def test_revoking_ca():
with intermediate_certificate_authority(
'root_ca', 'intermediate_ca') as (root_ca, intermediate_ca):
cert = call('certificate.create', {
'name': 'cert_test',
'signedby': intermediate_ca['id'],
'create_type': 'CERTIFICATE_CREATE_INTERNAL',
**get_cert_params(),
},
job=True)
try:
assert intermediate_ca['can_be_revoked'] is True, intermediate_ca
intermediate_ca = call('certificateauthority.update',
intermediate_ca['id'], {'revoked': True})
assert intermediate_ca['revoked'] is True, intermediate_ca
cert = call('certificate.get_instance', cert['id'])
assert cert['revoked'] is True, cert
root_ca = call('certificateauthority.get_instance', root_ca['id'])
assert len(root_ca['revoked_certs']) == 2, root_ca
assert len(intermediate_ca['revoked_certs']) == 2, intermediate_ca
check_set = {intermediate_ca['certificate'], cert['certificate']}
assert set(
c['certificate'] for c in
intermediate_ca['revoked_certs']) == check_set, intermediate_ca
assert set(c['certificate']
for c in root_ca['revoked_certs']) == check_set, root_ca
finally:
call('certificate.delete', cert['id'], job=True)
def test_deleted_certs_dont_exist_on_filesystem():
with intermediate_certificate_authority(
'root_ca2', 'intermediate_ca2') as (root_ca2, intermediate_ca2):
# no-op
pass
with certificate_signing_request('csr_test2') as csr2:
pass
assert get_cert_current_files() == get_cert_expected_files()
def test_creating_cert_from_intermediate_ca():
with intermediate_certificate_authority(
'root_ca', 'intermediate_ca') as (root_ca, intermediate_ca):
cert = call('certificate.create', {
'name': 'cert_test',
'signedby': intermediate_ca['id'],
'create_type': 'CERTIFICATE_CREATE_INTERNAL',
**get_cert_params(),
},
job=True)
try:
assert cert['cert_type_internal'] is True, cert
finally:
call('certificate.delete', cert['id'], job=True)
def test_created_certs_exist_on_filesystem():
with intermediate_certificate_authority(
'root_ca', 'intermediate_ca') as (root_ca, intermediate_ca):
with certificate_signing_request('csr_test') as csr:
cert = call('certificate.create', {
'name': 'cert_test',
'signedby': intermediate_ca['id'],
'create_type': 'CERTIFICATE_CREATE_INTERNAL',
**get_cert_params(),
},
job=True)
try:
assert get_cert_current_files() == get_cert_expected_files()
finally:
call('certificate.delete', cert['id'], job=True)
def test_cert_issuer_reported_correctly():
with intermediate_certificate_authority(
'root_ca', 'intermediate_ca') as (root_ca, intermediate_ca):
cert = call('certificate.create', {
'name': 'cert_test',
'signedby': intermediate_ca['id'],
'create_type': 'CERTIFICATE_CREATE_INTERNAL',
**get_cert_params(),
},
job=True)
intermediate_ca = call('certificateauthority.get_instance',
intermediate_ca['id'])
try:
assert cert['issuer'] == intermediate_ca, cert
finally:
call('certificate.delete', cert['id'], job=True)