/ - Diff - Aplikace pro správu X.509 certifikátů (Yoso Czech s.r.o.) - JMSD - Redmine

« Předchozí | Další »

Revize e40c571e

Přidáno uživatelem Stanislav Král před asi 4 roky(ů)

ID e40c571e198c4ab53cd91141b0c942af7e7036d1
Rodič be2df9b7
Potomek b62ebacd

Re #8575 - Added unit tests verifying that serial number is correctly set when creating a certificate

Renamed some create_crt_test.py tests.

                                        input=bytes(crt, encoding="utf-8"), stderr=subprocess.STDOUT).decode()
     def test_sign_cst(service):
     def test_create_crt(service):
         # create root CA
         root_key = service.create_private_key()
         root_ca = service.create_sscrt(Subject(common_name="foo"), root_key)
         # create a private key to be used to make a CSR for the intermediate CA
         inter_key = service.create_private_key()
         cert_key = service.create_private_key()
         # create a CA using the root CA
         inter_ca = service.create_crt(Subject(common_name="bar", country="CZ"), inter_key, root_ca, root_key)
         cert = service.create_crt(Subject(common_name="bar", country="CZ"), cert_key, root_ca, root_key)
         inter_ca_printed = export_crt(inter_ca)
         cert_printed = export_crt(cert)
         # assert fields
         assert "Issuer: CN = foo" in inter_ca_printed
         assert "Subject: CN = bar, C = CZ" in inter_ca_printed
         assert "Issuer: CN = foo" in cert_printed
         assert "Subject: CN = bar, C = CZ" in cert_printed
     def test_sign_crt_passphrase(service):
     def test_create_crt_passphrase(service):
         # create root CA and encrypt the private key of the root CA
         root_key_passphrase = "barbaz"
         root_key = service.create_private_key(passphrase=root_key_passphrase)
-...
         inter_key_passphrase = "foobazbar"
         inter_key = service.create_private_key(passphrase=inter_key_passphrase)
         # create a CA using the root CA
         inter_ca = service.create_crt(Subject(common_name="bar", country="CZ"), inter_key, root_ca, root_key,
                                       subject_key_pass=inter_key_passphrase, issuer_key_pass=root_key_passphrase)
         # create a certificate using the root CA
         cert = service.create_crt(Subject(common_name="bar", country="CZ"), inter_key, root_ca, root_key,
                                   subject_key_pass=inter_key_passphrase, issuer_key_pass=root_key_passphrase)
         inter_ca_printed = export_crt(inter_ca)
         cert_printed = export_crt(cert)
         # assert fields
         assert "Issuer: CN = foo" in inter_ca_printed
         assert "Subject: CN = bar, C = CZ" in inter_ca_printed
         assert "Issuer: CN = foo" in cert_printed
         assert "Subject: CN = bar, C = CZ" in cert_printed
         # some basic incorrect passphrase combinations
         passphrases = [
-...
         for (key_pass, issuer_key_pass) in passphrases:
             # try to create it using a wrong issuer passphrase
             with pytest.raises(CryptographyException) as e:
                 inter_ca = service.create_crt(Subject(common_name="bar", country="CZ"), inter_key, root_ca, root_key,
                                               subject_key_pass=key_pass, issuer_key_pass=issuer_key_pass)
                 service.create_crt(Subject(common_name="bar", country="CZ"), inter_key, root_ca, root_key,
                                    subject_key_pass=key_pass, issuer_key_pass=issuer_key_pass)
             assert "bad decrypt" in e.value.message
     def test_sign_crt_extensions(service):
     def test_create_crt_extensions(service):
         # create root CA and encrypt the private key of the root CA
         root_key_passphrase = "barbaz"
         root_key = service.create_private_key(passphrase=root_key_passphrase)
         root_ca = service.create_sscrt(Subject(common_name="foo"), root_key, key_pass=root_key_passphrase)
         # create a private key to be used to make a CSR for the intermediate CA
         inter_key_passphrase = "foofoo"
         inter_key = service.create_private_key()
         cert_key_passphrase = "foofoo"
         cert_key = service.create_private_key()
         # create a CA using the root CA
         inter_ca = service.create_crt(Subject(common_name="bar", country="CZ"), inter_key, root_ca, root_key,
                                       subject_key_pass=inter_key_passphrase, issuer_key_pass=root_key_passphrase,
                                       extensions="authorityInfoAccess=caIssuers;URI:bar.cz/baz/cert\n"
                                                  "basicConstraints=critical,CA:TRUE\n"
                                                  "crlDistributionPoints=URI:http://localhost/api/crl/0\n"
                                                  "authorityInfoAccess=OCSP;URI:http://localhost/api/ocsp/0\n")
         cert = service.create_crt(Subject(common_name="bar", country="CZ"), cert_key, root_ca, root_key,
                                   subject_key_pass=cert_key_passphrase, issuer_key_pass=root_key_passphrase,
                                   extensions="authorityInfoAccess=caIssuers;URI:bar.cz/baz/cert\n"
                                              "basicConstraints=critical,CA:TRUE\n"
                                              "crlDistributionPoints=URI:http://localhost/api/crl/0\n"
                                              "authorityInfoAccess=OCSP;URI:http://localhost/api/ocsp/0\n")
         inter_ca_printed = export_crt(inter_ca)
         cert_printed = export_crt(cert)
         # assert fields
         assert "Issuer: CN = foo" in inter_ca_printed
         assert "Subject: CN = bar, C = CZ" in inter_ca_printed
         assert "X509v3 CRL Distribution Points:" in inter_ca_printed
         assert "URI:http://localhost/api/crl/0" in inter_ca_printed
         assert "Authority Information Access:" in inter_ca_printed
         assert "OCSP - URI:http://localhost/api/ocsp/0" in inter_ca_printed
         assert "Issuer: CN = foo" in cert_printed
         assert "Subject: CN = bar, C = CZ" in cert_printed
         assert "X509v3 CRL Distribution Points:" in cert_printed
         assert "URI:http://localhost/api/crl/0" in cert_printed
         assert "Authority Information Access:" in cert_printed
         assert "OCSP - URI:http://localhost/api/ocsp/0" in cert_printed
         # assert extensions
         expected_extensions = """        X509v3 extensions:
-...
                 Authority Information Access:
                     OCSP - URI:http://localhost/api/ocsp/0"""
         expected_extensions = expected_extensions.replace("\n", "").replace("\r", "")
         inter_ca_printed = inter_ca_printed.replace("\n", "").replace("\r", "")
         assert expected_extensions in inter_ca_printed
         cert_printed = cert_printed.replace("\n", "").replace("\r", "")
         assert expected_extensions in cert_printed
     def test_create_crt_serial_number(service):
         # create root CA
         root_key = service.create_private_key()
         root_ca = service.create_sscrt(Subject(common_name="foo"), root_key)
         # create a private key to be used to make a new certificate
         cert_key = service.create_private_key()
         # define a serial number to be used
         serial_number = 1
         serial_number_hex = hex(serial_number).replace("x", "")
         # create a certificate using the root CA
         cert = service.create_crt(Subject(common_name="bar", country="CZ"), cert_key, root_ca, root_key,
                                   sn=serial_number)
         cert_printed = subprocess.check_output(["openssl", "x509", "-noout", "-in", "-", "-serial"],
                                                input=bytes(cert, encoding="utf-8"), stderr=subprocess.STDOUT).decode()
         assert f"serial={serial_number_hex}" in cert_printed
     def test_create_crt_negative_serial_number(service):
         # create root CA
         root_key = service.create_private_key()
         root_ca = service.create_sscrt(Subject(common_name="foo"), root_key)
         # create a private key to be used to make a new certificate
         cert_key = service.create_private_key()
         # define a serial number to be used
         serial_number = -1
         serial_number_hex = hex(serial_number).replace("x", "")
         # create a certificate using the root CA
         cert = service.create_crt(Subject(common_name="bar", country="CZ"), cert_key, root_ca, root_key,
                                   sn=serial_number)
         cert_printed = subprocess.check_output(["openssl", "x509", "-noout", "-in", "-", "-serial"],
                                                input=bytes(cert, encoding="utf-8"), stderr=subprocess.STDOUT).decode()
         assert f"serial={serial_number_hex}" in cert_printed

Také k dispozici: Unified diff

Projekt

Obecné

Profil

ASWI - Pokročilé softwarové inženýrství » ASWI 2021 » Aplikace pro správu X.509 certifikátů (Yoso Czech s.r.o.) - JMSD

Revize e40c571e

Přidáno uživatelem Stanislav Král před asi 4 roky(ů)

Projekt

Obecné

Profil

ASWI - Pokročilé softwarové inženýrství » ASWI 2021 » Aplikace pro správu X.509 certifikátů (Yoso Czech s.r.o.) - JMSD

Revize e40c571e

Přidáno uživatelem Stanislav Král před asi 4 roky(ů)

Související úkoly