def test_cms_verify_token_no_oserror(self): with mock.patch('subprocess.Popen.communicate', new=self._raise_OSError): try: cms.cms_verify("x", '/no/such/file', '/no/such/key') except exceptions.CertificateConfigError as e: self.assertIn('/no/such/file', e.output) self.assertIn('Hit OSError ', e.output) else: self.fail('Expected exceptions.CertificateConfigError')
def test_cms_verify_token_no_oserror(self): import errno def raise_OSError(*args): e = OSError() e.errno = errno.EPIPE raise e with mock.patch('subprocess.Popen.communicate', new=raise_OSError): try: cms.cms_verify("x", '/no/such/file', '/no/such/key') except subprocess.CalledProcessError as e: self.assertIn('/no/such/file', e.output) self.assertIn('Hit OSError ', e.output) else: self.fail('Expected subprocess.CalledProcessError')
def _fetch_parse_revocation_list(self): token1 = self.get_scoped_token() # TODO(morganfainberg): Because this is making a restful call to the # app a change to UTCNOW via mock.patch will not affect the returned # token. The only surefire way to ensure there is not a transient bug # based upon when the second token is issued is with a sleep. This # issue all stems from the limited resolution (no microseconds) on the # expiry time of tokens and the way revocation events utilizes token # expiry to revoke individual tokens. This is a stop-gap until all # associated issues with resolution on expiration and revocation events # are resolved. time.sleep(1) token2 = self.get_scoped_token() self.admin_request(method='DELETE', path='/v2.0/tokens/%s' % token2, token=token1) r = self.admin_request( method='GET', path='/v2.0/tokens/revoked', token=token1, expected_status=200) signed_text = r.result['signed'] data_json = cms.cms_verify(signed_text, CONF.signing.certfile, CONF.signing.ca_certs) data = json.loads(data_json) return (data, token2)
def verify(): try: signing_cert_path = self._signing_directory.calc_path(self._SIGNING_CERT_FILE_NAME) signing_ca_path = self._signing_directory.calc_path(self._SIGNING_CA_FILE_NAME) return cms.cms_verify(data, signing_cert_path, signing_ca_path, inform=inform).decode("utf-8") except cms.subprocess.CalledProcessError as err: self.log.warning(_LW("Verify error: %s"), err) raise
def verify(): try: signing_cert_path = self._signing_directory.calc_path( self._SIGNING_CERT_FILE_NAME) signing_ca_path = self._signing_directory.calc_path( self._SIGNING_CA_FILE_NAME) return cms.cms_verify(data, signing_cert_path, signing_ca_path, inform=inform).decode('utf-8') except cms.subprocess.CalledProcessError as err: self._LOG.warning(_LW('Verify error: %s'), err) raise
def verify(): try: signing_cert_path = self._signing_directory.calc_path( self._SIGNING_CERT_FILE_NAME) signing_ca_path = self._signing_directory.calc_path( self._SIGNING_CA_FILE_NAME) return cms.cms_verify(data, signing_cert_path, signing_ca_path, inform=inform).decode('utf-8') except (exceptions.CMSError, cms.subprocess.CalledProcessError) as err: self._LOG.warning(_LW('Verify error: %s'), err) raise exc.InvalidToken(_('Token authorization failed'))
def verify(): try: signing_cert_path = self._signing_directory.calc_path( self._SIGNING_CERT_FILE_NAME) signing_ca_path = self._signing_directory.calc_path( self._SIGNING_CA_FILE_NAME) return cms.cms_verify(data, signing_cert_path, signing_ca_path, inform=inform).decode('utf-8') except (exceptions.CMSError, cms.subprocess.CalledProcessError) as err: self.log.warning(_LW('Verify error: %s'), err) raise exc.InvalidToken(_('Token authorization failed'))
def cms_verify(self, data): """Verifies the signature of the provided data's IAW CMS syntax. If either of the certificate files are missing, fetch them and retry. """ while True: try: output = cms.cms_verify(data, self.signing_cert_file_name, self.ca_file_name) except cms.subprocess.CalledProcessError as err: if self.cert_file_missing(err, self.signing_cert_file_name): self.fetch_signing_cert() continue if self.cert_file_missing(err, self.ca_file_name): self.fetch_ca_cert() continue raise err return output
def test_cms_verify_token_scoped_expired(self): cms_content = cms.token_to_cms( self.examples.SIGNED_TOKEN_SCOPED_EXPIRED) self.assertTrue(cms.cms_verify(cms_content, self.examples.SIGNING_CERT_FILE, self.examples.SIGNING_CA_FILE))
def test_cms_verify_token_unscoped(self): cms_content = cms.token_to_cms(self.examples.SIGNED_TOKEN_UNSCOPED) self.assertTrue( cms.cms_verify(cms_content, self.examples.SIGNING_CERT_FILE, self.examples.SIGNING_CA_FILE))
def test_cms_verify_token_scoped(self): cms_content = cms.token_to_cms(client_fixtures.SIGNED_TOKEN_SCOPED) self.assertTrue(cms.cms_verify(cms_content, client_fixtures.SIGNING_CERT_FILE, client_fixtures.SIGNING_CA_FILE))