def test_get_cert_that_needs_approval(opt_adcs, opt_username, opt_password, opt_mantemplate): csr = create_csr() pem_csr = OpenSSL.crypto.dump_certificate_request( OpenSSL.crypto.FILETYPE_PEM, csr) with pytest.raises(certsrv.CertificatePendingException) as excinfo: certsrv.get_cert(opt_adcs, pem_csr, opt_mantemplate, opt_username, opt_password) assert 'you must wait for an administrator' in str(excinfo.value)
def test_get_cert_invalid_template(opt_adcs, opt_username, opt_password): csr = create_csr() pem_csr = OpenSSL.crypto.dump_certificate_request( OpenSSL.crypto.FILETYPE_PEM, csr) with pytest.raises(certsrv.RequestDeniedException) as excinfo: certsrv.get_cert(opt_adcs, pem_csr, 'NotATemplate', opt_username, opt_password) assert 'The request was for a certificate template that is not supported' in str( excinfo.value)
def test_get_cert_with_wrong_cafile(opt_adcs): dir_path = os.path.dirname(os.path.realpath(__file__)) ca_bundle = '%s/test_dummy-ca-cert.pem' % dir_path with pytest.raises(SSLError) as excinfo: certsrv.get_cert(opt_adcs, 'fake csr', 'Template', 'username', 'password', cafile=ca_bundle)
def test_get_cert_with_cafile(opt_adcs, opt_username, opt_password, opt_template, opt_cafile): if not opt_cafile: pytest.skip("No CA bundle configured") os.environ['SSL_CERT_FILE'] = './fakepath' csr = create_csr() pem_csr = OpenSSL.crypto.dump_certificate_request(OpenSSL.crypto.FILETYPE_PEM, csr) pem_cert = certsrv.get_cert(opt_adcs, pem_csr, opt_template, opt_username, opt_password, cafile=opt_cafile) cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, pem_cert)
def test_get_cert_der(opt_adcs, opt_username, opt_password, opt_template): csr = create_csr() pem_csr = OpenSSL.crypto.dump_certificate_request( OpenSSL.crypto.FILETYPE_PEM, csr) der_cert = certsrv.get_cert(opt_adcs, pem_csr, opt_template, opt_username, opt_password, 'bin') cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_ASN1, der_cert) check_cert_matches_csr_and_issuer(csr, cert, opt_adcs, opt_username, opt_password)
def gen_cert(csr, server, template, username, password): print('Starting cert request') f = open(csr, 'r') #open csr file request = f.read() f.close() cert_response = get_cert(server, request, template, username, password) f1 = open('newcert.crt', 'wb+') #create empty certificate file f1.write(cert_response) f1.close() print('Done, see newcert.crt in the current directory')
def test_get_cert_with_ntlm(opt_adcs, opt_username, opt_password, opt_template): csr = create_csr() pem_csr = OpenSSL.crypto.dump_certificate_request( OpenSSL.crypto.FILETYPE_PEM, csr) pem_cert = certsrv.get_cert(opt_adcs, pem_csr, opt_template, opt_username, opt_password, auth_method='ntlm') cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, pem_cert) check_cert_matches_csr_and_issuer(csr, cert, opt_adcs, opt_username, opt_password)
def test_get_cert_invalid_csr(opt_adcs, opt_username, opt_password, opt_template): with pytest.raises(certsrv.RequestDeniedException) as excinfo: certsrv.get_cert(opt_adcs, 'NotACsr', opt_template, opt_username, opt_password) assert 'Error Parsing Request' in str(excinfo.value)
def test_get_cert_with_wrong_cafile(opt_adcs): dir_path = os.path.dirname(os.path.realpath(__file__)) ca_bundle = '%s/test_dummy-ca-cert.pem' % dir_path with pytest.raises(URLError) as excinfo: certsrv.get_cert(opt_adcs, 'fake csr', 'Template', 'username', 'password', cafile=ca_bundle) assert excinfo.value.reason.reason == 'CERTIFICATE_VERIFY_FAILED'