-
Notifications
You must be signed in to change notification settings - Fork 12
/
Copy pathtest_csrbuilder.py
104 lines (81 loc) · 3.38 KB
/
test_csrbuilder.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
# coding: utf-8
from __future__ import unicode_literals, division, absolute_import, print_function
import unittest
import os
import asn1crypto.csr
from asn1crypto.util import OrderedDict
from oscrypto import asymmetric
from csrbuilder import CSRBuilder
tests_root = os.path.dirname(__file__)
fixtures_dir = os.path.join(tests_root, 'fixtures')
class CSRBuilderTests(unittest.TestCase):
def test_build_basic(self):
public_key, private_key = asymmetric.generate_pair('ec', curve='secp256r1')
builder = CSRBuilder(
{
'country_name': 'US',
'state_or_province_name': 'Massachusetts',
'locality_name': 'Newbury',
'organization_name': 'Codex Non Sufficit LC',
'common_name': 'Will Bond',
},
public_key
)
builder.subject_alt_domains = ['codexns.io', 'codexns.com']
request = builder.build(private_key)
der_bytes = request.dump()
new_request = asn1crypto.csr.CertificationRequest.load(der_bytes)
cri = new_request['certification_request_info']
self.assertEqual('sha256_ecdsa', new_request['signature_algorithm']['algorithm'].native)
self.assertEqual(1, len(cri['attributes']))
self.assertEqual('extension_request', cri['attributes'][0]['type'].native)
extensions = cri['attributes'][0]['values'][0]
self.assertEqual(4, len(extensions))
self.assertEqual('basic_constraints', extensions[0]['extn_id'].native)
self.assertEqual(
OrderedDict([('ca', False), ('path_len_constraint', None)]),
extensions[0]['extn_value'].native
)
self.assertEqual('extended_key_usage', extensions[1]['extn_id'].native)
self.assertEqual(
['server_auth', 'client_auth'],
extensions[1]['extn_value'].native
)
self.assertEqual('key_usage', extensions[2]['extn_id'].native)
self.assertEqual(
set(['digital_signature', 'key_encipherment']),
extensions[2]['extn_value'].native
)
self.assertEqual('subject_alt_name', extensions[3]['extn_id'].native)
self.assertEqual(
['codexns.io', 'codexns.com'],
extensions[3]['extn_value'].native
)
def test_build_custom_key(self):
class CustomKeyPair:
_private_key = None
_public_key = None
def __init__(self):
self._public_key, self._private_key = asymmetric.generate_pair('ec', curve='secp256r1')
def sign(self, msg: bytes, hash_algo: str):
return asymmetric.ecdsa_sign(self._private_key, msg, hash_algo)
@property
def algorithm(self):
return "ec"
@property
def public_key(self):
return self._public_key.asn1
key_pair = CustomKeyPair()
builder = CSRBuilder(
{
'country_name': 'US',
'state_or_province_name': 'Massachusetts',
'locality_name': 'Newbury',
'organization_name': 'Codex Non Sufficit LC',
'common_name': 'Will Bond',
},
key_pair.public_key
)
builder.subject_alt_domains = ['codexns.io', 'codexns.com']
der_bytes = builder.build(key_pair).dump()
self.assertIsNotNone(der_bytes)