def _load_or_create_vpn_keys():
fixture_dir = os.path.dirname(os.path.abspath(__file__))
keys_file = os.path.join(fixture_dir, 'testdata-vpn-keys.txt')
if not os.path.exists(keys_file):
keys = [_generate_private_key() for _ in range(16)]
_dump_vpn_keys(keys, keys_file)
return _load_vpn_keys(keys_file)
def test_loading_ca_key(self):
ca_key = _generate_private_key()
with patch('scionlab.openvpn_config._generate_private_key',
return_value=ca_key):
call_command('initialize_root_ca')
stored_ca_key = load_ca_key()
self.assertEqual(
ca_key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.TraditionalOpenSSL,
encryption_algorithm=serialization.NoEncryption()).decode(),
stored_ca_key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.TraditionalOpenSSL,
encryption_algorithm=serialization.NoEncryption()).decode())
# replace with wrong key type
wrong_key = dsa.generate_private_key(key_size=3072, )
pathlib.Path(TEST_CA_KEY_PATH).write_bytes(
wrong_key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.TraditionalOpenSSL,
encryption_algorithm=serialization.BestAvailableEncryption(
settings.VPN_CA_KEY_PASSWORD.encode('utf-8'))))
# detect wrong key type
with self.assertRaises(TypeError):
load_ca_key()
def test_loading_ca_cert(self):
ca_key = _generate_private_key()
ca_cert = _generate_root_ca_cert(ca_key)
with patch('scionlab.openvpn_config._generate_root_ca_cert', return_value=ca_cert):
call_command('initialize_root_ca')
stored_ca_cert = load_ca_cert()
self.assertEqual(ca_cert.public_bytes(serialization.Encoding.PEM).decode(),
stored_ca_cert.public_bytes(serialization.Encoding.PEM).decode())
