def test_revoking_ca():
with intermediate_certificate_authority(
'root_ca', 'intermediate_ca') as (root_ca, intermediate_ca):
cert = call('certificate.create', {
'name': 'cert_test',
'signedby': intermediate_ca['id'],
'create_type': 'CERTIFICATE_CREATE_INTERNAL',
**get_cert_params(),
},
job=True)
try:
assert intermediate_ca['can_be_revoked'] is True, intermediate_ca
intermediate_ca = call('certificateauthority.update',
intermediate_ca['id'], {'revoked': True})
assert intermediate_ca['revoked'] is True, intermediate_ca
cert = call('certificate.get_instance', cert['id'])
assert cert['revoked'] is True, cert
root_ca = call('certificateauthority.get_instance', root_ca['id'])
assert len(root_ca['revoked_certs']) == 2, root_ca
assert len(intermediate_ca['revoked_certs']) == 2, intermediate_ca
check_set = {intermediate_ca['certificate'], cert['certificate']}
assert set(
c['certificate'] for c in
intermediate_ca['revoked_certs']) == check_set, intermediate_ca
assert set(c['certificate']
for c in root_ca['revoked_certs']) == check_set, root_ca
finally:
call('certificate.delete', cert['id'], job=True)
def test_creating_root_ca():
root_ca = call(
'certificateauthority.create', {
**get_cert_params(),
'name': 'test_root_ca',
'create_type': 'CA_CREATE_INTERNAL',
})
try:
assert root_ca['CA_type_internal'] is True, root_ca
finally:
call('certificateauthority.delete', root_ca['id'])
def test_creating_cert_from_root_ca():
with root_certificate_authority('root_ca_test') as root_ca:
cert = call('certificate.create', {
'name': 'cert_test',
'signedby': root_ca['id'],
'create_type': 'CERTIFICATE_CREATE_INTERNAL',
**get_cert_params(),
},
job=True)
try:
assert cert['cert_type_internal'] is True, cert
finally:
call('certificate.delete', cert['id'], job=True)
def test_ca_intermediate_issuer_reported_correctly():
with root_certificate_authority('root_ca_test') as root_ca:
intermediate_ca = call(
'certificateauthority.create', {
**get_cert_params(),
'signedby': root_ca['id'],
'name': 'test_intermediate_ca',
'create_type': 'CA_CREATE_INTERMEDIATE',
})
root_ca = call('certificateauthority.get_instance', root_ca['id'])
try:
assert intermediate_ca['issuer'] == root_ca, intermediate_ca
finally:
call('certificateauthority.delete', intermediate_ca['id'])
def test_creating_intermediate_ca():
with root_certificate_authority('root_ca_test') as root_ca:
intermediate_ca = call(
'certificateauthority.create', {
**get_cert_params(),
'signedby': root_ca['id'],
'name': 'test_intermediate_ca',
'create_type': 'CA_CREATE_INTERMEDIATE',
})
try:
assert intermediate_ca[
'CA_type_intermediate'] is True, intermediate_ca
finally:
call('certificateauthority.delete', intermediate_ca['id'])
def test_cert_chain_of_intermediate_ca_reported_correctly():
with root_certificate_authority('root_ca_test') as root_ca:
intermediate_ca = call(
'certificateauthority.create', {
**get_cert_params(),
'signedby': root_ca['id'],
'name': 'test_intermediate_ca',
'create_type': 'CA_CREATE_INTERMEDIATE',
})
try:
assert intermediate_ca['chain_list'] == [
intermediate_ca['certificate'], root_ca['certificate']
], intermediate_ca
finally:
call('certificateauthority.delete', intermediate_ca['id'])
def test_created_certs_exist_on_filesystem():
with intermediate_certificate_authority(
'root_ca', 'intermediate_ca') as (root_ca, intermediate_ca):
with certificate_signing_request('csr_test') as csr:
cert = call('certificate.create', {
'name': 'cert_test',
'signedby': intermediate_ca['id'],
'create_type': 'CERTIFICATE_CREATE_INTERNAL',
**get_cert_params(),
},
job=True)
try:
assert get_cert_current_files() == get_cert_expected_files()
finally:
call('certificate.delete', cert['id'], job=True)
def test_cert_chain_of_root_ca_reported_correctly():
with root_certificate_authority('root_ca_test') as root_ca:
cert = call('certificate.create', {
'name': 'cert_test',
'signedby': root_ca['id'],
'create_type': 'CERTIFICATE_CREATE_INTERNAL',
**get_cert_params(),
},
job=True)
try:
assert cert['chain_list'] == [
cert['certificate'], root_ca['certificate']
], cert
finally:
call('certificate.delete', cert['id'], job=True)
def test_cert_issuer_reported_correctly():
with intermediate_certificate_authority(
'root_ca', 'intermediate_ca') as (root_ca, intermediate_ca):
cert = call('certificate.create', {
'name': 'cert_test',
'signedby': intermediate_ca['id'],
'create_type': 'CERTIFICATE_CREATE_INTERNAL',
**get_cert_params(),
},
job=True)
intermediate_ca = call('certificateauthority.get_instance',
intermediate_ca['id'])
try:
assert cert['issuer'] == intermediate_ca, cert
finally:
call('certificate.delete', cert['id'], job=True)