Beispiel #1
0
def test_fingerprint():
    cryptography.generate_key()
    cryptography.generate_certificate()
    cert = cryptography.load_certificate(cryptography.get_default_cert_path())

    # don't care about the fingerprint value
    # test that calling the function does not raise an exception
    cryptography.get_fingerprint(cert)
    cryptography.get_fingerprint(cert, algorithm='SHA1')
    cryptography.get_fingerprint(cert, algorithm=cryptography.hashes.SHA1())
    cryptography.get_fingerprint(cert, algorithm='blake2s', digest_size=32)
    cryptography.get_fingerprint(cert, algorithm=cryptography.hashes.BLAKE2b(64))
Beispiel #2
0
def test_rsa(kwargs):
    key_file, cert_file = remove_files()

    out = cryptography.generate_key(
        path=key_file, password=kwargs['password'], size=kwargs['size']
    )
    assert out == key_file

    out = cryptography.generate_certificate(
        path=cert_file, key_path=key_file, key_password=kwargs['password'],
        algorithm=kwargs['algorithm'], years_valid=kwargs['years_valid'],
    )
    assert out == cert_file

    cert = cryptography.load_certificate(cert_file)
    meta = cryptography.get_metadata(cert)
    assert meta['issuer']['common_name'] == HOSTNAME
    assert meta['subject']['common_name'] == HOSTNAME
    assert meta['key']['encryption'] == 'RSA'
    assert meta['key']['exponent'] == 65537
    assert meta['key']['size'] == kwargs['size']
    assert meta['fingerprint'] == cryptography.get_fingerprint(cert)
    duration = meta['valid_to'].year - meta['valid_from'].year
    if kwargs['years_valid'] is None:
        assert duration == DEFAULT_YEARS_VALID
    else:
        assert duration == kwargs['years_valid']
Beispiel #3
0
def test_get_metadata_as_string():
    cert = cryptography.load_certificate(cryptography.generate_certificate())
    string = cryptography.get_metadata_as_string(cert)
    assert re.search(r'Encryption: RSA', string)
    assert re.search(r'Size: 2048', string)
    assert re.search(r'Common Name: {}'.format(HOSTNAME), string)
    assert re.search(cryptography.get_fingerprint(cert), string)
Beispiel #4
0
def test_stdout(capsys):
    path = generate_certificate()
    process('certdump {}'.format(path))
    out, err = capsys.readouterr()
    out_lines = out.splitlines()
    assert not err
    assert out_lines[0] == 'Version: v3'
    assert out_lines[-2] == 'Fingerprint (SHA1):'
    assert out_lines[-1] == get_fingerprint(load_certificate(path))
Beispiel #5
0
def test_show(capsys):
    process('certgen --show')
    out, err = capsys.readouterr()
    assert not err
    out_lines = out.splitlines()
    assert out_lines[0] == 'Created the self-signed certificate {!r}'.format(get_default_cert_path())
    assert not out_lines[1]
    assert out_lines[2] == 'Version: v3'
    assert out_lines[-2] == 'Fingerprint (SHA1):'
    assert out_lines[-1] == get_fingerprint(load_certificate(get_default_cert_path()))
Beispiel #6
0
def test_file(capsys):
    tmp = os.path.join(tempfile.gettempdir(), 'out.tmp')
    path = generate_certificate()
    process('certdump {} --out {}'.format(path, tmp))
    out, err = capsys.readouterr()
    assert out.rstrip() == 'Dumped the certificate details to ' + tmp
    assert not err

    with open(tmp, mode='rt') as fp:
        lines = [line.rstrip() for line in fp.readlines()]

    assert lines[0] == 'Certificate details for {}'.format(path)
    assert lines[1] == 'Version: v3'
    assert lines[-2] == 'Fingerprint (SHA1):'
    assert lines[-1] == get_fingerprint(load_certificate(path))

    os.remove(tmp)