def test_sign_csr(tmpdir):
from jans.pycloudlib.pki import generate_private_key
from jans.pycloudlib.pki import generate_public_key
from jans.pycloudlib.pki import generate_csr
from jans.pycloudlib.pki import sign_csr
ca_key_fn = tmpdir.join("ca_priv.key")
ca_key = generate_private_key(str(ca_key_fn))
ca_cert_fn = tmpdir.join("ca_pub.crt")
ca_cert = generate_public_key(
str(ca_cert_fn),
ca_key,
is_ca=True,
email="*****@*****.**",
hostname="CA",
org_name="Organization",
country_code="US",
state="TX",
city="Austin",
)
key_fn = tmpdir.join("priv.key")
priv_key = generate_private_key(str(key_fn))
csr_fn = tmpdir.join("pub.csr")
csr = generate_csr(
str(csr_fn),
priv_key,
add_san=True,
add_key_usage=True,
email="*****@*****.**",
hostname="example.com",
org_name="Organization",
country_code="US",
state="TX",
city="Austin",
extra_dns=["localhost"],
extra_ips=["127.0.0.1"],
)
cert_fn = tmpdir.join("pub.crt")
sign_csr(
str(cert_fn),
csr,
ca_key,
ca_cert,
)
assert cert_fn.read().startswith("-----BEGIN CERTIFICATE-----")
def generate_ssl_ca_certkey(suffix,
email,
hostname,
org_name,
country_code,
state,
city,
base_dir="/etc/certs"):
key_fn = f"{base_dir}/{suffix}.key"
priv_key = generate_private_key(key_fn)
cert_fn = f"{base_dir}/{suffix}.crt"
generate_public_key(
cert_fn,
priv_key,
is_ca=True,
hostname=hostname,
country_code=country_code,
state=state,
city=city,
email=email,
org_name=org_name,
)
return cert_fn, key_fn
def generate_ssl_certkey(suffix,
email,
hostname,
org_name,
country_code,
state,
city,
base_dir="/etc/certs",
extra_dns=None,
extra_ips=None):
key_fn = f"{base_dir}/{suffix}.key"
priv_key = generate_private_key(key_fn)
cert_fn = f"{base_dir}/{suffix}.crt"
generate_public_key(
cert_fn,
priv_key,
add_san=True,
add_key_usage=True,
hostname=hostname,
country_code=country_code,
state=state,
city=city,
email=email,
org_name=org_name,
extra_dns=extra_dns,
extra_ips=extra_ips,
)
return cert_fn, key_fn
def generate_signed_ssl_certkey(suffix,
ca_key_fn,
ca_cert_fn,
email,
hostname,
org_name,
country_code,
state,
city,
base_dir="/etc/certs",
extra_dns=None,
extra_ips=None):
key_fn = f"{base_dir}/{suffix}.key"
priv_key = generate_private_key(key_fn)
csr_fn = f"{base_dir}/{suffix}.csr"
csr = generate_csr(
csr_fn,
priv_key,
add_san=True,
add_key_usage=True,
hostname=hostname,
country_code=country_code,
state=state,
city=city,
email=email,
org_name=org_name,
extra_dns=extra_dns,
extra_ips=extra_ips,
)
cert_fn = f"{base_dir}/{suffix}.crt"
with open(ca_key_fn, "rb") as f:
ca_key = serialization.load_pem_private_key(
f.read(),
None,
default_backend(),
)
with open(ca_cert_fn, "rb") as f:
ca_cert = x509.load_pem_x509_certificate(f.read())
sign_csr(cert_fn, csr, ca_key, ca_cert)
return cert_fn, key_fn
def test_generate_csr(tmpdir):
from jans.pycloudlib.pki import generate_private_key
from jans.pycloudlib.pki import generate_csr
key_fn = tmpdir.join("priv.key")
priv_key = generate_private_key(str(key_fn))
csr_fn = tmpdir.join("pub.csr")
generate_csr(
str(csr_fn),
priv_key,
add_san=True,
add_key_usage=True,
email="*****@*****.**",
hostname="example.com",
org_name="Organization",
country_code="US",
state="TX",
city="Austin",
extra_dns=["localhost"],
extra_ips=["127.0.0.1"],
)
assert csr_fn.read().startswith("-----BEGIN CERTIFICATE REQUEST-----")
def test_generate_private_key(tmpdir):
from jans.pycloudlib.pki import generate_private_key
key_fn = tmpdir.join("priv.key")
generate_private_key(str(key_fn))
assert key_fn.read().startswith("-----BEGIN RSA PRIVATE KEY-----")
