Exemple #1
0
 def test_create(self):
     from acme.messages import CertificateRequest
     self.assertEqual(
         self.msg,
         CertificateRequest.create(
             csr=CSR,
             key=KEY,
             sig_nonce='\xec\xd6\xf2oYH\xeb\x13\xd5#q\xe0\xdd\xa2\x92\xa9'))
Exemple #2
0
    def setUp(self):
        signature = other.Signature(
            alg=jose.RS256,
            jwk=jose.JWKRSA(key=KEY.publickey()),
            sig='\x15\xed\x84\xaa:\xf2DO\x0e9 \xbcg\xf8\xc0\xcf\x87\x9a'
            '\x95\xeb\xffT[\x84[\xec\x85\x7f\x8eK\xe9\xc2\x12\xc8Q'
            '\xafo\xc6h\x07\xba\xa6\xdf\xd1\xa7"$\xba=Z\x13n\x14\x0b'
            'k\xfe\xee\xb4\xe4\xc8\x05\x9a\x08\xa7',
            nonce='\xec\xd6\xf2oYH\xeb\x13\xd5#q\xe0\xdd\xa2\x92\xa9')

        from acme.messages import CertificateRequest
        self.msg = CertificateRequest(csr=CSR, signature=signature)

        self.jmsg_to = {
            'type': 'certificateRequest',
            'csr': jose.b64encode(CSR.as_der()),
            'signature': signature,
        }
        self.jmsg_from = self.jmsg_to.copy()
        self.jmsg_from['signature'] = self.jmsg_from['signature'].to_json()
Exemple #3
0
class CertificateRequestTest(unittest.TestCase):
    """Tests for acme.messages.CertificateRequest."""
    def setUp(self):
        from acme.messages import CertificateRequest
        self.req = CertificateRequest(csr=CSR)

    def test_json_de_serializable(self):
        self.assertTrue(isinstance(self.req, jose.JSONDeSerializable))
        from acme.messages import CertificateRequest
        self.assertEqual(self.req,
                         CertificateRequest.from_json(self.req.to_json()))
Exemple #4
0
class CertificateRequestTest(unittest.TestCase):
    def setUp(self):
        signature = other.Signature(
            alg=jose.RS256,
            jwk=jose.JWKRSA(key=KEY.publickey()),
            sig='\x15\xed\x84\xaa:\xf2DO\x0e9 \xbcg\xf8\xc0\xcf\x87\x9a'
            '\x95\xeb\xffT[\x84[\xec\x85\x7f\x8eK\xe9\xc2\x12\xc8Q'
            '\xafo\xc6h\x07\xba\xa6\xdf\xd1\xa7"$\xba=Z\x13n\x14\x0b'
            'k\xfe\xee\xb4\xe4\xc8\x05\x9a\x08\xa7',
            nonce='\xec\xd6\xf2oYH\xeb\x13\xd5#q\xe0\xdd\xa2\x92\xa9')

        from acme.messages import CertificateRequest
        self.msg = CertificateRequest(csr=CSR, signature=signature)

        self.jmsg_to = {
            'type': 'certificateRequest',
            'csr': jose.b64encode(CSR.as_der()),
            'signature': signature,
        }
        self.jmsg_from = self.jmsg_to.copy()
        self.jmsg_from['signature'] = self.jmsg_from['signature'].to_json()

    def test_create(self):
        from acme.messages import CertificateRequest
        self.assertEqual(
            self.msg,
            CertificateRequest.create(
                csr=CSR,
                key=KEY,
                sig_nonce='\xec\xd6\xf2oYH\xeb\x13\xd5#q\xe0\xdd\xa2\x92\xa9'))

    def test_verify(self):
        self.assertTrue(self.msg.verify())

    def test_to_partial_json(self):
        self.assertEqual(self.msg.to_partial_json(), self.jmsg_to)

    def test_from_json(self):
        from acme.messages import CertificateRequest
        self.assertEqual(self.msg,
                         CertificateRequest.from_json(self.jmsg_from))
class CertificateRequestTest(unittest.TestCase):
    """Tests for acme.messages.CertificateRequest."""

    def setUp(self):
        from acme.messages import CertificateRequest
        self.req = CertificateRequest(csr=CSR)

    def test_json_de_serializable(self):
        self.assertTrue(isinstance(self.req, jose.JSONDeSerializable))
        from acme.messages import CertificateRequest
        self.assertEqual(
            self.req, CertificateRequest.from_json(self.req.to_json()))
class CertificateRequestTest(unittest.TestCase):

    def setUp(self):
        signature = other.Signature(
            alg=jose.RS256, jwk=jose.JWKRSA(key=KEY.publickey()),
            sig='\x15\xed\x84\xaa:\xf2DO\x0e9 \xbcg\xf8\xc0\xcf\x87\x9a'
                '\x95\xeb\xffT[\x84[\xec\x85\x7f\x8eK\xe9\xc2\x12\xc8Q'
                '\xafo\xc6h\x07\xba\xa6\xdf\xd1\xa7"$\xba=Z\x13n\x14\x0b'
                'k\xfe\xee\xb4\xe4\xc8\x05\x9a\x08\xa7',
            nonce='\xec\xd6\xf2oYH\xeb\x13\xd5#q\xe0\xdd\xa2\x92\xa9')

        from acme.messages import CertificateRequest
        self.msg = CertificateRequest(csr=CSR, signature=signature)

        self.jmsg_to = {
            'type': 'certificateRequest',
            'csr': jose.b64encode(CSR.as_der()),
            'signature': signature,
        }
        self.jmsg_from = self.jmsg_to.copy()
        self.jmsg_from['signature'] = self.jmsg_from['signature'].to_json()

    def test_create(self):
        from acme.messages import CertificateRequest
        self.assertEqual(self.msg, CertificateRequest.create(
            csr=CSR, key=KEY,
            sig_nonce='\xec\xd6\xf2oYH\xeb\x13\xd5#q\xe0\xdd\xa2\x92\xa9'))

    def test_verify(self):
        self.assertTrue(self.msg.verify())

    def test_to_partial_json(self):
        self.assertEqual(self.msg.to_partial_json(), self.jmsg_to)

    def test_from_json(self):
        from acme.messages import CertificateRequest
        self.assertEqual(self.msg, CertificateRequest.from_json(self.jmsg_from))
Exemple #7
0
    def validate_csr(self, message: messages.CertificateRequest,
                     authorizations: Iterable[AcmeAuthorization]) -> str:
        """Parse and validate the CSR, returns the PEM as str."""

        # Note: Jose wraps the CSR in a josepy.util.ComparableX509, that has *no* public member methods.
        # The only public attribute or function is the wrapped object. We encode it back to get the regular
        # PEM.
        # Note that the CSR received here is not an actual PEM, see AcmeCertificate.parse_csr()
        csr = parse_acme_csr(message.encode("csr"))
        if csr.is_signature_valid is False:
            raise AcmeBadCSR(message="CSR signature is not valid.")

        # Do not accept MD5 or SHA1 signatures
        if isinstance(csr.signature_hash_algorithm, (hashes.MD5, hashes.SHA1)):
            raise AcmeBadCSR(message="%s: Insecure hash algorithm." %
                             csr.signature_hash_algorithm.name)

        # Get list of general names from the authorizations
        names_from_order = set(
            SubjectAlternativeName({
                "value":
                [auth.subject_alternative_name for auth in authorizations]
            }).extension_type)

        # Test if any subject Common Name is in the names for this order
        # NOTE: certbot does *not* set name in the subject
        csr_subject = Subject(csr.subject)
        common_name = csr_subject.get("CN")
        if isinstance(
                common_name,
                str) and x509.DNSName(common_name) not in names_from_order:
            raise AcmeBadCSR(message="CommonName was not in order.")

        try:
            names_from_csr: Set[x509.Name] = set(
                csr.extensions.get_extension_for_class(
                    x509.SubjectAlternativeName).value)
        except x509.ExtensionNotFound as ex:
            raise AcmeBadCSR(
                message="No subject alternative names found in CSR.") from ex

        if names_from_order != names_from_csr:
            raise AcmeBadCSR(message="Names in CSR do not match.")

        return csr.public_bytes(Encoding.PEM).decode("utf-8")
    def setUp(self):
        signature = other.Signature(
            alg=jose.RS256, jwk=jose.JWKRSA(key=KEY.publickey()),
            sig='\x15\xed\x84\xaa:\xf2DO\x0e9 \xbcg\xf8\xc0\xcf\x87\x9a'
                '\x95\xeb\xffT[\x84[\xec\x85\x7f\x8eK\xe9\xc2\x12\xc8Q'
                '\xafo\xc6h\x07\xba\xa6\xdf\xd1\xa7"$\xba=Z\x13n\x14\x0b'
                'k\xfe\xee\xb4\xe4\xc8\x05\x9a\x08\xa7',
            nonce='\xec\xd6\xf2oYH\xeb\x13\xd5#q\xe0\xdd\xa2\x92\xa9')

        from acme.messages import CertificateRequest
        self.msg = CertificateRequest(csr=CSR, signature=signature)

        self.jmsg_to = {
            'type': 'certificateRequest',
            'csr': jose.b64encode(CSR.as_der()),
            'signature': signature,
        }
        self.jmsg_from = self.jmsg_to.copy()
        self.jmsg_from['signature'] = self.jmsg_from['signature'].to_json()
def test_order_finalize_early():
    """
    Test that finalizing an order before its fully authorized results in the
    order having an error set and the status being invalid.
    """
    # Create a client
    client = make_client(None)

    # Create a random domain and a csr
    domains = [random_domain()]
    csr_pem = make_csr(domains)

    # Create an order for the domain
    order = client.new_order(csr_pem)

    # Finalize the order without doing anything with the authorizations. YOLO
    # We expect this to generate an unauthorized error.
    chisel2.expect_problem(
        "urn:ietf:params:acme:error:unauthorized", lambda: client.net.post(
            order.body.finalize, CertificateRequest(csr=order.csr)))

    # Poll for a fixed amount of time checking for the order to become invalid
    # from the early finalization attempt initiated above failing
    deadline = datetime.datetime.now() + datetime.timedelta(seconds=5)
    while datetime.datetime.now() < deadline:
        time.sleep(1)
        updatedOrder = requests.get(order.uri).json()
        if updatedOrder['status'] == "invalid":
            break

    # If the loop ended and the status isn't invalid then we reached the
    # deadline waiting for the order to become invalid, fail the test
    if updatedOrder['status'] != "invalid":
        raise Exception("timed out waiting for order %s to become invalid" %
                        order.uri)

    # The order should have an error with the expected type
    if updatedOrder['error'][
            'type'] != 'urn:ietf:params:acme:error:unauthorized':
        raise Exception("order %s has incorrect error field type: \"%s\"" %
                        (order.uri, updatedOrder['error']['type']))
Exemple #10
0
 def test_json_de_serializable(self):
     self.assertTrue(isinstance(self.req, jose.JSONDeSerializable))
     from acme.messages import CertificateRequest
     self.assertEqual(
         self.req, CertificateRequest.from_json(self.req.to_json()))
Exemple #11
0
 def setUp(self):
     from acme.messages import CertificateRequest
     self.req = CertificateRequest(csr=CSR)
Exemple #12
0
 def test_from_json(self):
     from acme.messages import CertificateRequest
     self.assertEqual(self.msg,
                      CertificateRequest.from_json(self.jmsg_from))
Exemple #13
0
 def setUp(self):
     from acme.messages import CertificateRequest
     self.req = CertificateRequest(csr=CSR, authorizations=('foo',))
Exemple #14
0
 def setUp(self):
     from acme.messages import CertificateRequest
     self.req = CertificateRequest(csr=CSR, authorizations=('foo', ))
 def test_from_json(self):
     from acme.messages import CertificateRequest
     self.assertEqual(self.msg, CertificateRequest.from_json(self.jmsg_from))
 def test_create(self):
     from acme.messages import CertificateRequest
     self.assertEqual(self.msg, CertificateRequest.create(
         csr=CSR, key=KEY,
         sig_nonce='\xec\xd6\xf2oYH\xeb\x13\xd5#q\xe0\xdd\xa2\x92\xa9'))