def test_get_chain_with_cafile(opt_adcs, opt_username, opt_password, opt_cafile):
if not opt_cafile:
pytest.skip("No CA bundle configured")
os.environ['SSL_CERT_FILE'] = './fakepath'
pem_chain = certsrv.get_chain(opt_adcs, opt_username, opt_password, 'b64', cafile=opt_cafile)
# pyOpenSSL does not have an option to parse PKCS#7,
# so we just check that it is the right encoding
assert '-----BEGIN CERTIFICATE-----' in pem_chain
def test_get_chain_with_ntlm(opt_adcs, opt_username, opt_password):
pem_chain = certsrv.get_chain(opt_adcs,
opt_username,
opt_password,
'b64',
auth_method='ntlm')
# pyOpenSSL does not have an option to parse PKCS#7,
# so we just check that it is the right encoding
assert b'-----BEGIN CERTIFICATE-----' in pem_chain
def test_get_chain_with_wrong_cafile(opt_adcs):
dir_path = os.path.dirname(os.path.realpath(__file__))
ca_bundle = '%s/test_dummy-ca-cert.pem' % dir_path
with pytest.raises(URLError) as excinfo:
certsrv.get_chain(opt_adcs, 'username', 'password', cafile=ca_bundle)
assert excinfo.value.reason.reason == 'CERTIFICATE_VERIFY_FAILED'
def test_get_chain_der(opt_adcs, opt_username, opt_password):
der_chain = certsrv.get_chain(opt_adcs, opt_username, opt_password)
# pyOpenSSL does not have an option to parse PKCS#7,
# so we just check that it is the right encoding
assert '-----BEGIN CERTIFICATE-----' not in der_chain
def test_get_chain_with_wrong_cafile(opt_adcs):
dir_path = os.path.dirname(os.path.realpath(__file__))
ca_bundle = '%s/test_dummy-ca-cert.pem' % dir_path
with pytest.raises(SSLError) as excinfo:
certsrv.get_chain(opt_adcs, 'username', 'password', cafile=ca_bundle)
