예제 #1
0
def test_loadAllFromString(get_X509Request, isLimited):
    """Generate a proxy Request, load it, and check that the subject DN are the same
    :param isLimited: request a limited proxy"""
    x509Req = get_X509Request()
    x509Req.generateProxyRequest(limited=isLimited)

    proxyRequest = x509Req.dumpAll()["Value"]

    x509ReqLoad = get_X509Request()
    res = x509ReqLoad.loadAllFromString(proxyRequest)

    assert res["OK"]
    assert x509Req.getSubjectDN() == x509ReqLoad.getSubjectDN()
예제 #2
0
def test_loadAllFromString_fromDumpRequest(get_X509Request):
    """ Generate a proxy Request and try loading it from incomplete dump"""
    x509Req = get_X509Request()
    x509Req.generateProxyRequest()

    proxyRequest = x509Req.dumpRequest()['Value']

    # This should fail because the proxyRequest does not contain the private key
    x509ReqLoad = get_X509Request()
    res = x509ReqLoad.loadAllFromString(proxyRequest)

    assert res['OK'] is False
    from DIRAC.Core.Utilities.DErrno import ENOPKEY
    assert res['Errno'] == ENOPKEY
예제 #3
0
def test_delegation(get_X509Request, get_proxy, diracGroup, lifetime):
    """
    Test the delegation mechanism.
    Generate a proxy request and generate the proxy from there
    NOTE: DO NOT CHANGE THE NAME OF THIS TEST FUNCTION ! See get_proxy code for details

    :param diracGroup: group of the initial proxy
    :param lifetime: requested lifetime of the delegated proxy
    """

    # The server side generates a request
    # Equivalent to ProxyManager.requestDelegationUpload
    x509Req = get_X509Request()
    x509Req.generateProxyRequest()
    reqStr = x509Req.dumpRequest()["Value"]

    # This object contains both the public and private key
    pkeyReq = x509Req.getPKey()

    #######################################################

    # The client side signs the request

    proxyChain = get_proxy(USERCERT, diracGroup=diracGroup)

    # The proxy will contain a "bullshit private key"
    res = proxyChain.generateChainFromRequestString(reqStr, lifetime=lifetime)

    # This is sent back to the server
    delegatedProxyString = res["Value"]

    ######################################################
    # Equivalent to ProxyManager.completeDelegationUpload

    # Dirty hack:
    X509Chain = get_X509Chain_from_X509Request(x509Req)

    # Create the new chain
    # the pkey was generated together with the Request
    delegatedProxy = X509Chain(keyObj=pkeyReq)
    delegatedProxy.loadChainFromString(delegatedProxyString)

    # make sure the public key match between Request and the new Chain
    # (Stupid, of course it will ! But it is done in the ProxyManager...)
    res = x509Req.checkChain(delegatedProxy)

    assert res["OK"]

    # perform a few checks on the generated proxy

    # There should be one level extra in the delegated proxy
    assert proxyChain.getNumCertsInChain()["Value"] + 1 == delegatedProxy.getNumCertsInChain()["Value"]

    # The issuer of the delegatedProxy should be the original proxy
    assert proxyChain.getCertInChain()["Value"].getSubjectDN() == delegatedProxy.getCertInChain()["Value"].getIssuerDN()

    # The groups should be the same
    assert proxyChain.getDIRACGroup(ignoreDefault=True) == delegatedProxy.getDIRACGroup(ignoreDefault=True)

    assert proxyChain.getNotAfterDate()["Value"] >= delegatedProxy.getNotAfterDate()["Value"]
예제 #4
0
def test_dumpRequest(get_X509Request):
    """ " Generate an X509Request and dumps it"""
    x509Req = get_X509Request()
    x509Req.generateProxyRequest()

    res = x509Req.dumpRequest()

    assert res["OK"]
    assert "CERTIFICATE REQUEST" in res["Value"]
예제 #5
0
def test_dumpRequest(get_X509Request):
    """" Generate an X509Request and dumps it"""
    x509Req = get_X509Request()
    x509Req.generateProxyRequest()

    res = x509Req.dumpRequest()

    assert res['OK']
    assert b'CERTIFICATE REQUEST' in res['Value']
예제 #6
0
def test_dumpRequest_notInitialized(get_X509Request):
    """ Calls dumpRequest a non initlaized Request"""

    x509Req = get_X509Request()
    res = x509Req.dumpRequest()

    assert res['OK'] is False
    from DIRAC.Core.Utilities.DErrno import ENOCERT
    assert res['Errno'] == ENOCERT
예제 #7
0
def test_getSubjectDN(get_X509Request, isLimited):
    """Try getting the subjectDN in case of limited and non limited request
    :param isLimited: request a limited proxy
    """

    x509Req = get_X509Request()
    x509Req.generateProxyRequest(limited=isLimited)

    res = x509Req.getSubjectDN()
    assert res["OK"]

    if isLimited:
        assert res["Value"] == "/CN=limited proxy"
    else:
        assert res["Value"] == "/CN=proxy"