def test_parse_certificate_id(self): expected = self._get_expected('certificates', 'myvault', 'mycert', 'abc123') res = KeyVaultId.parse_certificate_id('https://myvault.vault.azure.net/certificates/mycert/abc123') self.assertEqual(res.__dict__, expected) expected = self._get_expected('certificates', 'myvault', 'mycert') res = KeyVaultId.parse_certificate_id('https://myvault.vault.azure.net/certificates/mycert') self.assertEqual(res.__dict__, expected)
def test_parse_certificate_id(self): expected = self._get_expected('certificates', 'myvault', 'mycert', 'abc123') res = KeyVaultId.parse_certificate_id( 'https://myvault.vault.azure.net/certificates/mycert/abc123') self.assertEqual(res.__dict__, expected) expected = self._get_expected('certificates', 'myvault', 'mycert') res = KeyVaultId.parse_certificate_id( 'https://myvault.vault.azure.net/certificates/mycert') self.assertEqual(res.__dict__, expected)
def test_list_versions(self, vault, **kwargs): self.assertIsNotNone(vault) vault_uri = vault.properties.vault_uri cert_name = self.get_resource_name('certver') max_certificates = self.list_test_size expected = {} # import same certificates as different versions for x in range(0, max_certificates): cert_bundle = None error_count = 0 while not cert_bundle: try: cert_bundle = self._import_common_certificate(vault_uri, cert_name)[0] cid = KeyVaultId.parse_certificate_id(cert_bundle.id).id.strip('/') expected[cid] = cert_bundle.attributes except Exception as ex: if hasattr(ex, 'message') and 'Throttled' in ex.message: error_count += 1 time.sleep(2.5 * error_count) continue else: raise ex # list certificate versions self._validate_certificate_list(list(self.client.get_certificate_versions(vault_uri, cert_name)), expected)
def test_recover_and_purge(self, vault, **kwargs): self.assertIsNotNone(vault) vault_uri = vault.properties.vault_uri certs = {} cert_policy = CertificatePolicy(key_properties=KeyProperties(exportable=True, key_type='RSA', key_size=2048, reuse_key=False), secret_properties=SecretProperties(content_type='application/x-pkcs12'), issuer_parameters=IssuerParameters(name='Self'), x509_certificate_properties=X509CertificateProperties( subject='CN=*.microsoft.com', subject_alternative_names=SubjectAlternativeNames( dns_names=['onedrive.microsoft.com', 'xbox.microsoft.com'] ), validity_in_months=24 )) # create certificates to recover for i in range(0, self.list_test_size): cert_name = self.get_resource_name('certrec{}'.format(str(i))) certs[cert_name] = self._import_common_certificate(vault_uri, cert_name) # create certificates to purge for i in range(0, self.list_test_size): cert_name = self.get_resource_name('certprg{}'.format(str(i))) certs[cert_name] = self._import_common_certificate(vault_uri, cert_name) # delete all certificates for cert_name in certs.keys(): delcert = self.client.delete_certificate(vault_uri, cert_name) print(delcert) if not self.is_playback(): time.sleep(30) # validate all our deleted certificates are returned by get_deleted_certificates deleted = [KeyVaultId.parse_certificate_id(s.id).name for s in self.client.get_deleted_certificates(vault_uri)] # self.assertTrue(all(s in deleted for s in certs.keys())) # recover select secrets for certificate_name in [s for s in certs.keys() if s.startswith('certrec')]: self.client.recover_deleted_certificate(vault_uri, certificate_name) # purge select secrets for certificate_name in [s for s in certs.keys() if s.startswith('certprg')]: self.client.purge_deleted_certificate(vault_uri, certificate_name) if not self.is_playback(): time.sleep(30) # validate none of our deleted certificates are returned by get_deleted_certificates deleted = [KeyVaultId.parse_secret_id(s.id).name for s in self.client.get_deleted_certificates(vault_uri)] self.assertTrue(not any(s in deleted for s in certs.keys())) # validate the recovered certificates expected = {k: v for k, v in certs.items() if k.startswith('certrec')} actual = {k: self.client.get_certificate(vault_uri, k, KeyVaultId.version_none) for k in expected.keys()} self.assertEqual(len(set(expected.keys()) & set(actual.keys())), len(expected))
def _validate_certificate_bundle(self, cert, vault, cert_name, cert_policy): cert_id = KeyVaultId.parse_certificate_id(cert.id) self.assertEqual(cert_id.vault.strip('/'), vault.strip('/')) self.assertEqual(cert_id.name, cert_name) self.assertIsNotNone(cert) self.assertIsNotNone(cert.x509_thumbprint) self.assertIsNotNone(cert.cer) self.assertIsNotNone(cert.attributes) self.assertIsNotNone(cert.policy) self.assertIsNotNone(cert.policy.id) self.assertIsNotNone(cert.policy.issuer_parameters) self.assertIsNotNone(cert.policy.lifetime_actions) self.assertEqual(cert.policy.key_properties, cert_policy.key_properties) self.assertEqual(cert.policy.secret_properties, cert_policy.secret_properties) self.assertIsNotNone(cert.policy.x509_certificate_properties) if cert_policy.x509_certificate_properties: self.assertEqual(cert.policy.x509_certificate_properties.validity_in_months, cert_policy.x509_certificate_properties.validity_in_months) KeyVaultId.parse_secret_id(cert.sid) KeyVaultId.parse_key_id(cert.kid)