def test_cert_info(self):
'''
Test cert info
'''
self.maxDiff = None
with patch('os.path.exists', MagicMock(return_value=True)), \
patch('salt.modules.tls.maybe_fix_ssl_version',
MagicMock(return_value=True)):
ca_path = '/tmp/test_tls'
ca_name = 'test_ca'
certp = '{0}/{1}/{2}_ca_cert.crt'.format(ca_path, ca_name, ca_name)
ret = {
'not_after':
1462379961,
'signature_algorithm':
'sha256WithRSAEncryption',
'extensions':
None,
'fingerprint':
('96:72:B3:0A:1D:34:37:05:75:57:44:7E:08:81:A7:09:'
'0C:E1:8F:5F:4D:0C:49:CE:5B:D2:6B:45:D3:4D:FF:31'),
'serial_number':
284092004844685647925744086791559203700,
'subject': {
'C': 'US',
'CN': 'localhost',
'L': 'Salt Lake City',
'O': 'SaltStack',
'ST': 'Utah',
'emailAddress': '*****@*****.**'
},
'not_before':
1430843961,
'issuer': {
'C': 'US',
'CN': 'localhost',
'L': 'Salt Lake City',
'O': 'SaltStack',
'ST': 'Utah',
'emailAddress': '*****@*****.**'
}
}
def ignore_extensions(data):
'''
Ignore extensions pending a resolution of issue 24338
'''
if 'extensions' in data.keys():
data['extensions'] = None
return data
# older pyopenssl versions don't have extensions or
# signature_algorithms
def remove_not_in_result(source, reference):
if 'signature_algorithm' not in reference:
del source['signature_algorithm']
if 'extensions' not in reference:
del source['extensions']
with patch('salt.utils.files.fopen',
mock_open(read_data=_TLS_TEST_DATA['ca_cert'])):
try:
result = ignore_extensions(tls.cert_info(certp))
except AttributeError as err:
# PyOpenSSL version 16.0.0 has an upstream bug in it where a call is made
# in OpenSSL/crypto.py in the get_signature_algorithm function referencing
# the cert_info attribute, which doesn't exist. This was fixed in subsequent
# releases of PyOpenSSL with https://github.com/pyca/pyopenssl/pull/476
if '\'_cffi_backend.CDataGCP\' object has no attribute \'cert_info\'' == six.text_type(
err):
log.exception(err)
self.skipTest(
'Encountered an upstream error with PyOpenSSL: {0}'
.format(err))
if '\'_cffi_backend.CDataGCP\' object has no attribute \'object\'' == str(
err):
log.exception(err)
self.skipTest(
'Encountered an upstream error with PyOpenSSL: {0}'
.format(err))
# python-openssl version 0.14, when installed with the "junos-eznc" pip
# package, causes an error on this test. Newer versions of PyOpenSSL do not have
# this issue. If 0.14 is installed and we hit this error, skip the test.
if LooseVersion(
OpenSSL.__version__) == LooseVersion('0.14'):
log.exception(err)
self.skipTest(
'Encountered a package conflict. OpenSSL version 0.14 cannot be used with '
'the "junos-eznc" pip package on this test. Skipping.'
)
result = {}
remove_not_in_result(ret, result)
self.assertEqual(result, ret)
def test_cert_info(self):
"""
Test cert info
"""
self.maxDiff = None
with patch("os.path.exists", MagicMock(return_value=True)), patch(
"salt.modules.tls.maybe_fix_ssl_version",
MagicMock(return_value=True)):
ca_path = "/tmp/test_tls"
ca_name = "test_ca"
certp = "{0}/{1}/{1}_ca_cert.crt".format(ca_path, ca_name)
ret = {
"not_after":
1462379961,
"signature_algorithm":
"sha256WithRSAEncryption",
"extensions":
None,
"fingerprint":
("96:72:B3:0A:1D:34:37:05:75:57:44:7E:08:81:A7:09:"
"0C:E1:8F:5F:4D:0C:49:CE:5B:D2:6B:45:D3:4D:FF:31"),
"serial_number":
284092004844685647925744086791559203700,
"subject": {
"C": "US",
"CN": "localhost",
"L": "Salt Lake City",
"O": "SaltStack",
"ST": "Utah",
"emailAddress": "*****@*****.**",
},
"not_before":
1430843961,
"issuer": {
"C": "US",
"CN": "localhost",
"L": "Salt Lake City",
"O": "SaltStack",
"ST": "Utah",
"emailAddress": "*****@*****.**",
},
}
def ignore_extensions(data):
"""
Ignore extensions pending a resolution of issue 24338
"""
if "extensions" in data.keys():
data["extensions"] = None
return data
# older pyopenssl versions don't have extensions or
# signature_algorithms
def remove_not_in_result(source, reference):
if "signature_algorithm" not in reference:
del source["signature_algorithm"]
if "extensions" not in reference:
del source["extensions"]
with patch("salt.utils.files.fopen",
mock_open(read_data=_TLS_TEST_DATA["ca_cert"])):
try:
result = ignore_extensions(tls.cert_info(certp))
except AttributeError as err:
# PyOpenSSL version 16.0.0 has an upstream bug in it where a call is made
# in OpenSSL/crypto.py in the get_signature_algorithm function referencing
# the cert_info attribute, which doesn't exist. This was fixed in subsequent
# releases of PyOpenSSL with https://github.com/pyca/pyopenssl/pull/476
if ("'_cffi_backend.CDataGCP' object has no attribute 'cert_info'"
== six.text_type(err)):
log.exception(err)
self.skipTest(
"Encountered an upstream error with PyOpenSSL: {0}"
.format(err))
if ("'_cffi_backend.CDataGCP' object has no attribute 'object'"
== str(err)):
log.exception(err)
self.skipTest(
"Encountered an upstream error with PyOpenSSL: {0}"
.format(err))
# python-openssl version 0.14, when installed with the "junos-eznc" pip
# package, causes an error on this test. Newer versions of PyOpenSSL do not have
# this issue. If 0.14 is installed and we hit this error, skip the test.
if LooseVersion(
OpenSSL.__version__) == LooseVersion("0.14"):
log.exception(err)
self.skipTest(
"Encountered a package conflict. OpenSSL version 0.14 cannot be used with "
'the "junos-eznc" pip package on this test. Skipping.'
)
result = {}
remove_not_in_result(ret, result)
self.assertEqual(result, ret)