Merge branch 'geni-v3' of ssh://git.onelab.eu/git/sfa into geni-v3
[sfa.git] / tests / testCert.py
1 import unittest
2 import xmlrpclib
3 from sfa.trust.certificate import Certificate, Keypair
4
5 class TestCert(unittest.TestCase):
6    def setUp(self):
7       pass
8
9    def testCreate(self):
10       cert = Certificate()
11       cert.create()
12
13    def testSetAndGetSubject(self):
14       cert = Certificate()
15       cert.create()
16       cert.set_subject("test")
17       subj = cert.get_subject()
18       self.assertEqual(subj, "test")
19
20    def testSign(self):
21       cert = Certificate(subject="test")
22
23       # create an issuer and sign the certificate
24       issuerKey = Keypair(create=True)
25       issuerSubject = "testissuer"
26       cert.set_issuer(issuerKey, issuerSubject)
27       cert.sign()
28
29    def testAddExtension(self):
30       cert = Certificate(subject="test")
31       cert.add_extension("subjectAltName", 0, "URI:http://foovalue")
32
33       self.assertEqual(cert.get_extension("subjectAltName"),
34                        "URI:http://foovalue")
35
36    def testSetData(self):
37       cert = Certificate(subject="test")
38       data = "this is a test"
39       cert.set_data(data)
40       self.assertEqual(cert.get_data(), data)
41
42       # try something a bit more complicated, like an xmlrpc encoding of
43       # some parameters
44       cert = Certificate(subject="test")
45       data = xmlrpclib.dumps((1, "foo", ["a", "b"], {"c": "d", "e": "f"}, True))
46       cert.set_data(data)
47       self.assertEqual(cert.get_data(), data)
48
49
50    def testSaveAndLoadString(self):
51       cert = Certificate(subject="test")
52       cert.add_extension("subjectAltName", 0, "URI:http://foovalue")
53
54       # create an issuer and sign the certificate
55       issuerKey = Keypair(create=True)
56       issuerSubject = "testissuer"
57       cert.set_issuer(issuerKey, issuerSubject)
58       cert.sign()
59
60       certstr = cert.save_to_string()
61
62       #print certstr
63
64       cert2 = Certificate()
65       cert2.load_from_string(certstr)
66
67       # read back the subject and make sure it is correct
68       subj = cert2.get_subject()
69       self.assertEqual(subj, "test")
70
71       # read back the issuer and make sure it is correct
72       issuerName = cert2.get_issuer()
73       self.assertEqual(issuerName, "testissuer")
74
75       # read back the extension and make sure it is correct
76       self.assertEqual(cert2.get_extension("subjectAltName"),
77                        "URI:http://foovalue")
78
79    def testLongExtension(self):
80       cert = Certificate(subject="test")
81
82       # should produce something around 256 KB
83       veryLongString = "URI:http://"
84       shortString = ""
85       for i in range(1, 80):
86           shortString = shortString + "abcdefghijklmnopqrstuvwxyz012345"
87       for i in range(1, 100):
88           veryLongString = veryLongString + shortString + str(i)
89
90       cert.add_extension("subjectAltName", 0, veryLongString)
91
92       # create an issuer and sign the certificate
93       issuerKey = Keypair(create=True)
94       issuerSubject = "testissuer"
95       cert.set_issuer(issuerKey, issuerSubject)
96       cert.sign()
97
98       certstr = cert.save_to_string()
99
100       cert2 = Certificate()
101       cert2.load_from_string(certstr)
102       val = cert2.get_extension("subjectAltName")
103       self.assertEqual(val, veryLongString)
104
105    def testVerify(self):
106       cert = Certificate(subject="test")
107
108       # create an issuer and sign the certificate
109       issuerKey = Keypair(create=True)
110       issuerSubject = "testissuer"
111       cert.set_issuer(issuerKey, issuerSubject)
112       cert.sign()
113
114       result = cert.verify(issuerKey)
115       self.assert_(result)
116
117       # create another key
118       issuerKey2 = Keypair(create=True)
119       issuerSubject2 = "wrongissuer"
120
121       # and make sure it doesn't verify
122       result = cert.verify(issuerKey2)
123       self.assert_(not result)
124
125       # load the cert from a string, and verify again
126       cert2 = Certificate(string = cert.save_to_string())
127       result = cert2.verify(issuerKey)
128       self.assert_(result)
129       result = cert2.verify(issuerKey2)
130       self.assert_(not result)
131
132    def test_is_signed_by(self):
133       cert1 = Certificate(subject="one")
134
135       key1 = Keypair()
136       key1.create()
137       cert1.set_pubkey(key1)
138
139       # create an issuer and sign the certificate
140       issuerKey = Keypair(create=True)
141       issuerSubject = "testissuer"
142       cert1.set_issuer(issuerKey, issuerSubject)
143       cert1.sign()
144
145       cert2 = Certificate(subject="two")
146
147       key2 = Keypair(create=True)
148       cert2.set_pubkey(key2)
149
150       cert2.set_issuer(key1, cert=cert1)
151
152       # cert2 is signed by cert1
153       self.assert_(cert2.is_signed_by_cert(cert1))
154       # cert1 is not signed by cert2
155       self.assert_(not cert1.is_signed_by_cert(cert2))
156
157    def test_parents(self):
158       cert_root = Certificate(subject="root")
159       key_root = Keypair(create=True)
160       cert_root.set_pubkey(key_root)
161       cert_root.set_issuer(key_root, "root")
162       cert_root.sign()
163
164       cert1 = Certificate(subject="one")
165       key1 = Keypair(create=True)
166       cert1.set_pubkey(key1)
167       cert1.set_issuer(key_root, "root")
168       cert1.sign()
169
170       cert2 = Certificate(subject="two")
171       key2 = Keypair(create=True)
172       cert2.set_pubkey(key2)
173       cert2.set_issuer(key1, cert=cert1)
174       cert2.set_parent(cert1)
175       cert2.sign()
176
177       cert3 = Certificate(subject="three")
178       key3 = Keypair(create=True)
179       cert3.set_pubkey(key3)
180       cert3.set_issuer(key2, cert=cert2)
181       cert3.set_parent(cert2)
182       cert3.sign()
183
184       self.assert_(cert1.verify(key_root))
185       self.assert_(cert2.is_signed_by_cert(cert1))
186       self.assert_(cert3.is_signed_by_cert(cert2))
187
188       cert3.verify_chain([cert_root])
189
190       # now save the chain to a string and load it into a new certificate
191       str_chain = cert3.save_to_string(save_parents=True)
192       cert4 = Certificate(string = str_chain)
193
194       # verify the newly loaded chain still verifies
195       cert4.verify_chain([cert_root])
196
197       # verify the parentage
198       self.assertEqual(cert4.get_parent().get_subject(), "two")
199       self.assertEqual(cert4.get_parent().get_parent().get_subject(), "one")
200
201
202
203 if __name__ == "__main__":
204     unittest.main()