This repository has been archived by the owner on Jul 6, 2023. It is now read-only.
/
test_certificates.py
89 lines (68 loc) · 2.43 KB
/
test_certificates.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
# Copyright 2021 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import time
import typing
import uuid
from cryptography.hazmat.backends.openssl.backend import backend
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.primitives.serialization import Encoding
from cryptography.hazmat.primitives.serialization import PublicFormat
import google.auth
from create_certificate import create_certificate
from disable_certificate_authority import disable_certificate_authority
from enable_certificate_authority import enable_certificate_authority
from revoke_certificate import revoke_certificate
PROJECT = google.auth.default()[1]
LOCATION = "europe-west1"
COMMON_NAME = "COMMON_NAME"
ORGANIZATION = "ORGANIZATION"
CERTIFICATE_LIFETIME = 1000000
DOMAIN_NAME = "domain.com"
def generate_name() -> str:
return "test-" + uuid.uuid4().hex[:10]
def test_create_and_revoke_certificate_authority(
certificate_authority, capsys: typing.Any
) -> None:
CERT_NAME = generate_name()
CA_POOL_NAME, CA_NAME = certificate_authority
enable_certificate_authority(PROJECT, LOCATION, CA_POOL_NAME, CA_NAME)
private_key = rsa.generate_private_key(
public_exponent=65537, key_size=2048, backend=backend
)
public_key_bytes = private_key.public_key().public_bytes(
Encoding.PEM, PublicFormat.SubjectPublicKeyInfo
)
# Wait while crypto key is generating
time.sleep(5)
create_certificate(
PROJECT,
LOCATION,
CA_POOL_NAME,
CA_NAME,
CERT_NAME,
COMMON_NAME,
DOMAIN_NAME,
CERTIFICATE_LIFETIME,
public_key_bytes,
)
revoke_certificate(
PROJECT,
LOCATION,
CA_POOL_NAME,
CERT_NAME,
)
disable_certificate_authority(PROJECT, LOCATION, CA_POOL_NAME, CA_NAME)
out, _ = capsys.readouterr()
assert "Certificate creation result:" in out
assert "Certificate revoke result:" in out