3 from sfa.trust.certificate import Certificate, Keypair
5 class TestCert(unittest.TestCase):
13 def testSetAndGetSubject(self):
16 cert.set_subject("test")
17 subj = cert.get_subject()
18 self.assertEqual(subj, "test")
21 cert = Certificate(subject="test")
23 # create an issuer and sign the certificate
24 issuerKey = Keypair(create=True)
25 issuerSubject = "testissuer"
26 cert.set_issuer(issuerKey, issuerSubject)
29 def testAddExtension(self):
30 cert = Certificate(subject="test")
31 cert.add_extension("subjectAltName", 0, "URI:http://foovalue")
33 self.assertEqual(cert.get_extension("subjectAltName"),
34 "URI:http://foovalue")
36 def testSetData(self):
37 cert = Certificate(subject="test")
38 data = "this is a test"
40 self.assertEqual(cert.get_data(), data)
42 # try something a bit more complicated, like an xmlrpc encoding of
44 cert = Certificate(subject="test")
45 data = xmlrpclib.dumps((1, "foo", ["a", "b"], {"c": "d", "e": "f"}, True))
47 self.assertEqual(cert.get_data(), data)
50 def testSaveAndLoadString(self):
51 cert = Certificate(subject="test")
52 cert.add_extension("subjectAltName", 0, "URI:http://foovalue")
54 # create an issuer and sign the certificate
55 issuerKey = Keypair(create=True)
56 issuerSubject = "testissuer"
57 cert.set_issuer(issuerKey, issuerSubject)
60 certstr = cert.save_to_string()
65 cert2.load_from_string(certstr)
67 # read back the subject and make sure it is correct
68 subj = cert2.get_subject()
69 self.assertEqual(subj, "test")
71 # read back the issuer and make sure it is correct
72 issuerName = cert2.get_issuer()
73 self.assertEqual(issuerName, "testissuer")
75 # read back the extension and make sure it is correct
76 self.assertEqual(cert2.get_extension("subjectAltName"),
77 "URI:http://foovalue")
79 def testLongExtension(self):
80 cert = Certificate(subject="test")
82 # should produce something around 256 KB
83 veryLongString = "URI:http://"
85 for i in range(1, 80):
86 shortString = shortString + "abcdefghijklmnopqrstuvwxyz012345"
87 for i in range(1, 100):
88 veryLongString = veryLongString + shortString + str(i)
90 cert.add_extension("subjectAltName", 0, veryLongString)
92 # create an issuer and sign the certificate
93 issuerKey = Keypair(create=True)
94 issuerSubject = "testissuer"
95 cert.set_issuer(issuerKey, issuerSubject)
98 certstr = cert.save_to_string()
100 cert2 = Certificate()
101 cert2.load_from_string(certstr)
102 val = cert2.get_extension("subjectAltName")
103 self.assertEqual(val, veryLongString)
105 def testVerify(self):
106 cert = Certificate(subject="test")
108 # create an issuer and sign the certificate
109 issuerKey = Keypair(create=True)
110 issuerSubject = "testissuer"
111 cert.set_issuer(issuerKey, issuerSubject)
114 result = cert.verify(issuerKey)
118 issuerKey2 = Keypair(create=True)
119 issuerSubject2 = "wrongissuer"
121 # and make sure it doesn't verify
122 result = cert.verify(issuerKey2)
123 self.assert_(not result)
125 # load the cert from a string, and verify again
126 cert2 = Certificate(string = cert.save_to_string())
127 result = cert2.verify(issuerKey)
129 result = cert2.verify(issuerKey2)
130 self.assert_(not result)
132 def test_is_signed_by(self):
133 cert1 = Certificate(subject="one")
137 cert1.set_pubkey(key1)
139 # create an issuer and sign the certificate
140 issuerKey = Keypair(create=True)
141 issuerSubject = "testissuer"
142 cert1.set_issuer(issuerKey, issuerSubject)
145 cert2 = Certificate(subject="two")
147 key2 = Keypair(create=True)
148 cert2.set_pubkey(key2)
150 cert2.set_issuer(key1, cert=cert1)
152 # cert2 is signed by cert1
153 self.assert_(cert2.is_signed_by_cert(cert1))
154 # cert1 is not signed by cert2
155 self.assert_(not cert1.is_signed_by_cert(cert2))
157 def test_parents(self):
158 cert_root = Certificate(subject="root")
159 key_root = Keypair(create=True)
160 cert_root.set_pubkey(key_root)
161 cert_root.set_issuer(key_root, "root")
164 cert1 = Certificate(subject="one")
165 key1 = Keypair(create=True)
166 cert1.set_pubkey(key1)
167 cert1.set_issuer(key_root, "root")
170 cert2 = Certificate(subject="two")
171 key2 = Keypair(create=True)
172 cert2.set_pubkey(key2)
173 cert2.set_issuer(key1, cert=cert1)
174 cert2.set_parent(cert1)
177 cert3 = Certificate(subject="three")
178 key3 = Keypair(create=True)
179 cert3.set_pubkey(key3)
180 cert3.set_issuer(key2, cert=cert2)
181 cert3.set_parent(cert2)
184 self.assert_(cert1.verify(key_root))
185 self.assert_(cert2.is_signed_by_cert(cert1))
186 self.assert_(cert3.is_signed_by_cert(cert2))
188 cert3.verify_chain([cert_root])
190 # now save the chain to a string and load it into a new certificate
191 str_chain = cert3.save_to_string(save_parents=True)
192 cert4 = Certificate(string = str_chain)
194 # verify the newly loaded chain still verifies
195 cert4.verify_chain([cert_root])
197 # verify the parentage
198 self.assertEqual(cert4.get_parent().get_subject(), "two")
199 self.assertEqual(cert4.get_parent().get_parent().get_subject(), "one")
203 if __name__ == "__main__":