/ - Diff - Aplikace pro správu X.509 certifikátů (Yoso Czech s.r.o.) - JMSD - Redmine

« Předchozí | Další »

Revize 89aa967d

Přidáno uživatelem Michal Seják před téměř 4 roky(ů)

ID 89aa967df57843801ef2c181638cb89c28d51105
Rodič 71938dcd
Potomek 9a466331

Re #8705 - Review updates.

                                     return E_WRONG_PASSWORD, C_BAD_REQUEST
                                 key = self.key_service.wrap_custom_key(key_pem, passphrase=None)
                             else:
                                 key = self.key_service.create_new_key()                 # if "key" exists but is empty
                                 return E_WRONG_PARAMETERS, C_BAD_REQUEST                # if "key" exists but is empty
                     else:
                         return E_WRONG_PARAMETERS, C_BAD_REQUEST
                 else:
                     key = self.key_service.create_new_key()                             # if "key" does not exist
                                                                                         # TODO Honza: line 134 / 138, should
                                                                                         #   they both be allowed? I say one
                                                                                         #   of those branches should return
                                                                                         #   wrong params bad request (mby).
                 if CA not in body or body[CA] is None:                                  # if issuer omitted (legal) or none
                     cert = self.certificate_service.create_root_ca(                     # create a root CA
-...
                     f = self.certificate_service.create_ca if CA_ID in usages_dict and usages_dict[CA_ID] else \
                         self.certificate_service.create_end_cert
                     try:
                         # noinspection PyTypeChecker
                         cert = f(                                                           # create inter CA or end cert
                             key,                                                            # according to whether 'CA' is among
                             subject,                                                        # the usages' fields
                             issuer,
                             issuer_key,
                             usages=usages_dict,
                             days=body[VALIDITY_DAYS]
+                        )
                     except CryptographyException as e:
                         return {"success": False, "data": e.message}, C_BAD_REQUEST
                     # noinspection PyTypeChecker
                     cert = f(                                                           # create inter CA or end cert
                         key,                                                            # according to whether 'CA' is among
                         subject,                                                        # the usages' fields
                         issuer,
                         issuer_key,
                         usages=usages_dict,
                         days=body[VALIDITY_DAYS]
+                    )
                 if cert is not None:
                     return {"success": True,

         assert ret.json["success"]
         assert ret.json["data"]["status"] == "expired"
         def test_create_with_key_with_pass_valid(server, cryptography_service):
             key_pass = "123456Seven"
             key_pem = cryptography_service.create_private_key(key_pass)
             certificate = {
                 "CA": 1,
                 "subject": {
                     "C": "CZ",
                     "CN": "Rare Name",
                     "L": "Legendary Name",
                     "O": "Obscure Name",
                     "OU": "Original Uniform"
                 },
                 "usage": ["CA", "digitalSignature"],
                 "validityDays": 1,
                 "key": {
                     "password": key_pass,
                     "key_pem": key_pem
                 },
+            }
             ret = server.post("/api/certificates", content_type="application/json", json=certificate)
             assert ret.status_code == 201
         def test_create_with_key_with_pass_invalid_1(server, cryptography_service):
             key_pass = "123456Seven"
             key_pem = cryptography_service.create_private_key(key_pass)
             certificate = {
                 "CA": 1,
                 "subject": {
                     "C": "CZ",
                     "CN": "Rare Name",
                     "L": "Legendary Name",
                     "O": "Obscure Name",
                     "OU": "Original Uniform"
                 },
                 "usage": ["CA", "digitalSignature"],
                 "validityDays": 1,
                 "key": {
                     "password": "whoopsiedaisy",
                     "key_pem": key_pem
                 },
+            }
             ret = server.post("/api/certificates", content_type="application/json", json=certificate)
             assert ret.status_code == 400
             assert ret.json["data"] == 'The provided passphrase does not match the provided key.'
             assert not ret.json["success"]
     def test_create_with_key_with_pass_valid(server, cryptography_service):
         key_pass = "123456Seven"
         key_pem = cryptography_service.create_private_key(key_pass)
         def test_create_with_key_with_pass_invalid_2(server, cryptography_service):
             key_pass = "123456Seven"
             certificate = {
                 "CA": 1,
                 "subject": {
                     "C": "CZ",
                     "CN": "Rare Name",
                     "L": "Legendary Name",
                     "O": "Obscure Name",
                     "OU": "Original Uniform"
                 },
                 "usage": ["CA", "digitalSignature"],
                 "validityDays": 1,
                 "key": {
                     "password": key_pass,
                     "key_pem": "hi im garbage and you better pray `server` survives this"
                 },
+            }
             ret = server.post("/api/certificates", content_type="application/json", json=certificate)
             assert ret.status_code == 400
             assert ret.json["data"] == 'The provided passphrase does not match the provided key.'
             assert not ret.json["success"]
         certificate = {
             "CA": 1,
             "subject": {
                 "C": "CZ",
                 "CN": "Rare Name",
                 "L": "Legendary Name",
                 "O": "Obscure Name",
                 "OU": "Original Uniform"
             },
             "usage": ["CA", "digitalSignature"],
             "validityDays": 1,
             "key": {
                 "password": key_pass,
                 "key_pem": key_pem
             },
+        }
         ret = server.post("/api/certificates", content_type="application/json", json=certificate)
         assert ret.status_code == 201
         def test_create_with_key_no_pass(server, cryptography_service):
             key_pem = cryptography_service.create_private_key()
             certificate = {
                 "CA": 1,
                 "subject": {
                     "C": "CZ",
                     "CN": "Rare Name",
                     "L": "Legendary Name",
                     "O": "Obscure Name",
                     "OU": "Original Uniform"
                 },
                 "usage": ["CA", "digitalSignature"],
                 "validityDays": 1,
                 "key": {
                     "key_pem": key_pem
                 },
+            }
             ret = server.post("/api/certificates", content_type="application/json", json=certificate)
             assert ret.status_code == 201
         def test_create_with_key_no_pass_invalid_1(server, cryptography_service):
             certificate = {
                 "CA": 1,
                 "subject": {
                     "C": "CZ",
                     "CN": "Rare Name",
                     "L": "Legendary Name",
                     "O": "Obscure Name",
                     "OU": "Original Uniform"
                 },
                 "usage": ["CA", "digitalSignature"],
                 "validityDays": 1,
                 "key": {
                     "key_pem": "hi im garbage and you better pray `server` survives this"
                 },
+            }
             ret = server.post("/api/certificates", content_type="application/json", json=certificate)
             assert ret.status_code == 400
             assert not ret.json["success"]
     def test_create_with_key_with_pass_invalid_1(server, cryptography_service):
         key_pass = "123456Seven"
         key_pem = cryptography_service.create_private_key(key_pass)
         def test_create_no_key_with_pass(server, cryptography_service):
             key_pass = "123456Seven"
             certificate = {
                 "CA": 1,
                 "subject": {
                     "C": "CZ",
                     "CN": "Rare Name",
                     "L": "Legendary Name",
                     "O": "Obscure Name",
                     "OU": "Original Uniform"
                 },
                 "usage": ["CA", "digitalSignature"],
                 "validityDays": 1,
                 "key": {
                     "password": key_pass,
                 },
+            }
             ret = server.post("/api/certificates", content_type="application/json", json=certificate)
             assert ret.status_code == 201
             assert ret.json["success"]
             created_id = ret.json["data"]
             ret = server.get(f"/api/certificates/{created_id}/privatekey")
             assert ret.status_code == 200
             assert ret.json["success"]
             key_pem = ret.json["data"]
             assert cryptography_service.verify_key(key_pem, key_pass)
         def test_create_no_key_with_pass_invalid_1(server, cryptography_service):
             key_pass = "123456Seven"
             certificate = {
                 "CA": 1,
                 "subject": {
                     "C": "CZ",
                     "CN": "Rare Name",
                     "L": "Legendary Name",
                     "O": "Obscure Name",
                     "OU": "Original Uniform"
                 },
                 "usage": ["CA", "digitalSignature"],
                 "validityDays": 1,
                 "key": {
                     "password": key_pass,
                 },
+            }
             ret = server.post("/api/certificates", content_type="application/json", json=certificate)
             assert ret.status_code == 201
             assert ret.json["success"]
             created_id = ret.json["data"]
             ret = server.get(f"/api/certificates/{created_id}/privatekey")
             assert ret.status_code == 200
             assert ret.json["success"]
             key_pem = ret.json["data"]
             assert not cryptography_service.verify_key(key_pem, "iforgotthepassagainimsorryfrowningface")
         def test_create_no_key_no_pass_invalid(server, cryptography_service):
             certificate = {
                 "CA": 1,
                 "subject": {
                     "C": "CZ",
                     "CN": "Rare Name",
                     "L": "Legendary Name",
                     "O": "Obscure Name",
                     "OU": "Original Uniform"
                 },
                 "usage": ["CA", "digitalSignature"],
                 "validityDays": 1,
                 "key": {
+                }
         certificate = {
             "CA": 1,
             "subject": {
                 "C": "CZ",
                 "CN": "Rare Name",
                 "L": "Legendary Name",
                 "O": "Obscure Name",
                 "OU": "Original Uniform"
             },
             "usage": ["CA", "digitalSignature"],
             "validityDays": 1,
             "key": {
                 "password": "whoopsiedaisy",
                 "key_pem": key_pem
             },
+        }
         ret = server.post("/api/certificates", content_type="application/json", json=certificate)
         assert ret.status_code == 400
         assert ret.json["data"] == 'The provided passphrase does not match the provided key.'
         assert not ret.json["success"]
     def test_create_with_key_with_pass_invalid_2(server, cryptography_service):
         key_pass = "123456Seven"
         certificate = {
             "CA": 1,
             "subject": {
                 "C": "CZ",
                 "CN": "Rare Name",
                 "L": "Legendary Name",
                 "O": "Obscure Name",
                 "OU": "Original Uniform"
             },
             "usage": ["CA", "digitalSignature"],
             "validityDays": 1,
             "key": {
                 "password": key_pass,
                 "key_pem": "hi im garbage and you better pray `server` survives this"
             },
+        }
         ret = server.post("/api/certificates", content_type="application/json", json=certificate)
         assert ret.status_code == 400
         assert ret.json["data"] == 'The provided passphrase does not match the provided key.'
         assert not ret.json["success"]
     def test_create_with_key_no_pass(server, cryptography_service):
         key_pem = cryptography_service.create_private_key()
         certificate = {
             "CA": 1,
             "subject": {
                 "C": "CZ",
                 "CN": "Rare Name",
                 "L": "Legendary Name",
                 "O": "Obscure Name",
                 "OU": "Original Uniform"
             },
             "usage": ["CA", "digitalSignature"],
             "validityDays": 1,
             "key": {
                 "key_pem": key_pem
             },
+        }
         ret = server.post("/api/certificates", content_type="application/json", json=certificate)
         assert ret.status_code == 201
     def test_create_with_key_no_pass_invalid_1(server, cryptography_service):
         certificate = {
             "CA": 1,
             "subject": {
                 "C": "CZ",
                 "CN": "Rare Name",
                 "L": "Legendary Name",
                 "O": "Obscure Name",
                 "OU": "Original Uniform"
             },
             "usage": ["CA", "digitalSignature"],
             "validityDays": 1,
             "key": {
                 "key_pem": "hi im garbage and you better pray `server` survives this"
             },
+        }
         ret = server.post("/api/certificates", content_type="application/json", json=certificate)
         assert ret.status_code == 400
         assert not ret.json["success"]
     def test_create_no_key_with_pass(server, cryptography_service):
         key_pass = "123456Seven"
         certificate = {
             "CA": 1,
             "subject": {
                 "C": "CZ",
                 "CN": "Rare Name",
                 "L": "Legendary Name",
                 "O": "Obscure Name",
                 "OU": "Original Uniform"
             },
             "usage": ["CA", "digitalSignature"],
             "validityDays": 1,
             "key": {
                 "password": key_pass,
             },
+        }
         ret = server.post("/api/certificates", content_type="application/json", json=certificate)
         assert ret.status_code == 201
         assert ret.json["success"]
         created_id = ret.json["data"]
         ret = server.get(f"/api/certificates/{created_id}/privatekey")
         assert ret.status_code == 200
         assert ret.json["success"]
         key_pem = ret.json["data"]
         assert cryptography_service.verify_key(key_pem, key_pass)
     def test_create_no_key_with_pass_invalid_1(server, cryptography_service):
         key_pass = "123456Seven"
         certificate = {
             "CA": 1,
             "subject": {
                 "C": "CZ",
                 "CN": "Rare Name",
                 "L": "Legendary Name",
                 "O": "Obscure Name",
                 "OU": "Original Uniform"
             },
             "usage": ["CA", "digitalSignature"],
             "validityDays": 1,
             "key": {
                 "password": key_pass,
             },
+        }
         ret = server.post("/api/certificates", content_type="application/json", json=certificate)
         assert ret.status_code == 201
         assert ret.json["success"]
         created_id = ret.json["data"]
         ret = server.get(f"/api/certificates/{created_id}/privatekey")
         assert ret.status_code == 200
         assert ret.json["success"]
         key_pem = ret.json["data"]
         assert not cryptography_service.verify_key(key_pem, "iforgotthepassagainimsorryfrowningface")
     def test_create_no_key_no_pass_invalid(server, cryptography_service):
         certificate = {
             "CA": 1,
             "subject": {
                 "C": "CZ",
                 "CN": "Rare Name",
                 "L": "Legendary Name",
                 "O": "Obscure Name",
                 "OU": "Original Uniform"
             },
             "usage": ["CA", "digitalSignature"],
             "validityDays": 1,
             "key": {
+            }
             ret = server.post("/api/certificates", content_type="application/json", json=certificate)
             assert ret.status_code == 201  # TODO Honza? CertificateController/create_cert
         def test_key_reusal(server, cryptography_service):
             # key_pass = "1234567Eight"
             # key_pem = cryptography_service.create_private_key(key_pass)
+            #
             # certificate = {
             #     "CA": 1,
             #     "subject": {
             #         "C": "CZ",
             #         "CN": "Rare Name",
             #         "L": "Legendary awd",
             #         "O": "Obscure awd",
             #         "OU": "Original Uniform"
             #     },
             #     "usage": ["CA", "digitalSignature"],
             #     "validityDays": 1,
             #     "key": {
             #         "password": key_pass,
             #         "key_pem": key_pem
             #     },
             # }
             # ret = server.post("/api/certificates", content_type="application/json", json=certificate)
             # assert ret.staus_code == 201
             # assert ret.json["success"]
             # created_id = ret.json["data"]
             # ret = server.get(f"/api/certificates/{created_id}/privatekey")
             # assert ret.status_code == 200
             # assert ret.json["success"]
             # key_pem = ret.json["data"]
             # TODO
             pass
+        }
         ret = server.post("/api/certificates", content_type="application/json", json=certificate)
         assert ret.status_code == 201

Také k dispozici: Unified diff

Projekt

Obecné

Profil

ASWI - Pokročilé softwarové inženýrství » ASWI 2021 » Aplikace pro správu X.509 certifikátů (Yoso Czech s.r.o.) - JMSD

Revize 89aa967d

Přidáno uživatelem Michal Seják před téměř 4 roky(ů)