Gitiles
Code Review Sign In
gerrit.opencord.org / enodebd / f90b16b1f8578426c5d598ccc0e11506d72c1b6d / . / common / tests / cert_utils_tests.py
blob: bf49cb35ff1eff2b7e82877993274a72ad5b06cb [file] [log] [blame]
Wei-Yu Chenad55cb82022-02-15 20:07:01 +0800[diff] [blame]1# SPDX-FileCopyrightText: 2020 The Magma Authors.
2# SPDX-FileCopyrightText: 2022 Open Networking Foundation <support@opennetworking.org>
3#
4# SPDX-License-Identifier: BSD-3-Clause
Wei-Yu Chen49950b92021-11-08 19:19:18 +0800[diff] [blame]5
6import base64
7import datetime
8import os
9from tempfile import TemporaryDirectory
10from unittest import TestCase
11
12import magma.common.cert_utils as cu
13from cryptography import x509
14from cryptography.hazmat.backends import default_backend
15from cryptography.hazmat.primitives import hashes, serialization
16from cryptography.hazmat.primitives.asymmetric import ec
17
18
19class CertUtilsTest(TestCase):
20 def test_key(self):
21 with TemporaryDirectory(prefix='/tmp/test_cert_utils') as temp_dir:
22 key = ec.generate_private_key(ec.SECP384R1(), default_backend())
23 cu.write_key(key, os.path.join(temp_dir, 'test.key'))
24 key_load = cu.load_key(os.path.join(temp_dir, 'test.key'))
25
26 key_bytes = key.private_bytes(
27 serialization.Encoding.PEM,
28 serialization.PrivateFormat.TraditionalOpenSSL,
29 serialization.NoEncryption(),
30 )
31 key_load_bytes = key_load.private_bytes(
32 serialization.Encoding.PEM,
33 serialization.PrivateFormat.TraditionalOpenSSL,
34 serialization.NoEncryption(),
35 )
36 self.assertEqual(key_bytes, key_load_bytes)
37
38 def load_public_key_to_base64der(self):
39 with TemporaryDirectory(prefix='/tmp/test_cert_utils') as temp_dir:
40 key = ec.generate_private_key(ec.SECP384R1(), default_backend())
41 cu.write_key(key, os.path.join(temp_dir, 'test.key'))
42 base64der = cu.load_public_key_to_base64der(
43 os.path.join(temp_dir, 'test.key'),
44 )
45 der = base64.b64decode(base64der)
46 pub_key = serialization.load_der_public_key(der, default_backend())
47 self.assertEqual(pub_key, key.public_key())
48
49 def test_csr(self):
50 key = ec.generate_private_key(ec.SECP384R1(), default_backend())
51 csr = cu.create_csr(
52 key, 'i am dummy test',
53 'US', 'CA', 'MPK', 'FB', 'magma', 'magma@fb.com',
54 )
55 self.assertTrue(csr.is_signature_valid)
56 public_key_bytes = key.public_key().public_bytes(
57 serialization.Encoding.OpenSSH,
58 serialization.PublicFormat.OpenSSH,
59 )
60 csr_public_key_bytes = csr.public_key().public_bytes(
61 serialization.Encoding.OpenSSH,
62 serialization.PublicFormat.OpenSSH,
63 )
64 self.assertEqual(public_key_bytes, csr_public_key_bytes)
65
66 def test_cert(self):
67 with TemporaryDirectory(prefix='/tmp/test_cert_utils') as temp_dir:
68 cert = _create_dummy_cert()
69 cert_file = os.path.join(temp_dir, 'test.cert')
70 cu.write_cert(
71 cert.public_bytes(
72 serialization.Encoding.DER,
73 ), cert_file,
74 )
75 cert_load = cu.load_cert(cert_file)
76 self.assertEqual(cert, cert_load)
77
78
79def _create_dummy_cert():
80 key = ec.generate_private_key(ec.SECP384R1(), default_backend())
81 subject = issuer = x509.Name([
82 x509.NameAttribute(x509.oid.NameOID.COUNTRY_NAME, u"US"),
83 x509.NameAttribute(x509.oid.NameOID.STATE_OR_PROVINCE_NAME, u"CA"),
84 x509.NameAttribute(x509.oid.NameOID.LOCALITY_NAME, u"San Francisco"),
85 x509.NameAttribute(x509.oid.NameOID.ORGANIZATION_NAME, u"My Company"),
86 x509.NameAttribute(x509.oid.NameOID.COMMON_NAME, u"mysite.com"),
87 ])
88 cert = x509.CertificateBuilder().subject_name(
89 subject,
90 ).issuer_name(
91 issuer,
92 ).public_key(
93 key.public_key(),
94 ).serial_number(
95 x509.random_serial_number(),
96 ).not_valid_before(
97 datetime.datetime.utcnow(),
98 ).not_valid_after(
99 datetime.datetime.utcnow() + datetime.timedelta(days=10),
100 ).sign(key, hashes.SHA256(), default_backend())
101 return cert