def test_execute(self, mock_driver): dummy_cert = local.LocalCert('test_cert', 'test_key') mock_driver.generate_cert_key_pair.side_effect = [dummy_cert] c = cert_task.GenerateServerPEMTask() pem = c.execute('123') self.assertEqual( pem, dummy_cert.get_certificate() + dummy_cert.get_private_key()) mock_driver.generate_cert_key_pair.assert_called_once_with( cn='123', validity=cert_task.CERT_VALIDITY)
def generate_cert_key_pair(cls, cn, validity, bit_length=2048, passphrase=None, **kwargs): pk = cls._generate_private_key(bit_length, passphrase) csr = cls._generate_csr(cn, pk, passphrase) cert = cls.sign_cert(csr, validity, **kwargs) cert_object = local_common.LocalCert( certificate=cert, private_key=pk, private_key_passphrase=passphrase ) return cert_object
def get_cert(project_id, cert_ref, **kwargs): """Retrieves the specified cert. :param project_id: Project ID for the owner of the certificate :param cert_ref: the UUID of the cert to retrieve :return: octavia.certificates.common.Cert representation of the certificate data :raises CertificateStorageException: if certificate retrieval fails """ LOG.info( _LI("Loading certificate {0} from the local filesystem.").format( cert_ref)) filename_base = os.path.join(CONF.certificates.storage_path, cert_ref) filename_certificate = "{0}.crt".format(filename_base, cert_ref) filename_private_key = "{0}.key".format(filename_base, cert_ref) filename_intermediates = "{0}.int".format(filename_base, cert_ref) filename_pkp = "{0}.pass".format(filename_base, cert_ref) cert_data = dict() try: with open(filename_certificate, 'r') as cert_file: cert_data['certificate'] = cert_file.read() except IOError: LOG.error( _LE("Failed to read certificate for {0}.").format(cert_ref)) raise exceptions.CertificateStorageException( msg="Certificate could not be read.") try: with open(filename_private_key, 'r') as key_file: cert_data['private_key'] = key_file.read() except IOError: LOG.error( _LE("Failed to read private key for {0}.").format(cert_ref)) raise exceptions.CertificateStorageException( msg="Private Key could not be read.") try: with open(filename_intermediates, 'r') as int_file: cert_data['intermediates'] = int_file.read() except IOError: pass try: with open(filename_pkp, 'r') as pass_file: cert_data['private_key_passphrase'] = pass_file.read() except IOError: pass return local_common.LocalCert(**cert_data)
def get_cert(context, cert_ref, **kwargs): """Retrieves the specified cert. :param context: Ignored in this implementation :param cert_ref: the UUID of the cert to retrieve :return: octavia.certificates.common.Cert representation of the certificate data :raises CertificateStorageException: if certificate retrieval fails """ LOG.info("Loading certificate %s from the local filesystem.", cert_ref) filename_base = os.path.join(CONF.certificates.storage_path, cert_ref) filename_certificate = "{0}.crt".format(filename_base) filename_private_key = "{0}.key".format(filename_base) filename_intermediates = "{0}.int".format(filename_base) filename_pkp = "{0}.pass".format(filename_base) cert_data = dict() flags = os.O_RDONLY try: with os.fdopen(os.open(filename_certificate, flags)) as cert_file: cert_data['certificate'] = cert_file.read() except IOError: LOG.error("Failed to read certificate for %s.", cert_ref) raise exceptions.CertificateStorageException( msg="Certificate could not be read.") try: with os.fdopen(os.open(filename_private_key, flags)) as key_file: cert_data['private_key'] = key_file.read() except IOError: LOG.error("Failed to read private key for %s", cert_ref) raise exceptions.CertificateStorageException( msg="Private Key could not be read.") try: with os.fdopen(os.open(filename_intermediates, flags)) as int_file: cert_data['intermediates'] = int_file.read() cert_data['intermediates'] = list( cert_parser.get_intermediates_pems(cert_data['intermediates'])) except IOError: pass try: with os.fdopen(os.open(filename_pkp, flags)) as pass_file: cert_data['private_key_passphrase'] = pass_file.read() except IOError: pass return local_common.LocalCert(**cert_data)
def test_execute(self, mock_driver): key = utils.get_compatible_server_certs_key_passphrase() fer = fernet.Fernet(key) dummy_cert = local.LocalCert(utils.get_compatible_value('test_cert'), utils.get_compatible_value('test_key')) mock_driver.generate_cert_key_pair.side_effect = [dummy_cert] c = cert_task.GenerateServerPEMTask() pem = c.execute('123') self.assertEqual( fer.decrypt(pem.encode('utf-8')), dummy_cert.get_certificate() + dummy_cert.get_private_key()) mock_driver.generate_cert_key_pair.assert_called_once_with( cn='123', validity=CONF.certificates.cert_validity_time)
def get_cert(self, context, cert_ref, resource_ref=None, check_only=False, service_name=None): cert_data = {} # Self-Signed test.example key: cert_data['private_key'] = """-----BEGIN PRIVATE KEY----- MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDO1ZiNs+E/NBX9 yfWjojTILtHtD2yfYJxSn4QKYReoAb49SDczfR+N/0ncYDuwbKH6EjC7tl6t97lV oM4ZbE0UZX0our0/WqE0TwKK6svS55iztbdB3rMBOVLtmwtCG6hyG1JYVEcW5OcX u+pAVHuViWI1IGqt57/FfCUlJg0BeeS2fheSckRsmWITIdr9gIwR3eHIEHKjLiJH e5xJKhUErrFS4DmYeh3ZC91q7KxBWObBBXgYD/Pg8NyVj9GvF3VFKlVhytH/coKt zyiCx4NQs9Z+Ly/fvEQcHc7DJoXvdu6fFFfZjqpSaLngYCR0z7TfRfZYsCh13dt7 dYZyF4Q/AgMBAAECggEAXgEiNrUcmLc5j4EszVQ5nQn6iz3JZp5oLf0l6/m44Lj6 F6wsupARuV3f2fM67bJR4/BEiewXGAZRC6PsSA268pw1yD8nKBYu0jFevHh+brqn 4nWidqOaw+Gj2S3wbflYE5RrVo3nSXZ7uYPEsbwz9wDby72R/rwnosALudiTbKmC GHKuoGxdpczRTB4ziOA6EOo71cdIFKsG9f3iTmSYjgbos9dI/PE+v0GH/7tZURDS EwIyxenR6P3ri+Y+2eiE2+xZy1K3kvAyWOaBliL8oNSFwaOBl3+DV2KNsx7JiQGC JceL7+7RMLlUFp5Dhb5eZlVCDB0U/fLM+GvPjQgBoQKBgQD3opJGex6LGXuuETYk DSMEBmfMUOE1mG441e/ToBaoFeuj8Z4aXA3xFGIGRpvi7+DhddbWbIoFPOQL48w/ 0c5voMZ7EDO2FCAeIgwYwB+U43ZQyDbAcJUfrG5n6yGmyqtz9pwHD72Vw0XUvS1y EopnJA1Z/HLQM9iYE3KY9K/QFwKBgQDV0jMpBaF4bwcFZAY5NQ5H3gtq+23lBB9M ZLuVrLZWX/4KJFKH2RnS3SxHch6wFK+0Q848Y8mFn9/gt2L6DB1AZC18S89uPd3j 0rqrRCwcQUKfWxjX/OutaPKncacUz3m3jHQ+gOBIfezlhCAYx8Y9PaOgxCOevgad BU3JijKeGQKBgQDazBB0J7pf6r8lmF1+0wCaQNKbaubhhPH2U8hX8n2yO9P9AbHQ 1n8XAAxwQRjhFVNbwdN1l2cHo7pWawp/ZPACH0rfVvxppzSNi0Wm5LHCyosyawQ9 WfvYhXDzboRIK4/7oOxRLO40kdl0U0YBITKaWPdXB7+mB/kavSwmyyNANwKBgQCL lyPhNxTYTBuYUFmjxVhiYLqxiB2RcqSAOg8gwtVzBE4UDux2Vax/NfcvWXhhWc/v bojYcgjhHKOK0A5k0b3TCNONHuz3upn+ntdQ8jud4pj88fsBHtQ5rJcl65O5iU2c H6zQFVDW4qbim+RcaSepWXFWhlX+z23/2rOSzI8JGQKBgADvpEmnndRFs4oDCPs7 SrFHMnr44JBz11aJs9tzOvTbox17xpgWeSxA0oppaa59B5HCp1EBT7IRtyuU7SBo W3JrC0JjYlMhuH/qsooPi1eH+jYryrJlwsBwOwkOd5V4xPpDge5+2jWc06TGuaeC f5IVJc3ipPIWWC8IW8+pClHq -----END PRIVATE KEY-----""".encode("utf-8") cert_data['certificate'] = """-----BEGIN CERTIFICATE----- MIICqjCCAZICCQC6b92nP8oPhTANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAx0 ZXN0LmV4YW1wbGUwHhcNMjAwMzAyMTU0MTU1WhcNMjEwMzAyMTU0MTU1WjAXMRUw EwYDVQQDDAx0ZXN0LmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQDO1ZiNs+E/NBX9yfWjojTILtHtD2yfYJxSn4QKYReoAb49SDczfR+N/0nc YDuwbKH6EjC7tl6t97lVoM4ZbE0UZX0our0/WqE0TwKK6svS55iztbdB3rMBOVLt mwtCG6hyG1JYVEcW5OcXu+pAVHuViWI1IGqt57/FfCUlJg0BeeS2fheSckRsmWIT Idr9gIwR3eHIEHKjLiJHe5xJKhUErrFS4DmYeh3ZC91q7KxBWObBBXgYD/Pg8NyV j9GvF3VFKlVhytH/coKtzyiCx4NQs9Z+Ly/fvEQcHc7DJoXvdu6fFFfZjqpSaLng YCR0z7TfRfZYsCh13dt7dYZyF4Q/AgMBAAEwDQYJKoZIhvcNAQELBQADggEBAAop 5YS7QPpDhGBs191rWgp00xnIJUtJfxvYJPdQ4M+yRAhlT3ioU4YLpEngLVsHtgtA +NGw/zoSEZAnQ+BqmIbB6DX3nR83za/LSEr8f6O7rKQrnRR/mYiFj1baR+i3i6fF 76FdzA/1ERn4l5XoWsu+InUiKx6mfyQc1C/EUjHcMF8CY9AK2LpicDhxaF/wtzNh 83/U96EXvpvcyaRlOIIv4qNNA2VtP0vjKEqSwZaauwwaPBKGMXr8iwBBrfQJkt7k xGfp3W7NmA9RJTWG7b7y1G5eZJZSKd7RqseUa6Xs5ddlirW5bNx6ebNBiwFTu+cX Bn8MYJefqUlQYyi745g= -----END CERTIFICATE-----""".encode("utf-8") return local_common.LocalCert(**cert_data)
def test_local_cert(self): # Create a cert cert = local_cert.LocalCert( certificate=self.certificate, intermediates=self.intermediates, private_key=self.private_key, private_key_passphrase=self.private_key_passphrase) # Validate the cert functions self.assertEqual(self.certificate, cert.get_certificate()) self.assertEqual(self.intermediates, cert.get_intermediates()) self.assertEqual(self.private_key, cert.get_private_key()) self.assertEqual(self.private_key_passphrase, cert.get_private_key_passphrase())