from cryptography import x509 from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives import hashes from .vectors import SAN_CERT, WILDCARD_CERT, INTERMEDIATE_CERT def test_cert_get_cn(client): from lemur.common.defaults import common_name assert common_name(SAN_CERT) == 'san.example.org' def test_cert_sub_alt_domains(client): from lemur.common.defaults import domains assert domains(INTERMEDIATE_CERT) == [] assert domains(SAN_CERT) == ['san.example.org', 'san2.example.org', 'daniel-san.example.org'] def test_cert_is_san(client): from lemur.common.defaults import san assert san(SAN_CERT) # Wildcard cert has just one SAN record that matches the common name assert not san(WILDCARD_CERT) def test_cert_is_wildcard(client): from lemur.common.defaults import is_wildcard assert is_wildcard(WILDCARD_CERT) assert not is_wildcard(INTERMEDIATE_CERT) def test_cert_bitstrength(client): from lemur.common.defaults import bitstrength assert bitstrength(INTERMEDIATE_CERT) == 2048 def test_cert_issuer(client): from lemur.common.defaults import issuer assert issuer(INTERMEDIATE_CERT) == 'LemurTrustUnittestsRootCA2018' def test_text_to_slug(client): from lemur.common.defaults import text_to_slug assert text_to_slug('test - string') == 'test-string' assert text_to_slug('test - string', '') == 'teststring' # Accented characters are decomposed assert text_to_slug('föö bär') == 'foo-bar' # Melt away the Unicode Snowman assert text_to_slug('\u2603') == '' assert text_to_slug('\u2603test\u2603') == 'test' assert text_to_slug('snow\u2603man') == 'snow-man' assert text_to_slug('snow\u2603man', '') == 'snowman' # IDNA-encoded domain names should be kept as-is assert text_to_slug('xn--i1b6eqas.xn--xmpl-loa9b3671b.com') == 'xn--i1b6eqas.xn--xmpl-loa9b3671b.com' def test_create_name(client): from lemur.common.defaults import certificate_name from datetime import datetime assert certificate_name( 'example.com', 'Example Inc,', datetime(2015, 5, 7, 0, 0, 0), datetime(2015, 5, 12, 0, 0, 0), False ) == 'example.com-ExampleInc-20150507-20150512' assert certificate_name( 'example.com', 'Example Inc,', datetime(2015, 5, 7, 0, 0, 0), datetime(2015, 5, 12, 0, 0, 0), True ) == 'SAN-example.com-ExampleInc-20150507-20150512' assert certificate_name( 'xn--mnchen-3ya.de', 'Vertrauenswürdig Autorität', datetime(2015, 5, 7, 0, 0, 0), datetime(2015, 5, 12, 0, 0, 0), False ) == 'xn--mnchen-3ya.de-VertrauenswurdigAutoritat-20150507-20150512' assert certificate_name( 'selfie.example.org', '', datetime(2015, 5, 7, 0, 0, 0), datetime(2025, 5, 12, 13, 37, 0), False ) == 'selfie.example.org-selfsigned-20150507-20250512' def test_issuer(client, cert_builder, issuer_private_key): from lemur.common.defaults import issuer assert issuer(INTERMEDIATE_CERT) == 'LemurTrustUnittestsRootCA2018' # We need to override builder's issuer name cert_builder._issuer_name = None # Unicode issuer name cert = (cert_builder .issuer_name(x509.Name([x509.NameAttribute(x509.NameOID.COMMON_NAME, 'Vertrauenswürdig Autorität')])) .sign(issuer_private_key, hashes.SHA256(), default_backend())) assert issuer(cert) == 'VertrauenswurdigAutoritat' # Fallback to 'Organization' field when issuer CN is missing cert = (cert_builder .issuer_name(x509.Name([x509.NameAttribute(x509.NameOID.ORGANIZATION_NAME, 'No Such Organization')])) .sign(issuer_private_key, hashes.SHA256(), default_backend())) assert issuer(cert) == 'NoSuchOrganization' # Missing issuer name cert = (cert_builder .issuer_name(x509.Name([])) .sign(issuer_private_key, hashes.SHA256(), default_backend())) assert issuer(cert) == '' def test_issuer_selfsigned(selfsigned_cert): from lemur.common.defaults import issuer assert issuer(selfsigned_cert) == ''