Exemple #1
0
    def test_barbican_cert_text(self):
        # Certificate data
        self.certificate = str(sample.X509_CERT)
        self.intermediates = str(sample.X509_IMDS_LIST)
        self.private_key = str(sample.X509_CERT_KEY_ENCRYPTED)
        self.private_key_passphrase = str(sample.X509_CERT_KEY_PASSPHRASE)
        self._prepare()

        container = containers.CertificateContainer(
            api=mock.MagicMock(),
            certificate=self.certificate_secret,
            intermediates=self.intermediates_secret,
            private_key=self.private_key_secret,
            private_key_passphrase=self.private_key_passphrase_secret)
        # Create a cert
        cert = barbican_common.BarbicanCert(cert_container=container)

        # Validate the cert functions
        self.assertEqual(cert.get_certificate(),
                         octavia_utils.b(str(sample.X509_CERT)))
        self.assertEqual(cert.get_intermediates(), sample.X509_IMDS_LIST)
        self.assertEqual(cert.get_private_key(),
                         octavia_utils.b(str(sample.X509_CERT_KEY_ENCRYPTED)))
        self.assertEqual(cert.get_private_key_passphrase(),
                         octavia_utils.b(sample.X509_CERT_KEY_PASSPHRASE))
Exemple #2
0
    def _query(self, query):
        """Send the given query to the haproxy statistics socket.

        :returns: the output of a successful query as a string with trailing
                  newlines removed, or raise an Exception if the query fails.
        """

        sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)

        try:
            sock.connect(self.socket)
        except socket.error as e:
            raise Exception(
                _("HAProxy '{0}' query failed.").format(query)) from e

        try:
            sock.send(octavia_utils.b(query + '\n'))
            data = u''
            while True:
                x = sock.recv(1024)
                if not x:
                    break
                data += x.decode('ascii') if (
                    isinstance(x, bytes)) else x
            return data.rstrip()
        finally:
            sock.close()
Exemple #3
0
    def test_get_cert(self):
        # Mock out the client
        self.bc.containers.register_consumer.return_value = self.container

        # Get the container data
        data = self.cert_manager.get_cert(
            context=self.context,
            cert_ref=self.container_ref,
            resource_ref=self.container_ref,
            service_name='Octavia'
        )

        # 'register_consumer' should be called once with the container_ref
        self.bc.containers.register_consumer.assert_called_once_with(
            container_ref=self.container_ref,
            url=self.container_ref,
            name='Octavia'
        )

        # The returned data should be a Cert object with the correct values
        self.assertIsInstance(data, cert.Cert)
        self.assertEqual(data.get_private_key(),
                         self.private_key.payload)
        self.assertEqual(data.get_certificate(),
                         self.certificate.payload)
        self.assertEqual(data.get_intermediates(),
                         sample.X509_IMDS_LIST)
        self.assertEqual(data.get_private_key_passphrase(),
                         octavia_utils.b(self.private_key_passphrase.payload))
Exemple #4
0
    def get_haproxy_config(self, lb_id):
        """Gets the haproxy config

        :param listener_id: the id of the listener
        """
        self._check_lb_exists(lb_id)
        with open(util.config_path(lb_id), 'r') as file:
            cfg = file.read()
            resp = webob.Response(cfg, content_type='text/plain')
            resp.headers['ETag'] = (hashlib.md5(
                octavia_utils.b(cfg)).hexdigest())  # nosec
            return resp
Exemple #5
0
    def test_query(self, mock_socket):

        sock = mock.MagicMock()
        sock.connect.side_effect = [None, socket.error]
        sock.recv.side_effect = ['testdata', None]
        mock_socket.return_value = sock

        self.q._query('test')

        sock.connect.assert_called_once_with('')
        sock.send.assert_called_once_with(octavia_utils.b('test\n'))
        sock.recv.assert_called_with(1024)
        self.assertTrue(sock.close.called)

        self.assertRaisesRegex(Exception, 'HAProxy \'test\' query failed.',
                               self.q._query, 'test')
Exemple #6
0
    def get_certificate_md5(self, lb_id, filename):
        self._check_ssl_filename_format(filename)

        cert_path = self._cert_file_path(lb_id, filename)
        path_exists = os.path.exists(cert_path)
        if not path_exists:
            return webob.Response(json=dict(
                message='Certificate Not Found',
                details="No certificate with filename: {f}".format(
                    f=filename)),
                                  status=404)

        with open(cert_path, 'r') as crt_file:
            cert = crt_file.read()
            md5 = hashlib.md5(octavia_utils.b(cert)).hexdigest()  # nosec
            resp = webob.Response(json=dict(md5sum=md5))
            resp.headers['ETag'] = md5
            return resp
    def test_get_cert_no_registration(self):
        self.bc.containers.get.return_value = self.container

        # Get the container data
        data = self.cert_manager.get_cert(context=self.context,
                                          cert_ref=self.container_ref,
                                          check_only=True)

        # 'get' should be called once with the container_ref
        self.bc.containers.get.assert_called_once_with(
            container_ref=self.container_ref)

        # The returned data should be a Cert object with the correct values
        self.assertIsInstance(data, cert.Cert)
        self.assertEqual(data.get_private_key(), self.private_key.payload)
        self.assertEqual(data.get_certificate(), self.certificate.payload)
        self.assertEqual(data.get_intermediates(), sample.X509_IMDS_LIST)
        self.assertEqual(data.get_private_key_passphrase(),
                         octavia_utils.b(self.private_key_passphrase.payload))
Exemple #8
0
def _split_x509s(xstr):
    """Split the input string into individual x509 text blocks

    :param xstr: A large multi x509 certificate blcok
    :returns: A list of strings where each string represents an
    X509 pem block surrounded by BEGIN CERTIFICATE,
    END CERTIFICATE block tags
    """
    curr_pem_block = []
    inside_x509 = False
    if isinstance(xstr, bytes):
        xstr = xstr.decode('utf-8')
    for line in xstr.replace("\r", "").split("\n"):
        if inside_x509:
            curr_pem_block.append(line)
            if line == X509_END.decode('utf-8'):
                yield octavia_utils.b("\n".join(curr_pem_block))
                curr_pem_block = []
                inside_x509 = False
            continue
        if line == X509_BEG.decode('utf-8'):
            curr_pem_block.append(line)
            inside_x509 = True