Exemplo n.º 1
0
    def setUpTestData(cls):
        cls.root_key = Key().create_key("rsa", 4096)
        subject = DistinguishedNameFactory(
            countryName="NL",
            stateOrProvinceName="Noord Holland",
            organizationName="Repleo",
            commonName="BounCA test CA",
        )

        cls.root_certificate = CertificateFactory(
            dn=subject,
            name="test_server_root_certificate",
            expires_at=arrow.get(timezone.now()).shift(days=+30).date())

        with mute_signals(signals.post_save):
            cls.root_certificate.save()
        root_certhandler = Certificate()
        root_certhandler.create_certificate(cls.root_certificate,
                                            cls.root_key.serialize())
        keystore = KeyStore(certificate=cls.root_certificate)
        keystore.crt = root_certhandler.serialize()
        keystore.key = cls.root_key.serialize()
        keystore.save()

        cls.int_key = Key().create_key("rsa", 4096)
        subject = DistinguishedNameFactory(
            countryName=cls.root_certificate.dn.countryName,
            stateOrProvinceName=cls.root_certificate.dn.stateOrProvinceName,
            organizationName=cls.root_certificate.dn.organizationName,
            commonName="BounCA test Int CA",
        )
        cls.int_certificate = CertificateFactory(
            expires_at=arrow.get(timezone.now()).shift(days=+5).date(),
            name="test_server_intermediate_certificate",
            type=CertificateTypes.INTERMEDIATE,
            parent=cls.root_certificate,
            dn=subject,
        )

        with mute_signals(signals.post_save):
            cls.int_certificate.save()

        int_certhandler = Certificate()
        int_certhandler.create_certificate(cls.int_certificate,
                                           cls.int_key.serialize())

        keystore = KeyStore(certificate=cls.int_certificate)
        keystore.crt = int_certhandler.serialize()
        keystore.key = cls.int_key.serialize()
        keystore.save()

        cls.key = Key().create_key("rsa", 4096)
Exemplo n.º 2
0
    def setUpTestData(cls):
        cls.root_key = Key().create_key("ed25519", None)
        subject = DistinguishedNameFactory(countryName="NL",
                                           stateOrProvinceName="Noord Holland",
                                           organizationName="Repleo")

        cls.root_certificate = CertificateFactory(
            dn=subject,
            name="test client root certificate",
            expires_at=arrow.get(timezone.now()).shift(days=+30).date())

        with mute_signals(signals.post_save):
            cls.root_certificate.save()
        root_certhandler = Certificate()
        root_certhandler.create_certificate(cls.root_certificate,
                                            cls.root_key.serialize())
        keystore = KeyStore(certificate=cls.root_certificate)
        keystore.crt = root_certhandler.serialize()
        keystore.key = cls.root_key.serialize()
        keystore.save()

        cls.int_key = Key().create_key("ed25519", None)
        subject = DistinguishedNameFactory(
            countryName=cls.root_certificate.dn.countryName,
            stateOrProvinceName=cls.root_certificate.dn.stateOrProvinceName,
            organizationName=cls.root_certificate.dn.organizationName,
        )
        cls.int_certificate = CertificateFactory(
            expires_at=arrow.get(timezone.now()).shift(days=+5).date(),
            name="test ocsp intermediate certificate",
            type=CertificateTypes.INTERMEDIATE,
            parent=cls.root_certificate,
            dn=subject,
            crl_distribution_url="https://example.com/crl/cert.crl.pem",
            ocsp_distribution_host="https://example.com/ocsp/",
        )

        with mute_signals(signals.post_save):
            cls.int_certificate.save()

        int_certhandler = Certificate()
        int_certhandler.create_certificate(cls.int_certificate,
                                           cls.int_key.serialize())

        keystore = KeyStore(certificate=cls.int_certificate)
        keystore.crt = int_certhandler.serialize()
        keystore.key = cls.int_key.serialize()
        keystore.save()

        cls.key = Key().create_key("ed25519", None)
Exemplo n.º 3
0
    def test_generate_server_certificate_parent_server_cert(self):
        server_subject = DistinguishedNameFactory(subjectAltNames=None)
        certificate = CertificateFactory(
            type=CertificateTypes.SERVER_CERT,
            name="test_generate_server_certificate_parent_server_cert_1",
            parent=self.int_certificate,
            dn=server_subject,
            crl_distribution_url=None,
            ocsp_distribution_host=None,
        )
        with mute_signals(signals.post_save):
            certificate.save()
        certhandler = Certificate()
        certhandler.create_certificate(certificate, self.key.serialize())

        keystore = KeyStore(certificate=certificate)
        keystore.crt = certhandler.serialize()
        keystore.key = self.key.serialize()
        keystore.save()

        server_subject = DistinguishedNameFactory()
        with self.assertRaises(CertificateError) as context:
            certificate_request = CertificateFactory(
                type=CertificateTypes.SERVER_CERT,
                name="test_generate_server_certificate_parent_server_cert_2",
                parent=certificate,
                dn=server_subject,
            )
            certhandler = Certificate()
            certhandler.create_certificate(certificate_request,
                                           self.key.serialize())

        self.assertEqual("A root or intermediate parent is expected",
                         str(context.exception))
Exemplo n.º 4
0
    def test_revocation_list_builder_one_cert_passphrase(self):
        subject = DistinguishedNameFactory(
            countryName=self.root_certificate.dn.countryName,
            stateOrProvinceName=self.root_certificate.dn.stateOrProvinceName,
            organizationName=self.root_certificate.dn.organizationName,
            commonName="BounCA test Int passphrase CA",
        )
        int_certificate = CertificateFactory(
            expires_at=arrow.get(timezone.now()).shift(days=+5).date(),
            name="test_server_intermediate_certificate_pass",
            type=CertificateTypes.INTERMEDIATE,
            parent=self.root_certificate,
            dn=subject,
        )

        with mute_signals(signals.post_save):
            int_certificate.save()
        int_key = Key().create_key("rsa", 4096)
        int_certhandler = Certificate()
        int_certhandler.create_certificate(int_certificate,
                                           int_key.serialize())

        keystore = KeyStore(certificate=int_certificate)
        keystore.crt = int_certhandler.serialize()
        keystore.key = int_key.serialize(passphrase="testphrase")
        keystore.save()

        crl = revocation_list_builder([], int_certificate, "testphrase")
        self.assert_subject(crl.issuer, int_certificate)
Exemplo n.º 5
0
    def test_serialize_root_certificate(self):
        certificate_request = CertificateFactory()
        certhandler = Certificate()
        certhandler.create_certificate(certificate_request,
                                       self.key.serialize())

        pem = certhandler.serialize()

        crt = certhandler.load(pem).certificate

        self.assert_basic_information(crt, certificate_request)
Exemplo n.º 6
0
    def test_generate_intermediate_certificate_passphrase(self):
        root_key = Key().create_key("ed25519", None)
        root_certificate = CertificateFactory(
            expires_at=arrow.get(timezone.now()).shift(days=+3).date(),
            name="root_test_generate_intermediate_certificate_passphrase",
        )
        with mute_signals(signals.post_save):
            root_certificate.save()
        root_certhandler = Certificate()
        root_certhandler.create_certificate(
            root_certificate,
            root_key.serialize(passphrase="SecretRootPP"),
            passphrase="SecretRootPP")
        keystore = KeyStore(certificate=root_certificate)
        keystore.crt = root_certhandler.serialize()
        keystore.key = root_key.serialize(passphrase="SecretRootPP")
        keystore.save()

        subject = DistinguishedNameFactory(
            countryName=root_certificate.dn.countryName,
            stateOrProvinceName=root_certificate.dn.stateOrProvinceName,
            organizationName=root_certificate.dn.organizationName,
            localityName=root_certificate.dn.localityName,
        )

        certificate_request = CertificateFactory(
            type=CertificateTypes.INTERMEDIATE,
            name="test_generate_intermediate_certificate_passphrase",
            parent=root_certificate,
            dn=subject,
        )
        certhandler = Certificate()
        certhandler.create_certificate(
            certificate_request,
            self.key.serialize(passphrase="SecretPP"),
            passphrase="SecretPP",
            passphrase_issuer="SecretRootPP",
        )

        crt = certhandler.certificate
        # subject
        self.assert_subject(crt.subject, certificate_request)
        self.assertEqual(
            subject.localityName,
            crt.subject.get_attributes_for_oid(NameOID.LOCALITY_NAME)[0].value)

        # issuer
        self.assert_subject(crt.issuer, root_certificate)
        self.assertEqual(
            subject.localityName,
            crt.subject.get_attributes_for_oid(NameOID.LOCALITY_NAME)[0].value)
Exemplo n.º 7
0
    def test_generate_intermediate_certificate_passphrase_wrong_issuer_passphrase(
            self):
        root_key = Key().create_key("ed25519", None)
        root_certificate = CertificateFactory(
            expires_at=arrow.get(timezone.now()).shift(days=+3).date(),
            name="root_test_certificate_passphrase_wrong_issuer_passphrase",
        )
        with mute_signals(signals.post_save):
            root_certificate.save()
        root_certhandler = Certificate()
        root_certhandler.create_certificate(
            root_certificate,
            root_key.serialize(passphrase="SecretRootPP"),
            passphrase="SecretRootPP")

        keystore = KeyStore(certificate=root_certificate)
        keystore.crt = root_certhandler.serialize()
        keystore.key = root_key.serialize(passphrase="SecretRootPP")
        keystore.save()

        subject = DistinguishedNameFactory(
            countryName=root_certificate.dn.countryName,
            stateOrProvinceName=root_certificate.dn.stateOrProvinceName,
            organizationName=root_certificate.dn.organizationName,
        )

        certificate = CertificateFactory(
            type=CertificateTypes.INTERMEDIATE,
            name="test_certificate_passphrase_wrong_issuer_passphrase",
            parent=root_certificate,
            dn=subject,
        )
        certhandler = Certificate()
        with self.assertRaisesMessage(
                PassPhraseError,
                "Bad passphrase, could not decode issuer key"):
            certhandler.create_certificate(
                certificate,
                self.key.serialize(passphrase="SecretPP"),
                passphrase="SecretPP",
                passphrase_issuer="SecretRootPPInvalid",
            )
Exemplo n.º 8
0
    def setUpTestData(cls):
        with mute_signals(signals.post_save):
            cls.root_key = Key().create_key("rsa", 4096)
            subject = DistinguishedNameFactory(
                countryName="NL",
                stateOrProvinceName="Noord Holland",
                organizationName="Repleo")

            cls.root_certificate = CertificateFactory(
                dn=subject,
                expires_at=arrow.get(timezone.now()).shift(days=+3).date())
            cls.root_certificate.save()
            certificate = Certificate()
            key = cls.root_key.serialize()
            certificate.create_certificate(cls.root_certificate, key)
            keystore = KeyStore(certificate=cls.root_certificate)
            keystore.crt = certificate.serialize()
            keystore.key = key
            keystore.save()
            cls.key = Key().create_key("rsa", 4096)
Exemplo n.º 9
0
def generate_certificate(sender, instance, created, **kwargs):
    if created:
        keystore = KeyStore(certificate=instance)
        key_size = None
        if settings.KEY_ALGORITHM == "rsa":
            key_size = 4096 if instance.type in [
                CertificateTypes.ROOT, CertificateTypes.INTERMEDIATE
            ] else 2048
        key = KeyGenerator().create_key(settings.KEY_ALGORITHM, key_size)
        keystore.key = key.serialize(instance.passphrase_out)
        certhandler = CertificateGenerator()
        certhandler.create_certificate(instance, keystore.key,
                                       instance.passphrase_out,
                                       instance.passphrase_issuer)
        keystore.crt = certhandler.serialize()
        if instance.type not in [
                CertificateTypes.ROOT, CertificateTypes.INTERMEDIATE
        ]:
            root_certificate = CertificateGenerator().load(
                instance.parent.keystore.crt).certificate
            int_certificate = CertificateGenerator().load(
                instance.parent.keystore.crt).certificate
            keystore.p12 = key.serialize_pkcs12(
                instance.name,
                certhandler.certificate,
                instance.passphrase_out,
                cas=[int_certificate, root_certificate])

        keystore.save()

        if instance.type in [
                CertificateTypes.ROOT, CertificateTypes.INTERMEDIATE
        ]:
            crl = revocation_list_builder([], instance,
                                          instance.passphrase_out)
            crlstore = CrlStore(certificate=instance)
            crlstore.crl = serialize(crl)
            crlstore.save()
Exemplo n.º 10
0
    def test_serialize_pkcs12_cas_nopassphrase(self):
        root_key = Key().create_key("ed25519", None)
        subject = DistinguishedNameFactory(countryName="NL",
                                           stateOrProvinceName="Noord Holland",
                                           organizationName="Repleo")

        root_certificate = CertificateFactory(
            dn=subject,
            name="test_server_root_certificate",
            expires_at=arrow.get(timezone.now()).shift(days=+30).date())

        with mute_signals(signals.post_save):
            root_certificate.save()
        root_certhandler = Certificate()
        root_certhandler.create_certificate(root_certificate,
                                            root_key.serialize())
        keystore = KeyStore(certificate=root_certificate)
        keystore.crt = root_certhandler.serialize()
        keystore.key = root_key.serialize()
        keystore.save()

        int_key = Key().create_key("rsa", 2048)
        subject = DistinguishedNameFactory(
            countryName=root_certificate.dn.countryName,
            stateOrProvinceName=root_certificate.dn.stateOrProvinceName,
            organizationName=root_certificate.dn.organizationName,
        )
        int_certificate = CertificateFactory(
            expires_at=arrow.get(timezone.now()).shift(days=+5).date(),
            name="test_server_intermediate_certificate",
            type=CertificateTypes.INTERMEDIATE,
            parent=root_certificate,
            dn=subject,
            crl_distribution_url="https://example.com/crl/cert.crl.pem",
            ocsp_distribution_host="https://example.com/ocsp/",
        )

        with mute_signals(signals.post_save):
            int_certificate.save()

        int_certhandler = Certificate()
        int_certhandler.create_certificate(int_certificate,
                                           int_key.serialize())

        keystore = KeyStore(certificate=int_certificate)
        keystore.crt = int_certhandler.serialize()
        keystore.key = int_key.serialize()
        keystore.save()

        pkcs12 = int_key.serialize_pkcs12("test_pkcs12_cas",
                                          int_certhandler.certificate,
                                          cas=[root_certhandler.certificate])
        pkcs12_obj = load_pkcs12(pkcs12, None)

        self.assertEqual(pkcs12_obj.key.key_size, 2048)
        self.assertEqual(pkcs12_obj.cert.friendly_name.decode("utf-8"),
                         "test_pkcs12_cas")
        self.assertEqual(pkcs12_obj.cert.certificate.serial_number,
                         int_certhandler.certificate.serial_number)
        self.assertEqual(
            pkcs12_obj.additional_certs[0].certificate.serial_number,
            root_certhandler.certificate.serial_number)
Exemplo n.º 11
0
 def test_serialize_no_certificate(self):
     certhandler = Certificate()
     with self.assertRaisesMessage(RuntimeError, "No certificate object"):
         certhandler.serialize()