Use special issuer values <selfsigned> and <unknown> in special cases
This way it's easy to find/distinguish selfsigned certificates stored in Lemur.
This commit is contained in:
Marti Raudsepp
@ -3,6 +3,8 @@ import os
|
||||
import datetime
|
||||
import pytest
|
||||
from cryptography import x509
|
||||
from cryptography.hazmat.backends import default_backend
|
||||
from cryptography.hazmat.primitives import hashes
|
||||
from flask import current_app
|
||||
from flask_principal import identity_changed, Identity
|
||||
|
||||
@ -263,6 +265,12 @@ def cert_builder(private_key):
|
||||
.not_valid_after(datetime.datetime(2040, 1, 1)))
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def selfsigned_cert(cert_builder, private_key):
|
||||
# cert_builder uses the same cert public key as 'private_key'
|
||||
return cert_builder.sign(private_key, hashes.SHA256(), default_backend())
|
||||
|
||||
|
||||
@pytest.fixture(scope='function')
|
||||
def aws_credentials():
|
||||
os.environ['AWS_ACCESS_KEY_ID'] = 'testing'
|
||||
|
||||
@ -81,6 +81,13 @@ def test_create_name(client):
|
||||
datetime(2015, 5, 12, 0, 0, 0),
|
||||
False
|
||||
) == 'xn--mnchen-3ya.de-VertrauenswurdigAutoritat-20150507-20150512'
|
||||
assert certificate_name(
|
||||
'selfie.example.org',
|
||||
'<selfsigned>',
|
||||
datetime(2015, 5, 7, 0, 0, 0),
|
||||
datetime(2025, 5, 12, 13, 37, 0),
|
||||
False
|
||||
) == 'selfie.example.org-selfsigned-20150507-20250512'
|
||||
|
||||
|
||||
def test_issuer(client, cert_builder, issuer_private_key):
|
||||
@ -106,4 +113,9 @@ def test_issuer(client, cert_builder, issuer_private_key):
|
||||
cert = (cert_builder
|
||||
.issuer_name(x509.Name([]))
|
||||
.sign(issuer_private_key, hashes.SHA256(), default_backend()))
|
||||
assert issuer(cert) == 'Unknown'
|
||||
assert issuer(cert) == '<unknown>'
|
||||
|
||||
|
||||
def test_issuer_selfsigned(selfsigned_cert):
|
||||
from lemur.common.defaults import issuer
|
||||
assert issuer(selfsigned_cert) == '<selfsigned>'
|
||||
|
||||
@ -1,5 +1,7 @@
|
||||
import pytest
|
||||
|
||||
from lemur.tests.vectors import SAN_CERT, INTERMEDIATE_CERT, ROOTCA_CERT
|
||||
|
||||
|
||||
def test_generate_private_key():
|
||||
from lemur.common.utils import generate_private_key
|
||||
@ -71,3 +73,13 @@ KFfxwrO1
|
||||
-----END CERTIFICATE-----'''
|
||||
authority_key = get_authority_key(test_cert)
|
||||
assert authority_key == 'feacb541be81771293affa412d8dc9f66a3ebb80'
|
||||
|
||||
|
||||
def test_is_selfsigned(selfsigned_cert):
|
||||
from lemur.common.utils import is_selfsigned
|
||||
|
||||
assert is_selfsigned(selfsigned_cert) is True
|
||||
assert is_selfsigned(SAN_CERT) is False
|
||||
assert is_selfsigned(INTERMEDIATE_CERT) is False
|
||||
# Root CA certificates are also technically self-signed
|
||||
assert is_selfsigned(ROOTCA_CERT) is True
|
||||
|
||||
@ -45,6 +45,7 @@ ssvobJ6Xe2D4cCVjUmsqtFEztMgdqgmlcWyGdUKeXdi7CMoeTb4uO+9qRQq46wYW
|
||||
n7K1z+W0Kp5yhnnPAoOioAP4vjASDx3z3RnLaZvMmcO7YdCIwhE5oGV0
|
||||
-----END CERTIFICATE-----
|
||||
"""
|
||||
ROOTCA_CERT = parse_certificate(ROOTCA_CERT_STR)
|
||||
ROOTCA_KEY = """\
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEowIBAAKCAQEAvyVpe0tfIzri3l3PYH2r7hW86wKF58GLY+Ua52rEO5E3eXQq
|
||||
|
||||
Reference in New Issue
Block a user