def test_cloud_enroll_valid_hours(self):
cn = f"{random_word(10)}.venafi.example.com"
request = CertificateRequest(common_name=cn)
request.san_dns = ["www.client.venafi.example.com", "ww1.client.venafi.example.com"]
custom_fields = [
CustomField(name="custom", value="pythonTest"),
CustomField(name="cfList", value="item2"),
CustomField(name="cfListMulti", value="tier1"),
CustomField(name="cfListMulti", value="tier4")
]
request.custom_fields = custom_fields
request.validity_hours = 144
expected_date = datetime.utcnow() + timedelta(hours=request.validity_hours)
self.cloud_conn.request_cert(request, self.cloud_zone)
cert = self.cloud_conn.retrieve_cert(request)
cert = x509.load_pem_x509_certificate(cert.cert.encode(), default_backend())
assert isinstance(cert, x509.Certificate)
expiration_date = cert.not_valid_after
# Due to some roundings and delays in operations on the server side, the certificate expiration date
# is not exactly the same as the one used in the request. A gap is allowed in this scenario to compensate
# this delays and roundings.
delta = timedelta(seconds=60)
date_format = "%Y-%m-%d %H:%M:%S"
self.assertAlmostEqual(expected_date, expiration_date, delta=delta,
msg=f"Delta between expected and expiration date is too big."
f"\nExpected: {expected_date.strftime(date_format)}"
f"\nGot: {expiration_date.strftime(date_format)}\n"
f"Expected_delta: {delta.total_seconds()} seconds.")
def enroll(conn,
zone,
cn=None,
private_key=None,
public_key=None,
password=None,
csr=None,
custom_fields=None,
service_generated_csr=False):
request = CertificateRequest(common_name=cn,
private_key=private_key,
key_password=password)
if custom_fields:
request.custom_fields = custom_fields
request.san_dns = [
"www.client.venafi.example.com", "ww1.client.venafi.example.com"
]
if isinstance(conn, (FakeConnection, TPPConnection, TPPTokenConnection)):
request.email_addresses = [
"*****@*****.**", "*****@*****.**"
]
request.ip_addresses = ["127.0.0.1", "192.168.1.1"]
request.user_principal_names = [
"*****@*****.**", "*****@*****.**"
]
request.uniform_resource_identifiers = [
"https://www.venafi.com", "https://venafi.cloud"
]
if csr:
request.csr = csr
elif service_generated_csr:
request.csr_origin = CSR_ORIGIN_SERVICE
request.include_private_key = True
conn.request_cert(request, zone)
cert = conn.retrieve_cert(request)
with open("./cert.pem", "w") as f:
f.write(cert.full_chain)
with open("./cert.key", "w") as f2:
if request.include_private_key:
assert cert.key is not None
f2.write(cert.key)
else:
f2.write(request.private_key_pem)
cert = x509.load_pem_x509_certificate(cert.cert.encode(),
default_backend())
assert isinstance(cert, x509.Certificate)
t1 = cert.subject.get_attributes_for_oid(NameOID.COMMON_NAME)
t2 = [x509.NameAttribute(NameOID.COMMON_NAME, cn or RANDOM_DOMAIN)]
assert t1 == t2
cert_public_key_pem = cert.public_key().public_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PublicFormat.SubjectPublicKeyInfo).decode()
if isinstance(public_key, string_types):
public_key = public_key.encode()
if public_key:
source_public_key_pem = serialization.load_pem_public_key(
public_key, default_backend()).public_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PublicFormat.SubjectPublicKeyInfo).decode(
)
else:
source_public_key_pem = request.public_key_pem if not service_generated_csr else None
print(source_public_key_pem)
print(cert_public_key_pem)
if not service_generated_csr:
assert source_public_key_pem == cert_public_key_pem
private_key_pem = request.private_key_pem if not service_generated_csr else None
return request.id, private_key_pem, cert, cert_public_key_pem, request.cert_guid
def enroll(conn,
zone,
cn=None,
private_key=None,
public_key=None,
password=None,
csr=None,
custom_fields=None):
request = CertificateRequest(
common_name=cn,
private_key=private_key,
key_password=password,
)
if custom_fields:
request.custom_fields = custom_fields
request.san_dns = [
"www.client.venafi.example.com", "ww1.client.venafi.example.com"
]
if isinstance(conn, (FakeConnection, TPPConnection, TPPTokenConnection)):
request.email_addresses = [
"*****@*****.**", "*****@*****.**"
]
request.ip_addresses = ["127.0.0.1", "192.168.1.1"]
request.user_principal_names = [
"*****@*****.**", "*****@*****.**"
]
request.uniform_resource_identifiers = [
"https://www.venafi.com", "https://venafi.cloud"
]
if csr:
request.csr = csr
conn.request_cert(request, zone)
t = time.time()
while time.time() - t < 300:
cert = conn.retrieve_cert(request)
if cert:
break
else:
time.sleep(5)
# print("Certificate is:\n %s" % cert_pem)
# print("Private key is:\n %s:" % request.private_key_pem)
# and save into file
f = open("./cert.pem", "w")
f.write(cert.full_chain)
f = open("./cert.key", "w")
f.write(request.private_key_pem)
f.close()
cert = x509.load_pem_x509_certificate(cert.cert.encode(),
default_backend())
assert isinstance(cert, x509.Certificate)
t1 = cert.subject.get_attributes_for_oid(NameOID.COMMON_NAME)
t2 = [x509.NameAttribute(NameOID.COMMON_NAME, cn or RANDOM_DOMAIN)]
assert t1 == t2
cert_public_key_pem = cert.public_key().public_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PublicFormat.SubjectPublicKeyInfo).decode()
if isinstance(public_key, string_types):
public_key = public_key.encode()
if public_key:
source_public_key_pem = serialization.load_pem_public_key(
public_key, default_backend()).public_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PublicFormat.SubjectPublicKeyInfo).decode(
)
else:
source_public_key_pem = request.public_key_pem
print(source_public_key_pem)
print(cert_public_key_pem)
assert source_public_key_pem == cert_public_key_pem
return request.id, request.private_key_pem, cert, cert_public_key_pem, request.cert_guid