def testImportRootCertificate(self): trust = constants.TRUST_AUTHENTICITY | constants.TRUST_SERVER cert = self._importAndFind(self.pemRoot, trust) x509 = cert.asX509() self.assert_(x509.verify()) self.assert_(x509.as_pem()[:-1] == self.pemRoot) self.assert_(x509.get_subject().CN == 'OSAF CA') self.assert_(cert.fingerprint == '0xadacc622c85df4c2ae471a81eda1bd28379a6fa9L', cert.fingerprint) self.assert_(cert.trust == trust) self.assert_(cert.purpose & constants.PURPOSE_CA) self.assert_(cert.displayName == u'OSAF CA') self.assertTrue(certificate.certificatePurpose(x509) & constants.PURPOSE_CA)
def testPreloadedCertificates(self): self.loadParcel("osaf.framework.certstore.data") view = self.view rootCerts = FilteredCollection( 'rootCertsQuery', itsView=view, source=utils.getExtent(certificate.Certificate, view, exact=True), filterExpression=u"view.findValue(uuid, 'purpose') & %d" % constants.PURPOSE_CA, filterAttributes=['purpose']) now = time.gmtime() format = '%b %d %H:%M:%S %Y %Z' self.assert_(not rootCerts.isEmpty()) for cert in rootCerts: x509 = cert.asX509() self.assertTrue(x509.verify()) # verify() should have caught bad times, but just in case: before = x509.get_not_before() after = x509.get_not_after() try: self.assert_( time.strptime(str(before), format) < now, '%s not yet valid:%s' % (cert.displayName, before)) self.assert_(now < time.strptime(str(after), format), '%s expired:%s' % (cert.displayName, after)) except ValueError: raise ValueError('bad time value in ' + cert.displayName.encode('utf8')) self.assertTrue(len(cert.displayName) > 0) self.assertTrue(cert.purpose & constants.PURPOSE_CA, cert.getAsTextAsString()) self.assertTrue(cert.trust == constants.TRUST_AUTHENTICITY | constants.TRUST_SERVER) self.assertTrue(cert.fingerprintAlgorithm == 'sha1') self.assertTrue(len(cert.fingerprint) > 3) self.assertTrue(cert.asTextAsString[:12] == 'Certificate:') self.assertTrue( certificate.certificatePurpose(x509) & constants.PURPOSE_CA, cert.getAsTextAsString())
def testImportRootCertificate(self): trust = constants.TRUST_AUTHENTICITY | constants.TRUST_SERVER cert = self._importAndFind(self.pemRoot, trust) x509 = cert.asX509() self.assert_(x509.verify()) self.assert_(x509.as_pem()[:-1] == self.pemRoot) self.assert_(x509.get_subject().CN == 'OSAF CA') self.assert_( cert.fingerprint == '0xadacc622c85df4c2ae471a81eda1bd28379a6fa9L', cert.fingerprint) self.assert_(cert.trust == trust) self.assert_(cert.purpose & constants.PURPOSE_CA) self.assert_(cert.displayName == u'OSAF CA') self.assertTrue( certificate.certificatePurpose(x509) & constants.PURPOSE_CA)
def testImportSiteCertificate(self): trust = constants.TRUST_AUTHENTICITY cert = self._importAndFind(self.pemSite, trust) x509 = cert.asX509() x509Issuer = X509.load_cert_string(self.pemRoot) issuerPublicKey = x509Issuer.get_pubkey() self.assert_(x509.verify(issuerPublicKey)) self.assert_(x509.as_pem()[:-1] == self.pemSite) self.assert_(x509.get_subject().CN == 'bugzilla.osafoundation.org') self.assert_(cert.fingerprint == '0xff8013055aae612ad79c347f06d1b83f93deb664L', cert.fingerprint) self.assert_(cert.trust == trust) self.assert_(cert.purpose == constants.PURPOSE_SERVER) self.assert_(cert.displayName == u'bugzilla.osafoundation.org') self.assertTrue(certificate.certificatePurpose(x509) == constants.PURPOSE_SERVER)
def testImportSiteCertificate(self): trust = constants.TRUST_AUTHENTICITY cert = self._importAndFind(self.pemSite, trust) x509 = cert.asX509() x509Issuer = X509.load_cert_string(self.pemRoot) issuerPublicKey = x509Issuer.get_pubkey() self.assert_(x509.verify(issuerPublicKey)) self.assert_(x509.as_pem()[:-1] == self.pemSite) self.assert_(x509.get_subject().CN == 'bugzilla.osafoundation.org') self.assert_( cert.fingerprint == '0xff8013055aae612ad79c347f06d1b83f93deb664L', cert.fingerprint) self.assert_(cert.trust == trust) self.assert_(cert.purpose == constants.PURPOSE_SERVER) self.assert_(cert.displayName == u'bugzilla.osafoundation.org') self.assertTrue( certificate.certificatePurpose(x509) == constants.PURPOSE_SERVER)
def testPreloadedCertificates(self): self.loadParcel("osaf.framework.certstore.data") view = self.view rootCerts = FilteredCollection('rootCertsQuery', itsView=view, source=utils.getExtent(certificate.Certificate, view, exact=True), filterExpression=u"view.findValue(uuid, 'purpose') & %d" % constants.PURPOSE_CA, filterAttributes=['purpose']) now = time.gmtime() format = '%b %d %H:%M:%S %Y %Z' self.assert_(not rootCerts.isEmpty()) for cert in rootCerts: x509 = cert.asX509() self.assertTrue(x509.verify()) # verify() should have caught bad times, but just in case: before = x509.get_not_before() after = x509.get_not_after() try: self.assert_(time.strptime(str(before), format) < now, '%s not yet valid:%s' % (cert.displayName, before)) self.assert_(now < time.strptime(str(after), format), '%s expired:%s' % (cert.displayName, after)) except ValueError: raise ValueError('bad time value in ' + cert.displayName.encode('utf8')) self.assertTrue(len(cert.displayName) > 0) self.assertTrue(cert.purpose & constants.PURPOSE_CA, cert.getAsTextAsString()) self.assertTrue(cert.trust == constants.TRUST_AUTHENTICITY | constants.TRUST_SERVER) self.assertTrue(cert.fingerprintAlgorithm == 'sha1') self.assertTrue(len(cert.fingerprint) > 3) self.assertTrue(cert.asTextAsString[:12] == 'Certificate:') self.assertTrue(certificate.certificatePurpose(x509) & constants.PURPOSE_CA, cert.getAsTextAsString())