def testSubjectKeyValStrip(self): flags.AddSubjectFlags(self.parser) args = self.parser.parse_args( ['--subject', 'CN=google.com,C=US,ST=Washington']) subject_config = flags.ParseSubjectFlags(args, is_ca=False) subject = subject_config.subject common_name = subject_config.commonName self.assertEqual(common_name, 'google.com') self.assertEqual(subject.countryCode, 'US') self.assertEqual(subject.province, 'Washington') args = self.parser.parse_args( ['--subject', 'CN=google.com , C=US,ST=Washington']) subject_config = flags.ParseSubjectFlags(args, is_ca=False) subject = subject_config.subject common_name = subject_config.commonName self.assertEqual(common_name, 'google.com') self.assertEqual(subject.countryCode, 'US') self.assertEqual(subject.province, 'Washington') args = self.parser.parse_args( ['--subject', 'CN=google.com, C=US, ST=Washington']) subject_config = flags.ParseSubjectFlags(args, is_ca=False) subject = subject_config.subject common_name = subject_config.commonName self.assertEqual(common_name, 'google.com') self.assertEqual(subject.countryCode, 'US') self.assertEqual(subject.province, 'Washington')
def testAddMultipleIpSans(self): flags.AddSubjectFlags(self.parser) args = self.parser.parse_args([ '--ip-san', '1.2.3.4,127.0.0.1,2620:0:1008:10:9dda:7dd8:2ec6:273d' ]) self.assertEqual( args.ip_san, ['1.2.3.4', '127.0.0.1', '2620:0:1008:10:9dda:7dd8:2ec6:273d'])
def testSubjectParsePartialFields(self): flags.AddSubjectFlags(self.parser) args = self.parser.parse_args( ['--subject', 'O=Google LLC,CN=google.com,OU=Cloud']) common_name, subject = flags.ParseSubject(args) self.assertEqual(common_name, 'google.com') self.assertEqual(subject.organization, 'Google LLC') self.assertEqual(subject.organizationalUnit, 'Cloud')
def testAddMultipleUriSans(self): flags.AddSubjectFlags(self.parser) args = self.parser.parse_args([ '--uri-san', 'https://test1.com/foo?bar=baz,spiffe://idns/1/2/3/4' ]) self.assertEqual( args.uri_san, ['https://test1.com/foo?bar=baz', 'spiffe://idns/1/2/3/4'])
def testSubjectFlagNoOrganizationFailure(self): flags.AddSubjectFlags(self.parser) with self.AssertRaisesExceptionMatches( exceptions.InvalidArgumentException, 'organization'): args = self.parser.parse_args([ '--subject', 'CN=google.com, C=US, ST=Washington, L=Kirkland, OU=Cloud, postalCode=98033, streetAddress=6th Ave' ]) flags.ParseSubjectFlags(args, is_ca=True)
def testSubjectNoNameFailure(self): flags.AddSubjectFlags(self.parser) args = self.parser.parse_args([ '--subject', 'C=US, ST=Washington, L=Kirkland, O=Google LLC, OU=Cloud, postalCode=98033, streetAddress=6th Ave' ]) with self.AssertRaisesExceptionMatches( exceptions.InvalidArgumentException, 'subject'): flags.ParseSubjectFlags(args, is_ca=False)
def testSubjectParsePartialFields(self): flags.AddSubjectFlags(self.parser) args = self.parser.parse_args( ['--subject', 'O=Google LLC,CN=google.com,OU=Cloud']) subject_config = flags.ParseSubjectFlags(args, is_ca=False) subject = subject_config.subject common_name = subject_config.commonName self.assertEqual(common_name, 'google.com') self.assertEqual(subject.organization, 'Google LLC') self.assertEqual(subject.organizationalUnit, 'Cloud')
def testIpValidation(self): flags.AddSubjectFlags(self.parser) args = self.parser.parse_args(['--ip-san', '1.1.1.1']) flags.ValidateIpSanFlag(args.ip_san[0]) args = self.parser.parse_args(['--ip-san', '1::1:1']) flags.ValidateIpSanFlag(args.ip_san[0]) args = self.parser.parse_args(['--ip-san', '2323232']) with self.assertRaises(exceptions.InvalidArgumentException): flags.ValidateIpSanFlag(args.ip_san[0])
def testSubjectFlagInvalidKey(self): flags.AddSubjectFlags(self.parser) with self.AssertRaisesExceptionMatches( Exception, 'Invalid value for [--subject]: Unrecognized subject attribute.' ): args = self.parser.parse_args([ '--subject', 'C=US, CN=something, ST=Washington, LU=Kirkland, O=Google LLC, OU=Cloud, postalCode=98033, streetAddress=6th Ave' ]) flags.ParseSubjectFlags(args, is_ca=False)
def testDnsValidation(self): flags.AddSubjectFlags(self.parser) args = self.parser.parse_args(['--dns-san', 'test.']) with self.assertRaises(exceptions.InvalidArgumentException): flags.ValidateDnsSanFlag(args.dns_san[0]) args = self.parser.parse_args(['--dns-san', 'te-st.com']) flags.ValidateDnsSanFlag(args.dns_san[0]) args = self.parser.parse_args(['--dns-san', 'com']) flags.ValidateDnsSanFlag(args.dns_san[0])
def testEmailValidation(self): flags.AddSubjectFlags(self.parser) args = self.parser.parse_args(['--email-san', 'test']) with self.assertRaises(exceptions.InvalidArgumentException): flags.ValidateEmailSanFlag(args.email_san[0]) args = self.parser.parse_args(['--email-san', 'test@test']) flags.ValidateEmailSanFlag(args.email_san[0]) args = self.parser.parse_args(['--email-san', 'test@test@']) with self.assertRaises(exceptions.InvalidArgumentException): flags.ValidateEmailSanFlag(args.email_san[0])
def testSubjectParseAllFields(self): flags.AddSubjectFlags(self.parser) args = self.parser.parse_args([ '--subject', 'C=US, ST=Washington, L=Kirkland, O=Google LLC, CN=google.com, OU=Cloud, postalCode=98033, streetAddress=6th Ave' ]) common_name, subject = flags.ParseSubject(args) self.assertEqual(common_name, 'google.com') self.assertEqual(subject.countryCode, 'US') self.assertEqual(subject.province, 'Washington') self.assertEqual(subject.organization, 'Google LLC') self.assertEqual(subject.locality, 'Kirkland') self.assertEqual(subject.organizationalUnit, 'Cloud') self.assertEqual(subject.postalCode, '98033') self.assertEqual(subject.streetAddress, '6th Ave')
def Args(parser): reusable_config_group = parser.add_group( mutex=True, required=False, help='The X.509 configuration used for the CA certificate.') concept_parsers.ConceptParser([ presentation_specs.ResourcePresentationSpec( 'CERTIFICATE_AUTHORITY', privateca_resource_args.CreateCertificateAuthorityResourceSpec( 'Certificate Authority'), 'The name of the root CA to create.', required=True, # We'll get these from the KMS key resource. flag_name_overrides={ 'location': '', 'project': '', }), presentation_specs.ResourcePresentationSpec( '--kms-key-version', kms_resource_args.GetKmsKeyVersionResourceSpec(), 'The KMS key version backing this CA.', required=True), presentation_specs.ResourcePresentationSpec( '--reusable-config', privateca_resource_args.CreateReusableConfigResourceSpec( location_fallthrough=deps.Fallthrough( function=lambda: '', hint=('location will default to the same location as ' 'the CA'), active=False, plural=False)), 'The Reusable Config containing X.509 values for this CA.', flag_name_overrides={ 'location': '', 'project': '', }, group=reusable_config_group) ]).AddToParser(parser) flags.AddSubjectFlags(parser, subject_required=True) flags.AddPublishCaCertFlag(parser, use_update_help_text=False) flags.AddPublishCrlFlag(parser, use_update_help_text=False) flags.AddInlineReusableConfigFlags(reusable_config_group, is_ca=True) flags.AddValidityFlag(parser, resource_name='CA', default_value='P10Y', default_value_text='10 years') flags.AddCertificateAuthorityIssuancePolicyFlag(parser) labels_util.AddCreateLabelsFlags(parser)
def testSubjectKeyValStrip(self): flags.AddSubjectFlags(self.parser) args = self.parser.parse_args( ['--subject', 'CN=google.com,C=US,ST=Washington']) common_name, subject = flags.ParseSubject(args) self.assertEqual(common_name, 'google.com') self.assertEqual(subject.countryCode, 'US') self.assertEqual(subject.province, 'Washington') args = self.parser.parse_args( ['--subject', 'CN=google.com , C=US,ST=Washington']) common_name, subject = flags.ParseSubject(args) self.assertEqual(common_name, 'google.com') self.assertEqual(subject.countryCode, 'US') self.assertEqual(subject.province, 'Washington') args = self.parser.parse_args( ['--subject', 'CN=google.com, C=US, ST=Washington']) common_name, subject = flags.ParseSubject(args) self.assertEqual(common_name, 'google.com') self.assertEqual(subject.countryCode, 'US') self.assertEqual(subject.province, 'Washington')
def testAddMultipleEmailSans(self): flags.AddSubjectFlags(self.parser) args = self.parser.parse_args( ['--email-san', 'test1@tld, [email protected], [email protected]']) self.assertEqual(args.email_san, ['test1@tld', '*****@*****.**', '*****@*****.**'])
def testAddEmailSan(self): flags.AddSubjectFlags(self.parser) args = self.parser.parse_args(['--email-san', 'test']) self.assertEqual(args.email_san, ['test'])
def Args(parser): reusable_config_group = parser.add_group( mutex=True, required=False, help='The X.509 configuration used for the CA certificate.') issuer_configuration_group = parser.add_group( mutex=True, required=True, help='The issuer configuration used for this CA certificate.') concept_parsers.ConceptParser([ presentation_specs.ResourcePresentationSpec( 'CERTIFICATE_AUTHORITY', privateca_resource_args.CreateCertificateAuthorityResourceSpec( 'Certificate Authority'), 'The name of the subordinate CA to create.', required=True, # We'll get these from the KMS key resource. flag_name_overrides={ 'location': '', 'project': '', }), presentation_specs.ResourcePresentationSpec( '--issuer', privateca_resource_args.CreateCertificateAuthorityResourceSpec( 'Issuer'), 'The issuing certificate authority to use, if it is on Private CA.', prefixes=True, group=issuer_configuration_group), presentation_specs.ResourcePresentationSpec( '--kms-key-version', kms_resource_args.GetKmsKeyVersionResourceSpec(), 'The KMS key version backing this CA.', required=True), presentation_specs.ResourcePresentationSpec( '--reusable-config', privateca_resource_args.CreateReusableConfigResourceSpec( location_fallthrough=deps.Fallthrough( function=lambda: '', hint=( 'location will default to the same location as the ' 'CA'), active=False, plural=False)), 'The Reusable Config containing X.509 values for this CA.', flag_name_overrides={ 'location': '', 'project': '', }, group=reusable_config_group) ]).AddToParser(parser) flags.AddSubjectFlags(parser, subject_required=True) flags.AddPublishCaCertFlag(parser, use_update_help_text=False) flags.AddPublishCrlFlag(parser, use_update_help_text=False) flags.AddInlineReusableConfigFlags(reusable_config_group, is_ca=True) flags.AddValidityFlag(parser, resource_name='CA', default_value='P10Y', default_value_text='10 years') flags.AddCertificateAuthorityIssuancePolicyFlag(parser) labels_util.AddCreateLabelsFlags(parser) offline_issuer_group = issuer_configuration_group.add_group(help=( 'If the issuing CA is not hosted on Private CA, you must provide ' 'these settings:')) base.Argument( '--create-csr', help= ('Indicates that a CSR should be generated which can be signed by ' 'the issuing CA. This must be set if --issuer is not provided.'), action='store_const', const=True, default=False, required=True).AddToParser(offline_issuer_group) base.Argument( '--csr-output-file', help=( 'The path where the resulting PEM-encoded CSR file should be ' 'written.'), required=True).AddToParser(offline_issuer_group)
def Args(parser): base.Argument( '--cert-output-file', help= 'The path where the resulting PEM-encoded certificate chain file should be written (ordered from leaf to root).', required=False).AddToParser(parser) flags.AddValidityFlag(parser, 'certificate', 'P30D', '30 days') labels_util.AddCreateLabelsFlags(parser) cert_generation_group = parser.add_group( mutex=True, required=True, help='Certificate generation method.') base.Argument( '--csr', help='A PEM-encoded certificate signing request file path.' ).AddToParser(cert_generation_group) # This group is not useful in the beta command, but is here for consistency # in the flag hierarchy with the GA command. non_csr_group = cert_generation_group.add_group( help= 'Alternatively, you may describe the certificate and key to use.') key_group = non_csr_group.add_group( mutex=True, required=True, help= 'To describe the key that will be used for this certificate, use ' 'one of the following options.') key_generation_group = key_group.add_group( help='To generate a new key pair, use the following:') base.Argument( '--generate-key', help= 'Use this flag to have a new RSA-2048 private key securely generated on your machine.', action='store_const', const=True, default=False, required=True).AddToParser(key_generation_group) base.Argument('--key-output-file', help=_KEY_OUTPUT_HELP, required=True).AddToParser(key_generation_group) subject_group = non_csr_group.add_group( help='The subject names for the certificate.', required=True) flags.AddSubjectFlags(subject_group) reusable_config_group = non_csr_group.add_group( mutex=True, help='The x509 configuration used for this certificate.') flags.AddInlineReusableConfigFlags(reusable_config_group, is_ca_command=False, default_max_chain_length=0) cert_arg = 'CERTIFICATE' concept_parsers.ConceptParser([ presentation_specs.ResourcePresentationSpec( cert_arg, resource_args.CreateCertificateResourceSpec( cert_arg, [CreateBeta._GenerateCertificateIdFallthrough()]), 'The name of the certificate to issue. If the certificate ID is ' 'omitted, a random identifier will be generated according to the ' 'following format: {YYYYMMDD}-{3 random alphanumeric characters}-' '{3 random alphanumeric characters}. The certificate ID is not ' 'required when the issuing CA is in the DevOps tier.', required=True) ]).AddToParser(parser) concept_parsers.ConceptParser([ presentation_specs.ResourcePresentationSpec( '--reusable-config', resource_args. CreateReusableConfigResourceSpec(location_fallthroughs=[ deps.Fallthrough( function=lambda: '', hint=( 'location will default to the same location as the ' 'certificate'), active=False, plural=False) ]), 'The Reusable Config containing X.509 values for this certificate.', flag_name_overrides={ 'location': '', 'project': '', }, group=reusable_config_group) ]).AddToParser(reusable_config_group)
def Args(parser): base.Argument( '--cert-output-file', help= 'The path where the resulting PEM-encoded certificate chain file should be written (ordered from leaf to root).', required=False).AddToParser(parser) flags.AddValidityFlag(parser, 'certificate', 'P30D', '30 days') labels_util.AddCreateLabelsFlags(parser) cert_generation_group = parser.add_group( mutex=True, required=True, help='Certificate generation method.') base.Argument( '--csr', help='A PEM-encoded certificate signing request file path.' ).AddToParser(cert_generation_group) key_generation_group = cert_generation_group.add_group( help='Alternatively, to generate a new key pair, use the following:' ) base.Argument( '--generate-key', help= 'Use this flag to have a new RSA-2048 private key securely generated on your machine.', action='store_const', const=True, default=False, required=True).AddToParser(key_generation_group) base.Argument('--key-output-file', help=KEY_OUTPUT_HELP, required=True).AddToParser(key_generation_group) subject_group = key_generation_group.add_group( help='The subject names for the certificate.', required=True) flags.AddSubjectFlags(subject_group) reusable_config_group = key_generation_group.add_group( mutex=True, help='The x509 configuration used for this certificate.') flags.AddInlineReusableConfigFlags(reusable_config_group, is_ca=False) cert_arg = 'CERTIFICATE' id_fallthrough = deps.Fallthrough( function=certificate_utils.GenerateCertId, hint='certificate id will default to an automatically generated id', active=False, plural=False) concept_parsers.ConceptParser([ presentation_specs.ResourcePresentationSpec( cert_arg, resource_args.CreateCertificateResourceSpec( cert_arg, [id_fallthrough]), 'The name of the certificate to issue. If the name is omitted, a ' 'random name will be generated according to the following format' ': {YYYYMMDD}-{3 random alphanumeric characters}-{3 random alph' 'anumeric characters}.', required=True) ]).AddToParser(parser) concept_parsers.ConceptParser([ presentation_specs.ResourcePresentationSpec( '--reusable-config', resource_args.CreateReusableConfigResourceSpec( location_fallthrough=deps.Fallthrough( function=lambda: '', hint=( 'location will default to the same location as the ' 'certificate'), active=False, plural=False)), 'The Reusable Config containing X.509 values for this certificate.', flag_name_overrides={ 'location': '', 'project': '', }, group=reusable_config_group) ]).AddToParser(reusable_config_group)
def testAddDnsSan(self): flags.AddSubjectFlags(self.parser) args = self.parser.parse_args(['--dns-san', 'test']) self.assertEqual(args.dns_san, ['test'])
def testAddIpSan(self): flags.AddSubjectFlags(self.parser) args = self.parser.parse_args(['--ip-san', 'test']) self.assertEqual(args.ip_san, ['test'])
def testAddMultipleDnsSans(self): flags.AddSubjectFlags(self.parser) args = self.parser.parse_args( ['--dns-san', 'tld, test2.net, test3.tld.org']) self.assertEqual(args.dns_san, ['tld', 'test2.net', 'test3.tld.org'])
def testAddUriSan(self): flags.AddSubjectFlags(self.parser) args = self.parser.parse_args(['--uri-san', 'test']) self.assertEqual(args.uri_san, ['test'])
def Args(parser): key_spec_group = parser.add_group( mutex=True, help= 'The key configuration used for the CA certificate. Defaults to a ' 'managed key if not specified.') reusable_config_group = parser.add_group( mutex=True, required=False, help='The X.509 configuration used for the CA certificate.') issuer_configuration_group = parser.add_group( mutex=True, required=True, help='The issuer configuration used for this CA certificate.') concept_parsers.ConceptParser([ presentation_specs.ResourcePresentationSpec( 'CERTIFICATE_AUTHORITY', resource_args.CreateCertificateAuthorityResourceSpec( 'Certificate Authority'), 'The name of the subordinate CA to create.', required=True), presentation_specs.ResourcePresentationSpec( '--issuer', resource_args.CreateCertificateAuthorityResourceSpec('Issuer'), 'The issuing certificate authority to use, if it is on Private CA.', prefixes=True, group=issuer_configuration_group), presentation_specs.ResourcePresentationSpec( '--kms-key-version', resource_args.CreateKmsKeyVersionResourceSpec(), 'The KMS key version backing this CA.', group=key_spec_group), presentation_specs.ResourcePresentationSpec( '--reusable-config', resource_args. CreateReusableConfigResourceSpec(location_fallthroughs=[ deps.Fallthrough( function=lambda: '', hint=( 'location will default to the same location as the ' 'CA'), active=False, plural=False) ]), 'The Reusable Config containing X.509 values for this CA.', flag_name_overrides={ 'location': '', 'project': '', }, group=reusable_config_group), presentation_specs.ResourcePresentationSpec( '--from-ca', resource_args.CreateCertificateAuthorityResourceSpec( 'source CA'), 'An existing CA from which to copy configuration values for the ' 'new CA. You can still override any of those values by explicitly ' 'providing the appropriate flags.', flag_name_overrides={'project': '--from-ca-project'}, prefixes=True) ]).AddToParser(parser) flags.AddTierFlag(parser) flags.AddSubjectFlags(parser, subject_required=False) flags.AddPublishCaCertFlag(parser, use_update_help_text=False) flags.AddPublishCrlFlag(parser, use_update_help_text=False) flags.AddKeyAlgorithmFlag(key_spec_group, default='rsa-pkcs1-2048-sha256') flags.AddInlineReusableConfigFlags(reusable_config_group, is_ca=True) flags.AddValidityFlag(parser, resource_name='CA', default_value='P3Y', default_value_text='3 years') flags.AddCertificateAuthorityIssuancePolicyFlag(parser) labels_util.AddCreateLabelsFlags(parser) flags.AddBucketFlag(parser) offline_issuer_group = issuer_configuration_group.add_group(help=( 'If the issuing CA is not hosted on Private CA, you must provide ' 'these settings:')) base.Argument( '--create-csr', help= ('Indicates that a CSR should be generated which can be signed by ' 'the issuing CA. This must be set if --issuer is not provided.'), action='store_const', const=True, default=False, required=True).AddToParser(offline_issuer_group) base.Argument( '--csr-output-file', help=( 'The path where the resulting PEM-encoded CSR file should be ' 'written.'), required=True).AddToParser(offline_issuer_group)
def Args(parser): key_spec_group = parser.add_group( mutex=True, help='The key configuration used for the CA certificate. Defaults to a ' 'managed key if not specified.') reusable_config_group = parser.add_group( mutex=True, required=False, help='The X.509 configuration used for the CA certificate.') concept_parsers.ConceptParser([ presentation_specs.ResourcePresentationSpec( 'CERTIFICATE_AUTHORITY', resource_args.CreateCertificateAuthorityResourceSpec( 'Certificate Authority'), 'The name of the root CA to create.', required=True), presentation_specs.ResourcePresentationSpec( '--kms-key-version', resource_args.CreateKmsKeyVersionResourceSpec(), 'An existing KMS key version to back this CA.', group=key_spec_group), presentation_specs.ResourcePresentationSpec( '--reusable-config', resource_args.CreateReusableConfigResourceSpec( location_fallthroughs=[ deps.Fallthrough( function=lambda: '', hint=('location will default to the same location as ' 'the CA'), active=False, plural=False) ]), 'The Reusable Config containing X.509 values for this CA.', flag_name_overrides={ 'location': '', 'project': '', }, group=reusable_config_group), presentation_specs.ResourcePresentationSpec( '--from-ca', resource_args.CreateCertificateAuthorityResourceSpec('source CA'), 'An existing CA from which to copy configuration values for the new CA. ' 'You can still override any of those values by explicitly providing ' 'the appropriate flags.', flag_name_overrides={'project': '--from-ca-project'}, prefixes=True) ]).AddToParser(parser) flags.AddSubjectFlags(parser, subject_required=False) flags.AddKeyAlgorithmFlag(key_spec_group, default='rsa-pkcs1-4096-sha256') flags.AddValidityFlag( parser, resource_name='CA', default_value='P10Y', default_value_text='10 years') labels_util.AddCreateLabelsFlags(parser) flags.AddBucketFlag(parser) flags.AddTierFlag(parser) flags.AddPublishCaCertFlag(parser, use_update_help_text=False) flags.AddPublishCrlFlag(parser, use_update_help_text=False) flags.AddCertificateAuthorityIssuancePolicyFlag(parser) flags.AddInlineReusableConfigFlags( reusable_config_group, is_ca_command=True, default_max_chain_length=None)