def test_getCertInChain(get_proxy): """" retrieve the first certificate in the chain, and make sure it is the original one """ proxyChain = get_proxy(USERCERT) chainLength = proxyChain.getNumCertsInChain()['Value'] res = proxyChain.getCertInChain(certPos=chainLength - 1) assert res['OK'] certSubject = res['Value'].getSubjectDN().get('Value') assert certSubject == getCertOption(USERCERT, 'subjectDN') # bonus: check the negative counter also works assert certSubject == proxyChain.getCertInChain( certPos=-1)['Value'].getSubjectDN().get('Value') # Test default value assert proxyChain.isProxy()['Value'] is True assert proxyChain.isLimitedProxy()['Value'] is False assert proxyChain.isVOMS()['Value'] is False assert proxyChain.isRFC()['Value'] is True assert proxyChain.isValidProxy()['Value'] is True
def test_getRemoteInfo(create_serverAndClient): """Check the information from remote peer""" serv, client = create_serverAndClient ping_server(client) addr_info = client.getRemoteAddress() assert addr_info[0] in ("127.0.0.1", "::ffff:127.0.0.1", "::1") assert addr_info[1] == PORT_NUMBER # The peer credentials are not filled on the client side assert client.peerCredentials == {} # We do not know about the port, so check only the address, taking into account bloody IPv6 assert serv.clientTransport.getRemoteAddress()[0] in ("127.0.0.1", "::ffff:127.0.0.1", "::1") peerCreds = serv.clientTransport.peerCredentials # There are no credentials for PlainTransport if client.__class__.__name__ == "PlainTransport": assert peerCreds == {} else: assert peerCreds["DN"] == getCertOption(USERCERT, "subjectDN") assert peerCreds["x509Chain"].getNumCertsInChain()["Value"] == 2 assert peerCreds["isProxy"] is True assert peerCreds["isLimitedProxy"] is False
def test_getIssuerCert(get_proxy): """Generate a proxy and check the issuer of the certificate""" proxyChain = get_proxy(USERCERT) res = proxyChain.getIssuerCert() assert res["OK"] assert res["Value"].getSubjectDN()["Value"] == getCertOption(USERCERT, "subjectDN")
def test_getIssuerCert(get_proxy): """ Generate a proxy and check the issuer of the certificate""" proxyChain = get_proxy(USERCERT) res = proxyChain.getIssuerCert() assert res['OK'] assert res['Value'].getSubjectDN()['Value'] == getCertOption( USERCERT, 'subjectDN')
def test_getCertInChain_on_cert(cert_file, get_X509Chain_class): """" Load a chain, get the first certificate, and check its name""" x509Chain = get_X509Chain_class() x509Chain.loadChainFromFile(cert_file) res = x509Chain.getCertInChain(0) assert res['OK'] certSubject = res['Value'].getSubjectDN().get('Value') assert certSubject == getCertOption(cert_file, 'subjectDN')
def test_getIssuerDN(cert_file, get_X509Certificate_class): """ " Load a valid certificate and check its issuer""" x509Cert = get_X509Certificate_class() x509Cert.load(cert_file) res = x509Cert.getIssuerDN() assert res["OK"] assert res["Value"] == getCertOption(cert_file, "issuerDN")
def test_getSubjectDN(cert_file, get_X509Certificate_class): """" Load a valid certificate and check its subject""" x509Cert = get_X509Certificate_class() x509Cert.load(cert_file) res = x509Cert.getSubjectDN() assert res['OK'] assert res['Value'] == getCertOption(cert_file, 'subjectDN')
def test_getNotAfterDate(cert_file, get_X509Chain_class): """" Load a valid certificate and check its expiration date""" x509Chain = get_X509Chain_class() x509Chain.loadChainFromFile(cert_file) res = x509Chain.getNotAfterDate() assert res['OK'] # We expect getNotAfterDate to return a datetime assert res['Value'].date() == getCertOption(cert_file, 'endDate')
def test_getNotBeforeDate(cert_file, get_X509Certificate_class): """ " Load a valid certificate and check its start validity date""" x509Cert = get_X509Certificate_class() x509Cert.load(cert_file) res = x509Cert.getNotBeforeDate() assert res["OK"] # We expect getNotBeforeDate to return a datetime assert res["Value"].date() == getCertOption(cert_file, "startDate")
def test_getNotAfterDate(cert_file, get_X509Certificate_class): """ " Load a valid certificate and check its expiration date""" x509Cert = get_X509Certificate_class() x509Cert.load(cert_file) res = x509Cert.getNotAfterDate() assert res["OK"] # We expect getNotAfterDate to return a datetime assert res["Value"].date() == getCertOption(cert_file, "endDate")
def test_dumpChainToString_on_cert(cert_file, get_X509Chain_class): """" Load a valid certificate in a chain, and dump all to string""" x509Chain = get_X509Chain_class() x509Chain.loadChainFromFile(cert_file) res = x509Chain.dumpChainToString() assert res['OK'] assert res['Value'] == getCertOption(cert_file, 'content')
def test_getSerialNumber(cert_file, get_X509Certificate_class): """ " Load a valid certificate and check its public key""" x509Cert = get_X509Certificate_class() x509Cert.load(cert_file) res = x509Cert.getSerialNumber() assert res["OK"] assert res["Value"] == getCertOption(cert_file, "serial")
def test_getExtensions_on_cert(cert_file, get_X509Certificate_class): """ " Load a valid certificate and check the output is a positive integer""" x509Cert = get_X509Certificate_class() x509Cert.load(cert_file) res = x509Cert.getExtensions() assert res["OK"] extensionDict = dict(extTuple for extTuple in res["Value"]) assert sorted(extensionDict) == sorted( getCertOption(cert_file, "availableExtensions")) # Test a few of them for ext in ("basicConstraints", "extendedKeyUsage"): assert extensionDict[ext] == getCertOption(cert_file, ext) # Valid only for Host certificate: if cert_file == HOSTCERT: assert extensionDict["subjectAltName"] == getCertOption( cert_file, "subjectAltName")
def _generateProxy(certFile, lifetime=3600, **kwargs): """ Generate the proxyString and return it as an X509Chain object :param certFile: path to the certificate :param lifetime: lifetime of the proxy in seconds :returns: X509Chain object """ # Load the certificate and the key x509Chain = X509Chain() x509Chain.loadChainFromFile(certFile) x509Chain.loadKeyFromFile(getCertOption(certFile, 'keyFile')) # Generate the proxy string res = x509Chain.generateProxyToString(lifetime, rfc=True, **kwargs) proxyString = res['Value'] # Load the proxy string as an X509Chain object proxyChain = X509Chain() proxyChain.loadProxyFromString(proxyString) return proxyChain