Source code for pki.tests.test_models.test_certificate_values
"""Tests that verify the correctness of certificate property values."""# ruff: noqa: F401 # keep the unused imports for future test use# ruff: noqa: F811 # ruff does not like pytest fixtures as argumentsfromdatetimeimportUTC,datetimeimportpytestfromcryptography.hazmat.primitivesimporthashes,serializationfromcryptography.x509importCertificatefrompki.models.certificateimportCertificateModel# Project importsfrompki.testsimport(COMMON_NAME,COUNTRY_NAME,DNS_NAME_VALUE,IP_ADDRESS_VALUE,KEY_USAGE_FLAGS,ORGANIZATION_NAME,OTHER_NAME_CONTENT,OTHER_NAME_OID,REGISTERED_ID_OID,RFC822_EMAIL,URI_VALUE,)frompki.tests.fixturesimportself_signed_cert_basic
[docs]deftest_certificate_status(self_signed_cert_basic:CertificateTuple)->None:"""Test if the certificate status is correctly set to OK."""cert_model,_=self_signed_cert_basicassertcert_model.certificate_status==cert_model.CertificateStatus.OK
@pytest.mark.django_db
[docs]deftest_is_self_signed(self_signed_cert_basic:CertificateTuple)->None:"""Test if the certificate is correctly identified as self-signed."""cert_model,_=self_signed_cert_basicassertcert_model.is_self_signedisTrue
@pytest.mark.django_db
[docs]deftest_common_name(self_signed_cert_basic:CertificateTuple)->None:"""Test if the common name is correctly saved in the certificate model."""cert_model,_=self_signed_cert_basicassertcert_model.common_name==COMMON_NAME
@pytest.mark.django_db
[docs]deftest_fingerprint(self_signed_cert_basic:CertificateTuple)->None:"""Test if the SHA256 fingerprint is correctly saved."""cert_model,cert=self_signed_cert_basiccert_fingerprint=cert.fingerprint(hashes.SHA256()).hex().upper()assertcert_model.sha256_fingerprint==cert_fingerprint
@pytest.mark.django_db
[docs]deftest_signature_algorithm_oid(self_signed_cert_basic:CertificateTuple)->None:"""Test if the signature algorithm OID is correctly stored."""cert_model,cert=self_signed_cert_basicassertcert.signature_algorithm_oid.dotted_string==cert_model.signature_algorithm_oid
@pytest.mark.django_db
[docs]deftest_signature_value(self_signed_cert_basic:CertificateTuple)->None:"""Test if the certificate signature value is correctly saved."""cert_model,cert=self_signed_cert_basicassertcert.signature.hex().upper()==cert_model.signature_value
@pytest.mark.django_db
[docs]deftest_certificate_version(self_signed_cert_basic:CertificateTuple)->None:"""Test if the certificate version is correctly stored."""cert_model,cert=self_signed_cert_basicassertcert_model.version==cert.version.value
@pytest.mark.django_db
[docs]deftest_serial_number(self_signed_cert_basic:CertificateTuple)->None:"""Test if the serial number is correctly saved."""cert_model,cert=self_signed_cert_basicexpected_serial=hex(cert.serial_number)[2:].upper()assertcert_model.serial_number==expected_serial
@pytest.mark.django_db
[docs]deftest_issuer_attributes(self_signed_cert_basic:CertificateTuple)->None:"""Test if test_issuer attributes are correctly stored."""cert_model:CertificateModelcert_model,cert=self_signed_cert_basicissuer=[]forrdnincert.issuer.rdns:issuer.extend((attr.oid.dotted_string,attr.value)forattrinrdn)assertlen(issuer)==len(cert_model.issuer.all())
@pytest.mark.django_db
[docs]deftest_issuer_public_bytes(self_signed_cert_basic:CertificateTuple)->None:"""Test if the test_issuer public bytes are correctly saved."""cert_model,cert=self_signed_cert_basicassertcert.issuer.public_bytes().hex().upper()==cert_model.issuer_public_bytes
@pytest.mark.django_db
[docs]deftest_validity_period(self_signed_cert_basic:CertificateTuple)->None:"""Test if the validity period is correctly stored."""cert_model,cert=self_signed_cert_basicassertcert.not_valid_before_utc==cert_model.not_valid_beforeassertcert.not_valid_after_utc==cert_model.not_valid_after
@pytest.mark.django_db
[docs]deftest_subject_attributes(self_signed_cert_basic:CertificateTuple)->None:"""Test if subject attributes are correctly stored."""cert_model,cert=self_signed_cert_basicsubject=[]forrdnincert.subject.rdns:subject.extend((attr.oid.dotted_string,attr.value)forattrinrdn)assertlen(subject)==len(cert_model.subject.all())
@pytest.mark.django_db
[docs]deftest_certificate_pem(self_signed_cert_basic:CertificateTuple)->None:"""Test if the PEM-encoded certificate is correctly saved."""cert_model,cert=self_signed_cert_basicassertcert.public_bytes(encoding=serialization.Encoding.PEM).decode()==cert_model.cert_pem
@pytest.mark.django_db
[docs]deftest_public_key_pem(self_signed_cert_basic:CertificateTuple)->None:"""Test if the PEM-encoded public key is correctly saved."""cert_model,cert=self_signed_cert_basicassert(cert.public_key().public_bytes(encoding=serialization.Encoding.PEM,format=serialization.PublicFormat.SubjectPublicKeyInfo).decode()==cert_model.public_key_pem)
@pytest.mark.django_db
[docs]deftest_subject_public_bytes(self_signed_cert_basic:CertificateTuple)->None:"""Test if the subject public bytes are correctly saved."""cert_model,cert=self_signed_cert_basicassertcert.subject.public_bytes().hex().upper()==cert_model.subject_public_bytes
[docs]deftest_created_at_timestamp(self_signed_cert_basic:CertificateTuple)->None:"""Test if the creation timestamp is set correctly."""cert_model,_=self_signed_cert_basicnow=datetime.now(UTC)assert(now-cert_model.created_at).total_seconds()<ONE_MINUTE
@pytest.mark.django_db
[docs]deftest_ca_attributes(self_signed_cert_basic:CertificateTuple)->None:"""Test if CA-related attributes are correctly stored."""cert_model,_=self_signed_cert_basicassertcert_model.is_caisTrueassertcert_model.is_root_caisTrueassertcert_model.is_end_entityisFalse