def test_should_raise_when_delete_pref_subca_with_other_project_ca(self): subca = cert_res.create_subordinate_ca( project_model=self.project, name=self.name, description=self.description, subject_dn=self.subject_name, parent_ca_ref=self.parent_ca_ref, creator_id=self.creator_id) project_ca = models.ProjectCertificateAuthority( self.project.id, subca.id) project_ca_repo.create_from(project_ca) preferred_ca = models.PreferredCertificateAuthority( self.project.id, subca.id) preferred_ca_repo.create_from(preferred_ca) subca2 = cert_res.create_subordinate_ca( project_model=self.project, name=self.name, description=self.description, subject_dn=self.subject_name, parent_ca_ref=self.parent_ca_ref, creator_id=self.creator_id) project_ca2 = models.ProjectCertificateAuthority( self.project.id, subca2.id) project_ca_repo.create_from(project_ca2) self.assertRaises(excep.CannotDeletePreferredCA, cert_res.delete_subordinate_ca, self.project.external_id, subca)
def _do_create_cas(self, set_project_cas): for ca_id in moves.range(self.num_cas): parsed_ca = { 'plugin_name': self.plugin_name, 'plugin_ca_id': self.plugin_ca_id + str(ca_id), 'name': self.plugin_name, 'description': 'Master CA for default plugin', 'ca_signing_certificate': 'ZZZZZ' + str(ca_id), 'intermediates': 'YYYYY' + str(ca_id) } ca = models.CertificateAuthority(parsed_ca) ca_repo.create_from(ca) ca_repo.save(ca) if ca_id == 1: # set global preferred ca pref_ca = models.PreferredCertificateAuthority( self.global_project.id, ca.id) preferred_ca_repo.create_from(pref_ca) preferred_ca_repo.save(pref_ca) self.global_preferred_ca = ca if ca_id == 2 and set_project_cas: # set project CA project_ca = models.ProjectCertificateAuthority( self.project.id, ca.id) project_ca_repo.create_from(project_ca) project_ca_repo.save(project_ca) self.project_ca_ids.append(ca.id) if ca_id == 3 and set_project_cas: # set project preferred CA project_ca = models.ProjectCertificateAuthority( self.project.id, ca.id) project_ca_repo.create_from(project_ca) project_ca_repo.save(project_ca) self.project_ca_ids.append(ca.id) pref_ca = models.PreferredCertificateAuthority( self.project.id, ca.id) preferred_ca_repo.create_from(pref_ca) preferred_ca_repo.save(pref_ca) self.preferred_ca = ca if ca_id == 4: # set ca for testing GETs for a single CA self.selected_ca_id = ca.id self.selected_plugin_ca_id = self.plugin_ca_id + str(ca_id) self.selected_signing_cert = 'ZZZZZ' + str(ca_id) self.selected_intermediates = 'YYYYY' + str(ca_id)
def create_project_cert_authority(certificate_authority=None, session=None): project_cert_authority = models.ProjectCertificateAuthority( ca_id=certificate_authority.id, project_id=certificate_authority.project_id) project_cert_repo = repositories.get_project_ca_repository() project_cert_repo.create_from(project_cert_authority, session=session) return project_cert_authority
def add_to_project(self, external_project_id): if pecan.request.method != 'POST': pecan.abort(405) LOG.debug("== Saving CA %s to external_project_id %s", self.ca.id, external_project_id) project_model = res.get_or_create_project(external_project_id) # CA must be a base CA or a subCA owned by this project if (self.ca.project_id is not None and self.ca.project_id != project_model.id): raise excep.UnauthorizedSubCA() project_cas = project_model.cas num_cas = len(project_cas) for project_ca in project_cas: if project_ca.ca_id == self.ca.id: # project already added return project_ca = models.ProjectCertificateAuthority( project_model.id, self.ca.id) self.project_ca_repo.create_from(project_ca) if num_cas == 0: # set first project CA to be the preferred one preferred_ca = models.PreferredCertificateAuthority( project_model.id, self.ca.id) self.preferred_ca_repo.create_from(preferred_ca)
def test_create_new_project_ca(self): ca = models.CertificateAuthority(self.parsed_ca) ca.id = '67890' project = models.Project() project.id = '12345' project_ca = models.ProjectCertificateAuthority(project.id, ca.id) self.assertEqual(ca.id, project_ca.ca_id) self.assertEqual(project.id, project_ca.project_id)
def test_create_should_fail_when_ca_not_in_defined_project_ca_ids(self): # Create a Project CA and add it project_ca_model = models.ProjectCertificateAuthority( self.project.id, self.available_ca_ids[0]) project_ca_repo.create_from(project_ca_model) repositories.commit() # Make sure we set the ca_id to an id not defined in the project self.certificate_meta['ca_id'] = self.available_ca_ids[1] create_resp, order_uuid = create_order(self.app, order_type='certificate', meta=self.certificate_meta, expect_errors=True) self.assertEqual(403, create_resp.status_int)
def test_should_delete_subca_and_all_related_db_entities(self): subca = cert_res.create_subordinate_ca( project_model=self.project, name=self.name, description=self.description, subject_dn=self.subject_name, parent_ca_ref=self.parent_ca_ref, creator_id=self.creator_id) project_ca = models.ProjectCertificateAuthority( self.project.id, subca.id) project_ca_repo.create_from(project_ca) preferred_ca = models.PreferredCertificateAuthority( self.project.id, subca.id) preferred_ca_repo.create_from(preferred_ca) cert_res.delete_subordinate_ca(self.project.external_id, subca) self.cert_plugin.delete_ca.assert_called_once_with(subca.plugin_ca_id)
def test_can_add_new_cert_order_with_ca_id_project_ca_defined(self): # Create a Project CA and add it project_ca_model = models.ProjectCertificateAuthority( self.project.id, self.available_ca_ids[0]) project_ca_repo.create_from(project_ca_model) repositories.commit() # Attempt to create an order self.certificate_meta['ca_id'] = self.available_ca_ids[0] create_resp, order_uuid = create_order(self.app, order_type='certificate', meta=self.certificate_meta) self.assertEqual(202, create_resp.status_int) order = order_repo.get(order_uuid, self.project_id) self.assertIsInstance(order, models.Order)
def add_to_project(self, external_project_id): if pecan.request.method != 'POST': pecan.abort(405) LOG.debug("== Saving CA %s to external_project_id %s", self.ca.id, external_project_id) project_model = res.get_or_create_project(external_project_id) project_cas = project_model.cas num_cas = len(project_cas) for project_ca in project_cas: if project_ca.ca_id == self.ca.id: # project already added return project_ca = models.ProjectCertificateAuthority( project_model.id, self.ca.id) self.project_ca_repo.create_from(project_ca) if num_cas == 0: # set first project CA to be the preferred one preferred_ca = models.PreferredCertificateAuthority( project_model.id, self.ca.id) self.preferred_ca_repo.create_from(preferred_ca)
def _add_project_ca(self, project_id, ca_id, session): project_ca = self.project_ca_repo.create_from( models.ProjectCertificateAuthority(project_id, ca_id), session) return project_ca
def create_cas(self): self.project = res.get_or_create_project(self.project_id) project_repo.save(self.project) self.project_ca_ids = [] self.plugin_name = 'default_plugin' self.plugin_ca_id = 'default_plugin_ca_id_' self.ca_id = "id1" self.num_cas = 10 self.offset = 2 self.limit = 4 self.params = {'offset': self.offset, 'limit': self.limit} for ca_id in moves.range(self.num_cas): parsed_ca = { 'plugin_name': self.plugin_name, 'plugin_ca_id': self.plugin_ca_id + str(ca_id), 'name': self.plugin_name, 'description': 'Master CA for default plugin', 'ca_signing_certificate': 'ZZZZZ' + str(ca_id), 'intermediates': 'YYYYY' + str(ca_id) } ca = models.CertificateAuthority(parsed_ca) ca_repo.create_from(ca) ca_repo.save(ca) if ca_id == 1: # set global preferred ca pref_ca = models.PreferredCertificateAuthority( preferred_ca_repo.PREFERRED_PROJECT_ID, ca.id) preferred_ca_repo.create_from(pref_ca) preferred_ca_repo.save(pref_ca) self.global_ca_id = ca.id if ca_id == 2: # set project CA project_ca = models.ProjectCertificateAuthority( self.project.id, ca.id) project_ca_repo.create_from(project_ca) project_ca_repo.save(project_ca) self.project_ca_ids.append(ca.id) if ca_id == 3: # set project preferred CA project_ca = models.ProjectCertificateAuthority( self.project.id, ca.id) project_ca_repo.create_from(project_ca) project_ca_repo.save(project_ca) self.project_ca_ids.append(ca.id) pref_ca = models.PreferredCertificateAuthority( self.project.id, ca.id) preferred_ca_repo.create_from(pref_ca) preferred_ca_repo.save(pref_ca) self.preferred_project_ca_id = ca.id if ca_id == 4: # set ca for testing GETs for a single CA self.selected_ca_id = ca.id self.selected_plugin_ca_id = self.plugin_ca_id + str(ca_id) self.selected_signing_cert = 'ZZZZZ' + str(ca_id) self.selected_intermediates = 'YYYYY' + str(ca_id)