def setUp(self):
self.obj = CertificateAuthority(common_name='Root CA', name='Root_CA', description="unittest", country='DE', state='Bavaria', \
locality='Munich', organization='Bozo Clown Inc.', OU='IT', email='*****@*****.**', valid_days=1000, \
key_length=1024, expiry_date=datetime.datetime(2021, 01, 01, 20, 00, 00).date(), \
created=datetime.datetime(2011, 01, 01, 20, 00, 00), \
revoked=datetime.datetime(2011, 01, 01, 20, 00, 00), active=None, serial=None, ca_chain=None, \
der_encoded=False, parent=None, passphrase='1234567890', id=999)
def CreateCaChain():
"""Create a 3 level CA chain"""
## Reset PKI_DIR
openssl.refresh_pki_metadata([])
## Root CA object
CertificateAuthority(common_name='Root CA', name='Root_CA', description="unit test", country='DE', state='Bavaria', \
locality='Munich', organization='Bozo Clown Inc.', OU='IT', email='*****@*****.**', valid_days=1000, \
key_length=1024, expiry_date='', created='', revoked=None, active=None, serial=None, ca_chain=None, \
der_encoded=False, parent=None, passphrase='1234567890', extension=x509Extension.objects.get(pk=1)).save()
rca = CertificateAuthority.objects.get(pk=1)
## Intermediate CA object
CertificateAuthority(common_name='Intermediate CA', name='Intermediate_CA', description="unit test IM CA", country='DE', \
state='Bavaria', locality='Berlin', organization='Bozo Clown Inc.', OU=None, email='*****@*****.**', valid_days=365, \
key_length=1024, expiry_date='', created='', revoked=None, active=None, serial=None, ca_chain=None, \
der_encoded=False, parent=rca, parent_passphrase="1234567890", passphrase='1234567890', \
extension=x509Extension.objects.get(pk=1)).save()
ica = CertificateAuthority.objects.get(pk=2)
## Edge CA object (RootCA->IntermediateCA->SubCA)
CertificateAuthority(common_name='Edge CA', name='Edge_CA', description="unit test edge CA", country='DE', state='Bavaria', \
locality='Munich', organization='Bozo Clown Inc.', OU='IT', email='*****@*****.**', valid_days=365, \
key_length=1024, expiry_date='', created='', revoked=None, active=None, serial=None, ca_chain=None, \
der_encoded=False, parent=ica, parent_passphrase="1234567890", passphrase='1234567890', \
extension=x509Extension.objects.get(pk=2)).save()
def setUp(self):
'''Create a self-signed RootCA'''
## Root CA object
self.rca = CertificateAuthority( common_name='Root CA', name='Root_CA', description="unit test", country='DE', state='Bavaria', \
locality='Munich', organization='Bozo Clown Inc.', OU='IT', email='*****@*****.**', valid_days=1000, \
key_length=1024, expiry_date='', created='', revoked=None, active=None, serial=None, ca_chain=None, \
pem_encoded=True, der_encoded=False, parent=None, passphrase='1234567890', subcas_allowed=True )
## Intermediate CA object
self.ica = CertificateAuthority( common_name='Intermediate CA', name='Intermediate_CA', description="unit test IM CA", country='DE', \
state='Bavaria', locality='Berlin', organization='Bozo Clown Inc.', OU=None, email='*****@*****.**', valid_days=365, \
key_length=1024, expiry_date='', created='', revoked=None, active=None, serial=None, ca_chain=None, \
pem_encoded=True, der_encoded=False, parent=self.rca, parent_passphrase="1234567890", \
passphrase='1234567890', subcas_allowed=True)
## Sub CA object (RootCA->IntermediateCA->SubCA)
self.sca = CertificateAuthority( common_name='Sub CA', name='Sub_CA', description="unit test sub CA", country='DE', state='Bavaria', \
locality='Munich', organization='Bozo Clown Inc.', OU='IT', email='*****@*****.**', valid_days=365, \
key_length=1024, expiry_date='', created='', revoked=None, active=None, serial=None, ca_chain=None, \
pem_encoded=True, der_encoded=False, parent=self.ica, parent_passphrase="1234567890", \
passphrase='1234567890', subcas_allowed=False)
openssl.refresh_pki_metadata([self.rca, self.ica, self.sca])
self.rca_action = openssl.OpensslActions(self.rca)
self.ica_action = openssl.OpensslActions(self.ica)
self.sca_action = openssl.OpensslActions(self.sca)
def setUp(self):
CertificateAuthority(common_name='Root CA', name='Root_CA', description="unit test", country='DE', state='Bavaria', \
locality='Munich', organization='Bozo Clown Inc.', OU='IT', email='*****@*****.**', valid_days=1000, \
key_length=1024, expiry_date='', created='', revoked=None, active=None, serial=None, ca_chain=None, \
der_encoded=False, parent=None, passphrase='1234567890', extension=x509Extension.objects.get(pk=1)).save()
self.obj = CertificateAuthority.objects.get(pk=1)
class CertificateBaseModelTestCases(TestCase):
"""Test abstract model CertificateBase functions"""
def setUp(self):
self.obj = CertificateAuthority(common_name='Root CA', name='Root_CA', description="unittest", country='DE', state='Bavaria', \
locality='Munich', organization='Bozo Clown Inc.', OU='IT', email='*****@*****.**', valid_days=1000, \
key_length=1024, expiry_date=datetime.datetime(2021, 01, 01, 20, 00, 00).date(), \
created=datetime.datetime(2011, 01, 01, 20, 00, 00), \
revoked=datetime.datetime(2011, 01, 01, 20, 00, 00), active=None, serial=None, ca_chain=None, \
der_encoded=False, parent=None, passphrase='1234567890', id=999)
def test_State(self):
self.assertTrue(self.obj.State().find("icon-yes.gif"))
self.obj.active = False
self.assertTrue(self.obj.State().find("icon-no.gif"))
def test_Valid_center(self):
self.assertTrue(self.obj.Valid_center().find("icon-yes.gif"))
self.obj.active = False
self.assertTrue(self.obj.Valid_center().find("icon-no.gif"))
def test_Serial_align_right(self):
self.assertTrue(self.obj.Serial_align_right().find('class="serial_align_right"'))
def test_Description(self):
self.assertEqual(self.obj.Description(), "unittest")
self.obj.description = "1234567890123456789012345678901234567890"
self.assertEqual(self.obj.Description(), "123456789012345678901234567890...")
def test_Creation_date(self):
self.assertEqual(self.obj.Creation_date(), '2011-01-01 20:00:00')
def test_Revocation_date(self):
self.assertEqual(self.obj.Revocation_date(), '2011-01-01 20:00:00')
def test_Expiry_date(self):
self.obj.expiry_date = datetime.datetime.now().date() + datetime.timedelta(15)
self.assertTrue(self.obj.Expiry_date().find('class="almods_expired"'))
self.obj.expiry_date = datetime.datetime.now().date() - datetime.timedelta(10)
self.assertTrue(self.obj.Expiry_date().find('class="expired"'))
self.obj.active = False
self.assertTrue(self.obj.Expiry_date().find('class="revoked"'))
def test_Chain_link(self):
PKI_ENABLE_GRAPHVIZ = False
self.assertTrue(self.obj.Chain_link().find("Enable setting PKI_ENABLE_GRAPHVIZ"))
PKI_ENABLE_GRAPHVIZ = True
self.assertTrue(self.obj.Chain_link().find("Show object chain"))
def test_Email_link(self):
PKI_ENABLE_EMAIL= False
self.assertTrue(self.obj.Email_link().find("Enable setting PKI_ENABLE_EMAIL"))
PKI_ENABLE_EMAIL = True
self.obj.active = False
self.assertTrue(self.obj.Email_link().find("Certificate is revoked"))
self.obj.active = True
self.obj.email = "*****@*****.**"
self.assertTrue(self.obj.Email_link().find("Send to"))
self.obj.email = None
self.assertTrue(self.obj.Email_link().find("Certificate has no email set. Disabled"))
def test_Download_link(self):
self.obj.active = True
self.assertTrue(self.obj.Download_link().find("Download certificate zip"))
self.obj.active = False
self.assertTrue(self.obj.Download_link().find("Certificate is revoked. Disabled"))
def test_Parent_link(self):
self.assertTrue(self.obj.Parent_link().find("self-signed"))
def test_Certificate_Dump(self):
## Requires real CRT. Skipped for now
pass
def test_CA_Clock(self):
self.assertTrue(self.obj.CA_Clock().find("clock_container"))
def setUp(self):
self.obj = CertificateAuthority(common_name='Root CA', name='Root_CA', description="unittest", country='DE', state='Bavaria', \
locality='Munich', organization='Bozo Clown Inc.', OU='IT', email='*****@*****.**', valid_days=1000, \
key_length=1024, expiry_date=datetime.datetime(2021, 01, 01, 20, 00, 00).date(), \
created=datetime.datetime(2011, 01, 01, 20, 00, 00), revoked=datetime.datetime(2011, 01, 01, 20, 00, 00), \
active=None, serial=None, ca_chain=None, der_encoded=False, parent=None, passphrase='1234567890', id=999)
class CertificateAuthorityModelTestCases(TestCase):
"""Test model CertificateAuthority functions"""
fixtures = ["eku_and_ku.json"]
def setUp(self):
self.obj = CertificateAuthority(common_name='Root CA', name='Root_CA', description="unittest", country='DE', state='Bavaria', \
locality='Munich', organization='Bozo Clown Inc.', OU='IT', email='*****@*****.**', valid_days=1000, \
key_length=1024, expiry_date=datetime.datetime(2021, 01, 01, 20, 00, 00).date(), \
created=datetime.datetime(2011, 01, 01, 20, 00, 00), revoked=datetime.datetime(2011, 01, 01, 20, 00, 00), \
active=None, serial=None, ca_chain=None, der_encoded=False, parent=None, passphrase='1234567890', id=999)
def tearDown(self):
openssl.refresh_pki_metadata([])
def test_unicode(self):
self.assertEqual(self.obj.__unicode__(), "Root CA")
def test_rebuild_ca_metadata(self):
self.obj_ssl = openssl.Openssl(self.obj)
self.obj.rebuild_ca_metadata(modify=True, task='append')
self.assertTrue(os.path.exists(self.obj_ssl.ca_dir))
self.obj.rebuild_ca_metadata(modify=True, task='exclude', skip_list=[self.obj.pk,])
self.assertFalse(os.path.exists(self.obj_ssl.ca_dir))
def test_is_edge_ca(self):
self.obj.extension = x509Extension.objects.get(pk=1)
self.assertFalse(self.obj.is_edge_ca())
self.obj.extension = x509Extension.objects.get(pk=2)
self.assertTrue(self.obj.is_edge_ca())
def test_Tree_link(self):
PKI_ENABLE_GRAPHVIZ = True
self.assertTrue(self.obj.Tree_link().find( "Show CA tree"))
PKI_ENABLE_GRAPHVIZ = False
self.assertTrue(self.obj.Tree_link().find( "Enable setting PKI_ENABLE_GRAPHVIZ"))
def test_Child_certs(self):
self.obj.extension = x509Extension.objects.get(pk=1)
self.assertTrue(self.obj.Child_certs().find("No children"))
self.obj.extension = x509Extension.objects.get(pk=2)
self.assertTrue(self.obj.Child_certs().find("Show child certificates"))
class CertificateAuthorityTestCase(unittest.TestCase):
'''Testcase for a self-signed RootCA. Any affected function and the complete process (save+remove) are tested'''
def setUp(self):
'''Create a self-signed RootCA'''
## Root CA object
self.rca = CertificateAuthority( common_name='Root CA', name='Root_CA', description="unit test", country='DE', state='Bavaria', \
locality='Munich', organization='Bozo Clown Inc.', OU='IT', email='*****@*****.**', valid_days=1000, \
key_length=1024, expiry_date='', created='', revoked=None, active=None, serial=None, ca_chain=None, \
pem_encoded=True, der_encoded=False, parent=None, passphrase='1234567890', subcas_allowed=True )
## Intermediate CA object
self.ica = CertificateAuthority( common_name='Intermediate CA', name='Intermediate_CA', description="unit test IM CA", country='DE', \
state='Bavaria', locality='Berlin', organization='Bozo Clown Inc.', OU=None, email='*****@*****.**', valid_days=365, \
key_length=1024, expiry_date='', created='', revoked=None, active=None, serial=None, ca_chain=None, \
pem_encoded=True, der_encoded=False, parent=self.rca, parent_passphrase="1234567890", \
passphrase='1234567890', subcas_allowed=True)
## Sub CA object (RootCA->IntermediateCA->SubCA)
self.sca = CertificateAuthority( common_name='Sub CA', name='Sub_CA', description="unit test sub CA", country='DE', state='Bavaria', \
locality='Munich', organization='Bozo Clown Inc.', OU='IT', email='*****@*****.**', valid_days=365, \
key_length=1024, expiry_date='', created='', revoked=None, active=None, serial=None, ca_chain=None, \
pem_encoded=True, der_encoded=False, parent=self.ica, parent_passphrase="1234567890", \
passphrase='1234567890', subcas_allowed=False)
openssl.refresh_pki_metadata([self.rca, self.ica, self.sca])
self.rca_action = openssl.OpensslActions(self.rca)
self.ica_action = openssl.OpensslActions(self.ica)
self.sca_action = openssl.OpensslActions(self.sca)
def test_001_OpensslExec(self):
self.assertTrue(self.rca_action.exec_openssl(['version'], None))
def test_002_GenerateKey(self):
self.rca_action.generate_key()
self.assertTrue(os.path.exists(self.rca_action.key))
def test_003_GenerateCsr(self):
self.rca_action.generate_csr()
self.assertTrue(os.path.exists(self.rca_action.csr))
def test_004_GenerateSelfSignedCA(self):
self.rca_action.generate_self_signed_cert()
self.assertTrue(os.path.exists(self.rca_action.crt))
def test_005_DerExport(self):
self.rca_action.generate_der_encoded()
self.assertTrue(os.path.exists(self.rca_action.der))
def test_006_DerRemove(self):
self.rca_action.remove_der_encoded()
self.assertFalse(os.path.exists(self.rca_action.der))
def test_007_SubjectBuild(self):
self.assertEqual(subject_for_object(self.rca), '/CN=%s/C=%s/ST=%s/localityName=%s/O=%s/organizationalUnitName=%s/emailAddress=%s' % \
( self.rca.common_name, self.rca.country, self.rca.state,
self.rca.locality, self.rca.organization, self.rca.OU, self.rca.email ))
def test_008_GenerateCrl(self):
self.rca_action.generate_crl(ca=self.rca.name, pf='1234567890')
self.assertTrue(os.path.exists(self.rca_action.crl))
def test_009_SaveObject(self):
self.assertEqual(self.rca.save(), None)
def test_010_GetSerial(self):
self.assertEqual(self.rca_action.get_serial_from_cert(), CertificateAuthority.objects.get(pk=1).serial)
def test_011_RemoveObject(self):
ca = CertificateAuthority.objects.get(pk=1)
self.assertEqual(ca.delete(None), None)
def test_012_ReSaveObject(self):
self.assertEqual(self.rca.save(), None)
def test_013_CreateIntermediateCA(self):
self.assertEqual(self.ica.save(), None)
def test_014_CreateLeafCA(self):
self.assertEqual(self.sca.save(), None)
def test_015_RevokeIntermediateCA(self):
self.ica.action = 'revoke'
self.ica.parent_passphrase = self.rca.passphrase
self.ica.pk = CertificateAuthority.objects.get(name=self.ica.name).pk
self.assertEqual(self.ica.save(), None)
def test_016_CheckCertificateRevokeStatus(self):
self.ica.serial = CertificateAuthority.objects.get(name=self.ica.name).serial
self.assertTrue(self.ica_action.get_revoke_status_from_cert())
def test_017_FilesForObject(self):
self.assertEqual(type(files_for_object(self.rca)), type(dict()))