def test_sign_csr() -> None:
root_key = make_private_key()
root_cert = make_root_certificate(
make_subject_name("peter"),
1,
root_key,
)
key = make_private_key()
csr = make_csr(
make_subject_name("from_peter"),
key,
)
with on_time(100, "UTC"):
cert = sign_csr(
csr,
2,
root_cert,
root_key,
)
assert check_cn(
cert,
"from_peter",
)
assert str(cert.not_valid_before) == "1970-01-01 00:01:40"
assert str(cert.not_valid_after) == "1970-01-03 00:01:40"
check_certificate_against_private_key(
cert,
key,
)
# ensure that 'from_peter' is indeed signed by 'peter'
check_certificate_against_public_key(
cert,
rsa_public_key_from_cert_or_csr(root_cert),
)
def _create_root_certificate(self) -> Tuple[Certificate, RSAPrivateKeyWithSerialization]:
return (
make_root_certificate(
make_subject_name(self._ca_name),
self._days_valid,
private_key := make_private_key(),
),
private_key,
)
def test_make_csr() -> None:
csr = make_csr(
make_subject_name("abc123"),
make_private_key(),
)
assert csr.is_signature_valid
assert check_cn(
csr,
"abc123",
)
def test_sign_csr_with_local_ca(mocker: MockerFixture) -> None:
root_key = make_private_key()
root_cert = make_root_certificate(
make_subject_name("peter"),
1,
root_key,
)
mocker.patch(
"cmk.utils.certs.load_local_ca",
return_value=(
root_cert,
root_key,
),
)
key = make_private_key()
csr = make_csr(
make_subject_name("from_peter"),
key,
)
with on_time(567892121, "UTC"):
cert = sign_csr_with_local_ca(
csr,
100,
)
assert check_cn(
cert,
"from_peter",
)
assert str(cert.not_valid_before) == "1987-12-30 19:48:41"
assert str(cert.not_valid_after) == "1988-04-08 19:48:41"
check_certificate_against_private_key(
cert,
key,
)
# ensure that 'from_peter' is indeed signed by 'peter'
check_certificate_against_public_key(
cert,
rsa_public_key_from_cert_or_csr(root_cert),
)
def test_make_root_certificate() -> None:
key = make_private_key()
with on_time(100, "UTC"):
cert = make_root_certificate(
make_subject_name("peter"),
1,
key,
)
assert check_cn(
cert,
"peter",
)
assert str(cert.not_valid_before) == "1970-01-01 00:01:40"
assert str(cert.not_valid_after) == "1970-01-02 00:01:40"
check_certificate_against_private_key(
cert,
key,
)
def _certificate_from_root(
self,
cn: str,
) -> Tuple[Certificate, RSAPrivateKeyWithSerialization]:
if not self.is_initialized:
raise RuntimeError("Certificate authority is not initialized yet")
private_key = make_private_key()
return (
sign_csr(
make_csr(
make_subject_name(cn),
private_key,
),
self._days_valid,
*self._get_root_certificate(),
),
private_key,
)
def test_make_private_key() -> None:
assert make_private_key().key_size == 2048