def setUpClass(cls):
# Generate certificate
cls.certificate, cls.private_key, cls.ca_certificate, cls.ca_key = create_certificate_chain(
common_name='test.com', subject_alt_names=('www.test.com', ))
cert, key, ca_cert = generate_pem_data(cls.certificate,
cls.private_key,
cls.ca_certificate)
# Write to file
cls.certificate_file.write(cert)
cls.private_key_file.write(key)
cls.certificate_chain_file.write(ca_cert)
def test_parse_certificates_multiple_certificates(self):
certificate, private_key, ca_certificate, ca_key = create_certificate_chain(
common_name='test2.com',
root_name='Root 2 CA',
subject_alt_names=('www.test2.com', ))
cert_data, key_data, ca_cert_data = generate_pem_data(
certificate, private_key, ca_certificate)
certs = [{
'cert':
OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM,
self.cert_data),
'path':
'cert-file-1'
}, {
'cert':
OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM,
self.ca_cert_data),
'path':
'ca-cert-file-1'
}, {
'cert':
OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM,
cert_data),
'path':
'cert-file-2'
}, {
'cert':
OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM,
ca_cert_data),
'path':
'ca-cert-file-2'
}]
keys = [{
'key':
OpenSSL.crypto.load_privatekey(OpenSSL.crypto.FILETYPE_PEM,
self.key_data),
'path':
'key-1'
}, {
'key':
OpenSSL.crypto.load_privatekey(OpenSSL.crypto.FILETYPE_PEM,
key_data),
'path':
'key-2'
}]
with self.assertRaisesRegex(
CertificateScanFailedException,
'ERROR: More than one base certificate was found: cert-file-1, cert-file-2'
):
parse_certificates(certs, keys)
def setUpClass(cls):
# Generate certificate
cls.certificate, cls.private_key, cls.ca_certificate, cls.ca_key = create_certificate_chain(
common_name='test.com', subject_alt_names=('www.test.com', ))
cls.cert_data, cls.key_data, cls.ca_cert_data = generate_pem_data(
cls.certificate, cls.private_key, cls.ca_certificate)
cls.ca_key_data = cls.ca_key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.TraditionalOpenSSL,
encryption_algorithm=NoEncryption())
# Write to file
cls.certificate_file.write(cls.cert_data)
cls.private_key_file.write(cls.key_data)
cls.certificate_chain_file.write(cls.ca_cert_data)
cls.ca_key_file.write(cls.ca_key_data)
def test_upload_certificate(self, mock_print):
# Generate certificate
cert, key, ca_cert, ca_key = create_certificate_chain(
common_name='test.com', subject_alt_names=('www.test.com', ))
certificate, private_key, ca_certificate = generate_pem_data(
cert, key, ca_cert)
arn = self.uploader.upload_certificate(cert_data=certificate,
private_key_data=private_key,
chain_data=ca_certificate)
mock_print.assert_has_calls([
call('Certificate Uploaded Successfully:'),
call('\tARN: %s' % arn),
call('\tCommon Name: %s' % 'test.com'),
call('\tSubject Alternative Names:'),
call('\t\twww.test.com'),
# call('\tValidity: %s to %s' % (cert.not_valid_before, cert.not_valid_after)),
# call('\tStatus: %s' % 'ISSUED')
])
def test_iam_parser_attach_existing_certificate(self, mock_input,
mock_args):
certificate, private_key, ca_certificate = generate_pem_data(
self.certificate, self.private_key, self.ca_certificate)
# Create certificate
iam = boto3.client('iam')
arn = iam.upload_server_certificate(
Path='/test/',
ServerCertificateName='tester',
CertificateBody=certificate.decode('utf-8'),
PrivateKey=private_key.decode('utf-8'),
CertificateChain=ca_certificate.decode(
'utf-8'))['ServerCertificateMetadata']['Arn']
# Create load balancer
elb = boto3.client('elb')
vpc, subnet = create_vpc_resources()
create_elb('test-lb-iam', subnet)
# Get LB info
lb_info = elb.describe_load_balancers(
LoadBalancerNames=['test-lb-iam'])['LoadBalancerDescriptions'][0]
# Check certificate
self.assertEqual(
'fake-certificate',
lb_info['ListenerDescriptions'][1]['Listener']['SSLCertificateId'])
# Run CLI. This should not raise any exceptions
cli.main()
# Verify ELB has the certificate assigned
lb_info = elb.describe_load_balancers(
LoadBalancerNames=['test-lb-iam'])['LoadBalancerDescriptions'][0]
# Check certificate
self.assertEqual(
arn,
lb_info['ListenerDescriptions'][1]['Listener']['SSLCertificateId'])
def test_acm_parser_attach_existing_certificate(self, mock_input,
mock_args):
certificate, private_key, ca_certificate = generate_pem_data(
self.certificate, self.private_key, self.ca_certificate)
# Create certificate
acm = boto3.client('acm')
arn = acm.import_certificate(
Certificate=certificate,
PrivateKey=private_key,
CertificateChain=ca_certificate)['CertificateArn']
mock_args.return_value.certificate_arn = arn
# Create load balancer
elb = boto3.client('elb')
vpc, subnet = create_vpc_resources()
create_elb('test-lb', subnet)
# Get LB info
lb_info = elb.describe_load_balancers(
LoadBalancerNames=['test-lb'])['LoadBalancerDescriptions'][0]
# Check certificate
self.assertEqual(
'fake-certificate',
lb_info['ListenerDescriptions'][1]['Listener']['SSLCertificateId'])
# Run CLI. This should not raise any exceptions
cli.main()
# Verify ELB has the certificate assigned
lb_info = elb.describe_load_balancers(
LoadBalancerNames=['test-lb'])['LoadBalancerDescriptions'][0]
# Check certificate
self.assertEqual(
arn,
lb_info['ListenerDescriptions'][1]['Listener']['SSLCertificateId'])
def test_acm_parser_via_scan(self, mock_print, mock_args, mock_scan):
with TemporaryDirectory() as temp_dir:
mock_scan.return_value = {
'certificate': os.path.join(temp_dir, 'cert.pem'),
'chain': os.path.join(temp_dir, 'chain.pem'),
'private_key': os.path.join(temp_dir, 'key.pem')
}
certificate, private_key, ca_certificate, ca_key = create_certificate_chain(
common_name='test.com', subject_alt_names=('www.test.com', ))
cert_data, key_data, ca_cert_data = generate_pem_data(
certificate, private_key, ca_certificate)
with open(os.path.join(temp_dir, 'cert.pem'), 'w') as f:
f.write(cert_data.decode('utf-8'))
with open(os.path.join(temp_dir, 'chain.pem'), 'w') as f:
f.write(ca_cert_data.decode('utf-8'))
with open(os.path.join(temp_dir, 'key.pem'), 'w') as f:
f.write(key_data.decode('utf-8'))
cli.main()
arn = None
for item in mock_print.mock_calls:
arn_match = re.match(
'\tARN: (arn:aws:acm:.+:\\d+:certificate/.+)$',
item.args[0])
if arn_match:
arn = arn_match.group(1)
break
# Should be able to describe certificate without raising an exception
self.assertIsNotNone(arn)
acm = boto3.client('acm')
acm.describe_certificate(CertificateArn=arn)
