def test_validate_cert_chains(self):
cert_info_ca = {
"cn": "qwerty",
"country_code": "qw",
"state": "qwerty",
"city": "qwerty",
"organization": "qwerty",
"organization_unit": "qwerty",
}
cert_intermediate_1_info = {
"cn": "intermediate_1",
"country_code": "as",
"state": "asdfgh",
"city": "asdfgh",
"organization": "asdfgh",
"organization_unit": "asdfg",
}
cert_intermediate_2_info = {
"cn": "intermediate_2",
"country_code": "as",
"state": "asdfgh",
"city": "asdfgh",
"organization": "asdfgh",
"organization_unit": "asdfg",
}
cert_client_cert_info = {
"cn": "intermediate_1",
"country_code": "as",
"state": "asdfgh",
"city": "asdfgh",
"organization": "asdfgh",
"organization_unit": "asdfg",
}
osw = OpenSSLWrapper()
ca_cert_str, ca_key_str = osw.create_certificate(cert_info_ca, request=False)
req_cert_str, intermediate_1_key_str = osw.create_certificate(cert_intermediate_1_info, request=True)
intermediate_cert_1_str = osw.create_cert_signed_certificate(ca_cert_str, ca_key_str, req_cert_str)
req_cert_str, intermediate_2_key_str = osw.create_certificate(cert_intermediate_2_info, request=True)
intermediate_cert_2_str = osw.create_cert_signed_certificate(
intermediate_cert_1_str, intermediate_1_key_str, req_cert_str
)
req_cert_str, client_key_str = osw.create_certificate(cert_client_cert_info, request=True)
client_cert_str = osw.create_cert_signed_certificate(
intermediate_cert_2_str, intermediate_2_key_str, req_cert_str
)
cert_chain = [intermediate_cert_2_str, intermediate_cert_1_str, ca_cert_str]
valid, mess = osw.verify_chain(cert_chain, client_cert_str)
self.assertTrue(valid)
def generate_cert():
cert_info = {
"cn": "localhost",
"country_code": "se",
"state": "ac",
"city": "Umea",
"organization": "ITS",
"organization_unit": "DIRG"
}
osw = OpenSSLWrapper()
cert_str, key_str = osw.create_certificate(cert_info, request=False)
return cert_str, key_str
def generate_cert():
cert_info = {
'cn': 'localhost',
'country_code': 'se',
'state': 'ac',
'city': 'Umea',
'organization': 'ITS',
'organization_unit': 'DIRG'
}
osw = OpenSSLWrapper()
cert_str, key_str = osw.create_certificate(cert_info, request=False)
return cert_str, key_str
def generate_cert():
cert_info = {
'cn': 'localhost',
'country_code': 'se',
'state': 'ac',
'city': 'Umea',
'organization': 'ITS',
'organization_unit': 'DIRG'
}
osw = OpenSSLWrapper()
cert_str, key_str = osw.create_certificate(cert_info, request=False)
return cert_str, key_str
def generate_cert():
cert_info = {
"cn": "localhost",
"country_code": "se",
"state": "ac",
"city": "Umea",
"organization": "ITS",
"organization_unit": "DIRG"
}
osw = OpenSSLWrapper()
cert_str, key_str = osw.create_certificate(cert_info, request=False)
return cert_str, key_str
def generate_cert(self):
sn = uuid.uuid4().urn
cert_info = {
"cn": "localhost",
"country_code": "se",
"state": "ac",
"city": "Umea",
"organization": "ITS",
"organization_unit": "DIRG"
}
osw = OpenSSLWrapper()
ca_cert_str = osw.read_str_from_file(self.base_dir + "/root_cert/localhost.ca.crt")
ca_key_str = osw.read_str_from_file(self.base_dir + "/root_cert/localhost.ca.key")
req_cert_str, req_key_str = osw.create_certificate(cert_info, request=True, sn=sn, key_length=2048)
cert_str = osw.create_cert_signed_certificate(ca_cert_str, ca_key_str, req_cert_str)
return cert_str, req_key_str
def generateCert(cert_info=None, gen_jwks_cert=True):
cert_info_ca = {
"cn": "localhost",
"country_code": "se",
"state": "ac",
"city": "Test",
"organization": "Test org",
"organization_unit": "Testers"
}
if cert_info is not None:
cert_info_ca = cert_info
osw = OpenSSLWrapper()
sn = 1
try:
sn = osw.read_str_from_file("sn.txt")
if len(sn) > 0:
sn = int(sn)
sn += 1
else:
sn = 1
except:
pass
ca_cert1, ca_key1 = osw.create_certificate(cert_info_ca, request=False, write_to_file=True,
cert_dir="./httpsCert", sn=sn)
sn += 1
ca_cert2, ca_key2 = osw.create_certificate(cert_info_ca, request=False, write_to_file=True,
cert_dir="./idp_cert", sn=sn)
sn += 1
ca_cert3, ca_key3 = osw.create_certificate(cert_info_ca, request=False, write_to_file=True,
cert_dir="./sp_cert", sn=sn)
sn += 1
ca_cert4 = None
if gen_jwks_cert:
ca_cert4, ca_key4 = osw.create_certificate(cert_info_ca, request=False, write_to_file=True,
cert_dir="./opKeys", sn=sn, key_length=2048)
sn += 1
osw.write_str_to_file("sn.txt", str(sn))
return sn, ca_cert4
def test_validate_passphrase(self):
cert_info_ca = {
"cn": "qwerty",
"country_code": "qw",
"state": "qwerty",
"city": "qwerty",
"organization": "qwerty",
"organization_unit": "qwerty"
}
cert_info = {
"cn": "intermediate_1",
"country_code": "as",
"state": "asdfgh",
"city": "asdfgh",
"organization": "asdfgh",
"organization_unit": "asdfg"
}
osw = OpenSSLWrapper()
ca_cert_str, ca_key_str = osw.create_certificate(
cert_info_ca, request=False,
cipher_passphrase={"cipher": "blowfish", "passphrase": "qwerty"})
req_cert_str, req_key_str = osw.create_certificate(cert_info,
request=True)
cert_str = osw.create_cert_signed_certificate(ca_cert_str, ca_key_str,
req_cert_str,
passphrase="qwerty")
valid = False
try:
cert_str = osw.create_cert_signed_certificate(
ca_cert_str, ca_key_str, req_cert_str,
passphrase="qwertyqwerty")
except Exception:
valid = True
self.assertTrue(valid)
def generatePublicKey(cert_file):
osw = OpenSSLWrapper()
cert_str = osw.read_str_from_file(cert_file)
cert = crypto.load_certificate(crypto.FILETYPE_PEM, cert_str)
pub_key = cert.get_pubkey()
src = crypto.dump_privatekey(crypto.FILETYPE_ASN1, pub_key)
pub_der = DerSequence()
pub_der.decode(src)
pub_key_rsa = RSA.construct((long(pub_der._seq[1]), long(pub_der._seq[2])))
pemSeq = DerSequence()
pemSeq[:] = [pub_key_rsa.key.n, pub_key_rsa.key.e]
s = pub_key_str = b64encode(pemSeq.encode())
pem_src = '-----BEGIN RSA PUBLIC KEY-----\n'
while True:
pem_src += s[:64] + '\n'
s = s[64:]
if s == '':
break
pem_src += '-----END RSA PUBLIC KEY-----'
jwks = {
"keys": [{
"use": "enc",
"e": "AQAB",
"kty": "RSA",
"n": pub_key_str
}, {
"use": "sig",
"e": "AQAB",
"kty": "RSA",
"n": pub_key_str
}]
}
jwks_str = json.dumps(jwks)
osw.write_str_to_file("./static/jwks.json", jwks_str)
def test_validate_passphrase(self):
cert_info_ca = {
"cn": "qwerty",
"country_code": "qw",
"state": "qwerty",
"city": "qwerty",
"organization": "qwerty",
"organization_unit": "qwerty"
}
cert_info = {
"cn": "intermediate_1",
"country_code": "as",
"state": "asdfgh",
"city": "asdfgh",
"organization": "asdfgh",
"organization_unit": "asdfg"
}
osw = OpenSSLWrapper()
ca_cert_str, ca_key_str = osw.create_certificate(cert_info_ca,
request=False,
cipher_passphrase={
"cipher":
"blowfish",
"passphrase":
"qwerty"
})
req_cert_str, req_key_str = osw.create_certificate(cert_info,
request=True)
cert_str = osw.create_cert_signed_certificate(ca_cert_str,
ca_key_str,
req_cert_str,
passphrase=b"qwerty")
valid = False
try:
cert_str = osw.create_cert_signed_certificate(
ca_cert_str,
ca_key_str,
req_cert_str,
passphrase="qwertyqwerty")
except Exception:
valid = True
self.assertTrue(valid)
def generate_cert():
sn = uuid.uuid4().urn
cert_info = {
"cn": "localhost",
"country_code": "se",
"state": "ac",
"city": "Umea",
"organization": "ITS",
"organization_unit": "DIRG"
}
osw = OpenSSLWrapper()
ca_cert_str = osw.read_str_from_file(
full_path("root_cert/localhost.ca.crt"))
ca_key_str = osw.read_str_from_file(
full_path("root_cert/localhost.ca.key"))
req_cert_str, req_key_str = osw.create_certificate(cert_info,
request=True,
sn=sn,
key_length=2048)
cert_str = osw.create_cert_signed_certificate(ca_cert_str, ca_key_str,
req_cert_str)
return cert_str, req_key_str
def test_validate_expire(self):
cert_info_ca = {
"cn": "qwerty",
"country_code": "qw",
"state": "qwerty",
"city": "qwerty",
"organization": "qwerty",
"organization_unit": "qwerty"
}
cert_info = {
"cn": "intermediate_1",
"country_code": "as",
"state": "asdfgh",
"city": "asdfgh",
"organization": "asdfgh",
"organization_unit": "asdfg"
}
osw = OpenSSLWrapper()
ca_cert_str, ca_key_str = osw.create_certificate(cert_info_ca,
request=False)
req_cert_str, req_key_str = osw.create_certificate(cert_info,
request=True)
cert_str = osw.create_cert_signed_certificate(ca_cert_str, ca_key_str,
req_cert_str)
valid, mess = osw.verify(ca_cert_str, cert_str)
ca_cert_str, ca_key_str = osw.create_certificate(cert_info_ca,
request=False,
valid_from=1000,
valid_to=100000)
req_cert_str, req_key_str = osw.create_certificate(cert_info,
request=True)
cert_str = osw.create_cert_signed_certificate(ca_cert_str, ca_key_str,
req_cert_str)
valid, mess = osw.verify(ca_cert_str, cert_str)
self.assertFalse(valid)
ca_cert_str, ca_key_str = osw.create_certificate(cert_info_ca,
request=False)
req_cert_str, req_key_str = osw.create_certificate(cert_info,
request=True)
cert_str = osw.create_cert_signed_certificate(ca_cert_str, ca_key_str,
req_cert_str,
valid_from=1000,
valid_to=100000)
valid, mess = osw.verify(ca_cert_str, cert_str)
self.assertFalse(valid)
ca_cert_str, ca_key_str = osw.create_certificate(cert_info_ca,
request=False,
valid_from=0,
valid_to=1)
req_cert_str, req_key_str = osw.create_certificate(cert_info,
request=True)
cert_str = osw.create_cert_signed_certificate(ca_cert_str, ca_key_str,
req_cert_str)
time.sleep(2)
valid, mess = osw.verify(ca_cert_str, cert_str)
self.assertFalse(valid)
ca_cert_str, ca_key_str = osw.create_certificate(cert_info_ca,
request=False)
req_cert_str, req_key_str = osw.create_certificate(cert_info,
request=True)
cert_str = osw.create_cert_signed_certificate(ca_cert_str, ca_key_str,
req_cert_str,
valid_from=0, valid_to=1)
time.sleep(2)
valid, mess = osw.verify(ca_cert_str, cert_str)
self.assertFalse(valid)
def test_validate_with_root_cert(self):
cert_info_ca = {
"cn": "qwerty",
"country_code": "qw",
"state": "qwerty",
"city": "qwerty",
"organization": "qwerty",
"organization_unit": "qwerty"
}
cert_info = {
"cn": "asdfgh",
"country_code": "as",
"state": "asdfgh",
"city": "asdfgh",
"organization": "asdfgh",
"organization_unit": "asdfg"
}
osw = OpenSSLWrapper()
ca_cert, ca_key = osw.create_certificate(cert_info_ca, request=False,
write_to_file=True,
cert_dir=os.path.dirname(
os.path.abspath(
__file__)) + "/pki")
req_cert_str, req_key_str = osw.create_certificate(cert_info,
request=True)
ca_cert_str = osw.read_str_from_file(ca_cert)
ca_key_str = osw.read_str_from_file(ca_key)
cert_str = osw.create_cert_signed_certificate(ca_cert_str, ca_key_str,
req_cert_str)
valid, mess = osw.verify(ca_cert_str, cert_str)
self.assertTrue(valid)
false_ca_cert, false_ca_key = osw.create_certificate(cert_info_ca,
request=False,
write_to_file=False)
false_req_cert_str_1, false_req_key_str_1 = osw.create_certificate(
cert_info_ca, request=True)
false_cert_str_1 = osw.create_cert_signed_certificate(false_ca_cert,
false_ca_key,
false_req_cert_str_1)
false_req_cert_str_2, false_req_key_str_2 = osw.create_certificate(
cert_info, request=True)
false_cert_str_2 = osw.create_cert_signed_certificate(false_ca_cert,
false_ca_key,
false_req_cert_str_2)
valid, mess = osw.verify(false_ca_cert, cert_str)
self.assertFalse(valid)
valid, mess = osw.verify(false_ca_cert, false_cert_str_1)
self.assertFalse(valid)
valid, mess = osw.verify(ca_cert_str, false_cert_str_2)
self.assertFalse(valid)
if 'z' in cert_str:
false_cert_str = cert_str.replace('z', 'x')
valid, mess = osw.verify(ca_cert_str, false_cert_str)
self.assertFalse(valid)
remove(ca_cert)
remove(ca_key)
def test_validate_with_root_cert(self):
cert_info_ca = {
"cn": "qwerty",
"country_code": "qw",
"state": "qwerty",
"city": "qwerty",
"organization": "qwerty",
"organization_unit": "qwerty"
}
cert_info = {
"cn": "asdfgh",
"country_code": "as",
"state": "asdfgh",
"city": "asdfgh",
"organization": "asdfgh",
"organization_unit": "asdfg"
}
osw = OpenSSLWrapper()
ca_cert, ca_key = osw.create_certificate(
cert_info_ca,
request=False,
write_to_file=True,
cert_dir=os.path.dirname(os.path.abspath(__file__)) + "/pki")
req_cert_str, req_key_str = osw.create_certificate(cert_info,
request=True)
ca_cert_str = osw.read_str_from_file(ca_cert)
ca_key_str = osw.read_str_from_file(ca_key)
cert_str = osw.create_cert_signed_certificate(ca_cert_str, ca_key_str,
req_cert_str)
valid, mess = osw.verify(ca_cert_str, cert_str)
self.assertTrue(valid)
false_ca_cert, false_ca_key = osw.create_certificate(
cert_info_ca, request=False, write_to_file=False)
false_req_cert_str_1, false_req_key_str_1 = osw.create_certificate(
cert_info_ca, request=True)
false_cert_str_1 = osw.create_cert_signed_certificate(
false_ca_cert, false_ca_key, false_req_cert_str_1)
false_req_cert_str_2, false_req_key_str_2 = osw.create_certificate(
cert_info, request=True)
false_cert_str_2 = osw.create_cert_signed_certificate(
false_ca_cert, false_ca_key, false_req_cert_str_2)
valid, mess = osw.verify(false_ca_cert, cert_str)
self.assertFalse(valid)
valid, mess = osw.verify(false_ca_cert, false_cert_str_1)
self.assertFalse(valid)
valid, mess = osw.verify(ca_cert_str, false_cert_str_2)
self.assertFalse(valid)
if 'z' in cert_str:
false_cert_str = cert_str.replace('z', 'x')
valid, mess = osw.verify(ca_cert_str, false_cert_str)
self.assertFalse(valid)
remove(ca_cert)
remove(ca_key)
def generateCert(cert_info=None, gen_jwks_cert=True):
cert_info_ca = {
"cn": "localhost",
"country_code": "se",
"state": "ac",
"city": "Test",
"organization": "Test org",
"organization_unit": "Testers"
}
if cert_info is not None:
cert_info_ca = cert_info
osw = OpenSSLWrapper()
sn = 1
try:
sn = osw.read_str_from_file("sn.txt")
if len(sn) > 0:
sn = int(sn)
sn += 1
else:
sn = 1
except:
pass
ca_cert1, ca_key1 = osw.create_certificate(cert_info_ca,
request=False,
write_to_file=True,
cert_dir="./httpsCert",
sn=sn)
sn += 1
ca_cert2, ca_key2 = osw.create_certificate(cert_info_ca,
request=False,
write_to_file=True,
cert_dir="./idp_cert",
sn=sn)
sn += 1
ca_cert3, ca_key3 = osw.create_certificate(cert_info_ca,
request=False,
write_to_file=True,
cert_dir="./sp_cert",
sn=sn)
sn += 1
ca_cert4 = None
if gen_jwks_cert:
ca_cert4, ca_key4 = osw.create_certificate(cert_info_ca,
request=False,
write_to_file=True,
cert_dir="./opKeys",
sn=sn,
key_length=2048)
sn += 1
osw.write_str_to_file("sn.txt", str(sn))
return sn, ca_cert4
def verify_encrypt_cert(cert_str):
osw = OpenSSLWrapper()
ca_cert_str = osw.read_str_from_file(
full_path("root_cert/localhost.ca.crt"))
valid, mess = osw.verify(ca_cert_str, cert_str)
return valid
generate_jwks_cert = True
sn, jwks_cert = generateCert(server_cert_info_ca, generate_jwks_cert)
if not generate_jwks_cert:
jwks_cert = raw_input("Enter the path to existing cert for jwks:")
generatePublicKey(jwks_cert)
if generate_root_cert:
if not os.path.exists("root_cert"):
os.makedirs("root_cert")
print "Type the information for the root certificate."
country_code = raw_input("Country code(2 letters):")
state = raw_input("State:")
city = raw_input("City:")
org = raw_input("Organisation:")
unit = raw_input("Organisation unit:")
root_cert_info_ca = {
"cn": host,
"country_code": country_code,
"state": state,
"city": city,
"organization": org,
"organization_unit": unit
}
osw = OpenSSLWrapper()
ca_cert1, ca_key1 = osw.create_certificate(root_cert_info_ca,
request=False,
write_to_file=True,
cert_dir="/localhost.ca",
sn=sn)
def test_validate_expire(self):
cert_info_ca = {
"cn": "qwerty",
"country_code": "qw",
"state": "qwerty",
"city": "qwerty",
"organization": "qwerty",
"organization_unit": "qwerty"
}
cert_info = {
"cn": "intermediate_1",
"country_code": "as",
"state": "asdfgh",
"city": "asdfgh",
"organization": "asdfgh",
"organization_unit": "asdfg"
}
osw = OpenSSLWrapper()
ca_cert_str, ca_key_str = osw.create_certificate(cert_info_ca,
request=False)
req_cert_str, req_key_str = osw.create_certificate(cert_info,
request=True)
cert_str = osw.create_cert_signed_certificate(ca_cert_str, ca_key_str,
req_cert_str)
valid, mess = osw.verify(ca_cert_str, cert_str)
ca_cert_str, ca_key_str = osw.create_certificate(cert_info_ca,
request=False,
valid_from=1000,
valid_to=100000)
req_cert_str, req_key_str = osw.create_certificate(cert_info,
request=True)
cert_str = osw.create_cert_signed_certificate(ca_cert_str, ca_key_str,
req_cert_str)
valid, mess = osw.verify(ca_cert_str, cert_str)
self.assertFalse(valid)
ca_cert_str, ca_key_str = osw.create_certificate(cert_info_ca,
request=False)
req_cert_str, req_key_str = osw.create_certificate(cert_info,
request=True)
cert_str = osw.create_cert_signed_certificate(ca_cert_str,
ca_key_str,
req_cert_str,
valid_from=1000,
valid_to=100000)
valid, mess = osw.verify(ca_cert_str, cert_str)
self.assertFalse(valid)
ca_cert_str, ca_key_str = osw.create_certificate(cert_info_ca,
request=False,
valid_from=0,
valid_to=1)
req_cert_str, req_key_str = osw.create_certificate(cert_info,
request=True)
cert_str = osw.create_cert_signed_certificate(ca_cert_str, ca_key_str,
req_cert_str)
time.sleep(2)
valid, mess = osw.verify(ca_cert_str, cert_str)
self.assertFalse(valid)
ca_cert_str, ca_key_str = osw.create_certificate(cert_info_ca,
request=False)
req_cert_str, req_key_str = osw.create_certificate(cert_info,
request=True)
cert_str = osw.create_cert_signed_certificate(ca_cert_str,
ca_key_str,
req_cert_str,
valid_from=0,
valid_to=1)
time.sleep(2)
valid, mess = osw.verify(ca_cert_str, cert_str)
self.assertFalse(valid)
def verify_encrypt_cert(cert_str):
osw = OpenSSLWrapper()
ca_cert_str = osw.read_str_from_file("root_cert/localhost.ca.crt")
valid, mess = osw.verify(ca_cert_str, cert_str)
return valid
def test_validate_cert_chains(self):
cert_info_ca = {
"cn": "qwerty",
"country_code": "qw",
"state": "qwerty",
"city": "qwerty",
"organization": "qwerty",
"organization_unit": "qwerty"
}
cert_intermediate_1_info = {
"cn": "intermediate_1",
"country_code": "as",
"state": "asdfgh",
"city": "asdfgh",
"organization": "asdfgh",
"organization_unit": "asdfg"
}
cert_intermediate_2_info = {
"cn": "intermediate_2",
"country_code": "as",
"state": "asdfgh",
"city": "asdfgh",
"organization": "asdfgh",
"organization_unit": "asdfg"
}
cert_client_cert_info = {
"cn": "intermediate_1",
"country_code": "as",
"state": "asdfgh",
"city": "asdfgh",
"organization": "asdfgh",
"organization_unit": "asdfg"
}
osw = OpenSSLWrapper()
ca_cert_str, ca_key_str = osw.create_certificate(cert_info_ca,
request=False)
req_cert_str, intermediate_1_key_str = osw.create_certificate(
cert_intermediate_1_info, request=True)
intermediate_cert_1_str = osw.create_cert_signed_certificate(
ca_cert_str, ca_key_str, req_cert_str)
req_cert_str, intermediate_2_key_str = osw.create_certificate(
cert_intermediate_2_info, request=True)
intermediate_cert_2_str = osw.create_cert_signed_certificate(
intermediate_cert_1_str, intermediate_1_key_str, req_cert_str)
req_cert_str, client_key_str = osw.create_certificate(
cert_client_cert_info, request=True)
client_cert_str = osw.create_cert_signed_certificate(
intermediate_cert_2_str, intermediate_2_key_str, req_cert_str)
cert_chain = [
intermediate_cert_2_str, intermediate_cert_1_str, ca_cert_str
]
valid, mess = osw.verify_chain(cert_chain, client_cert_str)
self.assertTrue(valid)
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from saml2.cert import OpenSSLWrapper
__author__ = 'haho0032'
cert_info_ca = {
"cn": "test",
"country_code": "zz",
"state": "zz",
"city": "zzzz",
"organization": "Zzzzz",
"organization_unit": "Zzzzz"
}
osw = OpenSSLWrapper()
ca_cert, ca_key = osw.create_certificate(cert_info_ca, request=False, write_to_file=True,
cert_dir="./")
def test_validate_with_root_cert(self):
cert_info_ca = {
"cn": "qwerty",
"country_code": "qw",
"state": "qwerty",
"city": "qwerty",
"organization": "qwerty",
"organization_unit": "qwerty",
}
cert_info = {
"cn": "asdfgh",
"country_code": "as",
"state": "asdfgh",
"city": "asdfgh",
"organization": "asdfgh",
"organization_unit": "asdfg",
}
osw = OpenSSLWrapper()
ca_cert, ca_key = osw.create_certificate(
cert_info_ca, request=False, write_to_file=True, cert_dir="/Users/haho0032/Develop/openSSL/pki"
)
req_cert_str, req_key_str = osw.create_certificate(cert_info, request=True)
ca_cert_str = osw.read_str_from_file(ca_cert)
ca_key_str = osw.read_str_from_file(ca_key)
cert_str = osw.create_cert_signed_certificate(ca_cert_str, ca_key_str, req_cert_str)
valid, mess = osw.verify(ca_cert_str, cert_str)
self.assertTrue(valid)
false_ca_cert, false_ca_key = osw.create_certificate(cert_info_ca, request=False, write_to_file=False)
false_req_cert_str_1, false_req_key_str_1 = osw.create_certificate(cert_info_ca, request=True)
false_cert_str_1 = osw.create_cert_signed_certificate(false_ca_cert, false_ca_key, false_req_cert_str_1)
false_req_cert_str_2, false_req_key_str_2 = osw.create_certificate(cert_info, request=True)
false_cert_str_2 = osw.create_cert_signed_certificate(false_ca_cert, false_ca_key, false_req_cert_str_2)
valid, mess = osw.verify(false_ca_cert, cert_str)
self.assertFalse(valid)
valid, mess = osw.verify(false_ca_cert, false_cert_str_1)
self.assertFalse(valid)
valid, mess = osw.verify(ca_cert_str, false_cert_str_2)
self.assertFalse(valid)
if "z" in cert_str:
false_cert_str = cert_str.replace("z", "x")
valid, mess = osw.verify(ca_cert_str, false_cert_str)
self.assertFalse(valid)
remove(ca_cert)
remove(ca_key)
def generateCert(cert_info=None):
cert_info_ca = {
"cn": "localhost",
"country_code": "se",
"state": "ac",
"city": "Test",
"organization": "Test org",
"organization_unit": "Testers"
}
if cert_info is not None:
cert_info_ca = cert_info
osw = OpenSSLWrapper()
sn = 1
try:
sn = osw.read_str_from_file("sn.txt")
if len(sn) > 0:
sn = int(sn)
sn += 1
else:
sn = 1
except:
pass
ca_cert1, ca_key1 = osw.create_certificate(cert_info_ca, request=False, write_to_file=True,
cert_dir="./httpsCert", sn=sn)
sn += 1
ca_cert2, ca_key2 = osw.create_certificate(cert_info_ca, request=False, write_to_file=True,
cert_dir="./idp_cert", sn=sn)
sn += 1
ca_cert3, ca_key3 = osw.create_certificate(cert_info_ca, request=False, write_to_file=True,
cert_dir="./sp_cert", sn=sn)
sn += 1
ca_cert4, ca_key4 = osw.create_certificate(cert_info_ca, request=False, write_to_file=True,
cert_dir="./opKeys", sn=sn, key_length=2048)
cert_str = osw.read_str_from_file(ca_cert4)
cert = crypto.load_certificate(crypto.FILETYPE_PEM, cert_str)
pub_key = cert.get_pubkey()
src = crypto.dump_privatekey(crypto.FILETYPE_ASN1, pub_key)
pub_der = DerSequence()
pub_der.decode(src)
pub_key_rsa = RSA.construct((long(pub_der._seq[1]), long(pub_der._seq[2])))
pemSeq = DerSequence()
pemSeq[:] = [pub_key_rsa.key.n, pub_key_rsa.key.e]
s = pub_key_str = b64encode(pemSeq.encode())
pem_src = '-----BEGIN RSA PUBLIC KEY-----\n'
while True:
pem_src += s[:64] + '\n'
s = s[64:]
if s == '':
break
pem_src += '-----END RSA PUBLIC KEY-----'
jwks = {"keys": [{"use": "enc", "e": "AQAB", "kty": "RSA", "n": pub_key_str},
{"use": "sig", "e": "AQAB", "kty": "RSA", "n": pub_key_str}]}
jwks_str = json.dumps(jwks)
osw.write_str_to_file("./static/jwks.json", jwks_str)
sn += 1
osw.write_str_to_file("sn.txt", str(sn))
return sn
yes = raw_input("Type Yes(Y) to generate new certificates for jwks:")
generate_jwks_cert = False
if yes.lower() == "yes" or yes.lower() == "y":
generate_jwks_cert = True
sn, jwks_cert = generateCert(server_cert_info_ca, generate_jwks_cert)
if not generate_jwks_cert:
jwks_cert = raw_input("Enter the path to existing cert for jwks:")
generatePublicKey(jwks_cert)
if generate_root_cert:
if not os.path.exists("root_cert"):
os.makedirs("root_cert")
print "Type the information for the root certificate."
country_code = raw_input("Country code(2 letters):")
state = raw_input("State:")
city = raw_input("City:")
org = raw_input("Organisation:")
unit = raw_input("Organisation unit:")
root_cert_info_ca = {
"cn": host,
"country_code": country_code,
"state": state,
"city": city,
"organization": org,
"organization_unit": unit
}
osw = OpenSSLWrapper()
ca_cert1, ca_key1 = osw.create_certificate(root_cert_info_ca, request=False, write_to_file=True,
cert_dir="/localhost.ca", sn=sn)