예제 #1
0
    def testCertificateChainLoading(self):
        """Load many x509 and check relations
        """
        user = User(email="*****@*****.**", username='******')
        user.save()
        # Check relations for certs imports
        ca_key = Key.new_from_pem(CA_KEY, "R00tz")
        ca_key.user = user
        ca_key.save()
        ca_cert = Certificate.new_from_pem(CA_CERT)
        ca_cert.save()
        self.assertEqual(ca_cert.key, ca_key)

        # Check relations for keys imports
        c_cert = Certificate.new_from_pem(C_CERT)
        c_cert.save()
        c_key = Key.new_from_pem(C_KEY, "1234")
        # Refresh object
        c_cert = Certificate.objects.get(pk=c_cert.id)
        self.assertEqual(c_cert.key, c_key)

        # Check issuer relations
        u_cert = Certificate.new_from_pem(U_CERT)
        u_cert.save()
        u_key = Key.new_from_pem(U_KEY)
        self.assertTrue(u_cert.issuer == c_cert)
        self.assertTrue(u_cert.issuer.issuer == ca_cert)
예제 #2
0
 def setUp(self):
     """Load keys
     """
     self.ca_pwd = "R00tz"
     self.c_pwd = "1234"
     self.user_admin = User.objects.create(username="******", email="*****@*****.**")
     self.user_client = User.objects.create(username="******", email="*****@*****.**")
     ca_key = Key.new_from_pem(CA_KEY, "R00tz", self.user_admin)
     ca_key.save()
     c_key = Key.new_from_pem(C_KEY, "1234", self.user_client)
     c_key.save()
     ca_cert = Certificate.new_from_pem(CA_CERT, user=self.user_admin, key=ca_key)
     ca_cert.save()
     c_cert = Certificate.new_from_pem(C_CERT, user=self.user_client, key=c_key)
     c_cert.save()
     self.ca_key = Key.objects.get(id=ca_key.id)
     self.c_key = Key.objects.get(id=c_key.id)
     self.ca_cert = Certificate.objects.get(id=ca_cert.id)
     self.c_cert = Certificate.objects.get(id=c_cert.id)
예제 #3
0
 def testKeyLoading(self):
     """Try to load key
     """
     k = Key.new_from_pem(C_KEY, "1234")
     self.assertEqual(k.length, 4096)
     self.assertEqual(k.public, C_PUB_KEY)
예제 #4
0
    def testCertificateCheck(self):
        """Load many x509 and check certificates
        """
        ca_pwd = "R00tz"
        c_pwd = "1234"
        # Check relations for certs imports
        ca_cert = Certificate.new_from_pem(CA_CERT)
        ca_cert.save()

        # Check relations for keys imports
        c_cert = Certificate.new_from_pem(C_CERT)
        c_cert.save()
        # Refresh object
        c_cert = Certificate.objects.get(pk=c_cert.id)

        # Check issuer relations
        u_cert = Certificate.new_from_pem(U_CERT)
        u_cert.save()

        self.assertEqual(c_cert.get_cert_chain(), [ca_cert, c_cert])
        self.assertEqual(u_cert.get_cert_chain(), [ca_cert, c_cert, u_cert])
        self.assertRaises(Openssl.VerifyError, ca_cert.check)
        self.assertRaises(Openssl.VerifyError, c_cert.check)
        self.assertRaises(Openssl.VerifyError, u_cert.check)
        ca_cert.trust = True
        ca_cert.save()

        # WTF ? we have to reload all objects after change ca_trust or
        # x_cert.get_cert_chain()[0].trust will be false
        # Tested with TransactionTestCase
        ca_cert = Certificate.objects.get(pk=ca_cert.id)
        c_cert = Certificate.objects.get(pk=c_cert.id)
        u_cert = Certificate.objects.get(pk=u_cert.id)
        self.assertEqual(c_cert.get_cert_chain()[0].trust, True)

        self.assertTrue(ca_cert.check(crlcheck=False))
        self.assertTrue(c_cert.check(crlcheck=False))
        self.assertTrue(u_cert.check(crlcheck=False))

        # Add crl
        # Use Quick method
        c_cert.revoked = True
        c_cert.save()
        u_cert = Certificate.objects.get(pk=u_cert.id)
        self.assertFalse(u_cert.check(quick=True))
        c_cert.revoked = False
        c_cert.save()
        u_cert = Certificate.objects.get(pk=u_cert.id)
        self.assertTrue(u_cert.check())
        # Use openssl method
        c_cert.crl = "Wrong crl"
        c_cert.save()
        u_cert = Certificate.objects.get(pk=u_cert.id)
        self.assertRaises(Openssl.VerifyError, u_cert.check)
        # TODO : Add real CRL

        # Gen CRL for CA
        k = Key.new_from_pem(CA_KEY, ca_pwd)
        k.save()
        ca_cert = Certificate.objects.get(pk=ca_cert.id)
        ca_cert.ca_serial = 2
        ca_cert.save()
        ca_cert = Certificate.objects.get(pk=ca_cert.id)
        ca_cert.gen_crl(ca_pwd)
        ca_cert = Certificate.objects.get(pk=ca_cert.id)
        self.assertTrue("CRL" in ca_cert.crl)
        # Must works with this CRL
        c_cert.crl = None
        c_cert.save()
        u_cert = Certificate.objects.get(pk=u_cert.id)
        ca_cert = Certificate.objects.get(pk=ca_cert.id)
        self.assertTrue(u_cert.check())

        # Revoke client's certificate
        # Try with no crl
        ca_cert.crl = None
        ca_cert.save()
        ca_cert = Certificate.objects.get(pk=ca_cert.id)
        ca_cert.revoke(c_cert, ca_pwd)
        ca_cert = Certificate.objects.get(pk=ca_cert.id)
        c_cert = Certificate.objects.get(pk=c_cert.id)
        u_cert = Certificate.objects.get(pk=u_cert.id)
        self.assertFalse(u_cert.check())
        c_cert.revoked = False
        c_cert.save()
        ca_cert = Certificate.objects.get(pk=ca_cert.id)
        c_cert = Certificate.objects.get(pk=c_cert.id)
        u_cert = Certificate.objects.get(pk=u_cert.id)
        self.assertFalse(u_cert.check())
        self.assertTrue("02" in ca_cert.index)
        self.assertTrue("World Company" in ca_cert.index)

        # Revocation must be present on other crls
        ca_cert.gen_crl(ca_pwd)
        ca_cert = Certificate.objects.get(pk=ca_cert.id)
        c_cert = Certificate.objects.get(pk=c_cert.id)
        u_cert = Certificate.objects.get(pk=u_cert.id)
        self.assertFalse(u_cert.check())