def setUpTestData(cls): cls.root_key = Key().create_key("rsa", 4096) subject = DistinguishedNameFactory( countryName="NL", stateOrProvinceName="Noord Holland", organizationName="Repleo", commonName="BounCA test CA", ) cls.root_certificate = CertificateFactory( dn=subject, name="test_server_root_certificate", expires_at=arrow.get(timezone.now()).shift(days=+30).date()) with mute_signals(signals.post_save): cls.root_certificate.save() root_certhandler = Certificate() root_certhandler.create_certificate(cls.root_certificate, cls.root_key.serialize()) keystore = KeyStore(certificate=cls.root_certificate) keystore.crt = root_certhandler.serialize() keystore.key = cls.root_key.serialize() keystore.save() cls.int_key = Key().create_key("rsa", 4096) subject = DistinguishedNameFactory( countryName=cls.root_certificate.dn.countryName, stateOrProvinceName=cls.root_certificate.dn.stateOrProvinceName, organizationName=cls.root_certificate.dn.organizationName, commonName="BounCA test Int CA", ) cls.int_certificate = CertificateFactory( expires_at=arrow.get(timezone.now()).shift(days=+5).date(), name="test_server_intermediate_certificate", type=CertificateTypes.INTERMEDIATE, parent=cls.root_certificate, dn=subject, ) with mute_signals(signals.post_save): cls.int_certificate.save() int_certhandler = Certificate() int_certhandler.create_certificate(cls.int_certificate, cls.int_key.serialize()) keystore = KeyStore(certificate=cls.int_certificate) keystore.crt = int_certhandler.serialize() keystore.key = cls.int_key.serialize() keystore.save() cls.key = Key().create_key("rsa", 4096)
def setUpTestData(cls): cls.root_key = Key().create_key("ed25519", None) subject = DistinguishedNameFactory(countryName="NL", stateOrProvinceName="Noord Holland", organizationName="Repleo") cls.root_certificate = CertificateFactory( dn=subject, name="test client root certificate", expires_at=arrow.get(timezone.now()).shift(days=+30).date()) with mute_signals(signals.post_save): cls.root_certificate.save() root_certhandler = Certificate() root_certhandler.create_certificate(cls.root_certificate, cls.root_key.serialize()) keystore = KeyStore(certificate=cls.root_certificate) keystore.crt = root_certhandler.serialize() keystore.key = cls.root_key.serialize() keystore.save() cls.int_key = Key().create_key("ed25519", None) subject = DistinguishedNameFactory( countryName=cls.root_certificate.dn.countryName, stateOrProvinceName=cls.root_certificate.dn.stateOrProvinceName, organizationName=cls.root_certificate.dn.organizationName, ) cls.int_certificate = CertificateFactory( expires_at=arrow.get(timezone.now()).shift(days=+5).date(), name="test ocsp intermediate certificate", type=CertificateTypes.INTERMEDIATE, parent=cls.root_certificate, dn=subject, crl_distribution_url="https://example.com/crl/cert.crl.pem", ocsp_distribution_host="https://example.com/ocsp/", ) with mute_signals(signals.post_save): cls.int_certificate.save() int_certhandler = Certificate() int_certhandler.create_certificate(cls.int_certificate, cls.int_key.serialize()) keystore = KeyStore(certificate=cls.int_certificate) keystore.crt = int_certhandler.serialize() keystore.key = cls.int_key.serialize() keystore.save() cls.key = Key().create_key("ed25519", None)
def test_generate_server_certificate_parent_server_cert(self): server_subject = DistinguishedNameFactory(subjectAltNames=None) certificate = CertificateFactory( type=CertificateTypes.SERVER_CERT, name="test_generate_server_certificate_parent_server_cert_1", parent=self.int_certificate, dn=server_subject, crl_distribution_url=None, ocsp_distribution_host=None, ) with mute_signals(signals.post_save): certificate.save() certhandler = Certificate() certhandler.create_certificate(certificate, self.key.serialize()) keystore = KeyStore(certificate=certificate) keystore.crt = certhandler.serialize() keystore.key = self.key.serialize() keystore.save() server_subject = DistinguishedNameFactory() with self.assertRaises(CertificateError) as context: certificate_request = CertificateFactory( type=CertificateTypes.SERVER_CERT, name="test_generate_server_certificate_parent_server_cert_2", parent=certificate, dn=server_subject, ) certhandler = Certificate() certhandler.create_certificate(certificate_request, self.key.serialize()) self.assertEqual("A root or intermediate parent is expected", str(context.exception))
def test_revocation_list_builder_one_cert_passphrase(self): subject = DistinguishedNameFactory( countryName=self.root_certificate.dn.countryName, stateOrProvinceName=self.root_certificate.dn.stateOrProvinceName, organizationName=self.root_certificate.dn.organizationName, commonName="BounCA test Int passphrase CA", ) int_certificate = CertificateFactory( expires_at=arrow.get(timezone.now()).shift(days=+5).date(), name="test_server_intermediate_certificate_pass", type=CertificateTypes.INTERMEDIATE, parent=self.root_certificate, dn=subject, ) with mute_signals(signals.post_save): int_certificate.save() int_key = Key().create_key("rsa", 4096) int_certhandler = Certificate() int_certhandler.create_certificate(int_certificate, int_key.serialize()) keystore = KeyStore(certificate=int_certificate) keystore.crt = int_certhandler.serialize() keystore.key = int_key.serialize(passphrase="testphrase") keystore.save() crl = revocation_list_builder([], int_certificate, "testphrase") self.assert_subject(crl.issuer, int_certificate)
def test_generate_intermediate_certificate_passphrase(self): root_key = Key().create_key("ed25519", None) root_certificate = CertificateFactory( expires_at=arrow.get(timezone.now()).shift(days=+3).date(), name="root_test_generate_intermediate_certificate_passphrase", ) with mute_signals(signals.post_save): root_certificate.save() root_certhandler = Certificate() root_certhandler.create_certificate( root_certificate, root_key.serialize(passphrase="SecretRootPP"), passphrase="SecretRootPP") keystore = KeyStore(certificate=root_certificate) keystore.crt = root_certhandler.serialize() keystore.key = root_key.serialize(passphrase="SecretRootPP") keystore.save() subject = DistinguishedNameFactory( countryName=root_certificate.dn.countryName, stateOrProvinceName=root_certificate.dn.stateOrProvinceName, organizationName=root_certificate.dn.organizationName, localityName=root_certificate.dn.localityName, ) certificate_request = CertificateFactory( type=CertificateTypes.INTERMEDIATE, name="test_generate_intermediate_certificate_passphrase", parent=root_certificate, dn=subject, ) certhandler = Certificate() certhandler.create_certificate( certificate_request, self.key.serialize(passphrase="SecretPP"), passphrase="SecretPP", passphrase_issuer="SecretRootPP", ) crt = certhandler.certificate # subject self.assert_subject(crt.subject, certificate_request) self.assertEqual( subject.localityName, crt.subject.get_attributes_for_oid(NameOID.LOCALITY_NAME)[0].value) # issuer self.assert_subject(crt.issuer, root_certificate) self.assertEqual( subject.localityName, crt.subject.get_attributes_for_oid(NameOID.LOCALITY_NAME)[0].value)
def test_parent_object_not_set(self): subject = DistinguishedNameFactory( countryName=self.root_certificate.dn.countryName, stateOrProvinceName=self.root_certificate.dn.stateOrProvinceName, organizationName=self.root_certificate.dn.organizationName, localityName=self.root_certificate.dn.localityName, commonName="ca test repleo", ) root_certificate = CertificateFactory( expires_at=arrow.get(timezone.now()).shift(days=+3).date(), name="root_test_parent_object_not_set", dn=subject, ) with mute_signals(signals.post_save): root_certificate.save() certificate = Certificate() certificate.create_certificate(root_certificate, self.root_key.serialize()) keystore = KeyStore(certificate=root_certificate) keystore.crt = "" keystore.key = self.root_key.serialize() keystore.save(full_clean=False) key = Key().create_key("ed25519", None) subject_int = DistinguishedNameFactory( countryName=self.root_certificate.dn.countryName, stateOrProvinceName=self.root_certificate.dn.stateOrProvinceName, organizationName=self.root_certificate.dn.organizationName, localityName=self.root_certificate.dn.localityName, commonName="ca int test repleo", ) certificate = CertificateFactory( type=CertificateTypes.INTERMEDIATE, name="test_parent_object_not_set", parent=root_certificate, dn=subject_int, ) with self.assertRaises(RuntimeError) as context: certhandler = Certificate() certhandler.create_certificate(certificate, key.serialize()) self.assertEqual("Parent certificate object has not been set", str(context.exception))
def test_generate_intermediate_certificate_passphrase_wrong_issuer_passphrase( self): root_key = Key().create_key("ed25519", None) root_certificate = CertificateFactory( expires_at=arrow.get(timezone.now()).shift(days=+3).date(), name="root_test_certificate_passphrase_wrong_issuer_passphrase", ) with mute_signals(signals.post_save): root_certificate.save() root_certhandler = Certificate() root_certhandler.create_certificate( root_certificate, root_key.serialize(passphrase="SecretRootPP"), passphrase="SecretRootPP") keystore = KeyStore(certificate=root_certificate) keystore.crt = root_certhandler.serialize() keystore.key = root_key.serialize(passphrase="SecretRootPP") keystore.save() subject = DistinguishedNameFactory( countryName=root_certificate.dn.countryName, stateOrProvinceName=root_certificate.dn.stateOrProvinceName, organizationName=root_certificate.dn.organizationName, ) certificate = CertificateFactory( type=CertificateTypes.INTERMEDIATE, name="test_certificate_passphrase_wrong_issuer_passphrase", parent=root_certificate, dn=subject, ) certhandler = Certificate() with self.assertRaisesMessage( PassPhraseError, "Bad passphrase, could not decode issuer key"): certhandler.create_certificate( certificate, self.key.serialize(passphrase="SecretPP"), passphrase="SecretPP", passphrase_issuer="SecretRootPPInvalid", )
def setUpTestData(cls): with mute_signals(signals.post_save): cls.root_key = Key().create_key("rsa", 4096) subject = DistinguishedNameFactory( countryName="NL", stateOrProvinceName="Noord Holland", organizationName="Repleo") cls.root_certificate = CertificateFactory( dn=subject, expires_at=arrow.get(timezone.now()).shift(days=+3).date()) cls.root_certificate.save() certificate = Certificate() key = cls.root_key.serialize() certificate.create_certificate(cls.root_certificate, key) keystore = KeyStore(certificate=cls.root_certificate) keystore.crt = certificate.serialize() keystore.key = key keystore.save() cls.key = Key().create_key("rsa", 4096)
def test_serialize_pkcs12_cas_nopassphrase(self): root_key = Key().create_key("ed25519", None) subject = DistinguishedNameFactory(countryName="NL", stateOrProvinceName="Noord Holland", organizationName="Repleo") root_certificate = CertificateFactory( dn=subject, name="test_server_root_certificate", expires_at=arrow.get(timezone.now()).shift(days=+30).date()) with mute_signals(signals.post_save): root_certificate.save() root_certhandler = Certificate() root_certhandler.create_certificate(root_certificate, root_key.serialize()) keystore = KeyStore(certificate=root_certificate) keystore.crt = root_certhandler.serialize() keystore.key = root_key.serialize() keystore.save() int_key = Key().create_key("rsa", 2048) subject = DistinguishedNameFactory( countryName=root_certificate.dn.countryName, stateOrProvinceName=root_certificate.dn.stateOrProvinceName, organizationName=root_certificate.dn.organizationName, ) int_certificate = CertificateFactory( expires_at=arrow.get(timezone.now()).shift(days=+5).date(), name="test_server_intermediate_certificate", type=CertificateTypes.INTERMEDIATE, parent=root_certificate, dn=subject, crl_distribution_url="https://example.com/crl/cert.crl.pem", ocsp_distribution_host="https://example.com/ocsp/", ) with mute_signals(signals.post_save): int_certificate.save() int_certhandler = Certificate() int_certhandler.create_certificate(int_certificate, int_key.serialize()) keystore = KeyStore(certificate=int_certificate) keystore.crt = int_certhandler.serialize() keystore.key = int_key.serialize() keystore.save() pkcs12 = int_key.serialize_pkcs12("test_pkcs12_cas", int_certhandler.certificate, cas=[root_certhandler.certificate]) pkcs12_obj = load_pkcs12(pkcs12, None) self.assertEqual(pkcs12_obj.key.key_size, 2048) self.assertEqual(pkcs12_obj.cert.friendly_name.decode("utf-8"), "test_pkcs12_cas") self.assertEqual(pkcs12_obj.cert.certificate.serial_number, int_certhandler.certificate.serial_number) self.assertEqual( pkcs12_obj.additional_certs[0].certificate.serial_number, root_certhandler.certificate.serial_number)