/ - Diff - Aplikace pro správu X.509 certifikátů (Yoso Czech s.r.o.) - JMSD - Redmine

« Předchozí | Další »

Revize 699a4f25

Přidáno uživatelem Stanislav Král před asi 4 roky(ů)

ID 699a4f2525a181e46ef617b0bc9d92fa67c6ca48
Rodič 45744020
Potomek 2690bc1d

Re #8472 - Added KeyService.delete test and renamed a test suite

Applied a small change to the KeyService.get_keys method

         def get_key(self, unique_id):
             return self.private_key_repository.read(unique_id)
         def get_keys(self, unique_ids):
             return [self.private_key_repository.read(identifier) for identifier in unique_ids]
         def get_keys(self, unique_ids=None):
             if unique_ids is None:
                 return self.private_key_repository.read_all()
             else:
                 # TODO this is very inefficient
                 return [self.private_key_repository.read(identifier) for identifier in unique_ids]
         def delete_key(self, unique_id):
             return self.private_key_repository.delete(unique_id)

     import subprocess
     from src.constants import SSL_ID, CA_ID, AUTHENTICATION_ID, INTERMEDIATE_CA_ID, ROOT_CA_ID, CERTIFICATE_ID, SIGNATURE_ID
     from src.model.subject import Subject
     def export_crt(crt):
         return subprocess.check_output(["openssl", "x509", "-noout", "-text", "-in", "-"],
                                        input=bytes(crt, encoding="utf-8"), stderr=subprocess.STDOUT).decode()
     def test_create_and_get_pk(private_key_service, certificate_service):
         private_key = private_key_service.create_new_key(passphrase="foobar")
         private_key_loaded = private_key_service.get_key(private_key.private_key_id)
         assert private_key.private_key_id == private_key_loaded.private_key_id
         assert private_key.private_key == private_key_loaded.private_key
         assert private_key.password == private_key_loaded.password
     def test_create_and_get_root_ca(private_key_service, certificate_service):
         private_key = private_key_service.create_new_key(passphrase="foobar")
         cert = certificate_service.create_root_ca(private_key,
                                                   Subject(common_name="FooName", organization_unit="Department of Foo"),
                                                   usages={SSL_ID: True})
         assert ROOT_CA_ID == cert.type_id
         assert cert.usages[CA_ID]
         assert cert.usages[SSL_ID]
         assert cert.usages[AUTHENTICATION_ID] is False
         assert cert.usages[SIGNATURE_ID] is False
         cert_loaded = certificate_service.get_certificate(cert.certificate_id)
         # verify that the loaded certificate is a CA
         cert_loaded_printed = export_crt(cert_loaded.pem_data)
         assert """            X509v3 Basic Constraints: critical
                     CA:TRUE""" in cert_loaded_printed
         assert cert.certificate_id == cert_loaded.certificate_id
         assert cert.common_name == cert_loaded.common_name
         assert cert.valid_from == cert_loaded.valid_from
         assert cert.valid_to == cert_loaded.valid_to
         assert cert.pem_data == cert_loaded.pem_data
         assert cert.private_key_id == cert_loaded.private_key_id
         assert cert.type_id == cert_loaded.type_id
         assert cert.parent_id == cert_loaded.parent_id
         assert cert.usages == cert_loaded.usages
     def test_create_and_get_inter_cert(private_key_service, certificate_service):
         root_ca_private_key = private_key_service.create_new_key(passphrase="foobar")
         inter_ca_private_key = private_key_service.create_new_key()
         root_ca = certificate_service.create_root_ca(root_ca_private_key,
                                                      Subject(common_name="RootFoo", organization_unit="Department of Foo"))
         inter_cert = certificate_service.create_ca(inter_ca_private_key, Subject(common_name="Intermediate CA"), root_ca,
                                                    root_ca_private_key, usages={SSL_ID: True})
         assert INTERMEDIATE_CA_ID == inter_cert.type_id
         assert inter_cert.usages[CA_ID]
         assert inter_cert.usages[SSL_ID]
         assert inter_cert.usages[AUTHENTICATION_ID] is False
         assert inter_cert.usages[SIGNATURE_ID] is False
         inter_cert_loaded = certificate_service.get_certificate(inter_cert.certificate_id)
         # verify that the loaded certificate is a CA
         cert_loaded_printed = export_crt(inter_cert_loaded.pem_data)
         assert """            X509v3 Basic Constraints: critical
                     CA:TRUE""" in cert_loaded_printed
         assert inter_cert.certificate_id == inter_cert_loaded.certificate_id
         assert inter_cert.common_name == inter_cert_loaded.common_name
         assert inter_cert.valid_from == inter_cert_loaded.valid_from
         assert inter_cert.valid_to == inter_cert_loaded.valid_to
         assert inter_cert.pem_data == inter_cert_loaded.pem_data
         assert inter_cert.private_key_id == inter_cert_loaded.private_key_id
         assert inter_cert.type_id == inter_cert_loaded.type_id
         assert inter_cert.parent_id == root_ca.certificate_id
         assert inter_cert_loaded.parent_id == root_ca.certificate_id
         assert inter_cert.usages == inter_cert_loaded.usages
     def test_create_and_get_cert(private_key_service, certificate_service):
         root_ca_private_key = private_key_service.create_new_key(passphrase="foobar")
         inter_ca_private_key = private_key_service.create_new_key(passphrase="barfoo")
         end_cert_private_key = private_key_service.create_new_key(passphrase="foofoo")
         root_ca_cert = certificate_service.create_root_ca(root_ca_private_key,
                                                           Subject(common_name="RootFoo",
                                                                   organization_unit="Department of Foo"))
         inter_ca_cert = certificate_service.create_ca(inter_ca_private_key, Subject(common_name="Intermediate CA"),
                                                       root_ca_cert,
                                                       root_ca_private_key, usages={SSL_ID: True})
         cert = certificate_service.create_end_cert(end_cert_private_key,
                                                    Subject("Foo Child", email_address="foo@bar.cz"), inter_ca_cert,
                                                    inter_ca_private_key, usages={AUTHENTICATION_ID: True})
         assert CERTIFICATE_ID == cert.type_id
         assert cert.usages[AUTHENTICATION_ID]
         assert cert.usages[SSL_ID] is False
         assert cert.usages[SIGNATURE_ID] is False
         assert cert.usages[CA_ID] is False
         cert_loaded = certificate_service.get_certificate(cert.certificate_id)
         assert cert.certificate_id == cert_loaded.certificate_id
         assert cert.common_name == cert_loaded.common_name
         assert cert.valid_from == cert_loaded.valid_from
         assert cert.valid_to == cert_loaded.valid_to
         assert cert.pem_data == cert_loaded.pem_data
         assert cert.private_key_id == cert_loaded.private_key_id
         assert cert.type_id == cert_loaded.type_id
         assert cert.parent_id == inter_ca_cert.certificate_id
         assert cert_loaded.parent_id == inter_ca_cert.certificate_id
         assert cert.usages == cert_loaded.usages
     def test_get_certificates(private_key_service_unique, certificate_service_unique):
         root_ca_private_key = private_key_service_unique.create_new_key(passphrase="foobar")
         inter_ca_private_key = private_key_service_unique.create_new_key(passphrase="barfoo")
         end_cert_private_key = private_key_service_unique.create_new_key(passphrase="foofoo")
         root_ca_cert = certificate_service_unique.create_root_ca(root_ca_private_key,
                                                                  Subject(common_name="RootFoo",
                                                                          organization_unit="Department of Foo"))
         inter_ca_cert = certificate_service_unique.create_ca(inter_ca_private_key, Subject(common_name="Intermediate CA"),
                                                              root_ca_cert,
                                                              root_ca_private_key, usages={SSL_ID: True})
         cert = certificate_service_unique.create_end_cert(end_cert_private_key,
                                                           Subject("Foo Child", email_address="foo@bar.cz"), inter_ca_cert,
                                                           inter_ca_private_key, usages={AUTHENTICATION_ID: True})
         all_certs = certificate_service_unique.get_certificates()
         assert 3 == len(all_certs)
         assert "RootFoo" == all_certs[0].common_name
         assert "Intermediate CA" == all_certs[1].common_name
         assert "Foo Child" == all_certs[2].common_name
         assert 1 == len(certificate_service_unique.get_certificates(cert_type=ROOT_CA_ID))
         assert 1 == len(certificate_service_unique.get_certificates(cert_type=INTERMEDIATE_CA_ID))
         assert 1 == len(certificate_service_unique.get_certificates(cert_type=CERTIFICATE_ID))
     def test_get_chain_of_trust(private_key_service, certificate_service):
         root_ca_private_key = private_key_service.create_new_key(passphrase="foobar")
         inter_ca_private_key = private_key_service.create_new_key(passphrase="barfoo")
         end_cert_private_key = private_key_service.create_new_key(passphrase="foofoo")
         root_ca_cert = certificate_service.create_root_ca(root_ca_private_key,
                                                           Subject(common_name="RootFoo",
                                                                   organization_unit="Department of Foo"))
         inter_ca_cert = certificate_service.create_ca(inter_ca_private_key, Subject(common_name="Intermediate CA"),
                                                       root_ca_cert,
                                                       root_ca_private_key, usages={SSL_ID: True})
         cert = certificate_service.create_end_cert(end_cert_private_key,
                                                    Subject("Foo Child", email_address="foo@bar.cz"), inter_ca_cert,
                                                    inter_ca_private_key, usages={AUTHENTICATION_ID: True})
         cot = certificate_service.get_chain_of_trust(cert.certificate_id)
         assert len(cot) == 2
         assert [cert.certificate_id, inter_ca_cert.certificate_id] == [cot[0].certificate_id, cot[1].certificate_id]
         cot = certificate_service.get_chain_of_trust(cert.certificate_id, root_ca_cert.private_key_id)
         assert len(cot) == 2
         assert [cert.certificate_id, inter_ca_cert.certificate_id] == [cot[0].certificate_id, cot[1].certificate_id]
         cot = certificate_service.get_chain_of_trust(cert.certificate_id, inter_ca_cert.private_key_id)
         assert len(cot) == 2
         assert [cert.certificate_id, inter_ca_cert.certificate_id] == [cot[0].certificate_id, cot[1].certificate_id]
         cot = certificate_service.get_chain_of_trust(cert.certificate_id, exclude_root=False)
         assert len(cot) == 3
         assert [cert.certificate_id, inter_ca_cert.certificate_id, root_ca_cert.certificate_id] == [cot[0].certificate_id,
                                                                                                     cot[1].certificate_id,
                                                                                                     cot[2].certificate_id]
         # starting from intermediate certificate
         cot = certificate_service.get_chain_of_trust(inter_ca_cert.certificate_id)
         assert len(cot) == 1
         assert [inter_ca_cert.certificate_id] == [cot[0].certificate_id]
         cot = certificate_service.get_chain_of_trust(inter_ca_cert.certificate_id, root_ca_cert.private_key_id)
         assert len(cot) == 1
         assert [inter_ca_cert.certificate_id] == [cot[0].certificate_id]
         cot = certificate_service.get_chain_of_trust(inter_ca_cert.certificate_id, exclude_root=False)
         assert len(cot) == 2
         assert [inter_ca_cert.certificate_id, root_ca_cert.certificate_id] == [cot[0].certificate_id,
                                                                                cot[1].certificate_id]
         # starting from intermediate certificate
         cot = certificate_service.get_chain_of_trust(root_ca_cert.certificate_id)
         assert len(cot) == 0
         cot = certificate_service.get_chain_of_trust(root_ca_cert.certificate_id, root_ca_cert.private_key_id)
         assert len(cot) == 0
         cot = certificate_service.get_chain_of_trust(root_ca_cert.certificate_id, exclude_root=False)
         assert len(cot) == 1
         assert [root_ca_cert.certificate_id] == [cot[0].certificate_id]
     def test_delete_cert(private_key_service, certificate_service):
         root_ca_private_key = private_key_service.create_new_key(passphrase="foobar")
         original_len = len(certificate_service.get_certificates())
         root_ca_cert = certificate_service.create_root_ca(root_ca_private_key,
                                                           Subject(common_name="RootFoo",
                                                                   organization_unit="Department of Foo"))
         len_inserted = len(certificate_service.get_certificates())
         assert original_len + 1 == len_inserted
         # TODO delete should delete all children?
         assert certificate_service.delete_certificate(root_ca_cert.certificate_id)
         assert len_inserted - 1 == len(certificate_service.get_certificates())

     import subprocess
     from src.constants import SSL_ID, CA_ID, AUTHENTICATION_ID, INTERMEDIATE_CA_ID, ROOT_CA_ID, CERTIFICATE_ID, SIGNATURE_ID
     from src.model.subject import Subject
     def export_crt(crt):
         return subprocess.check_output(["openssl", "x509", "-noout", "-text", "-in", "-"],
                                        input=bytes(crt, encoding="utf-8"), stderr=subprocess.STDOUT).decode()
     def test_create_and_get_root_ca(private_key_service, certificate_service):
         private_key = private_key_service.create_new_key(passphrase="foobar")
         cert = certificate_service.create_root_ca(private_key,
                                                   Subject(common_name="FooName", organization_unit="Department of Foo"),
                                                   usages={SSL_ID: True})
         assert ROOT_CA_ID == cert.type_id
         assert cert.usages[CA_ID]
         assert cert.usages[SSL_ID]
         assert cert.usages[AUTHENTICATION_ID] is False
         assert cert.usages[SIGNATURE_ID] is False
         cert_loaded = certificate_service.get_certificate(cert.certificate_id)
         # verify that the loaded certificate is a CA
         cert_loaded_printed = export_crt(cert_loaded.pem_data)
         assert """            X509v3 Basic Constraints: critical
                     CA:TRUE""" in cert_loaded_printed
         assert cert.certificate_id == cert_loaded.certificate_id
         assert cert.common_name == cert_loaded.common_name
         assert cert.valid_from == cert_loaded.valid_from
         assert cert.valid_to == cert_loaded.valid_to
         assert cert.pem_data == cert_loaded.pem_data
         assert cert.private_key_id == cert_loaded.private_key_id
         assert cert.type_id == cert_loaded.type_id
         assert cert.parent_id == cert_loaded.parent_id
         assert cert.usages == cert_loaded.usages
     def test_create_and_get_inter_cert(private_key_service, certificate_service):
         root_ca_private_key = private_key_service.create_new_key(passphrase="foobar")
         inter_ca_private_key = private_key_service.create_new_key()
         root_ca = certificate_service.create_root_ca(root_ca_private_key,
                                                      Subject(common_name="RootFoo", organization_unit="Department of Foo"))
         inter_cert = certificate_service.create_ca(inter_ca_private_key, Subject(common_name="Intermediate CA"), root_ca,
                                                    root_ca_private_key, usages={SSL_ID: True})
         assert INTERMEDIATE_CA_ID == inter_cert.type_id
         assert inter_cert.usages[CA_ID]
         assert inter_cert.usages[SSL_ID]
         assert inter_cert.usages[AUTHENTICATION_ID] is False
         assert inter_cert.usages[SIGNATURE_ID] is False
         inter_cert_loaded = certificate_service.get_certificate(inter_cert.certificate_id)
         # verify that the loaded certificate is a CA
         cert_loaded_printed = export_crt(inter_cert_loaded.pem_data)
         assert """            X509v3 Basic Constraints: critical
                     CA:TRUE""" in cert_loaded_printed
         assert inter_cert.certificate_id == inter_cert_loaded.certificate_id
         assert inter_cert.common_name == inter_cert_loaded.common_name
         assert inter_cert.valid_from == inter_cert_loaded.valid_from
         assert inter_cert.valid_to == inter_cert_loaded.valid_to
         assert inter_cert.pem_data == inter_cert_loaded.pem_data
         assert inter_cert.private_key_id == inter_cert_loaded.private_key_id
         assert inter_cert.type_id == inter_cert_loaded.type_id
         assert inter_cert.parent_id == root_ca.certificate_id
         assert inter_cert_loaded.parent_id == root_ca.certificate_id
         assert inter_cert.usages == inter_cert_loaded.usages
     def test_create_and_get_cert(private_key_service, certificate_service):
         root_ca_private_key = private_key_service.create_new_key(passphrase="foobar")
         inter_ca_private_key = private_key_service.create_new_key(passphrase="barfoo")
         end_cert_private_key = private_key_service.create_new_key(passphrase="foofoo")
         root_ca_cert = certificate_service.create_root_ca(root_ca_private_key,
                                                           Subject(common_name="RootFoo",
                                                                   organization_unit="Department of Foo"))
         inter_ca_cert = certificate_service.create_ca(inter_ca_private_key, Subject(common_name="Intermediate CA"),
                                                       root_ca_cert,
                                                       root_ca_private_key, usages={SSL_ID: True})
         cert = certificate_service.create_end_cert(end_cert_private_key,
                                                    Subject("Foo Child", email_address="foo@bar.cz"), inter_ca_cert,
                                                    inter_ca_private_key, usages={AUTHENTICATION_ID: True})
         assert CERTIFICATE_ID == cert.type_id
         assert cert.usages[AUTHENTICATION_ID]
         assert cert.usages[SSL_ID] is False
         assert cert.usages[SIGNATURE_ID] is False
         assert cert.usages[CA_ID] is False
         cert_loaded = certificate_service.get_certificate(cert.certificate_id)
         assert cert.certificate_id == cert_loaded.certificate_id
         assert cert.common_name == cert_loaded.common_name
         assert cert.valid_from == cert_loaded.valid_from
         assert cert.valid_to == cert_loaded.valid_to
         assert cert.pem_data == cert_loaded.pem_data
         assert cert.private_key_id == cert_loaded.private_key_id
         assert cert.type_id == cert_loaded.type_id
         assert cert.parent_id == inter_ca_cert.certificate_id
         assert cert_loaded.parent_id == inter_ca_cert.certificate_id
         assert cert.usages == cert_loaded.usages
     def test_get_certificates(private_key_service_unique, certificate_service_unique):
         root_ca_private_key = private_key_service_unique.create_new_key(passphrase="foobar")
         inter_ca_private_key = private_key_service_unique.create_new_key(passphrase="barfoo")
         end_cert_private_key = private_key_service_unique.create_new_key(passphrase="foofoo")
         root_ca_cert = certificate_service_unique.create_root_ca(root_ca_private_key,
                                                                  Subject(common_name="RootFoo",
                                                                          organization_unit="Department of Foo"))
         inter_ca_cert = certificate_service_unique.create_ca(inter_ca_private_key, Subject(common_name="Intermediate CA"),
                                                              root_ca_cert,
                                                              root_ca_private_key, usages={SSL_ID: True})
         cert = certificate_service_unique.create_end_cert(end_cert_private_key,
                                                           Subject("Foo Child", email_address="foo@bar.cz"), inter_ca_cert,
                                                           inter_ca_private_key, usages={AUTHENTICATION_ID: True})
         all_certs = certificate_service_unique.get_certificates()
         assert 3 == len(all_certs)
         assert "RootFoo" == all_certs[0].common_name
         assert "Intermediate CA" == all_certs[1].common_name
         assert "Foo Child" == all_certs[2].common_name
         assert 1 == len(certificate_service_unique.get_certificates(cert_type=ROOT_CA_ID))
         assert 1 == len(certificate_service_unique.get_certificates(cert_type=INTERMEDIATE_CA_ID))
         assert 1 == len(certificate_service_unique.get_certificates(cert_type=CERTIFICATE_ID))
     def test_get_chain_of_trust(private_key_service, certificate_service):
         root_ca_private_key = private_key_service.create_new_key(passphrase="foobar")
         inter_ca_private_key = private_key_service.create_new_key(passphrase="barfoo")
         end_cert_private_key = private_key_service.create_new_key(passphrase="foofoo")
         root_ca_cert = certificate_service.create_root_ca(root_ca_private_key,
                                                           Subject(common_name="RootFoo",
                                                                   organization_unit="Department of Foo"))
         inter_ca_cert = certificate_service.create_ca(inter_ca_private_key, Subject(common_name="Intermediate CA"),
                                                       root_ca_cert,
                                                       root_ca_private_key, usages={SSL_ID: True})
         cert = certificate_service.create_end_cert(end_cert_private_key,
                                                    Subject("Foo Child", email_address="foo@bar.cz"), inter_ca_cert,
                                                    inter_ca_private_key, usages={AUTHENTICATION_ID: True})
         cot = certificate_service.get_chain_of_trust(cert.certificate_id)
         assert len(cot) == 2
         assert [cert.certificate_id, inter_ca_cert.certificate_id] == [cot[0].certificate_id, cot[1].certificate_id]
         cot = certificate_service.get_chain_of_trust(cert.certificate_id, root_ca_cert.private_key_id)
         assert len(cot) == 2
         assert [cert.certificate_id, inter_ca_cert.certificate_id] == [cot[0].certificate_id, cot[1].certificate_id]
         cot = certificate_service.get_chain_of_trust(cert.certificate_id, inter_ca_cert.private_key_id)
         assert len(cot) == 2
         assert [cert.certificate_id, inter_ca_cert.certificate_id] == [cot[0].certificate_id, cot[1].certificate_id]
         cot = certificate_service.get_chain_of_trust(cert.certificate_id, exclude_root=False)
         assert len(cot) == 3
         assert [cert.certificate_id, inter_ca_cert.certificate_id, root_ca_cert.certificate_id] == [cot[0].certificate_id,
                                                                                                     cot[1].certificate_id,
                                                                                                     cot[2].certificate_id]
         # starting from intermediate certificate
         cot = certificate_service.get_chain_of_trust(inter_ca_cert.certificate_id)
         assert len(cot) == 1
         assert [inter_ca_cert.certificate_id] == [cot[0].certificate_id]
         cot = certificate_service.get_chain_of_trust(inter_ca_cert.certificate_id, root_ca_cert.private_key_id)
         assert len(cot) == 1
         assert [inter_ca_cert.certificate_id] == [cot[0].certificate_id]
         cot = certificate_service.get_chain_of_trust(inter_ca_cert.certificate_id, exclude_root=False)
         assert len(cot) == 2
         assert [inter_ca_cert.certificate_id, root_ca_cert.certificate_id] == [cot[0].certificate_id,
                                                                                cot[1].certificate_id]
         # starting from intermediate certificate
         cot = certificate_service.get_chain_of_trust(root_ca_cert.certificate_id)
         assert len(cot) == 0
         cot = certificate_service.get_chain_of_trust(root_ca_cert.certificate_id, root_ca_cert.private_key_id)
         assert len(cot) == 0
         cot = certificate_service.get_chain_of_trust(root_ca_cert.certificate_id, exclude_root=False)
         assert len(cot) == 1
         assert [root_ca_cert.certificate_id] == [cot[0].certificate_id]
     def test_delete_cert(private_key_service, certificate_service):
         assert not certificate_service.delete_certificate(-1)
         root_ca_private_key = private_key_service.create_new_key(passphrase="foobar")
         original_len = len(certificate_service.get_certificates())
         root_ca_cert = certificate_service.create_root_ca(root_ca_private_key,
                                                           Subject(common_name="RootFoo",
                                                                   organization_unit="Department of Foo"))
         len_inserted = len(certificate_service.get_certificates())
         assert original_len + 1 == len_inserted
         # TODO delete should delete all children?
         assert certificate_service.delete_certificate(root_ca_cert.certificate_id)
         assert not certificate_service.delete_certificate(root_ca_cert.certificate_id)
         assert len_inserted - 1 == len(certificate_service.get_certificates())

     def test_create_and_get_pk(private_key_service, certificate_service):
         private_key = private_key_service.create_new_key(passphrase="foobar")
         private_key_loaded = private_key_service.get_key(private_key.private_key_id)
         assert private_key.private_key_id == private_key_loaded.private_key_id
         assert private_key.private_key == private_key_loaded.private_key
         assert private_key.password == private_key_loaded.password
     def test_delete_pk(private_key_service, certificate_service):
         assert not private_key_service.delete_key(-1)
         private_key = private_key_service.create_new_key(passphrase="foobar")
         assert private_key_service.delete_key(private_key.private_key_id) is True
         assert not private_key_service.delete_key(private_key.private_key_id)

Také k dispozici: Unified diff

Projekt

Obecné

Profil

ASWI - Pokročilé softwarové inženýrství » ASWI 2021 » Aplikace pro správu X.509 certifikátů (Yoso Czech s.r.o.) - JMSD

Revize 699a4f25

Přidáno uživatelem Stanislav Král před asi 4 roky(ů)