def test_empty_names_invalid(self): """ `~txacme.util.csr_for_names` raises `ValueError` if given an empty list of names. """ with ExpectedException(ValueError): csr_for_names([], RSA_KEY_512_RAW)
def test_roundtrip(self, names): """ The encoding roundtrips. """ assume(len(names[0]) <= 64) csr = csr_for_names(names, RSA_KEY_512_RAW) self.assertThat(decode_csr(encode_csr(csr)), Equals(csr))
def test_valid_for_names(self, names, key): """ `~txacme.util.csr_for_names` returns a CSR that is actually valid for the given names. """ assume(len(names[0]) <= 64) self.assertThat(csr_for_names(names, key), MatchesAll(*[ValidForName(name) for name in names]))
def test_valid_for_names(self, names, key): """ `~txacme.util.csr_for_names` returns a CSR that is actually valid for the given names. """ assume(len(names[0]) <= 64) self.assertThat( csr_for_names(names, key), MatchesAll(*[ValidForName(name) for name in names]))
def test_common_name_too_long(self): """ If the first name provided is too long, `~txacme.util.csr_for_names` uses a dummy value for the common name. """ self.assertThat( csr_for_names([u'aaaa.' * 16], RSA_KEY_512_RAW), MatchesStructure(subject=Equals( x509.Name([ x509.NameAttribute(NameOID.COMMON_NAME, u'san.too.long.invalid') ]))))
def test_common_name_too_long(self): """ If the first name provided is too long, `~txacme.util.csr_for_names` uses a dummy value for the common name. """ self.assertThat( csr_for_names([u'aaaa.' * 16], RSA_KEY_512_RAW), MatchesStructure( subject=Equals(x509.Name([ x509.NameAttribute( NameOID.COMMON_NAME, u'san.too.long.invalid')]))))
class ValidForNameTests(TestMatchersInterface, TestCase): """ `~txacme.test.matchers.ValidForName` matches if a CSR/cert is valid for the given name. """ matches_matcher = ValidForName(u'example.com') matches_matches = [ csr_for_names([u'example.com'], RSA_KEY_512_RAW), csr_for_names([u'example.invalid', u'example.com'], RSA_KEY_512_RAW), csr_for_names([u'example.com', u'example.invalid'], RSA_KEY_512_RAW), ] matches_mismatches = [ csr_for_names([u'example.org'], RSA_KEY_512_RAW), csr_for_names([u'example.net', u'example.info'], RSA_KEY_512_RAW), ] str_examples = [ ('ValidForName({!r})'.format(u'example.com'), ValidForName(u'example.com')), ] describe_examples = []
def _issue_cert(self, client, server_name): """ Issue a new cert for a particular name. """ log.info( 'Requesting a certificate for {server_name!r}.', server_name=server_name) key = self._generate_key() objects = [ Key(key.private_bytes( encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.TraditionalOpenSSL, encryption_algorithm=serialization.NoEncryption()))] def answer_and_poll(authzr): def got_challenge(stop_responding): return ( poll_until_valid(authzr, self._clock, client) .addBoth(tap(lambda _: stop_responding()))) return ( answer_challenge(authzr, client, self._responders) .addCallback(got_challenge)) def got_cert(certr): objects.append( Certificate( x509.load_der_x509_certificate( certr.body, default_backend()) .public_bytes(serialization.Encoding.PEM))) return certr def got_chain(chain): for certr in chain: got_cert(certr) log.info( 'Received certificate for {server_name!r}.', server_name=server_name) return objects return ( client.request_challenges(fqdn_identifier(server_name)) .addCallback(answer_and_poll) .addCallback(lambda ign: client.request_issuance( CertificateRequest( csr=csr_for_names([server_name], key)))) .addCallback(got_cert) .addCallback(client.fetch_chain) .addCallback(got_chain) .addCallback(partial(self.cert_store.store, server_name)))
def _test_issue(self, name): def got_cert(certr): key_bytes = self.issued_key.private_bytes( encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.TraditionalOpenSSL, encryption_algorithm=serialization.NoEncryption()) FilePath('issued.crt').setContent(certr.body) FilePath('issued.key').setContent(key_bytes) return certr action = start_action(action_type=u'integration:issue') with action.context(): self.issued_key = generate_private_key('rsa') csr = csr_for_names([name], self.issued_key) return (DeferredContext( self.client.request_issuance(CertificateRequest( csr=csr))).addCallback(got_cert).addActionFinish())
def _test_issue(self, name): def got_cert(certr): key_bytes = self.issued_key.private_bytes( encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.TraditionalOpenSSL, encryption_algorithm=serialization.NoEncryption()) FilePath('issued.crt').setContent(certr.body) FilePath('issued.key').setContent(key_bytes) return certr action = start_action(action_type=u'integration:issue') with action.context(): self.issued_key = generate_private_key('rsa') csr = csr_for_names([name], self.issued_key) return ( DeferredContext( self.client.request_issuance(CertificateRequest(csr=csr))) .addCallback(got_cert) .addActionFinish())