1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
|
import os
from netlib import certutils, certffi
import OpenSSL
import tutils
class TestDNTree:
def test_simple(self):
d = certutils.DNTree()
d.add("foo.com", "foo")
d.add("bar.com", "bar")
assert d.get("foo.com") == "foo"
assert d.get("bar.com") == "bar"
assert not d.get("oink.com")
assert not d.get("oink")
assert not d.get("")
assert not d.get("oink.oink")
d.add("*.match.org", "match")
assert not d.get("match.org")
assert d.get("foo.match.org") == "match"
assert d.get("foo.foo.match.org") == "match"
def test_wildcard(self):
d = certutils.DNTree()
d.add("foo.com", "foo")
assert not d.get("*.foo.com")
d.add("*.foo.com", "wild")
d = certutils.DNTree()
d.add("*", "foo")
assert d.get("foo.com") == "foo"
assert d.get("*.foo.com") == "foo"
assert d.get("com") == "foo"
class TestCertStore:
def test_create_explicit(self):
with tutils.tmpdir() as d:
ca = certutils.CertStore.from_store(d, "test")
assert ca.get_cert("foo", [])
ca2 = certutils.CertStore.from_store(d, "test")
assert ca2.get_cert("foo", [])
assert ca.cacert.get_serial_number() == ca2.cacert.get_serial_number()
def test_create_tmp(self):
with tutils.tmpdir() as d:
ca = certutils.CertStore.from_store(d, "test")
assert ca.get_cert("foo.com", [])
assert ca.get_cert("foo.com", [])
assert ca.get_cert("*.foo.com", [])
r = ca.get_cert("*.foo.com", [])
assert r[1] == ca.privkey
def test_add_cert(self):
with tutils.tmpdir() as d:
ca = certutils.CertStore.from_store(d, "test")
def test_sans(self):
with tutils.tmpdir() as d:
ca = certutils.CertStore.from_store(d, "test")
c1 = ca.get_cert("foo.com", ["*.bar.com"])
c2 = ca.get_cert("foo.bar.com", [])
assert c1 == c2
c3 = ca.get_cert("bar.com", [])
assert not c1 == c3
def test_overrides(self):
with tutils.tmpdir() as d:
ca1 = certutils.CertStore.from_store(os.path.join(d, "ca1"), "test")
ca2 = certutils.CertStore.from_store(os.path.join(d, "ca2"), "test")
assert not ca1.cacert.get_serial_number() == ca2.cacert.get_serial_number()
dc = ca2.get_cert("foo.com", [])
dcp = os.path.join(d, "dc")
f = open(dcp, "wb")
f.write(dc[0].to_pem())
f.close()
ca1.add_cert_file("foo.com", dcp)
ret = ca1.get_cert("foo.com", [])
assert ret[0].serial == dc[0].serial
def test_gen_pkey(self):
try:
with tutils.tmpdir() as d:
ca1 = certutils.CertStore.from_store(os.path.join(d, "ca1"), "test")
ca2 = certutils.CertStore.from_store(os.path.join(d, "ca2"), "test")
cert = ca1.get_cert("foo.com", [])
assert certffi.get_flags(ca2.gen_pkey(cert[0])) == 1
finally:
certffi.set_flags(ca2.privkey, 0)
class TestDummyCert:
def test_with_ca(self):
with tutils.tmpdir() as d:
ca = certutils.CertStore.from_store(d, "test")
r = certutils.dummy_cert(
ca.privkey,
ca.cacert,
"foo.com",
["one.com", "two.com", "*.three.com"]
)
assert r.cn == "foo.com"
class TestSSLCert:
def test_simple(self):
c = certutils.SSLCert.from_pem(file(tutils.test_data.path("data/text_cert"), "rb").read())
assert c.cn == "google.com"
assert len(c.altnames) == 436
c = certutils.SSLCert.from_pem(file(tutils.test_data.path("data/text_cert_2"), "rb").read())
assert c.cn == "www.inode.co.nz"
assert len(c.altnames) == 2
assert c.digest("sha1")
assert c.notbefore
assert c.notafter
assert c.subject
assert c.keyinfo == ("RSA", 2048)
assert c.serial
assert c.issuer
assert c.to_pem()
c.has_expired
def test_err_broken_sans(self):
c = certutils.SSLCert.from_pem(file(tutils.test_data.path("data/text_cert_weird1"), "rb").read())
# This breaks unless we ignore a decoding error.
c.altnames
def test_der(self):
d = file(tutils.test_data.path("data/dercert"),"rb").read()
s = certutils.SSLCert.from_der(d)
assert s.cn
|
