def test_ca_key_read_failure(self):
"""Test CA key read failure."""
csr_obj = certificate_ops.parse_csr(self.csr_sample, 'pem')
config = "anchor.jsonloader.conf._config"
self.sample_conf_ca['default_ca']['cert_path'] = 'tests/CA/root-ca.crt'
self.sample_conf_ca['default_ca']['key_path'] = '/xxx/not/a/valid/path'
data = self.sample_conf
with mock.patch.dict(config, data):
with self.assertRaises(http_status.HTTPException) as cm:
certificate_ops.dispatch_sign('default_ra', csr_obj)
self.assertEqual(cm.exception.code, 500)
def test_ca_key_read_failure(self):
"""Test CA key read failure."""
csr_obj = certificate_ops.parse_csr(self.csr_sample, 'pem')
config = "anchor.jsonloader.conf._config"
self.sample_conf_ca['default_ca']['cert_path'] = 'tests/CA/root-ca.crt'
self.sample_conf_ca['default_ca']['key_path'] = '/xxx/not/a/valid/path'
data = self.sample_conf
with mock.patch.dict(config, data):
with self.assertRaises(http_status.HTTPException) as cm:
certificate_ops.dispatch_sign('default_ra', csr_obj)
self.assertEqual(cm.exception.code, 500)
def post(self):
ra_name = self.ra_name
logger.debug("processing signing request in registration authority %s",
ra_name)
try:
auth_result = auth.validate(ra_name,
pecan.request.POST.get('user'),
pecan.request.POST.get('secret'))
audit.emit_auth_event(ra_name, pecan.request.POST.get('user'),
auth_result)
except http_status.HTTPUnauthorized:
audit.emit_auth_event(ra_name, pecan.request.POST.get('user'),
None)
raise
try:
csr = certificate_ops.parse_csr(pecan.request.POST.get('csr'),
pecan.request.POST.get('encoding'))
certificate_ops.validate_csr(ra_name, auth_result, csr,
pecan.request)
csr = certificate_ops.fixup_csr(ra_name, csr, pecan.request)
cert, fingerprint = certificate_ops.dispatch_sign(ra_name, csr)
audit.emit_signing_event(ra_name,
pecan.request.POST.get('user'),
auth_result,
fingerprint=fingerprint)
except Exception:
audit.emit_signing_event(ra_name, pecan.request.POST.get('user'),
auth_result)
raise
return cert
def post(self):
ra_name = self.ra_name
logger.debug("processing signing request in registration authority %s",
ra_name)
try:
auth_result = auth.validate(ra_name,
pecan.request.POST.get('user'),
pecan.request.POST.get('secret'))
audit.emit_auth_event(ra_name, pecan.request.POST.get('user'),
auth_result)
except http_status.HTTPUnauthorized:
audit.emit_auth_event(ra_name, pecan.request.POST.get('user'),
None)
raise
try:
csr = certificate_ops.parse_csr(pecan.request.POST.get('csr'),
pecan.request.POST.get('encoding'))
certificate_ops.validate_csr(ra_name, auth_result, csr,
pecan.request)
csr = certificate_ops.fixup_csr(ra_name, csr, pecan.request)
cert, fingerprint = certificate_ops.dispatch_sign(ra_name, csr)
audit.emit_signing_event(ra_name, pecan.request.POST.get('user'),
auth_result, fingerprint=fingerprint)
except Exception:
audit.emit_signing_event(ra_name, pecan.request.POST.get('user'),
auth_result)
raise
return cert
def post(self):
ra_name = self.ra_name
logger.debug("processing signing request in registration authority %s",
ra_name)
auth_result = auth.validate(ra_name, pecan.request.POST.get('user'),
pecan.request.POST.get('secret'))
csr = certificate_ops.parse_csr(pecan.request.POST.get('csr'),
pecan.request.POST.get('encoding'))
certificate_ops.validate_csr(ra_name, auth_result, csr, pecan.request)
return certificate_ops.dispatch_sign(ra_name, csr)
def post(self):
ra_name = self.ra_name
logger.debug("processing signing request in registration authority %s",
ra_name)
auth_result = auth.validate(ra_name,
pecan.request.POST.get('user'),
pecan.request.POST.get('secret'))
csr = certificate_ops.parse_csr(pecan.request.POST.get('csr'),
pecan.request.POST.get('encoding'))
certificate_ops.validate_csr(ra_name, auth_result, csr, pecan.request)
return certificate_ops.dispatch_sign(ra_name, csr)
def issue(reqid):
dbdata = util.load_db(jsonloader.conf.ra_options["certdb_file"])
try:
if dbdata[reqid].getStatus() == "Pending":
dbdata[reqid].Issued = True
elif dbdata[reqid].getStatus() == "Issued":
return "Cannot issue, certificate already Issued"
elif dbdata[reqid].getStatus() == "Denied":
return "Cannot issue certificate already Denied"
elif dbdata[reqid].getStatus() == "Revoked":
return "Cannot issue certificate already Revoked"
except Exception:
return "Cannot find reqid %d in cert DB" % reqid
dbdata[reqid].cert = certificate_ops.dispatch_sign(jsonloader.conf.ra_options["ra_name"],
dbdata[reqid].get_X509csr())[0].replace("\n", ""),
util.write_db(dbdata, jsonloader.conf.ra_options["certdb_file"])
return dbdata[reqid].toInfoString()