def verify_cert(cert_der, cn): cert = crypto.load_certificate(crypto.FILETYPE_ASN1, cert_der) if cert.get_subject().CN != cn: raise crypto.Error() with open("CA/certificate.der", "rb") as f: ca_cert = crypto.load_certificate(crypto.FILETYPE_ASN1, f.read()) old_cert_cn = None new_cert_cn = cert.get_subject().CN verify = False # Trusted certificates store = crypto.X509Store() store.add_cert(ca_cert) # Checking issuer_cn = cert.get_issuer().CN issuer_cert = ca_cert if not ca_cert: raise crypto.Error if ca_cert.get_subject().CN != issuer_cn: raise crypto.Error() try: store_ctx = crypto.X509StoreContext(store, cert) store_ctx.verify_certificate() verify = True except crypto.Error: pass if not verify: raise crypto.Error
def test_set_ca_cert_load_privatekey_failure_invalid(self, mock_util_chk, mock_load_pk): """ Test API set_ca_cert raises exception when calling API load_privatekey """ cert_util = EdgeCertUtil() mock_util_chk.return_value = True with patch(OPEN_BUILTIN, mock_open(read_data='MOCKED')) as mocked_open: mock_load_pk.side_effect = crypto.Error() with self.assertRaises(edgectl.errors.EdgeValueError): cert_util.set_ca_cert('root', ca_cert_file_path=CA_CERT_FILE_NAME, ca_root_cert_file_path=CA_OWNER_CERT_FILE_NAME, ca_root_chain_cert_file_path=CA_CHAIN_CERT_FILE_NAME, ca_private_key_file_path=CA_PRIVATE_KEY_FILE_NAME, passphrase='1234') mocked_open.assert_called_with(CA_PRIVATE_KEY_FILE_NAME, 'rb') mock_load_pk.assert_called_with(crypto.FILETYPE_PEM, 'MOCKED', passphrase='1234')