def _check_md_cert(self, dnsList):
name = dnsList[0]
md = TestEnv.a2md([ "list", name ])['jout']['output'][0]
# check tos agreement, cert url
assert md['state'] == TestEnv.MD_S_COMPLETE
# check private key, validate certificate
# TODO: find storage-independent way to read local certificate
# md_store = json.loads( open( TestEnv.path_store_json(), 'r' ).read() )
# encryptKey = md_store['key']
# print "key (%s): %s" % ( type(encryptKey), encryptKey )
CertUtil.validate_privkey(TestEnv.path_domain_privkey(name))
cert = CertUtil( TestEnv.path_domain_pubcert(name) )
cert.validate_cert_matches_priv_key( TestEnv.path_domain_privkey(name) )
# check SANs and CN
assert cert.get_cn() == name
# compare sets twice in opposite directions: SAN may not respect ordering
sanList = cert.get_san_list()
assert len(sanList) == len(dnsList)
assert set(sanList).issubset(dnsList)
assert set(dnsList).issubset(sanList)
# check valid dates interval
notBefore = cert.get_not_before()
notAfter = cert.get_not_after()
assert notBefore < datetime.now(notBefore.tzinfo)
assert notAfter > datetime.now(notAfter.tzinfo)
def _check_account_key(self, name):
# read encryption key
md_store = json.loads( open( TestEnv.path_store_json(), 'r' ).read() )
encryptKey = base64.urlsafe_b64decode( str(md_store['key']) )
# check: key file is encrypted PEM
md = TestEnv.a2md([ "list", name ])['jout']['output'][0]
acc = md['ca']['account']
CertUtil.validate_privkey(TestEnv.path_account_key( acc ), lambda *args: encryptKey )