def test_empty_names_invalid(self):
"""
`~txacme.util.csr_for_names` raises `ValueError` if given an empty list
of names.
"""
with ExpectedException(ValueError):
csr_for_names([], RSA_KEY_512_RAW)
def test_empty_names_invalid(self):
"""
`~txacme.util.csr_for_names` raises `ValueError` if given an empty list
of names.
"""
with ExpectedException(ValueError):
csr_for_names([], RSA_KEY_512_RAW)
def test_roundtrip(self, names):
"""
The encoding roundtrips.
"""
assume(len(names[0]) <= 64)
csr = csr_for_names(names, RSA_KEY_512_RAW)
self.assertThat(decode_csr(encode_csr(csr)), Equals(csr))
def test_roundtrip(self, names):
"""
The encoding roundtrips.
"""
assume(len(names[0]) <= 64)
csr = csr_for_names(names, RSA_KEY_512_RAW)
self.assertThat(decode_csr(encode_csr(csr)), Equals(csr))
def test_valid_for_names(self, names, key):
"""
`~txacme.util.csr_for_names` returns a CSR that is actually valid for
the given names.
"""
assume(len(names[0]) <= 64)
self.assertThat(csr_for_names(names, key),
MatchesAll(*[ValidForName(name) for name in names]))
def test_valid_for_names(self, names, key):
"""
`~txacme.util.csr_for_names` returns a CSR that is actually valid for
the given names.
"""
assume(len(names[0]) <= 64)
self.assertThat(
csr_for_names(names, key),
MatchesAll(*[ValidForName(name) for name in names]))
def test_common_name_too_long(self):
"""
If the first name provided is too long, `~txacme.util.csr_for_names`
uses a dummy value for the common name.
"""
self.assertThat(
csr_for_names([u'aaaa.' * 16], RSA_KEY_512_RAW),
MatchesStructure(subject=Equals(
x509.Name([
x509.NameAttribute(NameOID.COMMON_NAME,
u'san.too.long.invalid')
]))))
def test_common_name_too_long(self):
"""
If the first name provided is too long, `~txacme.util.csr_for_names`
uses a dummy value for the common name.
"""
self.assertThat(
csr_for_names([u'aaaa.' * 16], RSA_KEY_512_RAW),
MatchesStructure(
subject=Equals(x509.Name([
x509.NameAttribute(
NameOID.COMMON_NAME,
u'san.too.long.invalid')]))))
class ValidForNameTests(TestMatchersInterface, TestCase):
"""
`~txacme.test.matchers.ValidForName` matches if a CSR/cert is valid for the
given name.
"""
matches_matcher = ValidForName(u'example.com')
matches_matches = [
csr_for_names([u'example.com'], RSA_KEY_512_RAW),
csr_for_names([u'example.invalid', u'example.com'], RSA_KEY_512_RAW),
csr_for_names([u'example.com', u'example.invalid'], RSA_KEY_512_RAW),
]
matches_mismatches = [
csr_for_names([u'example.org'], RSA_KEY_512_RAW),
csr_for_names([u'example.net', u'example.info'], RSA_KEY_512_RAW),
]
str_examples = [
('ValidForName({!r})'.format(u'example.com'),
ValidForName(u'example.com')),
]
describe_examples = []
def _issue_cert(self, client, server_name):
"""
Issue a new cert for a particular name.
"""
log.info(
'Requesting a certificate for {server_name!r}.',
server_name=server_name)
key = self._generate_key()
objects = [
Key(key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.TraditionalOpenSSL,
encryption_algorithm=serialization.NoEncryption()))]
def answer_and_poll(authzr):
def got_challenge(stop_responding):
return (
poll_until_valid(authzr, self._clock, client)
.addBoth(tap(lambda _: stop_responding())))
return (
answer_challenge(authzr, client, self._responders)
.addCallback(got_challenge))
def got_cert(certr):
objects.append(
Certificate(
x509.load_der_x509_certificate(
certr.body, default_backend())
.public_bytes(serialization.Encoding.PEM)))
return certr
def got_chain(chain):
for certr in chain:
got_cert(certr)
log.info(
'Received certificate for {server_name!r}.',
server_name=server_name)
return objects
return (
client.request_challenges(fqdn_identifier(server_name))
.addCallback(answer_and_poll)
.addCallback(lambda ign: client.request_issuance(
CertificateRequest(
csr=csr_for_names([server_name], key))))
.addCallback(got_cert)
.addCallback(client.fetch_chain)
.addCallback(got_chain)
.addCallback(partial(self.cert_store.store, server_name)))
def _issue_cert(self, client, server_name):
"""
Issue a new cert for a particular name.
"""
log.info(
'Requesting a certificate for {server_name!r}.',
server_name=server_name)
key = self._generate_key()
objects = [
Key(key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.TraditionalOpenSSL,
encryption_algorithm=serialization.NoEncryption()))]
def answer_and_poll(authzr):
def got_challenge(stop_responding):
return (
poll_until_valid(authzr, self._clock, client)
.addBoth(tap(lambda _: stop_responding())))
return (
answer_challenge(authzr, client, self._responders)
.addCallback(got_challenge))
def got_cert(certr):
objects.append(
Certificate(
x509.load_der_x509_certificate(
certr.body, default_backend())
.public_bytes(serialization.Encoding.PEM)))
return certr
def got_chain(chain):
for certr in chain:
got_cert(certr)
log.info(
'Received certificate for {server_name!r}.',
server_name=server_name)
return objects
return (
client.request_challenges(fqdn_identifier(server_name))
.addCallback(answer_and_poll)
.addCallback(lambda ign: client.request_issuance(
CertificateRequest(
csr=csr_for_names([server_name], key))))
.addCallback(got_cert)
.addCallback(client.fetch_chain)
.addCallback(got_chain)
.addCallback(partial(self.cert_store.store, server_name)))
def _test_issue(self, name):
def got_cert(certr):
key_bytes = self.issued_key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.TraditionalOpenSSL,
encryption_algorithm=serialization.NoEncryption())
FilePath('issued.crt').setContent(certr.body)
FilePath('issued.key').setContent(key_bytes)
return certr
action = start_action(action_type=u'integration:issue')
with action.context():
self.issued_key = generate_private_key('rsa')
csr = csr_for_names([name], self.issued_key)
return (DeferredContext(
self.client.request_issuance(CertificateRequest(
csr=csr))).addCallback(got_cert).addActionFinish())
def _test_issue(self, name):
def got_cert(certr):
key_bytes = self.issued_key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.TraditionalOpenSSL,
encryption_algorithm=serialization.NoEncryption())
FilePath('issued.crt').setContent(certr.body)
FilePath('issued.key').setContent(key_bytes)
return certr
action = start_action(action_type=u'integration:issue')
with action.context():
self.issued_key = generate_private_key('rsa')
csr = csr_for_names([name], self.issued_key)
return (
DeferredContext(
self.client.request_issuance(CertificateRequest(csr=csr)))
.addCallback(got_cert)
.addActionFinish())
