def test_get_ca_cert_with_cafile(opt_adcs, opt_username, opt_password, opt_cafile):
if not opt_cafile:
pytest.skip("No CA bundle configured")
os.environ['SSL_CERT_FILE'] = './fakepath'
pem_cert = certsrv.get_ca_cert(opt_adcs, opt_username, opt_password, cafile=opt_cafile)
cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, pem_cert)
# If it is the current cert, it should be valid
assert cert.has_expired() == False
def test_get_ca_cert_with_ntlm(opt_adcs, opt_username, opt_password):
pem_cert = certsrv.get_ca_cert(opt_adcs,
opt_username,
opt_password,
auth_method='ntlm')
cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM,
pem_cert)
# If it is the current cert, it should be valid
assert cert.has_expired() == False
def get_root_cert(server, username, password):
print('Downloading CA cert')
root_cert = get_ca_cert(server, username, password)
f = open('root_cert.crt', 'wb+') #create empty root cert file
f.write(root_cert)
f.close()
print('Done, see root_cert.crt in the current directory')
def check_cert_matches_csr_and_issuer(csr, cert, adcs, username, password):
"""
Basic check that the cert matches the csr and the issuer
Does not check the signature, so not for production use!
"""
cert_key = OpenSSL.crypto.dump_publickey(OpenSSL.crypto.FILETYPE_ASN1, cert.get_pubkey())
csr_key = OpenSSL.crypto.dump_publickey(OpenSSL.crypto.FILETYPE_ASN1, csr.get_pubkey())
pem_issuer = certsrv.get_ca_cert(adcs, username, password)
issuer = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, pem_issuer)
assert issuer.get_subject() == cert.get_issuer()
assert cert_key == csr_key
assert csr.get_subject() == cert.get_subject()
def test_get_ca_cert_der(opt_adcs, opt_username, opt_password):
bin_cert = certsrv.get_ca_cert(opt_adcs, opt_username, opt_password, 'bin')
cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_ASN1, bin_cert)
# If it is the current cert, it should be valid
assert cert.has_expired() == False
def test_get_ca_cert_with_wrong_cafile(opt_adcs):
dir_path = os.path.dirname(os.path.realpath(__file__))
ca_bundle = '%s/test_dummy-ca-cert.pem' % dir_path
with pytest.raises(URLError) as excinfo:
certsrv.get_ca_cert(opt_adcs, 'username', 'password', cafile=ca_bundle)
assert excinfo.value.reason.reason == 'CERTIFICATE_VERIFY_FAILED'
def test_get_ca_cert_with_wrong_cafile(opt_adcs):
dir_path = os.path.dirname(os.path.realpath(__file__))
ca_bundle = '%s/test_dummy-ca-cert.pem' % dir_path
with pytest.raises(SSLError) as excinfo:
certsrv.get_ca_cert(opt_adcs, 'username', 'password', cafile=ca_bundle)