Remove outdated hashing algorithms
Remove outdated hashing algorithms like Sha1 and Md5. Also update the test cases to replace certificates and CSR signed by Sha1 with new examples signed by Sha256. Made changes to test cases so that they match new certificate and CSR examples. Change-Id: I69d022236b5fde2be1da2e88554c2c76566c8d6c
This commit is contained in:
Michael Xin
michael xin
parent
c457c4bcd6
commit
d4d052c0c1
@ -33,13 +33,10 @@ from anchor.X509 import utils
|
||||
|
||||
|
||||
SIGNING_ALGORITHMS = {
|
||||
('RSA', 'MD5'): rfc2459.md5WithRSAEncryption,
|
||||
('RSA', 'SHA1'): rfc2459.sha1WithRSAEncryption,
|
||||
('RSA', 'SHA224'): asn1_univ.ObjectIdentifier('1.2.840.113549.1.1.14'),
|
||||
('RSA', 'SHA256'): asn1_univ.ObjectIdentifier('1.2.840.113549.1.1.11'),
|
||||
('RSA', 'SHA384'): asn1_univ.ObjectIdentifier('1.2.840.113549.1.1.12'),
|
||||
('RSA', 'SHA512'): asn1_univ.ObjectIdentifier('1.2.840.113549.1.1.13'),
|
||||
('DSA', 'SHA1'): rfc2459.id_dsa_with_sha1,
|
||||
('DSA', 'SHA224'): asn1_univ.ObjectIdentifier('2.16.840.1.101.3.4.3.1'),
|
||||
('DSA', 'SHA256'): asn1_univ.ObjectIdentifier('2.16.840.1.101.3.4.3.2'),
|
||||
}
|
||||
@ -249,7 +246,7 @@ class X509Certificate(signature.SignatureMixin):
|
||||
"""Return this X509 certificate as DER encoded data."""
|
||||
return encoder.encode(self._cert)
|
||||
|
||||
def get_fingerprint(self, md='md5'):
|
||||
def get_fingerprint(self, md='sha256'):
|
||||
"""Get the fingerprint of this X509 certificate.
|
||||
|
||||
:param md: The message digest algorthim used to compute the fingerprint
|
||||
|
||||
@ -38,13 +38,10 @@ id_dsa_with_sha224 = asn1_univ.ObjectIdentifier('2.16.840.1.101.3.4.3.1')
|
||||
id_dsa_with_sha256 = asn1_univ.ObjectIdentifier('2.16.840.1.101.3.4.3.2')
|
||||
|
||||
SIGNING_ALGORITHMS = {
|
||||
('RSA', 'MD5'): rfc2459.md5WithRSAEncryption,
|
||||
('RSA', 'SHA1'): rfc2459.sha1WithRSAEncryption,
|
||||
('RSA', 'SHA224'): sha224WithRSAEncryption,
|
||||
('RSA', 'SHA256'): sha256WithRSAEncryption,
|
||||
('RSA', 'SHA384'): sha384WithRSAEncryption,
|
||||
('RSA', 'SHA512'): sha512WithRSAEncryption,
|
||||
('DSA', 'SHA1'): rfc2459.id_dsa_with_sha1,
|
||||
('DSA', 'SHA224'): id_dsa_with_sha224,
|
||||
('DSA', 'SHA256'): id_dsa_with_sha256,
|
||||
}
|
||||
@ -54,10 +51,6 @@ SIGNING_ALGORITHMS_INV = dict((v, k) for k, v in SIGNING_ALGORITHMS.items())
|
||||
|
||||
|
||||
SIGNER_CONSTRUCTION = {
|
||||
rfc2459.md5WithRSAEncryption: (lambda key: key.signer(padding.PKCS1v15(),
|
||||
hashes.MD5())),
|
||||
rfc2459.sha1WithRSAEncryption: (lambda key: key.signer(padding.PKCS1v15(),
|
||||
hashes.SHA1())),
|
||||
sha224WithRSAEncryption: (lambda key: key.signer(padding.PKCS1v15(),
|
||||
hashes.SHA224())),
|
||||
sha256WithRSAEncryption: (lambda key: key.signer(padding.PKCS1v15(),
|
||||
@ -66,17 +59,12 @@ SIGNER_CONSTRUCTION = {
|
||||
hashes.SHA384())),
|
||||
sha512WithRSAEncryption: (lambda key: key.signer(padding.PKCS1v15(),
|
||||
hashes.SHA512())),
|
||||
rfc2459.id_dsa_with_sha1: (lambda key: key.signer(hashes.SHA1())),
|
||||
id_dsa_with_sha224: (lambda key: key.signer(hashes.SHA224())),
|
||||
id_dsa_with_sha256: (lambda key: key.signer(hashes.SHA256())),
|
||||
}
|
||||
|
||||
|
||||
VERIFIER_CONSTRUCTION = {
|
||||
rfc2459.md5WithRSAEncryption: (lambda key, signature: key.verifier(
|
||||
signature, padding.PKCS1v15(), hashes.MD5())),
|
||||
rfc2459.sha1WithRSAEncryption: (lambda key, signature: key.verifier(
|
||||
signature, padding.PKCS1v15(), hashes.SHA1())),
|
||||
sha224WithRSAEncryption: (lambda key, signature: key.verifier(
|
||||
signature, padding.PKCS1v15(), hashes.SHA224())),
|
||||
sha256WithRSAEncryption: (lambda key, signature: key.verifier(
|
||||
@ -85,8 +73,6 @@ VERIFIER_CONSTRUCTION = {
|
||||
signature, padding.PKCS1v15(), hashes.SHA384())),
|
||||
sha512WithRSAEncryption: (lambda key, signature: key.verifier(
|
||||
signature, padding.PKCS1v15(), hashes.SHA512())),
|
||||
rfc2459.id_dsa_with_sha1: (lambda key, signature: key.verifier(
|
||||
signature, hashes.SHA1())),
|
||||
id_dsa_with_sha224: (lambda key, signature: key.verifier(
|
||||
signature, hashes.SHA224())),
|
||||
id_dsa_with_sha256: (lambda key, signature: key.verifier(
|
||||
@ -95,13 +81,10 @@ VERIFIER_CONSTRUCTION = {
|
||||
|
||||
|
||||
ALGORITHM_PARAMETERS = {
|
||||
rfc2459.md5WithRSAEncryption: encoder.encode(asn1_univ.Null()),
|
||||
rfc2459.sha1WithRSAEncryption: encoder.encode(asn1_univ.Null()),
|
||||
sha224WithRSAEncryption: encoder.encode(asn1_univ.Null()),
|
||||
sha256WithRSAEncryption: encoder.encode(asn1_univ.Null()),
|
||||
sha384WithRSAEncryption: encoder.encode(asn1_univ.Null()),
|
||||
sha512WithRSAEncryption: encoder.encode(asn1_univ.Null()),
|
||||
rfc2459.id_dsa_with_sha1: None,
|
||||
id_dsa_with_sha224: None,
|
||||
id_dsa_with_sha256: None,
|
||||
}
|
||||
@ -113,7 +96,7 @@ class SignatureMixin(object):
|
||||
Both operations rely on the functions provided by the certificate and
|
||||
csr classes.
|
||||
"""
|
||||
def sign(self, key, md="sha1"):
|
||||
def sign(self, key, md="sha256"):
|
||||
"""Sign the current object."""
|
||||
md = md.upper()
|
||||
if key is None:
|
||||
|
||||
@ -1,61 +1,58 @@
|
||||
Certificate:
|
||||
Data:
|
||||
Version: 3 (0x2)
|
||||
Serial Number:
|
||||
a9:d8:fe:87:d0:95:01:12
|
||||
Signature Algorithm: sha1WithRSAEncryption
|
||||
Issuer: C=UK, ST=Some-State, O=OSSG, CN=anchor.example.com
|
||||
Serial Number: 16983733478354280881 (0xebb2579d693761b1)
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
Issuer: C=AU, ST=Some-State, O=Herp Derp plc, OU=herp.derp.plc, CN=herp.derp.plc
|
||||
Validity
|
||||
Not Before: Mar 6 11:44:40 2015 GMT
|
||||
Not After : Mar 5 11:44:40 2018 GMT
|
||||
Subject: C=UK, ST=Some-State, O=OSSG, CN=anchor.example.com
|
||||
Not Before: Sep 1 23:29:35 2015 GMT
|
||||
Not After : Sep 2 23:29:35 2015 GMT
|
||||
Subject: C=AU, ST=Some-State, O=Herp Derp plc, OU=herp.derp.plc, CN=herp.derp.plc
|
||||
Subject Public Key Info:
|
||||
Public Key Algorithm: rsaEncryption
|
||||
RSA Public Key: (1024 bit)
|
||||
Modulus (1024 bit):
|
||||
00:d7:4c:80:83:75:7b:60:c8:ca:a6:7c:5a:2b:8f:
|
||||
8f:67:af:89:0e:05:cb:3d:01:d1:bc:e6:22:06:08:
|
||||
4a:d1:60:2d:6d:0b:a4:b3:bf:51:3e:95:b9:4e:7d:
|
||||
a7:44:c9:fd:27:ca:4a:32:a6:d2:b7:68:f8:17:6b:
|
||||
94:be:18:6b:b6:cd:54:90:a1:79:a9:8b:16:dd:02:
|
||||
bd:8c:22:e0:23:72:71:de:a2:62:b3:12:3c:a3:35:
|
||||
c6:f0:6b:96:04:96:14:88:df:2a:62:5f:6f:19:08:
|
||||
59:dc:6d:52:14:37:c6:94:76:97:e3:64:29:c9:28:
|
||||
13:e9:52:04:fe:18:6c:4e:17
|
||||
Public-Key: (1024 bit)
|
||||
Modulus:
|
||||
00:9e:7a:a8:35:41:e7:1c:bf:c8:6a:8f:50:4f:f4:
|
||||
a1:09:5f:94:2c:14:2c:51:eb:63:3c:a6:53:db:e6:
|
||||
de:2c:2e:8f:14:61:f6:5d:ea:41:4b:70:e3:fc:c7:
|
||||
3c:30:bf:1f:de:15:8e:92:bb:1e:76:7a:74:35:f7:
|
||||
ba:3c:68:cc:32:3f:be:e1:32:16:6a:b5:df:0d:0a:
|
||||
02:c9:31:59:54:6d:18:70:2e:d8:b4:4a:41:c5:3e:
|
||||
27:34:c0:08:3e:7a:c7:d7:6b:ac:a1:77:94:f1:0b:
|
||||
e6:ed:8b:b3:20:57:f9:63:03:cd:17:43:11:c7:f3:
|
||||
13:a3:74:ea:06:37:40:c7:7d
|
||||
Exponent: 65537 (0x10001)
|
||||
X509v3 extensions:
|
||||
X509v3 Subject Key Identifier:
|
||||
56:35:71:FD:CB:C7:5B:2F:C0:02:C2:2E:3B:9D:7B:FD:6F:CB:BB:9C
|
||||
DE:D6:97:31:61:61:AB:34:2F:EE:92:CB:85:96:80:86:BF:8D:60:DD
|
||||
X509v3 Authority Key Identifier:
|
||||
keyid:56:35:71:FD:CB:C7:5B:2F:C0:02:C2:2E:3B:9D:7B:FD:6F:CB:BB:9C
|
||||
DirName:/C=UK/ST=Some-State/O=OSSG/CN=anchor.example.com
|
||||
serial:A9:D8:FE:87:D0:95:01:12
|
||||
keyid:DE:D6:97:31:61:61:AB:34:2F:EE:92:CB:85:96:80:86:BF:8D:60:DD
|
||||
|
||||
X509v3 Basic Constraints:
|
||||
CA:TRUE
|
||||
Signature Algorithm: sha1WithRSAEncryption
|
||||
02:2e:25:2c:7b:ab:d5:cf:98:a7:ee:40:c6:d3:f2:45:4b:1f:
|
||||
40:a9:f5:1f:17:2e:1c:96:f8:fa:34:2b:05:e4:e7:f3:94:31:
|
||||
a6:d9:cc:d4:fa:0c:71:f0:23:7e:d4:c2:84:f0:d6:25:14:41:
|
||||
24:aa:52:98:36:a8:37:fa:9f:12:3f:2f:17:22:db:35:1a:01:
|
||||
2e:ff:02:de:f5:12:3b:40:7d:7e:c2:80:c6:9a:66:4d:ba:c5:
|
||||
43:a8:0f:ec:d3:9c:7c:ec:23:a6:40:6e:a2:c3:5d:e5:1f:78:
|
||||
cf:da:44:ab:26:b8:91:a5:ef:0f:2e:ce:b9:eb:2a:06:21:88:
|
||||
e5:2a
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
9a:50:80:40:5a:11:3d:99:0c:85:0a:68:e2:ad:8a:c9:db:c0:
|
||||
9d:2f:80:1a:f6:52:cb:bd:5d:3c:de:41:b3:50:76:d9:d9:7a:
|
||||
e9:ae:97:f4:68:dc:78:4c:90:82:5f:e9:57:17:70:49:26:18:
|
||||
2b:ab:96:b7:26:0d:6f:63:4e:fd:40:6c:44:6a:5f:b9:26:76:
|
||||
8d:1b:4a:74:3b:b2:cf:b5:cc:5b:50:a6:ea:1c:67:3a:13:29:
|
||||
69:93:e2:b6:9e:14:97:a0:b2:3f:5f:3a:f4:c9:7f:5d:5a:7a:
|
||||
7c:95:d4:2c:dc:83:a2:ba:5f:a9:10:de:f7:80:3d:e6:63:e8:
|
||||
5b:ef
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIICyzCCAjSgAwIBAgIJAKnY/ofQlQESMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNV
|
||||
BAYTAlVLMRMwEQYDVQQIEwpTb21lLVN0YXRlMQ0wCwYDVQQKEwRPU1NHMRswGQYD
|
||||
VQQDExJhbmNob3IuZXhhbXBsZS5jb20wHhcNMTUwMzA2MTE0NDQwWhcNMTgwMzA1
|
||||
MTE0NDQwWjBOMQswCQYDVQQGEwJVSzETMBEGA1UECBMKU29tZS1TdGF0ZTENMAsG
|
||||
A1UEChMET1NTRzEbMBkGA1UEAxMSYW5jaG9yLmV4YW1wbGUuY29tMIGfMA0GCSqG
|
||||
SIb3DQEBAQUAA4GNADCBiQKBgQDXTICDdXtgyMqmfForj49nr4kOBcs9AdG85iIG
|
||||
CErRYC1tC6Szv1E+lblOfadEyf0nykoyptK3aPgXa5S+GGu2zVSQoXmpixbdAr2M
|
||||
IuAjcnHeomKzEjyjNcbwa5YElhSI3ypiX28ZCFncbVIUN8aUdpfjZCnJKBPpUgT+
|
||||
GGxOFwIDAQABo4GwMIGtMB0GA1UdDgQWBBRWNXH9y8dbL8ACwi47nXv9b8u7nDB+
|
||||
BgNVHSMEdzB1gBRWNXH9y8dbL8ACwi47nXv9b8u7nKFSpFAwTjELMAkGA1UEBhMC
|
||||
VUsxEzARBgNVBAgTClNvbWUtU3RhdGUxDTALBgNVBAoTBE9TU0cxGzAZBgNVBAMT
|
||||
EmFuY2hvci5leGFtcGxlLmNvbYIJAKnY/ofQlQESMAwGA1UdEwQFMAMBAf8wDQYJ
|
||||
KoZIhvcNAQEFBQADgYEAAi4lLHur1c+Yp+5AxtPyRUsfQKn1HxcuHJb4+jQrBeTn
|
||||
85QxptnM1PoMcfAjftTChPDWJRRBJKpSmDaoN/qfEj8vFyLbNRoBLv8C3vUSO0B9
|
||||
fsKAxppmTbrFQ6gP7NOcfOwjpkBuosNd5R94z9pEqya4kaXvDy7OuesqBiGI5So=
|
||||
MIICojCCAgugAwIBAgIJAOuyV51pN2GxMA0GCSqGSIb3DQEBCwUAMGoxCzAJBgNV
|
||||
BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMRYwFAYDVQQKDA1IZXJwIERlcnAg
|
||||
cGxjMRYwFAYDVQQLDA1oZXJwLmRlcnAucGxjMRYwFAYDVQQDDA1oZXJwLmRlcnAu
|
||||
cGxjMB4XDTE1MDkwMTIzMjkzNVoXDTE1MDkwMjIzMjkzNVowajELMAkGA1UEBhMC
|
||||
QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxFjAUBgNVBAoMDUhlcnAgRGVycCBwbGMx
|
||||
FjAUBgNVBAsMDWhlcnAuZGVycC5wbGMxFjAUBgNVBAMMDWhlcnAuZGVycC5wbGMw
|
||||
gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJ56qDVB5xy/yGqPUE/0oQlflCwU
|
||||
LFHrYzymU9vm3iwujxRh9l3qQUtw4/zHPDC/H94VjpK7HnZ6dDX3ujxozDI/vuEy
|
||||
Fmq13w0KAskxWVRtGHAu2LRKQcU+JzTACD56x9drrKF3lPEL5u2LsyBX+WMDzRdD
|
||||
EcfzE6N06gY3QMd9AgMBAAGjUDBOMB0GA1UdDgQWBBTe1pcxYWGrNC/uksuFloCG
|
||||
v41g3TAfBgNVHSMEGDAWgBTe1pcxYWGrNC/uksuFloCGv41g3TAMBgNVHRMEBTAD
|
||||
AQH/MA0GCSqGSIb3DQEBCwUAA4GBAJpQgEBaET2ZDIUKaOKtisnbwJ0vgBr2Usu9
|
||||
XTzeQbNQdtnZeumul/Ro3HhMkIJf6VcXcEkmGCurlrcmDW9jTv1AbERqX7kmdo0b
|
||||
SnQ7ss+1zFtQpuocZzoTKWmT4raeFJegsj9fOvTJf11aenyV1Czcg6K6X6kQ3veA
|
||||
PeZj6Fvv
|
||||
-----END CERTIFICATE-----
|
||||
@ -31,18 +31,21 @@ from anchor.X509 import utils
|
||||
class TestX509Cert(unittest.TestCase):
|
||||
cert_data = textwrap.dedent(u"""
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIICKjCCAZOgAwIBAgIIfeW6dwGe6wMwDQYJKoZIhvcNAQEFBQAwUjELMAkGA1UE
|
||||
BhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxFjAUBgNVBAoTDUhlcnAgRGVycCBw
|
||||
bGMxFjAUBgNVBAMTDWhlcnAuZGVycC5wbGMwHhcNMTUwMTE0MTQxMDE5WhcNMTUw
|
||||
MTE1MTQxMDE5WjCBlDELMAkGA1UEBhMCVUsxDzANBgNVBAgTBk5hcm5pYTESMBAG
|
||||
A1UEBxMJRnVua3l0b3duMRcwFQYDVQQKEw5BbmNob3IgVGVzdGluZzEQMA4GA1UE
|
||||
CxMHdGVzdGluZzEUMBIGA1UEAxMLYW5jaG9yLnRlc3QxHzAdBgkqhkiG9w0BCQEW
|
||||
EHRlc3RAYW5jaG9yLnRlc3QwTDANBgkqhkiG9w0BAQEFAAM7ADA4AjEA6m/GQLE0
|
||||
1NzzoZWc/ita9qeI6cdp6ZduEE6gXGEzBqCGKru7lX1kqRRl9u74v5lJAgMBAAGj
|
||||
GjAYMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgXgMA0GCSqGSIb3DQEBBQUAA4GBAGeX
|
||||
hSul19/DgwM5m3cj6y9+dkOhXCdImG1O6wjDHxa/xU+hlPJwGZr5zrcBsk/8jaIP
|
||||
z1FWAhsmZBl0zSJY7XEZ9jmw7JIaCy3XpYMVEA2LGEofydr7N3CRqIE5ehdAh5rz
|
||||
gTLni27WuVJFVBNoTU1JfoxBSm/RBLdTj92g9N5g
|
||||
MIICuDCCAiGgAwIBAgIJAIaZlZ0Oms2fMA0GCSqGSIb3DQEBCwUAMGoxCzAJBgNV
|
||||
BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMRYwFAYDVQQKDA1IZXJwIERlcnAg
|
||||
cGxjMRYwFAYDVQQLDA1oZXJwLmRlcnAucGxjMRYwFAYDVQQDDA1oZXJwLmRlcnAu
|
||||
cGxjMB4XDTE1MDkwMTIzNDcwNVoXDTE1MDkwMjIzNDcwNVowgZQxCzAJBgNVBAYT
|
||||
AlVLMQ8wDQYDVQQIDAZOYXJuaWExEjAQBgNVBAcMCUZ1bmt5dG93bjEXMBUGA1UE
|
||||
CgwOQW5jaG9yIFRlc3RpbmcxEDAOBgNVBAsMB3Rlc3RpbmcxFDASBgNVBAMMC2Fu
|
||||
Y2hvci50ZXN0MR8wHQYJKoZIhvcNAQkBFhB0ZXN0QGFuY2hvci50ZXN0MIGfMA0G
|
||||
CSqGSIb3DQEBAQUAA4GNADCBiQKBgQCeeqg1Qeccv8hqj1BP9KEJX5QsFCxR62M8
|
||||
plPb5t4sLo8UYfZd6kFLcOP8xzwwvx/eFY6Sux52enQ197o8aMwyP77hMhZqtd8N
|
||||
CgLJMVlUbRhwLti0SkHFPic0wAg+esfXa6yhd5TxC+bti7MgV/ljA80XQxHH8xOj
|
||||
dOoGN0DHfQIDAQABozswOTAfBgNVHSMEGDAWgBTe1pcxYWGrNC/uksuFloCGv41g
|
||||
3TAJBgNVHRMEAjAAMAsGA1UdDwQEAwIE8DANBgkqhkiG9w0BAQsFAAOBgQAy+2HQ
|
||||
kXyNc5SwjvCXMDWMTKSB5bEWPxuJw3Lf1G4czHAyANzGlm1HJ/h6Z8NSwEy9x0xj
|
||||
iFnpbc39fGoeApkEqVhY0WyJ7qbCuJsExE+ra6w+iPIKvjez+Ymp+zCDsiTIJEnf
|
||||
2jsyzhghVa/FgDpQYQEJHAuGTEAvkQITp8IUvg==
|
||||
-----END CERTIFICATE-----""")
|
||||
|
||||
key_dsa_data = textwrap.dedent("""
|
||||
@ -228,7 +231,8 @@ class TestX509Cert(unittest.TestCase):
|
||||
|
||||
def test_get_fingerprint(self):
|
||||
fp = self.cert.get_fingerprint()
|
||||
self.assertEqual(fp, "634A8CD10C81F1CD7A7E140921B4D9CA")
|
||||
self.assertEqual(fp, '03C6B30446157984C28A3C97F1616B96'
|
||||
'5DED16744573F203A4EA51AB1AFA1F10')
|
||||
|
||||
def test_get_fingerprint_invalid_hash(self):
|
||||
with self.assertRaises(x509_errors.X509Error):
|
||||
@ -256,7 +260,7 @@ class TestX509Cert(unittest.TestCase):
|
||||
|
||||
def test_get_not_before(self):
|
||||
val = self.cert.get_not_before()
|
||||
self.assertEqual(1421244619.0, val)
|
||||
self.assertEqual(1441151225.0, val)
|
||||
|
||||
def test_set_not_before(self):
|
||||
self.cert.set_not_before(0) # seconds since epoch
|
||||
@ -265,7 +269,7 @@ class TestX509Cert(unittest.TestCase):
|
||||
|
||||
def test_get_not_after(self):
|
||||
val = self.cert.get_not_after()
|
||||
self.assertEqual(1421331019.0, val)
|
||||
self.assertEqual(1441237625.0, val)
|
||||
|
||||
def test_set_not_after(self):
|
||||
self.cert.set_not_after(0) # seconds since epoch
|
||||
@ -274,7 +278,7 @@ class TestX509Cert(unittest.TestCase):
|
||||
|
||||
def test_get_extensions(self):
|
||||
exts = self.cert.get_extensions()
|
||||
self.assertEqual(2, len(exts))
|
||||
self.assertEqual(3, len(exts))
|
||||
|
||||
def test_add_extensions(self):
|
||||
bc = extension.X509ExtensionBasicConstraints()
|
||||
@ -286,20 +290,6 @@ class TestX509Cert(unittest.TestCase):
|
||||
with self.assertRaises(x509_errors.X509Error):
|
||||
self.cert.add_extension("abcdef", 2)
|
||||
|
||||
def test_sign_rsa_sha1(self):
|
||||
key = utils.get_private_key_from_pem(self.key_rsa_data)
|
||||
self.cert.sign(key, 'sha1')
|
||||
self.assertEqual(self.cert.get_fingerprint(),
|
||||
"BA1B5C97D68EAE738FD10657E6F0B143")
|
||||
self.assertTrue(self.cert.verify(key.public_key()))
|
||||
|
||||
def test_sign_dsa_sha1(self):
|
||||
key = utils.get_private_key_from_pem(self.key_dsa_data)
|
||||
self.cert.sign(key, 'sha1')
|
||||
# DSA signatures are not deterministic which means we can only
|
||||
# verify the signature, not make sure it's always the same
|
||||
self.assertTrue(self.cert.verify(key.public_key()))
|
||||
|
||||
def test_sign_unknown_key(self):
|
||||
key = object()
|
||||
with self.assertRaises(x509_errors.X509Error):
|
||||
|
||||
@ -31,14 +31,17 @@ from anchor.X509 import utils
|
||||
class TestX509Csr(unittest.TestCase):
|
||||
csr_data = textwrap.dedent(u"""
|
||||
-----BEGIN CERTIFICATE REQUEST-----
|
||||
MIIBWTCCARMCAQAwgZQxCzAJBgNVBAYTAlVLMQ8wDQYDVQQIEwZOYXJuaWExEjAQ
|
||||
BgNVBAcTCUZ1bmt5dG93bjEXMBUGA1UEChMOQW5jaG9yIFRlc3RpbmcxEDAOBgNV
|
||||
BAsTB3Rlc3RpbmcxFDASBgNVBAMTC2FuY2hvci50ZXN0MR8wHQYJKoZIhvcNAQkB
|
||||
FhB0ZXN0QGFuY2hvci50ZXN0MEwwDQYJKoZIhvcNAQEBBQADOwAwOAIxAOpvxkCx
|
||||
NNTc86GVnP4rWvaniOnHaemXbhBOoFxhMwaghiq7u5V9ZKkUZfbu+L+ZSQIDAQAB
|
||||
oCkwJwYJKoZIhvcNAQkOMRowGDAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DANBgkq
|
||||
hkiG9w0BAQUFAAMxALaK8/HR73ZSvHiWo7Mduin0S519aJBm+gO8d9iliUkK00gQ
|
||||
VMs9DuTAxljX7t7Eug==
|
||||
MIIB/jCCAWcCAQAwgZQxCzAJBgNVBAYTAlVLMQ8wDQYDVQQIDAZOYXJuaWExEjAQ
|
||||
BgNVBAcMCUZ1bmt5dG93bjEXMBUGA1UECgwOQW5jaG9yIFRlc3RpbmcxEDAOBgNV
|
||||
BAsMB3Rlc3RpbmcxFDASBgNVBAMMC2FuY2hvci50ZXN0MR8wHQYJKoZIhvcNAQkB
|
||||
FhB0ZXN0QGFuY2hvci50ZXN0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCe
|
||||
eqg1Qeccv8hqj1BP9KEJX5QsFCxR62M8plPb5t4sLo8UYfZd6kFLcOP8xzwwvx/e
|
||||
FY6Sux52enQ197o8aMwyP77hMhZqtd8NCgLJMVlUbRhwLti0SkHFPic0wAg+esfX
|
||||
a6yhd5TxC+bti7MgV/ljA80XQxHH8xOjdOoGN0DHfQIDAQABoCkwJwYJKoZIhvcN
|
||||
AQkOMRowGDAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DANBgkqhkiG9w0BAQsFAAOB
|
||||
gQA+6qIFRsgkGFgeLvl+Jt3/mfAkkUTes0r4Kh+vPpuzzthEEafaVFRqA0UI+opN
|
||||
QwNMvjwkS4hTZZFlvQJLCUOzKIOkTcvCu1WIUvkA9vfnvz6orw2dU9A6Rj6hU/Bd
|
||||
vXaHXDbliCzG9yPHrLk5VQpy3HODjyfQMdhday2n1Q4P3Q==
|
||||
-----END CERTIFICATE REQUEST-----""")
|
||||
|
||||
key_rsa_data = textwrap.dedent("""
|
||||
@ -167,7 +170,7 @@ class TestX509Csr(unittest.TestCase):
|
||||
key = utils.get_private_key_from_pem(self.key_rsa_data)
|
||||
self.csr.sign(key)
|
||||
# 10 bytes is definitely enough for non malicious case, right?
|
||||
self.assertEqual(b'5I\xc2\x03\x97\xd2\xf0\xd6\x06\x8c',
|
||||
self.assertEqual(b'>\xea\xa2\x05F\xc8$\x18X\x1e',
|
||||
self.csr._get_signature()[:10])
|
||||
|
||||
def test_verify(self):
|
||||
|
||||
@ -146,7 +146,8 @@ class TestFunctional(tests.DefaultConfigMixin, unittest.TestCase):
|
||||
str(cert.get_subject()))
|
||||
|
||||
# make sure the cert was issued by anchor
|
||||
self.assertEqual("/C=UK/ST=Some-State/O=OSSG/CN=anchor.example.com",
|
||||
self.assertEqual("/C=AU/ST=Some-State/O=Herp Derp plc/OU"
|
||||
"=herp.derp.plc/CN=herp.derp.plc",
|
||||
str(cert.get_issuer()))
|
||||
|
||||
def test_check_broken_validator(self):
|
||||
|
||||
@ -30,14 +30,16 @@ from anchor.X509 import signing_request as x509_csr
|
||||
class TestValidators(unittest.TestCase):
|
||||
csr_data = textwrap.dedent(u"""
|
||||
-----BEGIN CERTIFICATE REQUEST-----
|
||||
MIIBWTCCARMCAQAwgZQxCzAJBgNVBAYTAlVLMQ8wDQYDVQQIEwZOYXJuaWExEjAQ
|
||||
BgNVBAcTCUZ1bmt5dG93bjEXMBUGA1UEChMOQW5jaG9yIFRlc3RpbmcxEDAOBgNV
|
||||
BAsTB3Rlc3RpbmcxFDASBgNVBAMTC2FuY2hvci50ZXN0MR8wHQYJKoZIhvcNAQkB
|
||||
FhB0ZXN0QGFuY2hvci50ZXN0MEwwDQYJKoZIhvcNAQEBBQADOwAwOAIxAOpvxkCx
|
||||
NNTc86GVnP4rWvaniOnHaemXbhBOoFxhMwaghiq7u5V9ZKkUZfbu+L+ZSQIDAQAB
|
||||
oCkwJwYJKoZIhvcNAQkOMRowGDAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DANBgkq
|
||||
hkiG9w0BAQUFAAMxALaK8/HR73ZSvHiWo7Mduin0S519aJBm+gO8d9iliUkK00gQ
|
||||
VMs9DuTAxljX7t7Eug==
|
||||
MIIB1TCCAT4CAQAwgZQxCzAJBgNVBAYTAlVLMQ8wDQYDVQQIDAZOYXJuaWExEjAQ
|
||||
BgNVBAcMCUZ1bmt5dG93bjEXMBUGA1UECgwOQW5jaG9yIFRlc3RpbmcxEDAOBgNV
|
||||
BAsMB3Rlc3RpbmcxFDASBgNVBAMMC2FuY2hvci50ZXN0MR8wHQYJKoZIhvcNAQkB
|
||||
FhB0ZXN0QGFuY2hvci50ZXN0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCe
|
||||
eqg1Qeccv8hqj1BP9KEJX5QsFCxR62M8plPb5t4sLo8UYfZd6kFLcOP8xzwwvx/e
|
||||
FY6Sux52enQ197o8aMwyP77hMhZqtd8NCgLJMVlUbRhwLti0SkHFPic0wAg+esfX
|
||||
a6yhd5TxC+bti7MgV/ljA80XQxHH8xOjdOoGN0DHfQIDAQABoAAwDQYJKoZIhvcN
|
||||
AQELBQADgYEAI4eMihRKSeNLt1DLg6l+WYU4ssRTEHpxwBRo0lh5IGEBjtL+NrPY
|
||||
/A9AKfbkyW7BnKd9IT5wvenZajl5UzCveTCkqVDbSEOwLpUY3GeHf0jujml8gKFb
|
||||
AFrlaOkOuDai+an0EdbeLef1kYh8CWd573MPvKTwOsiaGP/EACrlIEM=
|
||||
-----END CERTIFICATE REQUEST-----""")
|
||||
|
||||
def setUp(self):
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user