def test_create_raises(self):
mock_connectionection = Mock()
mock_connectionection.call.return_value = {
'ET_BAPIRET2': [{
'TYPE': 'E',
'MESSAGE': 'Invalid storage'
}]
}
ssl_storage = SSLCertStorage(mock_connectionection, 'RAISE', 'TEST')
with self.assertRaises(InvalidSSLStorage) as cm:
ssl_storage.create()
self.assertEquals(mock_connectionection.call.call_args_list, [
mock.call('SSFR_PSE_CREATE',
IS_STRUST_IDENTITY={
'PSE_CONTEXT': 'RAISE',
'PSE_APPLIC': 'TEST'
},
IV_ALG='R',
IV_KEYLEN=2048,
IV_REPLACE_EXISTING_PSE='-')
])
self.assertEqual(str(cm.exception),
str([{
'TYPE': 'E',
'MESSAGE': 'Invalid storage'
}]))
def test_exists_raises(self):
mock_connectionection = Mock()
mock_connectionection.call.return_value = {
'ET_BAPIRET2': [{
'TYPE': 'E',
'MESSAGE': 'Invalid storage'
}]
}
ssl_storage = SSLCertStorage(mock_connectionection, 'RAISE', 'TEST')
with self.assertRaises(InvalidSSLStorage) as cm:
ssl_storage.exists()
self.assertEqual(mock_connectionection.call.call_args_list, [
mock.call('SSFR_PSE_CHECK',
IS_STRUST_IDENTITY={
'PSE_CONTEXT': 'RAISE',
'PSE_APPLIC': 'TEST'
})
])
self.assertEqual(
str(cm.exception),
'The SSL Storage RAISE/TEST is broken: Invalid storage')
def test_put_certificate_fail_and_return_msg(self):
mock_connectionection = Mock()
mock_connectionection.call.return_value = {
'ET_BAPIRET2': [{
'TYPE': 'E',
'NUMBER': '522',
'MESSAGE': 'Put has failed'
}]
}
ssl_storage = SSLCertStorage(mock_connectionection, 'PUTERR', 'TEST')
result = ssl_storage.put_certificate('plain old data')
self.assertEqual(result,
'SSFR_PUT_CERTIFICATE reported Error 522 - ' \
'probably already exists (check manually): Put has failed'
)
self.assertEqual(mock_connectionection.call.call_args_list, [
mock.call('SSFR_PUT_CERTIFICATE',
IS_STRUST_IDENTITY={
'PSE_CONTEXT': 'PUTERR',
'PSE_APPLIC': 'TEST'
},
IV_CERTIFICATE=u'plain old data')
])
def test_put_certificate_fail(self):
mock_connectionection = Mock()
mock_connectionection.call.return_value = {
'ET_BAPIRET2': [{
'TYPE': 'E',
'MESSAGE': 'Put has failed'
}]
}
ssl_storage = SSLCertStorage(mock_connectionection, 'PUTERR', 'TEST')
with self.assertRaises(PutCertificateError) as cm:
ssl_storage.put_certificate('plain old data')
self.assertEquals(mock_connectionection.call.call_args_list, [
mock.call('SSFR_PUT_CERTIFICATE',
IS_STRUST_IDENTITY={
'PSE_CONTEXT': 'PUTERR',
'PSE_APPLIC': 'TEST'
},
IV_CERTIFICATE=u'plain old data')
])
self.assertEquals(
str(cm.exception),
'Failed to put the CERT to the SSL Storage PUTERR/TEST: '
'Put has failed')
def test_parse_certificate(self):
mock_connection = Mock()
mock_connection.call.return_value = {'EV_SUBJECT': 'cert subject'}
ssl_storage = SSLCertStorage(mock_connection, 'PUTOK', 'TEST')
result = ssl_storage.parse_certificate(b'binary cert data')
self.assertEqual(mock_connection.call.call_args_list, [
mock.call('SSFR_PARSE_CERTIFICATE',
IV_CERTIFICATE=b'binary cert data')
])
self.assertEqual(result, {'EV_SUBJECT': 'cert subject'})
def ssl_storages_from_arguments(connection, args):
"""Helper function to build list of storages from cli arguments"""
identities = []
for storage in args.storage:
if storage in (CLIENT_ANONYMOUS, CLIENT_STANDART):
identities.append(IDENTITY_MAPPING[storage])
else:
raise SAPCliError(f'Unknown storage: {storage}')
for identity in args.identity:
try:
identities.append(Identity(*identity.split('/')))
except (ValueError, TypeError):
# pylint: disable=raise-missing-from
raise SAPCliError(f'Invalid identity format: {identity}')
ssl_storages = []
for identity in identities:
ssl_storage = SSLCertStorage(connection, identity.pse_context,
identity.pse_applic)
ssl_storages.append(ssl_storage)
return ssl_storages
def test_create_ok_default(self):
mock_connectionection = Mock()
mock_connectionection.call.return_value = {'ET_BAPIRET2': []}
ssl_storage = SSLCertStorage(mock_connectionection, 'NOTRAISE', 'TEST')
ssl_storage.create()
self.assertEquals(mock_connectionection.call.call_args_list, [
mock.call('SSFR_PSE_CREATE',
IS_STRUST_IDENTITY={
'PSE_CONTEXT': 'NOTRAISE',
'PSE_APPLIC': 'TEST'
},
IV_ALG='R',
IV_KEYLEN=2048,
IV_REPLACE_EXISTING_PSE='-')
])
def test_ctor(self):
mock_connectionection = Mock()
ssl_storage = SSLCertStorage(mock_connectionection, 'CTXT', 'APPL')
self.assertIs(ssl_storage._connection, mock_connectionection)
self.assertEqual(ssl_storage.identity['PSE_CONTEXT'], 'CTXT')
self.assertEqual(ssl_storage.identity['PSE_APPLIC'], 'APPL')
def test_exists_yes(self):
mock_connectionection = Mock()
mock_connectionection.call.return_value = {
'ET_BAPIRET2': [{
'TYPE': 'S'
}]
}
ssl_storage = SSLCertStorage(mock_connectionection, 'NOTRAISE', 'TEST')
self.assertTrue(ssl_storage.exists())
self.assertEquals(mock_connectionection.call.call_args_list, [
mock.call('SSFR_PSE_CHECK',
IS_STRUST_IDENTITY={
'PSE_CONTEXT': 'NOTRAISE',
'PSE_APPLIC': 'TEST'
})
])
def test_put_certificate(self):
mock_connectionection = Mock()
mock_connectionection.call.return_value = {'ET_BAPIRET2': []}
ssl_storage = SSLCertStorage(mock_connectionection, 'PUTOK', 'TEST')
result = ssl_storage.put_certificate('plain old data')
self.assertEqual(result, 'OK')
self.assertEqual(mock_connectionection.call.call_args_list, [
mock.call('SSFR_PUT_CERTIFICATE',
IS_STRUST_IDENTITY={
'PSE_CONTEXT': 'PUTOK',
'PSE_APPLIC': 'TEST'
},
IV_CERTIFICATE=u'plain old data')
])
def test_create_ok_all_params(self):
mock_connectionection = Mock()
mock_connectionection.call.return_value = {'ET_BAPIRET2': []}
ssl_storage = SSLCertStorage(mock_connectionection, 'NOTRAISE', 'TEST')
ssl_storage.create(alg='S', keylen=4096, replace=True, dn='ou=test')
self.assertEquals(mock_connectionection.call.call_args_list, [
mock.call('SSFR_PSE_CREATE',
IS_STRUST_IDENTITY={
'PSE_CONTEXT': 'NOTRAISE',
'PSE_APPLIC': 'TEST'
},
IV_ALG='S',
IV_KEYLEN=4096,
IV_REPLACE_EXISTING_PSE='X',
IV_DN='ou=test')
])
def test_exists_raises_if_not_ret(self):
mock_connectionection = Mock()
mock_connectionection.call.return_value = {'ET_BAPIRET2': []}
ssl_storage = SSLCertStorage(mock_connectionection, 'RAISE', 'TEST')
with self.assertRaises(InvalidSSLStorage) as cm:
ssl_storage.exists()
self.assertEqual(mock_connectionection.call.call_args_list, [
mock.call('SSFR_PSE_CHECK',
IS_STRUST_IDENTITY={
'PSE_CONTEXT': 'RAISE',
'PSE_APPLIC': 'TEST'
})
])
self.assertEqual(
str(cm.exception),
'Received no response from the server - check STRUST manually.')
def putcertificate(connection, args):
"""Uploads X.509 Base64 certificates into SAP to enable SSL peer verification
of remote servers
Exceptions:
- SAPCliError:
- when the given storage does not belong to the storage white list
- when identity argument has invalid format
"""
identities = []
for storage in args.storage:
if storage in (CLIENT_ANONYMOUS, CLIENT_STANDART):
identities.append(IDENTITY_MAPPING[storage])
else:
raise SAPCliError(f'Unknown storage: {storage}')
for identity in args.identity:
try:
identities.append(Identity(*identity.split('/')))
except (ValueError, TypeError):
# pylint: disable=raise-missing-from
raise SAPCliError('Invalid identity format')
ssl_storages = []
for identity in identities:
ssl_storage = SSLCertStorage(connection, identity.pse_context, identity.pse_applic)
if not ssl_storage.exists():
ssl_storage.create(
alg=args.algorithm,
keylen=args.key_length,
dn=args.dn
)
logging.debug('SSL Storage is OK: %s', ssl_storage)
ssl_storages.append(ssl_storage)
for file_path in args.paths:
logging.info('Processing the file: %s', file_path)
with open(file_path, 'rb') as cert_file:
cert_contents = cert_file.read()
for ssl_storage in ssl_storages:
logging.info('Adding the file: %s to %s', file_path, ssl_storage)
logging.info(ssl_storage.put_certificate(cert_contents))
logging.info('Notifying ICM ... ')
notify_icm_changed_pse(connection)
for updated_storage in ssl_storages:
logging.info('Certificates of %s:', str(updated_storage))
for cert in iter_storage_certificates(updated_storage):
logging.info('* %s', cert['EV_SUBJECT'])
def test_str(self):
conn = Connection()
ssl_storage = SSLCertStorage(conn, 'STR', 'TEST')
self.assertEquals(str(ssl_storage), 'SSL Storage STR/TEST')
def test_repr(self):
mock_connectionection = Mock()
ssl_storage = SSLCertStorage(mock_connectionection, 'REPR', 'TEST')
self.assertEquals(repr(ssl_storage), 'SSL Storage REPR/TEST')