def test_set_ca_cert_duplicate_id_invalid(self, mock_util_chk, mock_load_pk,
mock_check_pk, mock_load_cert, mock_expired):
"""
Test API set_ca_cert raises exception when loading certificate fails
"""
cert_util = EdgeCertUtil()
mock_util_chk.return_value = True
with patch(OPEN_BUILTIN, mock_open(read_data='MOCKED')):
mock_load_pk.return_value = crypto.PKey()
mock_check_pk.return_value = True
mock_load_cert.return_value = crypto.X509()
mock_expired.return_value = False
cert_util.set_ca_cert('root',
ca_cert_file_path=CA_CERT_FILE_NAME,
ca_root_cert_file_path=CA_OWNER_CERT_FILE_NAME,
ca_root_chain_cert_file_path=CA_CHAIN_CERT_FILE_NAME,
ca_private_key_file_path=CA_PRIVATE_KEY_FILE_NAME,
passphrase='1234')
with self.assertRaises(edgectl.errors.EdgeValueError):
cert_util.set_ca_cert('root',
ca_cert_file_path=CA_CERT_FILE_NAME,
ca_root_cert_file_path=CA_OWNER_CERT_FILE_NAME,
ca_root_chain_cert_file_path=CA_CHAIN_CERT_FILE_NAME,
ca_private_key_file_path=CA_PRIVATE_KEY_FILE_NAME,
passphrase='1234')
def test_set_ca_cert_missing_cert_files_invalid(self):
"""
Test API set_ca_cert raises exception when files found to not exist
"""
cert_util = EdgeCertUtil()
with patch('edgectl.utils.EdgeUtils.check_if_file_exists') as mock_check_file:
mock_check_file.side_effect = self._check_if_file_exists_helper
with self.assertRaises(edgectl.errors.EdgeValueError):
cert_util.set_ca_cert('root',
ca_cert_file_path=INVALID_FILE,
ca_root_cert_file_path=CA_OWNER_CERT_FILE_NAME,
ca_root_chain_cert_file_path=CA_CHAIN_CERT_FILE_NAME,
ca_private_key_file_path=CA_PRIVATE_KEY_FILE_NAME)
with self.assertRaises(edgectl.errors.EdgeValueError):
cert_util.set_ca_cert('root',
ca_cert_file_path=CA_CERT_FILE_NAME,
ca_root_cert_file_path=INVALID_FILE,
ca_root_chain_cert_file_path=CA_CHAIN_CERT_FILE_NAME,
ca_private_key_file_path=CA_PRIVATE_KEY_FILE_NAME)
with self.assertRaises(edgectl.errors.EdgeValueError):
cert_util.set_ca_cert('root',
ca_cert_file_path=CA_CERT_FILE_NAME,
ca_root_cert_file_path=CA_OWNER_CERT_FILE_NAME,
ca_root_chain_cert_file_path=INVALID_FILE,
ca_private_key_file_path=CA_PRIVATE_KEY_FILE_NAME)
with self.assertRaises(edgectl.errors.EdgeValueError):
cert_util.set_ca_cert('root',
ca_cert_file_path=CA_CERT_FILE_NAME,
ca_root_cert_file_path=CA_OWNER_CERT_FILE_NAME,
ca_root_chain_cert_file_path=CA_CHAIN_CERT_FILE_NAME,
ca_private_key_file_path=INVALID_FILE)
def test_set_ca_cert_missing_args_invalid(self):
"""
Test API set_ca_cert raises exception when all required args are not provided
"""
cert_util = EdgeCertUtil()
with patch('edgectl.utils.EdgeUtils.check_if_file_exists', MagicMock(return_value=True)):
with self.assertRaises(edgectl.errors.EdgeValueError):
cert_util.set_ca_cert('root',
ca_root_cert_file_path=CA_OWNER_CERT_FILE_NAME,
ca_root_chain_cert_file_path=CA_CHAIN_CERT_FILE_NAME,
ca_private_key_file_path=CA_PRIVATE_KEY_FILE_NAME)
with self.assertRaises(edgectl.errors.EdgeValueError):
cert_util.set_ca_cert('root',
ca_cert_file_path=CA_CERT_FILE_NAME,
ca_root_chain_cert_file_path=CA_CHAIN_CERT_FILE_NAME,
ca_private_key_file_path=CA_PRIVATE_KEY_FILE_NAME)
with self.assertRaises(edgectl.errors.EdgeValueError):
cert_util.set_ca_cert('root',
ca_cert_file_path=CA_CERT_FILE_NAME,
ca_root_cert_file_path=CA_OWNER_CERT_FILE_NAME,
ca_private_key_file_path=CA_PRIVATE_KEY_FILE_NAME)
with self.assertRaises(edgectl.errors.EdgeValueError):
cert_util.set_ca_cert('root',
ca_cert_file_path=CA_CERT_FILE_NAME,
ca_root_cert_file_path=CA_OWNER_CERT_FILE_NAME,
ca_root_chain_cert_file_path=CA_CHAIN_CERT_FILE_NAME)
with patch(OPEN_BUILTIN, mock_open(read_data='MOCKEDPASSWORD')) as mocked_open:
mocked_open.side_effect = IOError()
def test_set_ca_cert_open_failure_invalid(self):
"""
Test API set_ca_cert raises exception when open() cert private key file fails
"""
cert_util = EdgeCertUtil()
with patch('edgectl.utils.EdgeUtils.check_if_file_exists', MagicMock(return_value=True)):
with patch(OPEN_BUILTIN, mock_open(read_data='MOCKED')) as mocked_open:
mocked_open.side_effect = IOError()
with self.assertRaises(edgectl.errors.EdgeFileAccessError):
cert_util.set_ca_cert('root',
ca_cert_file_path=CA_CERT_FILE_NAME,
ca_root_cert_file_path=CA_OWNER_CERT_FILE_NAME,
ca_root_chain_cert_file_path=CA_CHAIN_CERT_FILE_NAME,
ca_private_key_file_path=CA_PRIVATE_KEY_FILE_NAME,
passphrase='1234')
mocked_open.assert_called_with(CA_PRIVATE_KEY_FILE_NAME, 'rb')
def test_set_ca_cert_load_privatekey_failure_invalid(self, mock_util_chk, mock_load_pk):
"""
Test API set_ca_cert raises exception when calling API load_privatekey
"""
cert_util = EdgeCertUtil()
mock_util_chk.return_value = True
with patch(OPEN_BUILTIN, mock_open(read_data='MOCKED')) as mocked_open:
mock_load_pk.side_effect = crypto.Error()
with self.assertRaises(edgectl.errors.EdgeValueError):
cert_util.set_ca_cert('root',
ca_cert_file_path=CA_CERT_FILE_NAME,
ca_root_cert_file_path=CA_OWNER_CERT_FILE_NAME,
ca_root_chain_cert_file_path=CA_CHAIN_CERT_FILE_NAME,
ca_private_key_file_path=CA_PRIVATE_KEY_FILE_NAME,
passphrase='1234')
mocked_open.assert_called_with(CA_PRIVATE_KEY_FILE_NAME, 'rb')
mock_load_pk.assert_called_with(crypto.FILETYPE_PEM, 'MOCKED', passphrase='1234')
def test_set_ca_cert_load_cert_io_failure_invalid(self, mock_util_chk, mock_load_pk,
mock_check_pk, mock_load_cert):
"""
Test API set_ca_cert raises exception when loading certificate fails
"""
cert_util = EdgeCertUtil()
mock_util_chk.return_value = True
with patch(OPEN_BUILTIN, mock_open(read_data='MOCKED')):
mock_load_pk.return_value = crypto.PKey()
mock_check_pk.return_value = True
mock_load_cert.side_effect = IOError()
with self.assertRaises(edgectl.errors.EdgeFileAccessError):
cert_util.set_ca_cert('root',
ca_cert_file_path=CA_CERT_FILE_NAME,
ca_root_cert_file_path=CA_OWNER_CERT_FILE_NAME,
ca_root_chain_cert_file_path=CA_CHAIN_CERT_FILE_NAME,
ca_private_key_file_path=CA_PRIVATE_KEY_FILE_NAME,
passphrase='1234')
mock_load_cert.assert_called_with(crypto.FILETYPE_PEM, 'MOCKED')
def test_set_ca_cert_passphrase_invalid(self):
"""
Test API set_ca_cert raises exception when passphrase is invalid
"""
cert_util = EdgeCertUtil()
with patch('edgectl.utils.EdgeUtils.check_if_file_exists', MagicMock(return_value=True)):
with self.assertRaises(edgectl.errors.EdgeValueError):
cert_util.set_ca_cert('root',
ca_cert_file_path=CA_CERT_FILE_NAME,
ca_root_cert_file_path=CA_OWNER_CERT_FILE_NAME,
ca_root_chain_cert_file_path=CA_CHAIN_CERT_FILE_NAME,
ca_private_key_file_path=CA_PRIVATE_KEY_FILE_NAME,
passphrase='')
with self.assertRaises(edgectl.errors.EdgeValueError):
cert_util.set_ca_cert('root',
ca_cert_file_path=CA_CERT_FILE_NAME,
ca_root_cert_file_path=CA_OWNER_CERT_FILE_NAME,
ca_root_chain_cert_file_path=CA_CHAIN_CERT_FILE_NAME,
ca_private_key_file_path=CA_PRIVATE_KEY_FILE_NAME,
passphrase='123')
bad_pass_1024 = 'a' * 1024
with self.assertRaises(edgectl.errors.EdgeValueError):
cert_util.set_ca_cert('root',
ca_cert_file_path=CA_CERT_FILE_NAME,
ca_root_cert_file_path=CA_OWNER_CERT_FILE_NAME,
ca_root_chain_cert_file_path=CA_CHAIN_CERT_FILE_NAME,
ca_private_key_file_path=CA_PRIVATE_KEY_FILE_NAME,
passphrase=bad_pass_1024)
def _generate_certs_using_device_ca(certificate_config, hostname, certs_dir):
log.info('Generating Device CA based certificates at: %s', certs_dir)
agent_ca_phrase = None
if certificate_config.force_no_passwords is False:
agent_ca_phrase = certificate_config.agent_ca_passphrase
if agent_ca_phrase is None or agent_ca_phrase == '':
bypass_opts = ['--agent-ca-passphrase', '--agent-ca-passphrase-file']
agent_ca_phrase = EdgeHostPlatform._prompt_password('Edge Agent',
bypass_opts,
'agentCAPassphraseFilePath')
cert_util = EdgeCertUtil()
chain_cert_file = certificate_config.device_ca_chain_cert_file_path
private_key_file = certificate_config.device_ca_private_key_file_path
cert_util.set_ca_cert('edge-device-ca',
ca_cert_file_path=certificate_config.device_ca_cert_file_path,
ca_root_cert_file_path=certificate_config.owner_ca_cert_file_path,
ca_root_chain_cert_file_path=chain_cert_file,
ca_private_key_file_path=private_key_file,
passphrase=certificate_config.device_ca_passphrase)
EdgeHostPlatform._generate_certs_common(cert_util, hostname, certs_dir, agent_ca_phrase)
