def test_fingerprint():
cryptography.generate_key()
cryptography.generate_certificate()
cert = cryptography.load_certificate(cryptography.get_default_cert_path())
# don't care about the fingerprint value
# test that calling the function does not raise an exception
cryptography.get_fingerprint(cert)
cryptography.get_fingerprint(cert, algorithm='SHA1')
cryptography.get_fingerprint(cert, algorithm=cryptography.hashes.SHA1())
cryptography.get_fingerprint(cert, algorithm='blake2s', digest_size=32)
cryptography.get_fingerprint(cert, algorithm=cryptography.hashes.BLAKE2b(64))
def test_rsa(kwargs):
key_file, cert_file = remove_files()
out = cryptography.generate_key(
path=key_file, password=kwargs['password'], size=kwargs['size']
)
assert out == key_file
out = cryptography.generate_certificate(
path=cert_file, key_path=key_file, key_password=kwargs['password'],
algorithm=kwargs['algorithm'], years_valid=kwargs['years_valid'],
)
assert out == cert_file
cert = cryptography.load_certificate(cert_file)
meta = cryptography.get_metadata(cert)
assert meta['issuer']['common_name'] == HOSTNAME
assert meta['subject']['common_name'] == HOSTNAME
assert meta['key']['encryption'] == 'RSA'
assert meta['key']['exponent'] == 65537
assert meta['key']['size'] == kwargs['size']
assert meta['fingerprint'] == cryptography.get_fingerprint(cert)
duration = meta['valid_to'].year - meta['valid_from'].year
if kwargs['years_valid'] is None:
assert duration == DEFAULT_YEARS_VALID
else:
assert duration == kwargs['years_valid']
def test_get_metadata_as_string():
cert = cryptography.load_certificate(cryptography.generate_certificate())
string = cryptography.get_metadata_as_string(cert)
assert re.search(r'Encryption: RSA', string)
assert re.search(r'Size: 2048', string)
assert re.search(r'Common Name: {}'.format(HOSTNAME), string)
assert re.search(cryptography.get_fingerprint(cert), string)
def test_stdout(capsys):
path = generate_certificate()
process('certdump {}'.format(path))
out, err = capsys.readouterr()
out_lines = out.splitlines()
assert not err
assert out_lines[0] == 'Version: v3'
assert out_lines[-2] == 'Fingerprint (SHA1):'
assert out_lines[-1] == get_fingerprint(load_certificate(path))
def test_show(capsys):
process('certgen --show')
out, err = capsys.readouterr()
assert not err
out_lines = out.splitlines()
assert out_lines[0] == 'Created the self-signed certificate {!r}'.format(get_default_cert_path())
assert not out_lines[1]
assert out_lines[2] == 'Version: v3'
assert out_lines[-2] == 'Fingerprint (SHA1):'
assert out_lines[-1] == get_fingerprint(load_certificate(get_default_cert_path()))
def test_file(capsys):
tmp = os.path.join(tempfile.gettempdir(), 'out.tmp')
path = generate_certificate()
process('certdump {} --out {}'.format(path, tmp))
out, err = capsys.readouterr()
assert out.rstrip() == 'Dumped the certificate details to ' + tmp
assert not err
with open(tmp, mode='rt') as fp:
lines = [line.rstrip() for line in fp.readlines()]
assert lines[0] == 'Certificate details for {}'.format(path)
assert lines[1] == 'Version: v3'
assert lines[-2] == 'Fingerprint (SHA1):'
assert lines[-1] == get_fingerprint(load_certificate(path))
os.remove(tmp)
