def testSignaturePKI(self): """ Symbol © is for testing utf8 """ before = datetime(2010, 01, 01, 6, tzinfo=ASN1.UTC) after = datetime(2015, 01, 01, 6, tzinfo=ASN1.UTC) ca_pwd = "R00tz" c_pwd = "1234" # CA and Client keys ca_key = Key.generate(ca_pwd) #print "\nCA PRIVATE\n", ca_key.private, "\n" c_key = Key.generate(c_pwd) #print "\nC PRIVATE\n", c_key.private, "\n" #print "\nC PUB\n", c_key.public, "\n" # CA Cert ca_cert = Certificate() ca_cert.CN = "Admin ©" ca_cert.country = "FR" ca_cert.key = ca_key ca_cert.begin = before ca_cert.end = after ca_cert.is_ca = True ca_cert.generate_x509_root(ca_pwd) ca_cert.save() self.assertEqual(ca_cert.ca_serial, 1) #print "\nCA cert\n", ca_cert.pem, "\n" # Client's request rqst = CertificateRequest() rqst.CN = "World Company ©" rqst.country = "FR" rqst.key = c_key rqst.sign_request(c_pwd) rqst.save() #print "\nRQST\n", rqst.pem, "\n" c_cert = ca_cert.sign_request(rqst, 300, ca_pwd) c_cert.save() #print "\nC_CERT\n", c_cert.pem, "\n" self.assertEqual(c_cert.serial, '2') self.assertEqual(ca_cert.ca_serial, 2) self.assertTrue("Signature ok" not in c_cert.pem) self.assertFalse(c_cert.trust) self.assertTrue(ca_cert.trust) self.assertTrue(ca_cert.certhash) self.assertTrue(c_cert.certhash) c_cert = Certificate.objects.get(id=c_cert.id) x509 = X509.load_cert_string(smart_str(c_cert.pem), X509.FORMAT_PEM) m2x509 = c_cert.m2_x509() self.assertTrue(x509.as_text() == m2x509.as_text()) self.assertTrue("Issuer: CN=Admin \\xC2\\xA9, C=FR" in m2x509.as_text()) self.assertTrue("Subject: CN=World Company \\xC2\\xA9, C=FR" in m2x509.as_text()) self.assertTrue("X509v3 Authority Key Identifier" in m2x509.as_text()) self.assertTrue("X509v3 Subject Key Identifier" in m2x509.as_text())
def testRequestGeneration(self): """With a Key, try to generate a request """ user_pwd = "tata" key = Key.generate(user_pwd) key.save() rqst = CertificateRequest() rqst.CN = "World Company" rqst.country = "FR" rqst.key = key rqst.sign_request(user_pwd) rqst.save() rqst_pem = rqst.pem m2rqst = rqst.m2_request() self.assertTrue("Subject: CN=World Company, C=FR" in m2rqst.as_text()) return rqst_pem
def testSignaturePKIca(self): """Client certificate is a CA """ # Turn this to True to regenerate examples certificates save = False before = datetime(2010, 01, 01, 6, tzinfo=ASN1.UTC) after = datetime(2015, 01, 01, 6, tzinfo=ASN1.UTC) ca_pwd = "R00tz" c_pwd = "1234" #c2_pwd = "abcd" # CA and Client keys ca_key = Key.generate(ca_pwd) c_key = Key.generate(c_pwd) c2_key = Key.generate(None) # CA Cert ca_cert = Certificate() ca_cert.CN = "Admin" ca_cert.country = "FR" ca_cert.key = ca_key ca_cert.days = 3000 ca_cert.is_ca = True ca_cert.generate_x509_root(ca_pwd) # Client's request rqst = CertificateRequest() rqst.CN = "World Company" rqst.country = "FR" rqst.key = c_key rqst.sign_request(c_pwd) c_cert = ca_cert.sign_request(rqst, 200, ca_pwd, ca=True) self.assertEqual(c_cert.serial, '2') self.assertEqual(ca_cert.ca_serial, 2) # Just test Certificate.m2_x509() method x509 = X509.load_cert_string(c_cert.pem, X509.FORMAT_PEM) m2x509 = c_cert.m2_x509() self.assertTrue(x509.as_text() == m2x509.as_text()) self.assertTrue("CA:TRUE" in m2x509.as_text()) self.assertTrue("Issuer: CN=Admin, C=FR" in m2x509.as_text()) self.assertTrue("Subject: CN=World Company, C=FR" in m2x509.as_text()) self.assertTrue("X509v3 Authority Key Identifier" in m2x509.as_text()) self.assertTrue("X509v3 Subject Key Identifier" in m2x509.as_text()) self.assertTrue(c_cert.auth_kid) self.assertTrue(c_cert.subject_kid) self.assertTrue(" " not in c_cert.auth_kid) self.assertTrue(" " not in c_cert.subject_kid) self.assertTrue(c_cert.auth_kid in m2x509.as_text()) self.assertTrue(c_cert.subject_kid in m2x509.as_text()) # get authkey # Client's request urqst = CertificateRequest() urqst.CN = "Country Company" urqst.country = "FR" urqst.key = c2_key urqst.sign_request() c2_cert = c_cert.sign_request(urqst, 150, c_pwd) self.assertEqual(c2_cert.serial, '2') self.assertEqual(c_cert.ca_serial, 2) # Just test Certificate.m2_x509() method x509 = X509.load_cert_string(c2_cert.pem, X509.FORMAT_PEM) m2x509 = c2_cert.m2_x509() self.assertTrue(x509.as_text() == m2x509.as_text()) self.assertTrue("Issuer: CN=World Company, C=FR" in m2x509.as_text()) self.assertTrue("Subject: CN=Country Company, C=FR" in m2x509.as_text()) self.assertTrue("X509v3 Authority Key Identifier" in m2x509.as_text()) self.assertTrue("X509v3 Subject Key Identifier" in m2x509.as_text()) self.assertTrue(c2_cert.auth_kid) self.assertTrue(c2_cert.subject_kid) self.assertTrue(c2_cert.auth_kid in m2x509.as_text()) self.assertTrue(c2_cert.subject_kid in m2x509.as_text()) self.assertTrue(" " not in c2_cert.auth_kid) self.assertTrue(" " not in c2_cert.subject_kid) # If all tests are goods, lets save it if needed if save: # UTF8 CA Cert utf8_key = Key.generate(ca_pwd) utf8_cert = Certificate() utf8_cert.CN = "Admin ©" utf8_cert.country = "FR" utf8_cert.key = utf8_key utf8_cert.begin = before utf8_cert.end = after utf8_cert.is_ca = True utf8_cert.generate_x509_root(ca_pwd) utf8_cert.save() open(CA_KEY_PATH, 'w').write(ca_key.private) open(C_KEY_PATH, 'w').write(c_key.private) open(U_KEY_PATH, 'w').write(c2_key.private) open(C_PUB_KEY_PATH, 'w').write(c_key.public) open(CA_CERT_PATH, 'w').write(ca_cert.pem) open(C_REQUEST_PATH, 'w').write(rqst.pem) open(C_CERT_PATH, 'w').write(c_cert.pem) open(U_CERT_PATH, 'w').write(c2_cert.pem) open(UTF8_CERT_PATH, 'w').write(utf8_cert.pem) print "SAVED"
def testSignaturePKIRevoke(self): """Try create - revoke - renew """ before = datetime(2010, 01, 01, 6, tzinfo=ASN1.UTC) after = datetime(2015, 01, 01, 6, tzinfo=ASN1.UTC) ca_pwd = "R00tz" c_pwd = "1234" # CA and Client keys ca_key = Key.generate(ca_pwd) ca_key.save() #print "\nCA PRIVATE\n", ca_key.private, "\n" c_key = Key.generate(c_pwd) c_key.save() cc_key = Key.generate(c_pwd) cc_key.save() #print "\nC PRIVATE\n", c_key.private, "\n" #print "\nC PUB\n", c_key.public, "\n" # CA Cert ca_cert = Certificate() ca_cert.CN = "Admin" ca_cert.country = "FR" ca_cert.key = ca_key ca_cert.begin = before ca_cert.end = after ca_cert.is_ca = True ca_cert.generate_x509_root(ca_pwd) ca_cert.save() #print "\nCA cert\n", ca_cert.pem, "\n" # Client's request rqst = CertificateRequest() rqst.CN = "World Company ©" rqst.country = "FR" rqst.locality = "World" rqst.organization = "Company" rqst.OU = "Unknown" rqst.state = "Dummy" rqst.country = "FR" rqst.email = "*****@*****.**" rqst.key = c_key rqst.sign_request(c_pwd) rqst.save() #print "\nRQST\n", rqst.pem, "\n" c_cert = ca_cert.sign_request(rqst, 300, ca_pwd) c_cert.save() #print "\nC_CERT\n", c_cert.pem, "\n" ca_cert = Certificate.objects.get(pk=ca_cert.id) c_cert = Certificate.objects.get(pk=c_cert.id) ca_cert.revoke(c_cert, ca_pwd) ca_cert.save() ca_cert = Certificate.objects.get(pk=ca_cert.id) c_cert = Certificate.objects.get(pk=c_cert.id) rqst.delete() # Client's new request rqst = CertificateRequest() rqst.CN = "World Company ©" rqst.country = "FR" rqst.locality = "World" rqst.organization = "Company" rqst.OU = "Unknown" rqst.state = "Dummy" rqst.country = "FR" rqst.email = "*****@*****.**" rqst.key = c_key rqst.sign_request(c_pwd) rqst.save() #print "\nRQST\n", rqst.pem, "\n" c2_cert = ca_cert.sign_request(rqst, 300, ca_pwd) c2_cert.save() # Revoke new ca_cert = Certificate.objects.get(pk=ca_cert.id) c2_cert = Certificate.objects.get(pk=c2_cert.id) ca_cert.revoke(c2_cert, ca_pwd) ca_cert.save() self.assertFalse(c2_cert.check()) #print ca_cert.index #print [ca_cert.index] #print ca_cert.crl # Try another client rqst2 = CertificateRequest() rqst2.CN = "Country Company ©" rqst2.country = "FR" rqst2.locality = "Country" rqst2.organization = "Company" rqst2.OU = "Unknown" rqst2.state = "Dummy" rqst2.country = "FR" rqst2.email = "*****@*****.**" rqst2.key = c_key rqst2.sign_request(c_pwd) rqst2.save() #print "\nRQST\n", rqst.pem, "\n" cc_cert = ca_cert.sign_request(rqst2, 300, ca_pwd) cc_cert.save() self.assertTrue(cc_cert.check()) # Revoke new ca_cert = Certificate.objects.get(pk=ca_cert.id) cc_cert = Certificate.objects.get(pk=cc_cert.id) ca_cert.revoke(cc_cert, ca_pwd) ca_cert.save() self.assertFalse(cc_cert.check())