Tryag File Manager
Home
-
Turbo Force
Current Path :
/
proc
/
self
/
root
/
usr
/
share
/
doc
/
m2crypto-0.16
/
tests
/
Upload File :
New :
File
Dir
//proc/self/root/usr/share/doc/m2crypto-0.16/tests/test_x509.py
#!/usr/bin/python """Unit tests for M2Crypto.X509. Contributed by Toby Allsopp <toby@MI6.GEN.NZ> under M2Crypto's license. Portions created by Open Source Applications Foundation (OSAF) are Copyright (C) 2004-2005 OSAF. All Rights Reserved. Author: Heikki Toivonen """ import unittest import os, time, base64 from M2Crypto import X509, EVP, RSA, Rand, ASN1, m2 class X509TestCase(unittest.TestCase): def callback(self, *args): pass def mkreq(self, bits, ca=0): pk = EVP.PKey() x = X509.Request() rsa = RSA.gen_key(bits, 65537, self.callback) pk.assign_rsa(rsa) rsa = None # should not be freed here x.set_pubkey(pk) name = x.get_subject() name.C = "UK" name.CN = "OpenSSL Group" if not ca: ext1 = X509.new_extension('subjectAltName', 'DNS:foobar.example.com') ext2 = X509.new_extension('nsComment', 'Hello there') extstack = X509.X509_Extension_Stack() extstack.push(ext1) extstack.push(ext2) x.add_extensions(extstack) self.assertRaises(ValueError, x.sign, pk, 'sha513') x.sign(pk,'md5') assert x.verify(pk) pk2 = x.get_pubkey() assert x.verify(pk2) return x, pk def check_extstack(self): # new ext1 = X509.new_extension('subjectAltName', 'DNS:foobar.example.com') ext2 = X509.new_extension('nsComment', 'Hello there') extstack = X509.X509_Extension_Stack() # push extstack.push(ext1) extstack.push(ext2) assert(extstack[1].get_name() == 'nsComment') assert len(extstack) == 2 # iterator i = 0 for e in extstack: i += 1 assert len(e.get_name()) > 0 assert i == 2 # pop ext3 = extstack.pop() assert len(extstack) == 1 assert(extstack[0].get_name() == 'subjectAltName') extstack.push(ext3) assert len(extstack) == 2 assert(extstack[1].get_name() == 'nsComment') def check_x509_name(self): n = X509.X509_Name() n.C = 'US' # It seems this actually needs to be a real 2 letter country code assert n.C == 'US' n.SP = 'State or Province' assert n.SP == 'State or Province' n.L = 'locality name' assert n.L == 'locality name' n.O = 'orhanization name' assert n.O == 'orhanization name' n.OU = 'org unit' assert n.OU == 'org unit' n.CN = 'common name' assert n.CN == 'common name' n.Email = 'bob@example.com' assert n.Email == 'bob@example.com' n.serialNumber = '1234' assert n.serialNumber == '1234' n.SN = 'surname' assert n.SN == 'surname' n.GN = 'given name' assert n.GN == 'given name' assert n.as_text() == 'C=US, ST=State or Province, L=locality name, O=orhanization name, OU=org unit, CN=common name/emailAddress=bob@example.com/serialNumber=1234, SN=surname, GN=given name', '"%s"' % n.as_text() assert len(n) == 10, len(n) n.givenName = 'name given' assert n.GN == 'given name' # Just gets the first assert n.as_text() == 'C=US, ST=State or Province, L=locality name, O=orhanization name, OU=org unit, CN=common name/emailAddress=bob@example.com/serialNumber=1234, SN=surname, GN=given name, GN=name given', '"%s"' % n.as_text() assert len(n) == 11, len(n) n.add_entry_by_txt(field="CN", type=ASN1.MBSTRING_ASC, entry="Proxy", len=-1, loc=-1, set=0) assert len(n) == 12, len(n) assert n.as_text() == 'C=US, ST=State or Province, L=locality name, O=orhanization name, OU=org unit, CN=common name/emailAddress=bob@example.com/serialNumber=1234, SN=surname, GN=given name, GN=name given, CN=Proxy', '"%s"' % n.as_text() self.assertRaises(AttributeError, n.__getattr__, 'foobar') n.foobar = 1 assert n.foobar == 1, n.foobar def check_mkreq(self): (req, _) = self.mkreq(512) req.save_pem('tmp_request.pem') req2 = X509.load_request('tmp_request.pem') os.remove('tmp_request.pem') assert req.as_pem() == req2.as_pem() assert req.as_text() == req2.as_text() def check_mkcert(self): req, pk = self.mkreq(512) pkey = req.get_pubkey() assert(req.verify(pkey)) sub = req.get_subject() assert len(sub) == 2, len(sub) cert = X509.X509() cert.set_serial_number(1) cert.set_version(2) cert.set_subject(sub) t = long(time.time()) + time.timezone now = ASN1.ASN1_UTCTIME() now.set_time(t) nowPlusYear = ASN1.ASN1_UTCTIME() nowPlusYear.set_time(t + 60 * 60 * 24 * 365) cert.set_not_before(now) cert.set_not_after(nowPlusYear) assert str(cert.get_not_before()) == str(now) assert str(cert.get_not_after()) == str(nowPlusYear) issuer = X509.X509_Name() issuer.CN = 'The Issuer Monkey' issuer.O = 'The Organization Otherwise Known as My CA, Inc.' cert.set_issuer(issuer) cert.set_pubkey(pkey) cert.set_pubkey(cert.get_pubkey()) # Make sure get/set work ext = X509.new_extension('subjectAltName', 'DNS:foobar.example.com') ext.set_critical(0) cert.add_ext(ext) cert.sign(pk, 'sha1') assert(cert.get_ext('subjectAltName').get_name() == 'subjectAltName') assert(cert.get_ext_at(0).get_name() == 'subjectAltName') assert(cert.get_ext_at(0).get_value() == 'DNS:foobar.example.com') assert cert.get_ext_count() == 1, cert.get_ext_count() assert cert.verify() assert cert.verify(pkey) assert cert.verify(cert.get_pubkey()) if m2.OPENSSL_VERSION_NUMBER >= 0x90800f: assert not cert.check_ca() else: self.assertRaises(AttributeError, cert.check_ca) def mkcacert(self): req, pk = self.mkreq(512, ca=1) pkey = req.get_pubkey() sub = req.get_subject() cert = X509.X509() cert.set_serial_number(1) cert.set_version(2) cert.set_subject(sub) t = long(time.time()) + time.timezone now = ASN1.ASN1_UTCTIME() now.set_time(t) nowPlusYear = ASN1.ASN1_UTCTIME() nowPlusYear.set_time(t + 60 * 60 * 24 * 365) cert.set_not_before(now) cert.set_not_after(nowPlusYear) issuer = X509.X509_Name() issuer.C = "UK" issuer.CN = "OpenSSL Group" cert.set_issuer(issuer) cert.set_pubkey(pkey) ext = X509.new_extension('basicConstraints', 'CA:TRUE') cert.add_ext(ext) cert.sign(pk, 'sha1') if m2.OPENSSL_VERSION_NUMBER >= 0x0090800fL: assert cert.check_ca() else: self.assertRaises(AttributeError, cert.check_ca) return cert, pk, pkey def check_mkcacert(self): cacert, pk, pkey = self.mkcacert() assert cacert.verify(pkey) def check_mkproxycert(self): cacert, pk1, pkey = self.mkcacert() end_entity_cert_req, pk2 = self.mkreq(512) end_entity_cert = self.make_eecert(cacert) end_entity_cert.set_subject(end_entity_cert_req.get_subject()) end_entity_cert.set_pubkey(end_entity_cert_req.get_pubkey()) end_entity_cert.sign(pk1, 'sha1') proxycert = self.make_proxycert(end_entity_cert) proxycert.sign(pk2, 'sha1') assert proxycert.verify(pk2) assert proxycert.get_ext_at(0).get_name() == 'proxyCertInfo', proxycert.get_ext_at(0).get_name() assert proxycert.get_ext_at(0).get_value() == 'Path Length Constraint: infinite\nPolicy Language: Inherit all\n', '"%s"' % proxycert.get_ext_at(0).get_value() assert proxycert.get_ext_count() == 1, proxycert.get_ext_count() assert proxycert.get_subject().as_text() == 'C=UK, CN=OpenSSL Group, CN=Proxy', proxycert.get_subject().as_text() assert proxycert.get_subject().as_text(indent=2, flags=m2.XN_FLAG_RFC2253) == ' CN=Proxy,CN=OpenSSL Group,C=UK', '"%s"' % proxycert.get_subject().as_text(indent=2, flags=m2.XN_FLAG_RFC2253) def make_eecert(self, cacert): eecert = X509.X509() eecert.set_serial_number(2) eecert.set_version(2) t = long(time.time()) + time.timezone now = ASN1.ASN1_UTCTIME() now.set_time(t) now_plus_year = ASN1.ASN1_UTCTIME() now_plus_year.set_time(t + 60 * 60 * 24 * 365) eecert.set_not_before(now) eecert.set_not_after(now_plus_year) eecert.set_issuer(cacert.get_subject()) return eecert def make_proxycert(self, eecert): proxycert = X509.X509() pk2 = EVP.PKey() proxykey = RSA.gen_key(512, 65537, self.callback) pk2.assign_rsa(proxykey) proxycert.set_pubkey(pk2) proxycert.set_version(2) not_before = ASN1.ASN1_UTCTIME() not_after = ASN1.ASN1_UTCTIME() not_before.set_time(int(time.time())) offset = 12 * 3600 not_after.set_time(int(time.time()) + offset ) proxycert.set_not_before(not_before) proxycert.set_not_after(not_after) proxycert.set_issuer_name(eecert.get_subject()) proxycert.set_serial_number(12345678) proxy_subject_name = X509.X509_Name() issuer_name_string = eecert.get_subject().as_text() seq = issuer_name_string.split(",") subject_name = X509.X509_Name() for entry in seq: l = entry.split("=") subject_name.add_entry_by_txt(field=l[0].strip(), type=ASN1.MBSTRING_ASC, entry=l[1], len=-1, loc=-1, set=0) subject_name.add_entry_by_txt(field="CN", type=ASN1.MBSTRING_ASC, entry="Proxy", len=-1, loc=-1, set=0) proxycert.set_subject_name(subject_name) pci_ext = X509.new_extension("proxyCertInfo", "critical,language:Inherit all", 1, 0) proxycert.add_ext(pci_ext) return proxycert def check_long_serial(self): from M2Crypto import X509 cert = X509.load_cert('long_serial_cert.pem') self.assertEquals(cert.get_serial_number(), 17616841808974579194) cert = X509.load_cert('thawte.pem') self.assertEquals(cert.get_serial_number(), 127614157056681299805556476275995414779) class X509_StackTestCase(unittest.TestCase): def check_make_stack_from_der(self): f = open("der_encoded_seq.b64") b64 = f.read(1304) seq = base64.decodestring(b64) stack = X509.new_stack_from_der(seq) cert = stack.pop() subject = cert.get_subject() assert str(subject) == "/DC=org/DC=doegrids/OU=Services/CN=host/bosshog.lbl.gov" def check_make_stack_check_num(self): f = open("der_encoded_seq.b64") b64 = f.read(1304) seq = base64.decodestring(b64) stack = X509.new_stack_from_der(seq) num = len(stack) assert num == 1 cert = stack.pop() num = len(stack) assert num == 0 subject = cert.get_subject() assert str(subject) == "/DC=org/DC=doegrids/OU=Services/CN=host/bosshog.lbl.gov" def check_make_stack(self): stack = X509.X509_Stack() cert = X509.load_cert("x509.pem") issuer = X509.load_cert("ca.pem") cert_subject1 = cert.get_subject() issuer_subject1 = issuer.get_subject() stack.push(cert) stack.push(issuer) # Test stack iterator i = 0 for c in stack: i += 1 assert len(c.get_subject().CN) > 0 assert i == 2 issuer_pop = stack.pop() cert_pop = stack.pop() cert_subject2 = cert_pop.get_subject() issuer_subject2 = issuer.get_subject() assert str(cert_subject1) == str(cert_subject2) assert str(issuer_subject1) == str(issuer_subject2) def check_as_der(self): stack = X509.X509_Stack() cert = X509.load_cert("x509.pem") issuer = X509.load_cert("ca.pem") cert_subject1 = cert.get_subject() issuer_subject1 = issuer.get_subject() stack.push(cert) stack.push(issuer) der_seq = stack.as_der() stack2 = X509.new_stack_from_der(der_seq) issuer_pop = stack2.pop() cert_pop = stack2.pop() cert_subject2 = cert_pop.get_subject() issuer_subject2 = issuer.get_subject() assert str(cert_subject1) == str(cert_subject2) assert str(issuer_subject1) == str(issuer_subject2) def suite(): suite = unittest.TestSuite() suite.addTest(unittest.makeSuite(X509TestCase, 'check')) suite.addTest(unittest.makeSuite(X509_StackTestCase, 'check')) return suite if __name__ == '__main__': Rand.load_file('randpool.dat', -1) unittest.TextTestRunner().run(suite()) Rand.save_file('randpool.dat')