/proj/tests/services/cryptography_test.py - Aplikace pro správu X.509 certifikátů (Yoso Czech s.r.o.) - JMSD - Redmine

| Větev: | Tag: | Revize:

aswi2021jmsd-gitlab/proj/tests/services/cryptography_test.py @ c0aed2f5

       import pytest
       import subprocess
       from proj.model.subject import Subject
       from proj.services.cryptography import CryptographyService, CryptographyException
       @pytest.fixture
       def service():
           # provide a CryptographyService fixture
           return CryptographyService()
       def test_private_key(service):
           private_key = service.create_private_key()
           # verify the private key
           subprocess.check_output(["openssl", "rsa", "-in", "-", "-check"], input=bytes(private_key, encoding="utf-8"),
                                   stderr=subprocess.STDOUT)
       def test_encrypted_private_key(service):
           private_key = service.create_private_key(passphrase="foobar")
           # verify the private key providing a correct passphrase
           subprocess.check_output(["openssl", "rsa", "-in", "-", "-passin", "pass:foobar", "-check"],
                                   input=bytes(private_key, encoding="utf-8"), stderr=subprocess.STDOUT)
       def test_encrypted_private_key_incorrect_pass(service):
           private_key = service.create_private_key(passphrase="foobar")
           # incorrect passphrase provided
           with pytest.raises(subprocess.CalledProcessError):
               subprocess.check_output(["openssl", "rsa", "-in", "-", "-passin", "pass:bazbaz", "-check"],
                                       input=bytes(private_key, encoding="utf-8"), stderr=subprocess.STDOUT)
       def test_create_sscrt(service):
           # create a self signed certificate using configuration and extensions
           private_key = service.create_private_key(passphrase="foobar")
           # distinguished_name is always required
           config = """
           # Simple Root CA
           [ req ]
           distinguished_name      = ca_dn                 # DN section
           [ ca_dn ]
           [ root_ca_ext ]
           keyUsage                = critical,keyCertSign,cRLSign
           basicConstraints        = critical,CA:true
           subjectKeyIdentifier    = hash
           authorityKeyIdentifier  = keyid:always
           """
           cert = service.create_sscrt(private_key,
                                       Subject(common_name="Topnax",
                                               country="CZ",
                                               locality="My Locality",
                                               state="My state",
                                               organization="Mysterious Org.",
                                               organization_unit="Department of Mysteries",
                                               email_address="mysterious@box.cz"),
                                       config=config,
                                       extensions="root_ca_ext",
                                       key_passphrase="foobar")
           cert_printed = subprocess.check_output(["openssl", "x509", "-noout", "-text", "-in", "-"],
                                                  input=bytes(cert, encoding="utf-8"), stderr=subprocess.STDOUT).decode()
           assert "Certificate Sign, CRL Sign" in cert_printed
           assert "X509v3 Key Usage: critical" in cert_printed
           assert "CA:TRUE" in cert_printed
           assert "Issuer: CN = Topnax, C = CZ, L = My Locality, ST = My state, O = Mysterious Org., OU = Department of Mysteries, emailAddress = mysterious@box.cz" in cert_printed
           assert "Subject: CN = Topnax, C = CZ, L = My Locality, ST = My state, O = Mysterious Org., OU = Department of Mysteries, emailAddress = mysterious@box.cz" in cert_printed
       def test_create_sscrt_config_without_extensions(service):
           # create a self signed certificate without specifying extensions
           private_key = service.create_private_key()
           config = """
           # Simple Root CA
           [ req ]
           distinguished_name      = ca_dn                 # DN section
           [ ca_dn ]
           """
           cert = service.create_sscrt(private_key, Subject(common_name="Topnax", country="CZ"), config=config)
           cert_printed = subprocess.check_output(["openssl", "x509", "-noout", "-text", "-in", "-"],
                                                  input=bytes(cert, encoding="utf-8"), stderr=subprocess.STDOUT).decode()
           # TODO pass something in the configuration that can be asserted
           assert "Issuer: CN = Topnax, C = CZ" in cert_printed
           assert "Subject: CN = Topnax, C = CZ" in cert_printed
       def test_create_sscrt_plain(service):
           # create a self signed certificate without configuration
           private_key = service.create_private_key()
           cert = service.create_sscrt(private_key, Subject(common_name="Topnax", country="CZ"))
           cert_printed = subprocess.check_output(["openssl", "x509", "-noout", "-text", "-in", "-"],
                                                  input=bytes(cert, encoding="utf-8"), stderr=subprocess.STDOUT).decode()
           assert "Issuer: CN = Topnax, C = CZ" in cert_printed
           assert "Subject: CN = Topnax, C = CZ" in cert_printed
       def test_create_sscrt_passphrase(service):
           # create a self signed certificate with a PK that is protected by a passphrase
           private_key = service.create_private_key(passphrase="foobar")
           cert = service.create_sscrt(private_key, Subject(common_name="Topnax", country="CZ"), key_passphrase="foobar")
           cert_printed = subprocess.check_output(["openssl", "x509", "-noout", "-text", "-in", "-"],
                                                  input=bytes(cert, encoding="utf-8"), stderr=subprocess.STDOUT).decode()
           assert "Issuer: CN = Topnax, C = CZ" in cert_printed
           assert "Subject: CN = Topnax, C = CZ" in cert_printed
       def test_create_sscrt_incorrect_passphrase(service):
           # make an attempt to create a self signed certificate using a private key with specifying wrong key passphrase or
           # no passphrase at all
           private_key = service.create_private_key(passphrase="foobar")
           # incorrect passphrase provided when using a protected private key
           with pytest.raises(CryptographyException) as e:
               service.create_sscrt(private_key, Subject(common_name="Topnax", country="CZ"), key_passphrase="bazfoo")
           assert "bad decrypt" in e.value.message
           # no passphrase provided when using a protected private key
           with pytest.raises(CryptographyException) as e:
               service.create_sscrt(private_key, Subject(common_name="Topnax", country="CZ"))
           assert "bad decrypt" in e.value.message

« Předchozí
1
2
Další »

(2-2/2)

Projekt

Obecné

Profil

ASWI - Pokročilé softwarové inženýrství » ASWI 2021 » Aplikace pro správu X.509 certifikátů (Yoso Czech s.r.o.) - JMSD