return os.path.exists(self.public_key_file)
+class CAStub(object):
+ def __init__(self, *args, **kwargs):
+ self.tmpdir = tempfile.mkdtemp()
+ self.ca = ca.CA(self.tmpdir, *args, **kwargs)
+
+ def destroy(self):
+ self.ca.close()
+ shutil.rmtree(self.tmpdir)
+
+
class CATest(unittest.TestCase):
def setUp(self):
- self.tmpdir = tempfile.mkdtemp()
- self.ca = ca.CA(self.tmpdir,
- {'cn': 'test ca', 'org': 'test',
+ self.ca_stub = CAStub({'cn': 'test ca', 'org': 'test',
'bits': '1024', 'email': 'test@test.com'},
- password='testpw')
+ password='testpw')
+ self.ca = self.ca_stub.ca
+ self.tmpdir = self.ca_stub.tmpdir
def tearDown(self):
- self.ca.close()
- shutil.rmtree(self.tmpdir)
+ self.ca_stub.destroy()
def test_create(self):
self.ca.create()
self.assertTrue(os.path.exists(cert.public_key_file))
self.assertTrue(os.path.exists(cert.private_key_file))
- def test_create_cert_with_sha2_signature(self):
- self.ca.config['signature_algorithm'] = 'sha256'
+ def test_create_cert_with_digest_override(self):
+ self.ca.config['signature_algorithm'] = 'md5'
self.ca.create()
cert = CertStub('test', 'www.test.com', self.tmpdir)
self.ca.generate(cert)
self.assertTrue(os.path.exists(cert.public_key_file))
self.assertTrue(os.path.exists(cert.private_key_file))
self.assertTrue(
- 'Signature Algorithm: sha256WithRSAEncryption' in subprocess.check_output(
+ 'Signature Algorithm: md5WithRSAEncryption' in subprocess.check_output(
['openssl', 'x509', '-text', '-noout', '-in', cert.public_key_file]))
def test_revoke(self):
self.ca.generate(cert)
self.ca.revoke(cert)
self.assertTrue(os.path.exists(os.path.join(self.tmpdir, 'public/ca.crl')))
+
+ def test_verify(self):
+ orig_cert = CertStub('test', 'www.test.com', self.tmpdir)
+ self.ca.create()
+ self.ca.generate(orig_cert)
+
+ alt_ca = CAStub({'cn': 'test ca', 'org': 'test',
+ 'bits': '1024', 'email': 'test@test.com'},
+ password='testpw')
+ alt_ca.ca.create()
+ alt_cert = CertStub('test', 'www.test.com', alt_ca.tmpdir)
+ alt_ca.ca.generate(alt_cert)
+
+ self.assertTrue(self.ca.verify(orig_cert.public_key_file))
+ self.assertTrue(alt_ca.ca.verify(alt_cert.public_key_file))
+ self.assertFalse(self.ca.verify(alt_cert.public_key_file))
+ self.assertFalse(alt_ca.ca.verify(orig_cert.public_key_file))
+
+ alt_ca.destroy()