def test_create_pkcs12(self): ''' Test creating pkcs12 ''' ca_path = tempfile.mkdtemp(dir=integration.SYS_TMP_DIR) try: ca_name = 'test_ca' certp = '{0}/{1}/certs/{2}.p12'.format( ca_path, ca_name, _TLS_TEST_DATA['create_ca']['CN']) ret = 'Created PKCS#12 Certificate for "{0}": "{1}"'.format( _TLS_TEST_DATA['create_ca']['CN'], certp) mock_opt = MagicMock(return_value=ca_path) mock_ret = MagicMock(return_value=0) mock_pgt = MagicMock(return_value=False) with patch.dict( tls.__salt__, { 'config.option': mock_opt, 'cmd.retcode': mock_ret, 'pillar.get': mock_pgt }): with patch.dict(tls.__opts__, { 'hash_type': 'sha256', 'cachedir': ca_path }): tls.create_ca(ca_name) tls.create_csr(ca_name, **_TLS_TEST_DATA['create_ca']) tls.create_ca_signed_cert( ca_name, _TLS_TEST_DATA['create_ca']['CN']) self.assertEqual( tls.create_pkcs12(ca_name, _TLS_TEST_DATA['create_ca']['CN'], 'password'), ret) finally: if os.path.isdir(ca_path): shutil.rmtree(ca_path)
def test_recreate_ca_signed_cert(self): ''' Test signing certificate from request when certificate exists ''' ca_path = tempfile.mkdtemp(dir=TMP) try: ca_name = 'test_ca' certp = '{0}/{1}/certs/{2}.crt'.format( ca_path, ca_name, _TLS_TEST_DATA['create_ca']['CN']) ret = 'Created Certificate for "{0}": "{1}"'.format( _TLS_TEST_DATA['create_ca']['CN'], certp) mock_opt = MagicMock(return_value=ca_path) mock_ret = MagicMock(return_value=0) mock_pgt = MagicMock(return_value=False) with patch.dict(tls.__salt__, {'config.option': mock_opt, 'cmd.retcode': mock_ret, 'pillar.get': mock_pgt}), \ patch.dict(tls.__opts__, {'hash_type': 'sha256', 'cachedir': ca_path}), \ patch('salt.modules.tls.maybe_fix_ssl_version', MagicMock(return_value=True)): tls.create_ca(ca_name) tls.create_csr(ca_name) tls.create_ca_signed_cert(ca_name, _TLS_TEST_DATA['create_ca']['CN']) self.assertEqual( tls.create_ca_signed_cert( ca_name, _TLS_TEST_DATA['create_ca']['CN'], replace=True), ret) finally: if os.path.isdir(ca_path): shutil.rmtree(ca_path)
def test_recreate_pkcs12(self, ca_path): ''' Test creating pkcs12 when it already exists ''' ca_name = 'test_ca' certp = '{0}/{1}/certs/{2}.p12'.format( ca_path, ca_name, _TLS_TEST_DATA['create_ca']['CN']) ret = 'Created PKCS#12 Certificate for "{0}": "{1}"'.format( _TLS_TEST_DATA['create_ca']['CN'], certp) mock_opt = MagicMock(return_value=ca_path) mock_ret = MagicMock(return_value=0) mock_pgt = MagicMock(return_value=False) with patch.dict(tls.__salt__, {'config.option': mock_opt, 'cmd.retcode': mock_ret, 'pillar.get': mock_pgt}), \ patch.dict(tls.__opts__, {'hash_type': 'sha256', 'cachedir': ca_path}), \ patch.dict(_TLS_TEST_DATA['create_ca'], {'replace': True}), \ patch('salt.modules.tls.maybe_fix_ssl_version', MagicMock(return_value=True)): tls.create_ca(ca_name) tls.create_csr(ca_name) tls.create_ca_signed_cert(ca_name, _TLS_TEST_DATA['create_ca']['CN']) tls.create_pkcs12(ca_name, _TLS_TEST_DATA['create_ca']['CN'], 'password') self.assertEqual( tls.create_pkcs12(ca_name, _TLS_TEST_DATA['create_ca']['CN'], 'password', replace=True), ret)
def test_revoked_cert_should_return_False_from_validate(self): revoked_crl_filename = os.path.join(self.tempdir, "revoked.crl") tls.create_ca(self.ca_name) tls.create_csr( ca_name=self.ca_name, CN="testing.bad.localhost", ) tls.create_ca_signed_cert( ca_name=self.ca_name, CN="testing.bad.localhost", ) tls.create_empty_crl( ca_name=self.ca_name, crl_file=revoked_crl_filename, ) tls.revoke_cert( ca_name=self.ca_name, CN="testing.bad.localhost", crl_file=revoked_crl_filename, ) self.assertFalse( tls.validate( cert=os.path.join( self.tempdir, self.ca_name, "certs", "testing.bad.localhost.crt", ), ca_name=self.ca_name, crl_file=revoked_crl_filename, )["valid"])
def test_create_pkcs12(self, ca_path): """ Test creating pkcs12 """ ca_name = "test_ca" certp = "{0}/{1}/certs/{2}.p12".format( ca_path, ca_name, _TLS_TEST_DATA["create_ca"]["CN"]) ret = 'Created PKCS#12 Certificate for "{0}": "{1}"'.format( _TLS_TEST_DATA["create_ca"]["CN"], certp) mock_opt = MagicMock(return_value=ca_path) mock_ret = MagicMock(return_value=0) mock_pgt = MagicMock(return_value=False) with patch.dict( tls.__salt__, { "config.option": mock_opt, "cmd.retcode": mock_ret, "pillar.get": mock_pgt, }, ), patch.dict(tls.__opts__, { "hash_type": "sha256", "cachedir": ca_path }), patch("salt.modules.tls.maybe_fix_ssl_version", MagicMock(return_value=True)): tls.create_ca(ca_name) tls.create_csr(ca_name, **_TLS_TEST_DATA["create_ca"]) tls.create_ca_signed_cert(ca_name, _TLS_TEST_DATA["create_ca"]["CN"]) self.assertEqual( tls.create_pkcs12(ca_name, _TLS_TEST_DATA["create_ca"]["CN"], "password"), ret, )
def test_with_existing_ca_signing_csr_should_produce_valid_cert(self): print("Revoked should not be here") empty_crl_filename = os.path.join(self.tempdir, "empty.crl") tls.create_ca(self.ca_name) tls.create_csr( ca_name=self.ca_name, CN="testing.localhost", ) tls.create_ca_signed_cert( ca_name=self.ca_name, CN="testing.localhost", ) tls.create_empty_crl( ca_name=self.ca_name, crl_file=empty_crl_filename, ) ret = tls.validate( cert=os.path.join( self.tempdir, self.ca_name, "certs", "testing.localhost.crt", ), ca_name=self.ca_name, crl_file=empty_crl_filename, ) print("not there") self.assertTrue(ret["valid"], ret.get("error"))
def test_with_existing_ca_signing_csr_should_produce_valid_cert(self): print('Revoked should not be here') empty_crl_filename = os.path.join(self.tempdir, 'empty.crl') tls.create_ca(self.ca_name) tls.create_csr( ca_name=self.ca_name, CN='testing.localhost', ) tls.create_ca_signed_cert( ca_name=self.ca_name, CN='testing.localhost', ) tls.create_empty_crl( ca_name=self.ca_name, crl_file=empty_crl_filename, ) ret = tls.validate( cert=os.path.join( self.tempdir, self.ca_name, 'certs', 'testing.localhost.crt', ), ca_name=self.ca_name, crl_file=empty_crl_filename, ) print('not there') self.assertTrue(ret['valid'], ret.get('error'))
def test_validating_revoked_cert_with_no_crl_file_should_return_False( self): revoked_crl_filename = None tls.create_ca(self.ca_name) tls.create_csr( ca_name=self.ca_name, CN='testing.bad.localhost', ) tls.create_ca_signed_cert( ca_name=self.ca_name, CN='testing.bad.localhost', ) tls.create_empty_crl( ca_name=self.ca_name, crl_file=revoked_crl_filename, ) tls.revoke_cert( ca_name=self.ca_name, CN='testing.bad.localhost', crl_file=revoked_crl_filename, ) self.assertFalse( tls.validate( cert=os.path.join( self.tempdir, self.ca_name, 'certs', 'testing.bad.localhost.crt', ), ca_name=self.ca_name, crl_file=revoked_crl_filename, )['valid'])
def test_recreate_ca_signed_cert(self, ca_path): """ Test signing certificate from request when certificate exists """ ca_name = "test_ca" certp = "{}/{}/certs/{}.crt".format( ca_path, ca_name, _TLS_TEST_DATA["create_ca"]["CN"] ) ret = 'Created Certificate for "{}": "{}"'.format( _TLS_TEST_DATA["create_ca"]["CN"], certp ) mock_opt = MagicMock(return_value=ca_path) mock_ret = MagicMock(return_value=0) mock_pgt = MagicMock(return_value=False) with patch.dict( tls.__salt__, { "config.option": mock_opt, "cmd.retcode": mock_ret, "pillar.get": mock_pgt, }, ), patch.dict( tls.__opts__, {"hash_type": "sha256", "cachedir": ca_path} ), patch( "salt.modules.tls.maybe_fix_ssl_version", MagicMock(return_value=True) ): tls.create_ca(ca_name) tls.create_csr(ca_name) tls.create_ca_signed_cert(ca_name, _TLS_TEST_DATA["create_ca"]["CN"]) self.assertEqual( tls.create_ca_signed_cert( ca_name, _TLS_TEST_DATA["create_ca"]["CN"], replace=True ), ret, )
def test_create_pkcs12(self): ''' Test creating pkcs12 ''' ca_path = tempfile.mkdtemp(dir=integration.SYS_TMP_DIR) try: ca_name = 'test_ca' certp = '{0}/{1}/certs/{2}.p12'.format( ca_path, ca_name, _TLS_TEST_DATA['create_ca']['CN']) ret = 'Created PKCS#12 Certificate for "{0}": "{1}"'.format( _TLS_TEST_DATA['create_ca']['CN'], certp) mock_opt = MagicMock(return_value=ca_path) mock_ret = MagicMock(return_value=0) mock_pgt = MagicMock(return_value=False) with patch.dict(tls.__salt__, {'config.option': mock_opt, 'cmd.retcode': mock_ret, 'pillar.get': mock_pgt}): with patch.dict(tls.__opts__, {'hash_type': 'sha256', 'cachedir': ca_path}): tls.create_ca(ca_name) tls.create_csr(ca_name, **_TLS_TEST_DATA['create_ca']) tls.create_ca_signed_cert(ca_name, _TLS_TEST_DATA['create_ca']['CN']) self.assertEqual( tls.create_pkcs12(ca_name, _TLS_TEST_DATA['create_ca']['CN'], 'password'), ret) finally: if os.path.isdir(ca_path): shutil.rmtree(ca_path)