def test_070_servers(self):
# return
ssl_cert_path = os.path.join(PKIDATA, 'localhost_ssl_cert.pem')
ssl_cert = QgsAuthCertUtils.certsFromFile(ssl_cert_path)[0]
msg = 'SSL server certificate is null'
self.assertFalse(ssl_cert.isNull(), msg)
cert_sha = QgsAuthCertUtils.shaHexForCert(ssl_cert)
hostport = 'localhost:8443'
config = QgsAuthConfigSslServer()
config.setSslCertificate(ssl_cert)
config.setSslHostPort(hostport)
config.setSslIgnoredErrorEnums([QSslError.SelfSignedCertificate])
config.setSslPeerVerifyMode(QSslSocket.VerifyNone)
config.setSslPeerVerifyDepth(3)
config.setSslProtocol(QSsl.TlsV1)
msg = 'SSL config is null'
self.assertFalse(config.isNull(), msg)
msg = 'Could not store SSL config'
self.assertTrue(self.authm.storeSslCertCustomConfig(config), msg)
msg = 'Could not verify storage of SSL config'
self.assertTrue(
self.authm.existsSslCertCustomConfig(cert_sha, hostport), msg)
msg = 'Could not verify SSL config in all configs'
self.assertIsNotNone(self.authm.getSslCertCustomConfigs(), msg)
msg = 'Could not retrieve SSL config'
config2 = self.authm.getSslCertCustomConfig(cert_sha, hostport)
""":type: QgsAuthConfigSslServer"""
self.assertFalse(config2.isNull(), msg)
msg = 'Certificate of retrieved SSL config does not match'
self.assertEqual(config.sslCertificate(), config2.sslCertificate(),
msg)
msg = 'HostPort of retrieved SSL config does not match'
self.assertEqual(config.sslHostPort(), config2.sslHostPort(), msg)
msg = 'IgnoredErrorEnums of retrieved SSL config does not match'
enums = config2.sslIgnoredErrorEnums()
self.assertTrue(QSslError.SelfSignedCertificate in enums, msg)
msg = 'PeerVerifyMode of retrieved SSL config does not match'
self.assertEqual(config.sslPeerVerifyMode(),
config2.sslPeerVerifyMode(), msg)
msg = 'PeerVerifyDepth of retrieved SSL config does not match'
self.assertEqual(config.sslPeerVerifyDepth(),
config2.sslPeerVerifyDepth(), msg)
msg = 'Protocol of retrieved SSL config does not match'
self.assertEqual(config.sslProtocol(), config2.sslProtocol(), msg)
# dlg = QgsAuthSslConfigDialog(None, ssl_cert, hostport)
# dlg.exec_()
msg = 'Could not remove SSL config'
self.assertTrue(
self.authm.removeSslCertCustomConfig(cert_sha, hostport), msg)
msg = 'Could not verify removal of SSL config'
self.assertFalse(
self.authm.existsSslCertCustomConfig(cert_sha, hostport), msg)
def test_070_servers(self):
# return
ssl_cert_path = os.path.join(PKIDATA, 'localhost_ssl_cert.pem')
ssl_cert = QgsAuthCertUtils.certsFromFile(ssl_cert_path)[0]
msg = 'SSL server certificate is null'
self.assertFalse(ssl_cert.isNull(), msg)
cert_sha = QgsAuthCertUtils.shaHexForCert(ssl_cert)
hostport = 'localhost:8443'
config = QgsAuthConfigSslServer()
config.setSslCertificate(ssl_cert)
config.setSslHostPort(hostport)
config.setSslIgnoredErrorEnums([QSslError.SelfSignedCertificate])
config.setSslPeerVerifyMode(QSslSocket.VerifyNone)
config.setSslPeerVerifyDepth(3)
config.setSslProtocol(QSsl.TlsV1)
msg = 'SSL config is null'
self.assertFalse(config.isNull(), msg)
msg = 'Could not store SSL config'
self.assertTrue(self.authm.storeSslCertCustomConfig(config), msg)
msg = 'Could not verify storage of SSL config'
self.assertTrue(
self.authm.existsSslCertCustomConfig(cert_sha, hostport), msg)
msg = 'Could not verify SSL config in all configs'
self.assertIsNotNone(self.authm.getSslCertCustomConfigs(), msg)
msg = 'Could not retrieve SSL config'
config2 = self.authm.getSslCertCustomConfig(cert_sha, hostport)
""":type: QgsAuthConfigSslServer"""
self.assertFalse(config2.isNull(), msg)
msg = 'Certificate of retrieved SSL config does not match'
self.assertEqual(config.sslCertificate(), config2.sslCertificate(), msg)
msg = 'HostPort of retrieved SSL config does not match'
self.assertEqual(config.sslHostPort(), config2.sslHostPort(), msg)
msg = 'IgnoredErrorEnums of retrieved SSL config does not match'
enums = config2.sslIgnoredErrorEnums()
self.assertTrue(QSslError.SelfSignedCertificate in enums, msg)
msg = 'PeerVerifyMode of retrieved SSL config does not match'
self.assertEqual(config.sslPeerVerifyMode(),
config2.sslPeerVerifyMode(), msg)
msg = 'PeerVerifyDepth of retrieved SSL config does not match'
self.assertEqual(config.sslPeerVerifyDepth(),
config2.sslPeerVerifyDepth(), msg)
msg = 'Protocol of retrieved SSL config does not match'
self.assertEqual(config.sslProtocol(), config2.sslProtocol(), msg)
# dlg = QgsAuthSslConfigDialog(None, ssl_cert, hostport)
# dlg.exec_()
msg = 'Could not remove SSL config'
self.assertTrue(
self.authm.removeSslCertCustomConfig(cert_sha, hostport), msg)
msg = 'Could not verify removal of SSL config'
self.assertFalse(
self.authm.existsSslCertCustomConfig(cert_sha, hostport), msg)
def test_060_identities(self):
client_cert_path = os.path.join(PKIDATA, 'fra_cert.pem')
client_key_path = os.path.join(PKIDATA, 'fra_key_w-pass.pem')
client_key_pass = '******'
client_p12_path = os.path.join(PKIDATA, 'gerardus_w-chain.p12')
client_p12_pass = '******'
# store regular PEM cert/key and generate config
# noinspection PyTypeChecker
bundle1 = QgsPkiBundle.fromPemPaths(client_cert_path, client_key_path,
client_key_pass)
bundle1_cert = bundle1.clientCert()
bundle1_key = bundle1.clientKey()
bundle1_ca_chain = bundle1.caChain()
bundle1_cert_sha = bundle1.certId()
# with open(client_key_path, 'r') as f:
# key_data = f.read()
#
# client_cert = QgsAuthCertUtils.certsFromFile(client_cert_path)[0]
msg = 'Identity PEM certificate is null'
self.assertFalse(bundle1_cert.isNull(), msg)
# cert_sha = QgsAuthCertUtils.shaHexForCert(client_cert)
#
# client_key = QSslKey(key_data, QSsl.Rsa, QSsl.Pem,
# QSsl.PrivateKey, client_key_pass)
msg = 'Identity PEM key is null'
self.assertFalse(bundle1_key.isNull(), msg)
msg = 'Identity PEM certificate chain is not empty'
self.assertEqual(len(bundle1_ca_chain), 0, msg)
msg = "Identity PEM could not be stored in database"
self.assertTrue(
self.authm.storeCertIdentity(bundle1_cert, bundle1_key), msg)
msg = "Identity PEM not found in database"
self.assertTrue(self.authm.existsCertIdentity(bundle1_cert_sha), msg)
config1 = QgsAuthMethodConfig()
config1.setName('IdentityCert - PEM')
config1.setMethod('Identity-Cert')
config1.setConfig('certid', bundle1_cert_sha)
msg = 'Could not store PEM identity config'
self.assertTrue(self.authm.storeAuthenticationConfig(config1), msg)
configid1 = config1.id()
msg = 'Could not retrieve PEM identity config id from store op'
self.assertIsNotNone(configid1, msg)
config2 = QgsAuthMethodConfig()
msg = 'Could not load PEM identity config'
self.assertTrue(
self.authm.loadAuthenticationConfig(configid1, config2, True), msg)
# store PKCS#12 bundled cert/key and generate config
# bundle = QgsPkcsBundle(client_p12_path, client_p12_pass)
# noinspection PyTypeChecker
bundle = QgsPkiBundle.fromPkcs12Paths(client_p12_path, client_p12_pass)
bundle_cert = bundle.clientCert()
bundle_key = bundle.clientKey()
bundle_ca_chain = bundle.caChain()
bundle_cert_sha = QgsAuthCertUtils.shaHexForCert(bundle_cert)
msg = 'Identity bundle certificate is null'
self.assertFalse(bundle_cert.isNull(), msg)
msg = 'Identity bundle key is null'
self.assertFalse(bundle_key.isNull(), msg)
msg = 'Identity bundle CA chain is not correct depth'
self.assertEqual(len(bundle_ca_chain), 3, msg)
msg = "Identity bundle could not be stored in database"
self.assertTrue(self.authm.storeCertIdentity(bundle_cert, bundle_key),
msg)
msg = "Identity bundle not found in database"
self.assertTrue(self.authm.existsCertIdentity(bundle_cert_sha), msg)
bundle_config = QgsAuthMethodConfig()
bundle_config.setName('IdentityCert - Bundle')
bundle_config.setMethod('Identity-Cert')
bundle_config.setConfig('certid', bundle_cert_sha)
msg = 'Could not store bundle identity config'
self.assertTrue(self.authm.storeAuthenticationConfig(bundle_config),
msg)
bundle_configid = bundle_config.id()
msg = 'Could not retrieve bundle identity config id from store op'
self.assertIsNotNone(bundle_configid, msg)
bundle_config2 = QgsAuthMethodConfig()
msg = 'Could not load bundle identity config'
self.assertTrue(
self.authm.loadAuthenticationConfig(bundle_configid,
bundle_config2, True), msg)
# TODO: add more tests
# self.show_editors_widget()
msg = 'Could not remove PEM identity config'
self.assertTrue(self.authm.removeAuthenticationConfig(configid1), msg)
msg = 'Could not remove bundle identity config'
self.assertTrue(self.authm.removeAuthenticationConfig(bundle_configid),
msg)
def test_060_identities(self):
client_cert_path = os.path.join(PKIDATA, 'fra_cert.pem')
client_key_path = os.path.join(PKIDATA, 'fra_key_w-pass.pem')
client_key_pass = '******'
client_p12_path = os.path.join(PKIDATA, 'gerardus_w-chain.p12')
client_p12_pass = '******'
# store regular PEM cert/key and generate config
# noinspection PyTypeChecker
bundle1 = QgsPkiBundle.fromPemPaths(client_cert_path, client_key_path,
client_key_pass)
bundle1_cert = bundle1.clientCert()
bundle1_key = bundle1.clientKey()
bundle1_ca_chain = bundle1.caChain()
bundle1_cert_sha = bundle1.certId()
# with open(client_key_path, 'r') as f:
# key_data = f.read()
#
# client_cert = QgsAuthCertUtils.certsFromFile(client_cert_path)[0]
msg = 'Identity PEM certificate is null'
self.assertFalse(bundle1_cert.isNull(), msg)
# cert_sha = QgsAuthCertUtils.shaHexForCert(client_cert)
#
# client_key = QSslKey(key_data, QSsl.Rsa, QSsl.Pem,
# QSsl.PrivateKey, client_key_pass)
msg = 'Identity PEM key is null'
self.assertFalse(bundle1_key.isNull(), msg)
msg = 'Identity PEM certificate chain is not empty'
self.assertEqual(len(bundle1_ca_chain), 0, msg)
msg = "Identity PEM could not be stored in database"
self.assertTrue(
self.authm.storeCertIdentity(bundle1_cert, bundle1_key), msg)
msg = "Identity PEM not found in database"
self.assertTrue(self.authm.existsCertIdentity(bundle1_cert_sha), msg)
config1 = QgsAuthMethodConfig()
config1.setName('IdentityCert - PEM')
config1.setMethod('Identity-Cert')
config1.setConfig('certid', bundle1_cert_sha)
msg = 'Could not store PEM identity config'
self.assertTrue(self.authm.storeAuthenticationConfig(config1), msg)
configid1 = config1.id()
msg = 'Could not retrieve PEM identity config id from store op'
self.assertIsNotNone(configid1, msg)
config2 = QgsAuthMethodConfig()
msg = 'Could not load PEM identity config'
self.assertTrue(
self.authm.loadAuthenticationConfig(configid1, config2, True),
msg)
# store PKCS#12 bundled cert/key and generate config
# bundle = QgsPkcsBundle(client_p12_path, client_p12_pass)
# noinspection PyTypeChecker
bundle = QgsPkiBundle.fromPkcs12Paths(client_p12_path, client_p12_pass)
bundle_cert = bundle.clientCert()
bundle_key = bundle.clientKey()
bundle_ca_chain = bundle.caChain()
bundle_cert_sha = QgsAuthCertUtils.shaHexForCert(bundle_cert)
msg = 'Identity bundle certificate is null'
self.assertFalse(bundle_cert.isNull(), msg)
msg = 'Identity bundle key is null'
self.assertFalse(bundle_key.isNull(), msg)
msg = 'Identity bundle CA chain is not correct depth'
self.assertEqual(len(bundle_ca_chain), 3, msg)
msg = "Identity bundle could not be stored in database"
self.assertTrue(
self.authm.storeCertIdentity(bundle_cert, bundle_key), msg)
msg = "Identity bundle not found in database"
self.assertTrue(self.authm.existsCertIdentity(bundle_cert_sha), msg)
bundle_config = QgsAuthMethodConfig()
bundle_config.setName('IdentityCert - Bundle')
bundle_config.setMethod('Identity-Cert')
bundle_config.setConfig('certid', bundle_cert_sha)
msg = 'Could not store bundle identity config'
self.assertTrue(
self.authm.storeAuthenticationConfig(bundle_config), msg)
bundle_configid = bundle_config.id()
msg = 'Could not retrieve bundle identity config id from store op'
self.assertIsNotNone(bundle_configid, msg)
bundle_config2 = QgsAuthMethodConfig()
msg = 'Could not load bundle identity config'
self.assertTrue(
self.authm.loadAuthenticationConfig(bundle_configid,
bundle_config2,
True),
msg)
# TODO: add more tests
# self.show_editors_widget()
msg = 'Could not remove PEM identity config'
self.assertTrue(self.authm.removeAuthenticationConfig(configid1), msg)
msg = 'Could not remove bundle identity config'
self.assertTrue(
self.authm.removeAuthenticationConfig(bundle_configid), msg)
