def test_barbican_cert_text(self): # Certificate data self.certificate = str(sample.X509_CERT) self.intermediates = str(sample.X509_IMDS_LIST) self.private_key = str(sample.X509_CERT_KEY_ENCRYPTED) self.private_key_passphrase = str(sample.X509_CERT_KEY_PASSPHRASE) self._prepare() container = containers.CertificateContainer( api=mock.MagicMock(), certificate=self.certificate_secret, intermediates=self.intermediates_secret, private_key=self.private_key_secret, private_key_passphrase=self.private_key_passphrase_secret) # Create a cert cert = barbican_common.BarbicanCert(cert_container=container) # Validate the cert functions self.assertEqual(cert.get_certificate(), octavia_utils.b(str(sample.X509_CERT))) self.assertEqual(cert.get_intermediates(), sample.X509_IMDS_LIST) self.assertEqual(cert.get_private_key(), octavia_utils.b(str(sample.X509_CERT_KEY_ENCRYPTED))) self.assertEqual(cert.get_private_key_passphrase(), octavia_utils.b(sample.X509_CERT_KEY_PASSPHRASE))
def _query(self, query): """Send the given query to the haproxy statistics socket. :returns: the output of a successful query as a string with trailing newlines removed, or raise an Exception if the query fails. """ sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM) try: sock.connect(self.socket) except socket.error as e: raise Exception( _("HAProxy '{0}' query failed.").format(query)) from e try: sock.send(octavia_utils.b(query + '\n')) data = u'' while True: x = sock.recv(1024) if not x: break data += x.decode('ascii') if ( isinstance(x, bytes)) else x return data.rstrip() finally: sock.close()
def test_get_cert(self): # Mock out the client self.bc.containers.register_consumer.return_value = self.container # Get the container data data = self.cert_manager.get_cert( context=self.context, cert_ref=self.container_ref, resource_ref=self.container_ref, service_name='Octavia' ) # 'register_consumer' should be called once with the container_ref self.bc.containers.register_consumer.assert_called_once_with( container_ref=self.container_ref, url=self.container_ref, name='Octavia' ) # The returned data should be a Cert object with the correct values self.assertIsInstance(data, cert.Cert) self.assertEqual(data.get_private_key(), self.private_key.payload) self.assertEqual(data.get_certificate(), self.certificate.payload) self.assertEqual(data.get_intermediates(), sample.X509_IMDS_LIST) self.assertEqual(data.get_private_key_passphrase(), octavia_utils.b(self.private_key_passphrase.payload))
def get_haproxy_config(self, lb_id): """Gets the haproxy config :param listener_id: the id of the listener """ self._check_lb_exists(lb_id) with open(util.config_path(lb_id), 'r') as file: cfg = file.read() resp = webob.Response(cfg, content_type='text/plain') resp.headers['ETag'] = (hashlib.md5( octavia_utils.b(cfg)).hexdigest()) # nosec return resp
def test_query(self, mock_socket): sock = mock.MagicMock() sock.connect.side_effect = [None, socket.error] sock.recv.side_effect = ['testdata', None] mock_socket.return_value = sock self.q._query('test') sock.connect.assert_called_once_with('') sock.send.assert_called_once_with(octavia_utils.b('test\n')) sock.recv.assert_called_with(1024) self.assertTrue(sock.close.called) self.assertRaisesRegex(Exception, 'HAProxy \'test\' query failed.', self.q._query, 'test')
def get_certificate_md5(self, lb_id, filename): self._check_ssl_filename_format(filename) cert_path = self._cert_file_path(lb_id, filename) path_exists = os.path.exists(cert_path) if not path_exists: return webob.Response(json=dict( message='Certificate Not Found', details="No certificate with filename: {f}".format( f=filename)), status=404) with open(cert_path, 'r') as crt_file: cert = crt_file.read() md5 = hashlib.md5(octavia_utils.b(cert)).hexdigest() # nosec resp = webob.Response(json=dict(md5sum=md5)) resp.headers['ETag'] = md5 return resp
def test_get_cert_no_registration(self): self.bc.containers.get.return_value = self.container # Get the container data data = self.cert_manager.get_cert(context=self.context, cert_ref=self.container_ref, check_only=True) # 'get' should be called once with the container_ref self.bc.containers.get.assert_called_once_with( container_ref=self.container_ref) # The returned data should be a Cert object with the correct values self.assertIsInstance(data, cert.Cert) self.assertEqual(data.get_private_key(), self.private_key.payload) self.assertEqual(data.get_certificate(), self.certificate.payload) self.assertEqual(data.get_intermediates(), sample.X509_IMDS_LIST) self.assertEqual(data.get_private_key_passphrase(), octavia_utils.b(self.private_key_passphrase.payload))
def _split_x509s(xstr): """Split the input string into individual x509 text blocks :param xstr: A large multi x509 certificate blcok :returns: A list of strings where each string represents an X509 pem block surrounded by BEGIN CERTIFICATE, END CERTIFICATE block tags """ curr_pem_block = [] inside_x509 = False if isinstance(xstr, bytes): xstr = xstr.decode('utf-8') for line in xstr.replace("\r", "").split("\n"): if inside_x509: curr_pem_block.append(line) if line == X509_END.decode('utf-8'): yield octavia_utils.b("\n".join(curr_pem_block)) curr_pem_block = [] inside_x509 = False continue if line == X509_BEG.decode('utf-8'): curr_pem_block.append(line) inside_x509 = True