def setUp(self):
self.USER_GNUPGHOME = tempfile.TemporaryDirectory()
self.ADMIN_GNUPGHOME = tempfile.TemporaryDirectory()
self.NEW_USER_GNUPGHOME = tempfile.TemporaryDirectory()
self.NEW_ADMIN_GNUPGHOME = tempfile.TemporaryDirectory()
self.SEED_DIR = tempfile.TemporaryDirectory()
self.config = ConfigParser()
self.config.read_string("""
[mtls]
min_lifetime=60
max_lifetime=0
seed_dir={seed_dir}
[ca]
key = secrets/certs/authority/RootCA.key
cert = secrets/certs/authority/RootCA.pem
issuer = My Company Name
alternate_name = *.myname.com
[gnupg]
user={user_gnupghome}
admin={admin_gnupghome}
[storage]
engine=sqlite3
[storage.sqlite3]
db_path=:memory:
""".format(
user_gnupghome=self.USER_GNUPGHOME.name,
admin_gnupghome=self.ADMIN_GNUPGHOME.name,
seed_dir=self.SEED_DIR.name,
))
self.common_name = "user@host"
self.key = generate_key()
self.engine = storage.SQLiteStorageEngine(self.config)
cur = self.engine.conn.cursor()
cur.execute("DROP TABLE IF EXISTS certs")
self.engine.conn.commit()
self.engine.init_db()
self.cert_processor = CertProcessor(self.config)
self.user_gpg = gnupg.GPG(gnupghome=self.USER_GNUPGHOME.name)
self.admin_gpg = gnupg.GPG(gnupghome=self.ADMIN_GNUPGHOME.name)
self.new_user_gpg = gnupg.GPG(gnupghome=self.NEW_USER_GNUPGHOME.name)
self.new_admin_gpg = gnupg.GPG(gnupghome=self.NEW_ADMIN_GNUPGHOME.name)
self.new_users = [
User("user@host",
gen_passwd(),
generate_key(),
gpg=self.new_user_gpg)
]
self.new_admins = [
User("admin@host",
gen_passwd(),
generate_key(),
gpg=self.new_admin_gpg)
]
def setUp(self):
self.USER_GNUPGHOME = tempfile.TemporaryDirectory()
self.ADMIN_GNUPGHOME = tempfile.TemporaryDirectory()
config = ConfigParser()
config.read_string(
"""
[ca]
key = secrets/certs/authority/RootCA.key
cert = secrets/certs/authority/RootCA.pem
issuer = My Company Name
alternate_name = *.myname.com
[gnupg]
user={user_gnupghome}
admin={admin_gnupghome}
[storage]
engine=postgres
[storage.postgres]
database = mtls
user = postgres
password = postgres
host = localhost
""".format(
user_gnupghome=self.USER_GNUPGHOME.name,
admin_gnupghome=self.ADMIN_GNUPGHOME.name,
)
)
self.common_name = "user@host"
self.key = generate_key()
self.engine = storage.PostgresqlStorageEngine(config)
cur = self.engine.conn.cursor()
cur.execute("DROP TABLE IF EXISTS certs")
self.engine.conn.commit()
self.engine.init_db()
self.cert_processor = CertProcessor(config)
self.user_gpg = gnupg.GPG(gnupghome=self.USER_GNUPGHOME.name)
self.admin_gpg = gnupg.GPG(gnupghome=self.ADMIN_GNUPGHOME.name)
self.users = [
User("user@host", gen_passwd(), generate_key(), gpg=self.user_gpg),
User("user2@host", gen_passwd(), generate_key(), gpg=self.user_gpg),
User("user3@host", gen_passwd(), generate_key(), gpg=self.user_gpg),
]
self.invalid_users = [
User("user4@host", gen_passwd(), generate_key(), gpg=self.user_gpg)
]
self.admin_users = [
User("admin@host", gen_passwd(), generate_key(), gpg=self.admin_gpg)
]
for user in self.users:
self.user_gpg.import_keys(self.user_gpg.export_keys(user.fingerprint))
for user in self.admin_users:
self.admin_gpg.import_keys(self.admin_gpg.export_keys(user.fingerprint))
def setUp(self):
self.USER_GNUPGHOME = tempfile.TemporaryDirectory()
self.ADMIN_GNUPGHOME = tempfile.TemporaryDirectory()
self.AUTHORITY_FOLDER = tempfile.TemporaryDirectory()
config = ConfigParser()
config.read_string(
"""
[ca]
key = {authority_folder}/RootCA.key
cert = {authority_folder}/RootCA.pem
issuer = My Company Name
alternate_name = *.myname.com
[gnupg]
user={user_gnupghome}
admin={admin_gnupghome}
[storage]
engine=sqlite3
[storage.sqlite3]
db_path=:memory:
""".format(
user_gnupghome=self.USER_GNUPGHOME.name,
admin_gnupghome=self.ADMIN_GNUPGHOME.name,
authority_folder=self.AUTHORITY_FOLDER.name,
)
)
self.common_name = "user@host"
self.key = generate_key()
self.engine = storage.SQLiteStorageEngine(config)
cur = self.engine.conn.cursor()
cur.execute("DROP TABLE IF EXISTS certs")
self.engine.conn.commit()
self.engine.init_db()
self.cert_processor = CertProcessor(config)
self.user_gpg = gnupg.GPG(gnupghome=self.USER_GNUPGHOME.name)
self.admin_gpg = gnupg.GPG(gnupghome=self.ADMIN_GNUPGHOME.name)
self.users = [
User("user@host", gen_passwd(), generate_key(), gpg=self.user_gpg),
User("user2@host", gen_passwd(), generate_key(), gpg=self.user_gpg),
User("user3@host", gen_passwd(), generate_key(), gpg=self.user_gpg),
]
self.invalid_users = [
User("user4@host", gen_passwd(), generate_key(), gpg=self.user_gpg)
]
self.admin_users = [
User("admin@host", gen_passwd(), generate_key(), gpg=self.admin_gpg)
]
for user in self.users:
self.user_gpg.import_keys(self.user_gpg.export_keys(user.fingerprint))
for user in self.admin_users:
self.admin_gpg.import_keys(self.admin_gpg.export_keys(user.fingerprint))
def setUp(self):
dir_path = os.path.dirname(os.path.realpath(__file__))
self.USER_GNUPGHOME = tempfile.TemporaryDirectory(prefix=dir_path + "/secrets/")
self.ADMIN_GNUPGHOME = tempfile.TemporaryDirectory(prefix=dir_path + "/secrets/")
relative_user = "******" + self.USER_GNUPGHOME.name.split(dir_path)[1]
relative_admin = "." + self.ADMIN_GNUPGHOME.name.split(dir_path)[1]
config = ConfigParser()
config.read_string(
"""
[ca]
key = secrets/certs/authority/RootCA.key
cert = secrets/certs/authority/RootCA.pem
issuer = My Company Name
alternate_name = *.myname.com
[gnupg]
user={user_gnupghome}
admin={admin_gnupghome}
[storage]
engine=sqlite3
[storage.sqlite3]
db_path=:memory:
""".format(
user_gnupghome=relative_user, admin_gnupghome=relative_admin
)
)
self.common_name = "user@host"
self.key = generate_key()
self.engine = storage.SQLiteStorageEngine(config)
cur = self.engine.conn.cursor()
cur.execute("DROP TABLE IF EXISTS certs")
self.engine.conn.commit()
self.engine.init_db()
self.cert_processor = CertProcessor(config)
self.user_gpg = gnupg.GPG(gnupghome=self.USER_GNUPGHOME.name)
self.admin_gpg = gnupg.GPG(gnupghome=self.ADMIN_GNUPGHOME.name)
self.users = [
User("user@host", gen_passwd(), generate_key(), gpg=self.user_gpg),
User("user2@host", gen_passwd(), generate_key(), gpg=self.user_gpg),
User("user3@host", gen_passwd(), generate_key(), gpg=self.user_gpg),
]
self.invalid_users = [
User("user4@host", gen_passwd(), generate_key(), gpg=self.user_gpg)
]
self.admin_users = [
User("admin@host", gen_passwd(), generate_key(), gpg=self.admin_gpg)
]
for user in self.users:
self.user_gpg.import_keys(self.user_gpg.export_keys(user.fingerprint))
for user in self.admin_users:
self.admin_gpg.import_keys(self.admin_gpg.export_keys(user.fingerprint))
def setUp(self):
self.USER_GNUPGHOME = tempfile.TemporaryDirectory()
self.ADMIN_GNUPGHOME = tempfile.TemporaryDirectory()
self.NEW_USER_GNUPGHOME = tempfile.TemporaryDirectory()
self.NEW_ADMIN_GNUPGHOME = tempfile.TemporaryDirectory()
self.SEED_DIR = tempfile.TemporaryDirectory()
self.config = ConfigParser()
self.config.read_string("""
[mtls]
min_lifetime=60
max_lifetime=0
seed_dir={seed_dir}
[ca]
key = secrets/certs/authority/RootCA.key
cert = secrets/certs/authority/RootCA.pem
issuer = My Company Name
alternate_name = *.myname.com
[gnupg]
user={user_gnupghome}
admin={admin_gnupghome}
[storage]
engine=sqlite3
[storage.sqlite3]
db_path=:memory:
""".format(
seed_dir=self.SEED_DIR.name,
user_gnupghome=self.USER_GNUPGHOME.name,
admin_gnupghome=self.ADMIN_GNUPGHOME.name,
))
self.new_user_gpg = gnupg.GPG(gnupghome=self.NEW_USER_GNUPGHOME.name)
self.new_admin_gpg = gnupg.GPG(gnupghome=self.NEW_ADMIN_GNUPGHOME.name)
self.new_users = [
User("user@host",
gen_passwd(),
generate_key(),
gpg=self.new_user_gpg)
]
self.new_admins = [
User("admin@host",
gen_passwd(),
generate_key(),
gpg=self.new_admin_gpg)
]
def setUp(self):
self.USER_GNUPGHOME = tempfile.TemporaryDirectory()
self.ADMIN_GNUPGHOME = tempfile.TemporaryDirectory()
self.INVALID_GNUPGHOME = tempfile.TemporaryDirectory()
self.NEW_USER_GNUPGHOME = tempfile.TemporaryDirectory()
self.config = ConfigParser()
self.config.read_string("""
[mtls]
min_lifetime=60
max_lifetime=0
[ca]
key = secrets/certs/authority/RootCA.key
cert = secrets/certs/authority/RootCA.pem
issuer = My Company Name
alternate_name = *.myname.com
[gnupg]
user={user_gnupghome}
admin={admin_gnupghome}
[storage]
engine=sqlite3
[storage.sqlite3]
db_path=:memory:
""".format(
user_gnupghome=self.USER_GNUPGHOME.name,
admin_gnupghome=self.ADMIN_GNUPGHOME.name,
))
self.key = generate_key()
self.engine = storage.SQLiteStorageEngine(self.config)
cur = self.engine.conn.cursor()
cur.execute("DROP TABLE IF EXISTS certs")
self.engine.conn.commit()
self.engine.init_db()
self.user_gpg = gnupg.GPG(gnupghome=self.USER_GNUPGHOME.name)
self.admin_gpg = gnupg.GPG(gnupghome=self.ADMIN_GNUPGHOME.name)
self.invalid_gpg = gnupg.GPG(gnupghome=self.INVALID_GNUPGHOME.name)
self.new_user_gpg = gnupg.GPG(gnupghome=self.NEW_USER_GNUPGHOME.name)
app = create_app(self.config)
self.app = app.test_client()
self.users = [
User("user@host", gen_passwd(), generate_key(), gpg=self.user_gpg),
User("user2@host", gen_passwd(), generate_key(),
gpg=self.user_gpg),
User("user3@host", gen_passwd(), generate_key(),
gpg=self.user_gpg),
]
self.invalid_users = [
User("user4@host",
gen_passwd(),
generate_key(),
gpg=self.invalid_gpg)
]
self.admin_users = [
User("admin@host",
gen_passwd(),
generate_key(),
gpg=self.admin_gpg)
]
self.new_users = [
User("newuser@host",
gen_passwd(),
generate_key(),
gpg=self.new_user_gpg),
User("newuser2@host",
gen_passwd(),
generate_key(),
gpg=self.new_user_gpg),
]
for user in self.users:
self.user_gpg.import_keys(
self.user_gpg.export_keys(user.fingerprint))
self.user_gpg.trust_keys([user.fingerprint], "TRUST_ULTIMATE")
for user in self.admin_users:
# Import to admin keychain
self.admin_gpg.import_keys(
self.admin_gpg.export_keys(user.fingerprint))
self.admin_gpg.trust_keys([user.fingerprint], "TRUST_ULTIMATE")
# Import to user keychain
self.user_gpg.import_keys(
self.admin_gpg.export_keys(user.fingerprint))
self.user_gpg.trust_keys([user.fingerprint], "TRUST_ULTIMATE")
for user in self.invalid_users:
self.invalid_gpg.import_keys(
self.invalid_gpg.export_keys(user.fingerprint))
self.invalid_gpg.trust_keys([user.fingerprint], "TRUST_ULTIMATE")
for user in self.new_users:
self.new_user_gpg.import_keys(
self.new_user_gpg.export_keys(user.fingerprint))
self.new_user_gpg.trust_keys([user.fingerprint], "TRUST_ULTIMATE")
def test_generate_cert_with_password(self):
os.environ["CA_KEY_PASSWORD"] = gen_passwd()
self.generate_cert()
del os.environ["CA_KEY_PASSWORD"]
def test_has_ca_key(self):
os.environ["CA_KEY_PASSWORD"] = gen_passwd()
self.has_ca_key()
del os.environ["CA_KEY_PASSWORD"]
def test_get_ca_cert(self):
os.environ["CA_KEY_PASSWORD"] = gen_passwd()
self.get_ca_cert()
del os.environ["CA_KEY_PASSWORD"]