def test_gen_privkey_rsa(self): input_output_data = [ ( { "bitlen": 512 }, b"512 bit", ), ( { "bitlen": 600 }, b"600 bit", ), ] for (input_data, output_data) in input_output_data: with tempfile.NamedTemporaryFile(prefix = "privkey_", suffix = ".pem") as f: OpenSSLTools.create_private_key(PrivateKeyStorage(storage_form = PrivateKeyStorageForm.PEM_FILE, filename = f.name), keyspec = KeySpecification(cryptosystem = Cryptosystems.RSA, parameters = input_data)) content = self._read_file(f.name) self.assertIn(b"BEGIN RSA PRIVATE KEY", content) self.assertIn(b"END RSA PRIVATE KEY", content) output = SubprocessExecutor([ "openssl", "rsa", "-text" ], stdin = content).run().stdout self.assertIn(output_data, output)
def test_gen_selfsigned_cert(self): with tempfile.NamedTemporaryFile(prefix = "privkey_", suffix = ".pem") as privkey_file, tempfile.NamedTemporaryFile(prefix = "crt_", suffix = ".pem") as certificate_file: OpenSSLTools.create_private_key(PrivateKeyStorage(storage_form = PrivateKeyStorageForm.PEM_FILE, filename = privkey_file.name), keyspec = KeySpecification(cryptosystem = Cryptosystems.ECC_ECDSA, parameters = { "curvename": "secp256r1" })) private_key_storage = PrivateKeyStorage(storage_form = PrivateKeyStorageForm.PEM_FILE, filename = privkey_file.name) OpenSSLTools.create_selfsigned_certificate(private_key_storage = private_key_storage, certificate_filename = certificate_file.name, subject_dn = "/CN=Foobar", validity_days = 365) output = SubprocessExecutor([ "openssl", "x509", "-text" ], stdin = self._read_file(certificate_file.name)).run().stdout self.assertIn(b"BEGIN CERTIFICATE--", output) self.assertIn(b"END CERTIFICATE--", output) self.assertTrue((b"Subject: CN = Foobar" in output) or (b"Subject: CN=Foobar" in output)) self.assertNotIn(b"X509v3 extensions:", output) OpenSSLTools.create_selfsigned_certificate(private_key_storage = private_key_storage, certificate_filename = certificate_file.name, subject_dn = "/CN=Foobar", subject_alternative_dns_names = [ "muhkuh" ], validity_days = 365) output = SubprocessExecutor([ "openssl", "x509", "-text" ], stdin = self._read_file(certificate_file.name)).run().stdout self.assertIn(b"BEGIN CERTIFICATE--", output) self.assertIn(b"END CERTIFICATE--", output) self.assertTrue((b"Subject: CN = Foobar" in output) or (b"Subject: CN=Foobar" in output)) self.assertIn(b"X509v3 extensions:", output) self.assertIn(b"X509v3 Subject Alternative Name:", output) self.assertIn(b"DNS:muhkuh", output) OpenSSLTools.create_selfsigned_certificate(private_key_storage = private_key_storage, certificate_filename = certificate_file.name, subject_dn = "/CN=Foobar", subject_alternative_dns_names = [ "muhkuh", "kruckelmuckel" ], validity_days = 365) output = SubprocessExecutor([ "openssl", "x509", "-text" ], stdin = self._read_file(certificate_file.name)).run().stdout self.assertIn(b"BEGIN CERTIFICATE--", output) self.assertIn(b"END CERTIFICATE--", output) self.assertTrue((b"Subject: CN = Foobar" in output) or (b"Subject: CN=Foobar" in output)) self.assertIn(b"X509v3 extensions:", output) self.assertIn(b"X509v3 Subject Alternative Name:", output) self.assertIn(b"DNS:muhkuh", output) self.assertIn(b"DNS:kruckelmuckel", output) OpenSSLTools.create_selfsigned_certificate(private_key_storage = private_key_storage, certificate_filename = certificate_file.name, subject_dn = "/CN=Foobar", subject_alternative_dns_names = [ "muhkuh", "kruckelmuckel" ], subject_alternative_ip_addresses = [ "11.22.33.44", "99.88.77.66", "abcd::9876" ], validity_days = 365) output = SubprocessExecutor([ "openssl", "x509", "-text" ], stdin = self._read_file(certificate_file.name)).run().stdout self.assertIn(b"BEGIN CERTIFICATE--", output) self.assertIn(b"END CERTIFICATE--", output) self.assertTrue((b"Subject: CN = Foobar" in output) or (b"Subject: CN=Foobar" in output)) self.assertIn(b"X509v3 extensions:", output) self.assertIn(b"X509v3 Subject Alternative Name:", output) self.assertIn(b"DNS:muhkuh", output) self.assertIn(b"DNS:kruckelmuckel", output) self.assertIn(b"IP Address:11.22.33.44", output) self.assertIn(b"IP Address:99.88.77.66", output) self.assertIn(b"IP Address:ABCD:0:0:0:0:0:0:9876", output) OpenSSLTools.create_selfsigned_certificate(private_key_storage = private_key_storage, certificate_filename = certificate_file.name, subject_dn = "/CN=Foobar", subject_alternative_dns_names = [ "muhkuh", "kruckelmuckel" ], subject_alternative_ip_addresses = [ "11.22.33.44", "99.88.77.66", "abcd::9876" ], x509_extensions = { "2.3.4.5.6.7": "ASN1:UTF8String:Never gonna give you up" }, validity_days = 365) output = SubprocessExecutor([ "openssl", "x509", "-text" ], stdin = self._read_file(certificate_file.name)).run().stdout self.assertIn(b"BEGIN CERTIFICATE--", output) self.assertIn(b"END CERTIFICATE--", output) self.assertTrue((b"Subject: CN = Foobar" in output) or (b"Subject: CN=Foobar" in output)) self.assertIn(b"X509v3 extensions:", output) self.assertIn(b"X509v3 Subject Alternative Name:", output) self.assertIn(b"DNS:muhkuh", output) self.assertIn(b"DNS:kruckelmuckel", output) self.assertIn(b"IP Address:11.22.33.44", output) self.assertIn(b"IP Address:99.88.77.66", output) self.assertIn(b"IP Address:ABCD:0:0:0:0:0:0:9876", output) self.assertIn(b"Never gonna give you up", output)