def test_parents(self):
cert_root = Certificate(subject="root")
key_root = Keypair(create=True)
cert_root.set_pubkey(key_root)
cert_root.set_issuer(key_root, "root")
cert_root.sign()
cert1 = Certificate(subject="one")
key1 = Keypair(create=True)
cert1.set_pubkey(key1)
cert1.set_issuer(key_root, "root")
cert1.sign()
cert2 = Certificate(subject="two")
key2 = Keypair(create=True)
cert2.set_pubkey(key2)
cert2.set_issuer(key1, cert=cert1)
cert2.set_parent(cert1)
cert2.sign()
cert3 = Certificate(subject="three")
key3 = Keypair(create=True)
cert3.set_pubkey(key3)
cert3.set_issuer(key2, cert=cert2)
cert3.set_parent(cert2)
cert3.sign()
self.assert_(cert1.verify(key_root))
self.assert_(cert2.is_signed_by_cert(cert1))
self.assert_(cert3.is_signed_by_cert(cert2))
cert3.verify_chain([cert_root])
# now save the chain to a string and load it into a new certificate
str_chain = cert3.save_to_string(save_parents=True)
cert4 = Certificate(string = str_chain)
# verify the newly loaded chain still verifies
cert4.verify_chain([cert_root])
# verify the parentage
self.assertEqual(cert4.get_parent().get_subject(), "two")
self.assertEqual(cert4.get_parent().get_parent().get_subject(), "one")
def test_is_signed_by(self):
cert1 = Certificate(subject="one")
key1 = Keypair()
key1.create()
cert1.set_pubkey(key1)
# create an issuer and sign the certificate
issuerKey = Keypair(create=True)
issuerSubject = "testissuer"
cert1.set_issuer(issuerKey, issuerSubject)
cert1.sign()
cert2 = Certificate(subject="two")
key2 = Keypair(create=True)
cert2.set_pubkey(key2)
cert2.set_issuer(key1, cert=cert1)
# cert2 is signed by cert1
self.assert_(cert2.is_signed_by_cert(cert1))
# cert1 is not signed by cert2
self.assert_(not cert1.is_signed_by_cert(cert2))
