def _check_account_key(self, name):
# read encryption key
md_store = json.loads(open(TestEnv.path_store_json(), 'r').read())
encryptKey = base64.urlsafe_b64decode(str(md_store['key']))
# check: key file is encrypted PEM
md = TestEnv.a2md(["list", name])['jout']['output'][0]
acc = md['ca']['account']
CertUtil.validate_privkey(TestEnv.path_account_key(acc),
lambda *args: encryptKey)
def check_md_credentials(cls, domain):
if isinstance(domain, list):
domains = domain
domain = domains[0]
# check private key, validate certificate, etc
CertUtil.validate_privkey(cls.store_domain_file(domain, 'privkey.pem'))
cert = CertUtil(cls.store_domain_file(domain, 'pubcert.pem'))
cert.validate_cert_matches_priv_key(
cls.store_domain_file(domain, 'privkey.pem'))
# check SANs and CN
assert cert.get_cn() == domain
# compare lists twice in opposite directions: SAN may not respect ordering
sanList = list(cert.get_san_list())
assert len(sanList) == len(domains)
assert set(sanList).issubset(domains)
assert set(domains).issubset(sanList)
# check valid dates interval
notBefore = cert.get_not_before()
notAfter = cert.get_not_after()
assert notBefore < datetime.now(notBefore.tzinfo)
assert notAfter > datetime.now(notAfter.tzinfo)