def test_configure_ca_policies_fail(self):
ca = get_test_intermediate_ca(self.baseurl)
self.test_response.status_code = 500
with self.assertRaises(SystemExit) as e:
self.vault_client.configure_ca_policies(ca)
self.assertEqual(e.exception.args[0], "[-] pkictl - Error: Failed to configure policy 'intermediate-ca-server-policy' for intermediate CA: test-intermediate-ca")
def test_set_crl_configuration_fail(self):
ca = get_test_intermediate_ca(self.baseurl)
self.test_response.status_code = 400
with self.assertRaises(SystemExit) as e:
self.vault_client.set_crl_configuration(ca)
self.assertEqual(e.exception.args[0], "[-] pkictl - Error: Failed to set CRL configuration for CA: test-intermediate-ca")
def test_configure_ca_roles(self):
ca = get_test_intermediate_ca(self.baseurl)
# test a single role
self.test_response.status_code = 204
with capture_stdout(self.vault_client.configure_ca_roles, ca) as output:
self.assertEqual(output.strip(), "[*] pkictl - Configured role 'server' for intermediate CA: test-intermediate-ca")
def test_set_intermediate_ca(self):
ca = get_test_intermediate_ca(self.baseurl)
ca.cert = "-----BEGIN CERTIFICATE-----"
self.test_response.status_code = 204
with capture_stdout(self.vault_client.set_intermediate_ca, ca) as output:
self.assertEqual(output.strip(), "[*] pkictl - Set signed certificate for intermediate CA: test-intermediate-ca")
def test_store_ca_pkey(self):
ca = get_test_intermediate_ca(self.baseurl)
ca.private_key = '-----BEGIN RSA PRIVATE KEY----'
self.test_response.status_code = 204
with capture_stdout(self.vault_client.store_ca_private_key, ca) as output:
self.assertEqual(output.strip(), f"[*] pkictl - Stored private key for 'test-intermediate-ca' in KV engine: test-kv")
def test_set_intermediate_ca_fail(self):
ca = get_test_intermediate_ca(self.baseurl)
ca.cert = "-----BEGIN CERTIFICATE-----"
self.test_response.status_code = 500
with self.assertRaises(SystemExit) as e:
self.vault_client.set_intermediate_ca(ca)
self.assertEqual(e.exception.args[0], "[-] pkictl - Error: Failed to set signed certificate for intermediate CA: test-intermediate-ca")
def test_store_ca_pkey_fail(self):
ca = get_test_intermediate_ca(self.baseurl)
ca.private_key = '-----BEGIN RSA PRIVATE KEY----'
self.test_response.status_code = 500
with self.assertRaises(SystemExit) as e:
self.vault_client.store_ca_private_key(ca)
self.assertEqual(e.exception.args[0], "[-] pkictl - Error: Failed to store private key for 'test-intermediate-ca' in KV engine: test-kv")
def test_sign_intermediate_ca_fail(self):
ca = get_test_intermediate_ca(self.baseurl)
ca.csr = "-----BEGIN CERTIFICATE REQUEST-----"
self.test_response.status_code = 500
self.test_response._content = serialize_json({"data": {"certificate": "-----BEGIN CERTIFICATE-----"}})
with self.assertRaises(SystemExit) as e:
self.vault_client.sign_intermediate_ca(ca)
self.assertEqual(e.exception.args[0], "[-] pkictl - Error: Failed to sign intermediate CA 'test-intermediate-ca' with issuing CA: test-root-ca")
def test_sign_intermediate_ca(self):
ca = get_test_intermediate_ca(self.baseurl)
ca.csr = "-----BEGIN CERTIFICATE REQUEST-----"
self.test_response.status_code = 200
self.test_response._content = serialize_json({"data": {"certificate": "-----BEGIN CERTIFICATE-----", "issuing_ca": "-----BEGIN CERTIFICATE-----"}})
with capture_stdout(self.vault_client.sign_intermediate_ca, ca) as output:
self.assertEqual(output.strip(), "[*] pkictl - Signed intermediate CA 'test-intermediate-ca' with issuing CA: test-root-ca")
self.assertIsInstance(ca.cert, str)
def test_create_intermediate_ca_fail(self):
ca = get_test_intermediate_ca(self.baseurl)
d = {"data": {"csr": "-----BEGIN CERTIFICATE REQUEST-----", 'private_key': '-----BEGIN RSA PRIVATE KEY----'}}
self.test_response._content = serialize_json(d)
self.test_response.status_code = 400
with self.assertRaises(SystemExit) as e:
self.vault_client.create_intermediate_ca(ca)
self.assertEqual(e.exception.args[0], "[-] pkictl - Error: Failed to generate intermediate CA: test-intermediate-ca")
def test_create_intermediate_ca(self):
ca = get_test_intermediate_ca(self.baseurl)
d = {"data": {"csr": "-----BEGIN CERTIFICATE REQUEST-----", 'private_key': '-----BEGIN RSA PRIVATE KEY----'}}
self.test_response.status_code = 200
self.test_response._content = serialize_json(d)
with capture_stdout(self.vault_client.create_intermediate_ca, ca) as output:
self.assertEqual(output.strip(), "[*] pkictl - Created intermediate CA: test-intermediate-ca")
self.assertIsInstance(ca.csr, str)
def test_configure_ca_roles_multiple(self):
ca = get_test_intermediate_ca(self.baseurl)
ca.dict['spec']['roles'].append({
'name': 'client',
'config': {
'max_ttl': '26298h',
'client_flag': True,
'server_flag': False,
'allow_any_name': True
}
})
self.test_response.status_code = 204
with capture_stdout(self.vault_client.configure_ca_roles, ca) as output:
output = output.split('\n')
self.assertEqual(output[0].strip(), "[*] pkictl - Configured role 'server' for intermediate CA: test-intermediate-ca")
self.assertEqual(output[1].strip(), "[*] pkictl - Configured role 'client' for intermediate CA: test-intermediate-ca")
def test_configure_ca_policies(self):
ca = get_test_intermediate_ca(self.baseurl)
self.test_response.status_code = 204
with capture_stdout(self.vault_client.configure_ca_policies, ca) as output:
self.assertEqual(output.strip(), "[*] pkictl - Configured policy 'intermediate-ca-server-policy' for intermediate CA: test-intermediate-ca")
def test_set_crl_configuration(self):
ca = get_test_intermediate_ca(self.baseurl)
self.test_response.status_code = 204
with capture_stdout(self.vault_client.set_crl_configuration, ca) as output:
self.assertEqual(output.strip(), "[*] pkictl - Set CRL configuration for CA: test-intermediate-ca")