cam/tests/test_ca.py

   1 import logging
   2 import os
   3 import tempfile
   4 import shutil
   5 import subprocess
   6 import unittest
   7 from cam import ca
   8 from cam import openssl_wrap
   9
  10
  11 logging.basicConfig(level=logging.DEBUG)
  12
  13
  14 class CertStub(object):
  15
  16     def __init__(self, name, cn, tmpdir):
  17         self.name = name
  18         self.cn = cn
  19         self.alt_names = [cn]
  20         self.ou = None
  21         self.days = '365'
  22         self.public_key_file = os.path.join(tmpdir, '%s.pub' % name)
  23         self.private_key_file = os.path.join(tmpdir, '%s.priv' % name)
  24
  25     def get_expiration_date(self):
  26         return 123456789
  27
  28     def exists(self):
  29         return os.path.exists(self.public_key_file)
  30
  31
  32 class CAStub(object):
  33     def __init__(self, *args, **kwargs):
  34         self.tmpdir = tempfile.mkdtemp()
  35         self.ca = ca.CA(self.tmpdir, *args, **kwargs)
  36
  37     def destroy(self):
  38         self.ca.close()
  39         shutil.rmtree(self.tmpdir)
  40
  41
  42 class CATest(unittest.TestCase):
  43
  44     def setUp(self):
  45         self.ca_stub = CAStub({'cn': 'test ca', 'org': 'test',
  46                          'bits': '1024', 'email': 'test@test.com'},
  47                          password='testpw')
  48         self.ca = self.ca_stub.ca
  49         self.tmpdir = self.ca_stub.tmpdir
  50
  51     def tearDown(self):
  52         self.ca_stub.destroy()
  53
  54     def test_create(self):
  55         self.ca.create()
  56         self.assertTrue(os.path.exists(os.path.join(self.tmpdir, 'conf/ca.conf')))
  57
  58     def test_create_cert(self):
  59         self.ca.create()
  60         cert = CertStub('test', 'www.test.com', self.tmpdir)
  61         self.ca.generate(cert)
  62         self.assertTrue(os.path.exists(cert.public_key_file))
  63         self.assertTrue(os.path.exists(cert.private_key_file))
  64
  65     def test_create_cert_with_digest_override(self):
  66         self.ca.config['signature_algorithm'] = 'md5'
  67         self.ca.create()
  68         cert = CertStub('test', 'www.test.com', self.tmpdir)
  69         self.ca.generate(cert)
  70         self.assertTrue(os.path.exists(cert.public_key_file))
  71         self.assertTrue(os.path.exists(cert.private_key_file))
  72         self.assertTrue(
  73             'Signature Algorithm: md5WithRSAEncryption' in subprocess.check_output(
  74             ['openssl', 'x509', '-text', '-noout', '-in', cert.public_key_file]))
  75
  76     def test_revoke(self):
  77         self.ca.create()
  78         cert = CertStub('test', 'www.test.com', self.tmpdir)
  79         self.ca.generate(cert)
  80         self.ca.revoke(cert)
  81         self.assertTrue(os.path.exists(os.path.join(self.tmpdir, 'public/ca.crl')))
  82
  83     def test_verify(self):
  84         orig_cert = CertStub('test', 'www.test.com', self.tmpdir)
  85         self.ca.create()
  86         self.ca.generate(orig_cert)
  87
  88         alt_ca = CAStub({'cn': 'test ca', 'org': 'test',
  89                          'bits': '1024', 'email': 'test@test.com'},
  90                          password='testpw')
  91         alt_ca.ca.create()
  92         alt_cert = CertStub('test', 'www.test.com', alt_ca.tmpdir)
  93         alt_ca.ca.generate(alt_cert)
  94
  95         self.assertTrue(self.ca.verify(orig_cert.public_key_file))
  96         self.assertTrue(alt_ca.ca.verify(alt_cert.public_key_file))
  97         self.assertFalse(self.ca.verify(alt_cert.public_key_file))
  98         self.assertFalse(alt_ca.ca.verify(orig_cert.public_key_file))
  99
 100         alt_ca.destroy()