def test_04_create_token_on_server(self):
self.setUp_user_realms()
cwd = os.getcwd()
# setup ca connector
r = save_caconnector({"cakey": CAKEY,
"cacert": CACERT,
"type": "local",
"caconnector": "localCA",
"openssl.cnf": OPENSSLCNF,
"CSRDir": "",
"CertificateDir": "",
"WorkingDir": cwd + "/" + WORKINGDIR})
db_token = Token(self.serial3, tokentype="certificate")
db_token.save()
token = CertificateTokenClass(db_token)
# missing user
self.assertRaises(ParameterError,
token.update, {"ca": "localCA","genkey": 1})
token.update({"ca": "localCA", "genkey": 1,
"user": "******"})
self.assertEqual(token.token.serial, self.serial3)
self.assertEqual(token.token.tokentype, "certificate")
self.assertEqual(token.type, "certificate")
detail = token.get_init_detail()
certificate = detail.get("certificate")
# At each testrun, the certificate might get another serial number!
x509obj = crypto.load_certificate(crypto.FILETYPE_PEM, certificate)
self.assertEqual("{0!r}".format(x509obj.get_issuer()),
"<X509Name object '/C=DE/ST=Hessen"
"/O=privacyidea/CN=CA001'>")
self.assertEqual("{0!r}".format(x509obj.get_subject()),
"<X509Name object '/OU=realm1/CN=cornelius/[email protected]'>")
# Test, if the certificate is also completely stored in the tokeninfo
# and if we can retrieve it from the tokeninfo
token = get_tokens(serial=self.serial3)[0]
certificate = token.get_tokeninfo("certificate")
x509obj = crypto.load_certificate(crypto.FILETYPE_PEM, certificate)
self.assertEqual("{0!r}".format(x509obj.get_issuer()),
"<X509Name object '/C=DE/ST=Hessen"
"/O=privacyidea/CN=CA001'>")
self.assertEqual("{0!r}".format(x509obj.get_subject()),
"<X509Name object '/OU=realm1/CN=cornelius/[email protected]'>")
privatekey = token.get_tokeninfo("privatekey")
self.assertTrue(privatekey.startswith("-----BEGIN PRIVATE KEY-----"))
# check for pkcs12
self.assertTrue(detail.get("pkcs12"))
# revoke the token
r = token.revoke()
self.assertEqual(r, int_to_hex(x509obj.get_serial_number()))
def test_02_create_token_from_request(self):
cwd = os.getcwd()
# setup ca connector
r = save_caconnector({
"cakey": CAKEY,
"cacert": CACERT,
"type": "local",
"caconnector": "localCA",
"openssl.cnf": OPENSSLCNF,
"CSRDir": "",
"CertificateDir": "",
"WorkingDir": cwd + "/" + WORKINGDIR
})
db_token = Token(self.serial2, tokentype="certificate")
db_token.save()
token = CertificateTokenClass(db_token)
# just upload a ready certificate
token.update({"ca": "localCA", "request": REQUEST})
self.assertTrue(token.token.serial == self.serial2, token)
self.assertTrue(token.token.tokentype == "certificate",
token.token.tokentype)
self.assertTrue(token.type == "certificate", token)
class_prefix = token.get_class_prefix()
self.assertTrue(class_prefix == "CRT", class_prefix)
self.assertTrue(token.get_class_type() == "certificate", token)
detail = token.get_init_detail()
certificate = detail.get("certificate")
# At each testrun, the certificate might get another serial number!
x509obj = crypto.load_certificate(crypto.FILETYPE_PEM, certificate)
self.assertEqual(
"{0!r}".format(x509obj.get_issuer()),
"<X509Name object '/C=DE/ST=Hessen"
"/O=privacyidea/CN=CA001'>")
self.assertEqual(
"{0!r}".format(x509obj.get_subject()),
"<X509Name object '/C=DE/ST=Hessen"
"/O=privacyidea/CN=requester.localdomain'>")
# Test, if the certificate is also completely stored in the tokeninfo
# and if we can retrieve it from the tokeninfo
token = get_tokens(serial=self.serial2)[0]
certificate = token.get_tokeninfo("certificate")
x509obj = crypto.load_certificate(crypto.FILETYPE_PEM, certificate)
self.assertEqual(
"{0!r}".format(x509obj.get_issuer()),
"<X509Name object '/C=DE/ST=Hessen"
"/O=privacyidea/CN=CA001'>")
self.assertEqual(
"{0!r}".format(x509obj.get_subject()),
"<X509Name object '/C=DE/ST=Hessen"
"/O=privacyidea/CN=requester.localdomain'>")
remove_token(self.serial2)
def test_04_create_token_on_server(self):
self.setUp_user_realms()
cwd = os.getcwd()
# setup ca connector
r = save_caconnector({"cakey": CAKEY,
"cacert": CACERT,
"type": "local",
"caconnector": "localCA",
"openssl.cnf": OPENSSLCNF,
"CSRDir": "",
"CertificateDir": "",
"WorkingDir": cwd + "/" + WORKINGDIR})
db_token = Token(self.serial3, tokentype="certificate")
db_token.save()
token = CertificateTokenClass(db_token)
# missing user
self.assertRaises(ParameterError,
token.update, {"ca": "localCA","genkey": 1})
token.update({"ca": "localCA", "genkey": 1,
"user": "******"})
self.assertEqual(token.token.serial, self.serial3)
self.assertEqual(token.token.tokentype, "certificate")
self.assertEqual(token.type, "certificate")
detail = token.get_init_detail()
certificate = detail.get("certificate")
# At each testrun, the certificate might get another serial number!
x509obj = crypto.load_certificate(crypto.FILETYPE_PEM, certificate)
self.assertEqual("{0!r}".format(x509obj.get_issuer()),
"<X509Name object '/C=DE/ST=Hessen"
"/O=privacyidea/CN=CA001'>")
self.assertEqual("{0!r}".format(x509obj.get_subject()),
"<X509Name object '/OU=realm1/CN=cornelius/[email protected]'>")
# Test, if the certificate is also completely stored in the tokeninfo
# and if we can retrieve it from the tokeninfo
token = get_tokens(serial=self.serial3)[0]
certificate = token.get_tokeninfo("certificate")
x509obj = crypto.load_certificate(crypto.FILETYPE_PEM, certificate)
self.assertEqual("{0!r}".format(x509obj.get_issuer()),
"<X509Name object '/C=DE/ST=Hessen"
"/O=privacyidea/CN=CA001'>")
self.assertEqual("{0!r}".format(x509obj.get_subject()),
"<X509Name object '/OU=realm1/CN=cornelius/[email protected]'>")
privatekey = token.get_tokeninfo("privatekey")
self.assertTrue(privatekey.startswith("-----BEGIN PRIVATE KEY-----"))
# check for pkcs12
self.assertTrue(detail.get("pkcs12"))
def test_02_create_token_from_request(self):
cwd = os.getcwd()
# setup ca connector
r = save_caconnector({"cakey": CAKEY,
"cacert": CACERT,
"type": "local",
"caconnector": "localCA",
"openssl.cnf": OPENSSLCNF,
"CSRDir": "",
"CertificateDir": "",
"WorkingDir": cwd + "/" + WORKINGDIR})
db_token = Token(self.serial2, tokentype="certificate")
db_token.save()
token = CertificateTokenClass(db_token)
# just upload a ready certificate
token.update({"ca": "localCA",
"request": REQUEST})
self.assertTrue(token.token.serial == self.serial2, token)
self.assertTrue(token.token.tokentype == "certificate",
token.token.tokentype)
self.assertTrue(token.type == "certificate", token)
class_prefix = token.get_class_prefix()
self.assertTrue(class_prefix == "CRT", class_prefix)
self.assertTrue(token.get_class_type() == "certificate", token)
detail = token.get_init_detail()
certificate = detail.get("certificate")
# At each testrun, the certificate might get another serial number!
x509obj = crypto.load_certificate(crypto.FILETYPE_PEM, certificate)
self.assertEqual("{0!r}".format(x509obj.get_issuer()),
"<X509Name object '/C=DE/ST=Hessen"
"/O=privacyidea/CN=CA001'>")
self.assertEqual("{0!r}".format(x509obj.get_subject()),
"<X509Name object '/C=DE/ST=Hessen"
"/O=privacyidea/CN=requester.localdomain'>")
# Test, if the certificate is also completely stored in the tokeninfo
# and if we can retrieve it from the tokeninfo
token = get_tokens(serial=self.serial2)[0]
certificate = token.get_tokeninfo("certificate")
x509obj = crypto.load_certificate(crypto.FILETYPE_PEM, certificate)
self.assertEqual("{0!r}".format(x509obj.get_issuer()),
"<X509Name object '/C=DE/ST=Hessen"
"/O=privacyidea/CN=CA001'>")
self.assertEqual("{0!r}".format(x509obj.get_subject()),
"<X509Name object '/C=DE/ST=Hessen"
"/O=privacyidea/CN=requester.localdomain'>")
def test_01_create_token_from_certificate(self):
db_token = Token(self.serial1, tokentype="certificate")
db_token.save()
token = CertificateTokenClass(db_token)
# just upload a ready certificate
token.update({"certificate": CERT})
self.assertTrue(token.token.serial == self.serial1, token)
self.assertTrue(token.token.tokentype == "certificate",
token.token.tokentype)
self.assertTrue(token.type == "certificate", token)
class_prefix = token.get_class_prefix()
self.assertTrue(class_prefix == "CRT", class_prefix)
self.assertEqual(token.get_class_type(), "certificate")
detail = token.get_init_detail()
self.assertEqual(detail.get("certificate"), CERT)
def test_01_create_token_from_certificate(self):
db_token = Token(self.serial1, tokentype="certificate")
db_token.save()
token = CertificateTokenClass(db_token)
# just upload a ready certificate
token.update({"certificate": CERT})
self.assertTrue(token.token.serial == self.serial1, token)
self.assertTrue(token.token.tokentype == "certificate",
token.token.tokentype)
self.assertTrue(token.type == "certificate", token)
class_prefix = token.get_class_prefix()
self.assertTrue(class_prefix == "CRT", class_prefix)
self.assertEqual(token.get_class_type(), "certificate")
detail = token.get_init_detail()
self.assertEqual(detail.get("certificate"), CERT)
def test_02b_success_request_with_attestation(self):
cwd = os.getcwd()
# setup ca connector
r = save_caconnector({
"cakey": CAKEY,
"cacert": CACERT,
"type": "local",
"caconnector": "localCA",
"openssl.cnf": OPENSSLCNF,
"CSRDir": "",
"CertificateDir": "",
"WorkingDir": cwd + "/" + WORKINGDIR
})
db_token = Token(self.serial2, tokentype="certificate")
db_token.save()
token = CertificateTokenClass(db_token)
# The cert request will success with a valid attestation certificate
token.update({
"ca": "localCA",
"attestation": YUBIKEY_ATTEST,
"request": YUBIKEY_CSR,
ACTION.TRUSTED_CA_PATH: ["tests/testdata/attestation/"]
})
class_prefix = token.get_class_prefix()
self.assertTrue(class_prefix == "CRT", class_prefix)
self.assertTrue(token.get_class_type() == "certificate", token)
detail = token.get_init_detail()
certificate = detail.get("certificate")
# At each testrun, the certificate might get another serial number!
x509obj = crypto.load_certificate(crypto.FILETYPE_PEM, certificate)
self.assertEqual(
"{0!r}".format(x509obj.get_issuer()),
"<X509Name object '/C=DE/ST=Hessen"
"/O=privacyidea/CN=CA001'>")
self.assertEqual("{0!r}".format(x509obj.get_subject()),
"<X509Name object '/CN=cn=cornelius'>")
remove_token(self.serial2)
