def test_load_object_no_cert_key(self, filename, name2, name3, password,
backend):
cert2 = _load_cert(backend, os.path.join("x509",
"cryptography.io.pem"))
cert3 = _load_cert(backend, os.path.join("x509", "letsencryptx3.pem"))
pkcs12 = load_vectors_from_file(
os.path.join("pkcs12", filename),
lambda derfile: load_pkcs12(derfile.read(), password, backend),
mode="rb",
)
assert pkcs12.cert is None
assert pkcs12.key is None
assert len(pkcs12.additional_certs) == 2
assert pkcs12.additional_certs[0].certificate == cert2
assert pkcs12.additional_certs[0].friendly_name == name2
assert pkcs12.additional_certs[1].certificate == cert3
assert pkcs12.additional_certs[1].friendly_name == name3
def test_generate_cas_friendly_names(self, backend):
cert, key = _load_ca(backend)
cert2 = _load_cert(
backend, os.path.join("x509", "custom", "dsa_selfsigned_ca.pem"))
cert3 = _load_cert(backend, os.path.join("x509", "letsencryptx3.pem"))
encryption = serialization.NoEncryption()
p12 = serialize_key_and_certificates(
b"test",
key,
cert,
[
PKCS12Certificate(cert2, b"cert2"),
PKCS12Certificate(cert3, None),
],
encryption,
)
p12_cert = load_pkcs12(p12, None, backend)
cas = p12_cert.additional_certs
assert cas[0].friendly_name == b"cert2"
assert cas[1].friendly_name is None
def test_load_object(self, filename, name, name2, name3, password,
backend):
cert, key = _load_ca(backend)
cert2 = _load_cert(backend, os.path.join("x509",
"cryptography.io.pem"))
cert3 = _load_cert(backend, os.path.join("x509", "letsencryptx3.pem"))
pkcs12 = load_vectors_from_file(
os.path.join("pkcs12", filename),
lambda derfile: load_pkcs12(derfile.read(), password, backend),
mode="rb",
)
assert pkcs12.cert is not None
assert pkcs12.cert.certificate == cert
assert pkcs12.cert.friendly_name == name
assert isinstance(pkcs12.key, ec.EllipticCurvePrivateKey)
assert pkcs12.key.private_numbers() == key.private_numbers()
assert len(pkcs12.additional_certs) == 2
assert pkcs12.additional_certs[0].certificate == cert2
assert pkcs12.additional_certs[0].friendly_name == name2
assert pkcs12.additional_certs[1].certificate == cert3
assert pkcs12.additional_certs[1].friendly_name == name3
def test_serialize_pkcs12_nopassphrase(self):
subject = DistinguishedNameFactory(
localityName="Amsterdam",
organizationalUnitName="BounCA Root",
)
key = Key()
key.create_key("rsa", 4096)
certificate_request = CertificateFactory(dn=subject)
certhandler = Certificate()
certhandler.create_certificate(certificate_request, key.serialize())
crt = certhandler.certificate
pkcs12 = key.serialize_pkcs12("test_pkcs12", crt)
pkcs12_obj = load_pkcs12(pkcs12, None)
self.assertEqual(pkcs12_obj.key.key_size, 4096)
self.assertEqual(pkcs12_obj.cert.friendly_name.decode("utf-8"),
"test_pkcs12")
self.assertEqual(pkcs12_obj.cert.certificate.serial_number,
crt.serial_number)
def test_serialize_pkcs12_cas_nopassphrase(self):
root_key = Key().create_key("ed25519", None)
subject = DistinguishedNameFactory(countryName="NL",
stateOrProvinceName="Noord Holland",
organizationName="Repleo")
root_certificate = CertificateFactory(
dn=subject,
name="test_server_root_certificate",
expires_at=arrow.get(timezone.now()).shift(days=+30).date())
with mute_signals(signals.post_save):
root_certificate.save()
root_certhandler = Certificate()
root_certhandler.create_certificate(root_certificate,
root_key.serialize())
keystore = KeyStore(certificate=root_certificate)
keystore.crt = root_certhandler.serialize()
keystore.key = root_key.serialize()
keystore.save()
int_key = Key().create_key("rsa", 2048)
subject = DistinguishedNameFactory(
countryName=root_certificate.dn.countryName,
stateOrProvinceName=root_certificate.dn.stateOrProvinceName,
organizationName=root_certificate.dn.organizationName,
)
int_certificate = CertificateFactory(
expires_at=arrow.get(timezone.now()).shift(days=+5).date(),
name="test_server_intermediate_certificate",
type=CertificateTypes.INTERMEDIATE,
parent=root_certificate,
dn=subject,
crl_distribution_url="https://example.com/crl/cert.crl.pem",
ocsp_distribution_host="https://example.com/ocsp/",
)
with mute_signals(signals.post_save):
int_certificate.save()
int_certhandler = Certificate()
int_certhandler.create_certificate(int_certificate,
int_key.serialize())
keystore = KeyStore(certificate=int_certificate)
keystore.crt = int_certhandler.serialize()
keystore.key = int_key.serialize()
keystore.save()
pkcs12 = int_key.serialize_pkcs12("test_pkcs12_cas",
int_certhandler.certificate,
cas=[root_certhandler.certificate])
pkcs12_obj = load_pkcs12(pkcs12, None)
self.assertEqual(pkcs12_obj.key.key_size, 2048)
self.assertEqual(pkcs12_obj.cert.friendly_name.decode("utf-8"),
"test_pkcs12_cas")
self.assertEqual(pkcs12_obj.cert.certificate.serial_number,
int_certhandler.certificate.serial_number)
self.assertEqual(
pkcs12_obj.additional_certs[0].certificate.serial_number,
root_certhandler.certificate.serial_number)