def test_x509_parses(self):
self.assertRaises(exceptions.UnreadableCert, cert_parser.validate_cert,
"BAD CERT")
self.assertTrue(cert_parser.validate_cert(ALT_EXT_CRT))
self.assertTrue(
cert_parser.validate_cert(ALT_EXT_CRT,
private_key=UNENCRYPTED_PKCS8_CRT_KEY))
def validate_tls_container(container_ref):
cert_container = None
lb_id = None
if curr_listener:
lb_id = curr_listener['loadbalancer_id']
else:
lb_id = listener.get('loadbalancer_id')
try:
cert_container = CERT_MANAGER_PLUGIN.CertManager.get_cert(
container_ref,
lb_id=lb_id)
except Exception as e:
if hasattr(e, 'status_code') and e.status_code == 404:
raise loadbalancerv2.TLSContainerNotFound(
container_id=container_ref)
else:
# Could be a keystone configuration error...
raise loadbalancerv2.CertManagerError(
ref=container_ref, reason=e.message
)
try:
cert_parser.validate_cert(
cert_container.get_certificate(),
private_key=cert_container.get_private_key(),
private_key_passphrase=(
cert_container.get_private_key_passphrase()),
intermediates=cert_container.get_intermediates())
except Exception as e:
CERT_MANAGER_PLUGIN.CertManager.delete_cert(
container_ref, lb_id)
raise loadbalancerv2.TLSContainerInvalid(
container_id=container_ref, reason=str(e))
def test_x509_parses(self):
self.assertRaises(exceptions.UnreadableCert,
cert_parser.validate_cert, "BAD CERT")
self.assertTrue(cert_parser.validate_cert(six.u(ALT_EXT_CRT)))
self.assertTrue(cert_parser.validate_cert(ALT_EXT_CRT))
self.assertTrue(cert_parser.validate_cert(ALT_EXT_CRT,
private_key=UNENCRYPTED_PKCS8_CRT_KEY))
def test_validate_cert_and_key_match(self):
self.assertTrue(
cert_parser.validate_cert(ALT_EXT_CRT,
private_key=ALT_EXT_CRT_KEY))
self.assertRaises(exceptions.MisMatchedKey,
cert_parser.validate_cert,
ALT_EXT_CRT,
private_key=SOME_OTHER_RSA_KEY)
def validate_tls_container(container_ref):
cert_container = None
try:
cert_container = CERT_MANAGER_PLUGIN.CertManager.get_cert(
container_ref, check_only=True)
except Exception:
raise loadbalancerv2.TLSContainerNotFound(
container_id=container_ref)
try:
cert_parser.validate_cert(
cert_container.get_certificate(),
private_key=cert_container.get_private_key(),
private_key_passphrase=(
cert_container.get_private_key_passphrase()),
intermediates=cert_container.get_intermediates())
except Exception as e:
raise loadbalancerv2.TLSContainerInvalid(
container_id=container_ref, reason=str(e))
def validate_tls_container(container_ref):
cert_container = None
try:
cert_container = CERT_MANAGER_PLUGIN.CertManager.get_cert(
container_ref, check_only=True)
except Exception:
raise loadbalancerv2.TLSContainerNotFound(
container_id=container_ref)
try:
cert_parser.validate_cert(
cert_container.get_certificate(),
private_key=cert_container.get_private_key(),
private_key_passphrase=(
cert_container.get_private_key_passphrase()),
intermediates=cert_container.get_intermediates())
except Exception as e:
raise loadbalancerv2.TLSContainerInvalid(
container_id=container_ref, reason=str(e))
def test_validate_cert_and_key_match(self):
self.assertTrue(cert_parser.validate_cert(ALT_EXT_CRT,
private_key=ALT_EXT_CRT_KEY))
self.assertRaises(exceptions.MisMatchedKey,
cert_parser.validate_cert,
ALT_EXT_CRT, private_key=SOME_OTHER_RSA_KEY)
def test_x509_parses_intermediates(self):
# Should not throw error when parsing with intermediates
cert_parser.validate_cert(ALT_EXT_CRT,
UNENCRYPTED_PKCS8_CRT_KEY,
intermediates=X509_IMDS)
def test_x509_parses_intermediates(self):
# Should not throw error when parsing with intermediates
cert_parser.validate_cert(ALT_EXT_CRT,
UNENCRYPTED_PKCS8_CRT_KEY,
intermediates=X509_IMDS)
