def test_02_sign_cert(self):
cacon = LocalCAConnector("localCA", {"cacert": "...",
"cakey": "..."})
# set the parameters:
cwd = os.getcwd()
cacon.set_config({"cakey": CAKEY, "cacert": CACERT,
"openssl.cnf": OPENSSLCNF,
"WorkingDir": cwd + "/" + WORKINGDIR})
cert = cacon.sign_request(REQUEST,
{"CSRDir": "",
"CertificateDir": "",
"WorkingDir": cwd + "/" + WORKINGDIR})
serial = cert.get_serial_number()
self.assertEqual("{0!r}".format(cert.get_issuer()),
"<X509Name object "
"'/C=DE/ST=Hessen/O=privacyidea/CN=CA001'>")
self.assertEqual("{0!r}".format(cert.get_subject()),
"<X509Name object "
"'/C=DE/ST=Hessen/O=privacyidea/CN=requester"
".localdomain'>")
# Revoke certificate
r = cacon.revoke_cert(cert)
serial_hex = int_to_hex(serial)
self.assertEqual(r, serial_hex)
# Create the CRL
r = cacon.create_crl()
self.assertEqual(r, "crl.pem")
# Check if the serial number is contained in the CRL!
filename = os.path.join(cwd, WORKINGDIR, "crl.pem")
f = open(filename)
buff = f.read()
f.close()
crl = crypto.load_crl(crypto.FILETYPE_PEM, buff)
revoked_certs = crl.get_revoked()
found_revoked_cert = False
for revoked_cert in revoked_certs:
s = to_unicode(revoked_cert.get_serial())
if s == serial_hex:
found_revoked_cert = True
break
self.assertTrue(found_revoked_cert)
# Create the CRL and check the overlap period. But no need to create
# a new CRL.
r = cacon.create_crl(check_validity=True)
self.assertEqual(r, None)
# Now we overlap at any cost!
cacon.set_config({"cakey": CAKEY, "cacert": CACERT,
"openssl.cnf": OPENSSLCNF,
"WorkingDir": cwd + "/" + WORKINGDIR,
ATTR.CRL_OVERLAP_PERIOD: 1000})
r = cacon.create_crl(check_validity=True)
self.assertEqual(r, "crl.pem")
def test_02_sign_cert(self):
cacon = LocalCAConnector("localCA", {"cacert": "...",
"cakey": "..."})
# set the parameters:
cwd = os.getcwd()
cacon.set_config({"cakey": CAKEY, "cacert": CACERT,
"openssl.cnf": OPENSSLCNF,
"WorkingDir": cwd + "/" + WORKINGDIR})
cert = cacon.sign_request(REQUEST,
{"CSRDir": "",
"CertificateDir": "",
"WorkingDir": cwd + "/" + WORKINGDIR})
serial = cert.get_serial_number()
self.assertEqual("{0!r}".format(cert.get_issuer()),
"<X509Name object "
"'/C=DE/ST=Hessen/O=privacyidea/CN=CA001'>")
self.assertEqual("{0!r}".format(cert.get_subject()),
"<X509Name object "
"'/C=DE/ST=Hessen/O=privacyidea/CN=requester"
".localdomain'>")
# Revoke certificate
r = cacon.revoke_cert(cert)
serial_hex = int_to_hex(serial)
self.assertEqual(r, serial_hex)
# Create the CRL
r = cacon.create_crl()
self.assertEqual(r, "crl.pem")
# Check if the serial number is contained in the CRL!
filename = os.path.join(cwd, WORKINGDIR, "crl.pem")
f = open(filename)
buff = f.read()
f.close()
crl = crypto.load_crl(crypto.FILETYPE_PEM, buff)
revoked_certs = crl.get_revoked()
found_revoked_cert = False
for revoked_cert in revoked_certs:
s = to_unicode(revoked_cert.get_serial())
if s == serial_hex:
found_revoked_cert = True
break
self.assertTrue(found_revoked_cert)
# Create the CRL and check the overlap period. But no need to create
# a new CRL.
r = cacon.create_crl(check_validity=True)
self.assertEqual(r, None)
# Now we overlap at any cost!
cacon.set_config({"cakey": CAKEY, "cacert": CACERT,
"openssl.cnf": OPENSSLCNF,
"WorkingDir": cwd + "/" + WORKINGDIR,
ATTR.CRL_OVERLAP_PERIOD: 1000})
r = cacon.create_crl(check_validity=True)
self.assertEqual(r, "crl.pem")
def test_02_sign_cert(self):
cacon = LocalCAConnector("localCA", {"cacert": "...",
"cakey": "..."})
# set the parameters:
cacon.set_config({"cakey": CAKEY, "cacert": CACERT,
"openssl.cnf": OPENSSLCNF})
cwd = os.getcwd()
cert = cacon.sign_request(REQUEST,
{"CSRDir": "",
"CertificateDir": "",
"WorkingDir": cwd + "/" + WORKINGDIR})
self.assertEqual("{0!r}".format(cert.get_issuer()),
"<X509Name object "
"'/C=DE/ST=Hessen/O=privacyidea/CN=CA001'>")
self.assertEqual("{0!r}".format(cert.get_subject()),
"<X509Name object "
"'/C=DE/ST=Hessen/O=privacyidea/CN=requester"
".localdomain'>")
def test_02_sign_cert(self):
cacon = LocalCAConnector("localCA", {"cacert": "...", "cakey": "..."})
# set the parameters:
cacon.set_config({
"cakey": CAKEY,
"cacert": CACERT,
"openssl.cnf": OPENSSLCNF
})
cwd = os.getcwd()
cert = cacon.sign_request(
REQUEST, {
"CSRDir": "",
"CertificateDir": "",
"WorkingDir": cwd + "/" + WORKINGDIR
})
self.assertEqual(
"{0!r}".format(cert.get_issuer()), "<X509Name object "
"'/C=DE/ST=Hessen/O=privacyidea/CN=CA001'>")
self.assertEqual(
"{0!r}".format(cert.get_subject()), "<X509Name object "
"'/C=DE/ST=Hessen/O=privacyidea/CN=requester"
".localdomain'>")