def test_chain_0_element(self):
"""
Should raise an error cause there is no chain
"""
chain = []
kp = KeyPair()
with pytest.raises(ValueError):
X509Certificate.verify_chain(kp.public_key(), chain,
kp.public_key())
def test_chain_1_element(self):
""""
An equipment automaticaly verify a chain with only it inside
"""
chain = []
kp = KeyPair()
cert = X509Certificate(
issuer="issuer",
subject="subject",
public_key=kp.public_key(),
private_key=kp.private_key(),
validity_days=10,
)
chain.append(cert)
X509Certificate.verify_chain(kp.public_key(), chain, kp.public_key())
def test_chain_X_elements(self, cert_count):
"""
Chain with X valid certificates
"""
chain = []
kp_root = KeyPair()
privkey = kp_root.private_key()
for i in range(cert_count):
kp_next = KeyPair()
pubkey = kp_next.public_key()
cert = X509Certificate(
issuer="issuer",
subject="subject",
public_key=kp_next.public_key(),
private_key=privkey,
validity_days=10,
)
privkey = kp_next.private_key()
chain.append(cert)
X509Certificate.verify_chain(kp_root.public_key(), chain, pubkey)
def is_known_by_DA(self, s: socket.socket, pubkey_other) -> bool:
cert_chain = self.create_cert_chain(pubkey_other)
set_to_send = []
for cert in cert_chain:
d = cert.cert_pem().decode()
set_to_send.append(d)
sendall(s, json.dumps(set_to_send).encode())
cert_chain_received = recv_json(s)
cert_chain_received = [
X509Certificate.load_from_pem(cert.encode())
for cert in cert_chain_received
]
print("Cert chain exchanged")
if len(cert_chain) != 0:
print("I CAN reach the other one, no more question on my side")
return True
elif len(cert_chain_received) == 0:
print("NONE of us can reach the other one with a cert chain")
return False
elif not X509Certificate.verify_chain(
self.key_pair.public_key(), cert_chain_received,
pubkey_other): # the other one a cert chain. Is it valid ?
print(
"I cannot generate a cert chain and the cert chain received is NOT valid"
)
return False
print(
"I cannot generate a cert chain BUT the cert chain received IS valid"
)
return True