def testWhitelist_GlobalRule_Certificate(self):
cert = test_utils.CreateBit9Certificate(id='1a2b')
global_rule = test_utils.CreateBit9Rule(cert.key, host_id='')
change = test_utils.CreateRuleChangeSet(
cert.key,
rule_keys=[global_rule.key],
change_type=constants.RULE_POLICY.WHITELIST)
api_cert = api.Certificate(id=9012,
thumbprint='1a2b',
certificate_state=1)
self.PatchApiRequests([api_cert], api_cert)
change_set._CommitBlockableChangeSet(cert.key)
self.mock_ctx.ExecuteRequest.assert_has_calls([
mock.call('GET',
api_route='certificate',
query_args=['q=thumbprint:1a2b']),
mock.call('POST',
api_route='certificate',
data={
'id': 9012,
'thumbprint': '1a2b',
'certificateState': 2
},
query_args=None)
])
self.assertTrue(global_rule.key.get().is_committed)
self.assertIsNone(change.key.get())
def testResetState(self):
cert = test_utils.CreateBit9Certificate(
state=constants.STATE.BANNED, flagged=True)
cert.ResetState()
reset_cert = cert.key.get()
self.assertEqual(reset_cert.state, constants.STATE.UNTRUSTED)
self.assertFalse(reset_cert.flagged)
self.assertBigQueryInsertion(constants.BIGQUERY_TABLE.CERTIFICATE)
def testWhitelist_LocalRule_Certificate(self):
cert = test_utils.CreateBit9Certificate()
local_rule = test_utils.CreateBit9Rule(cert.key, host_id='5678')
change = test_utils.CreateRuleChangeSet(
cert.key,
rule_keys=[local_rule.key],
change_type=constants.RULE_POLICY.WHITELIST)
change_set._CommitBlockableChangeSet(cert.key)
self.assertIsNotNone(self.local_rule.key.get().is_fulfilled)
self.assertFalse(local_rule.key.get().is_fulfilled)
self.assertTrue(local_rule.key.get().is_committed)
self.assertIsNone(change.key.get())
def testChangeState(self):
# Verify the Bit9Certificate is in the default state of UNTRUSTED.
cert = test_utils.CreateBit9Certificate()
blockable_hash = cert.blockable_hash
cert = bit9.Bit9Certificate.get_by_id(blockable_hash)
self.assertIsNotNone(cert)
self.assertEqual(constants.STATE.UNTRUSTED, cert.state)
# Note the state change timestamp.
old_state_change_dt = cert.state_change_dt
# Change the state.
cert.ChangeState(constants.STATE.BANNED)
# Reload, and verify the state change.
cert = bit9.Bit9Certificate.get_by_id(blockable_hash)
self.assertIsNotNone(cert)
self.assertEqual(constants.STATE.BANNED, cert.state)
self.assertBigQueryInsertion(constants.BIGQUERY_TABLE.CERTIFICATE)
# And the state change timestamp should be increased.
self.assertTrue(cert.state_change_dt > old_state_change_dt)
def setUp(self):
super(Bit9CertificateTest, self).setUp()
self.bit9_certificate = test_utils.CreateBit9Certificate()
self.PatchEnv(settings.ProdEnv, ENABLE_BIGQUERY_STREAMING=True)
def testIsInstance(self):
cert = test_utils.CreateBit9Certificate()
self.assertTrue(cert.IsInstance('Blockable'))
self.assertTrue(cert.IsInstance('Certificate'))
self.assertTrue(cert.IsInstance('Bit9Certificate'))
self.assertFalse(cert.IsInstance('SomethingElse'))
