def testCertificateChainLoading(self): """Load many x509 and check relations """ user = User(email="*****@*****.**", username='******') user.save() # Check relations for certs imports ca_key = Key.new_from_pem(CA_KEY, "R00tz") ca_key.user = user ca_key.save() ca_cert = Certificate.new_from_pem(CA_CERT) ca_cert.save() self.assertEqual(ca_cert.key, ca_key) # Check relations for keys imports c_cert = Certificate.new_from_pem(C_CERT) c_cert.save() c_key = Key.new_from_pem(C_KEY, "1234") # Refresh object c_cert = Certificate.objects.get(pk=c_cert.id) self.assertEqual(c_cert.key, c_key) # Check issuer relations u_cert = Certificate.new_from_pem(U_CERT) u_cert.save() u_key = Key.new_from_pem(U_KEY) self.assertTrue(u_cert.issuer == c_cert) self.assertTrue(u_cert.issuer.issuer == ca_cert)
def testCertificateLoading(self): """Load x509 certificate """ #before = datetime(2010, 01, 01, 6, tzinfo=ASN1.UTC) #after = datetime(2015, 01, 01, 6, tzinfo=ASN1.UTC) x509_text = X509.load_cert_string(CA_CERT, X509.FORMAT_PEM).as_text() cert = Certificate.new_from_pem(CA_CERT) cert.save() self.assertTrue(cert.CN == "Admin") self.assertTrue(cert.country == "FR") #self.assertTrue(cert.begin == before) #self.assertTrue(cert.end == after) self.assertTrue(cert.is_ca) self.assertTrue(cert.auth_kid) self.assertTrue(cert.subject_kid) self.assertTrue(cert.certhash) self.assertTrue(" " not in cert.auth_kid) self.assertTrue(" " not in cert.subject_kid) # Just test Certificate.m2_x509() method x509 = X509.load_cert_string(cert.pem, X509.FORMAT_PEM) m2x509 = cert.m2_x509() self.assertTrue(x509.as_text() == m2x509.as_text()) self.assertTrue(cert.auth_kid in m2x509.as_text()) self.assertTrue(cert.subject_kid in m2x509.as_text())
def setUp(self): """Load keys """ self.ca_pwd = "R00tz" self.c_pwd = "1234" self.user_admin = User.objects.create(username="******", email="*****@*****.**") self.user_client = User.objects.create(username="******", email="*****@*****.**") ca_key = Key.new_from_pem(CA_KEY, "R00tz", self.user_admin) ca_key.save() c_key = Key.new_from_pem(C_KEY, "1234", self.user_client) c_key.save() ca_cert = Certificate.new_from_pem(CA_CERT, user=self.user_admin, key=ca_key) ca_cert.save() c_cert = Certificate.new_from_pem(C_CERT, user=self.user_client, key=c_key) c_cert.save() self.ca_key = Key.objects.get(id=ca_key.id) self.c_key = Key.objects.get(id=c_key.id) self.ca_cert = Certificate.objects.get(id=ca_cert.id) self.c_cert = Certificate.objects.get(id=c_cert.id)
def testCertificateChainLoadingIssued(self): """Load many x509 and check _issued_ relations """ user = User(email="*****@*****.**", username='******') user.save() # Check relations for certs imports ca_cert = Certificate.new_from_pem(CA_CERT) ca_cert.save() u_cert = Certificate.new_from_pem(U_CERT) u_cert.save() # Check relations for keys imports c_cert = Certificate.new_from_pem(C_CERT) c_cert.save() # Refresh object c_cert = Certificate.objects.get(pk=c_cert.id) u_cert = Certificate.objects.get(pk=u_cert.id) self.assertTrue(c_cert.issuer == ca_cert) self.assertTrue(u_cert.issuer == c_cert)
def testCertificateLoadingUTF8(self): """Load x509 certificate UTF8 """ #before = datetime(2010, 01, 01, 6, tzinfo=ASN1.UTC) #after = datetime(2015, 01, 01, 6, tzinfo=ASN1.UTC) cert = Certificate.new_from_pem(UTF8_CERT) cert.save() self.assertEqual(cert.CN, u"Admin ©") self.assertEqual(cert.country, u"FR") cert = Certificate.objects.get(id=cert.id) self.assertEqual(cert.CN, u"Admin ©") self.assertEqual(cert.country, u"FR")
def testCertificateCheck(self): """Load many x509 and check certificates """ ca_pwd = "R00tz" c_pwd = "1234" # Check relations for certs imports ca_cert = Certificate.new_from_pem(CA_CERT) ca_cert.save() # Check relations for keys imports c_cert = Certificate.new_from_pem(C_CERT) c_cert.save() # Refresh object c_cert = Certificate.objects.get(pk=c_cert.id) # Check issuer relations u_cert = Certificate.new_from_pem(U_CERT) u_cert.save() self.assertEqual(c_cert.get_cert_chain(), [ca_cert, c_cert]) self.assertEqual(u_cert.get_cert_chain(), [ca_cert, c_cert, u_cert]) self.assertRaises(Openssl.VerifyError, ca_cert.check) self.assertRaises(Openssl.VerifyError, c_cert.check) self.assertRaises(Openssl.VerifyError, u_cert.check) ca_cert.trust = True ca_cert.save() # WTF ? we have to reload all objects after change ca_trust or # x_cert.get_cert_chain()[0].trust will be false # Tested with TransactionTestCase ca_cert = Certificate.objects.get(pk=ca_cert.id) c_cert = Certificate.objects.get(pk=c_cert.id) u_cert = Certificate.objects.get(pk=u_cert.id) self.assertEqual(c_cert.get_cert_chain()[0].trust, True) self.assertTrue(ca_cert.check(crlcheck=False)) self.assertTrue(c_cert.check(crlcheck=False)) self.assertTrue(u_cert.check(crlcheck=False)) # Add crl # Use Quick method c_cert.revoked = True c_cert.save() u_cert = Certificate.objects.get(pk=u_cert.id) self.assertFalse(u_cert.check(quick=True)) c_cert.revoked = False c_cert.save() u_cert = Certificate.objects.get(pk=u_cert.id) self.assertTrue(u_cert.check()) # Use openssl method c_cert.crl = "Wrong crl" c_cert.save() u_cert = Certificate.objects.get(pk=u_cert.id) self.assertRaises(Openssl.VerifyError, u_cert.check) # TODO : Add real CRL # Gen CRL for CA k = Key.new_from_pem(CA_KEY, ca_pwd) k.save() ca_cert = Certificate.objects.get(pk=ca_cert.id) ca_cert.ca_serial = 2 ca_cert.save() ca_cert = Certificate.objects.get(pk=ca_cert.id) ca_cert.gen_crl(ca_pwd) ca_cert = Certificate.objects.get(pk=ca_cert.id) self.assertTrue("CRL" in ca_cert.crl) # Must works with this CRL c_cert.crl = None c_cert.save() u_cert = Certificate.objects.get(pk=u_cert.id) ca_cert = Certificate.objects.get(pk=ca_cert.id) self.assertTrue(u_cert.check()) # Revoke client's certificate # Try with no crl ca_cert.crl = None ca_cert.save() ca_cert = Certificate.objects.get(pk=ca_cert.id) ca_cert.revoke(c_cert, ca_pwd) ca_cert = Certificate.objects.get(pk=ca_cert.id) c_cert = Certificate.objects.get(pk=c_cert.id) u_cert = Certificate.objects.get(pk=u_cert.id) self.assertFalse(u_cert.check()) c_cert.revoked = False c_cert.save() ca_cert = Certificate.objects.get(pk=ca_cert.id) c_cert = Certificate.objects.get(pk=c_cert.id) u_cert = Certificate.objects.get(pk=u_cert.id) self.assertFalse(u_cert.check()) self.assertTrue("02" in ca_cert.index) self.assertTrue("World Company" in ca_cert.index) # Revocation must be present on other crls ca_cert.gen_crl(ca_pwd) ca_cert = Certificate.objects.get(pk=ca_cert.id) c_cert = Certificate.objects.get(pk=c_cert.id) u_cert = Certificate.objects.get(pk=u_cert.id) self.assertFalse(u_cert.check())