def test_create_stored_key_order(self): test_model = order_models.OrderModel(**self.stored_key_data) test_model.meta['container_ref'] = ( self.create_asymmetric_key_container()) create_resp, order_ref = self.behaviors.create_order(test_model) self.assertEqual(202, create_resp.status_code) self.assertIsNotNone(order_ref) order_resp = self.behaviors.get_order(order_ref) self.verify_pending_waiting_for_ca(order_resp)
def test_create_simple_csc_order_with_pkcs10_signed_by_wrong_key(self): test_model = order_models.OrderModel(**self.simple_cmc_data) test_model.meta['request_data'] = base64.b64encode( certutil.create_csr_signed_with_wrong_key()) create_resp, order_ref = self.behaviors.create_order(test_model) self.assertEqual(400, create_resp.status_code) self.confirm_error_message( create_resp, "Invalid PKCS10 Data: Signing key incorrect" )
def test_delete_order_defaults(self): """Covers simple order deletion.""" # create an order test_model = order_models.OrderModel(**order_create_defaults_data) create_resp, order_ref = self.behaviors.create_order(test_model) # delete the order delete_resp = self.behaviors.delete_order(order_ref) # verify the delete self.assertEqual(delete_resp.status_code, 204)
def test_create_stored_key_order_with_invalid_container_ref(self): test_model = order_models.OrderModel(**self.stored_key_data) test_model.meta['container_ref'] = INVALID_CONTAINER_REF create_resp, order_ref = self.behaviors.create_order(test_model) self.assertEqual(400, create_resp.status_code) self.confirm_error_message( create_resp, "Order creation issue seen - " "Invalid container: Bad Container Reference " + INVALID_CONTAINER_REF + "." )
def test_create_custom_order_with_invalid_dogtag_data(self): # TODO(alee) this test is broken because Dogtag does not return the # correct type of exception, Fix this when Dogtag is fixed. test_model = order_models.OrderModel(**self.dogtag_custom_data) test_model.meta['cert_request'] = "invalid_data" create_resp, order_ref = self.behaviors.create_order(test_model) self.assertEqual(202, create_resp.status_code) self.assertIsNotNone(order_ref) order_resp = self.wait_for_order(order_ref) self.assertEqual('ERROR', order_resp.model.status)
def test_create_full_cmc_order(self): test_model = order_models.OrderModel(**self.full_cmc_data) test_model.meta['request_data'] = base64.b64encode( certutil.create_good_csr()) create_resp, order_ref = self.behaviors.create_order(test_model) self.assertEqual(400, create_resp.status_code) self.assertIsNone(order_ref) self.confirm_error_message( create_resp, "Full CMC Requests are not yet supported." )
def test_create_stored_key_order_with_subject_dn_missing(self): test_model = order_models.OrderModel(**self.stored_key_data) test_model.meta['container_ref'] = ( self.create_asymmetric_key_container()) del test_model.meta['subject_dn'] create_resp, order_ref = self.behaviors.create_order(test_model) self.assertEqual(400, create_resp.status_code) self.confirm_error_message( create_resp, "Missing required metadata field for subject_dn" )
def test_order_create_oversized_strings(self): """Covers order creation with empty JSON.""" test_model = order_models.OrderModel(**self.create_default_data) test_model.meta['name'] = base.TestCase.oversized_field test_model.meta['algorithm'] = base.TestCase.oversized_field test_model.meta['mode'] = base.TestCase.oversized_field create_resp, order_ref = self.behaviors.create_order(test_model) self.assertEqual(400, create_resp.status_code) self.assertIsNone(order_ref)
def test_create_cert_order_with_invalid_type(self): test_model = order_models.OrderModel(**self.simple_cmc_data) test_model.meta['request_data'] = base64.b64encode( certutil.create_good_csr()) test_model.meta['request_type'] = "invalid_type" create_resp, order_ref = self.behaviors.create_order(test_model) self.assertEqual(400, create_resp.status_code) self.confirm_error_message( create_resp, "Invalid Certificate Request Type" )
def test_create_stored_key_order_with_subject_dn_invalid(self): test_model = order_models.OrderModel(**self.stored_key_data) test_model.meta['container_ref'] = ( self.create_asymmetric_key_container()) test_model.meta['subject_dn'] = "invalid_subject_dn" create_resp, order_ref = self.behaviors.create_order(test_model) self.assertEqual(400, create_resp.status_code) self.confirm_error_message( create_resp, "Invalid subject DN: invalid_subject_dn" )
def test_encryption_using_generated_key(self): """Tests functionality of a generated asymmetric key pair.""" test_model = order_models.OrderModel(**self.asymmetric_data) create_resp, order_ref = self.behaviors.create_order(test_model) self.assertEqual(create_resp.status_code, 202) order_resp = self.behaviors.get_order(order_ref) self.assertEqual(order_resp.status_code, 200) container_resp = self.container_behaviors.get_container( order_resp.model.container_ref) self.assertEqual(container_resp.status_code, 200) secret_dict = {} for secret in container_resp.model.secret_refs: self.assertIsNotNone(secret.secret_ref) secret_resp = self.secret_behaviors.get_secret( secret.secret_ref, "application/octet-stream") self.assertIsNotNone(secret_resp) secret_dict[secret.name] = secret_resp.content private_key = serialization.load_pem_private_key( secret_dict['private_key'], password=None, backend=backends.default_backend() ) public_key = serialization.load_pem_public_key( secret_dict['public_key'], backend=backends.default_backend() ) self.assertIsNotNone(private_key) self.assertIsNotNone(public_key) message = b'plaintext message' ciphertext = public_key.encrypt( message, padding.OAEP( mgf=padding.MGF1(algorithm=hashes.SHA1()), algorithm=hashes.SHA1(), label=None ) ) plaintext = private_key.decrypt( ciphertext, padding.OAEP( mgf=padding.MGF1(algorithm=hashes.SHA1()), algorithm=hashes.SHA1(), label=None ) ) self.assertEqual(message, plaintext)
def test_create_simple_cmc_order_with_non_approved_dogtag_profile(self): test_model = order_models.OrderModel(**self.simple_cmc_data) test_model.meta['request_data'] = base64.b64encode( certutil.create_good_csr()) test_model.meta['profile'] = 'caTPSCert' test_model.meta['ca_id'] = self.get_dogtag_ca_id() create_resp, order_ref = self.behaviors.create_order(test_model) self.assertEqual(202, create_resp.status_code) self.assertIsNotNone(order_ref) order_resp = self.wait_for_order(order_ref) self.verify_pending_waiting_for_ca(order_resp)
def test_create_simple_cmc_with_profile_and_no_ca_id(self): test_model = order_models.OrderModel(**self.simple_cmc_data) test_model.meta['request_data'] = base64.b64encode( certutil.create_good_csr()) test_model.meta['profile'] = 'caServerCert' create_resp, order_ref = self.behaviors.create_order(test_model) self.assertEqual(400, create_resp.status_code) self.assertIsNone(order_ref) self.confirm_error_message( create_resp, "Missing required metadata field for ca_id" )
def create_orders(self, count=1, expected_return=202): """Utility function to create orders""" for _ in range(count): order_data = self.get_default_order_data() test_model = order_models.OrderModel(**order_data) resp, order_ref = self.order_behaviors.create_order( test_model, user_name=admin_b) self.assertEqual(expected_return, resp.status_code) if resp.status_code == 202: order_resp = self.order_behaviors.get_order(order_ref, user_name=admin_b) self.assertEqual(200, order_resp.status_code) self.order_secrets.append(order_resp.model.secret_ref)
def test_order_create_unauthed_with_proj_id(self): """Attempt to create an order with a project id, but no token Should return 401 """ model = order_models.OrderModel(self.create_default_data) headers = {'X-Project-Id': self.dummy_project_id} resp, order_ref = self.behaviors.create_order(model, extra_headers=headers, use_auth=False) self.assertEqual(401, resp.status_code)
def test_create_custom_order_with_valid_dogtag_data(self): # defaults to 'custom' type test_model = order_models.OrderModel(**self.dogtag_custom_data) test_model.meta['cert_request'] = base64.b64encode( certutil.create_good_csr()) create_resp, order_ref = self.behaviors.create_order(test_model) self.assertEqual(202, create_resp.status_code) self.assertIsNotNone(order_ref) order_resp = self.wait_for_order(order_ref) self.assertEqual('ACTIVE', order_resp.model.status) self.verify_cert_returned(order_resp)
def test_order_create_error_message_on_invalid_order_create(self): """Related Launchpad issue: 1269594.""" test_model = order_models.OrderModel(**self.create_default_data) test_model.meta['payload'] = "blarg!" resp, order_ref = self.behaviors.create_order(test_model) # Make sure we actually get a message back error_msg = jsonutils.loads(resp.content).get('title') self.assertEqual(400, resp.status_code) self.assertIsNotNone(error_msg) self.assertNotEqual(error_msg, 'None')
def test_create_stored_key_order_with_non_approved_dogtag_profile(self): test_model = order_models.OrderModel(**self.stored_key_data) test_model.meta['container_ref'] = ( self.create_asymmetric_key_container()) test_model.meta['profile'] = "caTPSCert" test_model.meta['ca_id'] = self.get_dogtag_ca_id() create_resp, order_ref = self.behaviors.create_order(test_model) self.assertEqual(202, create_resp.status_code) self.assertIsNotNone(order_ref) order_resp = self.wait_for_order(order_ref) self.verify_pending_waiting_for_ca(order_resp)
def test_create_cert_order_with_missing_request_type(self): # defaults to 'custom' type test_model = order_models.OrderModel(**self.dogtag_custom_data) test_model.meta['cert_request'] = base64.b64encode( certutil.create_good_csr()) test_model.meta['profile_id'] = 'caTPSCert' create_resp, order_ref = self.behaviors.create_order(test_model) self.assertEqual(202, create_resp.status_code) self.assertIsNotNone(order_ref) order_resp = self.behaviors.get_order(order_ref) self.verify_pending_waiting_for_ca(order_resp)
def test_create_stored_key_order_with_extensions(self): test_model = order_models.OrderModel(**self.stored_key_data) test_model.meta['container_ref'] = ( self.create_asymmetric_key_container()) test_model.meta['extensions'] = "any-extensions" create_resp, order_ref = self.behaviors.create_order(test_model) self.assertEqual(400, create_resp.status_code) self.confirm_error_message( create_resp, "Extensions are not yet supported. " "Specify a valid profile instead." )
def test_create_simple_cmc_with_profile_and_incorrect_ca_id(self): test_model = order_models.OrderModel(**self.simple_cmc_data) test_model.meta['request_data'] = base64.b64encode( certutil.create_good_csr()) test_model.meta['profile'] = 'caServerCert' test_model.meta['ca_id'] = 'incorrect_ca_id' create_resp, order_ref = self.behaviors.create_order(test_model) self.assertEqual(400, create_resp.status_code) self.assertIsNone(order_ref) self.confirm_error_message( create_resp, "Order creation issue seen - The ca_id provided " "in the request is invalid.")
def test_order_create_empty_entries(self): """Covers order creation with empty JSON.""" test_model = order_models.OrderModel(**self.create_all_none_data) test_model.meta['name'] = "" test_model.meta['algorithm'] = "" test_model.meta['mode'] = "" test_model.meta['bit_length'] = "" test_model.meta['payload_content_type'] = "" create_resp, order_ref = self.behaviors.create_order(test_model) self.assertEqual(400, create_resp.status_code) self.assertIsNone(order_ref)
def test_order_delete(self): """Covers simple order deletion.""" # create an order test_model = order_models.OrderModel(**self.create_default_data) create_resp, order_ref = self.behaviors.create_order(test_model) self.assertEqual(202, create_resp.status_code) self.assertIsNotNone(order_ref) # delete the order delete_resp = self.behaviors.delete_order(order_ref) # verify the delete self.assertEqual(204, delete_resp.status_code)
def test_create_stored_key_order_with_dogtag_profile(self): test_model = order_models.OrderModel(**self.stored_key_data) test_model.meta['container_ref'] = ( self.create_asymmetric_key_container()) test_model.meta['profile'] = "caServerCert" test_model.meta['ca_id'] = self.get_dogtag_ca_id() create_resp, order_ref = self.behaviors.create_order(test_model) self.assertEqual(202, create_resp.status_code) self.assertIsNotNone(order_ref) order_resp = self.wait_for_order(order_ref) self.assertEqual('ACTIVE', order_resp.model.status) self.verify_cert_returned(order_resp, is_stored_key_type=True)
def send_test_order(self, ca_ref=None, user_name=None, expected_return=202): test_model = order_models.OrderModel(**self.simple_cmc_data) test_model.meta['request_data'] = base64.b64encode( certutil.create_good_csr()) if ca_ref is not None: ca_id = hrefs.get_ca_id_from_ref(ca_ref) test_model.meta['ca_id'] = ca_id create_resp, order_ref = self.order_behaviors.create_order( test_model, user_name=user_name) self.assertEqual(expected_return, create_resp.status_code) if expected_return == 202: self.assertIsNotNone(order_ref) return order_ref
def test_create_simple_cmc_order_without_requestor_info(self): self.simple_cmc_data.pop("requestor_name", None) self.simple_cmc_data.pop("requestor_email", None) self.simple_cmc_data.pop("requestor_phone", None) test_model = order_models.OrderModel(**self.simple_cmc_data) test_model.meta['request_data'] = base64.b64encode( certutil.create_good_csr()) create_resp, order_ref = self.behaviors.create_order(test_model) self.assertEqual(202, create_resp.status_code) self.assertIsNotNone(order_ref) order_resp = self.behaviors.get_order(order_ref) self.verify_pending_waiting_for_ca(order_resp)
def test_create_simple_cmc_order_with_dogtag_profile(self): test_model = order_models.OrderModel(**self.simple_cmc_data) test_model.meta['request_data'] = base64.b64encode( certutil.create_good_csr()) test_model.meta['profile'] = 'caServerCert' test_model.meta['ca_id'] = self.get_dogtag_ca_id() create_resp, order_ref = self.behaviors.create_order(test_model) self.assertEqual(202, create_resp.status_code) self.assertIsNotNone(order_ref) order_resp = self.wait_for_order(order_ref) self.assertEqual('ACTIVE', order_resp.model.status) self.verify_cert_returned(order_resp)
def test_rbac_create_order(self, user, admin, expected_return): """Test RBAC for order creation Issue an order creation and verify that the correct http return code comes back for the specified user. :param user: the user who will attempt to do the create :param admin: the admin of the group containing the user :param expected_return: the expected http return code """ test_model = order_models.OrderModel(**get_default_order_data()) resp, order_ref = self.order_behaviors.create_order(test_model, user_name=user, admin=admin) self.assertEqual(expected_return, resp.status_code) self.assertEqual(expected_return == 202, order_ref is not None)
def test_create_stored_key_order_with_invalid_dogtag_profile(self): test_model = order_models.OrderModel(**self.stored_key_data) test_model.meta['container_ref'] = ( self.create_asymmetric_key_container()) test_model.meta['profile'] = "invalidProfileID" test_model.meta['ca_id'] = self.get_dogtag_ca_id() create_resp, order_ref = self.behaviors.create_order(test_model) self.assertEqual(202, create_resp.status_code) self.assertIsNotNone(order_ref) order_resp = self.wait_for_order(order_ref) self.assertEqual('ERROR', order_resp.model.status) self.assertIn('Problem with data in certificate request', order_resp.model.error_reason) self.assertIn('Profile not found', order_resp.model.error_reason)
def test_create_simple_cmc_with_dogtag_and_invalid_subject_dn(self): test_model = order_models.OrderModel(**self.simple_cmc_data) test_model.meta['request_data'] = base64.b64encode( certutil.create_csr_with_bad_subject_dn()) test_model.meta['profile'] = 'caServerCert' test_model.meta['ca_id'] = self.get_dogtag_ca_id() create_resp, order_ref = self.behaviors.create_order(test_model) self.assertEqual(202, create_resp.status_code) self.assertIsNotNone(order_ref) order_resp = self.wait_for_order(order_ref) self.assertEqual('ERROR', order_resp.model.status) self.assertEqual('400', order_resp.model.error_status_code) self.assertIn('Problem with data in certificate request', order_resp.model.error_reason)