def _do_create_cas(self, set_project_cas): for ca_id in moves.range(self.num_cas): parsed_ca = { 'plugin_name': self.plugin_name, 'plugin_ca_id': self.plugin_ca_id + str(ca_id), 'name': self.plugin_name, 'description': 'Master CA for default plugin', 'ca_signing_certificate': 'ZZZZZ' + str(ca_id), 'intermediates': 'YYYYY' + str(ca_id) } ca = models.CertificateAuthority(parsed_ca) ca_repo.create_from(ca) ca_repo.save(ca) if ca_id == 1: # set global preferred ca pref_ca = models.PreferredCertificateAuthority( self.global_project.id, ca.id) preferred_ca_repo.create_from(pref_ca) preferred_ca_repo.save(pref_ca) self.global_preferred_ca = ca if ca_id == 2 and set_project_cas: # set project CA project_ca = models.ProjectCertificateAuthority( self.project.id, ca.id) project_ca_repo.create_from(project_ca) project_ca_repo.save(project_ca) self.project_ca_ids.append(ca.id) if ca_id == 3 and set_project_cas: # set project preferred CA project_ca = models.ProjectCertificateAuthority( self.project.id, ca.id) project_ca_repo.create_from(project_ca) project_ca_repo.save(project_ca) self.project_ca_ids.append(ca.id) pref_ca = models.PreferredCertificateAuthority( self.project.id, ca.id) preferred_ca_repo.create_from(pref_ca) preferred_ca_repo.save(pref_ca) self.preferred_ca = ca if ca_id == 4: # set ca for testing GETs for a single CA self.selected_ca_id = ca.id self.selected_plugin_ca_id = self.plugin_ca_id + str(ca_id) self.selected_signing_cert = 'ZZZZZ' + str(ca_id) self.selected_intermediates = 'YYYYY' + str(ca_id)
def add_to_project(self, external_project_id): if pecan.request.method != 'POST': pecan.abort(405) LOG.debug("== Saving CA %s to external_project_id %s", self.ca.id, external_project_id) project_model = res.get_or_create_project(external_project_id) # CA must be a base CA or a subCA owned by this project if (self.ca.project_id is not None and self.ca.project_id != project_model.id): raise excep.UnauthorizedSubCA() project_cas = project_model.cas num_cas = len(project_cas) for project_ca in project_cas: if project_ca.ca_id == self.ca.id: # project already added return project_ca = models.ProjectCertificateAuthority( project_model.id, self.ca.id) self.project_ca_repo.create_from(project_ca) if num_cas == 0: # set first project CA to be the preferred one preferred_ca = models.PreferredCertificateAuthority( project_model.id, self.ca.id) self.preferred_ca_repo.create_from(preferred_ca)
def set_preferred(self, external_project_id): if pecan.request.method != 'POST': pecan.abort(405) LOG.debug("== Setting preferred CA %s for project %s", self.ca.id, external_project_id) project_model = res.get_or_create_project(external_project_id) (project_ca, __offset, __limit, __total) = (self.project_ca_repo.get_by_create_date( project_id=project_model.id, ca_id=self.ca.id, suppress_exception=True)) if not project_ca: _requested_preferred_ca_not_a_project_ca() preferred_ca = self.preferred_ca_repo.get_project_entities( project_model.id) if preferred_ca is not None: self.preferred_ca_repo.update_preferred_ca(project_model.id, self.ca) else: preferred_ca = models.PreferredCertificateAuthority( project_model.id, self.ca.id) self.preferred_ca_repo.create_from(preferred_ca)
def test_should_raise_when_delete_pref_subca_with_other_project_ca(self): subca = cert_res.create_subordinate_ca( project_model=self.project, name=self.name, description=self.description, subject_dn=self.subject_name, parent_ca_ref=self.parent_ca_ref, creator_id=self.creator_id) project_ca = models.ProjectCertificateAuthority( self.project.id, subca.id) project_ca_repo.create_from(project_ca) preferred_ca = models.PreferredCertificateAuthority( self.project.id, subca.id) preferred_ca_repo.create_from(preferred_ca) subca2 = cert_res.create_subordinate_ca( project_model=self.project, name=self.name, description=self.description, subject_dn=self.subject_name, parent_ca_ref=self.parent_ca_ref, creator_id=self.creator_id) project_ca2 = models.ProjectCertificateAuthority( self.project.id, subca2.id) project_ca_repo.create_from(project_ca2) self.assertRaises(excep.CannotDeletePreferredCA, cert_res.delete_subordinate_ca, self.project.external_id, subca)
def test_create_new_preferred_ca(self): ca = models.CertificateAuthority(self.parsed_ca) ca.id = '67890' project = models.Project() project.id = '12345' preferred_ca = models.PreferredCertificateAuthority(project.id, ca.id) self.assertEqual(ca.id, preferred_ca.ca_id) self.assertEqual(project.id, preferred_ca.project_id)
def set_global_preferred(self, external_project_id): if pecan.request.method != 'POST': pecan.abort(405) LOG.debug("== Set global preferred CA %s", self.ca.id) pref_ca = self.preferred_ca_repo.get_global_preferred_ca() if pref_ca is None: global_preferred_ca = models.PreferredCertificateAuthority( self.preferred_ca_repo.PREFERRED_PROJECT_ID, self.ca.id) self.preferred_ca_repo.create_from(global_preferred_ca) else: self.preferred_ca_repo.update_global_preferred_ca(self.ca)
def test_should_delete_subca_and_all_related_db_entities(self): subca = cert_res.create_subordinate_ca( project_model=self.project, name=self.name, description=self.description, subject_dn=self.subject_name, parent_ca_ref=self.parent_ca_ref, creator_id=self.creator_id) project_ca = models.ProjectCertificateAuthority( self.project.id, subca.id) project_ca_repo.create_from(project_ca) preferred_ca = models.PreferredCertificateAuthority( self.project.id, subca.id) preferred_ca_repo.create_from(preferred_ca) cert_res.delete_subordinate_ca(self.project.external_id, subca) self.cert_plugin.delete_ca.assert_called_once_with(subca.plugin_ca_id)
def add_to_project(self, external_project_id): if pecan.request.method != 'POST': pecan.abort(405) LOG.debug("== Saving CA %s to external_project_id %s", self.ca.id, external_project_id) project_model = res.get_or_create_project(external_project_id) project_cas = project_model.cas num_cas = len(project_cas) for project_ca in project_cas: if project_ca.ca_id == self.ca.id: # project already added return project_ca = models.ProjectCertificateAuthority( project_model.id, self.ca.id) self.project_ca_repo.create_from(project_ca) if num_cas == 0: # set first project CA to be the preferred one preferred_ca = models.PreferredCertificateAuthority( project_model.id, self.ca.id) self.preferred_ca_repo.create_from(preferred_ca)
def create_preferred_cert_authority(cert_authority, session=None): preferred_cert_authority = models.PreferredCertificateAuthority( ca_id=cert_authority.id, project_id=cert_authority.project_id) preferred_ca_repo = repositories.get_preferred_ca_repository() preferred_ca_repo.create_from(preferred_cert_authority, session=session) return preferred_cert_authority
def setUp(self): super(BaseCertificateRequestsTestCase, self).setUp() self.external_project_id = "56789" self.project = res.get_or_create_project(self.external_project_id) project_repo.save(self.project) self.barbican_meta_dto = mock.MagicMock() self.order_meta = {} self.plugin_meta = {} self.barbican_meta = {} self.result = cert_man.ResultDTO( cert_man.CertificateStatus.WAITING_FOR_CA ) self.result_follow_on = common.FollowOnProcessingStatusDTO() self.cert_plugin = mock.MagicMock() self.cert_plugin.issue_certificate_request.return_value = self.result self.cert_plugin.check_certificate_status.return_value = self.result self.store_plugin = mock.MagicMock() parsed_ca = { 'plugin_name': "cert_plugin", 'plugin_ca_id': "XXXX", 'name': "test ca", 'description': 'Test CA', 'ca_signing_certificate': 'ZZZZZ', 'intermediates': 'YYYYY' } self.ca = models.CertificateAuthority(parsed_ca) ca_repo.create_from(self.ca) self.ca_id = self.ca.id # second ca for testing parsed_ca = { 'plugin_name': "cert_plugin", 'plugin_ca_id': "XXXX2", 'name': "test ca2", 'description': 'Test CA2', 'ca_signing_certificate': 'ZZZZZ2', 'intermediates': 'YYYYY2' } self.ca2 = models.CertificateAuthority(parsed_ca) ca_repo.create_from(self.ca2) self.ca_id2 = self.ca2.id # data for preferred CA and global preferred CA tests # add those to the repo in those tests self.pref_ca = models.PreferredCertificateAuthority( self.project.id, self.ca_id) self.global_pref_ca = models.PreferredCertificateAuthority( self.project.id, self.ca_id) # data for stored key cases self.private_key = models.Secret() self.private_key.secret_type = 'PRIVATE' self.private_key.project_id = self.project.id secret_repo.create_from(self.private_key) self.public_key = models.Secret() self.public_key.secret_type = 'PUBLIC' self.public_key.project_id = self.project.id secret_repo.create_from(self.public_key) self.passphrase = models.Secret() self.passphrase.secret_type = 'PASSPHRASE' self.passphrase.project_id = self.project.id secret_repo.create_from(self.passphrase) self.private_key_value = None self.public_key_value = "public_key" self.passphrase_value = None self.parsed_container_with_passphrase = { 'name': 'container name', 'type': 'rsa', 'secret_refs': [ {'name': 'private_key', 'secret_ref': 'https://localhost/secrets/' + self.private_key.id}, {'name': 'public_key', 'secret_ref': 'https://localhost/secrets/' + self.public_key.id}, {'name': 'private_key_passphrase', 'secret_ref': 'https://localhost/secrets/' + self.passphrase.id} ] } self.parsed_container = { 'name': 'container name', 'type': 'rsa', 'secret_refs': [ {'name': 'private_key', 'secret_ref': 'https://localhost/secrets/' + self.private_key.id}, {'name': 'public_key', 'secret_ref': 'https://localhost/secrets/' + self.public_key.id} ] } self.container_with_passphrase = models.Container( self.parsed_container_with_passphrase) self.container_with_passphrase.project_id = self.project.id container_repo.create_from(self.container_with_passphrase) self.container = models.Container(self.parsed_container) self.container.project_id = self.project.id container_repo.create_from(self.container) repositories.commit() self.stored_key_meta = { cert_man.REQUEST_TYPE: cert_man.CertificateRequestType.STORED_KEY_REQUEST, "container_ref": "https://localhost/containers/" + self.container.id, "subject_dn": "cn=host.example.com,ou=dev,ou=us,o=example.com" } self.order = models.Order() self.order.meta = self.order_meta self.order.project_id = self.project.id self.order.order_barbican_meta = self.barbican_meta self.order.type = 'certificate' order_repo.create_from(self.order) self._config_cert_plugin() self._config_store_plugin() self._config_cert_event_plugin() self._config_save_meta_plugin() self._config_get_meta_plugin() self._config_save_barbican_meta_plugin() self._config_get_barbican_meta_plugin() self._config_barbican_meta_dto()
def _add_global_preferred_ca(self, ca_id, session): preferred_ca = self.preferred_ca_repo.create_from( models.PreferredCertificateAuthority(self.global_project.id, ca_id), session) return preferred_ca
def create_cas(self): self.project = res.get_or_create_project(self.project_id) project_repo.save(self.project) self.project_ca_ids = [] self.plugin_name = 'default_plugin' self.plugin_ca_id = 'default_plugin_ca_id_' self.ca_id = "id1" self.num_cas = 10 self.offset = 2 self.limit = 4 self.params = {'offset': self.offset, 'limit': self.limit} for ca_id in moves.range(self.num_cas): parsed_ca = { 'plugin_name': self.plugin_name, 'plugin_ca_id': self.plugin_ca_id + str(ca_id), 'name': self.plugin_name, 'description': 'Master CA for default plugin', 'ca_signing_certificate': 'ZZZZZ' + str(ca_id), 'intermediates': 'YYYYY' + str(ca_id) } ca = models.CertificateAuthority(parsed_ca) ca_repo.create_from(ca) ca_repo.save(ca) if ca_id == 1: # set global preferred ca pref_ca = models.PreferredCertificateAuthority( preferred_ca_repo.PREFERRED_PROJECT_ID, ca.id) preferred_ca_repo.create_from(pref_ca) preferred_ca_repo.save(pref_ca) self.global_ca_id = ca.id if ca_id == 2: # set project CA project_ca = models.ProjectCertificateAuthority( self.project.id, ca.id) project_ca_repo.create_from(project_ca) project_ca_repo.save(project_ca) self.project_ca_ids.append(ca.id) if ca_id == 3: # set project preferred CA project_ca = models.ProjectCertificateAuthority( self.project.id, ca.id) project_ca_repo.create_from(project_ca) project_ca_repo.save(project_ca) self.project_ca_ids.append(ca.id) pref_ca = models.PreferredCertificateAuthority( self.project.id, ca.id) preferred_ca_repo.create_from(pref_ca) preferred_ca_repo.save(pref_ca) self.preferred_project_ca_id = ca.id if ca_id == 4: # set ca for testing GETs for a single CA self.selected_ca_id = ca.id self.selected_plugin_ca_id = self.plugin_ca_id + str(ca_id) self.selected_signing_cert = 'ZZZZZ' + str(ca_id) self.selected_intermediates = 'YYYYY' + str(ca_id)
def _add_global_preferred_ca(self, ca_id, session): preferred_ca = self.preferred_ca_repo.create_from( models.PreferredCertificateAuthority( self.preferred_ca_repo.PREFERRED_PROJECT_ID, ca_id), session) return preferred_ca