def test_build_ca_cert(self): public_key, private_key = self.ec_secp256r1 builder = CertificateBuilder( { 'country_name': 'US', 'state_or_province_name': 'Massachusetts', 'locality_name': 'Newbury', 'organization_name': 'Codex Non Sufficit LC', 'common_name': 'Will Bond', }, public_key ) builder.hash_algo = 'sha512' builder.self_signed = True builder.ca = True certificate = builder.build(private_key) der_bytes = certificate.dump() new_certificate = asn1crypto.x509.Certificate.load(der_bytes) self.assertEqual('sha512', new_certificate.hash_algo) self.assertEqual( { 'country_name': 'US', 'state_or_province_name': 'Massachusetts', 'locality_name': 'Newbury', 'organization_name': 'Codex Non Sufficit LC', 'common_name': 'Will Bond', }, new_certificate.issuer.native ) self.assertEqual( { 'country_name': 'US', 'state_or_province_name': 'Massachusetts', 'locality_name': 'Newbury', 'organization_name': 'Codex Non Sufficit LC', 'common_name': 'Will Bond', }, new_certificate.subject.native ) self.assertEqual('ecdsa', new_certificate.signature_algo) self.assertEqual(set(['key_usage', 'basic_constraints']), new_certificate.critical_extensions) self.assertEqual(set(['key_cert_sign', 'crl_sign']), new_certificate.key_usage_value.native) self.assertEqual(None, new_certificate.extended_key_usage_value) self.assertEqual(None, new_certificate.authority_key_identifier) self.assertEqual(True, new_certificate.ca) self.assertEqual(True, new_certificate.self_issued) self.assertEqual('yes', new_certificate.self_signed) self.assertEqual(certificate.public_key.sha1, new_certificate.key_identifier)
def test_build_chain_of_certs(self): ca_public_key, ca_private_key = self.ec_secp521r1 ee_public_key, _ = self.ec_secp256r1 ca_builder = CertificateBuilder( { 'country_name': 'US', 'state_or_province_name': 'Massachusetts', 'locality_name': 'Newbury', 'organization_name': 'Codex Non Sufficit LC', 'common_name': 'Codex Non Sufficit LC - Primary CA', }, ca_public_key ) ca_builder.hash_algo = 'sha512' ca_builder.self_signed = True ca_builder.ca = True ca_certificate = ca_builder.build(ca_private_key) ee_builder = CertificateBuilder( { 'country_name': 'US', 'state_or_province_name': 'Massachusetts', 'locality_name': 'Newbury', 'organization_name': 'Codex Non Sufficit LC', 'common_name': 'Will Bond', }, ee_public_key ) ee_builder.issuer = ca_certificate ee_builder.serial_number = 1 ee_certificate = ee_builder.build(ca_private_key) der_bytes = ee_certificate.dump() new_certificate = asn1crypto.x509.Certificate.load(der_bytes) self.assertEqual('sha256', new_certificate.hash_algo) self.assertEqual( { 'country_name': 'US', 'state_or_province_name': 'Massachusetts', 'locality_name': 'Newbury', 'organization_name': 'Codex Non Sufficit LC', 'common_name': 'Codex Non Sufficit LC - Primary CA', }, new_certificate.issuer.native ) self.assertEqual( { 'country_name': 'US', 'state_or_province_name': 'Massachusetts', 'locality_name': 'Newbury', 'organization_name': 'Codex Non Sufficit LC', 'common_name': 'Will Bond', }, new_certificate.subject.native ) self.assertEqual('ecdsa', new_certificate.signature_algo) self.assertEqual(set(['key_usage']), new_certificate.critical_extensions) self.assertEqual(set(['digital_signature', 'key_encipherment']), new_certificate.key_usage_value.native) self.assertEqual(['server_auth', 'client_auth'], new_certificate.extended_key_usage_value.native) self.assertEqual(ca_certificate.key_identifier, new_certificate.authority_key_identifier) self.assertEqual(False, new_certificate.ca) self.assertEqual(False, new_certificate.self_issued) self.assertEqual('no', new_certificate.self_signed)
def test_build_chain_of_certs(self): ca_public_key, ca_private_key = self.ec_secp521r1 ee_public_key, _ = self.ec_secp256r1 ca_builder = CertificateBuilder( { 'country_name': 'US', 'state_or_province_name': 'Massachusetts', 'locality_name': 'Newbury', 'organization_name': 'Codex Non Sufficit LC', 'common_name': 'Codex Non Sufficit LC - Primary CA', }, ca_public_key) ca_builder.hash_algo = 'sha512' ca_builder.self_signed = True ca_builder.ca = True ca_certificate = ca_builder.build(ca_private_key) ee_builder = CertificateBuilder( { 'country_name': 'US', 'state_or_province_name': 'Massachusetts', 'locality_name': 'Newbury', 'organization_name': 'Codex Non Sufficit LC', 'common_name': 'Will Bond', }, ee_public_key) ee_builder.issuer = ca_certificate ee_builder.serial_number = 1 ee_certificate = ee_builder.build(ca_private_key) der_bytes = ee_certificate.dump() new_certificate = asn1crypto.x509.Certificate.load(der_bytes) self.assertEqual('sha256', new_certificate.hash_algo) self.assertEqual( { 'country_name': 'US', 'state_or_province_name': 'Massachusetts', 'locality_name': 'Newbury', 'organization_name': 'Codex Non Sufficit LC', 'common_name': 'Codex Non Sufficit LC - Primary CA', }, new_certificate.issuer.native) self.assertEqual( { 'country_name': 'US', 'state_or_province_name': 'Massachusetts', 'locality_name': 'Newbury', 'organization_name': 'Codex Non Sufficit LC', 'common_name': 'Will Bond', }, new_certificate.subject.native) self.assertEqual('ecdsa', new_certificate.signature_algo) self.assertEqual(set(['key_usage']), new_certificate.critical_extensions) self.assertEqual(set(['digital_signature', 'key_encipherment']), new_certificate.key_usage_value.native) self.assertEqual(['server_auth', 'client_auth'], new_certificate.extended_key_usage_value.native) self.assertEqual(ca_certificate.key_identifier, new_certificate.authority_key_identifier) self.assertEqual(False, new_certificate.ca) self.assertEqual(False, new_certificate.self_issued) self.assertEqual('no', new_certificate.self_signed)