def test_getCertInChain(get_proxy):
"""" retrieve the first certificate in the chain, and make sure it is the original one
"""
proxyChain = get_proxy(USERCERT)
chainLength = proxyChain.getNumCertsInChain()['Value']
res = proxyChain.getCertInChain(certPos=chainLength - 1)
assert res['OK']
certSubject = res['Value'].getSubjectDN().get('Value')
assert certSubject == getCertOption(USERCERT, 'subjectDN')
# bonus: check the negative counter also works
assert certSubject == proxyChain.getCertInChain(
certPos=-1)['Value'].getSubjectDN().get('Value')
# Test default value
assert proxyChain.isProxy()['Value'] is True
assert proxyChain.isLimitedProxy()['Value'] is False
assert proxyChain.isVOMS()['Value'] is False
assert proxyChain.isRFC()['Value'] is True
assert proxyChain.isValidProxy()['Value'] is True
def test_getRemoteInfo(create_serverAndClient):
"""Check the information from remote peer"""
serv, client = create_serverAndClient
ping_server(client)
addr_info = client.getRemoteAddress()
assert addr_info[0] in ("127.0.0.1", "::ffff:127.0.0.1", "::1")
assert addr_info[1] == PORT_NUMBER
# The peer credentials are not filled on the client side
assert client.peerCredentials == {}
# We do not know about the port, so check only the address, taking into account bloody IPv6
assert serv.clientTransport.getRemoteAddress()[0] in ("127.0.0.1",
"::ffff:127.0.0.1",
"::1")
peerCreds = serv.clientTransport.peerCredentials
# There are no credentials for PlainTransport
if client.__class__.__name__ == "PlainTransport":
assert peerCreds == {}
else:
assert peerCreds["DN"] == getCertOption(USERCERT, "subjectDN")
assert peerCreds["x509Chain"].getNumCertsInChain()["Value"] == 2
assert peerCreds["isProxy"] is True
assert peerCreds["isLimitedProxy"] is False
def test_getIssuerCert(get_proxy):
"""Generate a proxy and check the issuer of the certificate"""
proxyChain = get_proxy(USERCERT)
res = proxyChain.getIssuerCert()
assert res["OK"]
assert res["Value"].getSubjectDN()["Value"] == getCertOption(USERCERT, "subjectDN")
def test_getIssuerCert(get_proxy):
""" Generate a proxy and check the issuer of the certificate"""
proxyChain = get_proxy(USERCERT)
res = proxyChain.getIssuerCert()
assert res['OK']
assert res['Value'].getSubjectDN()['Value'] == getCertOption(
USERCERT, 'subjectDN')
def test_getCertInChain_on_cert(cert_file, get_X509Chain_class):
"""" Load a chain, get the first certificate, and check its name"""
x509Chain = get_X509Chain_class()
x509Chain.loadChainFromFile(cert_file)
res = x509Chain.getCertInChain(0)
assert res['OK']
certSubject = res['Value'].getSubjectDN().get('Value')
assert certSubject == getCertOption(cert_file, 'subjectDN')
def test_getIssuerDN(cert_file, get_X509Certificate_class):
""" " Load a valid certificate and check its issuer"""
x509Cert = get_X509Certificate_class()
x509Cert.load(cert_file)
res = x509Cert.getIssuerDN()
assert res["OK"]
assert res["Value"] == getCertOption(cert_file, "issuerDN")
def test_getSubjectDN(cert_file, get_X509Certificate_class):
"""" Load a valid certificate and check its subject"""
x509Cert = get_X509Certificate_class()
x509Cert.load(cert_file)
res = x509Cert.getSubjectDN()
assert res['OK']
assert res['Value'] == getCertOption(cert_file, 'subjectDN')
def test_getNotAfterDate(cert_file, get_X509Chain_class):
"""" Load a valid certificate and check its expiration date"""
x509Chain = get_X509Chain_class()
x509Chain.loadChainFromFile(cert_file)
res = x509Chain.getNotAfterDate()
assert res['OK']
# We expect getNotAfterDate to return a datetime
assert res['Value'].date() == getCertOption(cert_file, 'endDate')
def test_getNotBeforeDate(cert_file, get_X509Certificate_class):
""" " Load a valid certificate and check its start validity date"""
x509Cert = get_X509Certificate_class()
x509Cert.load(cert_file)
res = x509Cert.getNotBeforeDate()
assert res["OK"]
# We expect getNotBeforeDate to return a datetime
assert res["Value"].date() == getCertOption(cert_file, "startDate")
def test_getNotAfterDate(cert_file, get_X509Certificate_class):
""" " Load a valid certificate and check its expiration date"""
x509Cert = get_X509Certificate_class()
x509Cert.load(cert_file)
res = x509Cert.getNotAfterDate()
assert res["OK"]
# We expect getNotAfterDate to return a datetime
assert res["Value"].date() == getCertOption(cert_file, "endDate")
def test_dumpChainToString_on_cert(cert_file, get_X509Chain_class):
"""" Load a valid certificate in a chain, and dump all to string"""
x509Chain = get_X509Chain_class()
x509Chain.loadChainFromFile(cert_file)
res = x509Chain.dumpChainToString()
assert res['OK']
assert res['Value'] == getCertOption(cert_file, 'content')
def test_getSerialNumber(cert_file, get_X509Certificate_class):
""" " Load a valid certificate and check its public key"""
x509Cert = get_X509Certificate_class()
x509Cert.load(cert_file)
res = x509Cert.getSerialNumber()
assert res["OK"]
assert res["Value"] == getCertOption(cert_file, "serial")
def test_getExtensions_on_cert(cert_file, get_X509Certificate_class):
""" " Load a valid certificate and check the output is a positive integer"""
x509Cert = get_X509Certificate_class()
x509Cert.load(cert_file)
res = x509Cert.getExtensions()
assert res["OK"]
extensionDict = dict(extTuple for extTuple in res["Value"])
assert sorted(extensionDict) == sorted(
getCertOption(cert_file, "availableExtensions"))
# Test a few of them
for ext in ("basicConstraints", "extendedKeyUsage"):
assert extensionDict[ext] == getCertOption(cert_file, ext)
# Valid only for Host certificate:
if cert_file == HOSTCERT:
assert extensionDict["subjectAltName"] == getCertOption(
cert_file, "subjectAltName")
def _generateProxy(certFile, lifetime=3600, **kwargs):
""" Generate the proxyString and return it as an X509Chain object
:param certFile: path to the certificate
:param lifetime: lifetime of the proxy in seconds
:returns: X509Chain object
"""
# Load the certificate and the key
x509Chain = X509Chain()
x509Chain.loadChainFromFile(certFile)
x509Chain.loadKeyFromFile(getCertOption(certFile, 'keyFile'))
# Generate the proxy string
res = x509Chain.generateProxyToString(lifetime, rfc=True, **kwargs)
proxyString = res['Value']
# Load the proxy string as an X509Chain object
proxyChain = X509Chain()
proxyChain.loadProxyFromString(proxyString)
return proxyChain
