class CertFileUtilsTest(CertUtilsTest):
def setUp(self):
super(CertFileUtilsTest, self).setUp()
self.cert_file_utils = CertFileUtils()
def tearDown(self):
super(CertFileUtilsTest, self).tearDown()
def test_validate_certificate_pem_valid(self):
self.assertTrue(self.cert_file_utils.validate_certificate(self.valid_identity_cert_path,
self.root_ca_crt_path))
def test_validate_certificate_pem_invalid(self):
self.assertFalse(self.cert_file_utils.validate_certificate(self.invalid_identity_cert_path,
self.root_ca_crt_path))
def test_validate_priv_key_to_certificate_valid(self):
self.assertTrue(self.cert_file_utils.validate_priv_key_to_certificate(self.root_ca_key_path, self.root_ca_crt_path))
def test_validate_priv_key_to_certificate_invvalid(self):
self.assertFalse(self.cert_file_utils.validate_priv_key_to_certificate(self.invalid_key_path, self.root_ca_crt_path))
def check_valid_identity():
global SERVER_IDENTITY_VALID
# Allow override of cert/key/ca for testing.
cert = config.get_splice_server_identity_cert_path()
key = config.get_splice_server_identity_key_path()
ca_cert = config.get_splice_server_identity_ca_path()
# Verify paths exist
if not _check_path(cert, "[security].splice_server_identity_cert"):
return False
if not _check_path(ca_cert, "[security].splice_server_identity_ca"):
return False
if not _check_path(key, "[security].splice_server_identity_key"):
return False
# Check that the identity certificate was signed by the configured identity CA
certfu = CertFileUtils()
if not certfu.validate_certificate(cert, ca_cert):
_LOG.error("[security].splice_server_identity_cert failed validation against CA: [security].splice_server_identity_ca")
return False
if not certfu.validate_priv_key_to_certificate(key, cert):
_LOG.error("[security].splice_server_identity_key is not matched to [security].splice_server_identity_cert")
return False
SERVER_IDENTITY_VALID = True
return SERVER_IDENTITY_VALID