def test_execute(self, mock_driver):
dummy_cert = local.LocalCert('test_cert', 'test_key')
mock_driver.generate_cert_key_pair.side_effect = [dummy_cert]
c = cert_task.GenerateServerPEMTask()
pem = c.execute('123')
self.assertEqual(
pem, dummy_cert.get_certificate() + dummy_cert.get_private_key())
mock_driver.generate_cert_key_pair.assert_called_once_with(
cn='123', validity=cert_task.CERT_VALIDITY)
def generate_cert_key_pair(cls, cn, validity, bit_length=2048,
passphrase=None, **kwargs):
pk = cls._generate_private_key(bit_length, passphrase)
csr = cls._generate_csr(cn, pk, passphrase)
cert = cls.sign_cert(csr, validity, **kwargs)
cert_object = local_common.LocalCert(
certificate=cert,
private_key=pk,
private_key_passphrase=passphrase
)
return cert_object
def get_cert(project_id, cert_ref, **kwargs):
"""Retrieves the specified cert.
:param project_id: Project ID for the owner of the certificate
:param cert_ref: the UUID of the cert to retrieve
:return: octavia.certificates.common.Cert representation of the
certificate data
:raises CertificateStorageException: if certificate retrieval fails
"""
LOG.info(
_LI("Loading certificate {0} from the local filesystem.").format(
cert_ref))
filename_base = os.path.join(CONF.certificates.storage_path, cert_ref)
filename_certificate = "{0}.crt".format(filename_base, cert_ref)
filename_private_key = "{0}.key".format(filename_base, cert_ref)
filename_intermediates = "{0}.int".format(filename_base, cert_ref)
filename_pkp = "{0}.pass".format(filename_base, cert_ref)
cert_data = dict()
try:
with open(filename_certificate, 'r') as cert_file:
cert_data['certificate'] = cert_file.read()
except IOError:
LOG.error(
_LE("Failed to read certificate for {0}.").format(cert_ref))
raise exceptions.CertificateStorageException(
msg="Certificate could not be read.")
try:
with open(filename_private_key, 'r') as key_file:
cert_data['private_key'] = key_file.read()
except IOError:
LOG.error(
_LE("Failed to read private key for {0}.").format(cert_ref))
raise exceptions.CertificateStorageException(
msg="Private Key could not be read.")
try:
with open(filename_intermediates, 'r') as int_file:
cert_data['intermediates'] = int_file.read()
except IOError:
pass
try:
with open(filename_pkp, 'r') as pass_file:
cert_data['private_key_passphrase'] = pass_file.read()
except IOError:
pass
return local_common.LocalCert(**cert_data)
def get_cert(context, cert_ref, **kwargs):
"""Retrieves the specified cert.
:param context: Ignored in this implementation
:param cert_ref: the UUID of the cert to retrieve
:return: octavia.certificates.common.Cert representation of the
certificate data
:raises CertificateStorageException: if certificate retrieval fails
"""
LOG.info("Loading certificate %s from the local filesystem.", cert_ref)
filename_base = os.path.join(CONF.certificates.storage_path, cert_ref)
filename_certificate = "{0}.crt".format(filename_base)
filename_private_key = "{0}.key".format(filename_base)
filename_intermediates = "{0}.int".format(filename_base)
filename_pkp = "{0}.pass".format(filename_base)
cert_data = dict()
flags = os.O_RDONLY
try:
with os.fdopen(os.open(filename_certificate, flags)) as cert_file:
cert_data['certificate'] = cert_file.read()
except IOError:
LOG.error("Failed to read certificate for %s.", cert_ref)
raise exceptions.CertificateStorageException(
msg="Certificate could not be read.")
try:
with os.fdopen(os.open(filename_private_key, flags)) as key_file:
cert_data['private_key'] = key_file.read()
except IOError:
LOG.error("Failed to read private key for %s", cert_ref)
raise exceptions.CertificateStorageException(
msg="Private Key could not be read.")
try:
with os.fdopen(os.open(filename_intermediates, flags)) as int_file:
cert_data['intermediates'] = int_file.read()
cert_data['intermediates'] = list(
cert_parser.get_intermediates_pems(cert_data['intermediates']))
except IOError:
pass
try:
with os.fdopen(os.open(filename_pkp, flags)) as pass_file:
cert_data['private_key_passphrase'] = pass_file.read()
except IOError:
pass
return local_common.LocalCert(**cert_data)
def test_execute(self, mock_driver):
key = utils.get_compatible_server_certs_key_passphrase()
fer = fernet.Fernet(key)
dummy_cert = local.LocalCert(utils.get_compatible_value('test_cert'),
utils.get_compatible_value('test_key'))
mock_driver.generate_cert_key_pair.side_effect = [dummy_cert]
c = cert_task.GenerateServerPEMTask()
pem = c.execute('123')
self.assertEqual(
fer.decrypt(pem.encode('utf-8')),
dummy_cert.get_certificate() + dummy_cert.get_private_key())
mock_driver.generate_cert_key_pair.assert_called_once_with(
cn='123', validity=CONF.certificates.cert_validity_time)
def get_cert(self, context, cert_ref, resource_ref=None, check_only=False, service_name=None):
cert_data = {}
# Self-Signed test.example key:
cert_data['private_key'] = """-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDO1ZiNs+E/NBX9
yfWjojTILtHtD2yfYJxSn4QKYReoAb49SDczfR+N/0ncYDuwbKH6EjC7tl6t97lV
oM4ZbE0UZX0our0/WqE0TwKK6svS55iztbdB3rMBOVLtmwtCG6hyG1JYVEcW5OcX
u+pAVHuViWI1IGqt57/FfCUlJg0BeeS2fheSckRsmWITIdr9gIwR3eHIEHKjLiJH
e5xJKhUErrFS4DmYeh3ZC91q7KxBWObBBXgYD/Pg8NyVj9GvF3VFKlVhytH/coKt
zyiCx4NQs9Z+Ly/fvEQcHc7DJoXvdu6fFFfZjqpSaLngYCR0z7TfRfZYsCh13dt7
dYZyF4Q/AgMBAAECggEAXgEiNrUcmLc5j4EszVQ5nQn6iz3JZp5oLf0l6/m44Lj6
F6wsupARuV3f2fM67bJR4/BEiewXGAZRC6PsSA268pw1yD8nKBYu0jFevHh+brqn
4nWidqOaw+Gj2S3wbflYE5RrVo3nSXZ7uYPEsbwz9wDby72R/rwnosALudiTbKmC
GHKuoGxdpczRTB4ziOA6EOo71cdIFKsG9f3iTmSYjgbos9dI/PE+v0GH/7tZURDS
EwIyxenR6P3ri+Y+2eiE2+xZy1K3kvAyWOaBliL8oNSFwaOBl3+DV2KNsx7JiQGC
JceL7+7RMLlUFp5Dhb5eZlVCDB0U/fLM+GvPjQgBoQKBgQD3opJGex6LGXuuETYk
DSMEBmfMUOE1mG441e/ToBaoFeuj8Z4aXA3xFGIGRpvi7+DhddbWbIoFPOQL48w/
0c5voMZ7EDO2FCAeIgwYwB+U43ZQyDbAcJUfrG5n6yGmyqtz9pwHD72Vw0XUvS1y
EopnJA1Z/HLQM9iYE3KY9K/QFwKBgQDV0jMpBaF4bwcFZAY5NQ5H3gtq+23lBB9M
ZLuVrLZWX/4KJFKH2RnS3SxHch6wFK+0Q848Y8mFn9/gt2L6DB1AZC18S89uPd3j
0rqrRCwcQUKfWxjX/OutaPKncacUz3m3jHQ+gOBIfezlhCAYx8Y9PaOgxCOevgad
BU3JijKeGQKBgQDazBB0J7pf6r8lmF1+0wCaQNKbaubhhPH2U8hX8n2yO9P9AbHQ
1n8XAAxwQRjhFVNbwdN1l2cHo7pWawp/ZPACH0rfVvxppzSNi0Wm5LHCyosyawQ9
WfvYhXDzboRIK4/7oOxRLO40kdl0U0YBITKaWPdXB7+mB/kavSwmyyNANwKBgQCL
lyPhNxTYTBuYUFmjxVhiYLqxiB2RcqSAOg8gwtVzBE4UDux2Vax/NfcvWXhhWc/v
bojYcgjhHKOK0A5k0b3TCNONHuz3upn+ntdQ8jud4pj88fsBHtQ5rJcl65O5iU2c
H6zQFVDW4qbim+RcaSepWXFWhlX+z23/2rOSzI8JGQKBgADvpEmnndRFs4oDCPs7
SrFHMnr44JBz11aJs9tzOvTbox17xpgWeSxA0oppaa59B5HCp1EBT7IRtyuU7SBo
W3JrC0JjYlMhuH/qsooPi1eH+jYryrJlwsBwOwkOd5V4xPpDge5+2jWc06TGuaeC
f5IVJc3ipPIWWC8IW8+pClHq
-----END PRIVATE KEY-----""".encode("utf-8")
cert_data['certificate'] = """-----BEGIN CERTIFICATE-----
MIICqjCCAZICCQC6b92nP8oPhTANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAx0
ZXN0LmV4YW1wbGUwHhcNMjAwMzAyMTU0MTU1WhcNMjEwMzAyMTU0MTU1WjAXMRUw
EwYDVQQDDAx0ZXN0LmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDO1ZiNs+E/NBX9yfWjojTILtHtD2yfYJxSn4QKYReoAb49SDczfR+N/0nc
YDuwbKH6EjC7tl6t97lVoM4ZbE0UZX0our0/WqE0TwKK6svS55iztbdB3rMBOVLt
mwtCG6hyG1JYVEcW5OcXu+pAVHuViWI1IGqt57/FfCUlJg0BeeS2fheSckRsmWIT
Idr9gIwR3eHIEHKjLiJHe5xJKhUErrFS4DmYeh3ZC91q7KxBWObBBXgYD/Pg8NyV
j9GvF3VFKlVhytH/coKtzyiCx4NQs9Z+Ly/fvEQcHc7DJoXvdu6fFFfZjqpSaLng
YCR0z7TfRfZYsCh13dt7dYZyF4Q/AgMBAAEwDQYJKoZIhvcNAQELBQADggEBAAop
5YS7QPpDhGBs191rWgp00xnIJUtJfxvYJPdQ4M+yRAhlT3ioU4YLpEngLVsHtgtA
+NGw/zoSEZAnQ+BqmIbB6DX3nR83za/LSEr8f6O7rKQrnRR/mYiFj1baR+i3i6fF
76FdzA/1ERn4l5XoWsu+InUiKx6mfyQc1C/EUjHcMF8CY9AK2LpicDhxaF/wtzNh
83/U96EXvpvcyaRlOIIv4qNNA2VtP0vjKEqSwZaauwwaPBKGMXr8iwBBrfQJkt7k
xGfp3W7NmA9RJTWG7b7y1G5eZJZSKd7RqseUa6Xs5ddlirW5bNx6ebNBiwFTu+cX
Bn8MYJefqUlQYyi745g=
-----END CERTIFICATE-----""".encode("utf-8")
return local_common.LocalCert(**cert_data)
def test_local_cert(self):
# Create a cert
cert = local_cert.LocalCert(
certificate=self.certificate,
intermediates=self.intermediates,
private_key=self.private_key,
private_key_passphrase=self.private_key_passphrase)
# Validate the cert functions
self.assertEqual(self.certificate, cert.get_certificate())
self.assertEqual(self.intermediates, cert.get_intermediates())
self.assertEqual(self.private_key, cert.get_private_key())
self.assertEqual(self.private_key_passphrase,
cert.get_private_key_passphrase())
