Пример #1
0
def test_sign_csr() -> None:
    root_key = make_private_key()
    root_cert = make_root_certificate(
        make_subject_name("peter"),
        1,
        root_key,
    )
    key = make_private_key()
    csr = make_csr(
        make_subject_name("from_peter"),
        key,
    )
    with on_time(100, "UTC"):
        cert = sign_csr(
            csr,
            2,
            root_cert,
            root_key,
        )

    assert check_cn(
        cert,
        "from_peter",
    )
    assert str(cert.not_valid_before) == "1970-01-01 00:01:40"
    assert str(cert.not_valid_after) == "1970-01-03 00:01:40"
    check_certificate_against_private_key(
        cert,
        key,
    )
    # ensure that 'from_peter' is indeed signed by 'peter'
    check_certificate_against_public_key(
        cert,
        rsa_public_key_from_cert_or_csr(root_cert),
    )
Пример #2
0
def test_load_cert_and_private_key(
    mocker: MockerFixture,
    cert_bytes: bytes,
    expected_cn: str,
) -> None:
    mocker.patch(
        "cmk.utils.certs.Path.read_bytes",
        return_value=cert_bytes,
    )
    cert, priv_key = load_cert_and_private_key(Path("whatever"))
    assert check_cn(
        cert,
        expected_cn,
    )
    assert isinstance(
        cert.public_key(),
        RSAPublicKey,
    )
    assert isinstance(
        priv_key,
        RSAPrivateKey,
    )
    check_certificate_against_private_key(
        cert,
        priv_key,
    )
Пример #3
0
def test_sign_csr_with_local_ca() -> None:
    root_key = _make_private_key()
    root_cert = _make_root_certificate(
        _make_subject_name("peter"),
        1,
        root_key,
    )
    key = _make_private_key()
    csr = _make_csr(
        _make_subject_name("from_peter"),
        key,
    )

    root_ca = RootCA(root_cert, root_key)
    with on_time(567892121, "UTC"):
        cert = root_ca.sign_csr(csr, 100)

    assert check_cn(
        cert,
        "from_peter",
    )
    assert str(cert.not_valid_before) == "1987-12-30 19:48:41"
    assert str(cert.not_valid_after) == "1988-04-08 19:48:41"
    check_certificate_against_private_key(
        cert,
        key,
    )
    # ensure that 'from_peter' is indeed signed by 'peter'
    check_certificate_against_public_key(
        cert,
        _rsa_public_key_from_cert_or_csr(root_cert),
    )
Пример #4
0
def test_initialize(ca: CertificateAuthority) -> None:
    assert check_cn(
        ca.root_ca.cert,
        CA_NAME,
    )
    check_certificate_against_private_key(
        ca.root_ca.cert,
        ca.root_ca.rsa,
    )
Пример #5
0
def test_initialize(ca: certs.CertificateAuthority) -> None:
    assert not ca.is_initialized
    ca.initialize()
    assert ca.is_initialized

    cert, key = ca._get_root_certificate()
    assert check_cn(
        cert,
        CA_NAME,
    )
    check_certificate_against_private_key(
        cert,
        key,
    )
Пример #6
0
def test_make_root_certificate() -> None:
    key = make_private_key()
    with on_time(100, "UTC"):
        cert = make_root_certificate(
            make_subject_name("peter"),
            1,
            key,
        )
    assert check_cn(
        cert,
        "peter",
    )
    assert str(cert.not_valid_before) == "1970-01-01 00:01:40"
    assert str(cert.not_valid_after) == "1970-01-02 00:01:40"
    check_certificate_against_private_key(
        cert,
        key,
    )
Пример #7
0
def test_write_agent_receiver_certificate(ca: CertificateAuthority) -> None:
    assert not ca.agent_receiver_certificate_exists

    ca.create_agent_receiver_certificate(days_valid=100)
    assert ca.agent_receiver_certificate_exists
    assert _file_permissions_is_660(ca._agent_receiver_cert_path)

    cert, key = load_cert_and_private_key(ca._agent_receiver_cert_path)
    assert check_cn(
        cert,
        "localhost",
    )
    check_certificate_against_private_key(
        cert,
        key,
    )
    check_certificate_against_public_key(
        cert,
        _rsa_public_key_from_cert_or_csr(ca.root_ca.cert),
    )
Пример #8
0
def test_create_site_certificate(ca: CertificateAuthority) -> None:
    site_id = "xyz"
    assert not ca.site_certificate_exists(site_id)

    ca.create_site_certificate(site_id, days_valid=100)
    assert ca.site_certificate_exists(site_id)
    assert _file_permissions_is_660(ca._site_certificate_path(site_id))

    cert, key = load_cert_and_private_key(ca._site_certificate_path(site_id))
    assert check_cn(
        cert,
        site_id,
    )
    check_certificate_against_private_key(
        cert,
        key,
    )
    check_certificate_against_public_key(
        cert,
        _rsa_public_key_from_cert_or_csr(ca.root_ca.cert),
    )
Пример #9
0
def test_sign_csr_with_local_ca(mocker: MockerFixture) -> None:
    root_key = make_private_key()
    root_cert = make_root_certificate(
        make_subject_name("peter"),
        1,
        root_key,
    )
    mocker.patch(
        "cmk.utils.certs.load_local_ca",
        return_value=(
            root_cert,
            root_key,
        ),
    )
    key = make_private_key()
    csr = make_csr(
        make_subject_name("from_peter"),
        key,
    )
    with on_time(567892121, "UTC"):
        cert = sign_csr_with_local_ca(
            csr,
            100,
        )

    assert check_cn(
        cert,
        "from_peter",
    )
    assert str(cert.not_valid_before) == "1987-12-30 19:48:41"
    assert str(cert.not_valid_after) == "1988-04-08 19:48:41"
    check_certificate_against_private_key(
        cert,
        key,
    )
    # ensure that 'from_peter' is indeed signed by 'peter'
    check_certificate_against_public_key(
        cert,
        rsa_public_key_from_cert_or_csr(root_cert),
    )
Пример #10
0
def test_write_agent_receiver_certificate(
        ca: certs.CertificateAuthority) -> None:
    ca.initialize()
    assert not ca.agent_receiver_certificate_exists

    ca.create_agent_receiver_certificate()
    assert ca.agent_receiver_certificate_exists
    assert _file_permissions_is_660(ca._agent_receiver_cert_path)

    cert, key = load_cert_and_private_key(ca._agent_receiver_cert_path)
    assert check_cn(
        cert,
        "localhost",
    )
    check_certificate_against_private_key(
        cert,
        key,
    )
    check_certificate_against_public_key(
        cert,
        rsa_public_key_from_cert_or_csr(ca._get_root_certificate()[0]),
    )
Пример #11
0
def test_create_site_certificate(ca: certs.CertificateAuthority) -> None:
    ca.initialize()
    site_id = "xyz"
    assert not ca.site_certificate_exists(site_id)

    ca.create_site_certificate(site_id)
    assert ca.site_certificate_exists(site_id)
    assert _file_permissions_is_660(ca._site_certificate_path(site_id))

    cert, key = load_cert_and_private_key(ca._site_certificate_path(site_id))
    assert check_cn(
        cert,
        site_id,
    )
    check_certificate_against_private_key(
        cert,
        key,
    )
    check_certificate_against_public_key(
        cert,
        rsa_public_key_from_cert_or_csr(ca._get_root_certificate()[0]),
    )