def test_configure_ca_policies_fail(self): ca = get_test_intermediate_ca(self.baseurl) self.test_response.status_code = 500 with self.assertRaises(SystemExit) as e: self.vault_client.configure_ca_policies(ca) self.assertEqual(e.exception.args[0], "[-] pkictl - Error: Failed to configure policy 'intermediate-ca-server-policy' for intermediate CA: test-intermediate-ca")
def test_set_crl_configuration_fail(self): ca = get_test_intermediate_ca(self.baseurl) self.test_response.status_code = 400 with self.assertRaises(SystemExit) as e: self.vault_client.set_crl_configuration(ca) self.assertEqual(e.exception.args[0], "[-] pkictl - Error: Failed to set CRL configuration for CA: test-intermediate-ca")
def test_configure_ca_roles(self): ca = get_test_intermediate_ca(self.baseurl) # test a single role self.test_response.status_code = 204 with capture_stdout(self.vault_client.configure_ca_roles, ca) as output: self.assertEqual(output.strip(), "[*] pkictl - Configured role 'server' for intermediate CA: test-intermediate-ca")
def test_set_intermediate_ca(self): ca = get_test_intermediate_ca(self.baseurl) ca.cert = "-----BEGIN CERTIFICATE-----" self.test_response.status_code = 204 with capture_stdout(self.vault_client.set_intermediate_ca, ca) as output: self.assertEqual(output.strip(), "[*] pkictl - Set signed certificate for intermediate CA: test-intermediate-ca")
def test_store_ca_pkey(self): ca = get_test_intermediate_ca(self.baseurl) ca.private_key = '-----BEGIN RSA PRIVATE KEY----' self.test_response.status_code = 204 with capture_stdout(self.vault_client.store_ca_private_key, ca) as output: self.assertEqual(output.strip(), f"[*] pkictl - Stored private key for 'test-intermediate-ca' in KV engine: test-kv")
def test_set_intermediate_ca_fail(self): ca = get_test_intermediate_ca(self.baseurl) ca.cert = "-----BEGIN CERTIFICATE-----" self.test_response.status_code = 500 with self.assertRaises(SystemExit) as e: self.vault_client.set_intermediate_ca(ca) self.assertEqual(e.exception.args[0], "[-] pkictl - Error: Failed to set signed certificate for intermediate CA: test-intermediate-ca")
def test_store_ca_pkey_fail(self): ca = get_test_intermediate_ca(self.baseurl) ca.private_key = '-----BEGIN RSA PRIVATE KEY----' self.test_response.status_code = 500 with self.assertRaises(SystemExit) as e: self.vault_client.store_ca_private_key(ca) self.assertEqual(e.exception.args[0], "[-] pkictl - Error: Failed to store private key for 'test-intermediate-ca' in KV engine: test-kv")
def test_sign_intermediate_ca_fail(self): ca = get_test_intermediate_ca(self.baseurl) ca.csr = "-----BEGIN CERTIFICATE REQUEST-----" self.test_response.status_code = 500 self.test_response._content = serialize_json({"data": {"certificate": "-----BEGIN CERTIFICATE-----"}}) with self.assertRaises(SystemExit) as e: self.vault_client.sign_intermediate_ca(ca) self.assertEqual(e.exception.args[0], "[-] pkictl - Error: Failed to sign intermediate CA 'test-intermediate-ca' with issuing CA: test-root-ca")
def test_sign_intermediate_ca(self): ca = get_test_intermediate_ca(self.baseurl) ca.csr = "-----BEGIN CERTIFICATE REQUEST-----" self.test_response.status_code = 200 self.test_response._content = serialize_json({"data": {"certificate": "-----BEGIN CERTIFICATE-----", "issuing_ca": "-----BEGIN CERTIFICATE-----"}}) with capture_stdout(self.vault_client.sign_intermediate_ca, ca) as output: self.assertEqual(output.strip(), "[*] pkictl - Signed intermediate CA 'test-intermediate-ca' with issuing CA: test-root-ca") self.assertIsInstance(ca.cert, str)
def test_create_intermediate_ca_fail(self): ca = get_test_intermediate_ca(self.baseurl) d = {"data": {"csr": "-----BEGIN CERTIFICATE REQUEST-----", 'private_key': '-----BEGIN RSA PRIVATE KEY----'}} self.test_response._content = serialize_json(d) self.test_response.status_code = 400 with self.assertRaises(SystemExit) as e: self.vault_client.create_intermediate_ca(ca) self.assertEqual(e.exception.args[0], "[-] pkictl - Error: Failed to generate intermediate CA: test-intermediate-ca")
def test_create_intermediate_ca(self): ca = get_test_intermediate_ca(self.baseurl) d = {"data": {"csr": "-----BEGIN CERTIFICATE REQUEST-----", 'private_key': '-----BEGIN RSA PRIVATE KEY----'}} self.test_response.status_code = 200 self.test_response._content = serialize_json(d) with capture_stdout(self.vault_client.create_intermediate_ca, ca) as output: self.assertEqual(output.strip(), "[*] pkictl - Created intermediate CA: test-intermediate-ca") self.assertIsInstance(ca.csr, str)
def test_configure_ca_roles_multiple(self): ca = get_test_intermediate_ca(self.baseurl) ca.dict['spec']['roles'].append({ 'name': 'client', 'config': { 'max_ttl': '26298h', 'client_flag': True, 'server_flag': False, 'allow_any_name': True } }) self.test_response.status_code = 204 with capture_stdout(self.vault_client.configure_ca_roles, ca) as output: output = output.split('\n') self.assertEqual(output[0].strip(), "[*] pkictl - Configured role 'server' for intermediate CA: test-intermediate-ca") self.assertEqual(output[1].strip(), "[*] pkictl - Configured role 'client' for intermediate CA: test-intermediate-ca")
def test_configure_ca_policies(self): ca = get_test_intermediate_ca(self.baseurl) self.test_response.status_code = 204 with capture_stdout(self.vault_client.configure_ca_policies, ca) as output: self.assertEqual(output.strip(), "[*] pkictl - Configured policy 'intermediate-ca-server-policy' for intermediate CA: test-intermediate-ca")
def test_set_crl_configuration(self): ca = get_test_intermediate_ca(self.baseurl) self.test_response.status_code = 204 with capture_stdout(self.vault_client.set_crl_configuration, ca) as output: self.assertEqual(output.strip(), "[*] pkictl - Set CRL configuration for CA: test-intermediate-ca")