def testSelfCertificateGeneration(self): """With a Key, try to generate a self-signed certificate """ before = datetime(2010, 01, 01) after = datetime(2015, 01, 01) user_pwd = "tata" key = Key.generate(user_pwd) key.save() cert = Certificate() cert.CN = "My CN" cert.country = "FR" cert.key = key cert.days = 300 cert.is_ca = True cert.generate_x509_root(user_pwd) cert.save() cert_pem = cert.pem #self.assertEqual(cert.serial, 0) self.assertEqual(cert.ca_serial, 1) self.assertTrue(cert.is_ca) self.assertTrue(cert.trust) # Just test Certificate.m2_x509() method x509 = X509.load_cert_string(cert_pem, X509.FORMAT_PEM) m2x509 = cert.m2_x509() self.assertTrue(x509.as_text() == m2x509.as_text()) self.assertTrue("CA:TRUE" in m2x509.as_text()) self.assertTrue("Issuer: CN=My CN, C=FR" in m2x509.as_text()) self.assertTrue("Subject: CN=My CN, C=FR" in m2x509.as_text()) self.assertTrue("X509v3 Authority Key Identifier" in m2x509.as_text()) self.assertTrue("X509v3 Subject Key Identifier" in m2x509.as_text()) return cert_pem
def testSignaturePKIca(self): """Client certificate is a CA """ # Turn this to True to regenerate examples certificates save = False before = datetime(2010, 01, 01, 6, tzinfo=ASN1.UTC) after = datetime(2015, 01, 01, 6, tzinfo=ASN1.UTC) ca_pwd = "R00tz" c_pwd = "1234" #c2_pwd = "abcd" # CA and Client keys ca_key = Key.generate(ca_pwd) c_key = Key.generate(c_pwd) c2_key = Key.generate(None) # CA Cert ca_cert = Certificate() ca_cert.CN = "Admin" ca_cert.country = "FR" ca_cert.key = ca_key ca_cert.days = 3000 ca_cert.is_ca = True ca_cert.generate_x509_root(ca_pwd) # Client's request rqst = CertificateRequest() rqst.CN = "World Company" rqst.country = "FR" rqst.key = c_key rqst.sign_request(c_pwd) c_cert = ca_cert.sign_request(rqst, 200, ca_pwd, ca=True) self.assertEqual(c_cert.serial, '2') self.assertEqual(ca_cert.ca_serial, 2) # Just test Certificate.m2_x509() method x509 = X509.load_cert_string(c_cert.pem, X509.FORMAT_PEM) m2x509 = c_cert.m2_x509() self.assertTrue(x509.as_text() == m2x509.as_text()) self.assertTrue("CA:TRUE" in m2x509.as_text()) self.assertTrue("Issuer: CN=Admin, C=FR" in m2x509.as_text()) self.assertTrue("Subject: CN=World Company, C=FR" in m2x509.as_text()) self.assertTrue("X509v3 Authority Key Identifier" in m2x509.as_text()) self.assertTrue("X509v3 Subject Key Identifier" in m2x509.as_text()) self.assertTrue(c_cert.auth_kid) self.assertTrue(c_cert.subject_kid) self.assertTrue(" " not in c_cert.auth_kid) self.assertTrue(" " not in c_cert.subject_kid) self.assertTrue(c_cert.auth_kid in m2x509.as_text()) self.assertTrue(c_cert.subject_kid in m2x509.as_text()) # get authkey # Client's request urqst = CertificateRequest() urqst.CN = "Country Company" urqst.country = "FR" urqst.key = c2_key urqst.sign_request() c2_cert = c_cert.sign_request(urqst, 150, c_pwd) self.assertEqual(c2_cert.serial, '2') self.assertEqual(c_cert.ca_serial, 2) # Just test Certificate.m2_x509() method x509 = X509.load_cert_string(c2_cert.pem, X509.FORMAT_PEM) m2x509 = c2_cert.m2_x509() self.assertTrue(x509.as_text() == m2x509.as_text()) self.assertTrue("Issuer: CN=World Company, C=FR" in m2x509.as_text()) self.assertTrue("Subject: CN=Country Company, C=FR" in m2x509.as_text()) self.assertTrue("X509v3 Authority Key Identifier" in m2x509.as_text()) self.assertTrue("X509v3 Subject Key Identifier" in m2x509.as_text()) self.assertTrue(c2_cert.auth_kid) self.assertTrue(c2_cert.subject_kid) self.assertTrue(c2_cert.auth_kid in m2x509.as_text()) self.assertTrue(c2_cert.subject_kid in m2x509.as_text()) self.assertTrue(" " not in c2_cert.auth_kid) self.assertTrue(" " not in c2_cert.subject_kid) # If all tests are goods, lets save it if needed if save: # UTF8 CA Cert utf8_key = Key.generate(ca_pwd) utf8_cert = Certificate() utf8_cert.CN = "Admin ©" utf8_cert.country = "FR" utf8_cert.key = utf8_key utf8_cert.begin = before utf8_cert.end = after utf8_cert.is_ca = True utf8_cert.generate_x509_root(ca_pwd) utf8_cert.save() open(CA_KEY_PATH, 'w').write(ca_key.private) open(C_KEY_PATH, 'w').write(c_key.private) open(U_KEY_PATH, 'w').write(c2_key.private) open(C_PUB_KEY_PATH, 'w').write(c_key.public) open(CA_CERT_PATH, 'w').write(ca_cert.pem) open(C_REQUEST_PATH, 'w').write(rqst.pem) open(C_CERT_PATH, 'w').write(c_cert.pem) open(U_CERT_PATH, 'w').write(c2_cert.pem) open(UTF8_CERT_PATH, 'w').write(utf8_cert.pem) print "SAVED"