def test_sign_csr() -> None: root_key = make_private_key() root_cert = make_root_certificate( make_subject_name("peter"), 1, root_key, ) key = make_private_key() csr = make_csr( make_subject_name("from_peter"), key, ) with on_time(100, "UTC"): cert = sign_csr( csr, 2, root_cert, root_key, ) assert check_cn( cert, "from_peter", ) assert str(cert.not_valid_before) == "1970-01-01 00:01:40" assert str(cert.not_valid_after) == "1970-01-03 00:01:40" check_certificate_against_private_key( cert, key, ) # ensure that 'from_peter' is indeed signed by 'peter' check_certificate_against_public_key( cert, rsa_public_key_from_cert_or_csr(root_cert), )
def _create_root_certificate(self) -> Tuple[Certificate, RSAPrivateKeyWithSerialization]: return ( make_root_certificate( make_subject_name(self._ca_name), self._days_valid, private_key := make_private_key(), ), private_key, )
def test_make_csr() -> None: csr = make_csr( make_subject_name("abc123"), make_private_key(), ) assert csr.is_signature_valid assert check_cn( csr, "abc123", )
def test_sign_csr_with_local_ca(mocker: MockerFixture) -> None: root_key = make_private_key() root_cert = make_root_certificate( make_subject_name("peter"), 1, root_key, ) mocker.patch( "cmk.utils.certs.load_local_ca", return_value=( root_cert, root_key, ), ) key = make_private_key() csr = make_csr( make_subject_name("from_peter"), key, ) with on_time(567892121, "UTC"): cert = sign_csr_with_local_ca( csr, 100, ) assert check_cn( cert, "from_peter", ) assert str(cert.not_valid_before) == "1987-12-30 19:48:41" assert str(cert.not_valid_after) == "1988-04-08 19:48:41" check_certificate_against_private_key( cert, key, ) # ensure that 'from_peter' is indeed signed by 'peter' check_certificate_against_public_key( cert, rsa_public_key_from_cert_or_csr(root_cert), )
def test_make_root_certificate() -> None: key = make_private_key() with on_time(100, "UTC"): cert = make_root_certificate( make_subject_name("peter"), 1, key, ) assert check_cn( cert, "peter", ) assert str(cert.not_valid_before) == "1970-01-01 00:01:40" assert str(cert.not_valid_after) == "1970-01-02 00:01:40" check_certificate_against_private_key( cert, key, )
def _certificate_from_root( self, cn: str, ) -> Tuple[Certificate, RSAPrivateKeyWithSerialization]: if not self.is_initialized: raise RuntimeError("Certificate authority is not initialized yet") private_key = make_private_key() return ( sign_csr( make_csr( make_subject_name(cn), private_key, ), self._days_valid, *self._get_root_certificate(), ), private_key, )
def test_make_private_key() -> None: assert make_private_key().key_size == 2048