def testMismatchInNodeCert(self): cert1_path = testutils.TestDataFilename("cert1.pem") cert2_path = testutils.TestDataFilename("cert2.pem") tmpfile = utils.PathJoin(self.tmpdir, "cert") # Extract certificate cert1 = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, utils.ReadFile(cert1_path)) cert1_pem = OpenSSL.crypto.dump_certificate( OpenSSL.crypto.FILETYPE_PEM, cert1) # Extract mismatching key key2 = OpenSSL.crypto.load_privatekey(OpenSSL.crypto.FILETYPE_PEM, utils.ReadFile(cert2_path)) key2_pem = OpenSSL.crypto.dump_privatekey(OpenSSL.crypto.FILETYPE_PEM, key2) # Write to file utils.WriteFile(tmpfile, data=cert1_pem + key2_pem) try: utils.CheckNodeCertificate(cert1, _noded_cert_file=tmpfile) except errors.X509CertError, err: self.assertEqual( err.args, (tmpfile, "Certificate does not match with private key"))
def testMissingFile(self): cert_path = testutils.TestDataFilename("cert1.pem") nodecert = utils.PathJoin(self.tmpdir, "does-not-exist") utils.CheckNodeCertificate(NotImplemented, _noded_cert_file=nodecert) self.assertFalse(os.path.exists(nodecert))
def testMatchingKey(self): cert_filename = testutils.TestDataFilename("cert2.pem") # Extract certificate cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, utils.ReadFile(cert_filename)) cert_pem = OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM, cert) utils.CheckNodeCertificate(cert, _noded_cert_file=cert_filename)
def testMismatchingKey(self): other_cert = testutils.TestDataFilename("cert1.pem") node_cert = testutils.TestDataFilename("cert2.pem") cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, utils.ReadFile(other_cert)) try: utils.CheckNodeCertificate(cert, _noded_cert_file=node_cert) except errors.GenericError, err: self.assertEqual( str(err), "Given cluster certificate does not match local key")