tests/testCert.py

   1 import unittest
   2 from sfa.trust.certificate import Certificate, Keypair
   3 import xmlrpc.client
   4
   5 class TestCert(unittest.TestCase):
   6    def setUp(self):
   7       pass
   8
   9    def testCreate(self):
  10       cert = Certificate()
  11       cert.create()
  12
  13    def testSetAndGetSubject(self):
  14       cert = Certificate()
  15       cert.create()
  16       cert.set_subject("test")
  17       subj = cert.get_subject()
  18       self.assertEqual(subj, "test")
  19
  20    def testSign(self):
  21       cert = Certificate(subject="test")
  22
  23       # create an issuer and sign the certificate
  24       issuerKey = Keypair(create=True)
  25       issuerSubject = "testissuer"
  26       cert.set_issuer(issuerKey, issuerSubject)
  27       cert.sign()
  28
  29    def testAddExtension(self):
  30       cert = Certificate(subject="test")
  31       cert.add_extension("subjectAltName", 0, "URI:http://foovalue")
  32
  33       self.assertEqual(cert.get_extension("subjectAltName"),
  34                        "URI:http://foovalue")
  35
  36    def testSetData(self):
  37       cert = Certificate(subject="test")
  38       data = "this is a test"
  39       cert.set_data(data)
  40       self.assertEqual(cert.get_data(), data)
  41
  42       # try something a bit more complicated, like an xmlrpc encoding of
  43       # some parameters
  44       cert = Certificate(subject="test")
  45       data = xmlrpc.client.dumps((1, "foo", ["a", "b"], {"c": "d", "e": "f"}, True))
  46       cert.set_data(data)
  47       self.assertEqual(cert.get_data(), data)
  48
  49
  50    def testSaveAndLoadString(self):
  51       cert = Certificate(subject="test")
  52       cert.add_extension("subjectAltName", 0, "URI:http://foovalue")
  53
  54       # create an issuer and sign the certificate
  55       issuerKey = Keypair(create=True)
  56       issuerSubject = "testissuer"
  57       cert.set_issuer(issuerKey, issuerSubject)
  58       cert.sign()
  59
  60       certstr = cert.save_to_string()
  61
  62       #print certstr
  63
  64       cert2 = Certificate()
  65       cert2.load_from_string(certstr)
  66
  67       # read back the subject and make sure it is correct
  68       subj = cert2.get_subject()
  69       self.assertEqual(subj, "test")
  70
  71       # read back the issuer and make sure it is correct
  72       issuerName = cert2.get_issuer()
  73       self.assertEqual(issuerName, "testissuer")
  74
  75       # read back the extension and make sure it is correct
  76       self.assertEqual(cert2.get_extension("subjectAltName"),
  77                        "URI:http://foovalue")
  78
  79    def testLongExtension(self):
  80       cert = Certificate(subject="test")
  81
  82       # should produce something around 256 KB
  83       veryLongString = "URI:http://"
  84       shortString = ""
  85       for i in range(1, 80):
  86           shortString = shortString + "abcdefghijklmnopqrstuvwxyz012345"
  87       for i in range(1, 100):
  88           veryLongString = veryLongString + shortString + str(i)
  89
  90       cert.add_extension("subjectAltName", 0, veryLongString)
  91
  92       # create an issuer and sign the certificate
  93       issuerKey = Keypair(create=True)
  94       issuerSubject = "testissuer"
  95       cert.set_issuer(issuerKey, issuerSubject)
  96       cert.sign()
  97
  98       certstr = cert.save_to_string()
  99
 100       cert2 = Certificate()
 101       cert2.load_from_string(certstr)
 102       val = cert2.get_extension("subjectAltName")
 103       self.assertEqual(val, veryLongString)
 104
 105    def testVerify(self):
 106       cert = Certificate(subject="test")
 107
 108       # create an issuer and sign the certificate
 109       issuerKey = Keypair(create=True)
 110       issuerSubject = "testissuer"
 111       cert.set_issuer(issuerKey, issuerSubject)
 112       cert.sign()
 113
 114       result = cert.verify(issuerKey)
 115       self.assertTrue(result)
 116
 117       # create another key
 118       issuerKey2 = Keypair(create=True)
 119       issuerSubject2 = "wrongissuer"
 120
 121       # and make sure it doesn't verify
 122       result = cert.verify(issuerKey2)
 123       self.assertTrue(not result)
 124
 125       # load the cert from a string, and verify again
 126       cert2 = Certificate(string = cert.save_to_string())
 127       result = cert2.verify(issuerKey)
 128       self.assertTrue(result)
 129       result = cert2.verify(issuerKey2)
 130       self.assertTrue(not result)
 131
 132    def test_is_signed_by(self):
 133       cert1 = Certificate(subject="one")
 134
 135       key1 = Keypair()
 136       key1.create()
 137       cert1.set_pubkey(key1)
 138
 139       # create an issuer and sign the certificate
 140       issuerKey = Keypair(create=True)
 141       issuerSubject = "testissuer"
 142       cert1.set_issuer(issuerKey, issuerSubject)
 143       cert1.sign()
 144
 145       cert2 = Certificate(subject="two")
 146
 147       key2 = Keypair(create=True)
 148       cert2.set_pubkey(key2)
 149
 150       cert2.set_issuer(key1, cert=cert1)
 151
 152       # cert2 is signed by cert1
 153       self.assertTrue(cert2.is_signed_by_cert(cert1))
 154       # cert1 is not signed by cert2
 155       self.assertTrue(not cert1.is_signed_by_cert(cert2))
 156
 157    def test_parents(self):
 158       cert_root = Certificate(subject="root")
 159       key_root = Keypair(create=True)
 160       cert_root.set_pubkey(key_root)
 161       cert_root.set_issuer(key_root, "root")
 162       cert_root.sign()
 163
 164       cert1 = Certificate(subject="one")
 165       key1 = Keypair(create=True)
 166       cert1.set_pubkey(key1)
 167       cert1.set_issuer(key_root, "root")
 168       cert1.sign()
 169
 170       cert2 = Certificate(subject="two")
 171       key2 = Keypair(create=True)
 172       cert2.set_pubkey(key2)
 173       cert2.set_issuer(key1, cert=cert1)
 174       cert2.set_parent(cert1)
 175       cert2.sign()
 176
 177       cert3 = Certificate(subject="three")
 178       key3 = Keypair(create=True)
 179       cert3.set_pubkey(key3)
 180       cert3.set_issuer(key2, cert=cert2)
 181       cert3.set_parent(cert2)
 182       cert3.sign()
 183
 184       self.assertTrue(cert1.verify(key_root))
 185       self.assertTrue(cert2.is_signed_by_cert(cert1))
 186       self.assertTrue(cert3.is_signed_by_cert(cert2))
 187
 188       cert3.verify_chain([cert_root])
 189
 190       # now save the chain to a string and load it into a new certificate
 191       str_chain = cert3.save_to_string(save_parents=True)
 192       cert4 = Certificate(string = str_chain)
 193
 194       # verify the newly loaded chain still verifies
 195       cert4.verify_chain([cert_root])
 196
 197       # verify the parentage
 198       self.assertEqual(cert4.get_parent().get_subject(), "two")
 199       self.assertEqual(cert4.get_parent().get_parent().get_subject(), "one")
 200
 201
 202
 203 if __name__ == "__main__":
 204     unittest.main()