def test_create_csr(): from lemur.certificates.service import create_csr csr, private_key = create_csr(owner='*****@*****.**', common_name='ACommonName', organization='test', organizational_unit='Meters', country='US', state='CA', location='Here') assert csr assert private_key extensions = { 'sub_alt_names': { 'names': [{ 'name_type': 'DNSName', 'value': 'AnotherCommonName' }] } } csr, private_key = create_csr(owner='*****@*****.**', common_name='ACommonName', organization='test', organizational_unit='Meters', country='US', state='CA', location='Here', extensions=extensions) assert csr assert private_key
def test_create_csr(): csr, private_key = create_csr( owner="*****@*****.**", common_name="ACommonName", organization="test", organizational_unit="Meters", country="US", state="CA", location="Here", key_type="RSA2048", ) assert csr assert private_key extensions = { "sub_alt_names": { "names": x509.SubjectAlternativeName([x509.DNSName("AnotherCommonName")]) } } csr, private_key = create_csr( owner="*****@*****.**", common_name="ACommonName", organization="test", organizational_unit="Meters", country="US", state="CA", location="Here", extensions=extensions, key_type="RSA2048", ) assert csr assert private_key
def test_create_csr(): csr, private_key = create_csr(owner='*****@*****.**', common_name='ACommonName', organization='test', organizational_unit='Meters', country='US', state='CA', location='Here', key_type='RSA2048') assert csr assert private_key extensions = { 'sub_alt_names': { 'names': x509.SubjectAlternativeName([x509.DNSName('AnotherCommonName')]) } } csr, private_key = create_csr(owner='*****@*****.**', common_name='ACommonName', organization='test', organizational_unit='Meters', country='US', state='CA', location='Here', extensions=extensions, key_type='RSA2048') assert csr assert private_key
def test_create_csr(): csr, private_key = create_csr(owner='*****@*****.**', common_name='ACommonName', organization='test', organizational_unit='Meters', country='US', state='CA', location='Here', key_type='RSA2048') assert csr assert private_key extensions = {'sub_alt_names': {'names': x509.SubjectAlternativeName([x509.DNSName('AnotherCommonName')])}} csr, private_key = create_csr(owner='*****@*****.**', common_name='ACommonName', organization='test', organizational_unit='Meters', country='US', state='CA', location='Here', extensions=extensions, key_type='RSA2048') assert csr assert private_key
def test_create_csr(): from lemur.certificates.service import create_csr csr, private_key = create_csr(owner='*****@*****.**', common_name='ACommonName', organization='test', organizational_unit='Meters', country='US', state='CA', location='Here') assert csr assert private_key extensions = {'sub_alt_names': {'names': [{'name_type': 'DNSName', 'value': 'AnotherCommonName'}]}} csr, private_key = create_csr(owner='*****@*****.**', common_name='ACommonName', organization='test', organizational_unit='Meters', country='US', state='CA', location='Here', extensions=extensions) assert csr assert private_key
def test_certificate_input_schema_parse_csr(authority): from lemur.certificates.schemas import CertificateInputSchema test_san_dns = "foobar.com" extensions = { "sub_alt_names": { "names": x509.SubjectAlternativeName([x509.DNSName(test_san_dns)]) } } csr, private_key = create_csr( owner="*****@*****.**", common_name="ACommonName", organization="test", organizational_unit="Meters", country="NL", state="Noord-Holland", location="Amsterdam", key_type="RSA2048", extensions=extensions, ) input_data = { "commonName": "test.example.com", "owner": "*****@*****.**", "authority": {"id": authority.id}, "description": "testtestest", "csr": csr, "dnsProvider": None, } data, errors = CertificateInputSchema().load(input_data) for san in data["extensions"]["sub_alt_names"]["names"]: assert san.value == test_san_dns assert not errors
def test_certificate_input_schema_parse_csr(authority): from lemur.certificates.schemas import CertificateInputSchema test_san_dns = 'foobar.com' extensions = { 'sub_alt_names': { 'names': x509.SubjectAlternativeName([x509.DNSName(test_san_dns)]) } } csr, private_key = create_csr(owner='*****@*****.**', common_name='ACommonName', organization='test', organizational_unit='Meters', country='NL', state='Noord-Holland', location='Amsterdam', key_type='RSA2048', extensions=extensions) input_data = { 'commonName': 'test.example.com', 'owner': '*****@*****.**', 'authority': { 'id': authority.id }, 'description': 'testtestest', 'csr': csr, 'dnsProvider': None, } data, errors = CertificateInputSchema().load(input_data) for san in data['extensions']['sub_alt_names']['names']: assert san.value == test_san_dns assert not errors
def test_create_basic_csr(client): csr_config = dict( common_name="example.com", organization="Example, Inc.", organizational_unit="Operations", country="US", state="CA", location="A place", owner="*****@*****.**", key_type="RSA2048", extensions=dict( names=dict( sub_alt_names=x509.SubjectAlternativeName( [ x509.DNSName("test.example.com"), x509.DNSName("test2.example.com"), ] ) ) ), ) csr, pem = create_csr(**csr_config) csr = x509.load_pem_x509_csr(csr.encode("utf-8"), default_backend()) for name in csr.subject: assert name.value in csr_config.values()
def test_csr_disallowed_cn(client, logged_in_user): """Domain name CN is disallowed via LEMUR_WHITELISTED_DOMAINS.""" from lemur.common import validators request, pkey = create_csr(common_name="evilhacker.org", owner="*****@*****.**", key_type="RSA2048") with pytest.raises(ValidationError) as err: validators.csr(request) assert str(err.value).startswith( "Domain evilhacker.org does not match whitelisted domain patterns")
def build_certificate_authority(options): options["certificate_authority"] = True csr, private_key = create_csr(**options) if options.get("parent"): # Intermediate Cert Issuance cert_pem, chain_cert_pem = issue_certificate(csr, options, None) else: cert_pem, chain_cert_pem = issue_certificate(csr, options, private_key) return cert_pem, private_key, chain_cert_pem
def test_csr_disallowed_cn(client, logged_in_user): """Domain name CN is disallowed via LEMUR_WHITELISTED_DOMAINS.""" from lemur.common import validators request, pkey = create_csr( common_name='evilhacker.org', owner='*****@*****.**', key_type='RSA2048', ) with pytest.raises(ValidationError) as err: validators.csr(request) assert str(err.value).startswith('Domain evilhacker.org does not match whitelisted domain patterns')
def test_csr_disallowed_san(client, logged_in_user): """SAN name is disallowed by LEMUR_WHITELISTED_DOMAINS.""" from lemur.common import validators request, pkey = create_csr( common_name="CN with spaces isn't a domain and is thus allowed", owner='*****@*****.**', key_type='RSA2048', extensions={'sub_alt_names': {'names': x509.SubjectAlternativeName([x509.DNSName('evilhacker.org')])}} ) with pytest.raises(ValidationError) as err: validators.csr(request) assert str(err.value).startswith('Domain evilhacker.org does not match whitelisted domain patterns')
def test_create_basic_csr(client): csr_config = dict( common_name='example.com', organization='Example, Inc.', organizational_unit='Operations', country='US', state='CA', location='A place', owner='*****@*****.**', key_type='RSA2048', extensions=dict(names=dict(sub_alt_names=x509.SubjectAlternativeName([x509.DNSName('test.example.com'), x509.DNSName('test2.example.com')]))) ) csr, pem = create_csr(**csr_config) csr = x509.load_pem_x509_csr(csr.encode('utf-8'), default_backend()) for name in csr.subject: assert name.value in csr_config.values()
def test_csr_empty_san(client): """Test that an empty "names" list does not produce a CSR with empty SubjectAltNames extension. The Lemur UI always submits this extension even when no alt names are defined. """ csr_text, pkey = create_csr( common_name='daniel-san.example.com', owner='*****@*****.**', key_type='RSA2048', extensions={'sub_alt_names': {'names': x509.SubjectAlternativeName([])}} ) csr = x509.load_pem_x509_csr(csr_text.encode('utf-8'), default_backend()) with pytest.raises(x509.ExtensionNotFound): csr.extensions.get_extension_for_class(x509.SubjectAlternativeName)
def test_create_basic_csr(): from lemur.certificates.service import create_csr csr_config = dict( commonName='example.com', organization='Example, Inc.', organizationalUnit='Operations', country='US', state='CA', location='A place', extensions=dict(names=dict(subAltNames=['test.example.com', 'test2.example.com'])) ) csr, pem = create_csr(csr_config) private_key = serialization.load_pem_private_key(pem, password=None, backend=default_backend()) csr = x509.load_pem_x509_csr(csr, default_backend()) for name in csr.subject: assert name.value in csr_config.values()
def test_create_basic_csr(): from lemur.certificates.service import create_csr csr_config = dict( commonName='example.com', organization='Example, Inc.', organizationalUnit='Operations', country='US', state='CA', location='A place', extensions=dict(names=dict( subAltNames=['test.example.com', 'test2.example.com']))) csr, pem = create_csr(csr_config) private_key = serialization.load_pem_private_key(pem, password=None, backend=default_backend()) csr = x509.load_pem_x509_csr(csr, default_backend()) for name in csr.subject: assert name.value in csr_config.values()
def test_csr_disallowed_san(client, logged_in_user): """SAN name is disallowed by LEMUR_ALLOWED_DOMAINS.""" from lemur.common import validators request, pkey = create_csr( common_name="CN with spaces isn't a domain and is thus allowed", owner="*****@*****.**", key_type="RSA2048", extensions={ "sub_alt_names": { "names": x509.SubjectAlternativeName([x509.DNSName("evilhacker.org")]) } }, ) with pytest.raises(ValidationError) as err: validators.csr(request) assert str(err.value).startswith( "Domain evilhacker.org does not match allowed domain patterns" )
def test_create_basic_csr(client): from cryptography import x509 from cryptography.hazmat.backends import default_backend from lemur.certificates.service import create_csr csr_config = dict( common_name='example.com', organization='Example, Inc.', organizational_unit='Operations', country='US', state='CA', location='A place', owner='*****@*****.**', key_type='RSA2048', extensions=dict(names=dict(sub_alt_names=['test.example.com', 'test2.example.com'])) ) csr, pem = create_csr(**csr_config) csr = x509.load_pem_x509_csr(csr.encode('utf-8'), default_backend()) for name in csr.subject: assert name.value in csr_config.values()
def test_create_basic_csr(client): from cryptography import x509 from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives import serialization from lemur.certificates.service import create_csr csr_config = dict( common_name='example.com', organization='Example, Inc.', organizational_unit='Operations', country='US', state='CA', location='A place', extensions=dict(names=dict(sub_alt_names=['test.example.com', 'test2.example.com'])) ) csr, pem = create_csr(**csr_config) private_key = serialization.load_pem_private_key(pem, password=None, backend=default_backend()) csr = x509.load_pem_x509_csr(csr, default_backend()) for name in csr.subject: assert name.value in csr_config.values()
def test_create_basic_csr(client): from cryptography import x509 from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives import serialization from lemur.certificates.service import create_csr csr_config = dict( common_name='example.com', organization='Example, Inc.', organizational_unit='Operations', country='US', state='CA', location='A place', extensions=dict(names=dict( sub_alt_names=['test.example.com', 'test2.example.com']))) csr, pem = create_csr(**csr_config) private_key = serialization.load_pem_private_key(pem, password=None, backend=default_backend()) csr = x509.load_pem_x509_csr(csr, default_backend()) for name in csr.subject: assert name.value in csr_config.values()
def test_certificate_input_schema_parse_csr(authority): from lemur.certificates.schemas import CertificateInputSchema test_san_dns = 'foobar.com' extensions = {'sub_alt_names': {'names': x509.SubjectAlternativeName([x509.DNSName(test_san_dns)])}} csr, private_key = create_csr(owner='*****@*****.**', common_name='ACommonName', organization='test', organizational_unit='Meters', country='NL', state='Noord-Holland', location='Amsterdam', key_type='RSA2048', extensions=extensions) input_data = { 'commonName': 'test.example.com', 'owner': '*****@*****.**', 'authority': {'id': authority.id}, 'description': 'testtestest', 'csr': csr, 'dnsProvider': None, } data, errors = CertificateInputSchema().load(input_data) for san in data['extensions']['sub_alt_names']['names']: assert san.value == test_san_dns assert not errors
def build_certificate_authority(options): options['certificate_authority'] = True csr, private_key = create_csr(**options) cert_pem, chain_cert_pem = issue_certificate(csr, options, private_key) return cert_pem, private_key, chain_cert_pem