def _add_ca__to_project_and_get_preferred(self, ca_ref): resp = self.ca_behaviors.add_ca_to_project(ca_ref, user_name=admin_a) self.assertEqual(204, resp.status_code) resp = self.ca_behaviors.get_preferred(user_name=admin_a) self.assertEqual(200, resp.status_code) ca_id = hrefs.get_ca_id_from_ref(resp.model.ca_ref) self.assertEqual(hrefs.get_ca_id_from_ref(ca_ref), ca_id) resp = self.ca_behaviors.remove_ca_from_project( ca_ref, user_name=admin_a) self.assertEqual(204, resp.status_code) resp = self.ca_behaviors.get_preferred(user_name=admin_a) self.assertEqual(404, resp.status_code)
def test_project_preferred_overrides_global_preferred(self): if self.num_cas < 2: self.skipTest("At least two CAs are required for this test") resp = self.ca_behaviors.get_preferred(user_name=admin_a) self.assertEqual(404, resp.status_code) resp = self.ca_behaviors.set_global_preferred( ca_ref=self.cas[1], user_name=service_admin) self.assertEqual(204, resp.status_code) resp = self.ca_behaviors.get_preferred(user_name=admin_a) self.assertEqual(200, resp.status_code) ca_id = hrefs.get_ca_id_from_ref(resp.model.ca_ref) self.assertEqual(self.ca_ids[1], ca_id) resp = self.ca_behaviors.add_ca_to_project( ca_ref=self.cas[0], user_name=admin_a) self.assertEqual(204, resp.status_code) resp = self.ca_behaviors.get_preferred(user_name=admin_a) self.assertEqual(200, resp.status_code) ca_id = hrefs.get_ca_id_from_ref(resp.model.ca_ref) self.assertEqual(self.ca_ids[0], ca_id) resp = self.ca_behaviors.remove_ca_from_project( ca_ref=self.cas[0], user_name=admin_a) self.assertEqual(204, resp.status_code) resp = self.ca_behaviors.get_preferred(user_name=admin_a) ca_id = hrefs.get_ca_id_from_ref(resp.model.ca_ref) self.assertEqual(self.ca_ids[1], ca_id) resp = self.ca_behaviors.unset_global_preferred( user_name=service_admin) self.assertEqual(204, resp.status_code) resp = self.ca_behaviors.get_preferred(user_name=admin_a) self.assertEqual(404, resp.status_code)
def create_subordinate_ca(project_model, name, description, subject_dn, parent_ca_ref, creator_id): """Create a subordinate CA :param name - name of the subordinate CA :param: description - description of the subordinate CA :param: subject_dn - subject DN of the subordinate CA :param: parent_ca_ref - Barbican URL reference to the parent CA :param: creator_id - id for creator of the subordinate CA :return: :class models.CertificateAuthority model object for new sub CA """ # check that the parent ref exists and is accessible parent_ca_id = hrefs.get_ca_id_from_ref(parent_ca_ref) ca_repo = repos.get_ca_repository() parent_ca = ca_repo.get(entity_id=parent_ca_id, suppress_exception=True) if not parent_ca: raise excep.InvalidParentCA(parent_ca_ref=parent_ca_ref) # Parent CA must be a base CA or a subCA owned by this project if (parent_ca.project_id is not None and parent_ca.project_id != project_model.id): raise excep.UnauthorizedSubCA() # get the parent plugin, raises CertPluginNotFound if missing cert_plugin = cert.CertificatePluginManager().get_plugin_by_name( parent_ca.plugin_name) # confirm that the plugin supports creating subordinate CAs if not cert_plugin.supports_create_ca(): raise excep.SubCAsNotSupported() # make call to create the subordinate ca create_ca_dto = cert.CACreateDTO( name=name, description=description, subject_dn=subject_dn, parent_ca_id=parent_ca.plugin_ca_id) new_ca_dict = cert_plugin.create_ca(create_ca_dto) if not new_ca_dict: raise excep.SubCANotCreated(name=name) # create and store the subordinate CA as a new certificate authority object new_ca_dict['plugin_name'] = parent_ca.plugin_name new_ca_dict['creator_id'] = creator_id new_ca_dict['project_id'] = project_model.id new_ca = models.CertificateAuthority(new_ca_dict) ca_repo.create_from(new_ca) return new_ca
def test_global_preferred_set_and_unset(self): resp = self.ca_behaviors.set_global_preferred( ca_ref=self.cas[0], user_name=service_admin) self.assertEqual(204, resp.status_code) resp = self.ca_behaviors.get_global_preferred(user_name=service_admin) self.assertEqual(200, resp.status_code) ca_id = hrefs.get_ca_id_from_ref(resp.model.ca_ref) self.assertEqual(self.ca_ids[0], ca_id) resp = self.ca_behaviors.unset_global_preferred( user_name=service_admin) self.assertEqual(204, resp.status_code) resp = self.ca_behaviors.get_global_preferred(user_name=service_admin) self.assertEqual(404, resp.status_code)
def send_test_order(self, ca_ref=None, user_name=None, expected_return=202): test_model = order_models.OrderModel(**self.simple_cmc_data) test_model.meta['request_data'] = base64.b64encode( certutil.create_good_csr()) if ca_ref is not None: ca_id = hrefs.get_ca_id_from_ref(ca_ref) test_model.meta['ca_id'] = ca_id create_resp, order_ref = self.order_behaviors.create_order( test_model, user_name=user_name) self.assertEqual(expected_return, create_resp.status_code) if expected_return == 202: self.assertIsNotNone(order_ref) return order_ref
def test_response_should_all_except_subca_from_all_subresource(self): self.create_cas() self.app.extra_environ = { 'barbican.context': self._build_context("other_project", user="******") } self.params['limit'] = 100 self.params['offset'] = 0 self.params['plugin_name'] = self.plugin_name resp = self.app.get('/cas/all', self.params) self.assertIn('total', resp.namespace) self.assertEqual(self.num_cas - 1, resp.namespace['total']) ca_refs = list(resp.namespace['cas']) for ca_ref in ca_refs: ca_id = hrefs.get_ca_id_from_ref(ca_ref) self.assertNotEqual(ca_id, self.subca.id)
def test_response_should_list_subca_and_project_cas(self): self.create_cas() self.app.extra_environ = { 'barbican.context': self._build_context(self.project_id, user="******") } self.params['limit'] = 100 self.params['offset'] = 0 resp = self.app.get('/cas/', self.params) self.assertIn('total', resp.namespace) self.assertEqual(3, resp.namespace['total']) ca_refs = list(resp.namespace['cas']) for ca_ref in ca_refs: ca_id = hrefs.get_ca_id_from_ref(ca_ref) if not ((ca_id in self.project_ca_ids) or (ca_id == self.subca.id)): self.fail("Invalid CA reference returned")
def setUp(self): super(GlobalPreferredCATestCase, self).setUp() (_, self.cas, self.num_cas, _, _) = self.ca_behaviors.get_cas() self.ca_ids = [hrefs.get_ca_id_from_ref(ref) for ref in self.cas]