Revize aa740737
Přidáno uživatelem Michal Seják před asi 4 roky(ů)
| tests/unit_tests/rest_api/certificates.py | ||
|---|---|---|
| 1 |
def test_import(server): |
|
| 2 |
assert 1 + 2 + 3 + 4 != -1 / 12 |
|
| 3 |
|
|
| 4 |
ret = server.get("/")
|
|
| 5 |
assert ret.status_code == 200 |
|
| 6 |
assert str(ret.data, encoding='utf-8') == "Welcome to the X.509 management application homepage!" |
|
| 1 |
# structure: |
|
| 2 |
# 1->10 |
|
| 3 |
# 2->3->4->5->6->7 |
|
| 4 |
# 2->8->9 |
|
| 7 | 5 |
|
| 8 | 6 |
|
| 9 |
def test_root_ca(server):
|
|
| 10 |
ret = server.post("/api/certificates", content_type="application/json", json={
|
|
| 7 |
def make_root_ca(server, title="Root CA s.r.o."):
|
|
| 8 |
return server.post("/api/certificates", content_type="application/json", json={
|
|
| 11 | 9 |
"subject": {
|
| 12 | 10 |
"C": "CZ", |
| 13 |
"CN": "Root CA s.r.o.",
|
|
| 11 |
"CN": title,
|
|
| 14 | 12 |
"L": "Pilsen", |
| 15 |
"O": "Root CA s.r.o.",
|
|
| 13 |
"O": title,
|
|
| 16 | 14 |
"OU": "IT department", |
| 17 | 15 |
"ST": "Pilsen Region", |
| 18 | 16 |
"emailAddress": "root@ca.com" |
| ... | ... | |
| 26 | 24 |
"validityDays": 30 |
| 27 | 25 |
}) |
| 28 | 26 |
|
| 27 |
|
|
| 28 |
def make_inter_ca(server, parent, title="Intermediate CA s.r.o."): |
|
| 29 |
return server.post("/api/certificates", content_type="application/json", json={
|
|
| 30 |
"CA": parent, |
|
| 31 |
"subject": {
|
|
| 32 |
"C": "CZ", |
|
| 33 |
"CN": title, |
|
| 34 |
"L": "Pilsen", |
|
| 35 |
"O": title, |
|
| 36 |
"OU": "IT department", |
|
| 37 |
"ST": "Pilsen Region", |
|
| 38 |
"emailAddress": "inter@ca.com" |
|
| 39 |
}, |
|
| 40 |
"usage": {
|
|
| 41 |
"CA": True, |
|
| 42 |
"SSL": True, |
|
| 43 |
"authentication": True, |
|
| 44 |
"digitalSignature": True |
|
| 45 |
}, |
|
| 46 |
"validityDays": 30 |
|
| 47 |
}) |
|
| 48 |
|
|
| 49 |
|
|
| 50 |
def make_end_cert(server, parent, title="End certificate s.r.o.", usage=None): |
|
| 51 |
if usage is None: |
|
| 52 |
usage = {
|
|
| 53 |
"CA": False, |
|
| 54 |
"SSL": True, |
|
| 55 |
"authentication": True, |
|
| 56 |
"digitalSignature": True |
|
| 57 |
} |
|
| 58 |
|
|
| 59 |
return server.post("/api/certificates", content_type="application/json", json={
|
|
| 60 |
"CA": parent, |
|
| 61 |
"subject": {
|
|
| 62 |
"C": "CZ", |
|
| 63 |
"CN": title, |
|
| 64 |
"L": "Pilsen", |
|
| 65 |
"O": title, |
|
| 66 |
"OU": "IT department", |
|
| 67 |
"ST": "Pilsen Region", |
|
| 68 |
"emailAddress": "end@ca.com" |
|
| 69 |
}, |
|
| 70 |
"usage": usage, |
|
| 71 |
"validityDays": 30 |
|
| 72 |
}) |
|
| 73 |
|
|
| 74 |
|
|
| 75 |
def test_import(server): |
|
| 76 |
assert 1 + 2 + 3 + 4 != -1 / 12 |
|
| 77 |
|
|
| 78 |
ret = server.get("/")
|
|
| 79 |
assert ret.status_code == 200 |
|
| 80 |
assert str(ret.data, encoding='utf-8') == "Welcome to the X.509 management application homepage!" |
|
| 81 |
|
|
| 82 |
|
|
| 83 |
def test_root_ca(server): |
|
| 84 |
ret = make_root_ca(server) |
|
| 85 |
|
|
| 29 | 86 |
assert ret.status_code == 201 |
| 30 | 87 |
|
| 31 | 88 |
d = ret.json |
| ... | ... | |
| 152 | 209 |
|
| 153 | 210 |
|
| 154 | 211 |
def test_create_chain(server): |
| 155 |
ret = server.post("/api/certificates", content_type="application/json", json={
|
|
| 156 |
"subject": {
|
|
| 157 |
"C": "CZ", |
|
| 158 |
"CN": "Another Root CA s.r.o.", |
|
| 159 |
"L": "Pilsen", |
|
| 160 |
"O": "Another Root CA s.r.o.", |
|
| 161 |
"OU": "IT department", |
|
| 162 |
"ST": "Pilsen Region", |
|
| 163 |
"emailAddress": "root@ca.com" |
|
| 164 |
}, |
|
| 165 |
"usage": {
|
|
| 166 |
"CA": True, |
|
| 167 |
"SSL": True, |
|
| 168 |
"authentication": True, |
|
| 169 |
"digitalSignature": True |
|
| 170 |
}, |
|
| 171 |
"validityDays": 30 |
|
| 172 |
}) |
|
| 212 |
ret = make_root_ca(server, "Another Root CA s.r.o.") |
|
| 173 | 213 |
|
| 174 | 214 |
assert ret.status_code == 201 |
| 175 | 215 |
|
| ... | ... | |
| 180 | 220 |
assert "success" in d |
| 181 | 221 |
assert d["success"] |
| 182 | 222 |
|
| 183 |
ret = server.post("/api/certificates", content_type="application/json", json={
|
|
| 184 |
"CA": 2, |
|
| 185 |
"subject": {
|
|
| 186 |
"C": "CZ", |
|
| 187 |
"CN": "Intermediate CA s.r.o.", |
|
| 188 |
"L": "Pilsen", |
|
| 189 |
"O": "Intermediate CA s.r.o.", |
|
| 190 |
"OU": "IT department", |
|
| 191 |
"ST": "Pilsen Region", |
|
| 192 |
"emailAddress": "inter@ca.com" |
|
| 193 |
}, |
|
| 194 |
"usage": {
|
|
| 195 |
"CA": True, |
|
| 196 |
"SSL": True, |
|
| 197 |
"authentication": True, |
|
| 198 |
"digitalSignature": True |
|
| 199 |
}, |
|
| 200 |
"validityDays": 30 |
|
| 201 |
}) |
|
| 223 |
ret = make_inter_ca(server, 2) |
|
| 202 | 224 |
|
| 203 | 225 |
assert ret.status_code == 201 |
| 204 | 226 |
|
| ... | ... | |
| 209 | 231 |
assert "success" in d |
| 210 | 232 |
assert d["success"] |
| 211 | 233 |
|
| 212 |
ret = server.post("/api/certificates", content_type="application/json", json={
|
|
| 213 |
"CA": 3, |
|
| 214 |
"subject": {
|
|
| 215 |
"C": "CZ", |
|
| 216 |
"CN": "Legit end certificate s.r.o.", |
|
| 217 |
"L": "Pilsen", |
|
| 218 |
"O": "I swear s.r.o.", |
|
| 219 |
"OU": "IT department", |
|
| 220 |
"ST": "Pilsen Region", |
|
| 221 |
"emailAddress": "end@ca.com" |
|
| 222 |
}, |
|
| 223 |
"usage": {
|
|
| 224 |
"CA": True, |
|
| 225 |
"SSL": True, |
|
| 226 |
"authentication": True, |
|
| 227 |
"digitalSignature": True |
|
| 228 |
}, |
|
| 229 |
"validityDays": 30 |
|
| 230 |
}) |
|
| 234 |
ret = make_inter_ca(server, 3) |
|
| 231 | 235 |
|
| 232 | 236 |
assert ret.status_code == 201 |
| 233 | 237 |
|
| ... | ... | |
| 238 | 242 |
assert "success" in d |
| 239 | 243 |
assert d["success"] |
| 240 | 244 |
|
| 245 |
ret = make_inter_ca(server, 4) |
|
| 246 |
|
|
| 247 |
assert ret.status_code == 201 |
|
| 248 |
|
|
| 249 |
d = ret.json |
|
| 250 |
|
|
| 251 |
assert "data" in d |
|
| 252 |
assert d["data"] == 5 |
|
| 253 |
assert "success" in d |
|
| 254 |
assert d["success"] |
|
| 255 |
|
|
| 256 |
ret = make_inter_ca(server, 5) |
|
| 257 |
|
|
| 258 |
assert ret.status_code == 201 |
|
| 259 |
|
|
| 260 |
d = ret.json |
|
| 261 |
|
|
| 262 |
assert "data" in d |
|
| 263 |
assert d["data"] == 6 |
|
| 264 |
assert "success" in d |
|
| 265 |
assert d["success"] |
|
| 266 |
|
|
| 267 |
ret = make_end_cert(server, 6) |
|
| 268 |
|
|
| 269 |
assert ret.status_code == 201 |
|
| 270 |
|
|
| 271 |
d = ret.json |
|
| 272 |
|
|
| 273 |
assert "data" in d |
|
| 274 |
assert d["data"] == 7 |
|
| 275 |
assert "success" in d |
|
| 276 |
assert d["success"] |
|
| 277 |
|
|
| 241 | 278 |
|
| 242 | 279 |
def test_list_of_certificates(server): |
| 243 | 280 |
ret = server.get("/api/certificates")
|
| ... | ... | |
| 274 | 311 |
|
| 275 | 312 |
|
| 276 | 313 |
def test_sign_by_non_ca(server): |
| 277 |
ret = server.post("/api/certificates", content_type="application/json", json={
|
|
| 278 |
"CA": 2, |
|
| 279 |
"subject": {
|
|
| 280 |
"C": "CZ", |
|
| 281 |
"CN": "Fake Intermediate CA s.r.o.", |
|
| 282 |
"L": "Pilsen", |
|
| 283 |
"O": "Fake Intermediate CA s.r.o.", |
|
| 284 |
"OU": "IT department", |
|
| 285 |
"ST": "Pilsen Region", |
|
| 286 |
"emailAddress": "inter@ca.com" |
|
| 287 |
}, |
|
| 288 |
"usage": {
|
|
| 314 |
ret = make_end_cert(server, 2, "Fake intermediate cert s.r.o.", usage={
|
|
| 289 | 315 |
"CA": False, |
| 290 | 316 |
"SSL": True, |
| 291 | 317 |
"authentication": True, |
| 292 | 318 |
"digitalSignature": True |
| 293 |
}, |
|
| 294 |
"validityDays": 30 |
|
| 295 |
}) |
|
| 319 |
}) |
|
| 296 | 320 |
|
| 297 | 321 |
assert ret.status_code == 201 |
| 298 | 322 |
|
| 299 | 323 |
d = ret.json |
| 300 | 324 |
|
| 301 | 325 |
assert "data" in d |
| 302 |
assert d["data"] == 5
|
|
| 326 |
assert d["data"] == 8
|
|
| 303 | 327 |
assert "success" in d |
| 304 | 328 |
assert d["success"] |
| 305 | 329 |
|
| 306 |
ret = server.post("/api/certificates", content_type="application/json", json={
|
|
| 307 |
"CA": 5, |
|
| 308 |
"subject": {
|
|
| 309 |
"C": "CZ", |
|
| 310 |
"CN": "End certificate signed by end certificate s.r.o.", |
|
| 311 |
"L": "Pilsen", |
|
| 312 |
"O": "This is probably bad s.r.o.", |
|
| 313 |
"OU": "IT department", |
|
| 314 |
"ST": "Pilsen Region", |
|
| 315 |
"emailAddress": "end@ca.com" |
|
| 316 |
}, |
|
| 317 |
"usage": {
|
|
| 330 |
ret = make_end_cert(server, 8, "End certificate signed by end certificate s.r.o.", usage={
|
|
| 318 | 331 |
"CA": False, |
| 319 | 332 |
"SSL": True, |
| 320 |
"authentication": True, |
|
| 321 |
"digitalSignature": True |
|
| 322 |
}, |
|
| 323 |
"validityDays": 30 |
|
| 324 |
}) |
|
| 333 |
"authentication": False, |
|
| 334 |
"digitalSignature": False |
|
| 335 |
}) |
|
| 325 | 336 |
|
| 326 | 337 |
# TODO discussion -> assert ret.status_code == 400 |
| 327 | 338 |
assert ret.status_code == 201 |
| ... | ... | |
| 329 | 340 |
d = ret.json |
| 330 | 341 |
|
| 331 | 342 |
assert "data" in d |
| 332 |
assert d["data"] == 6
|
|
| 343 |
assert d["data"] == 9
|
|
| 333 | 344 |
assert "success" in d |
| 334 | 345 |
assert d["success"] |
| 335 | 346 |
|
| ... | ... | |
| 339 | 350 |
|
| 340 | 351 |
assert ret.status_code == 200 |
| 341 | 352 |
|
| 342 |
usage_dict = {'CA': True, 'SSL': True, 'authentication': True, 'digitalSignature': True}
|
|
| 343 |
s1 = "Root CA s.r.o." |
|
| 344 |
s2 = "Another Root CA s.r.o." |
|
| 345 |
s3 = "Intermediate CA s.r.o." |
|
| 353 |
assert "data" in ret.json |
|
| 354 |
assert "success" in ret.json |
|
| 355 |
assert ret.json["success"] |
|
| 356 |
|
|
| 357 |
d = ret.json["data"] |
|
| 358 |
|
|
| 359 |
assert all(c["usage"]["CA"] for c in d) |
|
| 360 |
|
|
| 361 |
all_certs_expected = list(d) |
|
| 362 |
|
|
| 363 |
ret = server.get("/api/certificates", json={"filtering": {"CA": False}})
|
|
| 364 |
|
|
| 365 |
assert ret.status_code == 200 |
|
| 346 | 366 |
|
| 347 | 367 |
assert "data" in ret.json |
| 348 | 368 |
assert "success" in ret.json |
| ... | ... | |
| 350 | 370 |
|
| 351 | 371 |
d = ret.json["data"] |
| 352 | 372 |
|
| 353 |
# print(d)
|
|
| 373 |
assert all(not c["usage"]["CA"] for c in d)
|
|
| 354 | 374 |
|
| 355 |
assert d[0]['CN'] == s1 |
|
| 356 |
assert d[1]['CN'] == s2 |
|
| 357 |
assert d[2]['CN'] == s3 |
|
| 375 |
for v in d: |
|
| 376 |
all_certs_expected.append(v) |
|
| 358 | 377 |
|
| 359 |
assert all(d[i]['id'] == i + 1 for i in range(3)) |
|
| 360 |
assert all(d[i]['usage'] == usage_dict for i in range(3)) |
|
| 378 |
ret = server.get("/api/certificates")
|
|
| 361 | 379 |
|
| 362 |
assert d[0]['issuer']['CN'] == s1 |
|
| 363 |
assert d[1]['issuer']['CN'] == s2 |
|
| 364 |
assert d[2]['issuer']['CN'] == s2 |
|
| 380 |
assert ret.status_code == 200 |
|
| 365 | 381 |
|
| 366 |
assert d[0]['issuer']['id'] == 1 |
|
| 367 |
assert d[1]['issuer']['id'] == 2 |
|
| 368 |
assert d[2]['issuer']['id'] == 2 |
|
| 382 |
assert "data" in ret.json |
|
| 383 |
assert "success" in ret.json |
|
| 384 |
assert ret.json["success"] |
|
| 385 |
|
|
| 386 |
all_certs_actual = ret.json["data"] |
|
| 387 |
|
|
| 388 |
assert len(all_certs_actual) == len(all_certs_expected) |
|
| 389 |
# TODO assert set(all_certs_expected) == set(all_certs_actual) or something like that instead |
|
| 369 | 390 |
|
| 370 | 391 |
|
| 371 | 392 |
def test_get_one(server): |
| ... | ... | |
| 432 | 453 |
|
| 433 | 454 |
d = ret.json |
| 434 | 455 |
|
| 435 |
assert d["data"] == 7
|
|
| 456 |
assert d["data"] == 10
|
|
| 436 | 457 |
|
| 437 | 458 |
id = d["data"] |
| 438 | 459 |
|
| ... | ... | |
| 486 | 507 |
assert not ret.json["success"] |
| 487 | 508 |
assert ret.json["data"] == "No such certificate found." |
| 488 | 509 |
|
| 510 |
|
|
| 511 |
def test_chain_of_trust(server): |
|
| 512 |
expected = [] |
|
| 513 |
for i in range(6, 2, -1): |
|
| 514 |
ret = server.get(f"/api/certificates/{i}")
|
|
| 515 |
|
|
| 516 |
assert ret.status_code == 200 |
|
| 517 |
|
|
| 518 |
assert "data" in ret.json |
|
| 519 |
assert "success" in ret.json |
|
| 520 |
assert ret.json["success"] |
|
| 521 |
|
|
| 522 |
d = ret.json["data"] |
|
| 523 |
expected.append(d) |
|
| 524 |
|
|
| 525 |
ret = server.get(f"/api/certificates/7/chain") |
|
| 526 |
assert ret.status_code == 200 |
|
| 527 |
|
|
| 528 |
assert "data" in ret.json |
|
| 529 |
assert "success" in ret.json |
|
| 530 |
assert ret.json["success"] |
|
| 531 |
|
|
| 532 |
actual = ret.json["data"] |
|
| 533 |
|
|
| 534 |
assert "".join(expected) == actual |
|
Také k dispozici: Unified diff
Re #8476 - Implemented and tested `get_cert_chain(id)`.