X-Git-Url: http://git.ganeti.org/?p=ganeti-github.git;a=blobdiff_plain;f=test%2Fpy%2Fganeti.utils.x509_unittest.py;h=01ad894185fd964e3862776573fa8f98b48a5ebe;hp=99ecd762f7602a449d07b488a431f9c0ad8cc058;hb=c204e38d4336df4efffcd3b7eeecb6b21ee1215a;hpb=5386d251db79e34f26beaca5d410a6dec6010be1

diff --git a/test/py/ganeti.utils.x509_unittest.py b/test/py/ganeti.utils.x509_unittest.py
index 99ecd76..01ad894 100755
--- a/test/py/ganeti.utils.x509_unittest.py
+++ b/test/py/ganeti.utils.x509_unittest.py
@@ -245,7 +245,7 @@ class TestVerifyCertificateInner(unittest.TestCase):
     self.assertEqual(errcode, utils.CERT_ERROR)
 
 
-class TestGenerateSelfSignedX509Cert(unittest.TestCase):
+class TestGenerateX509Certs(unittest.TestCase):
   def setUp(self):
     self.tmpdir = tempfile.mkdtemp()
 
@@ -294,6 +294,40 @@ class TestGenerateSelfSignedX509Cert(unittest.TestCase):
     self.assert_(self._checkRsaPrivateKey(cert1))
     self.assert_(self._checkCertificate(cert1))
 
+  def _checkKeyMatchesCert(self, key, cert):
+    ctx = OpenSSL.SSL.Context(OpenSSL.SSL.TLSv1_METHOD)
+    ctx.use_privatekey(key)
+    ctx.use_certificate(cert)
+    try:
+      ctx.check_privatekey()
+    except OpenSSL.SSL.Error:
+      return False
+    else:
+      return True
+
+  def testSignedSslCertificate(self):
+    server_cert_filename = os.path.join(self.tmpdir, "server.pem")
+    utils.GenerateSelfSignedSslCert(server_cert_filename, 123456)
+
+    client_hostname = "myhost.example.com"
+    client_cert_filename = os.path.join(self.tmpdir, "client.pem")
+    utils.GenerateSignedSslCert(client_cert_filename, 666,
+        server_cert_filename, common_name=client_hostname)
+
+    client_cert_pem = utils.ReadFile(client_cert_filename)
+
+    self._checkRsaPrivateKey(client_cert_pem)
+    self._checkCertificate(client_cert_pem)
+
+    priv_key = OpenSSL.crypto.load_privatekey(OpenSSL.crypto.FILETYPE_PEM,
+                                              client_cert_pem)
+    client_cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM,
+                                           client_cert_pem)
+
+    self.assertTrue(self._checkKeyMatchesCert(priv_key, client_cert))
+    self.assertEqual(client_cert.get_issuer().CN, "ganeti.example.com")
+    self.assertEqual(client_cert.get_subject().CN, client_hostname)
+
 
 class TestCheckNodeCertificate(testutils.GanetiTestCase):
   def setUp(self):