def test_bad_country_short(self): """ Raise an exception when country code is not correct. """ options = self.parseArguments([ self.command_name, '--common-name=domain.com', '--country=A', ]) with self.assertRaises(KeyCertException) as context: generate_csr(options) self.assertEqual('string too short', context.exception.message)
def test_email_invalid(self): """ Raise an exception when the email adress is not correct. """ options = self.parseArguments([ self.command_name, '--common-name=domain.com', '--email=invalid', ]) with self.assertRaises(KeyCertException) as context: generate_csr(options) self.assertEqual('Invalid email address.', context.exception.message)
def test_bad_country_short(self): """ Raise an exception when country code is not correct. """ options = self.parseArguments([ self.command_name, '--common-name=domain.com', '--country=A', ]) with self.assertRaises(KeyCertException) as context: generate_csr(options) self.assertEqual('Invalid country code.', context.exception.message)
def test_bad_size(self): """ Raise an exception when failing to generate the key. """ options = self.parseArguments([ self.command_name, '--common-name=domain.com', '--key-size=12', ]) with self.assertRaises(KeyCertException) as context: generate_csr(options) self.assertEqual('Key size must be greater or equal to 512.', context.exception.message)
def test_existing_key_path(self): """ It can generate a CSR from an existing private key file. """ key_pem = RSA_PRIVATE key_path, _ = self.tempFile(content=key_pem) options = self.parseArguments([ self.command_name, '--key', key_path, '--common-name=domain.com', ]) result = generate_csr(options) # OpenSSL.crypto.PKey has no equality so we need to compare the # serialization. self.assertEqual(1024L, result['key'].bits()) self.assertEqual(crypto.TYPE_RSA, result['key'].type()) self.assertEqual(key_pem, result['key_pem']) # For CSR we can not get extensions so we only check the subject. csr = crypto.dump_certificate_request(crypto.FILETYPE_PEM, result['csr']) self.assertEqual(csr, result['csr_pem']) subject = result['csr'].get_subject() self.assertEqual(u'domain.com', subject.commonName)
def test_gen_unicode(self): """ Domains are encoded using IDNA and names using Unicode. """ options = self.parseArguments([ self.command_name, u'--common-name=domain-\u20acuro.com', u'--key-size=512', u'--alternative-name=DNS:www.domain-\u20acuro.com,IP:127.0.0.1', u'--email=name@domain-\u20acuro.com', u'--organization=OU Nam\u20acuro', u'--organization-unit=OU Unit\u20acuro', u'--locality=Som\u20acwhere', u'--state=Stat\u20ac', u'--country=GB', ]) result = generate_csr(options) csr = crypto.dump_certificate_request(crypto.FILETYPE_PEM, result['csr']) self.assertEqual(csr, result['csr_pem']) subject = result['csr'].get_subject() self.assertEqual(u'xn--domain-uro-x77e.com', subject.commonName) self.assertEqual(u'*****@*****.**', subject.emailAddress) self.assertEqual(u'OU Nam\u20acuro', subject.organizationName) self.assertEqual(u'OU Unit\u20acuro', subject.organizationalUnitName) self.assertEqual(u'Som\u20acwhere', subject.localityName) self.assertEqual(u'Stat\u20ac', subject.stateOrProvinceName) self.assertEqual(u'GB', subject.countryName)
def test_default_gen(self): """ By default it will serialized the key without password and generate the csr without alternative name and just the common name. """ options = self.parseArguments([ self.command_name, '--common-name=domain.com', ]) result = generate_csr(options) # OpenSSL.crypto.PKey has no equality so we need to compare the # serialization. self.assertEqual(2048L, result['key'].bits()) self.assertEqual(crypto.TYPE_RSA, result['key'].type()) key = crypto.dump_privatekey(crypto.FILETYPE_PEM, result['key']) self.assertEqual(key, result['key_pem']) # For CSR we can not get extensions so we only check the subject. csr = crypto.dump_certificate_request(crypto.FILETYPE_PEM, result['csr']) self.assertEqual(csr, result['csr_pem']) subject = result['csr'].get_subject() self.assertEqual(u'domain.com', subject.commonName) self.assertIsNone(subject.emailAddress) self.assertIsNone(subject.organizationName) self.assertIsNone(subject.organizationalUnitName) self.assertIsNone(subject.localityName) self.assertIsNone(subject.stateOrProvinceName) self.assertIsNone(subject.countryName) self.assertEqual(2, result['csr'].get_version())
def test_gen_unicode(self): """ Domains are encoded using IDNA and names using Unicode. """ options = self.parseArguments([ self.command_name, u'--common-name=domain-\u20acuro.com', u'--key-size=512', u'--alternative-name=DNS:www.domain-\u20acuro.com,IP:127.0.0.1', u'--email=name@domain-\u20acuro.com', u'--organization=OU Nam\u20acuro', u'--organization-unit=OU Unit\u20acuro', u'--locality=Som\u20acwhere', u'--state=Stat\u20ac', u'--country=GB', ]) result = generate_csr(options) csr = crypto.dump_certificate_request( crypto.FILETYPE_PEM, result['csr']) self.assertEqual(csr, result['csr_pem']) subject = result['csr'].get_subject() self.assertEqual(u'xn--domain-uro-x77e.com', subject.commonName) self.assertEqual( u'*****@*****.**', subject.emailAddress) self.assertEqual(u'OU Nam\u20acuro', subject.organizationName) self.assertEqual(u'OU Unit\u20acuro', subject.organizationalUnitName) self.assertEqual(u'Som\u20acwhere', subject.localityName) self.assertEqual(u'Stat\u20ac', subject.stateOrProvinceName) self.assertEqual(u'GB', subject.countryName)
def test_default_gen(self): """ By default it will serialized the key without password and generate the csr without alternative name and just the common name. """ options = self.parseArguments([ self.command_name, '--common-name=domain.com', ]) result = generate_csr(options) # OpenSSL.crypto.PKey has no equality so we need to compare the # serialization. self.assertEqual(2048L, result['key'].bits()) self.assertEqual(crypto.TYPE_RSA, result['key'].type()) key = crypto.dump_privatekey(crypto.FILETYPE_PEM, result['key']) self.assertEqual(key, result['key_pem']) # For CSR we can not get extensions so we only check the subject. csr = crypto.dump_certificate_request( crypto.FILETYPE_PEM, result['csr']) self.assertEqual(csr, result['csr_pem']) subject = result['csr'].get_subject() self.assertEqual(u'domain.com', subject.commonName) self.assertIsNone(subject.emailAddress) self.assertIsNone(subject.organizationName) self.assertIsNone(subject.organizationalUnitName) self.assertIsNone(subject.localityName) self.assertIsNone(subject.stateOrProvinceName) self.assertIsNone(subject.countryName) self.assertEqual(0, result['csr'].get_version())
def test_bad_size(self): """ Raise an exception when failing to generate the key. """ options = self.parseArguments([ self.command_name, '--common-name=domain.com', '--key-size=12', ]) with self.assertRaises(KeyCertException) as context: generate_csr(options) self.assertEqual( 'Key size must be greater or equal to 512.', context.exception.message)
def test_sign_algorithm_invalid(self): """ Raise an exception when the signing algorithm is not correct. """ options = self.parseArguments([ self.command_name, '--common-name=domain.com', '--sign-algorithm=unknown', ]) with self.assertRaises(KeyCertException) as context: generate_csr(options) self.assertEqual( 'Invalid signing algorithm. ' 'Supported values: md5, sha1, sha256, sha512.', context.exception.message)
def test_encrypted_key(self): """ When asked it will serialize the key with a password. """ options = self.parseArguments([ self.command_name, u'--common-name=domain.com', u'--key-size=512', u'--key-password=\u20acuro', ]) result = generate_csr(options) # We decrypt the key and compare the unencrypted serialization. key = crypto.load_privatekey(crypto.FILETYPE_PEM, result['key_pem'], u'\u20acuro'.encode('utf-8')) self.assertEqual( crypto.dump_privatekey(crypto.FILETYPE_PEM, key), crypto.dump_privatekey(crypto.FILETYPE_PEM, result['key']), )
def test_encrypted_key(self): """ When asked it will serialize the key with a password. """ options = self.parseArguments([ self.command_name, u'--common-name=domain.com', u'--key-size=512', u'--key-password=\u20acuro', ]) result = generate_csr(options) # We decrypt the key and compare the unencrypted serialization. key = crypto.load_privatekey( crypto.FILETYPE_PEM, result['key_pem'], u'\u20acuro'.encode('utf-8')) self.assertEqual( crypto.dump_privatekey(crypto.FILETYPE_PEM, key), crypto.dump_privatekey(crypto.FILETYPE_PEM, result['key']), )