def _load_or_create_vpn_keys(): fixture_dir = os.path.dirname(os.path.abspath(__file__)) keys_file = os.path.join(fixture_dir, 'testdata-vpn-keys.txt') if not os.path.exists(keys_file): keys = [_generate_private_key() for _ in range(16)] _dump_vpn_keys(keys, keys_file) return _load_vpn_keys(keys_file)
def test_loading_ca_key(self): ca_key = _generate_private_key() with patch('scionlab.openvpn_config._generate_private_key', return_value=ca_key): call_command('initialize_root_ca') stored_ca_key = load_ca_key() self.assertEqual( ca_key.private_bytes( encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.TraditionalOpenSSL, encryption_algorithm=serialization.NoEncryption()).decode(), stored_ca_key.private_bytes( encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.TraditionalOpenSSL, encryption_algorithm=serialization.NoEncryption()).decode()) # replace with wrong key type wrong_key = dsa.generate_private_key(key_size=3072, ) pathlib.Path(TEST_CA_KEY_PATH).write_bytes( wrong_key.private_bytes( encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.TraditionalOpenSSL, encryption_algorithm=serialization.BestAvailableEncryption( settings.VPN_CA_KEY_PASSWORD.encode('utf-8')))) # detect wrong key type with self.assertRaises(TypeError): load_ca_key()
def test_loading_ca_cert(self): ca_key = _generate_private_key() ca_cert = _generate_root_ca_cert(ca_key) with patch('scionlab.openvpn_config._generate_root_ca_cert', return_value=ca_cert): call_command('initialize_root_ca') stored_ca_cert = load_ca_cert() self.assertEqual(ca_cert.public_bytes(serialization.Encoding.PEM).decode(), stored_ca_cert.public_bytes(serialization.Encoding.PEM).decode())