add ca.verify tests
[stack/cam.git] / cam / tests / test_ca.py
1 import logging
2 import os
3 import tempfile
4 import shutil
5 import subprocess
6 import unittest
7 from cam import ca
8 from cam import openssl_wrap
9
10
11 logging.basicConfig(level=logging.DEBUG)
12
13
14 class CertStub(object):
15
16     def __init__(self, name, cn, tmpdir):
17         self.name = name
18         self.cn = cn
19         self.alt_names = [cn]
20         self.ou = None
21         self.days = '365'
22         self.public_key_file = os.path.join(tmpdir, '%s.pub' % name)
23         self.private_key_file = os.path.join(tmpdir, '%s.priv' % name)
24
25     def get_expiration_date(self):
26         return 123456789
27
28     def exists(self):
29         return os.path.exists(self.public_key_file)
30
31
32 class CAStub(object):
33     def __init__(self, *args, **kwargs):
34         self.tmpdir = tempfile.mkdtemp()
35         self.ca = ca.CA(self.tmpdir, *args, **kwargs)
36
37     def destroy(self):
38         self.ca.close()
39         shutil.rmtree(self.tmpdir)
40
41
42 class CATest(unittest.TestCase):
43
44     def setUp(self):
45         self.ca_stub = CAStub({'cn': 'test ca', 'org': 'test',
46                          'bits': '1024', 'email': 'test@test.com'},
47                          password='testpw')
48         self.ca = self.ca_stub.ca
49         self.tmpdir = self.ca_stub.tmpdir
50
51     def tearDown(self):
52         self.ca_stub.destroy()
53
54     def test_create(self):
55         self.ca.create()
56         self.assertTrue(os.path.exists(os.path.join(self.tmpdir, 'conf/ca.conf')))
57
58     def test_create_cert(self):
59         self.ca.create()
60         cert = CertStub('test', 'www.test.com', self.tmpdir)
61         self.ca.generate(cert)
62         self.assertTrue(os.path.exists(cert.public_key_file))
63         self.assertTrue(os.path.exists(cert.private_key_file))
64
65     def test_create_cert_with_digest_override(self):
66         self.ca.config['signature_algorithm'] = 'md5'
67         self.ca.create()
68         cert = CertStub('test', 'www.test.com', self.tmpdir)
69         self.ca.generate(cert)
70         self.assertTrue(os.path.exists(cert.public_key_file))
71         self.assertTrue(os.path.exists(cert.private_key_file))
72         self.assertTrue(
73             'Signature Algorithm: md5WithRSAEncryption' in subprocess.check_output(
74             ['openssl', 'x509', '-text', '-noout', '-in', cert.public_key_file]))
75
76     def test_revoke(self):
77         self.ca.create()
78         cert = CertStub('test', 'www.test.com', self.tmpdir)
79         self.ca.generate(cert)
80         self.ca.revoke(cert)
81         self.assertTrue(os.path.exists(os.path.join(self.tmpdir, 'public/ca.crl')))
82
83     def test_verify(self):
84         orig_cert = CertStub('test', 'www.test.com', self.tmpdir)
85         self.ca.create()
86         self.ca.generate(orig_cert)
87
88         alt_ca = CAStub({'cn': 'test ca', 'org': 'test',
89                          'bits': '1024', 'email': 'test@test.com'},
90                          password='testpw')
91         alt_ca.ca.create()
92         alt_cert = CertStub('test', 'www.test.com', alt_ca.tmpdir)
93         alt_ca.ca.generate(alt_cert)
94
95         self.assertTrue(self.ca.verify(orig_cert.public_key_file))
96         self.assertTrue(alt_ca.ca.verify(alt_cert.public_key_file))
97         self.assertFalse(self.ca.verify(alt_cert.public_key_file))
98         self.assertFalse(alt_ca.ca.verify(orig_cert.public_key_file))
99
100         alt_ca.destroy()