2016-11-07 23:40:00 +01:00
|
|
|
import pytest
|
|
|
|
import arrow
|
2017-04-27 18:14:20 +02:00
|
|
|
import json
|
2016-11-07 23:40:00 +01:00
|
|
|
from freezegun import freeze_time
|
|
|
|
|
|
|
|
from lemur.tests.vectors import CSR_STR
|
|
|
|
|
2017-01-28 06:05:25 +01:00
|
|
|
from cryptography import x509
|
|
|
|
|
2016-11-07 23:40:00 +01:00
|
|
|
|
2017-04-05 02:11:17 +02:00
|
|
|
def test_map_fields_with_validity_end_and_start(app):
|
2016-11-28 19:50:58 +01:00
|
|
|
from lemur.plugins.lemur_digicert.plugin import map_fields
|
2016-11-07 23:40:00 +01:00
|
|
|
|
2017-04-05 02:11:17 +02:00
|
|
|
names = [u'one.example.com', u'two.example.com', u'three.example.com']
|
2016-11-07 23:40:00 +01:00
|
|
|
|
|
|
|
options = {
|
|
|
|
'common_name': 'example.com',
|
|
|
|
'owner': 'bob@example.com',
|
|
|
|
'description': 'test certificate',
|
|
|
|
'extensions': {
|
|
|
|
'sub_alt_names': {
|
2017-01-28 06:05:25 +01:00
|
|
|
'names': [x509.DNSName(x) for x in names]
|
2016-11-07 23:40:00 +01:00
|
|
|
}
|
|
|
|
},
|
|
|
|
'validity_end': arrow.get(2017, 5, 7),
|
|
|
|
'validity_start': arrow.get(2016, 10, 30)
|
|
|
|
}
|
|
|
|
|
2016-11-28 19:50:58 +01:00
|
|
|
data = map_fields(options, CSR_STR)
|
2016-11-07 23:40:00 +01:00
|
|
|
|
|
|
|
assert data == {
|
|
|
|
'certificate': {
|
2016-11-18 20:27:46 +01:00
|
|
|
'csr': CSR_STR,
|
2016-11-07 23:40:00 +01:00
|
|
|
'common_name': 'example.com',
|
|
|
|
'dns_names': names,
|
|
|
|
'signature_hash': 'sha256'
|
|
|
|
},
|
2016-11-09 19:56:22 +01:00
|
|
|
'organization': {'id': 111111},
|
2017-05-10 21:05:03 +02:00
|
|
|
'custom_expiration_date': arrow.get(2017, 5, 7).format('YYYY-MM-DD')
|
2017-04-05 02:11:17 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
def test_map_fields_with_validity_years(app):
|
|
|
|
from lemur.plugins.lemur_digicert.plugin import map_fields
|
|
|
|
|
|
|
|
names = [u'one.example.com', u'two.example.com', u'three.example.com']
|
|
|
|
|
|
|
|
options = {
|
|
|
|
'common_name': 'example.com',
|
|
|
|
'owner': 'bob@example.com',
|
|
|
|
'description': 'test certificate',
|
|
|
|
'extensions': {
|
|
|
|
'sub_alt_names': {
|
|
|
|
'names': [x509.DNSName(x) for x in names]
|
|
|
|
}
|
|
|
|
},
|
|
|
|
'validity_years': 2,
|
|
|
|
'validity_end': arrow.get(2017, 10, 30)
|
|
|
|
}
|
|
|
|
|
|
|
|
data = map_fields(options, CSR_STR)
|
|
|
|
|
|
|
|
assert data == {
|
|
|
|
'certificate': {
|
|
|
|
'csr': CSR_STR,
|
|
|
|
'common_name': 'example.com',
|
|
|
|
'dns_names': names,
|
|
|
|
'signature_hash': 'sha256'
|
|
|
|
},
|
|
|
|
'organization': {'id': 111111},
|
|
|
|
'validity_years': 2
|
2016-11-07 23:40:00 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2016-11-28 19:50:58 +01:00
|
|
|
def test_map_cis_fields(app):
|
|
|
|
from lemur.plugins.lemur_digicert.plugin import map_cis_fields
|
|
|
|
|
2017-04-05 02:11:17 +02:00
|
|
|
names = [u'one.example.com', u'two.example.com', u'three.example.com']
|
2016-11-28 19:50:58 +01:00
|
|
|
|
|
|
|
options = {
|
|
|
|
'common_name': 'example.com',
|
|
|
|
'owner': 'bob@example.com',
|
|
|
|
'description': 'test certificate',
|
|
|
|
'extensions': {
|
|
|
|
'sub_alt_names': {
|
2017-01-28 06:05:25 +01:00
|
|
|
'names': [x509.DNSName(x) for x in names]
|
2016-11-28 19:50:58 +01:00
|
|
|
}
|
|
|
|
},
|
|
|
|
'organization': 'Example, Inc.',
|
|
|
|
'organizational_unit': 'Example Org',
|
|
|
|
'validity_end': arrow.get(2017, 5, 7),
|
|
|
|
'validity_start': arrow.get(2016, 10, 30)
|
|
|
|
}
|
|
|
|
|
|
|
|
data = map_cis_fields(options, CSR_STR)
|
|
|
|
|
|
|
|
assert data == {
|
|
|
|
'common_name': 'example.com',
|
|
|
|
'csr': CSR_STR,
|
|
|
|
'additional_dns_names': names,
|
|
|
|
'signature_hash': 'sha256',
|
|
|
|
'organization': {'name': 'Example, Inc.', 'units': ['Example Org']},
|
|
|
|
'validity': {
|
|
|
|
'valid_to': arrow.get(2017, 5, 7).format('YYYY-MM-DD')
|
2016-11-30 02:15:39 +01:00
|
|
|
},
|
|
|
|
'profile_name': None
|
2016-11-28 19:50:58 +01:00
|
|
|
}
|
|
|
|
|
2017-05-10 21:05:03 +02:00
|
|
|
options = {
|
|
|
|
'common_name': 'example.com',
|
|
|
|
'owner': 'bob@example.com',
|
|
|
|
'description': 'test certificate',
|
|
|
|
'extensions': {
|
|
|
|
'sub_alt_names': {
|
|
|
|
'names': [x509.DNSName(x) for x in names]
|
|
|
|
}
|
|
|
|
},
|
|
|
|
'organization': 'Example, Inc.',
|
|
|
|
'organizational_unit': 'Example Org',
|
|
|
|
'validity_years': 2
|
|
|
|
}
|
2016-11-07 23:40:00 +01:00
|
|
|
|
|
|
|
with freeze_time(time_to_freeze=arrow.get(2016, 11, 3).datetime):
|
2017-05-10 21:05:03 +02:00
|
|
|
data = map_cis_fields(options, CSR_STR)
|
2016-11-07 23:40:00 +01:00
|
|
|
|
2017-05-10 21:05:03 +02:00
|
|
|
assert data == {
|
|
|
|
'common_name': 'example.com',
|
|
|
|
'csr': CSR_STR,
|
|
|
|
'additional_dns_names': names,
|
|
|
|
'signature_hash': 'sha256',
|
|
|
|
'organization': {'name': 'Example, Inc.', 'units': ['Example Org']},
|
|
|
|
'validity': {
|
|
|
|
'valid_to': arrow.get(2018, 11, 3).format('YYYY-MM-DD')
|
|
|
|
},
|
|
|
|
'profile_name': None
|
2016-11-07 23:40:00 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
def test_signature_hash(app):
|
|
|
|
from lemur.plugins.lemur_digicert.plugin import signature_hash
|
|
|
|
|
|
|
|
assert signature_hash(None) == 'sha256'
|
|
|
|
assert signature_hash('sha256WithRSA') == 'sha256'
|
|
|
|
assert signature_hash('sha384WithRSA') == 'sha384'
|
|
|
|
assert signature_hash('sha512WithRSA') == 'sha512'
|
|
|
|
|
|
|
|
with pytest.raises(Exception):
|
|
|
|
signature_hash('sdfdsf')
|
2017-04-27 18:14:20 +02:00
|
|
|
|
|
|
|
|
|
|
|
def test_issuer_plugin_create_certificate():
|
|
|
|
import requests_mock
|
|
|
|
from lemur.plugins.lemur_digicert.plugin import DigiCertIssuerPlugin
|
|
|
|
|
|
|
|
pem_fixture = """\
|
|
|
|
-----BEGIN CERTIFICATE-----
|
|
|
|
abc
|
|
|
|
-----END CERTIFICATE-----
|
|
|
|
-----BEGIN CERTIFICATE-----
|
|
|
|
def
|
|
|
|
-----END CERTIFICATE-----
|
|
|
|
-----BEGIN CERTIFICATE-----
|
|
|
|
ghi
|
|
|
|
-----END CERTIFICATE-----
|
|
|
|
"""
|
|
|
|
|
|
|
|
subject = DigiCertIssuerPlugin()
|
|
|
|
adapter = requests_mock.Adapter()
|
|
|
|
adapter.register_uri('POST', 'mock://www.digicert.com/services/v2/order/certificate/ssl', text=json.dumps({'id': 'id123'}))
|
|
|
|
adapter.register_uri('GET', 'mock://www.digicert.com/services/v2/order/certificate/id123', text=json.dumps({'status': 'issued', 'certificate': {'id': 'cert123'}}))
|
|
|
|
adapter.register_uri('GET', 'mock://www.digicert.com/services/v2/certificate/cert123/download/format/pem_all', text=pem_fixture)
|
|
|
|
subject.session.mount('mock', adapter)
|
|
|
|
|
|
|
|
cert, intermediate = subject.create_certificate("", {'common_name': 'test.com'})
|
|
|
|
|
|
|
|
assert cert == "-----BEGIN CERTIFICATE-----\nabc\n-----END CERTIFICATE-----"
|
|
|
|
assert intermediate == "-----BEGIN CERTIFICATE-----\ndef\n-----END CERTIFICATE-----"
|