def testItShouldCreateACertificate(self): ca = CA() ca.create_ca() key, certificate = ca.create_certificate() assert isinstance(key, OpenSSL.crypto.PKey) assert isinstance(certificate, OpenSSL.crypto.X509)
def testItShouldNotCreateACertificateWithoutACA(self): ca = CA() try: ca.create_certificate() assert False, "expected NoKeyMaterialError" except NoKeyMaterialError: pass except: assert False, "expected NoKeyMaterialError"
def testItShouldLoadACA(self): old_ca = CA() old_ca.create_ca() key_pem = CA.pkey_to_pem(old_ca.ca_key) cert_pem = CA.certificate_to_pem(old_ca.ca_cert) ca = CA() assert ca.load(key_pem, cert_pem)
def testItShouldNotLoadACAFromInvalidKeyMaterial(self): old_ca = CA() old_ca.create_ca() key_pem = CA.pkey_to_pem(old_ca.ca_key) old_ca.create_ca() cert_pem = CA.certificate_to_pem(old_ca.ca_cert) ca = CA() assert not ca.load(key_pem, cert_pem) assert not ca.has_ca()
def testTheCAKeyMaterialShouldBeValid(self): ca = CA() ca.create_ca() ctx = OpenSSL.SSL.Context(OpenSSL.SSL.TLSv1_METHOD) ctx.use_privatekey(ca.ca_key) ctx.use_certificate(ca.ca_cert) try: ctx.check_privatekey() except OpenSSL.SSL.Error: assert False, "key does not match certificate" except: pass
def testItShouldHaveACAAfterLoading(self): old_ca = CA() old_ca.create_ca() key_pem = CA.pkey_to_pem(old_ca.ca_key) cert_pem = CA.certificate_to_pem(old_ca.ca_cert) ca = CA() ca.load(key_pem, cert_pem) assert ca.has_ca()
def testItShouldHaveACAAfterCreation(self): ca = CA() ca.create_ca() assert ca.has_ca()
def testItShouldNotHaveACAByDefault(self): ca = CA() assert not ca.has_ca()
def testItShouldGetTheCAPrivateKey(self): ca = CA() ca.create_ca() assert isinstance(ca.ca_key, OpenSSL.crypto.PKey)
def testItShouldSerializeACertificateToPEM(self): ca = CA() ca.create_ca() assert CA.certificate_to_pem(ca.ca_cert).find("CERTIFICATE") >= 0
def testItShouldCreateACA(self): ca = CA() assert ca.create_ca()
def testItShouldSerializeAPrivateKeyToPEM(self): ca = CA() ca.create_ca() assert CA.pkey_to_pem(ca.ca_key).find("PRIVATE KEY") >= 0
def testItShouldGetTheCACertificate(self): ca = CA() ca.create_ca() assert isinstance(ca.ca_cert, OpenSSL.crypto.X509)