def _do_create_cas(self, set_project_cas):
for ca_id in moves.range(self.num_cas):
parsed_ca = {
'plugin_name': self.plugin_name,
'plugin_ca_id': self.plugin_ca_id + str(ca_id),
'name': self.plugin_name,
'description': 'Master CA for default plugin',
'ca_signing_certificate': 'ZZZZZ' + str(ca_id),
'intermediates': 'YYYYY' + str(ca_id)
}
ca = models.CertificateAuthority(parsed_ca)
ca_repo.create_from(ca)
ca_repo.save(ca)
if ca_id == 1:
# set global preferred ca
pref_ca = models.PreferredCertificateAuthority(
self.global_project.id,
ca.id)
preferred_ca_repo.create_from(pref_ca)
preferred_ca_repo.save(pref_ca)
self.global_preferred_ca = ca
if ca_id == 2 and set_project_cas:
# set project CA
project_ca = models.ProjectCertificateAuthority(
self.project.id, ca.id)
project_ca_repo.create_from(project_ca)
project_ca_repo.save(project_ca)
self.project_ca_ids.append(ca.id)
if ca_id == 3 and set_project_cas:
# set project preferred CA
project_ca = models.ProjectCertificateAuthority(
self.project.id, ca.id)
project_ca_repo.create_from(project_ca)
project_ca_repo.save(project_ca)
self.project_ca_ids.append(ca.id)
pref_ca = models.PreferredCertificateAuthority(
self.project.id, ca.id)
preferred_ca_repo.create_from(pref_ca)
preferred_ca_repo.save(pref_ca)
self.preferred_ca = ca
if ca_id == 4:
# set ca for testing GETs for a single CA
self.selected_ca_id = ca.id
self.selected_plugin_ca_id = self.plugin_ca_id + str(ca_id)
self.selected_signing_cert = 'ZZZZZ' + str(ca_id)
self.selected_intermediates = 'YYYYY' + str(ca_id)
def add_to_project(self, external_project_id):
if pecan.request.method != 'POST':
pecan.abort(405)
LOG.debug("== Saving CA %s to external_project_id %s", self.ca.id,
external_project_id)
project_model = res.get_or_create_project(external_project_id)
# CA must be a base CA or a subCA owned by this project
if (self.ca.project_id is not None
and self.ca.project_id != project_model.id):
raise excep.UnauthorizedSubCA()
project_cas = project_model.cas
num_cas = len(project_cas)
for project_ca in project_cas:
if project_ca.ca_id == self.ca.id:
# project already added
return
project_ca = models.ProjectCertificateAuthority(
project_model.id, self.ca.id)
self.project_ca_repo.create_from(project_ca)
if num_cas == 0:
# set first project CA to be the preferred one
preferred_ca = models.PreferredCertificateAuthority(
project_model.id, self.ca.id)
self.preferred_ca_repo.create_from(preferred_ca)
def set_preferred(self, external_project_id):
if pecan.request.method != 'POST':
pecan.abort(405)
LOG.debug("== Setting preferred CA %s for project %s", self.ca.id,
external_project_id)
project_model = res.get_or_create_project(external_project_id)
(project_ca, __offset, __limit,
__total) = (self.project_ca_repo.get_by_create_date(
project_id=project_model.id,
ca_id=self.ca.id,
suppress_exception=True))
if not project_ca:
_requested_preferred_ca_not_a_project_ca()
preferred_ca = self.preferred_ca_repo.get_project_entities(
project_model.id)
if preferred_ca is not None:
self.preferred_ca_repo.update_preferred_ca(project_model.id,
self.ca)
else:
preferred_ca = models.PreferredCertificateAuthority(
project_model.id, self.ca.id)
self.preferred_ca_repo.create_from(preferred_ca)
def test_should_raise_when_delete_pref_subca_with_other_project_ca(self):
subca = cert_res.create_subordinate_ca(
project_model=self.project,
name=self.name,
description=self.description,
subject_dn=self.subject_name,
parent_ca_ref=self.parent_ca_ref,
creator_id=self.creator_id)
project_ca = models.ProjectCertificateAuthority(
self.project.id, subca.id)
project_ca_repo.create_from(project_ca)
preferred_ca = models.PreferredCertificateAuthority(
self.project.id, subca.id)
preferred_ca_repo.create_from(preferred_ca)
subca2 = cert_res.create_subordinate_ca(
project_model=self.project,
name=self.name,
description=self.description,
subject_dn=self.subject_name,
parent_ca_ref=self.parent_ca_ref,
creator_id=self.creator_id)
project_ca2 = models.ProjectCertificateAuthority(
self.project.id, subca2.id)
project_ca_repo.create_from(project_ca2)
self.assertRaises(excep.CannotDeletePreferredCA,
cert_res.delete_subordinate_ca,
self.project.external_id, subca)
def test_create_new_preferred_ca(self):
ca = models.CertificateAuthority(self.parsed_ca)
ca.id = '67890'
project = models.Project()
project.id = '12345'
preferred_ca = models.PreferredCertificateAuthority(project.id, ca.id)
self.assertEqual(ca.id, preferred_ca.ca_id)
self.assertEqual(project.id, preferred_ca.project_id)
def set_global_preferred(self, external_project_id):
if pecan.request.method != 'POST':
pecan.abort(405)
LOG.debug("== Set global preferred CA %s", self.ca.id)
pref_ca = self.preferred_ca_repo.get_global_preferred_ca()
if pref_ca is None:
global_preferred_ca = models.PreferredCertificateAuthority(
self.preferred_ca_repo.PREFERRED_PROJECT_ID, self.ca.id)
self.preferred_ca_repo.create_from(global_preferred_ca)
else:
self.preferred_ca_repo.update_global_preferred_ca(self.ca)
def test_should_delete_subca_and_all_related_db_entities(self):
subca = cert_res.create_subordinate_ca(
project_model=self.project,
name=self.name,
description=self.description,
subject_dn=self.subject_name,
parent_ca_ref=self.parent_ca_ref,
creator_id=self.creator_id)
project_ca = models.ProjectCertificateAuthority(
self.project.id, subca.id)
project_ca_repo.create_from(project_ca)
preferred_ca = models.PreferredCertificateAuthority(
self.project.id, subca.id)
preferred_ca_repo.create_from(preferred_ca)
cert_res.delete_subordinate_ca(self.project.external_id, subca)
self.cert_plugin.delete_ca.assert_called_once_with(subca.plugin_ca_id)
def add_to_project(self, external_project_id):
if pecan.request.method != 'POST':
pecan.abort(405)
LOG.debug("== Saving CA %s to external_project_id %s", self.ca.id,
external_project_id)
project_model = res.get_or_create_project(external_project_id)
project_cas = project_model.cas
num_cas = len(project_cas)
for project_ca in project_cas:
if project_ca.ca_id == self.ca.id:
# project already added
return
project_ca = models.ProjectCertificateAuthority(
project_model.id, self.ca.id)
self.project_ca_repo.create_from(project_ca)
if num_cas == 0:
# set first project CA to be the preferred one
preferred_ca = models.PreferredCertificateAuthority(
project_model.id, self.ca.id)
self.preferred_ca_repo.create_from(preferred_ca)
def create_preferred_cert_authority(cert_authority, session=None):
preferred_cert_authority = models.PreferredCertificateAuthority(
ca_id=cert_authority.id, project_id=cert_authority.project_id)
preferred_ca_repo = repositories.get_preferred_ca_repository()
preferred_ca_repo.create_from(preferred_cert_authority, session=session)
return preferred_cert_authority
def setUp(self):
super(BaseCertificateRequestsTestCase, self).setUp()
self.external_project_id = "56789"
self.project = res.get_or_create_project(self.external_project_id)
project_repo.save(self.project)
self.barbican_meta_dto = mock.MagicMock()
self.order_meta = {}
self.plugin_meta = {}
self.barbican_meta = {}
self.result = cert_man.ResultDTO(
cert_man.CertificateStatus.WAITING_FOR_CA
)
self.result_follow_on = common.FollowOnProcessingStatusDTO()
self.cert_plugin = mock.MagicMock()
self.cert_plugin.issue_certificate_request.return_value = self.result
self.cert_plugin.check_certificate_status.return_value = self.result
self.store_plugin = mock.MagicMock()
parsed_ca = {
'plugin_name': "cert_plugin",
'plugin_ca_id': "XXXX",
'name': "test ca",
'description': 'Test CA',
'ca_signing_certificate': 'ZZZZZ',
'intermediates': 'YYYYY'
}
self.ca = models.CertificateAuthority(parsed_ca)
ca_repo.create_from(self.ca)
self.ca_id = self.ca.id
# second ca for testing
parsed_ca = {
'plugin_name': "cert_plugin",
'plugin_ca_id': "XXXX2",
'name': "test ca2",
'description': 'Test CA2',
'ca_signing_certificate': 'ZZZZZ2',
'intermediates': 'YYYYY2'
}
self.ca2 = models.CertificateAuthority(parsed_ca)
ca_repo.create_from(self.ca2)
self.ca_id2 = self.ca2.id
# data for preferred CA and global preferred CA tests
# add those to the repo in those tests
self.pref_ca = models.PreferredCertificateAuthority(
self.project.id,
self.ca_id)
self.global_pref_ca = models.PreferredCertificateAuthority(
self.project.id,
self.ca_id)
# data for stored key cases
self.private_key = models.Secret()
self.private_key.secret_type = 'PRIVATE'
self.private_key.project_id = self.project.id
secret_repo.create_from(self.private_key)
self.public_key = models.Secret()
self.public_key.secret_type = 'PUBLIC'
self.public_key.project_id = self.project.id
secret_repo.create_from(self.public_key)
self.passphrase = models.Secret()
self.passphrase.secret_type = 'PASSPHRASE'
self.passphrase.project_id = self.project.id
secret_repo.create_from(self.passphrase)
self.private_key_value = None
self.public_key_value = "public_key"
self.passphrase_value = None
self.parsed_container_with_passphrase = {
'name': 'container name',
'type': 'rsa',
'secret_refs': [
{'name': 'private_key',
'secret_ref': 'https://localhost/secrets/' +
self.private_key.id},
{'name': 'public_key',
'secret_ref': 'https://localhost/secrets/' +
self.public_key.id},
{'name': 'private_key_passphrase',
'secret_ref': 'https://localhost/secrets/' +
self.passphrase.id}
]
}
self.parsed_container = {
'name': 'container name',
'type': 'rsa',
'secret_refs': [
{'name': 'private_key',
'secret_ref': 'https://localhost/secrets/' +
self.private_key.id},
{'name': 'public_key',
'secret_ref': 'https://localhost/secrets/' +
self.public_key.id}
]
}
self.container_with_passphrase = models.Container(
self.parsed_container_with_passphrase)
self.container_with_passphrase.project_id = self.project.id
container_repo.create_from(self.container_with_passphrase)
self.container = models.Container(self.parsed_container)
self.container.project_id = self.project.id
container_repo.create_from(self.container)
repositories.commit()
self.stored_key_meta = {
cert_man.REQUEST_TYPE:
cert_man.CertificateRequestType.STORED_KEY_REQUEST,
"container_ref":
"https://localhost/containers/" + self.container.id,
"subject_dn": "cn=host.example.com,ou=dev,ou=us,o=example.com"
}
self.order = models.Order()
self.order.meta = self.order_meta
self.order.project_id = self.project.id
self.order.order_barbican_meta = self.barbican_meta
self.order.type = 'certificate'
order_repo.create_from(self.order)
self._config_cert_plugin()
self._config_store_plugin()
self._config_cert_event_plugin()
self._config_save_meta_plugin()
self._config_get_meta_plugin()
self._config_save_barbican_meta_plugin()
self._config_get_barbican_meta_plugin()
self._config_barbican_meta_dto()
def _add_global_preferred_ca(self, ca_id, session):
preferred_ca = self.preferred_ca_repo.create_from(
models.PreferredCertificateAuthority(self.global_project.id,
ca_id), session)
return preferred_ca
def create_cas(self):
self.project = res.get_or_create_project(self.project_id)
project_repo.save(self.project)
self.project_ca_ids = []
self.plugin_name = 'default_plugin'
self.plugin_ca_id = 'default_plugin_ca_id_'
self.ca_id = "id1"
self.num_cas = 10
self.offset = 2
self.limit = 4
self.params = {'offset': self.offset, 'limit': self.limit}
for ca_id in moves.range(self.num_cas):
parsed_ca = {
'plugin_name': self.plugin_name,
'plugin_ca_id': self.plugin_ca_id + str(ca_id),
'name': self.plugin_name,
'description': 'Master CA for default plugin',
'ca_signing_certificate': 'ZZZZZ' + str(ca_id),
'intermediates': 'YYYYY' + str(ca_id)
}
ca = models.CertificateAuthority(parsed_ca)
ca_repo.create_from(ca)
ca_repo.save(ca)
if ca_id == 1:
# set global preferred ca
pref_ca = models.PreferredCertificateAuthority(
preferred_ca_repo.PREFERRED_PROJECT_ID, ca.id)
preferred_ca_repo.create_from(pref_ca)
preferred_ca_repo.save(pref_ca)
self.global_ca_id = ca.id
if ca_id == 2:
# set project CA
project_ca = models.ProjectCertificateAuthority(
self.project.id, ca.id)
project_ca_repo.create_from(project_ca)
project_ca_repo.save(project_ca)
self.project_ca_ids.append(ca.id)
if ca_id == 3:
# set project preferred CA
project_ca = models.ProjectCertificateAuthority(
self.project.id, ca.id)
project_ca_repo.create_from(project_ca)
project_ca_repo.save(project_ca)
self.project_ca_ids.append(ca.id)
pref_ca = models.PreferredCertificateAuthority(
self.project.id, ca.id)
preferred_ca_repo.create_from(pref_ca)
preferred_ca_repo.save(pref_ca)
self.preferred_project_ca_id = ca.id
if ca_id == 4:
# set ca for testing GETs for a single CA
self.selected_ca_id = ca.id
self.selected_plugin_ca_id = self.plugin_ca_id + str(ca_id)
self.selected_signing_cert = 'ZZZZZ' + str(ca_id)
self.selected_intermediates = 'YYYYY' + str(ca_id)
def _add_global_preferred_ca(self, ca_id, session):
preferred_ca = self.preferred_ca_repo.create_from(
models.PreferredCertificateAuthority(
self.preferred_ca_repo.PREFERRED_PROJECT_ID, ca_id), session)
return preferred_ca
