コード例 #1
0
 def __init__(self, *args, **kwargs):
     self.tpp_zone = environ['TPP_ZONE']
     self.tpp_conn = TPPTokenConnection(
         url=TPP_TOKEN_URL,
         user=USER,
         password=PASSWORD,
         http_request_kwargs={"verify": "/tmp/chain.pem"})
     super(TestTPPTokenAccess, self).__init__(*args, **kwargs)
コード例 #2
0
 def __init__(self, *args, **kwargs):
     self.tpp_zone = TPP_ZONE
     self.tpp_zone_ecdsa = TPP_ZONE_ECDSA
     self.tpp_conn = TPPTokenConnection(
         url=TPP_TOKEN_URL,
         user=TPP_USER,
         password=TPP_PASSWORD,
         http_request_kwargs={'verify': "/tmp/chain.pem"})
     super(TestTPPTokenMethods, self).__init__(*args, **kwargs)
コード例 #3
0
 def __init__(self, *args, **kwargs):
     self.tpp_conn = TPPTokenConnection(
         url=TPP_TOKEN_URL,
         http_request_kwargs={'verify': "/tmp/chain.pem"})
     auth = Authentication(user=TPP_USER,
                           password=TPP_PASSWORD,
                           scope=SCOPE_SSH)
     self.tpp_conn.get_access_token(auth)
     super(TestTPPSSHCertificate, self).__init__(*args, **kwargs)
コード例 #4
0
 def __init__(self, *args, **kwargs):
     self.tpp_conn = TPPTokenConnection(
         url=TPP_TOKEN_URL,
         http_request_kwargs={'verify': "/tmp/chain.pem"})
     auth = Authentication(user=TPP_USER,
                           password=TPP_PASSWORD,
                           scope=SCOPE_PM)
     self.tpp_conn.get_access_token(auth)
     self.json_file = _resolve_resources_path(POLICY_SPEC_JSON)
     self.yaml_file = _resolve_resources_path(POLICY_SPEC_YAML)
     super(TestTPPPolicyManagement, self).__init__(*args, **kwargs)
コード例 #5
0
class TestTPPPolicyManagement(unittest.TestCase):
    def __init__(self, *args, **kwargs):
        self.tpp_conn = TPPTokenConnection(
            url=TPP_TOKEN_URL,
            http_request_kwargs={'verify': "/tmp/chain.pem"})
        auth = Authentication(user=TPP_USER,
                              password=TPP_PASSWORD,
                              scope=SCOPE_PM)
        self.tpp_conn.get_access_token(auth)
        self.json_file = _resolve_resources_path(POLICY_SPEC_JSON)
        self.yaml_file = _resolve_resources_path(POLICY_SPEC_YAML)
        super(TestTPPPolicyManagement, self).__init__(*args, **kwargs)

    def test_create_policy_from_json(self):
        # ps = json_parser.parse_file(self.json_file)
        # self._create_policy_tpp(policy_spec=ps)
        pass

    def test_create_policy_yaml(self):
        # ps = yaml_parser.parse_file(self.yaml_file)
        # self._create_policy_tpp(policy_spec=ps)
        pass

    def test_create_policy_full(self):
        policy = _get_policy_obj(ca_type=CA_TYPE_TPP)
        policy.key_pair.rsa_key_sizes = [2048]
        self._create_policy_tpp(policy=policy, defaults=_get_defaults_obj())

    def test_create_policy_empty(self):
        self._create_policy_tpp()

    def test_create_policy_no_policy(self):
        self._create_policy_tpp(defaults=_get_defaults_obj())

    def test_create_policy_no_defaults(self):
        policy = _get_policy_obj(ca_type=CA_TYPE_TPP)
        policy.key_pair.rsa_key_sizes = [2048]
        self._create_policy_tpp(policy=policy)

    def _create_policy_tpp(self, policy_spec=None, policy=None, defaults=None):
        zone = f"{TPP_PM_ROOT}\\{_get_tpp_policy_name()}"
        create_policy(self.tpp_conn, zone, policy_spec, policy, defaults)
コード例 #6
0
class TestTPPTokenAccess(unittest.TestCase):
    def __init__(self, *args, **kwargs):
        self.tpp_zone = environ['TPP_ZONE']
        self.tpp_conn = TPPTokenConnection(
            url=TPP_TOKEN_URL,
            user=USER,
            password=PASSWORD,
            http_request_kwargs={"verify": "/tmp/chain.pem"})
        super(TestTPPTokenAccess, self).__init__(*args, **kwargs)

    def test_get_access_token(self):
        try:
            token_info = self.tpp_conn.get_access_token()
            self.assertIsNotNone(token_info)
            self.assertIsNotNone(token_info.access_token)
            self.assertIsNotNone(token_info.refresh_token)
            self.assertIsNotNone(token_info.expires)
        except ClientBadData:
            self.fail("Error in Test Data")
        except ServerUnexptedBehavior as sub:
            self.fail("Error from server: %s" % sub.__str__())

    def test_refresh_access_token(self):
        try:
            self.tpp_conn.get_access_token()
            refresh_info = self.tpp_conn.refresh_access_token()
            self.assertIsNotNone(refresh_info)
            self.assertIsNotNone(refresh_info.access_token)
            self.assertIsNotNone(refresh_info.refresh_token)
            self.assertIsNotNone(refresh_info.expires)
        except ClientBadData:
            self.fail("Error in Test Data")
        except ServerUnexptedBehavior as sub:
            self.fail("Error from server: %s" % sub.__str__())

    def test_revoke_access_token(self):
        try:
            self.tpp_conn.get_access_token()
            status, resp = self.tpp_conn.revoke_access_token()
            self.assertEqual(status, 200)
        except Exception as err:
            self.fail("Error happened: %s" % err.__str__())

        cn = randomword(10) + ".venafi.example.com"
        with self.assertRaises(Exception):
            enroll(self.tpp_conn, self.tpp_zone, cn)
コード例 #7
0
class TestTPPTokenMethods(unittest.TestCase):
    def __init__(self, *args, **kwargs):
        self.tpp_zone = environ['TPP_ZONE']
        self.tpp_zone_ecdsa = environ['TPP_ZONE_ECDSA']
        self.tpp_conn = TPPTokenConnection(
            url=TPP_TOKEN_URL,
            user=USER,
            password=PASSWORD,
            http_request_kwargs={"verify": "/tmp/chain.pem"})
        super(TestTPPTokenMethods, self).__init__(*args, **kwargs)

    def test_tpp_token_enroll(self):
        cn = randomword(10) + ".venafi.example.com"
        try:
            cert_id, pkey, cert, _ = enroll(self.tpp_conn, self.tpp_zone, cn)
        except Exception as err:
            self.fail("Error in test: %s" % err.__str__)

    def test_tpp_token_enroll_origin(self):
        cn = randomword(10) + ".venafi.example.com"
        try:
            cert_id, pkey, cert, _ = enroll(self.tpp_conn, self.tpp_zone, cn)
        except Exception as err:
            self.fail("Error in test: %s" % err.__str__())

    def test_tpp_token_renew(self):
        cn = randomword(10) + ".venafi.example.com"
        cert_id, pkey, cert, _ = enroll(self.tpp_conn, self.tpp_zone, cn)
        cert = renew(self.tpp_conn, cert_id, pkey, cert.serial_number, cn)

    def test_tpp_token_renew_twice(self):
        cn = randomword(10) + ".venafi.example.com"
        cert_id, pkey, cert, _ = enroll(self.tpp_conn, self.tpp_zone, cn)
        time.sleep(5)
        renew(self.tpp_conn, cert_id, pkey, cert.serial_number, cn)
        time.sleep(5)
        renew(self.tpp_conn, cert_id, pkey, cert.serial_number, cn)

    def test_tpp_token_renew_by_thumbprint(self):
        cn = randomword(10) + ".venafi.example.com"
        cert_id, pkey, cert, _ = enroll(self.tpp_conn, self.tpp_zone, cn)
        renew_by_thumbprint(self.tpp_conn, cert)

    def test_tpp_token_renew_without_key_reuse(self):
        renew_without_key_reuse(self, self.tpp_conn, self.tpp_zone)

    def test_tpp_token_enroll_ecdsa(self):
        cn = randomword(10) + ".venafi.example.com"
        enroll(self.tpp_conn, self.tpp_zone_ecdsa, cn, TEST_KEY_ECDSA[0],
               TEST_KEY_ECDSA[1])

    def test_tpp_token_enroll_with_custom_key(self):
        cn = randomword(10) + ".venafi.example.com"
        enroll(self.tpp_conn, self.tpp_zone, cn, TEST_KEY_RSA_4096[0],
               TEST_KEY_RSA_4096[1])

    def test_tpp_token_enroll_with_encrypted_key(self):
        cn = randomword(10) + ".venafi.example.com"
        enroll(self.tpp_conn, self.tpp_zone, cn,
               TEST_KEY_RSA_2048_ENCRYPTED[0], TEST_KEY_RSA_2048_ENCRYPTED[1],
               'venafi')

    def test_tpp_token_enroll_with_custom_csr(self):
        key = open("/tmp/csr-test.key.pem").read()
        csr = open("/tmp/csr-test.csr.csr").read()
        enroll(self.tpp_conn, self.tpp_zone, private_key=key, csr=csr)

    def test_tpp_token_enroll_with_zone_update_and_custom_origin(self):
        cn = randomword(10) + ".venafi.example.com"
        cert = enroll_with_zone_update(self.tpp_conn, self.tpp_zone_ecdsa, cn)
        cert = x509.load_pem_x509_certificate(cert.cert.encode(),
                                              default_backend())
        key = cert.public_key()
        self.assertEqual(key.curve.name, "secp521r1")

    def test_tpp_token_read_zone_config(self):
        zone = self.tpp_conn.read_zone_conf(self.tpp_zone)
        self.assertEqual(zone.country.value, "US")
        self.assertEqual(zone.province.value, "Utah")
        self.assertEqual(zone.locality.value, "Salt Lake")
        self.assertEqual(zone.organization.value, "Venafi Inc.")
        self.assertEqual(zone.organizational_unit.value, ["Integrations"])
        self.assertEqual(zone.key_type.key_type, KeyType.RSA)
        self.assertEqual(zone.key_type.option, 2048)

    def test_tpp_token_read_zone_unknown_zone(self):
        with self.assertRaises(Exception):
            self.tpp_conn.read_zone_conf("fdsfsd")

    def test_tpp_token_retrieve_non_issued(self):
        with self.assertRaises(Exception):
            self.tpp_conn.retrieve_cert(
                self.tpp_zone + "\\devops\\vcert\\test-non-issued.example.com")

    def test_tpp_token_search_by_thumbprint(self):
        req, cert = simple_enroll(self.tpp_conn, self.tpp_zone)
        cert = x509.load_pem_x509_certificate(cert.cert.encode(),
                                              default_backend())
        fingerprint = binascii.hexlify(cert.fingerprint(
            hashes.SHA1())).decode()
        found = self.tpp_conn.search_by_thumbprint(fingerprint)
        self.assertEqual(found, req.id)

    def test_token_revoke_not_issued(self):
        req = RevocationRequest(req_id=self.tpp_zone +
                                '\\not-issued.example.com')
        with self.assertRaises(Exception):
            self.tpp_conn.revoke_cert(req)
        req = RevocationRequest(
            thumbprint="2b25ff9f8725dfee37c6a7adcba31897b12e921d")
        with self.assertRaises(Exception):
            self.tpp_conn.revoke_cert(req)
        req = RevocationRequest()
        with self.assertRaises(Exception):
            self.tpp_conn.revoke_cert(req)

    def test_token_revoke_normal(self):
        req, cert = simple_enroll(self.tpp_conn, self.tpp_zone)
        rev_req = RevocationRequest(req_id=req.id)
        self.tpp_conn.revoke_cert(rev_req)
        time.sleep(1)
        with self.assertRaises(Exception):
            self.tpp_conn.renew_cert(req)

    def test_token_revoke_without_disable(self):
        req, cert = simple_enroll(self.tpp_conn, self.tpp_zone)
        rev_req = RevocationRequest(req_id=req.id, disable=False)
        self.tpp_conn.revoke_cert(rev_req)
        time.sleep(1)
        self.tpp_conn.renew_cert(req)

    def test_token_revoke_normal_thumbprint(self):
        req, cert = simple_enroll(self.tpp_conn, self.tpp_zone)
        cert = x509.load_pem_x509_certificate(cert.cert.encode(),
                                              default_backend())
        thumbprint = binascii.hexlify(cert.fingerprint(hashes.SHA1())).decode()
        rev_req = RevocationRequest(thumbprint=thumbprint)
        self.tpp_conn.revoke_cert(rev_req)
        time.sleep(1)
        with self.assertRaises(Exception):
            self.tpp_conn.renew_cert(req)
コード例 #8
0
class TestTPPTokenMethods(unittest.TestCase):
    def __init__(self, *args, **kwargs):
        self.tpp_zone = TPP_ZONE
        self.tpp_zone_ecdsa = TPP_ZONE_ECDSA
        self.tpp_conn = TPPTokenConnection(
            url=TPP_TOKEN_URL,
            user=TPP_USER,
            password=TPP_PASSWORD,
            http_request_kwargs={'verify': "/tmp/chain.pem"})
        super(TestTPPTokenMethods, self).__init__(*args, **kwargs)

    def test_tpp_token_enroll(self):
        cn = f"{random_word(10)}.venafi.example.com"
        try:
            cert_id, pkey, cert, _, cert_guid = enroll(self.tpp_conn,
                                                       self.tpp_zone, cn)
            cert_config = self.tpp_conn._get_certificate_details(cert_guid)
            self.assertEqual(cert_config['Origin'], "Venafi VCert-Python")
        except Exception as err:
            self.fail(f"Error in test: {err.message}")

    def test_tpp_token_enroll_with_service_generated_csr(self):
        cn = f"{random_word(10)}.venafi.example.com"
        try:
            _, _, _, _, cert_guid = enroll(self.tpp_conn,
                                           self.tpp_zone,
                                           cn=cn,
                                           password="******",
                                           service_generated_csr=True)
            cert_config = self.tpp_conn._get_certificate_details(cert_guid)
            self.assertEqual(cert_config['Origin'], "Venafi VCert-Python")
        except Exception as err:
            self.fail(f"Error in test: {err.message}")

    def test_tpp_token_enroll_with_custom_fields(self):
        cn = f"{random_word(10)}.venafi.example.com"
        custom_fields = [
            CustomField(name="custom", value="pythonTest"),
            CustomField(name="cfList", value="item2"),
            CustomField(name="cfListMulti", value="tier1"),
            CustomField(name="cfListMulti", value="tier4")
        ]
        try:
            cert_id, pkey, cert, _, cert_guid = enroll(
                conn=self.tpp_conn,
                zone=self.tpp_zone,
                cn=cn,
                custom_fields=custom_fields)
            cert_config = self.tpp_conn._get_certificate_details(cert_guid)
            self.assertEqual(cert_config['Origin'], "Venafi VCert-Python")
        except Exception as err:
            self.fail(f"Error in test: {err.__str__}")

    def test_tpp_token_enroll_origin(self):
        cn = f"{random_word(10)}.venafi.example.com"
        try:
            cert_id, pkey, cert, _, _ = enroll(self.tpp_conn, self.tpp_zone,
                                               cn)
        except Exception as err:
            self.fail(f"Error in test: {err.__str__()}")

    def test_tpp_token_renew(self):
        cn = f"{random_word(10)}.venafi.example.com"
        cert_id, pkey, cert, _, _ = enroll(self.tpp_conn, self.tpp_zone, cn)
        cert = renew(self.tpp_conn, cert_id, pkey, cert.serial_number, cn)

    def test_tpp_token_renew_twice(self):
        cn = f"{random_word(10)}.venafi.example.com"
        cert_id, pkey, cert, _, _ = enroll(self.tpp_conn, self.tpp_zone, cn)
        time.sleep(5)
        renew(self.tpp_conn, cert_id, pkey, cert.serial_number, cn)
        time.sleep(5)
        renew(self.tpp_conn, cert_id, pkey, cert.serial_number, cn)

    def test_tpp_token_renew_by_thumbprint(self):
        cn = f"{random_word(10)}.venafi.example.com"
        cert_id, pkey, cert, _, _ = enroll(self.tpp_conn, self.tpp_zone, cn)
        renew_by_thumbprint(self.tpp_conn, cert)

    def test_tpp_token_renew_without_key_reuse(self):
        renew_without_key_reuse(self, self.tpp_conn, self.tpp_zone)

    def test_tpp_token_enroll_ecdsa(self):
        cn = f"{random_word(10)}.venafi.example.com"
        enroll(self.tpp_conn, self.tpp_zone_ecdsa, cn, TEST_KEY_ECDSA[0],
               TEST_KEY_ECDSA[1])

    def test_tpp_token_enroll_with_custom_key(self):
        cn = f"{random_word(10)}.venafi.example.com"
        enroll(self.tpp_conn, self.tpp_zone, cn, TEST_KEY_RSA_4096[0],
               TEST_KEY_RSA_4096[1])

    def test_tpp_token_enroll_with_encrypted_key(self):
        cn = f"{random_word(10)}.venafi.example.com"
        enroll(self.tpp_conn, self.tpp_zone, cn,
               TEST_KEY_RSA_2048_ENCRYPTED[0], TEST_KEY_RSA_2048_ENCRYPTED[1],
               'venafi')

    def test_tpp_token_enroll_with_custom_csr(self):
        key = open("/tmp/csr-test.key.pem").read()
        csr = open("/tmp/csr-test.csr.csr").read()
        enroll(self.tpp_conn, self.tpp_zone, private_key=key, csr=csr)

    def test_tpp_token_enroll_with_zone_update_and_custom_origin(self):
        cn = f"{random_word(10)}.venafi.example.com"
        cert, cert_guid = enroll_with_zone_update(self.tpp_conn,
                                                  self.tpp_zone_ecdsa, cn)
        cert_config = self.tpp_conn._get_certificate_details(cert_guid)
        self.assertEqual(cert_config['Origin'], "Python-SDK ECDSA")
        cert = x509.load_pem_x509_certificate(cert.cert.encode(),
                                              default_backend())
        key = cert.public_key()
        self.assertEqual(key.curve.name, "secp521r1")

    def test_tpp_token_read_zone_config(self):
        zone = self.tpp_conn.read_zone_conf(self.tpp_zone)
        self.assertEqual(zone.country.value, "US")
        self.assertEqual(zone.province.value, "Utah")
        self.assertEqual(zone.locality.value, "Salt Lake")
        self.assertEqual(zone.organization.value, "Venafi Inc.")
        self.assertEqual(zone.organizational_unit.value, ["Integrations"])
        self.assertEqual(zone.key_type.key_type, KeyType.RSA)
        self.assertEqual(zone.key_type.option, 2048)

    def test_tpp_token_read_zone_unknown_zone(self):
        with self.assertRaises(Exception):
            self.tpp_conn.read_zone_conf("fdsfsd")

    def test_tpp_token_retrieve_non_issued(self):
        with self.assertRaises(Exception):
            self.tpp_conn.retrieve_cert(
                f"{self.tpp_zone}\\devops\\vcert\\test-non-issued.example.com")

    def test_tpp_token_search_by_thumbprint(self):
        req, cert = simple_enroll(self.tpp_conn, self.tpp_zone)
        cert = x509.load_pem_x509_certificate(cert.cert.encode(),
                                              default_backend())
        fingerprint = binascii.hexlify(cert.fingerprint(
            hashes.SHA1())).decode()
        found = self.tpp_conn.search_by_thumbprint(fingerprint)
        self.assertEqual(found, req.id)

    def test_token_revoke_not_issued(self):
        req = RevocationRequest(
            req_id=f"{self.tpp_zone}\\not-issued.example.com")
        with self.assertRaises(Exception):
            self.tpp_conn.revoke_cert(req)
        req = RevocationRequest(
            thumbprint="2b25ff9f8725dfee37c6a7adcba31897b12e921d")
        with self.assertRaises(Exception):
            self.tpp_conn.revoke_cert(req)
        req = RevocationRequest()
        with self.assertRaises(Exception):
            self.tpp_conn.revoke_cert(req)

    def test_token_revoke_normal(self):
        req, cert = simple_enroll(self.tpp_conn, self.tpp_zone)
        rev_req = RevocationRequest(req_id=req.id)
        self.tpp_conn.revoke_cert(rev_req)
        time.sleep(1)
        with self.assertRaises(Exception):
            self.tpp_conn.renew_cert(req)

    def test_token_revoke_without_disable(self):
        req, cert = simple_enroll(self.tpp_conn, self.tpp_zone)
        rev_req = RevocationRequest(req_id=req.id, disable=False)
        self.tpp_conn.revoke_cert(rev_req)
        time.sleep(1)
        self.tpp_conn.renew_cert(req)

    def test_token_revoke_normal_thumbprint(self):
        req, cert = simple_enroll(self.tpp_conn, self.tpp_zone)
        cert = x509.load_pem_x509_certificate(cert.cert.encode(),
                                              default_backend())
        thumbprint = binascii.hexlify(cert.fingerprint(hashes.SHA1())).decode()
        rev_req = RevocationRequest(thumbprint=thumbprint)
        self.tpp_conn.revoke_cert(rev_req)
        time.sleep(1)
        with self.assertRaises(Exception):
            self.tpp_conn.renew_cert(req)

    def test_tpp_token_enroll_valid_hours(self):
        cn = f"{random_word(10)}.venafi.example.com"
        request = CertificateRequest(common_name=cn)

        request.san_dns = [
            "www.client.venafi.example.com", "ww1.client.venafi.example.com"
        ]
        request.email_addresses = [
            "*****@*****.**", "*****@*****.**"
        ]
        request.ip_addresses = ["127.0.0.1", u"192.168.1.1"]
        request.user_principal_names = [
            "*****@*****.**", "*****@*****.**"
        ]
        request.uniform_resource_identifiers = [
            "https://www.venafi.com", "https://venafi.cloud"
        ]

        custom_fields = [
            CustomField(name="custom", value="pythonTest"),
            CustomField(name="cfList", value="item2"),
            CustomField(name="cfListMulti", value="tier1"),
            CustomField(name="cfListMulti", value="tier4")
        ]

        request.custom_fields = custom_fields
        request.validity_hours = 144
        request.issuer_hint = IssuerHint.MICROSOFT
        expected_date = datetime.utcnow() + timedelta(
            hours=request.validity_hours)

        self.tpp_conn.request_cert(request, self.tpp_zone)
        cert = self.tpp_conn.retrieve_cert(request)

        cert = x509.load_pem_x509_certificate(cert.cert.encode(),
                                              default_backend())
        assert isinstance(cert, x509.Certificate)
        expiration_date = cert.not_valid_after
        # Due to some roundings and delays in operations on the server side, the certificate expiration date
        # is not exactly the same as the one used in the request. A gap is allowed in this scenario to compensate
        # this delays and roundings.
        delta = timedelta(seconds=60)
        date_format = "%Y-%m-%d %H:%M:%S"
        self.assertAlmostEqual(
            expected_date,
            expiration_date,
            delta=delta,
            msg=f"Delta between expected and expiration date is too big."
            f"\nExpected: {expected_date.strftime(date_format)}"
            f"\nGot: {expiration_date.strftime(date_format)}"
            f"\nExpected_delta: {delta.total_seconds()} seconds.")

    def test_get_access_token(self):
        try:
            token_info = self.tpp_conn.get_access_token()
            self.assertIsNotNone(token_info)
            self.assertIsNotNone(token_info.access_token)
            self.assertIsNotNone(token_info.refresh_token)
            self.assertIsNotNone(token_info.expires)
        except ClientBadData:
            self.fail("Error in Test Data")
        except ServerUnexptedBehavior as sub:
            self.fail(f"Error from server: {sub.__str__()}")

    def test_refresh_access_token(self):
        try:
            self.tpp_conn.get_access_token()
            refresh_info = self.tpp_conn.refresh_access_token()
            self.assertIsNotNone(refresh_info)
            self.assertIsNotNone(refresh_info.access_token)
            self.assertIsNotNone(refresh_info.refresh_token)
            self.assertIsNotNone(refresh_info.expires)
        except ClientBadData:
            self.fail("Error in Test Data")
        except ServerUnexptedBehavior as sub:
            self.fail(f"Error from server: {sub.__str__()}")

    def test_revoke_access_token(self):
        try:
            self.tpp_conn.get_access_token()
            status, resp = self.tpp_conn.revoke_access_token()
            self.assertEqual(status, 200)
        except Exception as err:
            self.fail(f"Error happened: {err.__str__()}")

        cn = f"{random_word(10)}.venafi.example.com"
        with self.assertRaises(Exception):
            enroll(self.tpp_conn, self.tpp_zone, cn)
コード例 #9
0
class TestTPPSSHCertificate(unittest.TestCase):
    def __init__(self, *args, **kwargs):
        self.tpp_conn = TPPTokenConnection(
            url=TPP_TOKEN_URL,
            http_request_kwargs={'verify': "/tmp/chain.pem"})
        auth = Authentication(user=TPP_USER,
                              password=TPP_PASSWORD,
                              scope=SCOPE_SSH)
        self.tpp_conn.get_access_token(auth)
        super(TestTPPSSHCertificate, self).__init__(*args, **kwargs)

    def test_enroll_local_generated_keypair(self):
        keypair = SSHKeyPair()
        keypair.generate(key_size=4096, passphrase="foobar")

        request = SSHCertRequest(cadn=TPP_SSH_CADN, key_id=_random_key_id())
        request.validity_period = "4h"
        request.source_addresses = ["test.com"]
        request.set_public_key_data(keypair.public_key())
        response = _enroll_ssh_cert(self.tpp_conn, request)
        self.assertTrue(
            response.private_key_data is None,
            SERVICE_GENERATED_NO_KEY_ERROR.format("Private", "not",
                                                  request.key_id))
        self.assertTrue(
            response.public_key_data,
            SERVICE_GENERATED_NO_KEY_ERROR.format("Public", "",
                                                  request.key_id))
        self.assertTrue(
            response.public_key_data == request.get_public_key_data(),
            f"Public key on response does not match request."
            f"\nExpected: {request.get_public_key_data()}"
            f"\nGot: {response.public_key_data}")
        self.assertTrue(response.certificate_data,
                        SSH_CERT_DATA_ERROR.format(request.key_id))

    def test_enroll_service_generated_keypair(self):
        request = SSHCertRequest(cadn=TPP_SSH_CADN, key_id=_random_key_id())
        request.validity_period = "4h"
        request.source_addresses = ["test.com"]
        response = _enroll_ssh_cert(self.tpp_conn, request)
        self.assertTrue(
            response.private_key_data,
            SERVICE_GENERATED_NO_KEY_ERROR.format("Private", "",
                                                  request.key_id))
        self.assertTrue(
            response.public_key_data,
            SERVICE_GENERATED_NO_KEY_ERROR.format("Public", "",
                                                  request.key_id))
        self.assertTrue(response.certificate_data,
                        SSH_CERT_DATA_ERROR.format(request.key_id))

    def test_retrieve_ca_public_key(self):
        tpp_connector = venafi_connection(
            platform=VenafiPlatform.TPP,
            url=TPP_TOKEN_URL,
            http_request_kwargs={'verify': "/tmp/chain.pem"})
        request = SSHCATemplateRequest(ca_template=TPP_SSH_CADN)
        ssh_config = tpp_connector.retrieve_ssh_config(ca_request=request)
        self.assertIsNotNone(ssh_config.ca_public_key,
                             f"{TPP_SSH_CADN} Public Key data is empty")
        self.assertIsNone(ssh_config.ca_principals,
                          f"{TPP_SSH_CADN} default principals is not empty")
        log.debug(
            f"{TPP_SSH_CADN} Public Key data:\n{ssh_config.ca_public_key}")

    def test_retrieve_ca_public_key_and_principals(self):
        request = SSHCATemplateRequest(ca_template=TPP_SSH_CADN)
        ssh_config = self.tpp_conn.retrieve_ssh_config(ca_request=request)
        self.assertIsNotNone(ssh_config.ca_public_key,
                             f"{TPP_SSH_CADN} Public Key data is empty")
        self.assertIsNotNone(ssh_config.ca_principals,
                             f"{TPP_SSH_CADN} default principals is empty")
        log.debug(
            f"{TPP_SSH_CADN} Public Key data: {ssh_config.ca_public_key}")
        log.debug(
            f"{TPP_SSH_CADN} default principals: {ssh_config.ca_principals}")