tests/analysis/db/certs.py


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112

#!/usr/bin/python3-dbg
# -*- coding: utf-8 -*-


# Tests validant la génération de certificats


from chrysacase import ChrysalideTestCase
from pychrysalide.analysis.db import certs
import shutil
import subprocess
import tempfile


class TestRestrictedContent(ChrysalideTestCase):
    """TestCase for analysis.db.certs."""

    @classmethod
    def setUpClass(cls):

        super(TestRestrictedContent, cls).setUpClass()

        cls._tmppath = tempfile.mkdtemp()

        cls.log('Using temporary directory "%s"' % cls._tmppath)


    @classmethod
    def tearDownClass(cls):

        super(TestRestrictedContent, cls).tearDownClass()

        cls.log('Delete directory "%s"' % cls._tmppath)

        shutil.rmtree(cls._tmppath)


    def checkOutput(self, cmd, expected):
        """Run a command and check its output."""

        output = ''

        try:
            output = subprocess.check_output(cmd, stderr=subprocess.STDOUT, shell=True)
        except:
            pass

        self.assertEqual(output, expected)


    def testMakeCA(self):
        """Check for building a valid CA."""

        identity = {

            'C': 'UK',
            'CN': 'OpenSSL Group'

        }

        ret = certs.make_ca(self._tmppath, 'ca', 3650 * 24 * 60 * 60, identity)
        self.assertTrue(ret)

        cmd = 'openssl x509 -in %s/ca-cert.pem -subject -noout' % self._tmppath

        expected = b'subject=C = UK, CN = OpenSSL Group\n'

        self.checkOutput(cmd, expected)

        cmd = 'openssl verify -CApath %s -CAfile %s/ca-cert.pem %s/ca-cert.pem' \
              % (self._tmppath, self._tmppath, self._tmppath)

        expected = bytes('%s/ca-cert.pem: OK\n' % self._tmppath, 'utf-8')

        self.checkOutput(cmd, expected)


    def testMakeCSR(self):
        """Check for requesting a valid signing request."""

        identity = {

            'C': 'UK',
            'CN': 'OpenSSL Group'

        }

        ret = certs.make_request(self._tmppath, 'server', identity);
        self.assertTrue(ret)


    def testSignCert(self):
        """Check for properly signing a certificate."""

        ret = certs.sign_cert('%s/server-csr.pem' % self._tmppath, '%s/ca-cert.pem' % self._tmppath, \
                              '%s/ca-key.pem' % self._tmppath, '%s/server-cert.pem' % self._tmppath, \
                              3650 * 24 * 60 * 60)
        self.assertTrue(ret)

        cmd = 'openssl x509 -in %s/server-cert.pem -subject -noout' % self._tmppath

        expected = b'subject=C = UK, CN = OpenSSL Group\n'

        self.checkOutput(cmd, expected)

        cmd = 'openssl verify -CApath %s -CAfile %s/ca-cert.pem %s/server-cert.pem' \
              % (self._tmppath, self._tmppath, self._tmppath)

        expected = bytes('%s/server-cert.pem: OK\n' % self._tmppath, 'utf-8')

        self.checkOutput(cmd, expected)