ASWI - Pokročilé softwarové inženýrství » ASWI 2021 » Aplikace pro správu X.509 certifikátů (Yoso Czech s.r.o.) - JMSD

import subprocess

import pytest

from src.model.subject import Subject

from src.services.cryptography import CryptographyException

def export_crt(crt):

    return subprocess.check_output(["openssl", "x509", "-noout", "-text", "-in", "-"],

                                   input=bytes(crt, encoding="utf-8"), stderr=subprocess.STDOUT).decode()

def test_sign_cst(service):

    # create root CA

    root_key = service.create_private_key()

    root_ca = service.create_sscrt(Subject(common_name="foo"), root_key)

    # create a private key to be used to make a CSR for the intermediate CA

    inter_key = service.create_private_key()

    # create a CA using the root CA

    inter_ca = service.create_crt(Subject(common_name="bar", country="CZ"), inter_key, root_ca, root_key)

    inter_ca_printed = export_crt(inter_ca)

    # assert fields

    assert "Issuer: CN = foo" in inter_ca_printed

    assert "Subject: CN = bar, C = CZ" in inter_ca_printed

def test_sign_crt_passphrase(service):

    # create root CA and encrypt the private key of the root CA

    root_key_passphrase = "barbaz"

    root_key = service.create_private_key(passphrase=root_key_passphrase)

    root_ca = service.create_sscrt(Subject(common_name="foo"), root_key, key_pass=root_key_passphrase)

    # create a private key to be used to make a CSR for the intermediate CA

    inter_key_passphrase = "foobazbar"

    inter_key = service.create_private_key(passphrase=inter_key_passphrase)

    # create a CA using the root CA

    inter_ca = service.create_crt(Subject(common_name="bar", country="CZ"), inter_key, root_ca, root_key,

                                  subject_key_pass=inter_key_passphrase, issuer_key_pass=root_key_passphrase)

    inter_ca_printed = export_crt(inter_ca)

    # assert fields

    assert "Issuer: CN = foo" in inter_ca_printed

    assert "Subject: CN = bar, C = CZ" in inter_ca_printed

    # some basic incorrect passphrase combinations

    passphrases = [

        (inter_key, None),

        (inter_key, "foofoobarbar"),

        (None, root_key),

        ("foofoobarbar", root_key),

        ("foofoobarbar", "foofoobarbar"),

        (None, None)

    ]

    for (key_pass, issuer_key_pass) in passphrases:

        # try to create it using a wrong issuer passphrase

        with pytest.raises(CryptographyException) as e:

            inter_ca = service.create_crt(Subject(common_name="bar", country="CZ"), inter_key, root_ca, root_key,

                                          subject_key_pass=key_pass, issuer_key_pass=issuer_key_pass)

        assert "bad decrypt" in e.value.message

def test_sign_crt_extensions(service):

    # create root CA and encrypt the private key of the root CA

    root_key_passphrase = "barbaz"

    root_key = service.create_private_key(passphrase=root_key_passphrase)

    root_ca = service.create_sscrt(Subject(common_name="foo"), root_key, key_pass=root_key_passphrase)

    # create a private key to be used to make a CSR for the intermediate CA

    inter_key_passphrase = "foofoo"

    inter_key = service.create_private_key()

    # create a CA using the root CA

    inter_ca = service.create_crt(Subject(common_name="bar", country="CZ"), inter_key, root_ca, root_key,

                                  subject_key_pass=inter_key_passphrase, issuer_key_pass=root_key_passphrase,

                                  extensions="authorityInfoAccess = caIssuers;URI:bar.cz/baz/cert\nbasicConstraints=critical,CA:TRUE")

    inter_ca_printed = export_crt(inter_ca)

    # assert fields

    assert "Issuer: CN = foo" in inter_ca_printed

    assert "Subject: CN = bar, C = CZ" in inter_ca_printed

    # assert extensions

    expected_extensions = """        X509v3 extensions:

            Authority Information Access: 

                CA Issuers - URI:bar.cz/baz/cert

            X509v3 Basic Constraints: critical

                CA:TRUE"""

    assert expected_extensions in inter_ca_printed