switch the digest default to SHA2
[stack/cam.git] / cam / tests / test_ca.py
1 import logging
2 import os
3 import tempfile
4 import shutil
5 import subprocess
6 import unittest
7 from cam import ca
8 from cam import openssl_wrap
9
10
11 logging.basicConfig(level=logging.DEBUG)
12
13
14 class CertStub(object):
15
16     def __init__(self, name, cn, tmpdir):
17         self.name = name
18         self.cn = cn
19         self.alt_names = [cn]
20         self.ou = None
21         self.days = '365'
22         self.public_key_file = os.path.join(tmpdir, '%s.pub' % name)
23         self.private_key_file = os.path.join(tmpdir, '%s.priv' % name)
24
25     def get_expiration_date(self):
26         return 123456789
27
28     def exists(self):
29         return os.path.exists(self.public_key_file)
30
31
32 class CATest(unittest.TestCase):
33
34     def setUp(self):
35         self.tmpdir = tempfile.mkdtemp()
36         self.ca = ca.CA(self.tmpdir,
37                         {'cn': 'test ca', 'org': 'test',
38                          'bits': '1024', 'email': 'test@test.com'},
39                         password='testpw')
40
41     def tearDown(self):
42         self.ca.close()
43         shutil.rmtree(self.tmpdir)
44
45     def test_create(self):
46         self.ca.create()
47         self.assertTrue(os.path.exists(os.path.join(self.tmpdir, 'conf/ca.conf')))
48
49     def test_create_cert(self):
50         self.ca.create()
51         cert = CertStub('test', 'www.test.com', self.tmpdir)
52         self.ca.generate(cert)
53         self.assertTrue(os.path.exists(cert.public_key_file))
54         self.assertTrue(os.path.exists(cert.private_key_file))
55
56     def test_create_cert_with_digest_override(self):
57         self.ca.config['signature_algorithm'] = 'md5'
58         self.ca.create()
59         cert = CertStub('test', 'www.test.com', self.tmpdir)
60         self.ca.generate(cert)
61         self.assertTrue(os.path.exists(cert.public_key_file))
62         self.assertTrue(os.path.exists(cert.private_key_file))
63         self.assertTrue(
64             'Signature Algorithm: md5WithRSAEncryption' in subprocess.check_output(
65             ['openssl', 'x509', '-text', '-noout', '-in', cert.public_key_file]))
66
67     def test_revoke(self):
68         self.ca.create()
69         cert = CertStub('test', 'www.test.com', self.tmpdir)
70         self.ca.generate(cert)
71         self.ca.revoke(cert)
72         self.assertTrue(os.path.exists(os.path.join(self.tmpdir, 'public/ca.crl')))