Beispiel #1
0
    def test_create_cert_files(self, mock_remove, mock_isfile, mock_thing):
        """
        create_cert_files() should create the files.
        """
        mock_thing.device_id = 'thind-dev-id'
        mock_thing.thing_certificate = 'thing-certificate'
        mock_thing.private_key = 'private-key'
        directory = 'dir-to-create-certs/'
        thing_path = directory + mock_thing.device_id

        mock_isfile.return_value = False

        with patch('src.ejbca.cert_utils.open',
                   mock_open()) as mock_builtin_open:
            CertUtils.create_cert_files(mock_thing, directory)

            self.assertTrue(mock_isfile.call_count == 2)
            self.assertTrue(mock_remove.call_count == 0)

            calls = [
                call(thing_path + '.key', "w"),
                call(thing_path + '.crt', "w"),
                call().write(mock_thing.thing_certificate),
                call().write(mock_thing.private_key)
            ]
            mock_builtin_open.assert_has_calls(calls, any_order=True)

            mock_builtin_open.reset_mock()

        mock_remove.reset_mock()
        mock_isfile.reset_mock()
        mock_thing.reset_mock()
Beispiel #2
0
    def revoke_cert_and_emit_event(self) -> bool:
        """
        Revoke a certificate and emit an event whether it succeeded or not.

        Return: True if succeeded, False otherwise.
        """
        try:
            if CertUtils.has_been_revoked(self.new_cert):
                self.logger.debug("Already revoked, skipping step...")
            else:
                CertUtils.revoke_cert(self.new_cert)
                Utils.fire_locust_success(request_type=REQUEST_TYPE,
                                          name=MESSAGE_TYPE_REVOKE,
                                          response_time=0,
                                          response_length=0)
                self.is_revoked = True

            return True

        except Exception as exception:
            self.logger.error(
                "An error occurred while trying to revoke the certificate")
            self.logger.error(str(exception))

        Utils.fire_locust_failure(
            request_type=REQUEST_TYPE,
            name=MESSAGE_TYPE_REVOKE,
            response_time=0,
            response_length=0,
            exception=CertRevogationError("certificate not revoked"))
        return False
Beispiel #3
0
    def renew_cert_and_emit_event(self) -> bool:
        """
        Renew a certificate and emit an event whether it succeeded or not.

        Return: True if succeeded, False otherwise.
        """
        try:
            # First we need to revoke the certificate
            if not self.revoke_cert_and_emit_event():
                raise CertRevogationError()

            self.new_cert.renew_cert()
            CertUtils.create_cert_files(self.new_cert, self.device_cert_dir)

        except Exception as exception:
            Utils.fire_locust_failure(
                request_type=REQUEST_TYPE,
                name=MESSAGE_TYPE_RENEW,
                response_time=0,
                response_length=0,
                exception=CertRenovationError("failed to renew"))
            self.logger.error(
                "An error occurred while trying to renew the certificate")
            self.logger.error(str(exception))
            return False

        else:
            Utils.fire_locust_success(request_type=REQUEST_TYPE,
                                      name=MESSAGE_TYPE_RENEW,
                                      response_time=0,
                                      response_length=0)
            self.is_renewed = True
            return True
Beispiel #4
0
    def configure_mqtt(self) -> None:
        """
        Configures the MQTT connection.
        """
        # Certification files
        cert_dir = CONFIG["security"]["cert_dir"]
        ca_cert_file = cert_dir + CONFIG["security"]["ca_cert_file"]
        cert_file = self.device_cert_dir + CertUtils.get_certificate_file(
            self.device_id)
        key_file = self.device_cert_dir + CertUtils.get_private_key_file(
            self.device_id)

        # Configuring MQTT client
        self.mqttc = mqtt.Client(client_id=self.device_id)

        # Sets exponential reconnect delay
        self.mqttc.reconnect_delay_set(
            min_delay=CONFIG["security"]["min_time_reconn"],
            max_delay=CONFIG["security"]["max_time_reconn"])

        # Setting up TLS
        self.mqttc.tls_set(ca_cert_file, cert_file, key_file)
        self.mqttc.tls_insecure_set(True)

        # Registering MQTT client callbacks
        self.mqttc.on_connect = self.locust_on_connect
        self.mqttc.on_disconnect = self.locust_on_disconnect
        self.mqttc.on_publish = self.locust_on_publish
        self.mqttc.on_subscribe = self.locust_on_subscribe
        self.mqttc.on_message = self.locust_on_message
Beispiel #5
0
    def test_revoke_cert(mock_thing, mock_request):
        """
        Test certificate revoke cert
        """
        mock_thing.cert.return_value = MagicMock()
        mock_thing.cert().revoke_cert.return_value = MagicMock()
        CertUtils.revoke_cert(mock_thing)
        mock_thing.cert.revoke_cert.assert_called_once()

        mock_thing.reset_mock()
        mock_request.reset_mock()
Beispiel #6
0
    def test_create_cert_files_exception(self, mock_thing):
        """
        Should not build a correct filename for the certificate.
        """
        mock_thing.device_id = 'thind-dev-id'
        mock_thing.thing_certificate = 'thing-certificate'
        mock_thing.private_key = 'private-key'
        directory = 'dir-to-create-certs/'
        with patch('src.ejbca.cert_utils.open',
                   mock_open()) as mock_builtin_open:
            mock_builtin_open.side_effect = Exception()

            with self.assertRaises(Exception):
                CertUtils.create_cert_files(mock_thing, directory)
Beispiel #7
0
 def test_get_certificate_file(self, mock_utils):
     """
     Should build a correct filename for the certificate.
     """
     mock_utils.validate_device_id.return_value = MagicMock()
     device_id = "dev-id"
     filename = device_id + ".crt"
     self.assertEqual(CertUtils.get_certificate_file(device_id), filename)
     mock_utils.reset_mock()
Beispiel #8
0
 def test_new_cert(self, mock_utils, mock_thing):
     """
     Test certificate new cert creation
     """
     tenant = 'tenant'
     dev_id = 'dev-id'
     created_thing = CertUtils.new_cert(tenant, dev_id)
     self.assertIsNotNone(created_thing)
     mock_utils.validate_tenant.assert_called()
     mock_utils.validate_device_id.assert_called()
     mock_thing.assert_called_with(tenant, dev_id)
     mock_thing.reset_mock()
Beispiel #9
0
    def test_has_been_revoked_true(self, mock_thing, mock_request):
        """
        has_been_revoked() should return True
        """
        mock_thing.cert.return_value = MagicMock()
        mock_thing.cert().revoke_cert.return_value = MagicMock()

        url = MOCK_CONFIG["dojot"]["url"]+ "x509/v1/certificates/" + \
                        mock_thing.cert.crt['fingerprint']

        mock_request.get.return_value = MagicMock()
        mock_request.get().status_code = 404

        result = CertUtils.has_been_revoked(mock_thing)

        mock_request.get.assert_called_with(url=url, headers=ANY)
        self.assertTrue(result)
Beispiel #10
0
    def create_certificate(self) -> None:
        """
        Create the certificate for renovation/revocation.
        """
        if self.should_revoke:
            self.device_cert_dir = self.device_cert_dir + CONFIG["security"][
                "revoke_cert_dir"]
            self.new_cert = CertUtils.new_cert(self.tenant, self.device_id)
            CertUtils.create_cert_files(self.new_cert, self.device_cert_dir)

        elif self.should_renew:
            self.device_cert_dir = self.device_cert_dir + CONFIG["security"][
                "renew_cert_dir"]
            self.new_cert = CertUtils.new_cert(self.tenant, self.device_id)
            CertUtils.create_cert_files(self.new_cert, self.device_cert_dir)