v.licheni.net / stack / cam.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
add ca.verify tests
[stack/cam.git] / cam / tests / test_ca.py
diff --git a/cam/tests/test_ca.py b/cam/tests/test_ca.py
index c443fe4..39a90d1 100644 (file)
--- a/cam/tests/test_ca.py
+++ b/cam/tests/test_ca.py
@@ -2,6 +2,7 @@ import logging
 import os
 import tempfile
 import shutil
+import subprocess
 import unittest
 from cam import ca
 from cam import openssl_wrap
@@ -24,19 +25,31 @@ class CertStub(object):
     def get_expiration_date(self):
         return 123456789
 
+    def exists(self):
+        return os.path.exists(self.public_key_file)
+
+
+class CAStub(object):
+    def __init__(self, *args, **kwargs):
+        self.tmpdir = tempfile.mkdtemp()
+        self.ca = ca.CA(self.tmpdir, *args, **kwargs)
+
+    def destroy(self):
+        self.ca.close()
+        shutil.rmtree(self.tmpdir)
+
 
 class CATest(unittest.TestCase):
 
     def setUp(self):
-        self.tmpdir = tempfile.mkdtemp()
-        self.ca = ca.CA(self.tmpdir,
-                        {'cn': 'test ca', 'org': 'test',
+        self.ca_stub = CAStub({'cn': 'test ca', 'org': 'test',
                          'bits': '1024', 'email': 'test@test.com'},
-                        password='testpw')
+                         password='testpw')
+        self.ca = self.ca_stub.ca
+        self.tmpdir = self.ca_stub.tmpdir
 
     def tearDown(self):
-        self.ca.close()
-        shutil.rmtree(self.tmpdir)
+        self.ca_stub.destroy()
 
     def test_create(self):
         self.ca.create()
@@ -49,9 +62,39 @@ class CATest(unittest.TestCase):
         self.assertTrue(os.path.exists(cert.public_key_file))
         self.assertTrue(os.path.exists(cert.private_key_file))
 
+    def test_create_cert_with_digest_override(self):
+        self.ca.config['signature_algorithm'] = 'md5'
+        self.ca.create()
+        cert = CertStub('test', 'www.test.com', self.tmpdir)
+        self.ca.generate(cert)
+        self.assertTrue(os.path.exists(cert.public_key_file))
+        self.assertTrue(os.path.exists(cert.private_key_file))
+        self.assertTrue(
+            'Signature Algorithm: md5WithRSAEncryption' in subprocess.check_output(
+            ['openssl', 'x509', '-text', '-noout', '-in', cert.public_key_file]))
+
     def test_revoke(self):
         self.ca.create()
         cert = CertStub('test', 'www.test.com', self.tmpdir)
         self.ca.generate(cert)
         self.ca.revoke(cert)
-        self.assertTrue(os.path.exists(os.path.join(self.tmpdir, 'public/crl.pem')))
+        self.assertTrue(os.path.exists(os.path.join(self.tmpdir, 'public/ca.crl')))
+
+    def test_verify(self):
+        orig_cert = CertStub('test', 'www.test.com', self.tmpdir)
+        self.ca.create()
+        self.ca.generate(orig_cert)
+
+        alt_ca = CAStub({'cn': 'test ca', 'org': 'test',
+                         'bits': '1024', 'email': 'test@test.com'},
+                         password='testpw')
+        alt_ca.ca.create()
+        alt_cert = CertStub('test', 'www.test.com', alt_ca.tmpdir)
+        alt_ca.ca.generate(alt_cert)
+
+        self.assertTrue(self.ca.verify(orig_cert.public_key_file))
+        self.assertTrue(alt_ca.ca.verify(alt_cert.public_key_file))
+        self.assertFalse(self.ca.verify(alt_cert.public_key_file))
+        self.assertFalse(alt_ca.ca.verify(orig_cert.public_key_file))
+
+        alt_ca.destroy()