def test_fail_critical_unknown_extensions(self): csr = signing_request.X509Csr.from_buffer(self.csr_sample) ext = UnknownExtension() ext.set_critical(True) csr.add_extension(ext) with self.assertRaises(certificate_ops.SigningError): certificate_ops.sign(csr, self.sample_conf_ca['default_ca'])
def test_fail_critical_unknown_extensions(self): csr = signing_request.X509Csr.from_buffer(self.csr_sample_bytes) ext = UnknownExtension() ext.set_critical(True) csr.add_extension(ext) with self.assertRaises(certificate_ops.SigningError): certificate_ops.sign(csr, self.sample_conf_ca['default_ca'])
def test_ca_key_read_failure(self): """Test CA key read failure.""" csr_obj = certificate_ops.parse_csr(self.csr, 'pem') config = "anchor.jsonloader.conf._config" data = {'ca': {'cert_path': 'tests/CA/root-ca.crt', 'key_path': '/xxx/not/a/valid/path'}} with mock.patch.dict(config, data): with self.assertRaises(http_status.HTTPServerError): certificate_ops.sign(csr_obj)
def test_ca_key_read_failure(self): """Test CA key read failure.""" csr_obj = certificate_ops.parse_csr(self.csr, 'pem') config = "anchor.jsonloader.conf._config" data = { 'ca': { 'cert_path': 'tests/CA/root-ca.crt', 'key_path': '/xxx/not/a/valid/path' } } with mock.patch.dict(config, data): with self.assertRaises(http_status.HTTPServerError): certificate_ops.sign(csr_obj)
def test_ignore_unknown_extensions(self): csr = signing_request.X509Csr.from_buffer(self.csr_sample) ext = UnknownExtension() csr.add_extension(ext) pem = certificate_ops.sign(csr, self.sample_conf_ca['default_ca']) cert = certificate.X509Certificate.from_buffer(pem) self.assertEqual(2, len(cert.get_extensions()))
def test_ignore_unknown_extensions(self): csr = signing_request.X509Csr.from_buffer(self.csr_sample_bytes) ext = UnknownExtension() csr.add_extension(ext) pem = certificate_ops.sign(csr, self.sample_conf_ca['default_ca']) cert = certificate.X509Certificate.from_buffer(pem) self.assertEqual(2, len(cert.get_extensions()))
def post(self): auth_result = auth.validate(pecan.request.POST.get('user'), pecan.request.POST.get('secret')) csr = certificate_ops.parse_csr(pecan.request.POST.get('csr'), pecan.request.POST.get('encoding')) certificate_ops.validate_csr(auth_result, csr, pecan.request) return certificate_ops.sign(csr)
def test_copy_good_extensions(self): csr = signing_request.X509Csr.from_buffer(self.csr_sample) ext = extension.X509ExtensionSubjectAltName() ext.add_dns_id("example.com") csr.add_extension(ext) pem = certificate_ops.sign(csr, self.sample_conf_ca['default_ca']) cert = certificate.X509Certificate.from_buffer(pem) self.assertEqual(1, len(cert.get_extensions( extension.X509ExtensionSubjectAltName)))
def test_copy_good_extensions(self): csr = signing_request.X509Csr.from_buffer(self.csr_sample_bytes) ext = extension.X509ExtensionSubjectAltName() ext.add_dns_id("example.com") csr.add_extension(ext) pem = certificate_ops.sign(csr, self.sample_conf_ca['default_ca']) cert = certificate.X509Certificate.from_buffer(pem) self.assertEqual( 1, len(cert.get_extensions(extension.X509ExtensionSubjectAltName)))