def test_cloud_enroll_valid_hours(self): cn = f"{random_word(10)}.venafi.example.com" request = CertificateRequest(common_name=cn) request.san_dns = ["www.client.venafi.example.com", "ww1.client.venafi.example.com"] custom_fields = [ CustomField(name="custom", value="pythonTest"), CustomField(name="cfList", value="item2"), CustomField(name="cfListMulti", value="tier1"), CustomField(name="cfListMulti", value="tier4") ] request.custom_fields = custom_fields request.validity_hours = 144 expected_date = datetime.utcnow() + timedelta(hours=request.validity_hours) self.cloud_conn.request_cert(request, self.cloud_zone) cert = self.cloud_conn.retrieve_cert(request) cert = x509.load_pem_x509_certificate(cert.cert.encode(), default_backend()) assert isinstance(cert, x509.Certificate) expiration_date = cert.not_valid_after # Due to some roundings and delays in operations on the server side, the certificate expiration date # is not exactly the same as the one used in the request. A gap is allowed in this scenario to compensate # this delays and roundings. delta = timedelta(seconds=60) date_format = "%Y-%m-%d %H:%M:%S" self.assertAlmostEqual(expected_date, expiration_date, delta=delta, msg=f"Delta between expected and expiration date is too big." f"\nExpected: {expected_date.strftime(date_format)}" f"\nGot: {expiration_date.strftime(date_format)}\n" f"Expected_delta: {delta.total_seconds()} seconds.")
def enroll(conn, zone, cn=None, private_key=None, public_key=None, password=None, csr=None, custom_fields=None, service_generated_csr=False): request = CertificateRequest(common_name=cn, private_key=private_key, key_password=password) if custom_fields: request.custom_fields = custom_fields request.san_dns = [ "www.client.venafi.example.com", "ww1.client.venafi.example.com" ] if isinstance(conn, (FakeConnection, TPPConnection, TPPTokenConnection)): request.email_addresses = [ "*****@*****.**", "*****@*****.**" ] request.ip_addresses = ["127.0.0.1", "192.168.1.1"] request.user_principal_names = [ "*****@*****.**", "*****@*****.**" ] request.uniform_resource_identifiers = [ "https://www.venafi.com", "https://venafi.cloud" ] if csr: request.csr = csr elif service_generated_csr: request.csr_origin = CSR_ORIGIN_SERVICE request.include_private_key = True conn.request_cert(request, zone) cert = conn.retrieve_cert(request) with open("./cert.pem", "w") as f: f.write(cert.full_chain) with open("./cert.key", "w") as f2: if request.include_private_key: assert cert.key is not None f2.write(cert.key) else: f2.write(request.private_key_pem) cert = x509.load_pem_x509_certificate(cert.cert.encode(), default_backend()) assert isinstance(cert, x509.Certificate) t1 = cert.subject.get_attributes_for_oid(NameOID.COMMON_NAME) t2 = [x509.NameAttribute(NameOID.COMMON_NAME, cn or RANDOM_DOMAIN)] assert t1 == t2 cert_public_key_pem = cert.public_key().public_bytes( encoding=serialization.Encoding.PEM, format=serialization.PublicFormat.SubjectPublicKeyInfo).decode() if isinstance(public_key, string_types): public_key = public_key.encode() if public_key: source_public_key_pem = serialization.load_pem_public_key( public_key, default_backend()).public_bytes( encoding=serialization.Encoding.PEM, format=serialization.PublicFormat.SubjectPublicKeyInfo).decode( ) else: source_public_key_pem = request.public_key_pem if not service_generated_csr else None print(source_public_key_pem) print(cert_public_key_pem) if not service_generated_csr: assert source_public_key_pem == cert_public_key_pem private_key_pem = request.private_key_pem if not service_generated_csr else None return request.id, private_key_pem, cert, cert_public_key_pem, request.cert_guid
def enroll(conn, zone, cn=None, private_key=None, public_key=None, password=None, csr=None, custom_fields=None): request = CertificateRequest( common_name=cn, private_key=private_key, key_password=password, ) if custom_fields: request.custom_fields = custom_fields request.san_dns = [ "www.client.venafi.example.com", "ww1.client.venafi.example.com" ] if isinstance(conn, (FakeConnection, TPPConnection, TPPTokenConnection)): request.email_addresses = [ "*****@*****.**", "*****@*****.**" ] request.ip_addresses = ["127.0.0.1", "192.168.1.1"] request.user_principal_names = [ "*****@*****.**", "*****@*****.**" ] request.uniform_resource_identifiers = [ "https://www.venafi.com", "https://venafi.cloud" ] if csr: request.csr = csr conn.request_cert(request, zone) t = time.time() while time.time() - t < 300: cert = conn.retrieve_cert(request) if cert: break else: time.sleep(5) # print("Certificate is:\n %s" % cert_pem) # print("Private key is:\n %s:" % request.private_key_pem) # and save into file f = open("./cert.pem", "w") f.write(cert.full_chain) f = open("./cert.key", "w") f.write(request.private_key_pem) f.close() cert = x509.load_pem_x509_certificate(cert.cert.encode(), default_backend()) assert isinstance(cert, x509.Certificate) t1 = cert.subject.get_attributes_for_oid(NameOID.COMMON_NAME) t2 = [x509.NameAttribute(NameOID.COMMON_NAME, cn or RANDOM_DOMAIN)] assert t1 == t2 cert_public_key_pem = cert.public_key().public_bytes( encoding=serialization.Encoding.PEM, format=serialization.PublicFormat.SubjectPublicKeyInfo).decode() if isinstance(public_key, string_types): public_key = public_key.encode() if public_key: source_public_key_pem = serialization.load_pem_public_key( public_key, default_backend()).public_bytes( encoding=serialization.Encoding.PEM, format=serialization.PublicFormat.SubjectPublicKeyInfo).decode( ) else: source_public_key_pem = request.public_key_pem print(source_public_key_pem) print(cert_public_key_pem) assert source_public_key_pem == cert_public_key_pem return request.id, request.private_key_pem, cert, cert_public_key_pem, request.cert_guid