diff options
Diffstat (limited to 'keystone/tests/unit/core.py')
-rw-r--r-- | keystone/tests/unit/core.py | 75 |
1 files changed, 75 insertions, 0 deletions
diff --git a/keystone/tests/unit/core.py b/keystone/tests/unit/core.py index 2a6c12038..6e0cad62e 100644 --- a/keystone/tests/unit/core.py +++ b/keystone/tests/unit/core.py @@ -28,6 +28,10 @@ import socket import sys import uuid +from cryptography.hazmat.primitives.asymmetric import rsa +from cryptography.hazmat.primitives import hashes +from cryptography.hazmat.primitives.serialization import Encoding +from cryptography import x509 import fixtures import flask from flask import testing as flask_testing @@ -433,6 +437,77 @@ def new_totp_credential(user_id, project_id=None, blob=None): return credential +def create_dn( + common_name=None, + locality_name=None, + state_or_province_name=None, + organization_name=None, + organizational_unit_name=None, + country_name=None, + street_address=None, + domain_component=None, + user_id=None, + email_address=None, +): + oid = x509.NameOID + attr = x509.NameAttribute + dn = [] + if common_name: + dn.append(attr(oid.COMMON_NAME, common_name)) + if locality_name: + dn.append(attr(oid.LOCALITY_NAME, locality_name)) + if state_or_province_name: + dn.append(attr(oid.STATE_OR_PROVINCE_NAME, state_or_province_name)) + if organization_name: + dn.append(attr(oid.ORGANIZATION_NAME, organization_name)) + if organizational_unit_name: + dn.append(attr(oid.ORGANIZATIONAL_UNIT_NAME, organizational_unit_name)) + if country_name: + dn.append(attr(oid.COUNTRY_NAME, country_name)) + if street_address: + dn.append(attr(oid.STREET_ADDRESS, street_address)) + if domain_component: + dn.append(attr(oid.DOMAIN_COMPONENT, domain_component)) + if user_id: + dn.append(attr(oid.USER_ID, user_id)) + if email_address: + dn.append(attr(oid.EMAIL_ADDRESS, email_address)) + return x509.Name(dn) + + +def update_dn(dn1, dn2): + dn1_attrs = {attr.oid: attr for attr in dn1} + dn2_attrs = {attr.oid: attr for attr in dn2} + dn1_attrs.update(dn2_attrs) + return x509.Name([attr for attr in dn1_attrs.values()]) + + +def create_certificate(subject_dn, ca=None, ca_key=None): + private_key = rsa.generate_private_key( + public_exponent=65537, + key_size=2048, + ) + issuer = ca.subject if ca else subject_dn + if not ca_key: + ca_key = private_key + today = datetime.datetime.today() + cert = x509.CertificateBuilder( + issuer_name=issuer, + subject_name=subject_dn, + public_key=private_key.public_key(), + serial_number=x509.random_serial_number(), + not_valid_before=today, + not_valid_after=today + datetime.timedelta(365, 0, 0), + ).sign(ca_key, hashes.SHA256()) + + return cert, private_key + + +def create_pem_certificate(subject_dn, ca=None, ca_key=None): + cert, _ = create_certificate(subject_dn, ca=ca, ca_key=ca_key) + return cert.public_bytes(Encoding.PEM).decode('ascii') + + def new_application_credential_ref(roles=None, name=None, expires=None, |