def test_certificate_subject_invalid(self): """ Test API validate_certificate_subject returns False when incorrect inputs are used """ # delete keys from dict for key in list(VALID_SUBJECT_DICT.keys()): test_dict = VALID_SUBJECT_DICT.copy() del test_dict[key] self.assertFalse(EdgeCertUtil.is_valid_certificate_subject(test_dict), key) # test with invalid values string_val_65 = 'a' * 65 string_val_129 = 'a' * 129 invalid_lengths_dict = { EC.SUBJECT_COUNTRY_KEY: [None, '', 'A', 'ABC'], EC.SUBJECT_STATE_KEY: [None, string_val_129], EC.SUBJECT_LOCALITY_KEY: [None, string_val_129], EC.SUBJECT_ORGANIZATION_KEY: [None, string_val_65], EC.SUBJECT_ORGANIZATION_UNIT_KEY: [None, string_val_65], EC.SUBJECT_COMMON_NAME_KEY: [None, '', string_val_65], } for key in list(VALID_SUBJECT_DICT.keys()): test_dict = VALID_SUBJECT_DICT.copy() for test_case in list(invalid_lengths_dict[key]): test_dict[key] = test_case self.assertFalse(EdgeCertUtil.is_valid_certificate_subject(test_dict), key)
def test_set_ca_cert_missing_cert_files_invalid(self): """ Test API set_ca_cert raises exception when files found to not exist """ cert_util = EdgeCertUtil() with patch('edgectl.utils.EdgeUtils.check_if_file_exists') as mock_check_file: mock_check_file.side_effect = self._check_if_file_exists_helper with self.assertRaises(edgectl.errors.EdgeValueError): cert_util.set_ca_cert('root', ca_cert_file_path=INVALID_FILE, ca_root_cert_file_path=CA_OWNER_CERT_FILE_NAME, ca_root_chain_cert_file_path=CA_CHAIN_CERT_FILE_NAME, ca_private_key_file_path=CA_PRIVATE_KEY_FILE_NAME) with self.assertRaises(edgectl.errors.EdgeValueError): cert_util.set_ca_cert('root', ca_cert_file_path=CA_CERT_FILE_NAME, ca_root_cert_file_path=INVALID_FILE, ca_root_chain_cert_file_path=CA_CHAIN_CERT_FILE_NAME, ca_private_key_file_path=CA_PRIVATE_KEY_FILE_NAME) with self.assertRaises(edgectl.errors.EdgeValueError): cert_util.set_ca_cert('root', ca_cert_file_path=CA_CERT_FILE_NAME, ca_root_cert_file_path=CA_OWNER_CERT_FILE_NAME, ca_root_chain_cert_file_path=INVALID_FILE, ca_private_key_file_path=CA_PRIVATE_KEY_FILE_NAME) with self.assertRaises(edgectl.errors.EdgeValueError): cert_util.set_ca_cert('root', ca_cert_file_path=CA_CERT_FILE_NAME, ca_root_cert_file_path=CA_OWNER_CERT_FILE_NAME, ca_root_chain_cert_file_path=CA_CHAIN_CERT_FILE_NAME, ca_private_key_file_path=INVALID_FILE)
def test_set_ca_cert_missing_args_invalid(self): """ Test API set_ca_cert raises exception when all required args are not provided """ cert_util = EdgeCertUtil() with patch('edgectl.utils.EdgeUtils.check_if_file_exists', MagicMock(return_value=True)): with self.assertRaises(edgectl.errors.EdgeValueError): cert_util.set_ca_cert('root', ca_root_cert_file_path=CA_OWNER_CERT_FILE_NAME, ca_root_chain_cert_file_path=CA_CHAIN_CERT_FILE_NAME, ca_private_key_file_path=CA_PRIVATE_KEY_FILE_NAME) with self.assertRaises(edgectl.errors.EdgeValueError): cert_util.set_ca_cert('root', ca_cert_file_path=CA_CERT_FILE_NAME, ca_root_chain_cert_file_path=CA_CHAIN_CERT_FILE_NAME, ca_private_key_file_path=CA_PRIVATE_KEY_FILE_NAME) with self.assertRaises(edgectl.errors.EdgeValueError): cert_util.set_ca_cert('root', ca_cert_file_path=CA_CERT_FILE_NAME, ca_root_cert_file_path=CA_OWNER_CERT_FILE_NAME, ca_private_key_file_path=CA_PRIVATE_KEY_FILE_NAME) with self.assertRaises(edgectl.errors.EdgeValueError): cert_util.set_ca_cert('root', ca_cert_file_path=CA_CERT_FILE_NAME, ca_root_cert_file_path=CA_OWNER_CERT_FILE_NAME, ca_root_chain_cert_file_path=CA_CHAIN_CERT_FILE_NAME) with patch(OPEN_BUILTIN, mock_open(read_data='MOCKEDPASSWORD')) as mocked_open: mocked_open.side_effect = IOError()
def _generate_self_signed_certs(certificate_config, hostname, certs_dir): log.info('Generating self signed certificates at: %s', certs_dir) device_ca_phrase = None agent_ca_phrase = None if certificate_config.force_no_passwords is False: device_ca_phrase = certificate_config.device_ca_passphrase if device_ca_phrase is None or device_ca_phrase == '': bypass_opts = ['--device-ca-passphrase', '--device-ca-passphrase-file'] device_ca_phrase = EdgeHostPlatform._prompt_password('Edge Device', bypass_opts, 'deviceCAPassphraseFilePath') agent_ca_phrase = certificate_config.agent_ca_passphrase if agent_ca_phrase is None or agent_ca_phrase == '': bypass_opts = ['--agent-ca-passphrase', '--agent-ca-passphrase-file'] agent_ca_phrase = EdgeHostPlatform._prompt_password('Edge Agent', bypass_opts, 'agentCAPassphraseFilePath') cert_util = EdgeCertUtil() cert_util.create_root_ca_cert('edge-device-ca', validity_days_from_now=365, subject_dict=certificate_config.certificate_subject_dict, passphrase=device_ca_phrase) EdgeHostPlatform._generate_certs_common(cert_util, hostname, certs_dir, agent_ca_phrase)
def test_export_cert_artifacts_to_dir_incorrect_id_invalid(self, mock_chk_dir): """ Test API export_cert_artifacts_to_dir raises exception when invalid id used """ cert_util = EdgeCertUtil() with self.assertRaises(edgectl.errors.EdgeValueError): mock_chk_dir.return_value = True cert_util.export_cert_artifacts_to_dir('root', 'some_dir')
def test_create_root_ca_cert_subject_dict_invalid(self): """ Test API create_root_ca_cert raises exception when invalid cert dicts are used """ cert_util = EdgeCertUtil() with patch('edgectl.utils.EdgeCertUtil.is_valid_certificate_subject', MagicMock(return_value=False)): with self.assertRaises(edgectl.errors.EdgeValueError): cert_util.create_root_ca_cert('root', subject_dict=VALID_SUBJECT_DICT)
def test_create_root_ca_cert_validity_days_invalid(self): """ Test API create_root_ca_cert raises exception when invalid validity day values are used """ cert_util = EdgeCertUtil() for validity in [-1, 0, 366, 1096]: with self.assertRaises(edgectl.errors.EdgeValueError): cert_util.create_root_ca_cert('root', subject_dict=VALID_SUBJECT_DICT, validity_days_from_now=validity)
def test_set_ca_cert_passphrase_invalid(self): """ Test API set_ca_cert raises exception when passphrase is invalid """ cert_util = EdgeCertUtil() with patch('edgectl.utils.EdgeUtils.check_if_file_exists', MagicMock(return_value=True)): with self.assertRaises(edgectl.errors.EdgeValueError): cert_util.set_ca_cert('root', ca_cert_file_path=CA_CERT_FILE_NAME, ca_root_cert_file_path=CA_OWNER_CERT_FILE_NAME, ca_root_chain_cert_file_path=CA_CHAIN_CERT_FILE_NAME, ca_private_key_file_path=CA_PRIVATE_KEY_FILE_NAME, passphrase='') with self.assertRaises(edgectl.errors.EdgeValueError): cert_util.set_ca_cert('root', ca_cert_file_path=CA_CERT_FILE_NAME, ca_root_cert_file_path=CA_OWNER_CERT_FILE_NAME, ca_root_chain_cert_file_path=CA_CHAIN_CERT_FILE_NAME, ca_private_key_file_path=CA_PRIVATE_KEY_FILE_NAME, passphrase='123') bad_pass_1024 = 'a' * 1024 with self.assertRaises(edgectl.errors.EdgeValueError): cert_util.set_ca_cert('root', ca_cert_file_path=CA_CERT_FILE_NAME, ca_root_cert_file_path=CA_OWNER_CERT_FILE_NAME, ca_root_chain_cert_file_path=CA_CHAIN_CERT_FILE_NAME, ca_private_key_file_path=CA_PRIVATE_KEY_FILE_NAME, passphrase=bad_pass_1024)
def test_create_server_cert_passphrase_invalid(self): """ Test API create_server_cert raises exception when passphrase is invalid """ cert_util = EdgeCertUtil() cert_util.create_root_ca_cert('root', subject_dict=VALID_SUBJECT_DICT) with self.assertRaises(edgectl.errors.EdgeValueError): cert_util.create_server_cert('server', 'root', host_name='name', passphrase='') with self.assertRaises(edgectl.errors.EdgeValueError): cert_util.create_server_cert('server', 'root', host_name='name', passphrase='123') bad_pass = '******' * 1024 with self.assertRaises(edgectl.errors.EdgeValueError): cert_util.create_server_cert('server', 'root', host_name='name', passphrase=bad_pass)
def test_set_ca_cert_open_failure_invalid(self): """ Test API set_ca_cert raises exception when open() cert private key file fails """ cert_util = EdgeCertUtil() with patch('edgectl.utils.EdgeUtils.check_if_file_exists', MagicMock(return_value=True)): with patch(OPEN_BUILTIN, mock_open(read_data='MOCKED')) as mocked_open: mocked_open.side_effect = IOError() with self.assertRaises(edgectl.errors.EdgeFileAccessError): cert_util.set_ca_cert('root', ca_cert_file_path=CA_CERT_FILE_NAME, ca_root_cert_file_path=CA_OWNER_CERT_FILE_NAME, ca_root_chain_cert_file_path=CA_CHAIN_CERT_FILE_NAME, ca_private_key_file_path=CA_PRIVATE_KEY_FILE_NAME, passphrase='1234') mocked_open.assert_called_with(CA_PRIVATE_KEY_FILE_NAME, 'rb')
def test_set_ca_cert_load_privatekey_failure_invalid(self, mock_util_chk, mock_load_pk): """ Test API set_ca_cert raises exception when calling API load_privatekey """ cert_util = EdgeCertUtil() mock_util_chk.return_value = True with patch(OPEN_BUILTIN, mock_open(read_data='MOCKED')) as mocked_open: mock_load_pk.side_effect = crypto.Error() with self.assertRaises(edgectl.errors.EdgeValueError): cert_util.set_ca_cert('root', ca_cert_file_path=CA_CERT_FILE_NAME, ca_root_cert_file_path=CA_OWNER_CERT_FILE_NAME, ca_root_chain_cert_file_path=CA_CHAIN_CERT_FILE_NAME, ca_private_key_file_path=CA_PRIVATE_KEY_FILE_NAME, passphrase='1234') mocked_open.assert_called_with(CA_PRIVATE_KEY_FILE_NAME, 'rb') mock_load_pk.assert_called_with(crypto.FILETYPE_PEM, 'MOCKED', passphrase='1234')
def test_set_ca_cert_load_cert_io_failure_invalid(self, mock_util_chk, mock_load_pk, mock_check_pk, mock_load_cert): """ Test API set_ca_cert raises exception when loading certificate fails """ cert_util = EdgeCertUtil() mock_util_chk.return_value = True with patch(OPEN_BUILTIN, mock_open(read_data='MOCKED')): mock_load_pk.return_value = crypto.PKey() mock_check_pk.return_value = True mock_load_cert.side_effect = IOError() with self.assertRaises(edgectl.errors.EdgeFileAccessError): cert_util.set_ca_cert('root', ca_cert_file_path=CA_CERT_FILE_NAME, ca_root_cert_file_path=CA_OWNER_CERT_FILE_NAME, ca_root_chain_cert_file_path=CA_CHAIN_CERT_FILE_NAME, ca_private_key_file_path=CA_PRIVATE_KEY_FILE_NAME, passphrase='1234') mock_load_cert.assert_called_with(crypto.FILETYPE_PEM, 'MOCKED')
def test_certificate_subject_valid(self): """ Test API validate_certificate_subject returns True when correct inputs are used """ self.assertTrue(EdgeCertUtil.is_valid_certificate_subject(VALID_SUBJECT_DICT)) string_val_64 = 'a' * 64 string_val_128 = 'a' * 128 valid_lengths_dict = { EC.SUBJECT_COUNTRY_KEY: ['AB'], EC.SUBJECT_STATE_KEY: ['', string_val_128], EC.SUBJECT_LOCALITY_KEY: ['', string_val_128], EC.SUBJECT_ORGANIZATION_KEY: ['', string_val_64], EC.SUBJECT_ORGANIZATION_UNIT_KEY: ['', string_val_64], EC.SUBJECT_COMMON_NAME_KEY: [string_val_64], } for key in list(VALID_SUBJECT_DICT.keys()): test_dict = VALID_SUBJECT_DICT.copy() for test_case in list(valid_lengths_dict[key]): test_dict[key] = test_case self.assertTrue(EdgeCertUtil.is_valid_certificate_subject(test_dict), key)
def test_set_ca_cert_duplicate_id_invalid(self, mock_util_chk, mock_load_pk, mock_check_pk, mock_load_cert, mock_expired): """ Test API set_ca_cert raises exception when loading certificate fails """ cert_util = EdgeCertUtil() mock_util_chk.return_value = True with patch(OPEN_BUILTIN, mock_open(read_data='MOCKED')): mock_load_pk.return_value = crypto.PKey() mock_check_pk.return_value = True mock_load_cert.return_value = crypto.X509() mock_expired.return_value = False cert_util.set_ca_cert('root', ca_cert_file_path=CA_CERT_FILE_NAME, ca_root_cert_file_path=CA_OWNER_CERT_FILE_NAME, ca_root_chain_cert_file_path=CA_CHAIN_CERT_FILE_NAME, ca_private_key_file_path=CA_PRIVATE_KEY_FILE_NAME, passphrase='1234') with self.assertRaises(edgectl.errors.EdgeValueError): cert_util.set_ca_cert('root', ca_cert_file_path=CA_CERT_FILE_NAME, ca_root_cert_file_path=CA_OWNER_CERT_FILE_NAME, ca_root_chain_cert_file_path=CA_CHAIN_CERT_FILE_NAME, ca_private_key_file_path=CA_PRIVATE_KEY_FILE_NAME, passphrase='1234')
def test_create_root_ca_cert_duplicate_ids_invalid(self): """ Test API create_root_ca_cert raises exception when duplicate id's are used """ cert_util = EdgeCertUtil() cert_util.create_root_ca_cert('root', subject_dict=VALID_SUBJECT_DICT) with self.assertRaises(edgectl.errors.EdgeValueError): cert_util.create_root_ca_cert('root', subject_dict=VALID_SUBJECT_DICT)
def test_create_server_cert_duplicate_ids_invalid(self): """ Test API create_server_cert raises exception when invalid validity day values used """ cert_util = EdgeCertUtil() cert_util.create_root_ca_cert('root', subject_dict=VALID_SUBJECT_DICT) with self.assertRaises(edgectl.errors.EdgeValueError): cert_util.create_server_cert('root', 'root', host_name='name')
def _generate_certs_using_device_ca(certificate_config, hostname, certs_dir): log.info('Generating Device CA based certificates at: %s', certs_dir) agent_ca_phrase = None if certificate_config.force_no_passwords is False: agent_ca_phrase = certificate_config.agent_ca_passphrase if agent_ca_phrase is None or agent_ca_phrase == '': bypass_opts = ['--agent-ca-passphrase', '--agent-ca-passphrase-file'] agent_ca_phrase = EdgeHostPlatform._prompt_password('Edge Agent', bypass_opts, 'agentCAPassphraseFilePath') cert_util = EdgeCertUtil() chain_cert_file = certificate_config.device_ca_chain_cert_file_path private_key_file = certificate_config.device_ca_private_key_file_path cert_util.set_ca_cert('edge-device-ca', ca_cert_file_path=certificate_config.device_ca_cert_file_path, ca_root_cert_file_path=certificate_config.owner_ca_cert_file_path, ca_root_chain_cert_file_path=chain_cert_file, ca_private_key_file_path=private_key_file, passphrase=certificate_config.device_ca_passphrase) EdgeHostPlatform._generate_certs_common(cert_util, hostname, certs_dir, agent_ca_phrase)
def test_export_cert_artifacts_to_dir_invalid_dir_invalid(self, mock_chk_dir): """ Test API export_cert_artifacts_to_dir raises exception when invalid id used """ cert_util = EdgeCertUtil() cert_util.create_root_ca_cert('root', subject_dict=VALID_SUBJECT_DICT) with self.assertRaises(edgectl.errors.EdgeValueError): mock_chk_dir.return_value = False cert_util.export_cert_artifacts_to_dir('root', 'some_dir')
def test_create_server_cert_hostname_invalid(self): """ Test API create_server_cert raises exception when hostname is invalid """ cert_util = EdgeCertUtil() cert_util.create_root_ca_cert('root', subject_dict=VALID_SUBJECT_DICT) with self.assertRaises(edgectl.errors.EdgeValueError): cert_util.create_server_cert('int', 'root') with self.assertRaises(edgectl.errors.EdgeValueError): cert_util.create_server_cert('int', 'root', host_name=None) with self.assertRaises(edgectl.errors.EdgeValueError): cert_util.create_server_cert('int', 'root', host_name='') bad_hostname = 'a' * 65 with self.assertRaises(edgectl.errors.EdgeValueError): cert_util.create_server_cert('int', 'root', host_name=bad_hostname)