def test_070_servers(self): # return ssl_cert_path = os.path.join(PKIDATA, 'localhost_ssl_cert.pem') ssl_cert = QgsAuthCertUtils.certsFromFile(ssl_cert_path)[0] msg = 'SSL server certificate is null' self.assertFalse(ssl_cert.isNull(), msg) cert_sha = QgsAuthCertUtils.shaHexForCert(ssl_cert) hostport = 'localhost:8443' config = QgsAuthConfigSslServer() config.setSslCertificate(ssl_cert) config.setSslHostPort(hostport) config.setSslIgnoredErrorEnums([QSslError.SelfSignedCertificate]) config.setSslPeerVerifyMode(QSslSocket.VerifyNone) config.setSslPeerVerifyDepth(3) config.setSslProtocol(QSsl.TlsV1) msg = 'SSL config is null' self.assertFalse(config.isNull(), msg) msg = 'Could not store SSL config' self.assertTrue(self.authm.storeSslCertCustomConfig(config), msg) msg = 'Could not verify storage of SSL config' self.assertTrue( self.authm.existsSslCertCustomConfig(cert_sha, hostport), msg) msg = 'Could not verify SSL config in all configs' self.assertIsNotNone(self.authm.getSslCertCustomConfigs(), msg) msg = 'Could not retrieve SSL config' config2 = self.authm.getSslCertCustomConfig(cert_sha, hostport) """:type: QgsAuthConfigSslServer""" self.assertFalse(config2.isNull(), msg) msg = 'Certificate of retrieved SSL config does not match' self.assertEqual(config.sslCertificate(), config2.sslCertificate(), msg) msg = 'HostPort of retrieved SSL config does not match' self.assertEqual(config.sslHostPort(), config2.sslHostPort(), msg) msg = 'IgnoredErrorEnums of retrieved SSL config does not match' enums = config2.sslIgnoredErrorEnums() self.assertTrue(QSslError.SelfSignedCertificate in enums, msg) msg = 'PeerVerifyMode of retrieved SSL config does not match' self.assertEqual(config.sslPeerVerifyMode(), config2.sslPeerVerifyMode(), msg) msg = 'PeerVerifyDepth of retrieved SSL config does not match' self.assertEqual(config.sslPeerVerifyDepth(), config2.sslPeerVerifyDepth(), msg) msg = 'Protocol of retrieved SSL config does not match' self.assertEqual(config.sslProtocol(), config2.sslProtocol(), msg) # dlg = QgsAuthSslConfigDialog(None, ssl_cert, hostport) # dlg.exec_() msg = 'Could not remove SSL config' self.assertTrue( self.authm.removeSslCertCustomConfig(cert_sha, hostport), msg) msg = 'Could not verify removal of SSL config' self.assertFalse( self.authm.existsSslCertCustomConfig(cert_sha, hostport), msg)
def test_070_servers(self): # return ssl_cert_path = os.path.join(PKIDATA, 'localhost_ssl_cert.pem') ssl_cert = QgsAuthCertUtils.certsFromFile(ssl_cert_path)[0] msg = 'SSL server certificate is null' self.assertFalse(ssl_cert.isNull(), msg) cert_sha = QgsAuthCertUtils.shaHexForCert(ssl_cert) hostport = 'localhost:8443' config = QgsAuthConfigSslServer() config.setSslCertificate(ssl_cert) config.setSslHostPort(hostport) config.setSslIgnoredErrorEnums([QSslError.SelfSignedCertificate]) config.setSslPeerVerifyMode(QSslSocket.VerifyNone) config.setSslPeerVerifyDepth(3) config.setSslProtocol(QSsl.TlsV1) msg = 'SSL config is null' self.assertFalse(config.isNull(), msg) msg = 'Could not store SSL config' self.assertTrue(self.authm.storeSslCertCustomConfig(config), msg) msg = 'Could not verify storage of SSL config' self.assertTrue( self.authm.existsSslCertCustomConfig(cert_sha, hostport), msg) msg = 'Could not verify SSL config in all configs' self.assertIsNotNone(self.authm.getSslCertCustomConfigs(), msg) msg = 'Could not retrieve SSL config' config2 = self.authm.getSslCertCustomConfig(cert_sha, hostport) """:type: QgsAuthConfigSslServer""" self.assertFalse(config2.isNull(), msg) msg = 'Certificate of retrieved SSL config does not match' self.assertEqual(config.sslCertificate(), config2.sslCertificate(), msg) msg = 'HostPort of retrieved SSL config does not match' self.assertEqual(config.sslHostPort(), config2.sslHostPort(), msg) msg = 'IgnoredErrorEnums of retrieved SSL config does not match' enums = config2.sslIgnoredErrorEnums() self.assertTrue(QSslError.SelfSignedCertificate in enums, msg) msg = 'PeerVerifyMode of retrieved SSL config does not match' self.assertEqual(config.sslPeerVerifyMode(), config2.sslPeerVerifyMode(), msg) msg = 'PeerVerifyDepth of retrieved SSL config does not match' self.assertEqual(config.sslPeerVerifyDepth(), config2.sslPeerVerifyDepth(), msg) msg = 'Protocol of retrieved SSL config does not match' self.assertEqual(config.sslProtocol(), config2.sslProtocol(), msg) # dlg = QgsAuthSslConfigDialog(None, ssl_cert, hostport) # dlg.exec_() msg = 'Could not remove SSL config' self.assertTrue( self.authm.removeSslCertCustomConfig(cert_sha, hostport), msg) msg = 'Could not verify removal of SSL config' self.assertFalse( self.authm.existsSslCertCustomConfig(cert_sha, hostport), msg)
def test_060_identities(self): client_cert_path = os.path.join(PKIDATA, 'fra_cert.pem') client_key_path = os.path.join(PKIDATA, 'fra_key_w-pass.pem') client_key_pass = '******' client_p12_path = os.path.join(PKIDATA, 'gerardus_w-chain.p12') client_p12_pass = '******' # store regular PEM cert/key and generate config # noinspection PyTypeChecker bundle1 = QgsPkiBundle.fromPemPaths(client_cert_path, client_key_path, client_key_pass) bundle1_cert = bundle1.clientCert() bundle1_key = bundle1.clientKey() bundle1_ca_chain = bundle1.caChain() bundle1_cert_sha = bundle1.certId() # with open(client_key_path, 'r') as f: # key_data = f.read() # # client_cert = QgsAuthCertUtils.certsFromFile(client_cert_path)[0] msg = 'Identity PEM certificate is null' self.assertFalse(bundle1_cert.isNull(), msg) # cert_sha = QgsAuthCertUtils.shaHexForCert(client_cert) # # client_key = QSslKey(key_data, QSsl.Rsa, QSsl.Pem, # QSsl.PrivateKey, client_key_pass) msg = 'Identity PEM key is null' self.assertFalse(bundle1_key.isNull(), msg) msg = 'Identity PEM certificate chain is not empty' self.assertEqual(len(bundle1_ca_chain), 0, msg) msg = "Identity PEM could not be stored in database" self.assertTrue( self.authm.storeCertIdentity(bundle1_cert, bundle1_key), msg) msg = "Identity PEM not found in database" self.assertTrue(self.authm.existsCertIdentity(bundle1_cert_sha), msg) config1 = QgsAuthMethodConfig() config1.setName('IdentityCert - PEM') config1.setMethod('Identity-Cert') config1.setConfig('certid', bundle1_cert_sha) msg = 'Could not store PEM identity config' self.assertTrue(self.authm.storeAuthenticationConfig(config1), msg) configid1 = config1.id() msg = 'Could not retrieve PEM identity config id from store op' self.assertIsNotNone(configid1, msg) config2 = QgsAuthMethodConfig() msg = 'Could not load PEM identity config' self.assertTrue( self.authm.loadAuthenticationConfig(configid1, config2, True), msg) # store PKCS#12 bundled cert/key and generate config # bundle = QgsPkcsBundle(client_p12_path, client_p12_pass) # noinspection PyTypeChecker bundle = QgsPkiBundle.fromPkcs12Paths(client_p12_path, client_p12_pass) bundle_cert = bundle.clientCert() bundle_key = bundle.clientKey() bundle_ca_chain = bundle.caChain() bundle_cert_sha = QgsAuthCertUtils.shaHexForCert(bundle_cert) msg = 'Identity bundle certificate is null' self.assertFalse(bundle_cert.isNull(), msg) msg = 'Identity bundle key is null' self.assertFalse(bundle_key.isNull(), msg) msg = 'Identity bundle CA chain is not correct depth' self.assertEqual(len(bundle_ca_chain), 3, msg) msg = "Identity bundle could not be stored in database" self.assertTrue(self.authm.storeCertIdentity(bundle_cert, bundle_key), msg) msg = "Identity bundle not found in database" self.assertTrue(self.authm.existsCertIdentity(bundle_cert_sha), msg) bundle_config = QgsAuthMethodConfig() bundle_config.setName('IdentityCert - Bundle') bundle_config.setMethod('Identity-Cert') bundle_config.setConfig('certid', bundle_cert_sha) msg = 'Could not store bundle identity config' self.assertTrue(self.authm.storeAuthenticationConfig(bundle_config), msg) bundle_configid = bundle_config.id() msg = 'Could not retrieve bundle identity config id from store op' self.assertIsNotNone(bundle_configid, msg) bundle_config2 = QgsAuthMethodConfig() msg = 'Could not load bundle identity config' self.assertTrue( self.authm.loadAuthenticationConfig(bundle_configid, bundle_config2, True), msg) # TODO: add more tests # self.show_editors_widget() msg = 'Could not remove PEM identity config' self.assertTrue(self.authm.removeAuthenticationConfig(configid1), msg) msg = 'Could not remove bundle identity config' self.assertTrue(self.authm.removeAuthenticationConfig(bundle_configid), msg)
def test_060_identities(self): client_cert_path = os.path.join(PKIDATA, 'fra_cert.pem') client_key_path = os.path.join(PKIDATA, 'fra_key_w-pass.pem') client_key_pass = '******' client_p12_path = os.path.join(PKIDATA, 'gerardus_w-chain.p12') client_p12_pass = '******' # store regular PEM cert/key and generate config # noinspection PyTypeChecker bundle1 = QgsPkiBundle.fromPemPaths(client_cert_path, client_key_path, client_key_pass) bundle1_cert = bundle1.clientCert() bundle1_key = bundle1.clientKey() bundle1_ca_chain = bundle1.caChain() bundle1_cert_sha = bundle1.certId() # with open(client_key_path, 'r') as f: # key_data = f.read() # # client_cert = QgsAuthCertUtils.certsFromFile(client_cert_path)[0] msg = 'Identity PEM certificate is null' self.assertFalse(bundle1_cert.isNull(), msg) # cert_sha = QgsAuthCertUtils.shaHexForCert(client_cert) # # client_key = QSslKey(key_data, QSsl.Rsa, QSsl.Pem, # QSsl.PrivateKey, client_key_pass) msg = 'Identity PEM key is null' self.assertFalse(bundle1_key.isNull(), msg) msg = 'Identity PEM certificate chain is not empty' self.assertEqual(len(bundle1_ca_chain), 0, msg) msg = "Identity PEM could not be stored in database" self.assertTrue( self.authm.storeCertIdentity(bundle1_cert, bundle1_key), msg) msg = "Identity PEM not found in database" self.assertTrue(self.authm.existsCertIdentity(bundle1_cert_sha), msg) config1 = QgsAuthMethodConfig() config1.setName('IdentityCert - PEM') config1.setMethod('Identity-Cert') config1.setConfig('certid', bundle1_cert_sha) msg = 'Could not store PEM identity config' self.assertTrue(self.authm.storeAuthenticationConfig(config1), msg) configid1 = config1.id() msg = 'Could not retrieve PEM identity config id from store op' self.assertIsNotNone(configid1, msg) config2 = QgsAuthMethodConfig() msg = 'Could not load PEM identity config' self.assertTrue( self.authm.loadAuthenticationConfig(configid1, config2, True), msg) # store PKCS#12 bundled cert/key and generate config # bundle = QgsPkcsBundle(client_p12_path, client_p12_pass) # noinspection PyTypeChecker bundle = QgsPkiBundle.fromPkcs12Paths(client_p12_path, client_p12_pass) bundle_cert = bundle.clientCert() bundle_key = bundle.clientKey() bundle_ca_chain = bundle.caChain() bundle_cert_sha = QgsAuthCertUtils.shaHexForCert(bundle_cert) msg = 'Identity bundle certificate is null' self.assertFalse(bundle_cert.isNull(), msg) msg = 'Identity bundle key is null' self.assertFalse(bundle_key.isNull(), msg) msg = 'Identity bundle CA chain is not correct depth' self.assertEqual(len(bundle_ca_chain), 3, msg) msg = "Identity bundle could not be stored in database" self.assertTrue( self.authm.storeCertIdentity(bundle_cert, bundle_key), msg) msg = "Identity bundle not found in database" self.assertTrue(self.authm.existsCertIdentity(bundle_cert_sha), msg) bundle_config = QgsAuthMethodConfig() bundle_config.setName('IdentityCert - Bundle') bundle_config.setMethod('Identity-Cert') bundle_config.setConfig('certid', bundle_cert_sha) msg = 'Could not store bundle identity config' self.assertTrue( self.authm.storeAuthenticationConfig(bundle_config), msg) bundle_configid = bundle_config.id() msg = 'Could not retrieve bundle identity config id from store op' self.assertIsNotNone(bundle_configid, msg) bundle_config2 = QgsAuthMethodConfig() msg = 'Could not load bundle identity config' self.assertTrue( self.authm.loadAuthenticationConfig(bundle_configid, bundle_config2, True), msg) # TODO: add more tests # self.show_editors_widget() msg = 'Could not remove PEM identity config' self.assertTrue(self.authm.removeAuthenticationConfig(configid1), msg) msg = 'Could not remove bundle identity config' self.assertTrue( self.authm.removeAuthenticationConfig(bundle_configid), msg)