def test_valid_cert_ca(): """Int Test: if OpenSSL is able to validate the certificate against CA.""" clean_test() ca = CertificateAuthority(common_name=CA_COMMON_NAME, ca_storage=CA_STORAGE, maximum_days=CA_MAXIMUM_DAYS, dns_names=CA_DNS_NAMES, oids=CA_OIDS) ca.issue_certificate( "dev.ownca.org", maximum_days=30, dns_names=["www.dev.ownca.org", "developer.ownca.org"], oids={ "country_name": "NL", "locality_name": "Veldhoven" }, ) openssl_cmd = ("openssl verify -verbose -CAfile CA_test/ca.crt " + "CA_test/certs/dev.ownca.org/dev.ownca.org.crt") openssl = subprocess.run(openssl_cmd.split(), stdout=subprocess.PIPE, stderr=subprocess.PIPE) assert openssl.returncode == 0, openssl.stdout clean_test()
def test_create_certificate_and_revoke(): """Int Test: if revoked certificate shows in CRL""" clean_test() clean_test("CA_test_second") ca = CertificateAuthority( common_name=CA_COMMON_NAME, ca_storage=CA_STORAGE, maximum_days=CA_MAXIMUM_DAYS, dns_names=CA_DNS_NAMES, ) ca.issue_certificate( "dev.ownca.org", maximum_days=30, dns_names=["www.dev.ownca.org", "developer.ownca.org"], oids={ "country_name": "NL", "locality_name": "Veldhoven" }, ) ca.issue_certificate( "temp.ownca.org", maximum_days=30, dns_names=["www.temp.ownca.org", "temporary.ownca.org"], oids={ "country_name": "NL", "locality_name": "Veldhoven" }, ) ca.revoke_certificate("temp.ownca.org") temp_cert = ca.load_certificate("temp.ownca.org") assert temp_cert.revoked is True openssl_cmd_crl = ( "openssl crl -inform PEM -text -noout -in CA_test/ca.crl") openssl_crl = subprocess.run(openssl_cmd_crl.split(), stdout=subprocess.PIPE, stderr=subprocess.PIPE) openssl_cmd_cert = ( "openssl x509 -text -noout -in " + "CA_test/certs/temp.ownca.org/temp.ownca.org.crt -certopt " + "no_subject,no_header,no_version,no_signame,no_validity," + "no_issuer,no_pubkey,no_sigdump,no_aux,no_extensions") openssl_cert = subprocess.run(openssl_cmd_cert.split(), stdout=subprocess.PIPE, stderr=subprocess.PIPE) assert openssl_crl.returncode == 0, openssl_crl.stderr assert openssl_cert.returncode == 0, openssl_cert.stderr assert openssl_cert.stdout.decode().split()[2].replace( ':', '').upper() in openssl_crl.stdout.decode()
def test_ca_issue_cert(): """Int Test: CA issuing a certificate""" cert_oids = { "country_name": "BR", "locality_name": "Juiz de Fora", "state_or_province": "Minas Gerais", "street_address": "Rua Constantino Paleta", "organization_name": "This place", "organization_unit_name": "It was hard and fun", "email_address": "kairo at ...", } cert_common_name = "home.ownca.org" clean_test() ca = CertificateAuthority(common_name=CA_COMMON_NAME, ca_storage=CA_STORAGE, oids=CA_OIDS) cert1 = ca.issue_certificate(cert_common_name, maximum_days=30, oids=cert_oids) assert isinstance(cert1.cert, x509.Certificate) assert isinstance(cert1.key, rsa.RSAPrivateKeyWithSerialization) assert type(cert1.public_key_bytes) == bytes assert cert1.public_key_bytes.startswith(b"ssh-rsa") assert cert1.common_name == cert_common_name assert ca.certificates == ["home.ownca.org"] clean_test()
def test_extension_subject_alternative_name(): """Int Test: if OpenSSL gets correct Subject Alternative Name""" clean_test() clean_test("CA_test_second") ca = CertificateAuthority( common_name=CA_COMMON_NAME, ca_storage=CA_STORAGE, maximum_days=CA_MAXIMUM_DAYS, dns_names=CA_DNS_NAMES, ) ca.issue_certificate( "dev.ownca.org", maximum_days=30, dns_names=["www.dev.ownca.org", "developer.ownca.org"], oids={ "country_name": "NL", "locality_name": "Veldhoven" }, ) openssl_cmd = ( "openssl x509 -text -noout -in " + "CA_test/certs/dev.ownca.org/dev.ownca.org.crt " + "-certopt no_subject,no_header,no_version,no_serial,no_signame," + "no_validity,no_issuer,no_pubkey,no_sigdump,no_aux") openssl = subprocess.run(openssl_cmd.split(), stdout=subprocess.PIPE, stderr=subprocess.PIPE) expected_dns_san = ("DNS:www.dev.ownca.org, DNS:developer.ownca.org") assert openssl.returncode == 0, openssl.stdout assert "Subject Alternative Name:" in openssl.stdout.decode() assert expected_dns_san in openssl.stdout.decode()