def testVerify(self):
cert = Certificate(subject="test")
# create an issuer and sign the certificate
issuerKey = Keypair(create=True)
issuerSubject = "testissuer"
cert.set_issuer(issuerKey, issuerSubject)
cert.sign()
result = cert.verify(issuerKey)
self.assert_(result)
# create another key
issuerKey2 = Keypair(create=True)
issuerSubject2 = "wrongissuer"
# and make sure it doesn't verify
result = cert.verify(issuerKey2)
self.assert_(not result)
# load the cert from a string, and verify again
cert2 = Certificate(string = cert.save_to_string())
result = cert2.verify(issuerKey)
self.assert_(result)
result = cert2.verify(issuerKey2)
self.assert_(not result)
def test_parents(self):
cert_root = Certificate(subject="root")
key_root = Keypair(create=True)
cert_root.set_pubkey(key_root)
cert_root.set_issuer(key_root, "root")
cert_root.sign()
cert1 = Certificate(subject="one")
key1 = Keypair(create=True)
cert1.set_pubkey(key1)
cert1.set_issuer(key_root, "root")
cert1.sign()
cert2 = Certificate(subject="two")
key2 = Keypair(create=True)
cert2.set_pubkey(key2)
cert2.set_issuer(key1, cert=cert1)
cert2.set_parent(cert1)
cert2.sign()
cert3 = Certificate(subject="three")
key3 = Keypair(create=True)
cert3.set_pubkey(key3)
cert3.set_issuer(key2, cert=cert2)
cert3.set_parent(cert2)
cert3.sign()
self.assert_(cert1.verify(key_root))
self.assert_(cert2.is_signed_by_cert(cert1))
self.assert_(cert3.is_signed_by_cert(cert2))
cert3.verify_chain([cert_root])
# now save the chain to a string and load it into a new certificate
str_chain = cert3.save_to_string(save_parents=True)
cert4 = Certificate(string = str_chain)
# verify the newly loaded chain still verifies
cert4.verify_chain([cert_root])
# verify the parentage
self.assertEqual(cert4.get_parent().get_subject(), "two")
self.assertEqual(cert4.get_parent().get_parent().get_subject(), "one")
