|
2 | 2 |
|
3 | 3 | import pytest
|
4 | 4 | from lxml import etree
|
| 5 | +from simple_certmanager.models import Certificate |
5 | 6 |
|
6 |
| -from digid_eherkenning.choices import AssuranceLevels |
7 |
| -from digid_eherkenning.models import EherkenningConfiguration |
| 7 | +from digid_eherkenning.choices import AssuranceLevels, ConfigTypes |
| 8 | +from digid_eherkenning.models import ConfigCertificate, EherkenningConfiguration |
8 | 9 | from digid_eherkenning.saml2.eherkenning import (
|
9 | 10 | create_service_catalogus,
|
10 | 11 | generate_dienst_catalogus_metadata,
|
@@ -289,6 +290,49 @@ def test_makelaar_oin_is_configurable(eherkenning_config_defaults, temp_private_
|
289 | 290 | assert node.text == "00000000000000000123"
|
290 | 291 |
|
291 | 292 |
|
| 293 | +@pytest.mark.django_db |
| 294 | +def test_current_and_next_certificate_available( |
| 295 | + temp_private_root, |
| 296 | + eherkenning_config: EherkenningConfiguration, |
| 297 | + eherkenning_certificate: Certificate, |
| 298 | + next_certificate: Certificate, |
| 299 | +): |
| 300 | + ConfigCertificate.objects.create( |
| 301 | + config_type=ConfigTypes.eherkenning, |
| 302 | + certificate=next_certificate, |
| 303 | + ) |
| 304 | + assert ConfigCertificate.objects.count() == 2 # expect current and next |
| 305 | + |
| 306 | + catalogus = create_service_catalogus(eherkenning_config.as_dict(), validate=False) |
| 307 | + |
| 308 | + catalogus_node = etree.XML(catalogus) |
| 309 | + key_descriptor_nodes = catalogus_node.findall( |
| 310 | + ".//esc:ServiceCertificate/md:KeyDescriptor", namespaces=NAMESPACES |
| 311 | + ) |
| 312 | + assert len(key_descriptor_nodes) == 2 # one for EH, one for eIDAS |
| 313 | + |
| 314 | + with next_certificate.public_certificate.open("r") as _next: |
| 315 | + next_base64 = _next.read().replace("\n", "") |
| 316 | + |
| 317 | + key1_node, key2_node = key_descriptor_nodes |
| 318 | + |
| 319 | + # certificate nodes include only the base64 encoded PEM data, without header/footer |
| 320 | + cert1_node = key1_node.find( |
| 321 | + "ds:KeyInfo/ds:X509Data/ds:X509Certificate", namespaces=NAMESPACES |
| 322 | + ) |
| 323 | + assert cert1_node is not None |
| 324 | + assert cert1_node.text is not None |
| 325 | + assert (cert_data_1 := cert1_node.text.strip()) in next_base64 |
| 326 | + |
| 327 | + # different services is expected to use the same (next) certificate |
| 328 | + cert2_node = key2_node.find( |
| 329 | + "ds:KeyInfo/ds:X509Data/ds:X509Certificate", namespaces=NAMESPACES |
| 330 | + ) |
| 331 | + assert cert2_node is not None |
| 332 | + assert cert2_node.text is not None |
| 333 | + assert cert2_node.text.strip() == cert_data_1 |
| 334 | + |
| 335 | + |
292 | 336 | @pytest.mark.usefixtures("eherkenning_config_defaults", "temp_private_root")
|
293 | 337 | class DienstCatalogusMetadataTests(EherkenningMetadataMixin, TestCase):
|
294 | 338 | def test_generate_metadata_all_options_specified(self):
|
|
0 commit comments