def test_load_cert_and_private_key( mocker: MockerFixture, cert_bytes: bytes, expected_cn: str, ) -> None: mocker.patch( "cmk.utils.certs.Path.read_bytes", return_value=cert_bytes, ) cert, priv_key = load_cert_and_private_key(Path("whatever")) assert check_cn( cert, expected_cn, ) assert isinstance( cert.public_key(), RSAPublicKey, ) assert isinstance( priv_key, RSAPrivateKey, ) check_certificate_against_private_key( cert, priv_key, )
def test_write_agent_receiver_certificate(ca: CertificateAuthority) -> None: assert not ca.agent_receiver_certificate_exists ca.create_agent_receiver_certificate(days_valid=100) assert ca.agent_receiver_certificate_exists assert _file_permissions_is_660(ca._agent_receiver_cert_path) cert, key = load_cert_and_private_key(ca._agent_receiver_cert_path) assert check_cn( cert, "localhost", ) check_certificate_against_private_key( cert, key, ) check_certificate_against_public_key( cert, _rsa_public_key_from_cert_or_csr(ca.root_ca.cert), )
def test_create_site_certificate(ca: CertificateAuthority) -> None: site_id = "xyz" assert not ca.site_certificate_exists(site_id) ca.create_site_certificate(site_id, days_valid=100) assert ca.site_certificate_exists(site_id) assert _file_permissions_is_660(ca._site_certificate_path(site_id)) cert, key = load_cert_and_private_key(ca._site_certificate_path(site_id)) assert check_cn( cert, site_id, ) check_certificate_against_private_key( cert, key, ) check_certificate_against_public_key( cert, _rsa_public_key_from_cert_or_csr(ca.root_ca.cert), )
def test_write_agent_receiver_certificate( ca: certs.CertificateAuthority) -> None: ca.initialize() assert not ca.agent_receiver_certificate_exists ca.create_agent_receiver_certificate() assert ca.agent_receiver_certificate_exists assert _file_permissions_is_660(ca._agent_receiver_cert_path) cert, key = load_cert_and_private_key(ca._agent_receiver_cert_path) assert check_cn( cert, "localhost", ) check_certificate_against_private_key( cert, key, ) check_certificate_against_public_key( cert, rsa_public_key_from_cert_or_csr(ca._get_root_certificate()[0]), )
def test_create_site_certificate(ca: certs.CertificateAuthority) -> None: ca.initialize() site_id = "xyz" assert not ca.site_certificate_exists(site_id) ca.create_site_certificate(site_id) assert ca.site_certificate_exists(site_id) assert _file_permissions_is_660(ca._site_certificate_path(site_id)) cert, key = load_cert_and_private_key(ca._site_certificate_path(site_id)) assert check_cn( cert, site_id, ) check_certificate_against_private_key( cert, key, ) check_certificate_against_public_key( cert, rsa_public_key_from_cert_or_csr(ca._get_root_certificate()[0]), )
def _get_root_certificate(self) -> Tuple[Certificate, RSAPrivateKeyWithSerialization]: return load_cert_and_private_key(self._root_cert_path)