def test_bundled_certs(no_ppc, cdbt): # no_ppc ensures there's no pre_packaged_certificates; # we then load pretend-certs/public-1, pretend-certs/ca-root and # pretend-certs/bundle into x1. bndl = (cdb('ca-root.crt', cdbt, 1), cdb('bundle.pem', cdbt, 1)) x1 = sig.X509AwareCertBucket(cdb('public-1.crt', cdbt, 1), bndl) with open('hubblestack/pre_packaged_certificates.py', 'w') as ofh: ofh.write('ca_crt = """\n') with open(cdb('ca-root.crt', cdbt, 2)) as ifh: for line in ifh: ofh.write(line) ofh.write('"""\n') ofh.flush() import hubblestack.pre_packaged_certificates as ppc # now there definitely is a pre_packaged_certificates file # we lie to X509 and say we want pretend-certs/ca-root.crt # but because that's defined in pre_packaged_certificates, it loads that # instead. bndl = (cdb('ca-root.crt', cdbt, 1), cdb('bundle.pem', cdbt, 1)) x2 = sig.X509AwareCertBucket(cdb('public-1.crt', cdbt, 1), bndl) for x, y in zip(x1.trusted, x2.trusted): x_fingerprint, x_subject = x.split() y_fingerprint, y_subject = y.split() assert x_subject == y_subject if 'CN=car' in x_subject: assert x_fingerprint != y_fingerprint else: assert x_fingerprint == y_fingerprint
def acert(x, y): return sig.X509AwareCertBucket(x, y).authenticate_cert()
def enumerate(): """ enumerate installed certificates """ x509 = HuS.X509AwareCertBucket() return [' '.join(x.split()[1:]) for x in x509.trusted]