def test_load_cert_and_private_key(
mocker: MockerFixture,
cert_bytes: bytes,
expected_cn: str,
) -> None:
mocker.patch(
"cmk.utils.certs.Path.read_bytes",
return_value=cert_bytes,
)
cert, priv_key = load_cert_and_private_key(Path("whatever"))
assert check_cn(
cert,
expected_cn,
)
assert isinstance(
cert.public_key(),
RSAPublicKey,
)
assert isinstance(
priv_key,
RSAPrivateKey,
)
check_certificate_against_private_key(
cert,
priv_key,
)
def test_write_agent_receiver_certificate(ca: CertificateAuthority) -> None:
assert not ca.agent_receiver_certificate_exists
ca.create_agent_receiver_certificate(days_valid=100)
assert ca.agent_receiver_certificate_exists
assert _file_permissions_is_660(ca._agent_receiver_cert_path)
cert, key = load_cert_and_private_key(ca._agent_receiver_cert_path)
assert check_cn(
cert,
"localhost",
)
check_certificate_against_private_key(
cert,
key,
)
check_certificate_against_public_key(
cert,
_rsa_public_key_from_cert_or_csr(ca.root_ca.cert),
)
def test_create_site_certificate(ca: CertificateAuthority) -> None:
site_id = "xyz"
assert not ca.site_certificate_exists(site_id)
ca.create_site_certificate(site_id, days_valid=100)
assert ca.site_certificate_exists(site_id)
assert _file_permissions_is_660(ca._site_certificate_path(site_id))
cert, key = load_cert_and_private_key(ca._site_certificate_path(site_id))
assert check_cn(
cert,
site_id,
)
check_certificate_against_private_key(
cert,
key,
)
check_certificate_against_public_key(
cert,
_rsa_public_key_from_cert_or_csr(ca.root_ca.cert),
)
def test_write_agent_receiver_certificate(
ca: certs.CertificateAuthority) -> None:
ca.initialize()
assert not ca.agent_receiver_certificate_exists
ca.create_agent_receiver_certificate()
assert ca.agent_receiver_certificate_exists
assert _file_permissions_is_660(ca._agent_receiver_cert_path)
cert, key = load_cert_and_private_key(ca._agent_receiver_cert_path)
assert check_cn(
cert,
"localhost",
)
check_certificate_against_private_key(
cert,
key,
)
check_certificate_against_public_key(
cert,
rsa_public_key_from_cert_or_csr(ca._get_root_certificate()[0]),
)
def test_create_site_certificate(ca: certs.CertificateAuthority) -> None:
ca.initialize()
site_id = "xyz"
assert not ca.site_certificate_exists(site_id)
ca.create_site_certificate(site_id)
assert ca.site_certificate_exists(site_id)
assert _file_permissions_is_660(ca._site_certificate_path(site_id))
cert, key = load_cert_and_private_key(ca._site_certificate_path(site_id))
assert check_cn(
cert,
site_id,
)
check_certificate_against_private_key(
cert,
key,
)
check_certificate_against_public_key(
cert,
rsa_public_key_from_cert_or_csr(ca._get_root_certificate()[0]),
)
def _get_root_certificate(self) -> Tuple[Certificate, RSAPrivateKeyWithSerialization]:
return load_cert_and_private_key(self._root_cert_path)