def test_init_with_key(key_file, get_X509Chain_class):
""" Test init with key object as argument and check the content"""
chain1 = get_X509Chain_class()
chain1.loadKeyFromFile(key_file)
# Get the key and check the number of bits
keyObj = chain1.getPKeyObj()['Value']
chain2 = get_X509Chain_class(keyObj=keyObj)
assert chain1.dumpPKeyToString() == chain2.dumpPKeyToString()
# Careful ! The two keys are the same object
assert chain2.getPKeyObj()['Value'] is keyObj
def test_getCertInChain_too_far(get_X509Chain_class):
"""" Load a chain, get too far in the certificate chain"""
x509Chain = get_X509Chain_class()
x509Chain.loadChainFromFile(HOSTCERT)
# it should raise IndexError if too far
with raises(IndexError):
x509Chain.getCertInChain(1)
def test_getCertList(cert_file, get_X509Chain_class):
""" " Load a chain, and get its length."""
x509Chain = get_X509Chain_class()
x509Chain.loadChainFromFile(cert_file)
# For a certificate, there should be only 1 certificate in the chain
assert len(x509Chain.getCertList()["Value"]) == 1
assert len(x509Chain.getCertList()["Value"]) == x509Chain.getNumCertsInChain()["Value"]
def test_hasExpired(cert_file, get_X509Chain_class):
"""" Load a valid certificate and check it has not expired"""
x509Chain = get_X509Chain_class()
x509Chain.loadChainFromFile(cert_file)
res = x509Chain.hasExpired()
assert res['OK']
assert not res['Value']
def test_loadChainFromString(cert_content_type, get_X509Chain_class, indirect=("hostcertcontent", "usercertcontent")):
""" " Just loadChain a certificate from PEM string
:param cert_content_type: either HOSTCERTCONTENT or USERCERTCONTENT
"""
X509Chain = get_X509Chain_class()
res = X509Chain.loadChainFromString(CERTCONTENTS[cert_content_type])
assert res["OK"], res
def test_privatekey_with_password(get_X509Chain_class):
""" Test loading a password protected key from a file and retrieve the object """
X509Chain = get_X509Chain_class()
res = X509Chain.loadKeyFromFile(ENCRYPTEDKEY, password=ENCRYPTEDKEYPASS)
assert res['OK']
# Get the key and check the number of bits
res = X509Chain.getPKeyObj()
assert res['OK']
assert res['Value'].size() == 512
def test_loadChainFromString_non_pem(get_X509Chain_class):
"""" Just loadChain a non pem formated string """
X509Chain = get_X509Chain_class()
res = X509Chain.loadChainFromString('THIS IS NOT PEM DATA')
assert not res['OK']
from DIRAC.Core.Utilities.DErrno import EX509
assert res['Errno'] == EX509
def test_loadChainFromFile_non_existing_file(get_X509Chain_class):
"""" Just loadChain a non existing file"""
X509Chain = get_X509Chain_class()
res = X509Chain.loadChainFromFile('/tmp/nonexistingFile.pem')
assert not res['OK']
from DIRAC.Core.Utilities.DErrno import EOF
assert res['Errno'] == EOF
def test_privatekey_with_wrong_password(get_X509Chain_class):
""" Try loading a password protected key with the wrong password"""
X509Chain = get_X509Chain_class()
res = X509Chain.loadKeyFromFile(ENCRYPTEDKEY, password='******')
assert not res['OK']
from DIRAC.Core.Utilities.DErrno import ECERTREAD
assert res['Errno'] == ECERTREAD
def test_getCertInChain_on_cert(cert_file, get_X509Chain_class):
"""" Load a chain, get the first certificate, and check its name"""
x509Chain = get_X509Chain_class()
x509Chain.loadChainFromFile(cert_file)
res = x509Chain.getCertInChain(0)
assert res['OK']
certSubject = res['Value'].getSubjectDN().get('Value')
assert certSubject == getCertOption(cert_file, 'subjectDN')
def test_isPUSP_on_cert(cert_file, get_X509Chain_class):
"""" Load a valid certificate in a chain, and check isPUSP"""
x509Chain = get_X509Chain_class()
x509Chain.loadChainFromFile(cert_file)
res = x509Chain.isPUSP()
assert res['OK']
assert res['Value'] is False
def test_getRemainingSecs_on_cert(cert_file, get_X509Chain_class):
"""" Load a valid certificate and check the output is a positive integer"""
x509Chain = get_X509Chain_class()
x509Chain.loadChainFromFile(cert_file)
res = x509Chain.getRemainingSecs()
assert res['OK']
assert isinstance(res['Value'], int) and res['Value'] > 0
def test_getNotAfterDate(cert_file, get_X509Chain_class):
"""" Load a valid certificate and check its expiration date"""
x509Chain = get_X509Chain_class()
x509Chain.loadChainFromFile(cert_file)
res = x509Chain.getNotAfterDate()
assert res['OK']
# We expect getNotAfterDate to return a datetime
assert res['Value'].date() == getCertOption(cert_file, 'endDate')
def test_dumpChainToString_on_cert(cert_file, get_X509Chain_class):
"""" Load a valid certificate in a chain, and dump all to string"""
x509Chain = get_X509Chain_class()
x509Chain.loadChainFromFile(cert_file)
res = x509Chain.dumpChainToString()
assert res['OK']
assert res['Value'] == getCertOption(cert_file, 'content')
def test_hash_on_cert(cert_file, get_X509Chain_class):
"""" Load a valid certificate in a chain, and check the hash
It is supposed to raise an exception because it is not a proxy
"""
x509Chain = get_X509Chain_class()
x509Chain.loadChainFromFile(cert_file)
# Because hash expects a proxy, it will attempt to access the diracGroup attribute
# and raise a KeyError
with raises(KeyError):
x509Chain.hash()
def test_getCredentials_on_cert(cert_file, get_X509Chain_class):
""" " Load a valid certificate in a chain, and check the information returned.
We do not check the values, they are already checked in other tests
"""
x509Chain = get_X509Chain_class()
x509Chain.loadChainFromFile(cert_file)
credentialInfo = ["DN", "isLimitedProxy", "isProxy", "issuer", "secondsLeft", "subject", "validDN", "validGroup"]
res = x509Chain.getCredentials(ignoreDefault=True)
assert res["OK"]
assert sorted(res["Value"]) == sorted(credentialInfo)
def test_getVOMSData_on_cert(cert_file, get_X509Chain_class):
"""" Load a Chain with only a certificate and load the (non existing VOMS data)
Of course, it will behave differently from the certificate...
"""
x509Chain = get_X509Chain_class()
x509Chain.loadChainFromFile(cert_file)
res = x509Chain.getVOMSData()
assert res['OK']
# The VOMS data of a certificate chain composed of only a certificate is... False
assert res['Value'] is False
def test_getDIRACGroup_on_cert(cert_file, get_X509Chain_class):
"""" Load a Chain with only a certificate and get the (non existing) DIRAC Group
Of course, it will behave differently from the certificate...
"""
x509Chain = get_X509Chain_class()
x509Chain.loadChainFromFile(cert_file)
# ignoreDefault is used such that there is no attempt to look for group in the CS
res = x509Chain.getDIRACGroup(ignoreDefault=True)
assert not res['OK']
from DIRAC.Core.Utilities.DErrno import EX509
assert res['Errno'] == EX509
def test_privatekey_without_password(key_file, get_X509Chain_class):
""" Test loading a key from a file, retrieve the object and check the content"""
X509Chain = get_X509Chain_class()
res = X509Chain.loadKeyFromFile(key_file)
assert res['OK']
# Get the key and check the number of bits
res = X509Chain.getPKeyObj()
assert res['OK']
assert res['Value'].size() == 512
# Check that the content of the object is correct.
# CAUTION ! The object is PKCS8, while the file contains PKCS1.
# Check the comment of KEYCONTENTS_PKCS8
res = X509Chain.dumpPKeyToString()
assert res['Value'] == KEYCONTENTS_PKCS8[key_file]
def test_certProperties(cert_file, get_X509Chain_class):
""" Try on a certificate if it is a proxy, limited proxy, VOMS, valid proxy, rfc """
x509Chain = get_X509Chain_class()
x509Chain.loadChainFromFile(cert_file)
# These methods should return False
assert x509Chain.isProxy()['Value'] is False
assert x509Chain.isLimitedProxy()['Value'] is False
assert x509Chain.isVOMS()['Value'] is False
assert x509Chain.isRFC()['Value'] is False
from DIRAC.Core.Utilities.DErrno import ENOCHAIN
# Now these methods should complain that it is not a proxy
# After all, why would you do something logical...
assert x509Chain.isValidProxy()['Errno'] == ENOCHAIN
def test_loadChainFromFile(cert_file, get_X509Chain_class):
"""" Just load a certificate chain"""
x509Chain = get_X509Chain_class()
res = x509Chain.loadChainFromFile(cert_file)
assert res['OK']