2018-12-19 16:59:48 +01:00
|
|
|
from cryptography import x509
|
|
|
|
from cryptography.hazmat.backends import default_backend
|
|
|
|
from cryptography.hazmat.primitives import hashes
|
|
|
|
|
2018-06-25 17:42:18 +02:00
|
|
|
from .vectors import SAN_CERT, WILDCARD_CERT, INTERMEDIATE_CERT
|
2016-05-19 22:37:05 +02:00
|
|
|
|
|
|
|
|
|
|
|
def test_cert_get_cn(client):
|
|
|
|
from lemur.common.defaults import common_name
|
|
|
|
|
2019-05-16 16:57:02 +02:00
|
|
|
assert common_name(SAN_CERT) == "san.example.org"
|
2016-05-19 22:37:05 +02:00
|
|
|
|
|
|
|
|
|
|
|
def test_cert_sub_alt_domains(client):
|
|
|
|
from lemur.common.defaults import domains
|
|
|
|
|
2018-06-25 17:42:18 +02:00
|
|
|
assert domains(INTERMEDIATE_CERT) == []
|
2019-05-16 16:57:02 +02:00
|
|
|
assert domains(SAN_CERT) == [
|
|
|
|
"san.example.org",
|
|
|
|
"san2.example.org",
|
|
|
|
"daniel-san.example.org",
|
|
|
|
]
|
2016-05-19 22:37:05 +02:00
|
|
|
|
|
|
|
|
|
|
|
def test_cert_is_san(client):
|
|
|
|
from lemur.common.defaults import san
|
|
|
|
|
2018-06-25 17:42:18 +02:00
|
|
|
assert san(SAN_CERT)
|
|
|
|
# Wildcard cert has just one SAN record that matches the common name
|
|
|
|
assert not san(WILDCARD_CERT)
|
2016-05-19 22:37:05 +02:00
|
|
|
|
|
|
|
|
|
|
|
def test_cert_is_wildcard(client):
|
|
|
|
from lemur.common.defaults import is_wildcard
|
2019-05-16 16:57:02 +02:00
|
|
|
|
2018-06-25 17:42:18 +02:00
|
|
|
assert is_wildcard(WILDCARD_CERT)
|
|
|
|
assert not is_wildcard(INTERMEDIATE_CERT)
|
2016-05-19 22:37:05 +02:00
|
|
|
|
|
|
|
|
|
|
|
def test_cert_bitstrength(client):
|
|
|
|
from lemur.common.defaults import bitstrength
|
2019-05-16 16:57:02 +02:00
|
|
|
|
2018-06-25 17:42:18 +02:00
|
|
|
assert bitstrength(INTERMEDIATE_CERT) == 2048
|
2016-05-19 22:37:05 +02:00
|
|
|
|
|
|
|
|
|
|
|
def test_cert_issuer(client):
|
|
|
|
from lemur.common.defaults import issuer
|
2019-05-16 16:57:02 +02:00
|
|
|
|
|
|
|
assert issuer(INTERMEDIATE_CERT) == "LemurTrustUnittestsRootCA2018"
|
2016-05-19 22:37:05 +02:00
|
|
|
|
|
|
|
|
2017-09-08 19:52:22 +02:00
|
|
|
def test_text_to_slug(client):
|
|
|
|
from lemur.common.defaults import text_to_slug
|
2019-05-16 16:57:02 +02:00
|
|
|
|
|
|
|
assert text_to_slug("test - string") == "test-string"
|
|
|
|
assert text_to_slug("test - string", "") == "teststring"
|
2017-09-08 19:52:22 +02:00
|
|
|
# Accented characters are decomposed
|
2019-05-16 16:57:02 +02:00
|
|
|
assert text_to_slug("föö bär") == "foo-bar"
|
2017-09-08 19:52:22 +02:00
|
|
|
# Melt away the Unicode Snowman
|
2019-05-16 16:57:02 +02:00
|
|
|
assert text_to_slug("\u2603") == ""
|
|
|
|
assert text_to_slug("\u2603test\u2603") == "test"
|
|
|
|
assert text_to_slug("snow\u2603man") == "snow-man"
|
|
|
|
assert text_to_slug("snow\u2603man", "") == "snowman"
|
2017-09-08 19:52:22 +02:00
|
|
|
# IDNA-encoded domain names should be kept as-is
|
2019-05-16 16:57:02 +02:00
|
|
|
assert (
|
|
|
|
text_to_slug("xn--i1b6eqas.xn--xmpl-loa9b3671b.com")
|
|
|
|
== "xn--i1b6eqas.xn--xmpl-loa9b3671b.com"
|
|
|
|
)
|
2017-09-08 19:52:22 +02:00
|
|
|
|
|
|
|
|
2016-05-19 22:37:05 +02:00
|
|
|
def test_create_name(client):
|
|
|
|
from lemur.common.defaults import certificate_name
|
|
|
|
from datetime import datetime
|
2019-05-16 16:57:02 +02:00
|
|
|
|
|
|
|
assert (
|
|
|
|
certificate_name(
|
|
|
|
"example.com",
|
|
|
|
"Example Inc,",
|
|
|
|
datetime(2015, 5, 7, 0, 0, 0),
|
|
|
|
datetime(2015, 5, 12, 0, 0, 0),
|
|
|
|
False,
|
|
|
|
)
|
|
|
|
== "example.com-ExampleInc-20150507-20150512"
|
|
|
|
)
|
|
|
|
assert (
|
|
|
|
certificate_name(
|
|
|
|
"example.com",
|
|
|
|
"Example Inc,",
|
|
|
|
datetime(2015, 5, 7, 0, 0, 0),
|
|
|
|
datetime(2015, 5, 12, 0, 0, 0),
|
|
|
|
True,
|
|
|
|
)
|
|
|
|
== "SAN-example.com-ExampleInc-20150507-20150512"
|
|
|
|
)
|
|
|
|
assert (
|
|
|
|
certificate_name(
|
|
|
|
"xn--mnchen-3ya.de",
|
|
|
|
"Vertrauenswürdig Autorität",
|
|
|
|
datetime(2015, 5, 7, 0, 0, 0),
|
|
|
|
datetime(2015, 5, 12, 0, 0, 0),
|
|
|
|
False,
|
|
|
|
)
|
|
|
|
== "xn--mnchen-3ya.de-VertrauenswurdigAutoritat-20150507-20150512"
|
|
|
|
)
|
|
|
|
assert (
|
|
|
|
certificate_name(
|
|
|
|
"selfie.example.org",
|
|
|
|
"<selfsigned>",
|
|
|
|
datetime(2015, 5, 7, 0, 0, 0),
|
|
|
|
datetime(2025, 5, 12, 13, 37, 0),
|
|
|
|
False,
|
|
|
|
)
|
|
|
|
== "selfie.example.org-selfsigned-20150507-20250512"
|
|
|
|
)
|
2018-12-19 16:59:48 +01:00
|
|
|
|
|
|
|
|
|
|
|
def test_issuer(client, cert_builder, issuer_private_key):
|
|
|
|
from lemur.common.defaults import issuer
|
|
|
|
|
2019-05-16 16:57:02 +02:00
|
|
|
assert issuer(INTERMEDIATE_CERT) == "LemurTrustUnittestsRootCA2018"
|
2018-12-19 16:59:48 +01:00
|
|
|
|
|
|
|
# We need to override builder's issuer name
|
|
|
|
cert_builder._issuer_name = None
|
|
|
|
# Unicode issuer name
|
2019-05-16 16:57:02 +02:00
|
|
|
cert = cert_builder.issuer_name(
|
|
|
|
x509.Name(
|
|
|
|
[x509.NameAttribute(x509.NameOID.COMMON_NAME, "Vertrauenswürdig Autorität")]
|
|
|
|
)
|
|
|
|
).sign(issuer_private_key, hashes.SHA256(), default_backend())
|
|
|
|
assert issuer(cert) == "VertrauenswurdigAutoritat"
|
2018-12-19 16:59:48 +01:00
|
|
|
|
|
|
|
# Fallback to 'Organization' field when issuer CN is missing
|
2019-05-16 16:57:02 +02:00
|
|
|
cert = cert_builder.issuer_name(
|
|
|
|
x509.Name(
|
|
|
|
[x509.NameAttribute(x509.NameOID.ORGANIZATION_NAME, "No Such Organization")]
|
|
|
|
)
|
|
|
|
).sign(issuer_private_key, hashes.SHA256(), default_backend())
|
|
|
|
assert issuer(cert) == "NoSuchOrganization"
|
2018-12-19 16:59:48 +01:00
|
|
|
|
|
|
|
# Missing issuer name
|
2019-05-16 16:57:02 +02:00
|
|
|
cert = cert_builder.issuer_name(x509.Name([])).sign(
|
|
|
|
issuer_private_key, hashes.SHA256(), default_backend()
|
|
|
|
)
|
|
|
|
assert issuer(cert) == "<unknown>"
|
2018-12-20 17:13:59 +01:00
|
|
|
|
|
|
|
|
|
|
|
def test_issuer_selfsigned(selfsigned_cert):
|
|
|
|
from lemur.common.defaults import issuer
|
2019-05-16 16:57:02 +02:00
|
|
|
|
|
|
|
assert issuer(selfsigned_cert) == "<selfsigned>"
|