Revize 02f63b07
Přidáno uživatelem Stanislav Král před asi 4 roky(ů)
| proj/services/cryptography.py | ||
|---|---|---|
| 86 | 86 |
return self.__run_for_output( |
| 87 | 87 |
["genrsa", PRIVATE_KEY_ENCRYPTION_METHOD, "-passout", f"pass:{passphrase}", "2048"]).decode()
|
| 88 | 88 |
|
| 89 |
def create_sscrt(self, key, subject, config="", extensions="", key_pass=None):
|
|
| 89 |
def create_sscrt(self, subject, key, config="", extensions="", key_pass=None):
|
|
| 90 | 90 |
""" |
| 91 | 91 |
Creates a root CA |
| 92 | 92 |
|
| 93 |
:param key: private key of the CA to be used |
|
| 94 | 93 |
:param subject: an instance of <Subject> representing the subject to be added to the certificate |
| 94 |
:param key: private key of the CA to be used |
|
| 95 | 95 |
:param config: string containing the configuration to be used |
| 96 | 96 |
:param extensions: name of the section in the configuration representing extensions |
| 97 | 97 |
:param key_pass: passphrase of the private key |
| proj/tests/services/cryptography/create_crt_test.py | ||
|---|---|---|
| 14 | 14 |
def test_sign_cst(service): |
| 15 | 15 |
# create root CA |
| 16 | 16 |
root_key = service.create_private_key() |
| 17 |
root_ca = service.create_sscrt(root_key, Subject(common_name="foo"))
|
|
| 17 |
root_ca = service.create_sscrt(Subject(common_name="foo"), root_key)
|
|
| 18 | 18 |
|
| 19 | 19 |
# create a private key to be used to make a CSR for the intermediate CA |
| 20 | 20 |
inter_key = service.create_private_key() |
| ... | ... | |
| 33 | 33 |
# create root CA and encrypt the private key of the root CA |
| 34 | 34 |
root_key_passphrase = "barbaz" |
| 35 | 35 |
root_key = service.create_private_key(passphrase=root_key_passphrase) |
| 36 |
root_ca = service.create_sscrt(root_key, Subject(common_name="foo"), key_pass=root_key_passphrase)
|
|
| 36 |
root_ca = service.create_sscrt(Subject(common_name="foo"), root_key, key_pass=root_key_passphrase)
|
|
| 37 | 37 |
|
| 38 | 38 |
# create a private key to be used to make a CSR for the intermediate CA |
| 39 | 39 |
inter_key_passphrase = "foobazbar" |
| ... | ... | |
| 71 | 71 |
# create root CA and encrypt the private key of the root CA |
| 72 | 72 |
root_key_passphrase = "barbaz" |
| 73 | 73 |
root_key = service.create_private_key(passphrase=root_key_passphrase) |
| 74 |
root_ca = service.create_sscrt(root_key, Subject(common_name="foo"), key_pass=root_key_passphrase)
|
|
| 74 |
root_ca = service.create_sscrt(Subject(common_name="foo"), root_key, key_pass=root_key_passphrase)
|
|
| 75 | 75 |
|
| 76 | 76 |
# create a private key to be used to make a CSR for the intermediate CA |
| 77 | 77 |
inter_key_passphrase = "foofoo" |
| proj/tests/services/cryptography/self_signed_cert_test.py | ||
|---|---|---|
| 26 | 26 |
authorityKeyIdentifier = keyid:always |
| 27 | 27 |
""" |
| 28 | 28 |
|
| 29 |
cert = service.create_sscrt(private_key, |
|
| 30 |
Subject(common_name="Topnax", |
|
| 29 |
cert = service.create_sscrt(Subject(common_name="Topnax", |
|
| 31 | 30 |
country="CZ", |
| 32 | 31 |
locality="My Locality", |
| 33 | 32 |
state="My state", |
| 34 | 33 |
organization="Mysterious Org.", |
| 35 | 34 |
organization_unit="Department of Mysteries", |
| 36 |
email_address="mysterious@box.cz"), |
|
| 37 |
config=config, |
|
| 38 |
extensions="root_ca_ext", |
|
| 39 |
key_pass="foobar") |
|
| 35 |
email_address="mysterious@box.cz"), private_key, config=config, |
|
| 36 |
extensions="root_ca_ext", key_pass="foobar") |
|
| 40 | 37 |
|
| 41 | 38 |
cert_printed = subprocess.check_output(["openssl", "x509", "-noout", "-text", "-in", "-"], |
| 42 | 39 |
input=bytes(cert, encoding="utf-8"), stderr=subprocess.STDOUT).decode() |
| ... | ... | |
| 63 | 60 |
|
| 64 | 61 |
""" |
| 65 | 62 |
|
| 66 |
cert = service.create_sscrt(private_key, Subject(common_name="Topnax", country="CZ"), config=config)
|
|
| 63 |
cert = service.create_sscrt(Subject(common_name="Topnax", country="CZ"), private_key, config=config)
|
|
| 67 | 64 |
|
| 68 | 65 |
cert_printed = subprocess.check_output(["openssl", "x509", "-noout", "-text", "-in", "-"], |
| 69 | 66 |
input=bytes(cert, encoding="utf-8"), stderr=subprocess.STDOUT).decode() |
| ... | ... | |
| 77 | 74 |
# create a self signed certificate without configuration |
| 78 | 75 |
private_key = service.create_private_key() |
| 79 | 76 |
|
| 80 |
cert = service.create_sscrt(private_key, Subject(common_name="Topnax", country="CZ"))
|
|
| 77 |
cert = service.create_sscrt(Subject(common_name="Topnax", country="CZ"), private_key)
|
|
| 81 | 78 |
|
| 82 | 79 |
cert_printed = subprocess.check_output(["openssl", "x509", "-noout", "-text", "-in", "-"], |
| 83 | 80 |
input=bytes(cert, encoding="utf-8"), stderr=subprocess.STDOUT).decode() |
| ... | ... | |
| 90 | 87 |
# create a self signed certificate with a PK that is protected by a passphrase |
| 91 | 88 |
private_key = service.create_private_key(passphrase="foobar") |
| 92 | 89 |
|
| 93 |
cert = service.create_sscrt(private_key, Subject(common_name="Topnax", country="CZ"), key_pass="foobar")
|
|
| 90 |
cert = service.create_sscrt(Subject(common_name="Topnax", country="CZ"), private_key, key_pass="foobar")
|
|
| 94 | 91 |
|
| 95 | 92 |
cert_printed = subprocess.check_output(["openssl", "x509", "-noout", "-text", "-in", "-"], |
| 96 | 93 |
input=bytes(cert, encoding="utf-8"), stderr=subprocess.STDOUT).decode() |
| ... | ... | |
| 106 | 103 |
|
| 107 | 104 |
# incorrect passphrase provided when using a protected private key |
| 108 | 105 |
with pytest.raises(CryptographyException) as e: |
| 109 |
service.create_sscrt(private_key, Subject(common_name="Topnax", country="CZ"), key_pass="bazfoo")
|
|
| 106 |
service.create_sscrt(Subject(common_name="Topnax", country="CZ"), private_key, key_pass="bazfoo")
|
|
| 110 | 107 |
assert "bad decrypt" in e.value.message |
| 111 | 108 |
|
| 112 | 109 |
# no passphrase provided when using a protected private key |
| 113 | 110 |
with pytest.raises(CryptographyException) as e: |
| 114 |
service.create_sscrt(private_key, Subject(common_name="Topnax", country="CZ"))
|
|
| 111 |
service.create_sscrt(Subject(common_name="Topnax", country="CZ"), private_key)
|
|
| 115 | 112 |
assert "bad decrypt" in e.value.message |
| proj/tests/services/cryptography/sign_csr_test.py | ||
|---|---|---|
| 14 | 14 |
def test_sign_csr(service): |
| 15 | 15 |
# create root CA |
| 16 | 16 |
root_key = service.create_private_key() |
| 17 |
root_ca = service.create_sscrt(root_key, Subject(common_name="foo"))
|
|
| 17 |
root_ca = service.create_sscrt(Subject(common_name="foo"), root_key)
|
|
| 18 | 18 |
|
| 19 | 19 |
# create a private key to be used to make a CSR for the intermediate CA |
| 20 | 20 |
inter_key = service.create_private_key() |
| ... | ... | |
| 34 | 34 |
# create root CA and encrypt the private key of the root CA |
| 35 | 35 |
root_key_passphrase = "barbaz" |
| 36 | 36 |
root_key = service.create_private_key(passphrase=root_key_passphrase) |
| 37 |
root_ca = service.create_sscrt(root_key, Subject(common_name="foo"), key_pass=root_key_passphrase)
|
|
| 37 |
root_ca = service.create_sscrt(Subject(common_name="foo"), root_key, key_pass=root_key_passphrase)
|
|
| 38 | 38 |
|
| 39 | 39 |
# create a private key to be used to make a CSR for the intermediate CA |
| 40 | 40 |
inter_key = service.create_private_key() |
| ... | ... | |
| 67 | 67 |
# create root CA and encrypt the private key of the root CA |
| 68 | 68 |
root_key_passphrase = "barbaz" |
| 69 | 69 |
root_key = service.create_private_key(passphrase=root_key_passphrase) |
| 70 |
root_ca = service.create_sscrt(root_key, Subject(common_name="foo"), key_pass=root_key_passphrase)
|
|
| 70 |
root_ca = service.create_sscrt(Subject(common_name="foo"), root_key, key_pass=root_key_passphrase)
|
|
| 71 | 71 |
|
| 72 | 72 |
# create a private key to be used to make a CSR for the intermediate CA |
| 73 | 73 |
inter_key = service.create_private_key() |
| proj/tests/services/cryptography/verify_ca_test.py | ||
|---|---|---|
| 7 | 7 |
def test_verify_valid_ca(service): |
| 8 | 8 |
# verify validation of valid certificates |
| 9 | 9 |
private_key = service.create_private_key() |
| 10 |
root_cert = service.create_sscrt(private_key, Subject(common_name="foo"))
|
|
| 10 |
root_cert = service.create_sscrt(Subject(common_name="foo"), private_key)
|
|
| 11 | 11 |
child_cert = service.create_crt(Subject(common_name="Expired Foo"), private_key, root_cert, private_key, days=1) |
| 12 | 12 |
|
| 13 | 13 |
assert service.verify_cert(root_cert) |
| ... | ... | |
| 17 | 17 |
def test_verify_invalid_ca(service): |
| 18 | 18 |
# test whether expired certificate will fail to get verified |
| 19 | 19 |
private_key = service.create_private_key() |
| 20 |
root_cert = service.create_sscrt(private_key, Subject(common_name="foo"))
|
|
| 20 |
root_cert = service.create_sscrt(Subject(common_name="foo"), private_key)
|
|
| 21 | 21 |
|
| 22 | 22 |
expired_cert = service.create_crt(Subject(common_name="Expired Foo"), private_key, root_cert, private_key, days=0) |
| 23 | 23 |
|
Také k dispozici: Unified diff
Re #8472 - Changed order of create_sscrt method parameters