class TestCloudMethods(unittest.TestCase):
def __init__(self, *args, **kwargs):
self.cloud_zone = CLOUD_ZONE
self.cloud_conn = CloudConnection(token=CLOUD_APIKEY, url=CLOUD_URL)
super(TestCloudMethods, self).__init__(*args, **kwargs)
def test_cloud_enroll(self):
cn = f"{random_word(10)}.venafi.example.com"
enroll(self.cloud_conn, self.cloud_zone, cn)
def test_cloud_enroll_with_custom_csr(self):
key = open("/tmp/csr-test.key.pem").read()
csr = open("/tmp/csr-test.csr.csr").read()
enroll(self.cloud_conn, self.cloud_zone, private_key=key, csr=csr)
def test_cloud_renew(self):
cn = f"{random_word(10)}.venafi.example.com"
cert_id, pkey, cert, _, _ = enroll(self.cloud_conn, self.cloud_zone, cn)
time.sleep(5)
renew(self.cloud_conn, cert_id, pkey, cert.serial_number, cn)
def test_cloud_renew_twice(self):
cn = f"{random_word(10)}.venafi.example.com"
cert_id, pkey, cert, _, _ = enroll(self.cloud_conn, self.cloud_zone, cn)
new_cert = renew(self.cloud_conn, cert_id, pkey, cert.serial_number, cn)
fingerprint = binascii.hexlify(new_cert.fingerprint(hashes.SHA1())).decode()
found_cert = self.cloud_conn.search_by_thumbprint(thumbprint=fingerprint)
renew(self.cloud_conn, found_cert.csrId, pkey, new_cert.serial_number, cn)
def test_cloud_renew_by_thumbprint(self):
cn = f"{random_word(10)}.venafi.example.com"
cert_id, pkey, cert, _, _ = enroll(self.cloud_conn, self.cloud_zone, cn)
time.sleep(5)
renew_by_thumbprint(self.cloud_conn, cert)
def test_cloud_renew_without_key_reuse(self):
renew_without_key_reuse(self, self.cloud_conn, self.cloud_zone)
def test_cloud_read_zone_config(self):
zone = self.cloud_conn.read_zone_conf(self.cloud_zone)
self.assertEqual(zone.key_type.key_type, KeyType.RSA)
self.assertEqual(zone.key_type.option, 2048)
p = zone.policy
self.assertListEqual(p.SubjectCNRegexes, ['.*.example.com', '.*.example.org', '.*.example.net', '.*.invalid',
'.*.local', '.*.localhost', '.*.test', '.*.vfidev.com'])
self.assertListEqual(p.SubjectCRegexes, [".*"])
self.assertListEqual(p.SubjectLRegexes, [".*"])
self.assertListEqual(p.SubjectORegexes, [".*"])
self.assertListEqual(p.SubjectOURegexes, [".*"])
self.assertEqual(p.key_types[0].option, 2048)
self.assertEqual(p.key_types[1].option, 4096)
def test_cloud_read_zone_unknown_zone(self):
with self.assertRaises(Exception):
self.cloud_conn.read_zone_conf("4d806fbc-06bb-4a2a-b224-9e58a7e996f5")
def test_cloud_read_zone_invalid_zone(self):
with self.assertRaises(Exception):
self.cloud_conn.read_zone_conf("fdsfsfa")
def test_cloud_retrieve_non_issued(self):
req = CertificateRequest(cert_id="4d806fbc-06bb-4a2a-b224-9e58a7e996f5")
with self.assertRaises(Exception):
self.cloud_conn.retrieve_cert(req)
def test_cloud_search_by_thumbprint(self):
req, cert = simple_enroll(self.cloud_conn, self.cloud_zone)
cert = x509.load_pem_x509_certificate(cert.cert.encode(), default_backend())
fingerprint = binascii.hexlify(cert.fingerprint(hashes.SHA1())).decode()
time.sleep(1)
found = self.cloud_conn.search_by_thumbprint(fingerprint)
self.assertEqual(found.certificateIds[0], req.cert_guid)
def test_cloud_enroll_valid_hours(self):
cn = f"{random_word(10)}.venafi.example.com"
request = CertificateRequest(common_name=cn)
request.san_dns = ["www.client.venafi.example.com", "ww1.client.venafi.example.com"]
custom_fields = [
CustomField(name="custom", value="pythonTest"),
CustomField(name="cfList", value="item2"),
CustomField(name="cfListMulti", value="tier1"),
CustomField(name="cfListMulti", value="tier4")
]
request.custom_fields = custom_fields
request.validity_hours = 144
expected_date = datetime.utcnow() + timedelta(hours=request.validity_hours)
self.cloud_conn.request_cert(request, self.cloud_zone)
cert = self.cloud_conn.retrieve_cert(request)
cert = x509.load_pem_x509_certificate(cert.cert.encode(), default_backend())
assert isinstance(cert, x509.Certificate)
expiration_date = cert.not_valid_after
# Due to some roundings and delays in operations on the server side, the certificate expiration date
# is not exactly the same as the one used in the request. A gap is allowed in this scenario to compensate
# this delays and roundings.
delta = timedelta(seconds=60)
date_format = "%Y-%m-%d %H:%M:%S"
self.assertAlmostEqual(expected_date, expiration_date, delta=delta,
msg=f"Delta between expected and expiration date is too big."
f"\nExpected: {expected_date.strftime(date_format)}"
f"\nGot: {expiration_date.strftime(date_format)}\n"
f"Expected_delta: {delta.total_seconds()} seconds.")
def test_cloud_enroll_service_generated_csr(self):
cn = f"{random_word(10)}.venafi.example.com"
password = '******'
request = CertificateRequest(
common_name=cn,
key_password=password,
country='US'
)
request.san_dns = ["www.client.venafi.example.com", "ww1.client.venafi.example.com"]
request.csr_origin = CSR_ORIGIN_SERVICE
self.cloud_conn.request_cert(request, self.cloud_zone)
cert_object = self.cloud_conn.retrieve_cert(request)
cert = x509.load_pem_x509_certificate(cert_object.cert.encode(), default_backend())
assert isinstance(cert, x509.Certificate)
t1 = cert.subject.get_attributes_for_oid(NameOID.COMMON_NAME)
t2 = [
x509.NameAttribute(
NameOID.COMMON_NAME, cn or RANDOM_DOMAIN
)
]
assert t1 == t2
output = cert_object.as_pkcs12('FooBarPass123')
log.info(f"PKCS12 created successfully for certificate with CN: {cn}")
class TestCloudMethods(unittest.TestCase):
def __init__(self, *args, **kwargs):
self.cloud_zone = environ['CLOUD_ZONE']
self.cloud_conn = CloudConnection(token=TOKEN, url=CLOUDURL)
super(TestCloudMethods, self).__init__(*args, **kwargs)
def test_cloud_enroll(self):
cn = randomword(10) + ".venafi.example.com"
enroll(self.cloud_conn, self.cloud_zone, cn)
def test_cloud_enroll_with_custom_csr(self):
key = open("/tmp/csr-test.key.pem").read()
csr = open("/tmp/csr-test.csr.csr").read()
enroll(self.cloud_conn, self.cloud_zone, private_key=key, csr=csr)
def test_cloud_renew(self):
cn = randomword(10) + ".venafi.example.com"
cert_id, pkey, cert, _ = enroll(self.cloud_conn, self.cloud_zone, cn)
time.sleep(5)
renew(self.cloud_conn, cert_id, pkey, cert.serial_number, cn)
def test_cloud_renew_twice(self):
cn = randomword(10) + ".venafi.example.com"
cert_id, pkey, cert, _ = enroll(self.cloud_conn, self.cloud_zone, cn)
time.sleep(5)
renew(self.cloud_conn, cert_id, pkey, cert.serial_number, cn)
time.sleep(5)
renew(self.cloud_conn, cert_id, pkey, cert.serial_number, cn)
def test_cloud_renew_by_thumbprint(self):
cn = randomword(10) + ".venafi.example.com"
cert_id, pkey, cert, _ = enroll(self.cloud_conn, self.cloud_zone, cn)
time.sleep(5)
renew_by_thumbprint(self.cloud_conn, cert)
def test_cloud_renew_without_key_reuse(self):
renew_without_key_reuse(self, self.cloud_conn, self.cloud_zone)
def test_cloud_read_zone_config(self):
zone = self.cloud_conn.read_zone_conf(self.cloud_zone)
self.assertEqual(zone.key_type.key_type, KeyType.RSA)
self.assertEqual(zone.key_type.option, 2048)
p = zone.policy
self.assertListEqual(p.SubjectCNRegexes, [
'.*.example.com', '.*.example.org', '.*.example.net', '.*.invalid',
'.*.local', '.*.localhost', '.*.test', '.*.vfidev.com'
])
self.assertListEqual(p.SubjectCRegexes, [".*"])
self.assertListEqual(p.SubjectLRegexes, [".*"])
self.assertListEqual(p.SubjectORegexes, [".*"])
self.assertListEqual(p.SubjectOURegexes, [".*"])
self.assertEqual(p.key_types[0].option, 2048)
self.assertEqual(p.key_types[1].option, 4096)
def test_cloud_read_zone_unknown_zone(self):
with self.assertRaises(Exception):
self.cloud_conn.read_zone_conf(
"4d806fbc-06bb-4a2a-b224-9e58a7e996f5")
def test_cloud_read_zone_invalud_zone(self):
with self.assertRaises(Exception):
self.cloud_conn.read_zone_conf("fdsfsfa")
def test_cloud_retrieve_non_issued(self):
req = CertificateRequest(
cert_id="4d806fbc-06bb-4a2a-b224-9e58a7e996f5")
with self.assertRaises(Exception):
self.cloud_conn.retrieve_cert(req)
def test_cloud_search_by_thumbpint(self):
req, cert = simple_enroll(self.cloud_conn, self.cloud_zone)
cert = x509.load_pem_x509_certificate(cert.cert.encode(),
default_backend())
fingerprint = binascii.hexlify(cert.fingerprint(
hashes.SHA1())).decode()
time.sleep(1)
found = self.cloud_conn.search_by_thumbprint(fingerprint)
self.assertEqual(found.manage_id, req.manage_id)
def test_auth(self):
self.cloud_conn.auth()
def test_invalid_auth(self):
cloud_conn = CloudConnection(
token='5eebed3b-0542-4c0d-a42e-b1e6e4630c3d', url=CLOUDURL)
with self.assertRaises(Exception):
cloud_conn.auth()
def test_invalid_auth2(self):
cloud_conn = CloudConnection(token='invalid-format-token',
url=CLOUDURL)
with self.assertRaises(Exception):
cloud_conn.auth()