def generate_certificate(self,
subject='OU=name',
issuer=None,
serial=None,
valid_after=0,
valid_before=0xffffffffffffffff,
ca=False,
ca_path_len=None,
purposes=None,
user_principals=(),
host_principals=(),
hash_alg='sha256',
comment=None):
"""Generate and check an X.509 certificate"""
cert = generate_x509_certificate(self._privkey, self._pubkey, subject,
issuer, serial, valid_after,
valid_before, ca, ca_path_len,
purposes, user_principals,
host_principals, hash_alg, comment)
self.assertEqual(cert.data, import_x509_certificate(cert.data).data)
self.assertEqual(cert.subject, X509Name(subject))
self.assertEqual(cert.issuer, X509Name(issuer if issuer else subject))
self.assertEqual(cert.key_data, self._pubdata)
if isinstance(comment, str):
comment = comment.encode('utf-8')
self.assertEqual(cert.comment, comment)
return cert
def test_invalid_attribute(self):
"""Test X.509 distinguished name with invalid attributes"""
with self.assertRaises(ValueError):
X509Name('xxx')
with self.assertRaises(ValueError):
X509Name('X=xxx')
def test_multiple_attrs_in_rdn(self):
"""Test multiple attributes in a relative distinguished name"""
name1 = X509Name('O=Org,OU=Unit1+OU=Unit2')
name2 = X509Name('O=Org,OU=Unit2+OU=Unit1')
self.assertEqual(name1, name2)
self.assertEqual(len(name1), 3)
self.assertEqual(len(name1.rdns), 2)
def test_exact_name_pattern(self):
"""Test X.509 distinguished name exact match"""
pattern1 = X509NamePattern('O=Org,OU=Unit')
pattern2 = X509NamePattern('O=Org, OU=Unit')
self.assertEqual(pattern1, pattern2)
self.assertEqual(hash(pattern1), hash(pattern2))
self.assertTrue(pattern1.matches(X509Name('O=Org,OU=Unit')))
self.assertFalse(pattern1.matches(X509Name('O=Org,OU=Unit2')))
def test_name(self):
"""Test X.509 distinguished name generation"""
name = X509Name('O=Org,OU=Unit')
self.assertEqual(name, X509Name('O=Org, OU=Unit'))
self.assertEqual(name, X509Name(name))
self.assertEqual(name, X509Name(name.rdns))
self.assertEqual(len(name), 2)
self.assertEqual(len(name.rdns), 2)
self.assertEqual(str(name), 'O=Org,OU=Unit')
self.assertNotEqual(name, X509Name('OU=Unit,O=Org'))
def test_prefix_pattern(self):
"""Test X.509 distinguished name prefix match"""
pattern = X509NamePattern('O=Org,*')
self.assertTrue(pattern.matches(X509Name('O=Org,OU=Unit')))
self.assertFalse(pattern.matches(X509Name('O=Org2,OU=Unit')))