def test_load_object_no_cert_key(self, filename, name2, name3, password, backend): cert2 = _load_cert(backend, os.path.join("x509", "cryptography.io.pem")) cert3 = _load_cert(backend, os.path.join("x509", "letsencryptx3.pem")) pkcs12 = load_vectors_from_file( os.path.join("pkcs12", filename), lambda derfile: load_pkcs12(derfile.read(), password, backend), mode="rb", ) assert pkcs12.cert is None assert pkcs12.key is None assert len(pkcs12.additional_certs) == 2 assert pkcs12.additional_certs[0].certificate == cert2 assert pkcs12.additional_certs[0].friendly_name == name2 assert pkcs12.additional_certs[1].certificate == cert3 assert pkcs12.additional_certs[1].friendly_name == name3
def test_generate_cas_friendly_names(self, backend): cert, key = _load_ca(backend) cert2 = _load_cert( backend, os.path.join("x509", "custom", "dsa_selfsigned_ca.pem")) cert3 = _load_cert(backend, os.path.join("x509", "letsencryptx3.pem")) encryption = serialization.NoEncryption() p12 = serialize_key_and_certificates( b"test", key, cert, [ PKCS12Certificate(cert2, b"cert2"), PKCS12Certificate(cert3, None), ], encryption, ) p12_cert = load_pkcs12(p12, None, backend) cas = p12_cert.additional_certs assert cas[0].friendly_name == b"cert2" assert cas[1].friendly_name is None
def test_load_object(self, filename, name, name2, name3, password, backend): cert, key = _load_ca(backend) cert2 = _load_cert(backend, os.path.join("x509", "cryptography.io.pem")) cert3 = _load_cert(backend, os.path.join("x509", "letsencryptx3.pem")) pkcs12 = load_vectors_from_file( os.path.join("pkcs12", filename), lambda derfile: load_pkcs12(derfile.read(), password, backend), mode="rb", ) assert pkcs12.cert is not None assert pkcs12.cert.certificate == cert assert pkcs12.cert.friendly_name == name assert isinstance(pkcs12.key, ec.EllipticCurvePrivateKey) assert pkcs12.key.private_numbers() == key.private_numbers() assert len(pkcs12.additional_certs) == 2 assert pkcs12.additional_certs[0].certificate == cert2 assert pkcs12.additional_certs[0].friendly_name == name2 assert pkcs12.additional_certs[1].certificate == cert3 assert pkcs12.additional_certs[1].friendly_name == name3
def test_serialize_pkcs12_nopassphrase(self): subject = DistinguishedNameFactory( localityName="Amsterdam", organizationalUnitName="BounCA Root", ) key = Key() key.create_key("rsa", 4096) certificate_request = CertificateFactory(dn=subject) certhandler = Certificate() certhandler.create_certificate(certificate_request, key.serialize()) crt = certhandler.certificate pkcs12 = key.serialize_pkcs12("test_pkcs12", crt) pkcs12_obj = load_pkcs12(pkcs12, None) self.assertEqual(pkcs12_obj.key.key_size, 4096) self.assertEqual(pkcs12_obj.cert.friendly_name.decode("utf-8"), "test_pkcs12") self.assertEqual(pkcs12_obj.cert.certificate.serial_number, crt.serial_number)
def test_serialize_pkcs12_cas_nopassphrase(self): root_key = Key().create_key("ed25519", None) subject = DistinguishedNameFactory(countryName="NL", stateOrProvinceName="Noord Holland", organizationName="Repleo") root_certificate = CertificateFactory( dn=subject, name="test_server_root_certificate", expires_at=arrow.get(timezone.now()).shift(days=+30).date()) with mute_signals(signals.post_save): root_certificate.save() root_certhandler = Certificate() root_certhandler.create_certificate(root_certificate, root_key.serialize()) keystore = KeyStore(certificate=root_certificate) keystore.crt = root_certhandler.serialize() keystore.key = root_key.serialize() keystore.save() int_key = Key().create_key("rsa", 2048) subject = DistinguishedNameFactory( countryName=root_certificate.dn.countryName, stateOrProvinceName=root_certificate.dn.stateOrProvinceName, organizationName=root_certificate.dn.organizationName, ) int_certificate = CertificateFactory( expires_at=arrow.get(timezone.now()).shift(days=+5).date(), name="test_server_intermediate_certificate", type=CertificateTypes.INTERMEDIATE, parent=root_certificate, dn=subject, crl_distribution_url="https://example.com/crl/cert.crl.pem", ocsp_distribution_host="https://example.com/ocsp/", ) with mute_signals(signals.post_save): int_certificate.save() int_certhandler = Certificate() int_certhandler.create_certificate(int_certificate, int_key.serialize()) keystore = KeyStore(certificate=int_certificate) keystore.crt = int_certhandler.serialize() keystore.key = int_key.serialize() keystore.save() pkcs12 = int_key.serialize_pkcs12("test_pkcs12_cas", int_certhandler.certificate, cas=[root_certhandler.certificate]) pkcs12_obj = load_pkcs12(pkcs12, None) self.assertEqual(pkcs12_obj.key.key_size, 2048) self.assertEqual(pkcs12_obj.cert.friendly_name.decode("utf-8"), "test_pkcs12_cas") self.assertEqual(pkcs12_obj.cert.certificate.serial_number, int_certhandler.certificate.serial_number) self.assertEqual( pkcs12_obj.additional_certs[0].certificate.serial_number, root_certhandler.certificate.serial_number)