mirror of
https://github.com/internetarchive/warcprox.git
synced 2025-01-18 13:22:09 +01:00
90 lines
3.0 KiB
Python
90 lines
3.0 KiB
Python
|
import os
|
||
|
import shutil
|
||
|
|
||
|
from warcprox.certauth import main, CertificateAuthority
|
||
|
import tempfile
|
||
|
from OpenSSL import crypto
|
||
|
import datetime
|
||
|
import time
|
||
|
|
||
|
def setup_module():
|
||
|
global TEST_CA_DIR
|
||
|
TEST_CA_DIR = tempfile.mkdtemp()
|
||
|
|
||
|
global TEST_CA_ROOT
|
||
|
TEST_CA_ROOT = os.path.join(TEST_CA_DIR, 'certauth_test_ca.pem')
|
||
|
|
||
|
def teardown_module():
|
||
|
shutil.rmtree(TEST_CA_DIR)
|
||
|
assert not os.path.isdir(TEST_CA_DIR)
|
||
|
assert not os.path.isfile(TEST_CA_ROOT)
|
||
|
|
||
|
def test_create_root():
|
||
|
ret = main([TEST_CA_ROOT, '-c', 'Test Root Cert'])
|
||
|
assert ret == 0
|
||
|
|
||
|
def test_create_host_cert():
|
||
|
ret = main([TEST_CA_ROOT, '-d', TEST_CA_DIR, '-n', 'example.com'])
|
||
|
assert ret == 0
|
||
|
certfile = os.path.join(TEST_CA_DIR, 'example.com.pem')
|
||
|
assert os.path.isfile(certfile)
|
||
|
|
||
|
def test_create_wildcard_host_cert_force_overwrite():
|
||
|
ret = main([TEST_CA_ROOT, '-d', TEST_CA_DIR, '--hostname', 'example.com', '-w', '-f'])
|
||
|
assert ret == 0
|
||
|
certfile = os.path.join(TEST_CA_DIR, 'example.com.pem')
|
||
|
assert os.path.isfile(certfile)
|
||
|
|
||
|
def test_explicit_wildcard():
|
||
|
ca = CertificateAuthority(TEST_CA_ROOT, TEST_CA_DIR, 'Test CA')
|
||
|
filename = ca.get_wildcard_cert('test.example.proxy')
|
||
|
certfile = os.path.join(TEST_CA_DIR, 'example.proxy.pem')
|
||
|
assert filename == certfile
|
||
|
assert os.path.isfile(certfile)
|
||
|
os.remove(certfile)
|
||
|
|
||
|
def test_create_already_exists():
|
||
|
ret = main([TEST_CA_ROOT, '-d', TEST_CA_DIR, '-n', 'example.com', '-w'])
|
||
|
assert ret == 1
|
||
|
certfile = os.path.join(TEST_CA_DIR, 'example.com.pem')
|
||
|
assert os.path.isfile(certfile)
|
||
|
# remove now
|
||
|
os.remove(certfile)
|
||
|
|
||
|
def test_create_root_already_exists():
|
||
|
ret = main([TEST_CA_ROOT])
|
||
|
# not created, already exists
|
||
|
assert ret == 1
|
||
|
# remove now
|
||
|
os.remove(TEST_CA_ROOT)
|
||
|
|
||
|
def test_create_root_subdir():
|
||
|
# create a new cert in a subdirectory
|
||
|
subdir = os.path.join(TEST_CA_DIR, 'subdir')
|
||
|
|
||
|
ca_file = os.path.join(subdir, 'certauth_test_ca.pem')
|
||
|
|
||
|
ca = CertificateAuthority(ca_file, subdir, 'Test CA',
|
||
|
cert_not_before=-60 * 60,
|
||
|
cert_not_after=60 * 60 * 24 * 3)
|
||
|
|
||
|
assert os.path.isdir(subdir)
|
||
|
assert os.path.isfile(ca_file)
|
||
|
|
||
|
buff = ca.get_root_PKCS12()
|
||
|
assert len(buff) > 0
|
||
|
|
||
|
expected_not_before = datetime.datetime.utcnow() - datetime.timedelta(seconds=60 * 60)
|
||
|
expected_not_after = datetime.datetime.utcnow() + datetime.timedelta(seconds=60 * 60 * 24 * 3)
|
||
|
|
||
|
cert = crypto.load_pkcs12(buff).get_certificate()
|
||
|
|
||
|
actual_not_before = datetime.datetime.strptime(
|
||
|
cert.get_notBefore().decode('ascii'), '%Y%m%d%H%M%SZ')
|
||
|
actual_not_after = datetime.datetime.strptime(
|
||
|
cert.get_notAfter().decode('ascii'), '%Y%m%d%H%M%SZ')
|
||
|
|
||
|
time.mktime(expected_not_before.utctimetuple())
|
||
|
assert abs((time.mktime(actual_not_before.utctimetuple()) - time.mktime(expected_not_before.utctimetuple()))) < 10
|
||
|
assert abs((time.mktime(actual_not_after.utctimetuple()) - time.mktime(expected_not_after.utctimetuple()))) < 10
|