Projekt

Obecné

Profil

« Předchozí | Další » 

Revize be2df9b7

Přidáno uživatelem Stanislav Král před téměř 4 roky(ů)

Re #8575 - Added unit tests verifying that serial number is set when creating a self signed certificate

Zobrazit rozdíly:

src/services/cryptography.py
106 106 
            return self.__run_for_output(
107 107 
                ["genrsa", PRIVATE_KEY_ENCRYPTION_METHOD, "-passout", f"pass:{passphrase}", "2048"]).decode()
108 108 

  		




  109
  
  
    
    def create_sscrt(self, subject, key, config="", extensions="", key_pass=None, days=30, sn: int =None):


  		




  
  109
  
    
    def create_sscrt(self, subject, key, config="", extensions="", key_pass=None, days=30, sn: int = None):


  		




  110
  110
  
    
        """


  		




  111
  111
  
    
        Creates a root CA


  		




  112
  112
  
    

  		




  ......




  155
  155
  
    
            # waiting for the passphrase to be typed in


  		




  156
  156
  
    
            args.extend(["-passin", f"pass:{key_pass}"])


  		




  157
  157
  
    

  		




  
  158
  
    
            print(args)


  		




  
  159
  
    

  		




  158
  160
  
    
            return self.__run_for_output(args, proc_input=bytes(key, encoding="utf-8")).decode()


  		




  159
  161
  
    

  		




  160
  162
  
    
    def __create_csr(self, subject, key, key_pass=""):


  		












  

    
      tests/unit_tests/services/cryptography/self_signed_cert_test.py
    
  





  176
  176
  
    
    assert cert_printed != cert_printed_2


  		




  177
  177
  
    
    assert cert_printed_2 != cert_printed_3


  		




  178
  178
  
    
    assert cert_printed != cert_printed_3


  		




  
  179
  
    

  		




  
  180
  
    

  		




  
  181
  
    
def test_create_sscrt_with_serial_number(service):


  		




  
  182
  
    
    # create a self signed certificate with a PK that is protected by a passphrase


  		




  
  183
  
    
    private_key = service.create_private_key()


  		




  
  184
  
    

  		




  
  185
  
    
    serial_number = 1024


  		




  
  186
  
    
    serial_number_hex = hex(serial_number).replace("x", "")


  		




  
  187
  
    

  		




  
  188
  
    
    # specify a serial number


  		




  
  189
  
    
    cert = service.create_sscrt(Subject(common_name="Topnax", country="CZ"), private_key, sn=serial_number)


  		




  
  190
  
    
    out = subprocess.check_output(["openssl", "x509", "-noout", "-in", "-", "-serial"],


  		




  
  191
  
    
                                  input=bytes(cert, encoding="utf-8"), stderr=subprocess.STDOUT).decode()


  		




  
  192
  
    

  		




  
  193
  
    
    assert f"serial={serial_number_hex}" in out


  		




  
  194
  
    

  		




  
  195
  
    

  		




  
  196
  
    
def test_create_sscrt_with_negative_serial_number(service):


  		




  
  197
  
    
    # create a self signed certificate with a PK that is protected by a passphrase


  		




  
  198
  
    
    private_key = service.create_private_key()


  		




  
  199
  
    

  		




  
  200
  
    
    # check whether negative serial number does not raise an exception


  		




  
  201
  
    
    serial_number = -1024


  		




  
  202
  
    
    serial_number_hex = hex(serial_number).replace("x", "")


  		




  
  203
  
    

  		




  
  204
  
    
    # specify a serial number


  		




  
  205
  
    
    cert = service.create_sscrt(Subject(common_name="Topnax", country="CZ"), private_key, sn=serial_number)


  		




  
  206
  
    
    out = subprocess.check_output(["openssl", "x509", "-noout", "-in", "-", "-serial"],


  		




  
  207
  
    
                                  input=bytes(cert, encoding="utf-8"), stderr=subprocess.STDOUT).decode()


  		




  
  208
  
    

  		




  
  209
  
    
    assert f"serial={serial_number_hex}" in out


  		












Také k dispozici:  Unified diff