diff --git a/anchor/X509/certificate.py b/anchor/X509/certificate.py index a7713ae..a0474db 100644 --- a/anchor/X509/certificate.py +++ b/anchor/X509/certificate.py @@ -33,13 +33,10 @@ from anchor.X509 import utils SIGNING_ALGORITHMS = { - ('RSA', 'MD5'): rfc2459.md5WithRSAEncryption, - ('RSA', 'SHA1'): rfc2459.sha1WithRSAEncryption, ('RSA', 'SHA224'): asn1_univ.ObjectIdentifier('1.2.840.113549.1.1.14'), ('RSA', 'SHA256'): asn1_univ.ObjectIdentifier('1.2.840.113549.1.1.11'), ('RSA', 'SHA384'): asn1_univ.ObjectIdentifier('1.2.840.113549.1.1.12'), ('RSA', 'SHA512'): asn1_univ.ObjectIdentifier('1.2.840.113549.1.1.13'), - ('DSA', 'SHA1'): rfc2459.id_dsa_with_sha1, ('DSA', 'SHA224'): asn1_univ.ObjectIdentifier('2.16.840.1.101.3.4.3.1'), ('DSA', 'SHA256'): asn1_univ.ObjectIdentifier('2.16.840.1.101.3.4.3.2'), } @@ -249,7 +246,7 @@ class X509Certificate(signature.SignatureMixin): """Return this X509 certificate as DER encoded data.""" return encoder.encode(self._cert) - def get_fingerprint(self, md='md5'): + def get_fingerprint(self, md='sha256'): """Get the fingerprint of this X509 certificate. :param md: The message digest algorthim used to compute the fingerprint diff --git a/anchor/X509/signature.py b/anchor/X509/signature.py index c71ef14..0e420cb 100644 --- a/anchor/X509/signature.py +++ b/anchor/X509/signature.py @@ -38,13 +38,10 @@ id_dsa_with_sha224 = asn1_univ.ObjectIdentifier('2.16.840.1.101.3.4.3.1') id_dsa_with_sha256 = asn1_univ.ObjectIdentifier('2.16.840.1.101.3.4.3.2') SIGNING_ALGORITHMS = { - ('RSA', 'MD5'): rfc2459.md5WithRSAEncryption, - ('RSA', 'SHA1'): rfc2459.sha1WithRSAEncryption, ('RSA', 'SHA224'): sha224WithRSAEncryption, ('RSA', 'SHA256'): sha256WithRSAEncryption, ('RSA', 'SHA384'): sha384WithRSAEncryption, ('RSA', 'SHA512'): sha512WithRSAEncryption, - ('DSA', 'SHA1'): rfc2459.id_dsa_with_sha1, ('DSA', 'SHA224'): id_dsa_with_sha224, ('DSA', 'SHA256'): id_dsa_with_sha256, } @@ -54,10 +51,6 @@ SIGNING_ALGORITHMS_INV = dict((v, k) for k, v in SIGNING_ALGORITHMS.items()) SIGNER_CONSTRUCTION = { - rfc2459.md5WithRSAEncryption: (lambda key: key.signer(padding.PKCS1v15(), - hashes.MD5())), - rfc2459.sha1WithRSAEncryption: (lambda key: key.signer(padding.PKCS1v15(), - hashes.SHA1())), sha224WithRSAEncryption: (lambda key: key.signer(padding.PKCS1v15(), hashes.SHA224())), sha256WithRSAEncryption: (lambda key: key.signer(padding.PKCS1v15(), @@ -66,17 +59,12 @@ SIGNER_CONSTRUCTION = { hashes.SHA384())), sha512WithRSAEncryption: (lambda key: key.signer(padding.PKCS1v15(), hashes.SHA512())), - rfc2459.id_dsa_with_sha1: (lambda key: key.signer(hashes.SHA1())), id_dsa_with_sha224: (lambda key: key.signer(hashes.SHA224())), id_dsa_with_sha256: (lambda key: key.signer(hashes.SHA256())), } VERIFIER_CONSTRUCTION = { - rfc2459.md5WithRSAEncryption: (lambda key, signature: key.verifier( - signature, padding.PKCS1v15(), hashes.MD5())), - rfc2459.sha1WithRSAEncryption: (lambda key, signature: key.verifier( - signature, padding.PKCS1v15(), hashes.SHA1())), sha224WithRSAEncryption: (lambda key, signature: key.verifier( signature, padding.PKCS1v15(), hashes.SHA224())), sha256WithRSAEncryption: (lambda key, signature: key.verifier( @@ -85,8 +73,6 @@ VERIFIER_CONSTRUCTION = { signature, padding.PKCS1v15(), hashes.SHA384())), sha512WithRSAEncryption: (lambda key, signature: key.verifier( signature, padding.PKCS1v15(), hashes.SHA512())), - rfc2459.id_dsa_with_sha1: (lambda key, signature: key.verifier( - signature, hashes.SHA1())), id_dsa_with_sha224: (lambda key, signature: key.verifier( signature, hashes.SHA224())), id_dsa_with_sha256: (lambda key, signature: key.verifier( @@ -95,13 +81,10 @@ VERIFIER_CONSTRUCTION = { ALGORITHM_PARAMETERS = { - rfc2459.md5WithRSAEncryption: encoder.encode(asn1_univ.Null()), - rfc2459.sha1WithRSAEncryption: encoder.encode(asn1_univ.Null()), sha224WithRSAEncryption: encoder.encode(asn1_univ.Null()), sha256WithRSAEncryption: encoder.encode(asn1_univ.Null()), sha384WithRSAEncryption: encoder.encode(asn1_univ.Null()), sha512WithRSAEncryption: encoder.encode(asn1_univ.Null()), - rfc2459.id_dsa_with_sha1: None, id_dsa_with_sha224: None, id_dsa_with_sha256: None, } @@ -113,7 +96,7 @@ class SignatureMixin(object): Both operations rely on the functions provided by the certificate and csr classes. """ - def sign(self, key, md="sha1"): + def sign(self, key, md="sha256"): """Sign the current object.""" md = md.upper() if key is None: diff --git a/tests/CA/root-ca.crt b/tests/CA/root-ca.crt index 988797c..b9af076 100644 --- a/tests/CA/root-ca.crt +++ b/tests/CA/root-ca.crt @@ -1,61 +1,58 @@ Certificate: Data: Version: 3 (0x2) - Serial Number: - a9:d8:fe:87:d0:95:01:12 - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=UK, ST=Some-State, O=OSSG, CN=anchor.example.com + Serial Number: 16983733478354280881 (0xebb2579d693761b1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=AU, ST=Some-State, O=Herp Derp plc, OU=herp.derp.plc, CN=herp.derp.plc Validity - Not Before: Mar 6 11:44:40 2015 GMT - Not After : Mar 5 11:44:40 2018 GMT - Subject: C=UK, ST=Some-State, O=OSSG, CN=anchor.example.com + Not Before: Sep 1 23:29:35 2015 GMT + Not After : Sep 2 23:29:35 2015 GMT + Subject: C=AU, ST=Some-State, O=Herp Derp plc, OU=herp.derp.plc, CN=herp.derp.plc Subject Public Key Info: Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:d7:4c:80:83:75:7b:60:c8:ca:a6:7c:5a:2b:8f: - 8f:67:af:89:0e:05:cb:3d:01:d1:bc:e6:22:06:08: - 4a:d1:60:2d:6d:0b:a4:b3:bf:51:3e:95:b9:4e:7d: - a7:44:c9:fd:27:ca:4a:32:a6:d2:b7:68:f8:17:6b: - 94:be:18:6b:b6:cd:54:90:a1:79:a9:8b:16:dd:02: - bd:8c:22:e0:23:72:71:de:a2:62:b3:12:3c:a3:35: - c6:f0:6b:96:04:96:14:88:df:2a:62:5f:6f:19:08: - 59:dc:6d:52:14:37:c6:94:76:97:e3:64:29:c9:28: - 13:e9:52:04:fe:18:6c:4e:17 + Public-Key: (1024 bit) + Modulus: + 00:9e:7a:a8:35:41:e7:1c:bf:c8:6a:8f:50:4f:f4: + a1:09:5f:94:2c:14:2c:51:eb:63:3c:a6:53:db:e6: + de:2c:2e:8f:14:61:f6:5d:ea:41:4b:70:e3:fc:c7: + 3c:30:bf:1f:de:15:8e:92:bb:1e:76:7a:74:35:f7: + ba:3c:68:cc:32:3f:be:e1:32:16:6a:b5:df:0d:0a: + 02:c9:31:59:54:6d:18:70:2e:d8:b4:4a:41:c5:3e: + 27:34:c0:08:3e:7a:c7:d7:6b:ac:a1:77:94:f1:0b: + e6:ed:8b:b3:20:57:f9:63:03:cd:17:43:11:c7:f3: + 13:a3:74:ea:06:37:40:c7:7d Exponent: 65537 (0x10001) X509v3 extensions: - X509v3 Subject Key Identifier: - 56:35:71:FD:CB:C7:5B:2F:C0:02:C2:2E:3B:9D:7B:FD:6F:CB:BB:9C - X509v3 Authority Key Identifier: - keyid:56:35:71:FD:CB:C7:5B:2F:C0:02:C2:2E:3B:9D:7B:FD:6F:CB:BB:9C - DirName:/C=UK/ST=Some-State/O=OSSG/CN=anchor.example.com - serial:A9:D8:FE:87:D0:95:01:12 + X509v3 Subject Key Identifier: + DE:D6:97:31:61:61:AB:34:2F:EE:92:CB:85:96:80:86:BF:8D:60:DD + X509v3 Authority Key Identifier: + keyid:DE:D6:97:31:61:61:AB:34:2F:EE:92:CB:85:96:80:86:BF:8D:60:DD - X509v3 Basic Constraints: + X509v3 Basic Constraints: CA:TRUE - Signature Algorithm: sha1WithRSAEncryption - 02:2e:25:2c:7b:ab:d5:cf:98:a7:ee:40:c6:d3:f2:45:4b:1f: - 40:a9:f5:1f:17:2e:1c:96:f8:fa:34:2b:05:e4:e7:f3:94:31: - a6:d9:cc:d4:fa:0c:71:f0:23:7e:d4:c2:84:f0:d6:25:14:41: - 24:aa:52:98:36:a8:37:fa:9f:12:3f:2f:17:22:db:35:1a:01: - 2e:ff:02:de:f5:12:3b:40:7d:7e:c2:80:c6:9a:66:4d:ba:c5: - 43:a8:0f:ec:d3:9c:7c:ec:23:a6:40:6e:a2:c3:5d:e5:1f:78: - cf:da:44:ab:26:b8:91:a5:ef:0f:2e:ce:b9:eb:2a:06:21:88: - e5:2a + Signature Algorithm: sha256WithRSAEncryption + 9a:50:80:40:5a:11:3d:99:0c:85:0a:68:e2:ad:8a:c9:db:c0: + 9d:2f:80:1a:f6:52:cb:bd:5d:3c:de:41:b3:50:76:d9:d9:7a: + e9:ae:97:f4:68:dc:78:4c:90:82:5f:e9:57:17:70:49:26:18: + 2b:ab:96:b7:26:0d:6f:63:4e:fd:40:6c:44:6a:5f:b9:26:76: + 8d:1b:4a:74:3b:b2:cf:b5:cc:5b:50:a6:ea:1c:67:3a:13:29: + 69:93:e2:b6:9e:14:97:a0:b2:3f:5f:3a:f4:c9:7f:5d:5a:7a: + 7c:95:d4:2c:dc:83:a2:ba:5f:a9:10:de:f7:80:3d:e6:63:e8: + 5b:ef -----BEGIN CERTIFICATE----- -MIICyzCCAjSgAwIBAgIJAKnY/ofQlQESMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNV -BAYTAlVLMRMwEQYDVQQIEwpTb21lLVN0YXRlMQ0wCwYDVQQKEwRPU1NHMRswGQYD -VQQDExJhbmNob3IuZXhhbXBsZS5jb20wHhcNMTUwMzA2MTE0NDQwWhcNMTgwMzA1 -MTE0NDQwWjBOMQswCQYDVQQGEwJVSzETMBEGA1UECBMKU29tZS1TdGF0ZTENMAsG -A1UEChMET1NTRzEbMBkGA1UEAxMSYW5jaG9yLmV4YW1wbGUuY29tMIGfMA0GCSqG -SIb3DQEBAQUAA4GNADCBiQKBgQDXTICDdXtgyMqmfForj49nr4kOBcs9AdG85iIG -CErRYC1tC6Szv1E+lblOfadEyf0nykoyptK3aPgXa5S+GGu2zVSQoXmpixbdAr2M -IuAjcnHeomKzEjyjNcbwa5YElhSI3ypiX28ZCFncbVIUN8aUdpfjZCnJKBPpUgT+ -GGxOFwIDAQABo4GwMIGtMB0GA1UdDgQWBBRWNXH9y8dbL8ACwi47nXv9b8u7nDB+ -BgNVHSMEdzB1gBRWNXH9y8dbL8ACwi47nXv9b8u7nKFSpFAwTjELMAkGA1UEBhMC -VUsxEzARBgNVBAgTClNvbWUtU3RhdGUxDTALBgNVBAoTBE9TU0cxGzAZBgNVBAMT -EmFuY2hvci5leGFtcGxlLmNvbYIJAKnY/ofQlQESMAwGA1UdEwQFMAMBAf8wDQYJ -KoZIhvcNAQEFBQADgYEAAi4lLHur1c+Yp+5AxtPyRUsfQKn1HxcuHJb4+jQrBeTn -85QxptnM1PoMcfAjftTChPDWJRRBJKpSmDaoN/qfEj8vFyLbNRoBLv8C3vUSO0B9 -fsKAxppmTbrFQ6gP7NOcfOwjpkBuosNd5R94z9pEqya4kaXvDy7OuesqBiGI5So= ------END CERTIFICATE----- +MIICojCCAgugAwIBAgIJAOuyV51pN2GxMA0GCSqGSIb3DQEBCwUAMGoxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMRYwFAYDVQQKDA1IZXJwIERlcnAg +cGxjMRYwFAYDVQQLDA1oZXJwLmRlcnAucGxjMRYwFAYDVQQDDA1oZXJwLmRlcnAu +cGxjMB4XDTE1MDkwMTIzMjkzNVoXDTE1MDkwMjIzMjkzNVowajELMAkGA1UEBhMC +QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxFjAUBgNVBAoMDUhlcnAgRGVycCBwbGMx +FjAUBgNVBAsMDWhlcnAuZGVycC5wbGMxFjAUBgNVBAMMDWhlcnAuZGVycC5wbGMw +gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJ56qDVB5xy/yGqPUE/0oQlflCwU +LFHrYzymU9vm3iwujxRh9l3qQUtw4/zHPDC/H94VjpK7HnZ6dDX3ujxozDI/vuEy +Fmq13w0KAskxWVRtGHAu2LRKQcU+JzTACD56x9drrKF3lPEL5u2LsyBX+WMDzRdD +EcfzE6N06gY3QMd9AgMBAAGjUDBOMB0GA1UdDgQWBBTe1pcxYWGrNC/uksuFloCG +v41g3TAfBgNVHSMEGDAWgBTe1pcxYWGrNC/uksuFloCGv41g3TAMBgNVHRMEBTAD +AQH/MA0GCSqGSIb3DQEBCwUAA4GBAJpQgEBaET2ZDIUKaOKtisnbwJ0vgBr2Usu9 +XTzeQbNQdtnZeumul/Ro3HhMkIJf6VcXcEkmGCurlrcmDW9jTv1AbERqX7kmdo0b +SnQ7ss+1zFtQpuocZzoTKWmT4raeFJegsj9fOvTJf11aenyV1Czcg6K6X6kQ3veA +PeZj6Fvv +-----END CERTIFICATE----- \ No newline at end of file diff --git a/tests/X509/test_x509_certificate.py b/tests/X509/test_x509_certificate.py index 35b94d6..737217f 100644 --- a/tests/X509/test_x509_certificate.py +++ b/tests/X509/test_x509_certificate.py @@ -31,18 +31,21 @@ from anchor.X509 import utils class TestX509Cert(unittest.TestCase): cert_data = textwrap.dedent(u""" -----BEGIN CERTIFICATE----- - MIICKjCCAZOgAwIBAgIIfeW6dwGe6wMwDQYJKoZIhvcNAQEFBQAwUjELMAkGA1UE - BhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxFjAUBgNVBAoTDUhlcnAgRGVycCBw - bGMxFjAUBgNVBAMTDWhlcnAuZGVycC5wbGMwHhcNMTUwMTE0MTQxMDE5WhcNMTUw - MTE1MTQxMDE5WjCBlDELMAkGA1UEBhMCVUsxDzANBgNVBAgTBk5hcm5pYTESMBAG - A1UEBxMJRnVua3l0b3duMRcwFQYDVQQKEw5BbmNob3IgVGVzdGluZzEQMA4GA1UE - CxMHdGVzdGluZzEUMBIGA1UEAxMLYW5jaG9yLnRlc3QxHzAdBgkqhkiG9w0BCQEW - EHRlc3RAYW5jaG9yLnRlc3QwTDANBgkqhkiG9w0BAQEFAAM7ADA4AjEA6m/GQLE0 - 1NzzoZWc/ita9qeI6cdp6ZduEE6gXGEzBqCGKru7lX1kqRRl9u74v5lJAgMBAAGj - GjAYMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgXgMA0GCSqGSIb3DQEBBQUAA4GBAGeX - hSul19/DgwM5m3cj6y9+dkOhXCdImG1O6wjDHxa/xU+hlPJwGZr5zrcBsk/8jaIP - z1FWAhsmZBl0zSJY7XEZ9jmw7JIaCy3XpYMVEA2LGEofydr7N3CRqIE5ehdAh5rz - gTLni27WuVJFVBNoTU1JfoxBSm/RBLdTj92g9N5g + MIICuDCCAiGgAwIBAgIJAIaZlZ0Oms2fMA0GCSqGSIb3DQEBCwUAMGoxCzAJBgNV + BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMRYwFAYDVQQKDA1IZXJwIERlcnAg + cGxjMRYwFAYDVQQLDA1oZXJwLmRlcnAucGxjMRYwFAYDVQQDDA1oZXJwLmRlcnAu + cGxjMB4XDTE1MDkwMTIzNDcwNVoXDTE1MDkwMjIzNDcwNVowgZQxCzAJBgNVBAYT + AlVLMQ8wDQYDVQQIDAZOYXJuaWExEjAQBgNVBAcMCUZ1bmt5dG93bjEXMBUGA1UE + CgwOQW5jaG9yIFRlc3RpbmcxEDAOBgNVBAsMB3Rlc3RpbmcxFDASBgNVBAMMC2Fu + Y2hvci50ZXN0MR8wHQYJKoZIhvcNAQkBFhB0ZXN0QGFuY2hvci50ZXN0MIGfMA0G + CSqGSIb3DQEBAQUAA4GNADCBiQKBgQCeeqg1Qeccv8hqj1BP9KEJX5QsFCxR62M8 + plPb5t4sLo8UYfZd6kFLcOP8xzwwvx/eFY6Sux52enQ197o8aMwyP77hMhZqtd8N + CgLJMVlUbRhwLti0SkHFPic0wAg+esfXa6yhd5TxC+bti7MgV/ljA80XQxHH8xOj + dOoGN0DHfQIDAQABozswOTAfBgNVHSMEGDAWgBTe1pcxYWGrNC/uksuFloCGv41g + 3TAJBgNVHRMEAjAAMAsGA1UdDwQEAwIE8DANBgkqhkiG9w0BAQsFAAOBgQAy+2HQ + kXyNc5SwjvCXMDWMTKSB5bEWPxuJw3Lf1G4czHAyANzGlm1HJ/h6Z8NSwEy9x0xj + iFnpbc39fGoeApkEqVhY0WyJ7qbCuJsExE+ra6w+iPIKvjez+Ymp+zCDsiTIJEnf + 2jsyzhghVa/FgDpQYQEJHAuGTEAvkQITp8IUvg== -----END CERTIFICATE-----""") key_dsa_data = textwrap.dedent(""" @@ -228,7 +231,8 @@ class TestX509Cert(unittest.TestCase): def test_get_fingerprint(self): fp = self.cert.get_fingerprint() - self.assertEqual(fp, "634A8CD10C81F1CD7A7E140921B4D9CA") + self.assertEqual(fp, '03C6B30446157984C28A3C97F1616B96' + '5DED16744573F203A4EA51AB1AFA1F10') def test_get_fingerprint_invalid_hash(self): with self.assertRaises(x509_errors.X509Error): @@ -256,7 +260,7 @@ class TestX509Cert(unittest.TestCase): def test_get_not_before(self): val = self.cert.get_not_before() - self.assertEqual(1421244619.0, val) + self.assertEqual(1441151225.0, val) def test_set_not_before(self): self.cert.set_not_before(0) # seconds since epoch @@ -265,7 +269,7 @@ class TestX509Cert(unittest.TestCase): def test_get_not_after(self): val = self.cert.get_not_after() - self.assertEqual(1421331019.0, val) + self.assertEqual(1441237625.0, val) def test_set_not_after(self): self.cert.set_not_after(0) # seconds since epoch @@ -274,7 +278,7 @@ class TestX509Cert(unittest.TestCase): def test_get_extensions(self): exts = self.cert.get_extensions() - self.assertEqual(2, len(exts)) + self.assertEqual(3, len(exts)) def test_add_extensions(self): bc = extension.X509ExtensionBasicConstraints() @@ -286,20 +290,6 @@ class TestX509Cert(unittest.TestCase): with self.assertRaises(x509_errors.X509Error): self.cert.add_extension("abcdef", 2) - def test_sign_rsa_sha1(self): - key = utils.get_private_key_from_pem(self.key_rsa_data) - self.cert.sign(key, 'sha1') - self.assertEqual(self.cert.get_fingerprint(), - "BA1B5C97D68EAE738FD10657E6F0B143") - self.assertTrue(self.cert.verify(key.public_key())) - - def test_sign_dsa_sha1(self): - key = utils.get_private_key_from_pem(self.key_dsa_data) - self.cert.sign(key, 'sha1') - # DSA signatures are not deterministic which means we can only - # verify the signature, not make sure it's always the same - self.assertTrue(self.cert.verify(key.public_key())) - def test_sign_unknown_key(self): key = object() with self.assertRaises(x509_errors.X509Error): diff --git a/tests/X509/test_x509_csr.py b/tests/X509/test_x509_csr.py index 4307c1f..9da3511 100644 --- a/tests/X509/test_x509_csr.py +++ b/tests/X509/test_x509_csr.py @@ -31,14 +31,17 @@ from anchor.X509 import utils class TestX509Csr(unittest.TestCase): csr_data = textwrap.dedent(u""" -----BEGIN CERTIFICATE REQUEST----- - MIIBWTCCARMCAQAwgZQxCzAJBgNVBAYTAlVLMQ8wDQYDVQQIEwZOYXJuaWExEjAQ - BgNVBAcTCUZ1bmt5dG93bjEXMBUGA1UEChMOQW5jaG9yIFRlc3RpbmcxEDAOBgNV - BAsTB3Rlc3RpbmcxFDASBgNVBAMTC2FuY2hvci50ZXN0MR8wHQYJKoZIhvcNAQkB - FhB0ZXN0QGFuY2hvci50ZXN0MEwwDQYJKoZIhvcNAQEBBQADOwAwOAIxAOpvxkCx - NNTc86GVnP4rWvaniOnHaemXbhBOoFxhMwaghiq7u5V9ZKkUZfbu+L+ZSQIDAQAB - oCkwJwYJKoZIhvcNAQkOMRowGDAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DANBgkq - hkiG9w0BAQUFAAMxALaK8/HR73ZSvHiWo7Mduin0S519aJBm+gO8d9iliUkK00gQ - VMs9DuTAxljX7t7Eug== + MIIB/jCCAWcCAQAwgZQxCzAJBgNVBAYTAlVLMQ8wDQYDVQQIDAZOYXJuaWExEjAQ + BgNVBAcMCUZ1bmt5dG93bjEXMBUGA1UECgwOQW5jaG9yIFRlc3RpbmcxEDAOBgNV + BAsMB3Rlc3RpbmcxFDASBgNVBAMMC2FuY2hvci50ZXN0MR8wHQYJKoZIhvcNAQkB + FhB0ZXN0QGFuY2hvci50ZXN0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCe + eqg1Qeccv8hqj1BP9KEJX5QsFCxR62M8plPb5t4sLo8UYfZd6kFLcOP8xzwwvx/e + FY6Sux52enQ197o8aMwyP77hMhZqtd8NCgLJMVlUbRhwLti0SkHFPic0wAg+esfX + a6yhd5TxC+bti7MgV/ljA80XQxHH8xOjdOoGN0DHfQIDAQABoCkwJwYJKoZIhvcN + AQkOMRowGDAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DANBgkqhkiG9w0BAQsFAAOB + gQA+6qIFRsgkGFgeLvl+Jt3/mfAkkUTes0r4Kh+vPpuzzthEEafaVFRqA0UI+opN + QwNMvjwkS4hTZZFlvQJLCUOzKIOkTcvCu1WIUvkA9vfnvz6orw2dU9A6Rj6hU/Bd + vXaHXDbliCzG9yPHrLk5VQpy3HODjyfQMdhday2n1Q4P3Q== -----END CERTIFICATE REQUEST-----""") key_rsa_data = textwrap.dedent(""" @@ -167,7 +170,7 @@ class TestX509Csr(unittest.TestCase): key = utils.get_private_key_from_pem(self.key_rsa_data) self.csr.sign(key) # 10 bytes is definitely enough for non malicious case, right? - self.assertEqual(b'5I\xc2\x03\x97\xd2\xf0\xd6\x06\x8c', + self.assertEqual(b'>\xea\xa2\x05F\xc8$\x18X\x1e', self.csr._get_signature()[:10]) def test_verify(self): diff --git a/tests/test_functional.py b/tests/test_functional.py index 043d9df..cb2a094 100644 --- a/tests/test_functional.py +++ b/tests/test_functional.py @@ -146,7 +146,8 @@ class TestFunctional(tests.DefaultConfigMixin, unittest.TestCase): str(cert.get_subject())) # make sure the cert was issued by anchor - self.assertEqual("/C=UK/ST=Some-State/O=OSSG/CN=anchor.example.com", + self.assertEqual("/C=AU/ST=Some-State/O=Herp Derp plc/OU" + "=herp.derp.plc/CN=herp.derp.plc", str(cert.get_issuer())) def test_check_broken_validator(self): diff --git a/tests/validators/test_callable_validators.py b/tests/validators/test_callable_validators.py index e0c9589..18479f2 100644 --- a/tests/validators/test_callable_validators.py +++ b/tests/validators/test_callable_validators.py @@ -30,14 +30,16 @@ from anchor.X509 import signing_request as x509_csr class TestValidators(unittest.TestCase): csr_data = textwrap.dedent(u""" -----BEGIN CERTIFICATE REQUEST----- - MIIBWTCCARMCAQAwgZQxCzAJBgNVBAYTAlVLMQ8wDQYDVQQIEwZOYXJuaWExEjAQ - BgNVBAcTCUZ1bmt5dG93bjEXMBUGA1UEChMOQW5jaG9yIFRlc3RpbmcxEDAOBgNV - BAsTB3Rlc3RpbmcxFDASBgNVBAMTC2FuY2hvci50ZXN0MR8wHQYJKoZIhvcNAQkB - FhB0ZXN0QGFuY2hvci50ZXN0MEwwDQYJKoZIhvcNAQEBBQADOwAwOAIxAOpvxkCx - NNTc86GVnP4rWvaniOnHaemXbhBOoFxhMwaghiq7u5V9ZKkUZfbu+L+ZSQIDAQAB - oCkwJwYJKoZIhvcNAQkOMRowGDAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DANBgkq - hkiG9w0BAQUFAAMxALaK8/HR73ZSvHiWo7Mduin0S519aJBm+gO8d9iliUkK00gQ - VMs9DuTAxljX7t7Eug== + MIIB1TCCAT4CAQAwgZQxCzAJBgNVBAYTAlVLMQ8wDQYDVQQIDAZOYXJuaWExEjAQ + BgNVBAcMCUZ1bmt5dG93bjEXMBUGA1UECgwOQW5jaG9yIFRlc3RpbmcxEDAOBgNV + BAsMB3Rlc3RpbmcxFDASBgNVBAMMC2FuY2hvci50ZXN0MR8wHQYJKoZIhvcNAQkB + FhB0ZXN0QGFuY2hvci50ZXN0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCe + eqg1Qeccv8hqj1BP9KEJX5QsFCxR62M8plPb5t4sLo8UYfZd6kFLcOP8xzwwvx/e + FY6Sux52enQ197o8aMwyP77hMhZqtd8NCgLJMVlUbRhwLti0SkHFPic0wAg+esfX + a6yhd5TxC+bti7MgV/ljA80XQxHH8xOjdOoGN0DHfQIDAQABoAAwDQYJKoZIhvcN + AQELBQADgYEAI4eMihRKSeNLt1DLg6l+WYU4ssRTEHpxwBRo0lh5IGEBjtL+NrPY + /A9AKfbkyW7BnKd9IT5wvenZajl5UzCveTCkqVDbSEOwLpUY3GeHf0jujml8gKFb + AFrlaOkOuDai+an0EdbeLef1kYh8CWd573MPvKTwOsiaGP/EACrlIEM= -----END CERTIFICATE REQUEST-----""") def setUp(self):