Example #1
0
    def x509_verify_cert(self, cert, ca_certs, log_func=None):
        """
        Validates a Certificate against a CA Certificate.

        @param  cert:  Client certificate to verify
        @type   cert:  M2Crypto.X509.X509

        @param  ca_certs:  Chain of CA Certificates
        @type   ca_certs:  [M2Crypto.X509.X509]

        @param  log_func:  Logging function
        @param  log_func:  Function accepting a single string

        @return: true if the certificate is verified by OpenSSL APIs, false otherwise
        @rtype:  boolean
        """
        certificate = Certificate(cert.as_pem())
        ca_chain = [Certificate(c.as_pem()) for c in ca_certs]
        retval = certificate.verify(ca_chain)
        if retval != 1 and log_func:
            msg = "Cert verification failed against %d ca cert(s)" % len(ca_certs)
            if self.log_failed_cert:
                msg += "\n%s" % self.get_debug_info_certs(cert, ca_certs)
            log_func(msg)
        return retval
Example #2
0
    def x509_verify_cert(self, cert, ca_certs, log_func=None):
        """
        Validates a Certificate against a CA Certificate.

        @param  cert:  Client certificate to verify
        @type   cert:  M2Crypto.X509.X509

        @param  ca_certs:  Chain of CA Certificates
        @type   ca_certs:  [M2Crypto.X509.X509]

        @param  log_func:  Logging function
        @param  log_func:  Function accepting a single string

        @return: true if the certificate is verified by OpenSSL APIs, false otherwise
        @rtype:  boolean
        """
        certificate = Certificate(cert.as_pem())
        ca_chain = [Certificate(c.as_pem()) for c in ca_certs]
        retval = certificate.verify(ca_chain)
        if retval != 1 and log_func:
            msg = "Cert verification failed against %d ca cert(s)" % len(
                ca_certs)
            if self.log_failed_cert:
                msg += "\n%s" % self.get_debug_info_certs(cert, ca_certs)
            log_func(msg)
        return retval
Example #3
0
    def test_invalid(self):
        ca = Certificate(CA)
        certificate = Certificate(INVALID)

        # test
        valid = certificate.verify([ca])

        # validation
        self.assertFalse(valid)
Example #4
0
    def test_valid(self):
        ca = Certificate(CA)
        certificate = Certificate(VALID)

        # test
        valid = certificate.verify([ca])

        # validation
        self.assertTrue(valid)
Example #5
0
    def test_invalid(self):
        ca = Certificate(CA)
        certificate = Certificate(INVALID)

        # test
        valid = certificate.verify([ca])

        # validation
        self.assertFalse(valid)
Example #6
0
    def test_valid(self):
        ca = Certificate(CA)
        certificate = Certificate(VALID)

        # test
        valid = certificate.verify([ca])

        # validation
        self.assertTrue(valid)
Example #7
0
    def test_del(self, fake_lib):
        ptr = 1
        fake_lib.PEM_read_bio_X509.return_value = ptr

        # test
        certificate = Certificate('')
        certificate.__del__()

        # validation
        fake_lib.X509_free.assert_called_with(ptr)
Example #8
0
    def test_verify(self, fake_lib, fake_ctx, fake_store):
        ptr = 0
        fake_lib.PEM_read_bio_X509.return_value = ptr
        fake_lib.X509_verify_cert.return_value = 1

        ca_chain = [Mock(), Mock(), Mock()]

        # test
        certificate = Certificate('')
        valid = certificate.verify(ca_chain)

        # validation
        calls = fake_store().add.call_args_list
        self.assertEqual(len(calls), len(ca_chain))
        for i, ca in enumerate(ca_chain):
            self.assertEqual(calls[i][0][0], ca)
        fake_ctx.assert_called_with(fake_store(), certificate)
        fake_lib.X509_verify_cert.assert_called_with(fake_ctx().ptr)
        self.assertEqual(valid, 1)