def test_cert_import_nonexisting_certs(self):
with XRDSSTTest() as app:
cert_controller = CertController()
cert_controller.app = app
cert_controller.load_config = (lambda: self.ss_config)
cert_controller.get_server_status = (lambda x, y: StatusTestData.server_status_essentials_complete)
cert_controller.import_()
out, err = self.capsys.readouterr()
assert out.count("references non-existent file") > 0
with self.capsys.disabled():
sys.stdout.write(out)
sys.stderr.write(err)
def test_cert_register_multiple_certs_for_auth_key(self):
with XRDSSTTest() as app:
with mock.patch('xrdsst.api.tokens_api.TokensApi.get_token',
return_value=CertTestData.single_key_with_multiple_registrable_auth_cert_response):
cert_controller = CertController()
cert_controller.app = app
cert_controller.load_config = (lambda: self.ss_config_with_authcert())
cert_controller.get_server_status = (lambda x, y: StatusTestData.server_status_essentials_complete)
cert_controller.register()
out, err = self.capsys.readouterr()
assert out.count("Multiple certificates to 'REGISTER' for key") > 0
with self.capsys.disabled():
sys.stdout.write(out)
sys.stderr.write(err)
def test_cert_register_multiple_auth_labelled_keys(self):
with XRDSSTTest() as app:
with mock.patch('xrdsst.api.tokens_api.TokensApi.get_token',
return_value=CertTestData.multiple_keys_labelled_as_auth_response):
cert_controller = CertController()
cert_controller.app = app
cert_controller.load_config = (lambda: self.ss_config_with_authcert())
cert_controller.get_server_status = (lambda x, y: StatusTestData.server_status_essentials_complete)
cert_controller.register()
out, err = self.capsys.readouterr()
assert out.count("multiple authentication keys") > 0
with self.capsys.disabled():
sys.stdout.write(out)
sys.stderr.write(err)
def test_csr_download(self):
class MockCsr:
def __init__(self, status, data):
self.status = status
self.data = data
def mocked_download_csr(self, id, csr_id, **kwargs):
if csr_id == '6766344A138328780CE721979868EAD7981B3BD5': # auth
return MockCsr(
200,
b'0\x82\x02\x890\x82\x01q\x02\x01\x000D1\x0b0\t\x06\x03U\x04\x06\x13\x02FI1\x0c0\n\x06\x03U\x04\n\x0c\x03UNS1\x180\x16\x06\x03U\x04\x05\x13\x0fDEV/UNS-SS5/GOV1\r0\x0b\x06\x03U\x04\x03\x0c\x0498760\x82\x01"0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x000\x82\x01\n\x02\x82\x01\x01\x00\xb3\x18w\xd4P\x16%\x9d\xc5\x0b\xc2m\x82-l\x1a\xc9\x90\x1b-\xa2\xa1f}\x86\x11AW\xca\xdf\xfb\xd9P\x93N\xcf\xaa\xa9[#\x10\x12\xe3\x1b\x07\n\xc2#9t\x8d\xda"\xb4\x93\xf7\xa9\xde;\x98\xf1,\xef\x89S\xb7\xad\xab\x00\xbbwm\xffr\x19\xb1d\xdf/\xe2\xa1\x14\xd3\xa8\xbf\xfe\xa5:\xab,\xab\xd0\x01\x813}\xe5\xe2\x12)y\xc6\x9d\xea\x96\xbe\xb2\xa81\x99\xdc/Z\x12\xe2\xfdZ&OB\xed\xf3\x8f\xbc\xca\x92lL\x1eJt\xe5\x7f\xbd\xe5\x83W\x19\x95\x9d\x8fv\xac\xdb\x03V1\xff\x80\xaf\xb1Qs\x97O\xd7\x98\x966\xf4\xb3\xff\xfaA6\xf6\xd6\xd6\x9b\xcf\xb2\x94\xb0\xbc\xb9\xf2\\\xfcct\x12`\x8e\xebh8\xc7\xf1 \x93\xd01D\xc1\xc6\xb8\xc4\xf6^\xb5\xa8\xe3\x87~^\xea\x812\x85\xf7\xd7\x99\xd2\xd4\x06\xadvo\xd7\x8ea\xbb\x16\x08\x9c\xc9\x15|;\xacl\xf4\xb7\x88\x9e\x9c\xd2.k\xda\xa4K\xd8\xea\xcf\xac\x8a)\x8dm\x9d#\xad\xd7\xe7-\x02\x03\x01\x00\x01\xa0\x000\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x00\x03\x82\x01\x01\x003!\xa0M\x9bC\xa9\xe5\x8c\x86G\xcf\xc4\xee\xeaoW\x96\xd9\x8e\xd2\nz2\x05\xb7\xaa\xf3\xe0Vi\xf3\x0c\xc4\x1ay\x9eU \x12\xbf\xaen\x88\x04D0O\x19BJy\x88\xd6\xf7\x95w\x9a\x04w\xf4XQz\xceg2\x96\xc1\xdf\xbas\xf8\xb3\xd5~&\xc7:\'\x83}6\x0b\xddE\x15l\xd3H7\x8c6J\x9cf\x0f\xa6y\x7f\xab\xef"\'\xa4\xca\xf4\xf9\xd0\xddf\xf1\xdd4\x10\xe9\xf1;g\x08=\xd1\x17\xabva\xd6\xdb%\x19\xe1*mA\xca\xcc\xa7\x07m\xeb&k\xcaB\xa5\xb8\x93\x11]\xe9x\xcd\xa4\x90\x80\xb2\x9d\x91\x8d\x92}\xca\xd5,\xc8\x7f\x8dT\xa1h\x92\x8bv\x1c\xb8\x17\x7f\xe2\xa3\xdaL\x02<D8\xe4\xd1\xc5bYW\xa5_\nEl}\x93U\x96\t$\\yr6\x0f\x88\xe4\xd8\x96\x81\xe1A\x1f\xe7\x02\x9a\xa6\x19\xff\xdc\x8e\x95\x9e\x89kLAN\xcf\xf4n\x15\xb2\x99\xf5v\xd9\x89\xb7v4$\xce\xf1\xdapr\xd1\x16\x18\x84C\xb3\x1c'
)
if csr_id == '1A8E6C45A9D3FDF3BF17769FC0650AA40EFC2CD5': # sign
return MockCsr(
200,
b'0\x82\x02\x890\x82\x01q\x02\x01\x000D1\x0b0\t\x06\x03U\x04\x06\x13\x02FI1\x0c0\n\x06\x03U\x04\n\x0c\x03UNS1\x180\x16\x06\x03U\x04\x05\x13\x0fDEV/UNS-SS5/GOV1\r0\x0b\x06\x03U\x04\x03\x0c\x0498760\x82\x01"0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x000\x82\x01\n\x02\x82\x01\x01\x00\x9a\x07\x9e\xbe:\x03T\x94\xd3\xbb\x15\x14\xf5>\xa3\x145\x9d\xc8m\x12\x9d\xd3n1\xd9t\x0bw\x0e\xc0x\xa79C\xa2\xe7\xb2\x94\xf6\xbbY\xbc\xe7\xb5\xa7\xc1\xe70\xc5\x91\x87\xbfE\xe1\xec`\x1fR\xbaP\xc3\xb6o\x94*\xa1j\x05\xf3Q*\xfb6\xd3\x1c,g\xd2b\x9f=B\xc8\xa1\x8e\xafya`\x84\xf4\x9c\x14\x13\xc7\xb7\xc1\xa7\x83p\xedq\xa1\x93H\xe8\xfc\x007M{\x91\xc0X\xf4\x94$n\xe3\xfb8\xed\xe2\xed\xad\t\xf8\x1a3B\xc0V\xeb\x07@\xf4 \xafl\n\xdbI\x8a,\x06.\xfdz\xa7\x98$Z%\xc0\xfc\x1d\xe5Q\xdb\xd2\xc4\x9a\xc4\xbdn\x9cxx(\xbc2\xe8Vhm\x14\x06\xd1\xa9&T\x806x\x0fD\xd8~\xe8\x90lg\x1b\x86\x91\xdb\xb1\x109\xb1;(}\xb6\x96\xbb\x1d]\xb9n+<i\x87\xcc\xa9[\x05\xd5\xca\x9c\xe0\xcc\xf9\xf4\xad\xf6{\xee\xb1\xb2\x04Cx*\xb6d9\xce\x9c-d\x98\xc7\xbf\xe8:\xb2fG\xf5N\x8e\n\xcd\x02\x03\x01\x00\x01\xa0\x000\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x00\x03\x82\x01\x01\x00\x8c\x95\xe3\xe3h\xdf\x9a\x11\x8dA\xa8r1\x82\xc7\x05j(z\xdd!,j\xae\x92\xd5\xe5\x8f\x00\xffn\x0f\xa4\x17\xfb\xfc\x04\x88\xf5\x96Y\xdb\xf3ss/%\xfeX\xbc%`QD\xa9 5W\xf2IX\x00\xfa~5\xfb\xd1\x9drn\xf6\xf1J\x99qE\xf6\xf3<\xe97\xc7\xebQ\xdb,j}\x07\xd7T\xea\x05\xdd\xda{e=k\xd0gJ\x07\x84`\xc3E\xbf>:Uk\xcan;g\xc0\xf1\xdf\x81\x94\xd22~\xde\x97\x13\x85\xc8aY\xdc\x1a\x1f\xe4Qg\xb9-\xfc\x15S\xbc\xeb\xe9\xbf\x18\xdbr\x8dD\xc6\xb9F\xd0\x94\xa8\xf8\xd9\xcc5K\x9c$\x8a?\xc7\x0b\xae\x86\x0e\x04R\x19\x0c9\xb0;t\xec(\xf6\'\xe1\x9fky9\xb2\xe1\xd6\xd3\xfc\xdd\xd1\xbf%\xb4(?\xde]\xf7\xd4o`O\xf4\x99v,@\xb5\xb2.\xc0\xae\x97\n\xd2\xa5\xc6\xa2\x98\x14ZA\xdeJK\xfe\xb1\xf6\n\xad\xea\x8fq\xa3\xf3*=)\x04\xc9\x84sK\xa0%!\x07\xba\xa0\xf6\x94'
)
raise Exception("No mock for CSR '" + csr_id + "'")
with XRDSSTTest() as app:
with mock.patch('xrdsst.api.tokens_api.TokensApi.get_token',
return_value=CertTestData.token_with_two_csrs_response):
with mock.patch('xrdsst.api.keys_api.KeysApi.download_csr', new=mocked_download_csr):
cert_controller = CertController()
cert_controller.app = app
cert_controller.load_config = (lambda: self.ss_config)
cert_controller.get_server_status = (lambda x, y: StatusTestData.server_status_essentials_complete)
reported_downloads = cert_controller.download_csrs()
assert len(reported_downloads) == 2
assert cert_controller.app._last_rendered[1].count('ssX-default-auth') == 1
assert cert_controller.app._last_rendered[1].count('ssX-default-sign') == 1
# Check file creation
auth_csr_file = list(filter(lambda s: s.count('ssX-default-auth') > 0,
map(lambda s: s.strip(), cert_controller.app._last_rendered[1].split('│')))).pop()
sign_csr_file = list(filter(lambda s: s.count('ssX-default-sign') > 0,
map(lambda s: s.strip(), cert_controller.app._last_rendered[1].split('│')))).pop()
assert auth_csr_file == reported_downloads[0].fs_loc or auth_csr_file == reported_downloads[1].fs_loc
assert sign_csr_file == reported_downloads[0].fs_loc or auth_csr_file == reported_downloads[1].fs_loc
assert auth_csr_file != sign_csr_file
assert os.path.exists(auth_csr_file)
assert os.path.exists(sign_csr_file)
def test_cert_activate(self):
with XRDSSTTest() as app:
with mock.patch('xrdsst.api.tokens_api.TokensApi.get_token',
return_value=CertTestData.single_auth_key_with_cert_token_response):
with mock.patch('xrdsst.api.token_certificates_api.TokenCertificatesApi.activate_certificate',
return_value={}):
with mock.patch('xrdsst.api.token_certificates_api.TokenCertificatesApi.get_possible_actions_for_certificate',
return_value=[PossibleAction.DISABLE, PossibleAction.UNREGISTER]):
cert_controller = CertController()
cert_controller.app = app
cert_controller.load_config = (lambda: self.ss_config_with_authcert())
cert_controller.get_server_status = (lambda x, y: StatusTestData.server_status_essentials_complete)
cert_controller.activate()
out, err = self.capsys.readouterr()
assert out.count("Activated certificate") > 0
with self.capsys.disabled():
sys.stdout.write(out)
sys.stderr.write(err)
def test_cert_import_permission_denied(self):
class PermissionDeniedResponse:
status = 403
data = '{"status":403,"error":{"code":"permission_denied"}}'
reason = None
def getheaders(self): return None
with XRDSSTTest() as app:
with mock.patch('xrdsst.api.tokens_api.TokensApi.get_token',
return_value=CertTestData.single_auth_key_with_cert_token_response):
with mock.patch('xrdsst.api.token_certificates_api.TokenCertificatesApi.import_certificate',
side_effect=ApiException(http_resp=PermissionDeniedResponse())):
cert_controller = CertController()
cert_controller.app = app
cert_controller.load_config = (lambda: self.ss_config_with_authcert())
cert_controller.get_server_status = (lambda x, y: StatusTestData.server_status_essentials_complete)
cert_controller.import_()
out, err = self.capsys.readouterr()
assert err.count("permission") > 0
with self.capsys.disabled():
sys.stdout.write(out)
sys.stderr.write(err)
