def test_create_stored_key_order(self):
test_model = order_models.OrderModel(**self.stored_key_data)
test_model.meta['container_ref'] = (
self.create_asymmetric_key_container())
create_resp, order_ref = self.behaviors.create_order(test_model)
self.assertEqual(202, create_resp.status_code)
self.assertIsNotNone(order_ref)
order_resp = self.behaviors.get_order(order_ref)
self.verify_pending_waiting_for_ca(order_resp)
def test_create_simple_csc_order_with_pkcs10_signed_by_wrong_key(self):
test_model = order_models.OrderModel(**self.simple_cmc_data)
test_model.meta['request_data'] = base64.b64encode(
certutil.create_csr_signed_with_wrong_key())
create_resp, order_ref = self.behaviors.create_order(test_model)
self.assertEqual(400, create_resp.status_code)
self.confirm_error_message(
create_resp,
"Invalid PKCS10 Data: Signing key incorrect"
)
def test_delete_order_defaults(self):
"""Covers simple order deletion."""
# create an order
test_model = order_models.OrderModel(**order_create_defaults_data)
create_resp, order_ref = self.behaviors.create_order(test_model)
# delete the order
delete_resp = self.behaviors.delete_order(order_ref)
# verify the delete
self.assertEqual(delete_resp.status_code, 204)
def test_create_stored_key_order_with_invalid_container_ref(self):
test_model = order_models.OrderModel(**self.stored_key_data)
test_model.meta['container_ref'] = INVALID_CONTAINER_REF
create_resp, order_ref = self.behaviors.create_order(test_model)
self.assertEqual(400, create_resp.status_code)
self.confirm_error_message(
create_resp,
"Order creation issue seen - "
"Invalid container: Bad Container Reference "
+ INVALID_CONTAINER_REF + "."
)
def test_create_custom_order_with_invalid_dogtag_data(self):
# TODO(alee) this test is broken because Dogtag does not return the
# correct type of exception, Fix this when Dogtag is fixed.
test_model = order_models.OrderModel(**self.dogtag_custom_data)
test_model.meta['cert_request'] = "invalid_data"
create_resp, order_ref = self.behaviors.create_order(test_model)
self.assertEqual(202, create_resp.status_code)
self.assertIsNotNone(order_ref)
order_resp = self.wait_for_order(order_ref)
self.assertEqual('ERROR', order_resp.model.status)
def test_create_full_cmc_order(self):
test_model = order_models.OrderModel(**self.full_cmc_data)
test_model.meta['request_data'] = base64.b64encode(
certutil.create_good_csr())
create_resp, order_ref = self.behaviors.create_order(test_model)
self.assertEqual(400, create_resp.status_code)
self.assertIsNone(order_ref)
self.confirm_error_message(
create_resp,
"Full CMC Requests are not yet supported."
)
def test_create_stored_key_order_with_subject_dn_missing(self):
test_model = order_models.OrderModel(**self.stored_key_data)
test_model.meta['container_ref'] = (
self.create_asymmetric_key_container())
del test_model.meta['subject_dn']
create_resp, order_ref = self.behaviors.create_order(test_model)
self.assertEqual(400, create_resp.status_code)
self.confirm_error_message(
create_resp,
"Missing required metadata field for subject_dn"
)
def test_order_create_oversized_strings(self):
"""Covers order creation with empty JSON."""
test_model = order_models.OrderModel(**self.create_default_data)
test_model.meta['name'] = base.TestCase.oversized_field
test_model.meta['algorithm'] = base.TestCase.oversized_field
test_model.meta['mode'] = base.TestCase.oversized_field
create_resp, order_ref = self.behaviors.create_order(test_model)
self.assertEqual(400, create_resp.status_code)
self.assertIsNone(order_ref)
def test_create_cert_order_with_invalid_type(self):
test_model = order_models.OrderModel(**self.simple_cmc_data)
test_model.meta['request_data'] = base64.b64encode(
certutil.create_good_csr())
test_model.meta['request_type'] = "invalid_type"
create_resp, order_ref = self.behaviors.create_order(test_model)
self.assertEqual(400, create_resp.status_code)
self.confirm_error_message(
create_resp,
"Invalid Certificate Request Type"
)
def test_create_stored_key_order_with_subject_dn_invalid(self):
test_model = order_models.OrderModel(**self.stored_key_data)
test_model.meta['container_ref'] = (
self.create_asymmetric_key_container())
test_model.meta['subject_dn'] = "invalid_subject_dn"
create_resp, order_ref = self.behaviors.create_order(test_model)
self.assertEqual(400, create_resp.status_code)
self.confirm_error_message(
create_resp,
"Invalid subject DN: invalid_subject_dn"
)
def test_encryption_using_generated_key(self):
"""Tests functionality of a generated asymmetric key pair."""
test_model = order_models.OrderModel(**self.asymmetric_data)
create_resp, order_ref = self.behaviors.create_order(test_model)
self.assertEqual(create_resp.status_code, 202)
order_resp = self.behaviors.get_order(order_ref)
self.assertEqual(order_resp.status_code, 200)
container_resp = self.container_behaviors.get_container(
order_resp.model.container_ref)
self.assertEqual(container_resp.status_code, 200)
secret_dict = {}
for secret in container_resp.model.secret_refs:
self.assertIsNotNone(secret.secret_ref)
secret_resp = self.secret_behaviors.get_secret(
secret.secret_ref, "application/octet-stream")
self.assertIsNotNone(secret_resp)
secret_dict[secret.name] = secret_resp.content
private_key = serialization.load_pem_private_key(
secret_dict['private_key'],
password=None,
backend=backends.default_backend()
)
public_key = serialization.load_pem_public_key(
secret_dict['public_key'],
backend=backends.default_backend()
)
self.assertIsNotNone(private_key)
self.assertIsNotNone(public_key)
message = b'plaintext message'
ciphertext = public_key.encrypt(
message,
padding.OAEP(
mgf=padding.MGF1(algorithm=hashes.SHA1()),
algorithm=hashes.SHA1(),
label=None
)
)
plaintext = private_key.decrypt(
ciphertext,
padding.OAEP(
mgf=padding.MGF1(algorithm=hashes.SHA1()),
algorithm=hashes.SHA1(),
label=None
)
)
self.assertEqual(message, plaintext)
def test_create_simple_cmc_order_with_non_approved_dogtag_profile(self):
test_model = order_models.OrderModel(**self.simple_cmc_data)
test_model.meta['request_data'] = base64.b64encode(
certutil.create_good_csr())
test_model.meta['profile'] = 'caTPSCert'
test_model.meta['ca_id'] = self.get_dogtag_ca_id()
create_resp, order_ref = self.behaviors.create_order(test_model)
self.assertEqual(202, create_resp.status_code)
self.assertIsNotNone(order_ref)
order_resp = self.wait_for_order(order_ref)
self.verify_pending_waiting_for_ca(order_resp)
def test_create_simple_cmc_with_profile_and_no_ca_id(self):
test_model = order_models.OrderModel(**self.simple_cmc_data)
test_model.meta['request_data'] = base64.b64encode(
certutil.create_good_csr())
test_model.meta['profile'] = 'caServerCert'
create_resp, order_ref = self.behaviors.create_order(test_model)
self.assertEqual(400, create_resp.status_code)
self.assertIsNone(order_ref)
self.confirm_error_message(
create_resp,
"Missing required metadata field for ca_id"
)
def create_orders(self, count=1, expected_return=202):
"""Utility function to create orders"""
for _ in range(count):
order_data = self.get_default_order_data()
test_model = order_models.OrderModel(**order_data)
resp, order_ref = self.order_behaviors.create_order(
test_model, user_name=admin_b)
self.assertEqual(expected_return, resp.status_code)
if resp.status_code == 202:
order_resp = self.order_behaviors.get_order(order_ref,
user_name=admin_b)
self.assertEqual(200, order_resp.status_code)
self.order_secrets.append(order_resp.model.secret_ref)
def test_order_create_unauthed_with_proj_id(self):
"""Attempt to create an order with a project id, but no token
Should return 401
"""
model = order_models.OrderModel(self.create_default_data)
headers = {'X-Project-Id': self.dummy_project_id}
resp, order_ref = self.behaviors.create_order(model,
extra_headers=headers,
use_auth=False)
self.assertEqual(401, resp.status_code)
def test_create_custom_order_with_valid_dogtag_data(self):
# defaults to 'custom' type
test_model = order_models.OrderModel(**self.dogtag_custom_data)
test_model.meta['cert_request'] = base64.b64encode(
certutil.create_good_csr())
create_resp, order_ref = self.behaviors.create_order(test_model)
self.assertEqual(202, create_resp.status_code)
self.assertIsNotNone(order_ref)
order_resp = self.wait_for_order(order_ref)
self.assertEqual('ACTIVE', order_resp.model.status)
self.verify_cert_returned(order_resp)
def test_order_create_error_message_on_invalid_order_create(self):
"""Related Launchpad issue: 1269594."""
test_model = order_models.OrderModel(**self.create_default_data)
test_model.meta['payload'] = "blarg!"
resp, order_ref = self.behaviors.create_order(test_model)
# Make sure we actually get a message back
error_msg = jsonutils.loads(resp.content).get('title')
self.assertEqual(400, resp.status_code)
self.assertIsNotNone(error_msg)
self.assertNotEqual(error_msg, 'None')
def test_create_stored_key_order_with_non_approved_dogtag_profile(self):
test_model = order_models.OrderModel(**self.stored_key_data)
test_model.meta['container_ref'] = (
self.create_asymmetric_key_container())
test_model.meta['profile'] = "caTPSCert"
test_model.meta['ca_id'] = self.get_dogtag_ca_id()
create_resp, order_ref = self.behaviors.create_order(test_model)
self.assertEqual(202, create_resp.status_code)
self.assertIsNotNone(order_ref)
order_resp = self.wait_for_order(order_ref)
self.verify_pending_waiting_for_ca(order_resp)
def test_create_cert_order_with_missing_request_type(self):
# defaults to 'custom' type
test_model = order_models.OrderModel(**self.dogtag_custom_data)
test_model.meta['cert_request'] = base64.b64encode(
certutil.create_good_csr())
test_model.meta['profile_id'] = 'caTPSCert'
create_resp, order_ref = self.behaviors.create_order(test_model)
self.assertEqual(202, create_resp.status_code)
self.assertIsNotNone(order_ref)
order_resp = self.behaviors.get_order(order_ref)
self.verify_pending_waiting_for_ca(order_resp)
def test_create_stored_key_order_with_extensions(self):
test_model = order_models.OrderModel(**self.stored_key_data)
test_model.meta['container_ref'] = (
self.create_asymmetric_key_container())
test_model.meta['extensions'] = "any-extensions"
create_resp, order_ref = self.behaviors.create_order(test_model)
self.assertEqual(400, create_resp.status_code)
self.confirm_error_message(
create_resp,
"Extensions are not yet supported. "
"Specify a valid profile instead."
)
def test_create_simple_cmc_with_profile_and_incorrect_ca_id(self):
test_model = order_models.OrderModel(**self.simple_cmc_data)
test_model.meta['request_data'] = base64.b64encode(
certutil.create_good_csr())
test_model.meta['profile'] = 'caServerCert'
test_model.meta['ca_id'] = 'incorrect_ca_id'
create_resp, order_ref = self.behaviors.create_order(test_model)
self.assertEqual(400, create_resp.status_code)
self.assertIsNone(order_ref)
self.confirm_error_message(
create_resp, "Order creation issue seen - The ca_id provided "
"in the request is invalid.")
def test_order_create_empty_entries(self):
"""Covers order creation with empty JSON."""
test_model = order_models.OrderModel(**self.create_all_none_data)
test_model.meta['name'] = ""
test_model.meta['algorithm'] = ""
test_model.meta['mode'] = ""
test_model.meta['bit_length'] = ""
test_model.meta['payload_content_type'] = ""
create_resp, order_ref = self.behaviors.create_order(test_model)
self.assertEqual(400, create_resp.status_code)
self.assertIsNone(order_ref)
def test_order_delete(self):
"""Covers simple order deletion."""
# create an order
test_model = order_models.OrderModel(**self.create_default_data)
create_resp, order_ref = self.behaviors.create_order(test_model)
self.assertEqual(202, create_resp.status_code)
self.assertIsNotNone(order_ref)
# delete the order
delete_resp = self.behaviors.delete_order(order_ref)
# verify the delete
self.assertEqual(204, delete_resp.status_code)
def test_create_stored_key_order_with_dogtag_profile(self):
test_model = order_models.OrderModel(**self.stored_key_data)
test_model.meta['container_ref'] = (
self.create_asymmetric_key_container())
test_model.meta['profile'] = "caServerCert"
test_model.meta['ca_id'] = self.get_dogtag_ca_id()
create_resp, order_ref = self.behaviors.create_order(test_model)
self.assertEqual(202, create_resp.status_code)
self.assertIsNotNone(order_ref)
order_resp = self.wait_for_order(order_ref)
self.assertEqual('ACTIVE', order_resp.model.status)
self.verify_cert_returned(order_resp, is_stored_key_type=True)
def send_test_order(self, ca_ref=None, user_name=None,
expected_return=202):
test_model = order_models.OrderModel(**self.simple_cmc_data)
test_model.meta['request_data'] = base64.b64encode(
certutil.create_good_csr())
if ca_ref is not None:
ca_id = hrefs.get_ca_id_from_ref(ca_ref)
test_model.meta['ca_id'] = ca_id
create_resp, order_ref = self.order_behaviors.create_order(
test_model, user_name=user_name)
self.assertEqual(expected_return, create_resp.status_code)
if expected_return == 202:
self.assertIsNotNone(order_ref)
return order_ref
def test_create_simple_cmc_order_without_requestor_info(self):
self.simple_cmc_data.pop("requestor_name", None)
self.simple_cmc_data.pop("requestor_email", None)
self.simple_cmc_data.pop("requestor_phone", None)
test_model = order_models.OrderModel(**self.simple_cmc_data)
test_model.meta['request_data'] = base64.b64encode(
certutil.create_good_csr())
create_resp, order_ref = self.behaviors.create_order(test_model)
self.assertEqual(202, create_resp.status_code)
self.assertIsNotNone(order_ref)
order_resp = self.behaviors.get_order(order_ref)
self.verify_pending_waiting_for_ca(order_resp)
def test_create_simple_cmc_order_with_dogtag_profile(self):
test_model = order_models.OrderModel(**self.simple_cmc_data)
test_model.meta['request_data'] = base64.b64encode(
certutil.create_good_csr())
test_model.meta['profile'] = 'caServerCert'
test_model.meta['ca_id'] = self.get_dogtag_ca_id()
create_resp, order_ref = self.behaviors.create_order(test_model)
self.assertEqual(202, create_resp.status_code)
self.assertIsNotNone(order_ref)
order_resp = self.wait_for_order(order_ref)
self.assertEqual('ACTIVE', order_resp.model.status)
self.verify_cert_returned(order_resp)
def test_rbac_create_order(self, user, admin, expected_return):
"""Test RBAC for order creation
Issue an order creation and verify that the correct
http return code comes back for the specified user.
:param user: the user who will attempt to do the create
:param admin: the admin of the group containing the user
:param expected_return: the expected http return code
"""
test_model = order_models.OrderModel(**get_default_order_data())
resp, order_ref = self.order_behaviors.create_order(test_model,
user_name=user,
admin=admin)
self.assertEqual(expected_return, resp.status_code)
self.assertEqual(expected_return == 202, order_ref is not None)
def test_create_stored_key_order_with_invalid_dogtag_profile(self):
test_model = order_models.OrderModel(**self.stored_key_data)
test_model.meta['container_ref'] = (
self.create_asymmetric_key_container())
test_model.meta['profile'] = "invalidProfileID"
test_model.meta['ca_id'] = self.get_dogtag_ca_id()
create_resp, order_ref = self.behaviors.create_order(test_model)
self.assertEqual(202, create_resp.status_code)
self.assertIsNotNone(order_ref)
order_resp = self.wait_for_order(order_ref)
self.assertEqual('ERROR', order_resp.model.status)
self.assertIn('Problem with data in certificate request',
order_resp.model.error_reason)
self.assertIn('Profile not found', order_resp.model.error_reason)
def test_create_simple_cmc_with_dogtag_and_invalid_subject_dn(self):
test_model = order_models.OrderModel(**self.simple_cmc_data)
test_model.meta['request_data'] = base64.b64encode(
certutil.create_csr_with_bad_subject_dn())
test_model.meta['profile'] = 'caServerCert'
test_model.meta['ca_id'] = self.get_dogtag_ca_id()
create_resp, order_ref = self.behaviors.create_order(test_model)
self.assertEqual(202, create_resp.status_code)
self.assertIsNotNone(order_ref)
order_resp = self.wait_for_order(order_ref)
self.assertEqual('ERROR', order_resp.model.status)
self.assertEqual('400', order_resp.model.error_status_code)
self.assertIn('Problem with data in certificate request',
order_resp.model.error_reason)
