Infra/lemur
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Check that stored certificate chain matches certificate

Browse Source 
Similar to how the private key is checked.
This commit is contained in:
Marti Raudsepp
2018-06-20 18:42:34 +03:00
parent 930af17802
commit 10cec063c2
6 changed files with 96 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
lemur/tests/factories.py
View File

@ -140,6 +140,7 @@ class CACertificateFactory(CertificateFactory):
class InvalidCertificateFactory(CertificateFactory):
body = INVALID_CERT_STR
private_key = ''
chain = ''
class AuthorityFactory(BaseFactory):

26
lemur/tests/test_certificates.py
View File

@ -512,7 +512,7 @@ def test_certificate_upload_schema_invalid_chain(client):
'owner': 'pwner@example.com',
}
data, errors = CertificateUploadInputSchema().load(data)
assert errors == {'chain': ['Public certificate presented is not valid.']}
assert errors == {'chain': ['Invalid certificate in certificate chain.']}
def test_certificate_upload_schema_wrong_pkey(client):
@ -527,6 +527,30 @@ def test_certificate_upload_schema_wrong_pkey(client):
assert errors == {'_schema': ['Private key does not match certificate.']}
def test_certificate_upload_schema_wrong_chain(client):
from lemur.certificates.schemas import CertificateUploadInputSchema
data = {
'owner': 'pwner@example.com',
'body': SAN_CERT_STR,
'chain': ROOTCA_CERT_STR,
}
data, errors = CertificateUploadInputSchema().load(data)
assert errors == {'_schema': ["Incorrect chain certificate(s) provided: 'san.example.org' is not signed by "
"'LemurTrust Unittests Root CA 2018'"]}
def test_certificate_upload_schema_wrong_chain_2nd(client):
from lemur.certificates.schemas import CertificateUploadInputSchema
data = {
'owner': 'pwner@example.com',
'body': SAN_CERT_STR,
'chain': INTERMEDIATE_CERT_STR + '\n' + SAN_CERT_STR,
}
data, errors = CertificateUploadInputSchema().load(data)
assert errors == {'_schema': ["Incorrect chain certificate(s) provided: 'LemurTrust Unittests Class 1 CA 2018' is "
"not signed by 'san.example.org'"]}
def test_create_basic_csr(client):
csr_config = dict(
common_name='example.com',