def test_x509_parses(self): self.assertRaises(exceptions.UnreadableCert, cert_parser.validate_cert, "BAD CERT") self.assertTrue(cert_parser.validate_cert(ALT_EXT_CRT)) self.assertTrue( cert_parser.validate_cert(ALT_EXT_CRT, private_key=UNENCRYPTED_PKCS8_CRT_KEY))
def test_x509_parses(self): self.assertRaises(exceptions.UnreadableCert, cert_parser.validate_cert, "BAD CERT") self.assertTrue(cert_parser.validate_cert(sample_certs.X509_CERT)) self.assertTrue( cert_parser.validate_cert(sample_certs.X509_CERT, private_key=sample_certs.X509_CERT_KEY))
def test_validate_cert_and_key_match(self): self.assertTrue( cert_parser.validate_cert( ALT_EXT_CRT, private_key=ALT_EXT_CRT_KEY)) self.assertTrue( cert_parser.validate_cert( ALT_EXT_CRT, private_key=ALT_EXT_CRT_KEY, intermediates=X509_IMDS)) self.assertRaises(exceptions.MisMatchedKey, cert_parser.validate_cert, ALT_EXT_CRT, private_key=SOME_OTHER_RSA_KEY)
def test_validate_cert_handles_intermediates(self): self.assertTrue( cert_parser.validate_cert( sample_certs.X509_CERT, private_key=sample_certs.X509_CERT_KEY, intermediates=(sample_certs.X509_IMDS + b"\nParser should ignore junk\n"))) self.assertTrue( cert_parser.validate_cert( sample_certs.X509_CERT, private_key=sample_certs.X509_CERT_KEY, intermediates=sample_certs.X509_IMDS_LIST))
def test_validate_cert_and_key_match(self): self.assertTrue( cert_parser.validate_cert(sample_certs.X509_CERT, private_key=sample_certs.X509_CERT_KEY)) self.assertTrue( cert_parser.validate_cert( sample_certs.X509_CERT, private_key=sample_certs.X509_CERT_KEY.decode('utf-8'))) self.assertRaises(exceptions.MisMatchedKey, cert_parser.validate_cert, sample_certs.X509_CERT, private_key=sample_certs.X509_CERT_KEY_2)
def test_validate_cert_handles_intermediates(self): self.assertTrue( cert_parser.validate_cert( sample_certs.X509_CERT, private_key=sample_certs.X509_CERT_KEY, intermediates=(sample_certs.X509_IMDS + b"\nParser should ignore junk\n"))) self.assertTrue( cert_parser.validate_cert( sample_certs.X509_CERT, private_key=sample_certs.X509_CERT_KEY, intermediates=sample_certs.X509_IMDS_LIST))
def test_validate_cert_and_key_match(self): self.assertTrue( cert_parser.validate_cert(ALT_EXT_CRT, private_key=ALT_EXT_CRT_KEY)) self.assertTrue( cert_parser.validate_cert(ALT_EXT_CRT, private_key=ALT_EXT_CRT_KEY, intermediates=X509_IMDS)) self.assertRaises(exceptions.MisMatchedKey, cert_parser.validate_cert, ALT_EXT_CRT, private_key=SOME_OTHER_RSA_KEY)
def test_validate_cert_and_key_match(self): self.assertTrue( cert_parser.validate_cert( sample_certs.X509_CERT, private_key=sample_certs.X509_CERT_KEY)) self.assertTrue( cert_parser.validate_cert( sample_certs.X509_CERT, private_key=sample_certs.X509_CERT_KEY.decode('utf-8'))) self.assertRaises(exceptions.MisMatchedKey, cert_parser.validate_cert, sample_certs.X509_CERT, private_key=sample_certs.X509_CERT_KEY_2)
def test_validate_cert_and_key_match(self): self.assertTrue( cert_parser.validate_cert(sample_certs.X509_CERT, private_key=sample_certs.X509_CERT_KEY)) self.assertTrue( cert_parser.validate_cert( sample_certs.X509_CERT, private_key=sample_certs.X509_CERT_KEY, intermediates=(sample_certs.TEST_X509_IMDS + b"\nParser should ignore junk\n"))) self.assertRaises(exceptions.MisMatchedKey, cert_parser.validate_cert, sample_certs.X509_CERT, private_key=sample_certs.X509_CERT_KEY_2)
def test_validate_cert_and_key_match(self): self.assertTrue( cert_parser.validate_cert( sample_certs.X509_CERT, private_key=sample_certs.X509_CERT_KEY)) self.assertTrue( cert_parser.validate_cert( sample_certs.X509_CERT, private_key=sample_certs.X509_CERT_KEY, intermediates=(sample_certs.TEST_X509_IMDS + "\nParser should ignore junk\n"))) self.assertRaises(exceptions.MisMatchedKey, cert_parser.validate_cert, sample_certs.X509_CERT, private_key=sample_certs.X509_CERT_KEY_2)
def get_cert(self, context, cert_ref, resource_ref=None, check_only=False, service_name=None): """Retrieves the specified cert and registers as a consumer. :param context: Oslo context of the request :param cert_ref: the UUID of the cert to retrieve :param resource_ref: Full HATEOAS reference to the consuming resource :param check_only: Read Certificate data without registering :param service_name: Friendly name for the consuming service :return: octavia.certificates.common.Cert representation of the certificate data :raises Exception: if certificate retrieval fails """ connection = self.auth.get_barbican_client(context.project_id) LOG.info('Loading certificate container %s from Barbican.', cert_ref) try: if check_only: cert_container = connection.containers.get( container_ref=cert_ref) else: cert_container = connection.containers.register_consumer( container_ref=cert_ref, name=service_name, url=resource_ref) barbican_cert = barbican_common.BarbicanCert(cert_container) LOG.debug('Validating certificate data for %s.', cert_ref) cert_parser.validate_cert( barbican_cert.get_certificate(), private_key=barbican_cert.get_private_key(), private_key_passphrase=( barbican_cert.get_private_key_passphrase()), intermediates=barbican_cert.get_intermediates()) LOG.debug('Certificate data validated for %s.', cert_ref) return barbican_cert except Exception as e: with excutils.save_and_reraise_exception(): LOG.error('Error getting cert %s: %s', cert_ref, str(e)) return None
def test_x509_parses(self): self.assertRaises(exceptions.UnreadableCert, cert_parser.validate_cert, "BAD CERT") self.assertTrue(cert_parser.validate_cert(ALT_EXT_CRT)) self.assertTrue(cert_parser.validate_cert(ALT_EXT_CRT, private_key=UNENCRYPTED_PKCS8_CRT_KEY))
def test_x509_parses(self): self.assertRaises(exceptions.UnreadableCert, cert_parser.validate_cert, "BAD CERT") self.assertTrue(cert_parser.validate_cert(sample_certs.X509_CERT)) self.assertTrue(cert_parser.validate_cert(sample_certs.X509_CERT, private_key=sample_certs.X509_CERT_KEY))