def test_bundled_certs(no_ppc, cdbt):
# no_ppc ensures there's no pre_packaged_certificates;
# we then load pretend-certs/public-1, pretend-certs/ca-root and
# pretend-certs/bundle into x1.
bndl = (cdb('ca-root.crt', cdbt, 1), cdb('bundle.pem', cdbt, 1))
x1 = sig.X509AwareCertBucket(cdb('public-1.crt', cdbt, 1), bndl)
with open('hubblestack/pre_packaged_certificates.py', 'w') as ofh:
ofh.write('ca_crt = """\n')
with open(cdb('ca-root.crt', cdbt, 2)) as ifh:
for line in ifh:
ofh.write(line)
ofh.write('"""\n')
ofh.flush()
import hubblestack.pre_packaged_certificates as ppc
# now there definitely is a pre_packaged_certificates file
# we lie to X509 and say we want pretend-certs/ca-root.crt
# but because that's defined in pre_packaged_certificates, it loads that
# instead.
bndl = (cdb('ca-root.crt', cdbt, 1), cdb('bundle.pem', cdbt, 1))
x2 = sig.X509AwareCertBucket(cdb('public-1.crt', cdbt, 1), bndl)
for x, y in zip(x1.trusted, x2.trusted):
x_fingerprint, x_subject = x.split()
y_fingerprint, y_subject = y.split()
assert x_subject == y_subject
if 'CN=car' in x_subject:
assert x_fingerprint != y_fingerprint
else:
assert x_fingerprint == y_fingerprint
def acert(x, y):
return sig.X509AwareCertBucket(x, y).authenticate_cert()
def enumerate():
""" enumerate installed certificates """
x509 = HuS.X509AwareCertBucket()
return [' '.join(x.split()[1:]) for x in x509.trusted]