Example #1
0
    def test_load_object_no_cert_key(self, filename, name2, name3, password,
                                     backend):
        cert2 = _load_cert(backend, os.path.join("x509",
                                                 "cryptography.io.pem"))
        cert3 = _load_cert(backend, os.path.join("x509", "letsencryptx3.pem"))

        pkcs12 = load_vectors_from_file(
            os.path.join("pkcs12", filename),
            lambda derfile: load_pkcs12(derfile.read(), password, backend),
            mode="rb",
        )
        assert pkcs12.cert is None
        assert pkcs12.key is None
        assert len(pkcs12.additional_certs) == 2
        assert pkcs12.additional_certs[0].certificate == cert2
        assert pkcs12.additional_certs[0].friendly_name == name2
        assert pkcs12.additional_certs[1].certificate == cert3
        assert pkcs12.additional_certs[1].friendly_name == name3
Example #2
0
    def test_generate_cas_friendly_names(self, backend):
        cert, key = _load_ca(backend)
        cert2 = _load_cert(
            backend, os.path.join("x509", "custom", "dsa_selfsigned_ca.pem"))
        cert3 = _load_cert(backend, os.path.join("x509", "letsencryptx3.pem"))
        encryption = serialization.NoEncryption()
        p12 = serialize_key_and_certificates(
            b"test",
            key,
            cert,
            [
                PKCS12Certificate(cert2, b"cert2"),
                PKCS12Certificate(cert3, None),
            ],
            encryption,
        )

        p12_cert = load_pkcs12(p12, None, backend)
        cas = p12_cert.additional_certs
        assert cas[0].friendly_name == b"cert2"
        assert cas[1].friendly_name is None
Example #3
0
    def test_load_object(self, filename, name, name2, name3, password,
                         backend):
        cert, key = _load_ca(backend)
        cert2 = _load_cert(backend, os.path.join("x509",
                                                 "cryptography.io.pem"))
        cert3 = _load_cert(backend, os.path.join("x509", "letsencryptx3.pem"))

        pkcs12 = load_vectors_from_file(
            os.path.join("pkcs12", filename),
            lambda derfile: load_pkcs12(derfile.read(), password, backend),
            mode="rb",
        )
        assert pkcs12.cert is not None
        assert pkcs12.cert.certificate == cert
        assert pkcs12.cert.friendly_name == name
        assert isinstance(pkcs12.key, ec.EllipticCurvePrivateKey)
        assert pkcs12.key.private_numbers() == key.private_numbers()
        assert len(pkcs12.additional_certs) == 2
        assert pkcs12.additional_certs[0].certificate == cert2
        assert pkcs12.additional_certs[0].friendly_name == name2
        assert pkcs12.additional_certs[1].certificate == cert3
        assert pkcs12.additional_certs[1].friendly_name == name3
Example #4
0
    def test_serialize_pkcs12_nopassphrase(self):
        subject = DistinguishedNameFactory(
            localityName="Amsterdam",
            organizationalUnitName="BounCA Root",
        )

        key = Key()
        key.create_key("rsa", 4096)

        certificate_request = CertificateFactory(dn=subject)
        certhandler = Certificate()
        certhandler.create_certificate(certificate_request, key.serialize())

        crt = certhandler.certificate

        pkcs12 = key.serialize_pkcs12("test_pkcs12", crt)
        pkcs12_obj = load_pkcs12(pkcs12, None)

        self.assertEqual(pkcs12_obj.key.key_size, 4096)
        self.assertEqual(pkcs12_obj.cert.friendly_name.decode("utf-8"),
                         "test_pkcs12")
        self.assertEqual(pkcs12_obj.cert.certificate.serial_number,
                         crt.serial_number)
Example #5
0
    def test_serialize_pkcs12_cas_nopassphrase(self):
        root_key = Key().create_key("ed25519", None)
        subject = DistinguishedNameFactory(countryName="NL",
                                           stateOrProvinceName="Noord Holland",
                                           organizationName="Repleo")

        root_certificate = CertificateFactory(
            dn=subject,
            name="test_server_root_certificate",
            expires_at=arrow.get(timezone.now()).shift(days=+30).date())

        with mute_signals(signals.post_save):
            root_certificate.save()
        root_certhandler = Certificate()
        root_certhandler.create_certificate(root_certificate,
                                            root_key.serialize())
        keystore = KeyStore(certificate=root_certificate)
        keystore.crt = root_certhandler.serialize()
        keystore.key = root_key.serialize()
        keystore.save()

        int_key = Key().create_key("rsa", 2048)
        subject = DistinguishedNameFactory(
            countryName=root_certificate.dn.countryName,
            stateOrProvinceName=root_certificate.dn.stateOrProvinceName,
            organizationName=root_certificate.dn.organizationName,
        )
        int_certificate = CertificateFactory(
            expires_at=arrow.get(timezone.now()).shift(days=+5).date(),
            name="test_server_intermediate_certificate",
            type=CertificateTypes.INTERMEDIATE,
            parent=root_certificate,
            dn=subject,
            crl_distribution_url="https://example.com/crl/cert.crl.pem",
            ocsp_distribution_host="https://example.com/ocsp/",
        )

        with mute_signals(signals.post_save):
            int_certificate.save()

        int_certhandler = Certificate()
        int_certhandler.create_certificate(int_certificate,
                                           int_key.serialize())

        keystore = KeyStore(certificate=int_certificate)
        keystore.crt = int_certhandler.serialize()
        keystore.key = int_key.serialize()
        keystore.save()

        pkcs12 = int_key.serialize_pkcs12("test_pkcs12_cas",
                                          int_certhandler.certificate,
                                          cas=[root_certhandler.certificate])
        pkcs12_obj = load_pkcs12(pkcs12, None)

        self.assertEqual(pkcs12_obj.key.key_size, 2048)
        self.assertEqual(pkcs12_obj.cert.friendly_name.decode("utf-8"),
                         "test_pkcs12_cas")
        self.assertEqual(pkcs12_obj.cert.certificate.serial_number,
                         int_certhandler.certificate.serial_number)
        self.assertEqual(
            pkcs12_obj.additional_certs[0].certificate.serial_number,
            root_certhandler.certificate.serial_number)