def test_pki_certs(self):
certs, keys = tasks.certutil_certs_keys(
self.master, paths.PKI_TOMCAT_ALIAS_DIR,
paths.PKI_TOMCAT_ALIAS_PWDFILE_TXT)
expected_certs = {
# CA
'caSigningCert cert-pki-ca': 'CTu,Cu,Cu',
'ocspSigningCert cert-pki-ca': 'u,u,u',
'subsystemCert cert-pki-ca': 'u,u,u',
'auditSigningCert cert-pki-ca': 'u,u,Pu', # why P?
# KRA
'transportCert cert-pki-kra': 'u,u,u',
'storageCert cert-pki-kra': 'u,u,u',
'auditSigningCert cert-pki-kra': 'u,u,Pu',
# server
'Server-Cert cert-pki-ca': 'u,u,u',
}
assert certs == expected_certs
assert len(certs) == len(keys)
for nickname in sorted(certs):
cert = tasks.certutil_fetch_cert(
self.master, paths.PKI_TOMCAT_ALIAS_DIR,
paths.PKI_TOMCAT_ALIAS_PWDFILE_TXT, nickname)
key_size = cert.public_key().key_size
if nickname == 'caSigningCert cert-pki-ca':
assert key_size == 3072
else:
assert key_size == 2048
assert cert.signature_hash_algorithm.name == hashes.SHA256.name
def test_pki_certs(self):
certs, keys = tasks.certutil_certs_keys(
self.master,
paths.PKI_TOMCAT_ALIAS_DIR,
paths.PKI_TOMCAT_ALIAS_PWDFILE_TXT
)
expected_certs = {
# CA
'caSigningCert cert-pki-ca': 'CTu,Cu,Cu',
'ocspSigningCert cert-pki-ca': 'u,u,u',
'subsystemCert cert-pki-ca': 'u,u,u',
'auditSigningCert cert-pki-ca': 'u,u,Pu', # why P?
# KRA
'transportCert cert-pki-kra': 'u,u,u',
'storageCert cert-pki-kra': 'u,u,u',
'auditSigningCert cert-pki-kra': 'u,u,Pu',
# server
'Server-Cert cert-pki-ca': 'u,u,u',
}
assert certs == expected_certs
assert len(certs) == len(keys)
for nickname in sorted(certs):
cert = tasks.certutil_fetch_cert(
self.master,
paths.PKI_TOMCAT_ALIAS_DIR,
paths.PKI_TOMCAT_ALIAS_PWDFILE_TXT,
nickname
)
key_size = cert.public_key().key_size
if nickname == 'caSigningCert cert-pki-ca':
assert key_size == 3072
else:
assert key_size == 2048
assert cert.signature_hash_algorithm.name == hashes.SHA256.name
