStore.from_store(os.path.join(d, "ca1"), "test")
|
|
|
|
ca2 = certutils.CertStore.from_store(os.path.join(d, "ca2"), "test")
|
2014-10-08 18:46:30 +00:00
|
|
|
assert not ca1.default_ca.get_serial_number() == ca2.default_ca.get_serial_number()
|
2014-03-05 00:19:16 +00:00
|
|
|
|
2015-02-27 21:02:52 +00:00
|
|
|
dc = ca2.get_cert("foo.com", ["sans.example.com"])
|
2014-03-05 00:19:16 +00:00
|
|
|
dcp = os.path.join(d, "dc")
|
|
|
|
f = open(dcp, "wb")
|
|
|
|
f.write(dc[0].to_pem())
|
|
|
|
f.close()
|
|
|
|
ca1.add_cert_file("foo.com", dcp)
|
|
|
|
|
|
|
|
ret = ca1.get_cert("foo.com", [])
|
|
|
|
assert ret[0].serial == dc[0].serial
|
|
|
|
|
2014-03-10 04:29:27 +00:00
|
|
|
def test_gen_pkey(self):
|
|
|
|
try:
|
|
|
|
with tutils.tmpdir() as d:
|
|
|
|
ca1 = certutils.CertStore.from_store(os.path.join(d, "ca1"), "test")
|
|
|
|
ca2 = certutils.CertStore.from_store(os.path.join(d, "ca2"), "test")
|
|
|
|
cert = ca1.get_cert("foo.com", [])
|
|
|
|
assert certffi.get_flags(ca2.gen_pkey(cert[0])) == 1
|
|
|
|
finally:
|
2014-10-08 22:15:39 +00:00
|
|
|
certffi.set_flags(ca2.default_privatekey, 0)
|
2014-03-10 04:29:27 +00:00
|
|
|
|
2013-01-05 12:15:53 +00:00
|
|
|
|
2012-06-27 04:42:00 +00:00
|
|
|
class TestDummyCert:
|
2015-05-27 09:18:54 +00:00
|
|
|
|
2012-06-27 04:42:00 +00:00
|
|
|
def test_with_ca(self):
|
|
|
|
with tutils.tmpdir() as d:
|
2014-03-04 01:12:58 +00:00
|
|
|
ca = certutils.CertStore.from_store(d, "test")
|
2013-08-12 04:03:29 +00:00
|
|
|
r = certutils.dummy_cert(
|
2014-10-08 22:15:39 +00:00
|
|
|
ca.default_privatekey,
|
2014-10-08 18:46:30 +00:00
|
|
|
ca.default_ca,
|
2012-06-27 04:42:00 +00:00
|
|
|
"foo.com",
|
|
|
|
["one.com", "two.com", "*.three.com"]
|
|
|
|
)
|
2013-08-12 04:03:29 +00:00
|
|
|
assert r.cn == "foo.com"
|
2012-06-27 04:42:00 +00:00
|
|
|
|
|
|
|
|
|
|
|
class TestSSLCert:
|
2015-05-27 09:18:54 +00:00
|
|
|
|
2012-06-27 04:42:00 +00:00
|
|
|
def test_simple(self):
|
2014-08-16 16:35:58 +00:00
|
|
|
with open(tutils.test_data.path("data/text_cert"), "rb") as f:
|
|
|
|
d = f.read()
|
2015-02-27 21:02:52 +00:00
|
|
|
c1 = certutils.SSLCert.from_pem(d)
|
|
|
|
assert c1.cn == "google.com"
|
|
|
|
assert len(c1.altnames) == 436
|
2012-06-27 04:42:00 +00:00
|
|
|
|
2014-08-16 16:35:58 +00:00
|
|
|
with open(tutils.test_data.path("data/text_cert_2"), "rb") as f:
|
|
|
|
d = f.read()
|
2015-02-27 21:02:52 +00:00
|
|
|
c2 = certutils.SSLCert.from_pem(d)
|
|
|
|
assert c2.cn == "www.inode.co.nz"
|
|
|
|
assert len(c2.altnames) == 2
|
|
|
|
assert c2.digest("sha1")
|
|
|
|
assert c2.notbefore
|
|
|
|
assert c2.notafter
|
|
|
|
assert c2.subject
|
|
|
|
assert c2.keyinfo == ("RSA", 2048)
|
|
|
|
assert c2.serial
|
|
|
|
assert c2.issuer
|
|
|
|
assert c2.to_pem()
|
|
|
|
assert c2.has_expired is not None
|
|
|
|
|
|
|
|
assert not c1 == c2
|
|
|
|
assert c1 != c2
|
2012-06-27 04:42:00 +00:00
|
|
|
|
2012-07-24 02:55:54 +00:00
|
|
|
def test_err_broken_sans(self):
|
2014-08-16 16:35:58 +00:00
|
|
|
with open(tutils.test_data.path("data/text_cert_weird1"), "rb") as f:
|
|
|
|
d = f.read()
|
|
|
|
c = certutils.SSLCert.from_pem(d)
|
2012-07-24 02:55:54 +00:00
|
|
|
# This breaks unless we ignore a decoding error.
|
2015-02-27 21:02:52 +00:00
|
|
|
assert c.altnames is not None
|
2012-07-24 02:55:54 +00:00
|
|
|
|
2012-06-27 04:42:00 +00:00
|
|
|
def test_der(self):
|
2014-08-16 16:35:58 +00:00
|
|
|
with open(tutils.test_data.path("data/dercert"), "rb") as f:
|
|
|
|
d = f.read()
|
2012-06-27 04:42:00 +00:00
|
|
|
s = certutils.SSLCert.from_der(d)
|
|
|
|
assert s.cn
|