def test_getAgentCrtReqName(self, hostname_mock):
hostname_mock.return_value = "dummy.hostname"
self.config.set('security', 'keysdir', '/dummy-keysdir')
man = CertificateManager(self.config, "active_server")
res = man.getAgentCrtReqName()
self.assertEquals(res,
os.path.abspath("/dummy-keysdir/dummy.hostname.csr"))
def test_reqSignCrt_malformedJson(self, urlopen_mock, open_mock,
hostname_mock):
hostname_mock.return_value = "dummy-hostname"
open_mock.return_value.read.return_value = "dummy_request"
self.config.set('security', 'keysdir', '/dummy-keysdir')
self.config.set('security', 'passphrase_env_var_name',
'DUMMY_PASSPHRASE')
man = CertificateManager(self.config, "active_server")
# test valid JSON response
urlopen_mock.return_value.read.return_value = '{"result": "OK", "signedCa":"dummy"}'
try:
man.reqSignCrt()
except ssl.SSLError:
self.fail("Unexpected exception!")
open_mock.return_value.write.assert_called_with(u'dummy')
# test malformed JSON response
open_mock.return_value.write.reset_mock()
urlopen_mock.return_value.read.return_value = '{malformed_object}'
try:
man.reqSignCrt()
self.fail("Expected exception!")
except ssl.SSLError:
pass
self.assertFalse(open_mock.return_value.write.called)
def test_genAgentCrtReq(self, communicate_mock, popen_mock):
man = CertificateManager(self.config)
p = MagicMock(spec=subprocess.Popen)
p.communicate = communicate_mock
popen_mock.return_value = p
man.genAgentCrtReq()
self.assertTrue(popen_mock.called)
self.assertTrue(communicate_mock.called)
def test_genAgentCrtReq(self, chmod_mock, communicate_mock, popen_mock):
man = CertificateManager(self.config, "active_server")
p = MagicMock(spec=subprocess32.Popen)
p.communicate = communicate_mock
popen_mock.return_value = p
man.genAgentCrtReq('/dummy-keysdir/hostname.key')
self.assertTrue(chmod_mock.called)
self.assertTrue(popen_mock.called)
self.assertTrue(communicate_mock.called)
def setUp(self):
self.tmpdir = tempfile.mkdtemp()
config = AmbariConfig.AmbariConfig()
config.set('server', 'hostname', 'example.com')
config.set('server', 'url_port', '777')
config.set('security', 'keysdir', self.tmpdir)
config.set('security', 'server_crt', 'ca.crt')
server_hostname = config.get('server', 'hostname')
self.certMan = CertificateManager(config, server_hostname)
def test_loadSrvrCrt(self, getSrvrCrtName_mock, urlopen_mock):
read_mock = MagicMock(create=True)
read_mock.read.return_value = "dummy_cert"
urlopen_mock.return_value = read_mock
_, tmpoutfile = tempfile.mkstemp()
getSrvrCrtName_mock.return_value = tmpoutfile
man = CertificateManager(self.config)
man.loadSrvrCrt()
# Checking file contents
saved = open(tmpoutfile, 'r').read()
self.assertEqual(saved, read_mock.read.return_value)
os.unlink(tmpoutfile)
def test_reqSignCrt(self, loads_mock, urlopen_mock, request_mock, dumps_mock, open_mock, hostname_mock):
self.config.set('security', 'keysdir', '/dummy-keysdir')
self.config.set('security', 'passphrase_env_var_name', 'DUMMY_PASSPHRASE')
man = CertificateManager(self.config, "active_server")
hostname_mock.return_value = "dummy-hostname"
open_mock.return_value.read.return_value = "dummy_request"
urlopen_mock.return_value.read.return_value = "dummy_server_request"
loads_mock.return_value = {
'result': 'OK',
'signedCa': 'dummy-crt'
}
# Test normal server interaction
man.reqSignCrt()
self.assertEqual(dumps_mock.call_args[0][0], {
'csr' : 'dummy_request',
'passphrase' : 'dummy-passphrase'
})
self.assertEqual(open_mock.return_value.write.call_args[0][0], 'dummy-crt')
# Test negative server reply
dumps_mock.reset_mock()
open_mock.return_value.write.reset_mock()
loads_mock.return_value = {
'result': 'FAIL',
'signedCa': 'fail-crt'
}
# If certificate signing failed, then exception must be raised
try:
man.reqSignCrt()
self.fail()
except ssl.SSLError:
pass
self.assertFalse(open_mock.return_value.write.called)
# Test connection fail
dumps_mock.reset_mock()
open_mock.return_value.write.reset_mock()
try:
man.reqSignCrt()
self.fail("Expected exception here")
except Exception, err:
# expected
pass
def test_checkCertExists(self, reqSignCrt_mock, getAgentCrtName_mock,
genAgentCrtReq_mock, getAgentKeyName_mock,
loadSrvrCrt_mock, exists_mock):
self.config.set('security', 'keysdir', '/dummy-keysdir')
getAgentKeyName_mock.return_value = "dummy AgentKeyName"
getAgentCrtName_mock.return_value = "dummy AgentCrtName"
man = CertificateManager(self.config, "active_server")
# Case when all files exist
exists_mock.side_effect = [True, True, True]
man.checkCertExists()
self.assertFalse(loadSrvrCrt_mock.called)
self.assertFalse(genAgentCrtReq_mock.called)
self.assertFalse(reqSignCrt_mock.called)
# Absent server cert
exists_mock.side_effect = [False, True, True]
man.checkCertExists()
self.assertTrue(loadSrvrCrt_mock.called)
self.assertFalse(genAgentCrtReq_mock.called)
self.assertFalse(reqSignCrt_mock.called)
loadSrvrCrt_mock.reset_mock()
# Absent agent key
exists_mock.side_effect = [True, False, True]
man.checkCertExists()
self.assertFalse(loadSrvrCrt_mock.called)
self.assertTrue(genAgentCrtReq_mock.called)
self.assertFalse(reqSignCrt_mock.called)
genAgentCrtReq_mock.reset_mock()
# Absent agent cert
exists_mock.side_effect = [True, True, False]
man.checkCertExists()
self.assertFalse(loadSrvrCrt_mock.called)
self.assertFalse(genAgentCrtReq_mock.called)
self.assertTrue(reqSignCrt_mock.called)
reqSignCrt_mock.reset_mock()
def test_initSecurity(self, checkCertExists_method): man = CertificateManager(self.config, "active_server") man.initSecurity() self.assertTrue(checkCertExists_method.called)
def test_getSrvrCrtName(self):
self.config.set('security', 'keysdir', '/dummy-keysdir')
man = CertificateManager(self.config, "active_server")
res = man.getSrvrCrtName()
self.assertEquals(res, os.path.abspath("/dummy-keysdir/ca.crt"))
def test_getSrvrCrtName(self):
self.config.set('security', 'keysdir', '/dummy-keysdir')
man = CertificateManager(self.config)
res = man.getSrvrCrtName()
self.assertEquals(res, "/dummy-keysdir/ca.crt")
def test_getAgentCrtName(self, hostname_mock):
hostname_mock.return_value = "dummy.hostname"
self.config.set('security', 'keysdir', '/dummy-keysdir')
man = CertificateManager(self.config)
res = man.getAgentCrtName()
self.assertEquals(res, "/dummy-keysdir/dummy.hostname.crt")
