v.licheni.net / stack / cam.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
add ca.verify tests
[stack/cam.git] / cam / tests / test_ca.py
diff --git a/cam/tests/test_ca.py b/cam/tests/test_ca.py
index 748326f..39a90d1 100644 (file)
--- a/cam/tests/test_ca.py
+++ b/cam/tests/test_ca.py
@@ -29,18 +29,27 @@ class CertStub(object):
         return os.path.exists(self.public_key_file)
 
 
+class CAStub(object):
+    def __init__(self, *args, **kwargs):
+        self.tmpdir = tempfile.mkdtemp()
+        self.ca = ca.CA(self.tmpdir, *args, **kwargs)
+
+    def destroy(self):
+        self.ca.close()
+        shutil.rmtree(self.tmpdir)
+
+
 class CATest(unittest.TestCase):
 
     def setUp(self):
-        self.tmpdir = tempfile.mkdtemp()
-        self.ca = ca.CA(self.tmpdir,
-                        {'cn': 'test ca', 'org': 'test',
+        self.ca_stub = CAStub({'cn': 'test ca', 'org': 'test',
                          'bits': '1024', 'email': 'test@test.com'},
-                        password='testpw')
+                         password='testpw')
+        self.ca = self.ca_stub.ca
+        self.tmpdir = self.ca_stub.tmpdir
 
     def tearDown(self):
-        self.ca.close()
-        shutil.rmtree(self.tmpdir)
+        self.ca_stub.destroy()
 
     def test_create(self):
         self.ca.create()
@@ -53,15 +62,15 @@ class CATest(unittest.TestCase):
         self.assertTrue(os.path.exists(cert.public_key_file))
         self.assertTrue(os.path.exists(cert.private_key_file))
 
-    def test_create_cert_with_sha2_signature(self):
-        self.ca.config['signature_algorithm'] = 'sha256'
+    def test_create_cert_with_digest_override(self):
+        self.ca.config['signature_algorithm'] = 'md5'
         self.ca.create()
         cert = CertStub('test', 'www.test.com', self.tmpdir)
         self.ca.generate(cert)
         self.assertTrue(os.path.exists(cert.public_key_file))
         self.assertTrue(os.path.exists(cert.private_key_file))
         self.assertTrue(
-            'Signature Algorithm: sha256WithRSAEncryption' in subprocess.check_output(
+            'Signature Algorithm: md5WithRSAEncryption' in subprocess.check_output(
             ['openssl', 'x509', '-text', '-noout', '-in', cert.public_key_file]))
 
     def test_revoke(self):
@@ -70,3 +79,22 @@ class CATest(unittest.TestCase):
         self.ca.generate(cert)
         self.ca.revoke(cert)
         self.assertTrue(os.path.exists(os.path.join(self.tmpdir, 'public/ca.crl')))
+
+    def test_verify(self):
+        orig_cert = CertStub('test', 'www.test.com', self.tmpdir)
+        self.ca.create()
+        self.ca.generate(orig_cert)
+
+        alt_ca = CAStub({'cn': 'test ca', 'org': 'test',
+                         'bits': '1024', 'email': 'test@test.com'},
+                         password='testpw')
+        alt_ca.ca.create()
+        alt_cert = CertStub('test', 'www.test.com', alt_ca.tmpdir)
+        alt_ca.ca.generate(alt_cert)
+
+        self.assertTrue(self.ca.verify(orig_cert.public_key_file))
+        self.assertTrue(alt_ca.ca.verify(alt_cert.public_key_file))
+        self.assertFalse(self.ca.verify(alt_cert.public_key_file))
+        self.assertFalse(alt_ca.ca.verify(orig_cert.public_key_file))
+
+        alt_ca.destroy()