def test_gen_privkey_rsa(self):
input_output_data = [
(
{ "bitlen": 512 },
b"512 bit",
),
(
{ "bitlen": 600 },
b"600 bit",
),
]
for (input_data, output_data) in input_output_data:
with tempfile.NamedTemporaryFile(prefix = "privkey_", suffix = ".pem") as f:
OpenSSLTools.create_private_key(PrivateKeyStorage(storage_form = PrivateKeyStorageForm.PEM_FILE, filename = f.name), keyspec = KeySpecification(cryptosystem = Cryptosystems.RSA, parameters = input_data))
content = self._read_file(f.name)
self.assertIn(b"BEGIN RSA PRIVATE KEY", content)
self.assertIn(b"END RSA PRIVATE KEY", content)
output = SubprocessExecutor([ "openssl", "rsa", "-text" ], stdin = content).run().stdout
self.assertIn(output_data, output)
def test_gen_selfsigned_cert(self):
with tempfile.NamedTemporaryFile(prefix = "privkey_", suffix = ".pem") as privkey_file, tempfile.NamedTemporaryFile(prefix = "crt_", suffix = ".pem") as certificate_file:
OpenSSLTools.create_private_key(PrivateKeyStorage(storage_form = PrivateKeyStorageForm.PEM_FILE, filename = privkey_file.name), keyspec = KeySpecification(cryptosystem = Cryptosystems.ECC_ECDSA, parameters = { "curvename": "secp256r1" }))
private_key_storage = PrivateKeyStorage(storage_form = PrivateKeyStorageForm.PEM_FILE, filename = privkey_file.name)
OpenSSLTools.create_selfsigned_certificate(private_key_storage = private_key_storage, certificate_filename = certificate_file.name, subject_dn = "/CN=Foobar", validity_days = 365)
output = SubprocessExecutor([ "openssl", "x509", "-text" ], stdin = self._read_file(certificate_file.name)).run().stdout
self.assertIn(b"BEGIN CERTIFICATE--", output)
self.assertIn(b"END CERTIFICATE--", output)
self.assertTrue((b"Subject: CN = Foobar" in output) or (b"Subject: CN=Foobar" in output))
self.assertNotIn(b"X509v3 extensions:", output)
OpenSSLTools.create_selfsigned_certificate(private_key_storage = private_key_storage, certificate_filename = certificate_file.name, subject_dn = "/CN=Foobar", subject_alternative_dns_names = [ "muhkuh" ], validity_days = 365)
output = SubprocessExecutor([ "openssl", "x509", "-text" ], stdin = self._read_file(certificate_file.name)).run().stdout
self.assertIn(b"BEGIN CERTIFICATE--", output)
self.assertIn(b"END CERTIFICATE--", output)
self.assertTrue((b"Subject: CN = Foobar" in output) or (b"Subject: CN=Foobar" in output))
self.assertIn(b"X509v3 extensions:", output)
self.assertIn(b"X509v3 Subject Alternative Name:", output)
self.assertIn(b"DNS:muhkuh", output)
OpenSSLTools.create_selfsigned_certificate(private_key_storage = private_key_storage, certificate_filename = certificate_file.name, subject_dn = "/CN=Foobar", subject_alternative_dns_names = [ "muhkuh", "kruckelmuckel" ], validity_days = 365)
output = SubprocessExecutor([ "openssl", "x509", "-text" ], stdin = self._read_file(certificate_file.name)).run().stdout
self.assertIn(b"BEGIN CERTIFICATE--", output)
self.assertIn(b"END CERTIFICATE--", output)
self.assertTrue((b"Subject: CN = Foobar" in output) or (b"Subject: CN=Foobar" in output))
self.assertIn(b"X509v3 extensions:", output)
self.assertIn(b"X509v3 Subject Alternative Name:", output)
self.assertIn(b"DNS:muhkuh", output)
self.assertIn(b"DNS:kruckelmuckel", output)
OpenSSLTools.create_selfsigned_certificate(private_key_storage = private_key_storage, certificate_filename = certificate_file.name, subject_dn = "/CN=Foobar", subject_alternative_dns_names = [ "muhkuh", "kruckelmuckel" ], subject_alternative_ip_addresses = [ "11.22.33.44", "99.88.77.66", "abcd::9876" ], validity_days = 365)
output = SubprocessExecutor([ "openssl", "x509", "-text" ], stdin = self._read_file(certificate_file.name)).run().stdout
self.assertIn(b"BEGIN CERTIFICATE--", output)
self.assertIn(b"END CERTIFICATE--", output)
self.assertTrue((b"Subject: CN = Foobar" in output) or (b"Subject: CN=Foobar" in output))
self.assertIn(b"X509v3 extensions:", output)
self.assertIn(b"X509v3 Subject Alternative Name:", output)
self.assertIn(b"DNS:muhkuh", output)
self.assertIn(b"DNS:kruckelmuckel", output)
self.assertIn(b"IP Address:11.22.33.44", output)
self.assertIn(b"IP Address:99.88.77.66", output)
self.assertIn(b"IP Address:ABCD:0:0:0:0:0:0:9876", output)
OpenSSLTools.create_selfsigned_certificate(private_key_storage = private_key_storage, certificate_filename = certificate_file.name, subject_dn = "/CN=Foobar", subject_alternative_dns_names = [ "muhkuh", "kruckelmuckel" ], subject_alternative_ip_addresses = [ "11.22.33.44", "99.88.77.66", "abcd::9876" ], x509_extensions = { "2.3.4.5.6.7": "ASN1:UTF8String:Never gonna give you up" }, validity_days = 365)
output = SubprocessExecutor([ "openssl", "x509", "-text" ], stdin = self._read_file(certificate_file.name)).run().stdout
self.assertIn(b"BEGIN CERTIFICATE--", output)
self.assertIn(b"END CERTIFICATE--", output)
self.assertTrue((b"Subject: CN = Foobar" in output) or (b"Subject: CN=Foobar" in output))
self.assertIn(b"X509v3 extensions:", output)
self.assertIn(b"X509v3 Subject Alternative Name:", output)
self.assertIn(b"DNS:muhkuh", output)
self.assertIn(b"DNS:kruckelmuckel", output)
self.assertIn(b"IP Address:11.22.33.44", output)
self.assertIn(b"IP Address:99.88.77.66", output)
self.assertIn(b"IP Address:ABCD:0:0:0:0:0:0:9876", output)
self.assertIn(b"Never gonna give you up", output)