def test_create_ca(self):
ca_path = self.create_tempdir()
common_name = "Acme Root CA"
ca = CA(ca_path=ca_path, openssl_path=self._openssl_path)
res = ca.initialize(dn=dict(cn=common_name),
newkey='rsa:512',
alt_names=[
'acme.com',
'www.acme.com',
'192.168.56.100',
'*****@*****.**',
'http://www.example.com',
])
self.assertTrue(
res.get('success'),
"Message: {}\nConf: {}\n".format(res.get('message'),
res.get("conf")))
res_parsed = self.extractor.get_x509_as_json(text=res.get('cert'), )
san = get_san_from_extensions(res_parsed['extensions'])
self.assertEqual(len(san), 5)
self.assertEqual(
sorted(san),
sorted([
"DNS:acme.com", "DNS:www.acme.com",
"IP Address:192.168.56.100", "email:[email protected]",
"URI:http://www.example.com"
]))
def init_ca(self):
ca_path = self.create_tempdir()
common_name = "Acme Root CA"
ca = CA(ca_path=ca_path, openssl_path=self._openssl_path)
res_ca = ca.initialize(
dn=dict(cn=common_name),
newkey='rsa:512',
alt_names=[
'example.com',
],
)
self.assertTrue(res_ca.get('success'))
return ca
def test_get_csr_san(self):
"""Create a CA and sign certificates with it"""
ca_path = self.create_tempdir()
common_name = "Acme Root CA"
ca = CA(ca_path=ca_path, openssl_path=self._openssl_path)
res_ca = ca.initialize(
dn=dict(cn=common_name),
newkey='rsa:512',
alt_names=[
'example.com',
'www.example.com',
'192.168.56.100',
'*****@*****.**',
'http://www.example.com',
],
)
self.assertTrue(
res_ca.get('success'),
"Message: {}\nConf: {}\n".format(res_ca.get('message'),
res_ca.get("conf")))
# SAN certificate
res_cert_san = ca.sign_request(CSR_SAN)
self.assertTrue(res_cert_san.get('success'),
"Message: {}\n".format(res_cert_san.get('message')))
csrs = ca.list_requests()
self.assertEqual(len(csrs), 1)
server_csr = ca.get_request(csrs[0]['id'])
self.assertTrue('subject' in server_csr)
self.assertEqual(server_csr['subject']['CN'], 'acme.org')
res_parsed = self.extractor.get_x509_as_json(
text=res_cert_san.get('cert'))
self.assertEqual(res_parsed['issuer']['CN'], common_name)
self.assertEqual(res_parsed['subject']['O'], 'Acme Machines INC')
san = get_san_from_extensions(res_parsed['extensions'])
expected_san = [
'DNS:acme.org', 'DNS:cdn1.far-away.com', 'DNS:www.acme.org',
'IP Address:192.168.56.100'
]
self.assertEqual(sorted(san), expected_san)
requests = ca.list_requests()
self.assertEqual(len(requests), 1)
certs = ca.list_certificates()
self.assertTrue(len(certs) > 0)
for cert in certs:
cert_res = ca.get_certificate(serial=cert['id'])
self.assertTrue(cert_res is not None)
def test_create_ca_utf8_higher_codepoint(self):
ca_path = self.create_tempdir()
ca = CA(ca_path=ca_path, openssl_path=self._openssl_path)
res_ca = ca.initialize(
dn=dict(
cn='Ragnarr Lođbrok',
c='no',
st='Kattegatt',
),
newkey='rsa:512',
)
self.assertTrue(res_ca.get('success'))
info = ca.get_info()
cn = info['rootca']['subject']['CN']
self.assertEqual(cn, 'Ragnarr Lođbrok')
def test_create_ca_utf8(self):
ca_path = self.create_tempdir()
ca = CA(ca_path=ca_path, openssl_path=self._openssl_path)
res_ca = ca.initialize(
dn=dict(
cn='example.com',
c='se',
st='Östergötlands Län',
),
newkey='rsa:512',
)
self.assertTrue(res_ca.get('success'))
info = ca.get_info()
print(info)
st = info['rootca']['subject']['ST']
self.assertEqual(st, 'Östergötlands Län')
def test_get_csr(self):
"""Create a CA and sign certificates with it"""
ca_path = self.create_tempdir()
common_name = "Acme Root CA"
ca = CA(ca_path=ca_path, openssl_path=self._openssl_path)
res_ca = ca.initialize(
dn=dict(cn=common_name),
newkey='rsa:512',
alt_names=[
'example.com',
'www.example.com',
'192.168.56.100',
'*****@*****.**',
'http://www.example.com',
],
)
self.assertTrue(
res_ca.get('success'),
"Message: {}\nConf: {}\n".format(res_ca.get('message'),
res_ca.get("conf")))
# CN certificate
res_cert = ca.sign_request(CSR_CN)
self.assertTrue(res_cert.get('success'),
"Message: {}\n".format(res_cert.get('message')))
csrs = ca.list_requests()
self.assertEqual(len(csrs), 1)
server_csr = ca.get_request(csrs[0]['id'])
self.assertTrue('subject' in server_csr)
self.assertEqual(server_csr['subject']['CN'], 'example.com')