Пример #1
0
def test_init_with_key(key_file, get_X509Chain_class):
    """ Test init with key object as argument and check the content"""

    chain1 = get_X509Chain_class()
    chain1.loadKeyFromFile(key_file)

    # Get the key and check the number of bits
    keyObj = chain1.getPKeyObj()['Value']

    chain2 = get_X509Chain_class(keyObj=keyObj)
    assert chain1.dumpPKeyToString() == chain2.dumpPKeyToString()
    # Careful ! The two keys are the same object
    assert chain2.getPKeyObj()['Value'] is keyObj
Пример #2
0
def test_getCertInChain_too_far(get_X509Chain_class):
    """" Load a chain, get too far in the certificate chain"""
    x509Chain = get_X509Chain_class()
    x509Chain.loadChainFromFile(HOSTCERT)
    # it should raise IndexError if too far
    with raises(IndexError):
        x509Chain.getCertInChain(1)
Пример #3
0
def test_getCertList(cert_file, get_X509Chain_class):
    """ " Load a chain, and get its length."""
    x509Chain = get_X509Chain_class()
    x509Chain.loadChainFromFile(cert_file)
    # For a certificate, there should be only 1 certificate in the chain

    assert len(x509Chain.getCertList()["Value"]) == 1
    assert len(x509Chain.getCertList()["Value"]) == x509Chain.getNumCertsInChain()["Value"]
Пример #4
0
def test_hasExpired(cert_file, get_X509Chain_class):
    """" Load a valid certificate and check it has not expired"""
    x509Chain = get_X509Chain_class()
    x509Chain.loadChainFromFile(cert_file)

    res = x509Chain.hasExpired()
    assert res['OK']
    assert not res['Value']
Пример #5
0
def test_loadChainFromString(cert_content_type, get_X509Chain_class, indirect=("hostcertcontent", "usercertcontent")):
    """ " Just loadChain a certificate from PEM string
    :param cert_content_type: either HOSTCERTCONTENT or USERCERTCONTENT

    """
    X509Chain = get_X509Chain_class()
    res = X509Chain.loadChainFromString(CERTCONTENTS[cert_content_type])
    assert res["OK"], res
Пример #6
0
def test_privatekey_with_password(get_X509Chain_class):
    """ Test loading a password protected key from a file and retrieve the object """
    X509Chain = get_X509Chain_class()
    res = X509Chain.loadKeyFromFile(ENCRYPTEDKEY, password=ENCRYPTEDKEYPASS)
    assert res['OK']
    # Get the key and check the number of bits
    res = X509Chain.getPKeyObj()
    assert res['OK']
    assert res['Value'].size() == 512
Пример #7
0
def test_loadChainFromString_non_pem(get_X509Chain_class):
    """" Just loadChain a non pem formated string """
    X509Chain = get_X509Chain_class()
    res = X509Chain.loadChainFromString('THIS IS NOT PEM DATA')
    assert not res['OK']

    from DIRAC.Core.Utilities.DErrno import EX509

    assert res['Errno'] == EX509
Пример #8
0
def test_loadChainFromFile_non_existing_file(get_X509Chain_class):
    """" Just loadChain a non existing file"""
    X509Chain = get_X509Chain_class()
    res = X509Chain.loadChainFromFile('/tmp/nonexistingFile.pem')
    assert not res['OK']

    from DIRAC.Core.Utilities.DErrno import EOF

    assert res['Errno'] == EOF
Пример #9
0
def test_privatekey_with_wrong_password(get_X509Chain_class):
    """ Try loading a password protected key with the wrong password"""
    X509Chain = get_X509Chain_class()
    res = X509Chain.loadKeyFromFile(ENCRYPTEDKEY, password='******')
    assert not res['OK']

    from DIRAC.Core.Utilities.DErrno import ECERTREAD

    assert res['Errno'] == ECERTREAD
Пример #10
0
def test_getCertInChain_on_cert(cert_file, get_X509Chain_class):
    """" Load a chain, get the first certificate, and check its name"""
    x509Chain = get_X509Chain_class()
    x509Chain.loadChainFromFile(cert_file)
    res = x509Chain.getCertInChain(0)
    assert res['OK']

    certSubject = res['Value'].getSubjectDN().get('Value')
    assert certSubject == getCertOption(cert_file, 'subjectDN')
Пример #11
0
def test_isPUSP_on_cert(cert_file, get_X509Chain_class):
    """" Load a valid certificate in a chain, and check isPUSP"""

    x509Chain = get_X509Chain_class()
    x509Chain.loadChainFromFile(cert_file)

    res = x509Chain.isPUSP()

    assert res['OK']
    assert res['Value'] is False
Пример #12
0
def test_getRemainingSecs_on_cert(cert_file, get_X509Chain_class):
    """" Load a valid certificate and check the output is a positive integer"""

    x509Chain = get_X509Chain_class()
    x509Chain.loadChainFromFile(cert_file)

    res = x509Chain.getRemainingSecs()

    assert res['OK']
    assert isinstance(res['Value'], int) and res['Value'] > 0
Пример #13
0
def test_getNotAfterDate(cert_file, get_X509Chain_class):
    """" Load a valid certificate and check its expiration date"""
    x509Chain = get_X509Chain_class()
    x509Chain.loadChainFromFile(cert_file)

    res = x509Chain.getNotAfterDate()

    assert res['OK']
    # We expect getNotAfterDate to return a datetime
    assert res['Value'].date() == getCertOption(cert_file, 'endDate')
Пример #14
0
def test_dumpChainToString_on_cert(cert_file, get_X509Chain_class):
    """" Load a valid certificate in a chain, and dump all to string"""

    x509Chain = get_X509Chain_class()
    x509Chain.loadChainFromFile(cert_file)

    res = x509Chain.dumpChainToString()

    assert res['OK']

    assert res['Value'] == getCertOption(cert_file, 'content')
Пример #15
0
def test_hash_on_cert(cert_file, get_X509Chain_class):
    """" Load a valid certificate in a chain, and check the hash
       It is supposed to raise an exception because it is not a proxy
  """

    x509Chain = get_X509Chain_class()
    x509Chain.loadChainFromFile(cert_file)

    # Because hash expects a proxy, it will attempt to access the diracGroup attribute
    # and raise a KeyError
    with raises(KeyError):
        x509Chain.hash()
Пример #16
0
def test_getCredentials_on_cert(cert_file, get_X509Chain_class):
    """ " Load a valid certificate in a chain, and check the information returned.
    We do not check the values, they are already checked in other tests
    """

    x509Chain = get_X509Chain_class()
    x509Chain.loadChainFromFile(cert_file)

    credentialInfo = ["DN", "isLimitedProxy", "isProxy", "issuer", "secondsLeft", "subject", "validDN", "validGroup"]

    res = x509Chain.getCredentials(ignoreDefault=True)

    assert res["OK"]
    assert sorted(res["Value"]) == sorted(credentialInfo)
Пример #17
0
def test_getVOMSData_on_cert(cert_file, get_X509Chain_class):
    """" Load a  Chain with only a certificate and load the (non existing VOMS data)
      Of course, it will behave differently from the certificate...
  """

    x509Chain = get_X509Chain_class()
    x509Chain.loadChainFromFile(cert_file)

    res = x509Chain.getVOMSData()

    assert res['OK']

    # The VOMS data of a certificate chain composed of only a certificate is... False
    assert res['Value'] is False
Пример #18
0
def test_getDIRACGroup_on_cert(cert_file, get_X509Chain_class):
    """" Load a  Chain with only a certificate and get the (non existing) DIRAC Group
      Of course, it will behave differently from the certificate...
  """

    x509Chain = get_X509Chain_class()
    x509Chain.loadChainFromFile(cert_file)

    # ignoreDefault is used such that there is no attempt to look for group in the CS
    res = x509Chain.getDIRACGroup(ignoreDefault=True)

    assert not res['OK']

    from DIRAC.Core.Utilities.DErrno import EX509

    assert res['Errno'] == EX509
Пример #19
0
def test_privatekey_without_password(key_file, get_X509Chain_class):
    """ Test loading a key from a file, retrieve the object and check the content"""

    X509Chain = get_X509Chain_class()
    res = X509Chain.loadKeyFromFile(key_file)
    assert res['OK']
    # Get the key and check the number of bits
    res = X509Chain.getPKeyObj()
    assert res['OK']
    assert res['Value'].size() == 512

    # Check that the content of the object is correct.
    # CAUTION ! The object is PKCS8, while the file contains PKCS1.
    # Check the comment of KEYCONTENTS_PKCS8
    res = X509Chain.dumpPKeyToString()
    assert res['Value'] == KEYCONTENTS_PKCS8[key_file]
Пример #20
0
def test_certProperties(cert_file, get_X509Chain_class):
    """ Try on a certificate if it is a proxy, limited proxy, VOMS, valid proxy, rfc """
    x509Chain = get_X509Chain_class()
    x509Chain.loadChainFromFile(cert_file)

    # These methods should return False
    assert x509Chain.isProxy()['Value'] is False
    assert x509Chain.isLimitedProxy()['Value'] is False
    assert x509Chain.isVOMS()['Value'] is False

    assert x509Chain.isRFC()['Value'] is False

    from DIRAC.Core.Utilities.DErrno import ENOCHAIN

    # Now these methods should complain that it is not a proxy
    # After all, why would you do something logical...
    assert x509Chain.isValidProxy()['Errno'] == ENOCHAIN
Пример #21
0
def test_loadChainFromFile(cert_file, get_X509Chain_class):
    """" Just load a certificate chain"""
    x509Chain = get_X509Chain_class()
    res = x509Chain.loadChainFromFile(cert_file)
    assert res['OK']