def setUp(self):
CreateCaChain()
self.rca = CertificateAuthority.objects.get(pk=1)
self.ica = CertificateAuthority.objects.get(pk=2)
self.eca = CertificateAuthority.objects.get(pk=3)
openssl.refresh_pki_metadata([self.rca, self.ica, self.eca])
Certificate(common_name='Server Edge Certificate', name='Server_Edge_Certificate', description="unit test server edge certificate", country='DE', \
state='Bavaria', locality='Munich', organization='Bozo Clown Inc.', OU='IT', email='*****@*****.**', valid_days=365, \
key_length=1024, expiry_date='', created='', revoked=None, active=None, serial=None, ca_chain=None, \
der_encoded=False, pkcs12_encoded=False, pkcs12_passphrase=None, parent=self.eca, parent_passphrase="1234567890", passphrase=None, \
extension=x509Extension.objects.get(pk=3), subjaltname="IP:1.2.3.4, DNS:www1.company.com").save()
Certificate(common_name='User Edge Certificate', name='User_Edge_Certificate', description="unit test user edge certificate", country='DE', \
state='Bavaria', locality='Munich', organization='Bozo Clown Inc.', OU='IT', email='*****@*****.**', valid_days=365, \
key_length=1024, expiry_date='', created='', revoked=None, active=None, serial=None, ca_chain=None, \
der_encoded=False, pkcs12_encoded=False, pkcs12_passphrase=None, parent=self.eca, parent_passphrase="1234567890", passphrase=None, \
extension=x509Extension.objects.get(pk=4), crl_dpoints="URI:https://ca.company.com/ca.crl").save()
self.srv = Certificate.objects.get(pk=1)
self.usr = Certificate.objects.get(pk=2)
self.srv_openssl = openssl.Openssl(self.srv)
self.usr_openssl = openssl.Openssl(self.usr)
def setUp(self):
'''Create a self-signed RootCA'''
CreateCaChain()
self.rca = CertificateAuthority.objects.get(pk=1)
self.ica = CertificateAuthority.objects.get(pk=2)
self.eca = CertificateAuthority.objects.get(pk=3)
self.rca_openssl = openssl.Openssl(self.rca)
self.ica_openssl = openssl.Openssl(self.ica)
self.eca_openssl = openssl.Openssl(self.eca)
openssl.refresh_pki_metadata([self.rca, self.ica, self.eca])
def setUp(self):
self.ca = CertificateAuthority(common_name='Root CA', name='Root_CA', description="unit test", country='DE', state='Bavaria', \
locality='Munich', organization='Bozo Clown Inc.', OU='IT', email='*****@*****.**', valid_days=1000, \
key_length=1024, expiry_date='', created='', revoked=None, active=None, serial=None, ca_chain=None, \
der_encoded=False, parent=None, passphrase='1234567890', extension=x509Extension.objects.get(pk=1))
self.ca_ssl = openssl.Openssl(self.ca)
openssl.refresh_pki_metadata([self.ca,])
def test_DeleteEdgeCertificateAuthority(self):
eca_obj = CertificateAuthority.objects.get(pk=3)
eca_ssl = openssl.Openssl(eca_obj)
r = self.c.post('/admin/pki/certificateauthority/3/delete/', {'_model':'certificateauthority', '_id':3, 'passphrase':'1234567890'}, follow=True)
self.assertContains(r, 'was deleted successfully')
self.failUnlessEqual(r.status_code, 200)
self.assertEqual(len(CertificateAuthority.objects.filter(pk=3)), 0)
self.assertTrue(eca_ssl.get_revoke_status_from_cert())
self.assertFalse(os.path.exists(eca_ssl.ca_dir))
def test_RenewEdgeCertificate(self):
old_sn = self.srv.serial
self.srv.action = "renew"
self.srv.parent_passphrase = "1234567890"
self.srv.save()
self.srv_openssl = openssl.Openssl(Certificate.objects.get(pk=self.srv.pk))
self.assertNotEqual(old_sn, Certificate.objects.get(pk=self.srv.pk).serial)
self.assertTrue(Certificate.objects.get(pk=self.srv.pk).active)
self.assertFalse(self.srv_openssl.get_revoke_status_from_cert())
def test_RevokeEdgeCertificateAuthority(self):
self.post_data_eca['action'] = 'revoke'
self.post_data_eca['parent_passphrase'] = '1234567890'
r = self.c.post('/admin/pki/certificateauthority/3/', self.post_data_eca, follow=True)
self.assertContains(r, 'was changed successfully')
self.failUnlessEqual(r.status_code, 200)
eca_obj = CertificateAuthority.objects.get(pk=3)
eca_ssl = openssl.Openssl(eca_obj)
self.assertFalse(eca_obj.active)
self.assertTrue(eca_ssl.get_revoke_status_from_cert())
def test_DeleteRootCertificateAuthority(self):
rca_obj = CertificateAuthority.objects.get(pk=1)
rca_ssl = openssl.Openssl(rca_obj)
r = self.c.post('/admin/pki/certificateauthority/1/delete/', {'_model':'certificateauthority', '_id':1, 'passphrase':'1234567890'}, follow=True)
self.assertContains(r, 'was deleted successfully')
self.failUnlessEqual(r.status_code, 200)
self.assertEqual(len(CertificateAuthority.objects.filter(pk=1)), 0)
self.assertFalse(os.path.exists(rca_ssl.ca_dir))
for ca in rca_obj.certificateauthority_set.all():
self.assertEqual(len(CertificateAuthority.objects.filter(pk=ca.pk)), 0)
self.assertFalse(os.path.exists(rca_ssl.ca_dir))
def test_rebuild_ca_metadata(self):
self.obj_ssl = openssl.Openssl(self.obj)
self.obj.rebuild_ca_metadata(modify=True, task='append')
self.assertTrue(os.path.exists(self.obj_ssl.ca_dir))
self.obj.rebuild_ca_metadata(modify=True, task='exclude', skip_list=[self.obj.pk,])
self.assertFalse(os.path.exists(self.obj_ssl.ca_dir))