def testSignaturePKI(self):
"""
Symbol © is for testing utf8
"""
before = datetime(2010, 01, 01, 6, tzinfo=ASN1.UTC)
after = datetime(2015, 01, 01, 6, tzinfo=ASN1.UTC)
ca_pwd = "R00tz"
c_pwd = "1234"
# CA and Client keys
ca_key = Key.generate(ca_pwd)
#print "\nCA PRIVATE\n", ca_key.private, "\n"
c_key = Key.generate(c_pwd)
#print "\nC PRIVATE\n", c_key.private, "\n"
#print "\nC PUB\n", c_key.public, "\n"
# CA Cert
ca_cert = Certificate()
ca_cert.CN = "Admin ©"
ca_cert.country = "FR"
ca_cert.key = ca_key
ca_cert.begin = before
ca_cert.end = after
ca_cert.is_ca = True
ca_cert.generate_x509_root(ca_pwd)
ca_cert.save()
self.assertEqual(ca_cert.ca_serial, 1)
#print "\nCA cert\n", ca_cert.pem, "\n"
# Client's request
rqst = CertificateRequest()
rqst.CN = "World Company ©"
rqst.country = "FR"
rqst.key = c_key
rqst.sign_request(c_pwd)
rqst.save()
#print "\nRQST\n", rqst.pem, "\n"
c_cert = ca_cert.sign_request(rqst, 300, ca_pwd)
c_cert.save()
#print "\nC_CERT\n", c_cert.pem, "\n"
self.assertEqual(c_cert.serial, '2')
self.assertEqual(ca_cert.ca_serial, 2)
self.assertTrue("Signature ok" not in c_cert.pem)
self.assertFalse(c_cert.trust)
self.assertTrue(ca_cert.trust)
self.assertTrue(ca_cert.certhash)
self.assertTrue(c_cert.certhash)
c_cert = Certificate.objects.get(id=c_cert.id)
x509 = X509.load_cert_string(smart_str(c_cert.pem), X509.FORMAT_PEM)
m2x509 = c_cert.m2_x509()
self.assertTrue(x509.as_text() == m2x509.as_text())
self.assertTrue("Issuer: CN=Admin \\xC2\\xA9, C=FR" in m2x509.as_text())
self.assertTrue("Subject: CN=World Company \\xC2\\xA9, C=FR" in m2x509.as_text())
self.assertTrue("X509v3 Authority Key Identifier" in m2x509.as_text())
self.assertTrue("X509v3 Subject Key Identifier" in m2x509.as_text())
def testRequestGeneration(self):
"""With a Key, try to generate a request
"""
user_pwd = "tata"
key = Key.generate(user_pwd)
key.save()
rqst = CertificateRequest()
rqst.CN = "World Company"
rqst.country = "FR"
rqst.key = key
rqst.sign_request(user_pwd)
rqst.save()
rqst_pem = rqst.pem
m2rqst = rqst.m2_request()
self.assertTrue("Subject: CN=World Company, C=FR" in m2rqst.as_text())
return rqst_pem
def testSignaturePKIRevoke(self):
"""Try create - revoke - renew
"""
before = datetime(2010, 01, 01, 6, tzinfo=ASN1.UTC)
after = datetime(2015, 01, 01, 6, tzinfo=ASN1.UTC)
ca_pwd = "R00tz"
c_pwd = "1234"
# CA and Client keys
ca_key = Key.generate(ca_pwd)
ca_key.save()
#print "\nCA PRIVATE\n", ca_key.private, "\n"
c_key = Key.generate(c_pwd)
c_key.save()
cc_key = Key.generate(c_pwd)
cc_key.save()
#print "\nC PRIVATE\n", c_key.private, "\n"
#print "\nC PUB\n", c_key.public, "\n"
# CA Cert
ca_cert = Certificate()
ca_cert.CN = "Admin"
ca_cert.country = "FR"
ca_cert.key = ca_key
ca_cert.begin = before
ca_cert.end = after
ca_cert.is_ca = True
ca_cert.generate_x509_root(ca_pwd)
ca_cert.save()
#print "\nCA cert\n", ca_cert.pem, "\n"
# Client's request
rqst = CertificateRequest()
rqst.CN = "World Company ©"
rqst.country = "FR"
rqst.locality = "World"
rqst.organization = "Company"
rqst.OU = "Unknown"
rqst.state = "Dummy"
rqst.country = "FR"
rqst.email = "*****@*****.**"
rqst.key = c_key
rqst.sign_request(c_pwd)
rqst.save()
#print "\nRQST\n", rqst.pem, "\n"
c_cert = ca_cert.sign_request(rqst, 300, ca_pwd)
c_cert.save()
#print "\nC_CERT\n", c_cert.pem, "\n"
ca_cert = Certificate.objects.get(pk=ca_cert.id)
c_cert = Certificate.objects.get(pk=c_cert.id)
ca_cert.revoke(c_cert, ca_pwd)
ca_cert.save()
ca_cert = Certificate.objects.get(pk=ca_cert.id)
c_cert = Certificate.objects.get(pk=c_cert.id)
rqst.delete()
# Client's new request
rqst = CertificateRequest()
rqst.CN = "World Company ©"
rqst.country = "FR"
rqst.locality = "World"
rqst.organization = "Company"
rqst.OU = "Unknown"
rqst.state = "Dummy"
rqst.country = "FR"
rqst.email = "*****@*****.**"
rqst.key = c_key
rqst.sign_request(c_pwd)
rqst.save()
#print "\nRQST\n", rqst.pem, "\n"
c2_cert = ca_cert.sign_request(rqst, 300, ca_pwd)
c2_cert.save()
# Revoke new
ca_cert = Certificate.objects.get(pk=ca_cert.id)
c2_cert = Certificate.objects.get(pk=c2_cert.id)
ca_cert.revoke(c2_cert, ca_pwd)
ca_cert.save()
self.assertFalse(c2_cert.check())
#print ca_cert.index
#print [ca_cert.index]
#print ca_cert.crl
# Try another client
rqst2 = CertificateRequest()
rqst2.CN = "Country Company ©"
rqst2.country = "FR"
rqst2.locality = "Country"
rqst2.organization = "Company"
rqst2.OU = "Unknown"
rqst2.state = "Dummy"
rqst2.country = "FR"
rqst2.email = "*****@*****.**"
rqst2.key = c_key
rqst2.sign_request(c_pwd)
rqst2.save()
#print "\nRQST\n", rqst.pem, "\n"
cc_cert = ca_cert.sign_request(rqst2, 300, ca_pwd)
cc_cert.save()
self.assertTrue(cc_cert.check())
# Revoke new
ca_cert = Certificate.objects.get(pk=ca_cert.id)
cc_cert = Certificate.objects.get(pk=cc_cert.id)
ca_cert.revoke(cc_cert, ca_pwd)
ca_cert.save()
self.assertFalse(cc_cert.check())
