From 127c506a14276c1a4419fdfa7cf8f95d5598b9d4 2018-11-28 09:17:50
From: Branko Majic <branko@majic.rs>
Date: 2018-11-28 09:17:50
Subject: [PATCH] GC-26: Fix wrong issuer DN in client and server certificates:

- Updated tests to generate deeper hierarchy so the issue is more
  likely to be triggered.
- Applied necessary fixes (a simple switch to using subject instead of
  issuer from the issuer certificate - which should be quite obvious).

---

diff --git a/gimmecert/crypto.py b/gimmecert/crypto.py
index 30e2720bb12c50af5a60384face0335f638447e1..b78cc505b7e1e76967965902dd2ed5c8eb3752e5 100644
--- a/gimmecert/crypto.py
+++ b/gimmecert/crypto.py
@@ -241,7 +241,7 @@ def issue_server_certificate(name, public_key, issuer_private_key, issuer_certif
     if not_after > issuer_certificate.not_valid_after:
         not_after = issuer_certificate.not_valid_after
 
-    certificate = issue_certificate(issuer_certificate.issuer, dn, issuer_private_key, public_key, not_before, not_after, extensions)
+    certificate = issue_certificate(issuer_certificate.subject, dn, issuer_private_key, public_key, not_before, not_after, extensions)
 
     return certificate
 
@@ -299,7 +299,7 @@ def issue_client_certificate(name, public_key, issuer_private_key, issuer_certif
     if not_after > issuer_certificate.not_valid_after:
         not_after = issuer_certificate.not_valid_after
 
-    certificate = issue_certificate(issuer_certificate.issuer, dn, issuer_private_key, public_key, not_before, not_after, extensions)
+    certificate = issue_certificate(issuer_certificate.subject, dn, issuer_private_key, public_key, not_before, not_after, extensions)
 
     return certificate
 
diff --git a/tests/test_crypto.py b/tests/test_crypto.py
index 65727db5b9d7be8cf4df7e393fe36392e6e2bfe5..21c82796cfc5645ff281fd53d6d998ccf505b42f 100644
--- a/tests/test_crypto.py
+++ b/tests/test_crypto.py
@@ -317,8 +317,8 @@ def test_issue_server_certificate_sets_correct_extensions():
 
 
 def test_issue_server_certificate_has_correct_issuer_and_subject():
-    ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 1)
-    issuer_private_key, issuer_certificate = ca_hierarchy[0]
+    ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 4)
+    issuer_private_key, issuer_certificate = ca_hierarchy[3]
 
     private_key = gimmecert.crypto.generate_private_key()
 
@@ -412,8 +412,8 @@ def test_issue_client_certificate_returns_certificate():
 
 
 def test_issue_client_certificate_has_correct_issuer_and_subject():
-    ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 1)
-    issuer_private_key, issuer_certificate = ca_hierarchy[0]
+    ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 4)
+    issuer_private_key, issuer_certificate = ca_hierarchy[3]
 
     private_key = gimmecert.crypto.generate_private_key()