def post(self):
ra_name = self.ra_name
logger.debug("processing signing request in registration authority %s",
ra_name)
try:
auth_result = auth.validate(ra_name,
pecan.request.POST.get('user'),
pecan.request.POST.get('secret'))
audit.emit_auth_event(ra_name, pecan.request.POST.get('user'),
auth_result)
except http_status.HTTPUnauthorized:
audit.emit_auth_event(ra_name, pecan.request.POST.get('user'),
None)
raise
try:
csr = certificate_ops.parse_csr(pecan.request.POST.get('csr'),
pecan.request.POST.get('encoding'))
certificate_ops.validate_csr(ra_name, auth_result, csr,
pecan.request)
csr = certificate_ops.fixup_csr(ra_name, csr, pecan.request)
cert, fingerprint = certificate_ops.dispatch_sign(ra_name, csr)
audit.emit_signing_event(ra_name, pecan.request.POST.get('user'),
auth_result, fingerprint=fingerprint)
except Exception:
audit.emit_signing_event(ra_name, pecan.request.POST.get('user'),
auth_result)
raise
return cert
def post(self):
ra_name = self.ra_name
logger.debug("processing signing request in registration authority %s",
ra_name)
try:
auth_result = auth.validate(ra_name,
pecan.request.POST.get('user'),
pecan.request.POST.get('secret'))
audit.emit_auth_event(ra_name, pecan.request.POST.get('user'),
auth_result)
except http_status.HTTPUnauthorized:
audit.emit_auth_event(ra_name, pecan.request.POST.get('user'),
None)
raise
try:
csr = certificate_ops.parse_csr(pecan.request.POST.get('csr'),
pecan.request.POST.get('encoding'))
certificate_ops.validate_csr(ra_name, auth_result, csr,
pecan.request)
csr = certificate_ops.fixup_csr(ra_name, csr, pecan.request)
cert, fingerprint = certificate_ops.dispatch_sign(ra_name, csr)
audit.emit_signing_event(ra_name,
pecan.request.POST.get('user'),
auth_result,
fingerprint=fingerprint)
except Exception:
audit.emit_signing_event(ra_name, pecan.request.POST.get('user'),
auth_result)
raise
return cert
def test_validate_csr_success(self):
"""Test basic success path for validate_csr."""
csr_obj = certificate_ops.parse_csr(self.csr, 'pem')
config = "anchor.jsonloader.conf._config"
validators = {'steps': {'extensions': {'allowed_extensions': []}}}
data = {'validators': validators}
with mock.patch.dict(config, data):
certificate_ops.validate_csr(None, csr_obj, None)
def test_validate_csr_bypass(self):
"""Test empty validator set for validate_csr."""
csr_obj = certificate_ops.parse_csr(self.csr, 'pem')
config = "anchor.jsonloader.conf._config"
data = {'validators': {}}
with mock.patch.dict(config, data):
# this should work, it allows people to bypass validation
certificate_ops.validate_csr(None, csr_obj, None)
def test_validate_csr_success(self):
"""Test basic success path for validate_csr."""
csr_obj = certificate_ops.parse_csr(self.csr, 'pem')
config = "anchor.jsonloader.conf._config"
validators = {'steps': {'extensions': {'allowed_extensions': []}}}
data = {'validators': validators}
with mock.patch.dict(config, data):
certificate_ops.validate_csr(None, csr_obj, None)
def test_validate_csr_bypass(self):
"""Test empty validator set for validate_csr."""
csr_obj = certificate_ops.parse_csr(self.csr, 'pem')
config = "anchor.jsonloader.conf._config"
data = {'validators': {}}
with mock.patch.dict(config, data):
# this should work, it allows people to bypass validation
certificate_ops.validate_csr(None, csr_obj, None)
def test_validate_csr_success(self):
"""Test basic success path for validate_csr."""
csr_obj = certificate_ops.parse_csr(self.csr_sample, 'pem')
config = "anchor.jsonloader.conf._config"
self.sample_conf_ra['default_ra']['validators'] = {'extensions': {
'allowed_extensions': ['basicConstraints', 'keyUsage']}}
data = self.sample_conf
with mock.patch.dict(config, data):
certificate_ops.validate_csr('default_ra', None, csr_obj, None)
def test_validate_csr_bypass(self):
"""Test empty validator set for validate_csr."""
csr_obj = certificate_ops.parse_csr(self.csr_sample, 'pem')
config = "anchor.jsonloader.conf._config"
self.sample_conf_ra['default_ra']['validators'] = {}
data = self.sample_conf
with mock.patch.dict(config, data):
# this should work, it allows people to bypass validation
certificate_ops.validate_csr('default_ra', None, csr_obj, None)
def post(self):
auth_result = auth.validate(pecan.request.POST.get('user'),
pecan.request.POST.get('secret'))
csr = certificate_ops.parse_csr(pecan.request.POST.get('csr'),
pecan.request.POST.get('encoding'))
certificate_ops.validate_csr(auth_result, csr, pecan.request)
return certificate_ops.sign(csr)
def test_validate_csr_bypass(self):
"""Test empty validator set for validate_csr."""
csr_obj = certificate_ops.parse_csr(self.csr_sample, 'pem')
config = "anchor.jsonloader.conf._config"
self.sample_conf_ra['default_ra']['validators'] = {}
data = self.sample_conf
with mock.patch.dict(config, data):
# this should work, it allows people to bypass validation
certificate_ops.validate_csr('default_ra', None, csr_obj, None)
def post(self):
auth_result = auth.validate(pecan.request.POST.get('user'),
pecan.request.POST.get('secret'))
csr = certificate_ops.parse_csr(pecan.request.POST.get('csr'),
pecan.request.POST.get('encoding'))
certificate_ops.validate_csr(auth_result, csr, pecan.request)
return certificate_ops.sign(csr)
def test_validate_csr_fail(self):
"""Test failure path for validate_csr."""
csr_obj = certificate_ops.parse_csr(self.csr, 'pem')
config = "anchor.jsonloader.conf._config"
validators = {'steps': {'common_name': {'allowed_domains':
['.testing.com']}}}
data = {'validators': validators}
with mock.patch.dict(config, data):
with self.assertRaises(http_status.HTTPClientError):
certificate_ops.validate_csr(None, csr_obj, None)
def post(self):
ra_name = self.ra_name
logger.debug("processing signing request in registration authority %s",
ra_name)
auth_result = auth.validate(ra_name, pecan.request.POST.get('user'),
pecan.request.POST.get('secret'))
csr = certificate_ops.parse_csr(pecan.request.POST.get('csr'),
pecan.request.POST.get('encoding'))
certificate_ops.validate_csr(ra_name, auth_result, csr, pecan.request)
return certificate_ops.dispatch_sign(ra_name, csr)
def post(self):
ra_name = self.ra_name
logger.debug("processing signing request in registration authority %s",
ra_name)
auth_result = auth.validate(ra_name,
pecan.request.POST.get('user'),
pecan.request.POST.get('secret'))
csr = certificate_ops.parse_csr(pecan.request.POST.get('csr'),
pecan.request.POST.get('encoding'))
certificate_ops.validate_csr(ra_name, auth_result, csr, pecan.request)
return certificate_ops.dispatch_sign(ra_name, csr)
def test_validate_csr_success(self):
"""Test basic success path for validate_csr."""
csr_obj = certificate_ops.parse_csr(self.csr_sample, 'pem')
config = "anchor.jsonloader.conf._config"
self.sample_conf_ra['default_ra']['validators'] = {
'extensions': {
'allowed_extensions': ['basicConstraints', 'keyUsage']
}
}
data = self.sample_conf
with mock.patch.dict(config, data):
certificate_ops.validate_csr('default_ra', None, csr_obj, None)
def test_validate_csr_fail(self):
"""Test failure path for validate_csr."""
csr_obj = certificate_ops.parse_csr(self.csr_sample, 'pem')
config = "anchor.jsonloader.conf._config"
self.sample_conf_ra['default_ra']['validators'] = {
'common_name': {
'allowed_domains': ['.testing.example.com']
}
}
data = self.sample_conf
with mock.patch.dict(config, data):
with self.assertRaises(http_status.HTTPException) as cm:
certificate_ops.validate_csr('default_ra', None, csr_obj, None)
self.assertEqual(cm.exception.code, 400)
def test_validate_csr_fail(self):
"""Test failure path for validate_csr."""
csr_obj = certificate_ops.parse_csr(self.csr_sample, 'pem')
config = "anchor.jsonloader.conf._config"
self.sample_conf_ra['default_ra']['validators'] = {
'common_name': {
'allowed_domains': ['.testing.example.com']
}
}
data = self.sample_conf
with mock.patch.dict(config, data):
with self.assertRaises(http_status.HTTPException) as cm:
certificate_ops.validate_csr('default_ra', None, csr_obj, None)
self.assertEqual(cm.exception.code, 400)
def test_validate_csr_fail(self):
"""Test failure path for validate_csr."""
csr_obj = certificate_ops.parse_csr(self.csr, 'pem')
config = "anchor.jsonloader.conf._config"
validators = {
'steps': {
'common_name': {
'allowed_domains': ['.testing.com']
}
}
}
data = {'validators': validators}
with mock.patch.dict(config, data):
with self.assertRaises(http_status.HTTPClientError):
certificate_ops.validate_csr(None, csr_obj, None)
