/ - Diff - Aplikace pro správu X.509 certifikátů (Yoso Czech s.r.o.) - JMSD - Redmine

« Předchozí | Další »

Revize 71938dcd

Přidáno uživatelem Michal Seják před téměř 4 roky(ů)

ID 71938dcd6216564ace1a57be32ec41c1c4492d66
Rodič 2525db58
Potomek a42ed5f4, 89aa967d

Re #8705 - Added tests, changed usages (dict -> list).

                 "ST": "Pilsen Region",
                 "emailAddress": "root@ca.com"
             },
             "usage": {
                 "CA": True,
                 "SSL": True,
                 "authentication": True,
                 "digitalSignature": True
             },
             "usage": ["CA", "SSL", "authentication", "digitalSignature"],
             "validityDays": 30
         })
-...
                 "ST": "Pilsen Region",
                 "emailAddress": "inter@ca.com"
             },
             "usage": {
                 "CA": True,
                 "SSL": True,
                 "authentication": True,
                 "digitalSignature": True
             },
             "usage": ["CA", "SSL", "authentication", "digitalSignature"],
             "validityDays": 30
         })
     def make_end_cert(server, parent, title="End certificate s.r.o.", usage=None):
         if usage is None:
             usage = {
                 "CA": False,
                 "SSL": True,
                 "authentication": True,
                 "digitalSignature": True
+            }
             usage = ["SSL", "authentication", "digitalSignature"]
         return server.post("/api/certificates", content_type="application/json", json={
             "CA": parent,
             "subject": {
                 "C": "CZ",
                 "CN": title,
                 "L": "Pilsen",
                 "O": title,
                 "OU": "IT department",
                 "ST": "Pilsen Region",
                 "emailAddress": "end@ca.com"
             },
             "usage": usage,
             "validityDays": 30
         "CA": parent,
         "subject": {
             "C": "CZ",
             "CN": title,
             "L": "Pilsen",
             "O": title,
             "OU": "IT department",
             "ST": "Pilsen Region",
             "emailAddress": "end@ca.com"
         },
         "usage": usage,
         "validityDays": 30
         })
-...
                 "ST": "Pilsen",
                 "emailAddress": "root@ca.com"
             },
             "usage": {
                 "CA": True,
                 "SSL": True,
                 "authentication": True,
                 "digitalSignature": True
             },
             "usage": ["CA", "SSL", "authentication", "digitalSignature"],
             "validityDays": 30
         })
-...
     def test_sign_by_non_ca(server):
         ret = make_end_cert(server, 2, "Fake intermediate cert s.r.o.", usage={
             "CA": False,
             "SSL": True,
             "authentication": True,
             "digitalSignature": True
         })
         ret = make_end_cert(server, 2, "Fake intermediate cert s.r.o.", usage=["SSL", "authentication", "digitalSignature"])
         assert ret.status_code == 201
-...
         assert "success" in d
         assert d["success"]
         ret = make_end_cert(server, 8, "End certificate signed by end certificate s.r.o.", usage={
             "CA": False,
             "SSL": True,
             "authentication": False,
             "digitalSignature": False
         })
         ret = make_end_cert(server, 8, "End certificate signed by end certificate s.r.o.", usage=["SSL"])
         # TODO discussion -> assert ret.status_code == 400
         assert ret.status_code == 201
-...
                 "ST": "Pilsen Region",
                 "emailAddress": "end@ca.com"
             },
             "usage": {
                 "CA": False,
                 "SSL": True,
                 "authentication": False,
                 "digitalSignature": True
             },
             "usage": ["SSL", "digitalSignature"],
             "validityDays": 30
+        }
         ret = server.post("/api/certificates", content_type="application/json", json=original)
-...
         assert original["CA"] == new["CA"]
         assert original["subject"] == new["subject"]
         assert original["usage"] == new["usage"]
         a = [k in original["usage"] for k, v in new["usage"].items() if v]
         assert all(a)
         assert new["status"] == "valid"
-...
                 "O": "Revoked organization",
                 "OU": "Revocation dep"
             },
             "usage": {
                 "CA": False,
                 "SSL": False,
                 "authentication": False,
                 "digitalSignature": True
             },
             "usage": ["digitalSignature"],
             "validityDays": 60
+        }
         created_ret = server.post("/api/certificates", content_type="application/json", json=certificate)
-...
                 "O": "Revoked organization",
                 "OU": "Revocation dep"
             },
             "usage": {
                 "CA": False,
                 "SSL": False,
                 "authentication": False,
                 "digitalSignature": True
             },
             "usage": ["digitalSignature"],
             "validityDays": 60
+        }
         created_ret = server.post("/api/certificates", content_type="application/json", json=certificate)
-...
                 "O": "Revoked organization",
                 "OU": "Revocation dep"
             },
             "usage": {
                 "CA": False,
                 "SSL": False,
                 "authentication": False,
                 "digitalSignature": True
             },
             "usage": ["digitalSignature"],
             "validityDays": 0
+        }
         created_ret = server.post("/api/certificates", content_type="application/json", json=certificate)
-...
         assert "success" in ret.json
         assert ret.json["success"]
         assert ret.json["data"]["status"] == "expired"
         def test_create_with_key_with_pass_valid(server, cryptography_service):
             key_pass = "123456Seven"
             key_pem = cryptography_service.create_private_key(key_pass)
             certificate = {
                 "CA": 1,
                 "subject": {
                     "C": "CZ",
                     "CN": "Rare Name",
                     "L": "Legendary Name",
                     "O": "Obscure Name",
                     "OU": "Original Uniform"
                 },
                 "usage": ["CA", "digitalSignature"],
                 "validityDays": 1,
                 "key": {
                     "password": key_pass,
                     "key_pem": key_pem
                 },
+            }
             ret = server.post("/api/certificates", content_type="application/json", json=certificate)
             assert ret.status_code == 201
         def test_create_with_key_with_pass_invalid_1(server, cryptography_service):
             key_pass = "123456Seven"
             key_pem = cryptography_service.create_private_key(key_pass)
             certificate = {
                 "CA": 1,
                 "subject": {
                     "C": "CZ",
                     "CN": "Rare Name",
                     "L": "Legendary Name",
                     "O": "Obscure Name",
                     "OU": "Original Uniform"
                 },
                 "usage": ["CA", "digitalSignature"],
                 "validityDays": 1,
                 "key": {
                     "password": "whoopsiedaisy",
                     "key_pem": key_pem
                 },
+            }
             ret = server.post("/api/certificates", content_type="application/json", json=certificate)
             assert ret.status_code == 400
             assert ret.json["data"] == 'The provided passphrase does not match the provided key.'
             assert not ret.json["success"]
         def test_create_with_key_with_pass_invalid_2(server, cryptography_service):
             key_pass = "123456Seven"
             certificate = {
                 "CA": 1,
                 "subject": {
                     "C": "CZ",
                     "CN": "Rare Name",
                     "L": "Legendary Name",
                     "O": "Obscure Name",
                     "OU": "Original Uniform"
                 },
                 "usage": ["CA", "digitalSignature"],
                 "validityDays": 1,
                 "key": {
                     "password": key_pass,
                     "key_pem": "hi im garbage and you better pray `server` survives this"
                 },
+            }
             ret = server.post("/api/certificates", content_type="application/json", json=certificate)
             assert ret.status_code == 400
             assert ret.json["data"] == 'The provided passphrase does not match the provided key.'
             assert not ret.json["success"]
         def test_create_with_key_no_pass(server, cryptography_service):
             key_pem = cryptography_service.create_private_key()
             certificate = {
                 "CA": 1,
                 "subject": {
                     "C": "CZ",
                     "CN": "Rare Name",
                     "L": "Legendary Name",
                     "O": "Obscure Name",
                     "OU": "Original Uniform"
                 },
                 "usage": ["CA", "digitalSignature"],
                 "validityDays": 1,
                 "key": {
                     "key_pem": key_pem
                 },
+            }
             ret = server.post("/api/certificates", content_type="application/json", json=certificate)
             assert ret.status_code == 201
         def test_create_with_key_no_pass_invalid_1(server, cryptography_service):
             certificate = {
                 "CA": 1,
                 "subject": {
                     "C": "CZ",
                     "CN": "Rare Name",
                     "L": "Legendary Name",
                     "O": "Obscure Name",
                     "OU": "Original Uniform"
                 },
                 "usage": ["CA", "digitalSignature"],
                 "validityDays": 1,
                 "key": {
                     "key_pem": "hi im garbage and you better pray `server` survives this"
                 },
+            }
             ret = server.post("/api/certificates", content_type="application/json", json=certificate)
             assert ret.status_code == 400
             assert not ret.json["success"]
         def test_create_no_key_with_pass(server, cryptography_service):
             key_pass = "123456Seven"
             certificate = {
                 "CA": 1,
                 "subject": {
                     "C": "CZ",
                     "CN": "Rare Name",
                     "L": "Legendary Name",
                     "O": "Obscure Name",
                     "OU": "Original Uniform"
                 },
                 "usage": ["CA", "digitalSignature"],
                 "validityDays": 1,
                 "key": {
                     "password": key_pass,
                 },
+            }
             ret = server.post("/api/certificates", content_type="application/json", json=certificate)
             assert ret.status_code == 201
             assert ret.json["success"]
             created_id = ret.json["data"]
             ret = server.get(f"/api/certificates/{created_id}/privatekey")
             assert ret.status_code == 200
             assert ret.json["success"]
             key_pem = ret.json["data"]
             assert cryptography_service.verify_key(key_pem, key_pass)
         def test_create_no_key_with_pass_invalid_1(server, cryptography_service):
             key_pass = "123456Seven"
             certificate = {
                 "CA": 1,
                 "subject": {
                     "C": "CZ",
                     "CN": "Rare Name",
                     "L": "Legendary Name",
                     "O": "Obscure Name",
                     "OU": "Original Uniform"
                 },
                 "usage": ["CA", "digitalSignature"],
                 "validityDays": 1,
                 "key": {
                     "password": key_pass,
                 },
+            }
             ret = server.post("/api/certificates", content_type="application/json", json=certificate)
             assert ret.status_code == 201
             assert ret.json["success"]
             created_id = ret.json["data"]
             ret = server.get(f"/api/certificates/{created_id}/privatekey")
             assert ret.status_code == 200
             assert ret.json["success"]
             key_pem = ret.json["data"]
             assert not cryptography_service.verify_key(key_pem, "iforgotthepassagainimsorryfrowningface")
         def test_create_no_key_no_pass_invalid(server, cryptography_service):
             certificate = {
                 "CA": 1,
                 "subject": {
                     "C": "CZ",
                     "CN": "Rare Name",
                     "L": "Legendary Name",
                     "O": "Obscure Name",
                     "OU": "Original Uniform"
                 },
                 "usage": ["CA", "digitalSignature"],
                 "validityDays": 1,
                 "key": {
+                }
+            }
             ret = server.post("/api/certificates", content_type="application/json", json=certificate)
             assert ret.status_code == 201  # TODO Honza? CertificateController/create_cert
         def test_key_reusal(server, cryptography_service):
             # key_pass = "1234567Eight"
             # key_pem = cryptography_service.create_private_key(key_pass)
+            #
             # certificate = {
             #     "CA": 1,
             #     "subject": {
             #         "C": "CZ",
             #         "CN": "Rare Name",
             #         "L": "Legendary awd",
             #         "O": "Obscure awd",
             #         "OU": "Original Uniform"
             #     },
             #     "usage": ["CA", "digitalSignature"],
             #     "validityDays": 1,
             #     "key": {
             #         "password": key_pass,
             #         "key_pem": key_pem
             #     },
             # }
             # ret = server.post("/api/certificates", content_type="application/json", json=certificate)
             # assert ret.staus_code == 201
             # assert ret.json["success"]
             # created_id = ret.json["data"]
             # ret = server.get(f"/api/certificates/{created_id}/privatekey")
             # assert ret.status_code == 200
             # assert ret.json["success"]
             # key_pem = ret.json["data"]
             # TODO
             pass

     from app import app as flask_app
     from src.config.configuration import test_configuration_binder
     from src.config.connection_provider import ConnectionProvider
     from src.services.cryptography import CryptographyService
     @pytest.fixture(scope="session")
-...
         flask_app.testing = True
         with flask_app.test_client() as s:
             yield s
     @pytest.fixture(scope="session")
     def cryptography_service():
         return CryptographyService()

                 "ST": "Pilsen Region",
                 "emailAddress": "root@ca.com"
             },
             "usage": {
                 "CA": True,
                 "SSL": True,
                 "authentication": True,
                 "digitalSignature": True
             },
             "usage": ["CA", "SSL", "authentication", "digitalSignature"],
             "validityDays": 30
         })
     def make_end_cert(server, parent, title="End certificate s.r.o.", usage=None):
         if usage is None:
             usage = {
                 "CA": False,
                 "SSL": True,
                 "authentication": True,
                 "digitalSignature": True
+            }
     def make_inter_ca(server, parent, title="Intermediate CA s.r.o."):
         return server.post("/api/certificates", content_type="application/json", json={
             "CA": parent,
             "subject": {
-...
                 "O": title,
                 "OU": "IT department",
                 "ST": "Pilsen Region",
                 "emailAddress": "end@ca.com"
                 "emailAddress": "inter@ca.com"
             },
             "usage": usage,
             "usage": ["CA", "SSL", "authentication", "digitalSignature"],
             "validityDays": 30
         })
     def make_end_cert(server, parent, title="End certificate s.r.o.", usage=None):
         if usage is None:
             usage = ["SSL", "authentication", "digitalSignature"]
         return server.post("/api/certificates", content_type="application/json", json={
         "CA": parent,
         "subject": {
             "C": "CZ",
             "CN": title,
             "L": "Pilsen",
             "O": title,
             "OU": "IT department",
             "ST": "Pilsen Region",
             "emailAddress": "end@ca.com"
         },
         "usage": usage,
         "validityDays": 30
         })
     def test_crl_endpoint_empty(server):
         ret = make_root_ca(server, title="Root 1")
         data = ret.json

Také k dispozici: Unified diff

Projekt

Obecné

Profil

ASWI - Pokročilé softwarové inženýrství » ASWI 2021 » Aplikace pro správu X.509 certifikátů (Yoso Czech s.r.o.) - JMSD

Revize 71938dcd

Přidáno uživatelem Michal Seják před téměř 4 roky(ů)