def verify_cert(cert_der, cn):
cert = crypto.load_certificate(crypto.FILETYPE_ASN1, cert_der)
if cert.get_subject().CN != cn:
raise crypto.Error()
with open("CA/certificate.der", "rb") as f:
ca_cert = crypto.load_certificate(crypto.FILETYPE_ASN1, f.read())
old_cert_cn = None
new_cert_cn = cert.get_subject().CN
verify = False
# Trusted certificates
store = crypto.X509Store()
store.add_cert(ca_cert)
# Checking
issuer_cn = cert.get_issuer().CN
issuer_cert = ca_cert
if not ca_cert:
raise crypto.Error
if ca_cert.get_subject().CN != issuer_cn:
raise crypto.Error()
try:
store_ctx = crypto.X509StoreContext(store, cert)
store_ctx.verify_certificate()
verify = True
except crypto.Error:
pass
if not verify:
raise crypto.Error
def test_set_ca_cert_load_privatekey_failure_invalid(self, mock_util_chk, mock_load_pk):
"""
Test API set_ca_cert raises exception when calling API load_privatekey
"""
cert_util = EdgeCertUtil()
mock_util_chk.return_value = True
with patch(OPEN_BUILTIN, mock_open(read_data='MOCKED')) as mocked_open:
mock_load_pk.side_effect = crypto.Error()
with self.assertRaises(edgectl.errors.EdgeValueError):
cert_util.set_ca_cert('root',
ca_cert_file_path=CA_CERT_FILE_NAME,
ca_root_cert_file_path=CA_OWNER_CERT_FILE_NAME,
ca_root_chain_cert_file_path=CA_CHAIN_CERT_FILE_NAME,
ca_private_key_file_path=CA_PRIVATE_KEY_FILE_NAME,
passphrase='1234')
mocked_open.assert_called_with(CA_PRIVATE_KEY_FILE_NAME, 'rb')
mock_load_pk.assert_called_with(crypto.FILETYPE_PEM, 'MOCKED', passphrase='1234')