예제 #1
0
class CertFileUtilsTest(CertUtilsTest):
    def setUp(self):
        super(CertFileUtilsTest, self).setUp()
        self.cert_file_utils = CertFileUtils()

    def tearDown(self):
        super(CertFileUtilsTest, self).tearDown()

    def test_validate_certificate_pem_valid(self):
        self.assertTrue(self.cert_file_utils.validate_certificate(self.valid_identity_cert_path,
            self.root_ca_crt_path))

    def test_validate_certificate_pem_invalid(self):
        self.assertFalse(self.cert_file_utils.validate_certificate(self.invalid_identity_cert_path,
            self.root_ca_crt_path))

    def test_validate_priv_key_to_certificate_valid(self):
        self.assertTrue(self.cert_file_utils.validate_priv_key_to_certificate(self.root_ca_key_path, self.root_ca_crt_path))

    def test_validate_priv_key_to_certificate_invvalid(self):
        self.assertFalse(self.cert_file_utils.validate_priv_key_to_certificate(self.invalid_key_path, self.root_ca_crt_path))
예제 #2
0
def check_valid_identity():
    global SERVER_IDENTITY_VALID
    # Allow override of cert/key/ca for testing.
    cert = config.get_splice_server_identity_cert_path()
    key = config.get_splice_server_identity_key_path()
    ca_cert = config.get_splice_server_identity_ca_path()
    # Verify paths exist
    if not _check_path(cert, "[security].splice_server_identity_cert"):
        return False
    if not _check_path(ca_cert, "[security].splice_server_identity_ca"):
        return False
    if not _check_path(key, "[security].splice_server_identity_key"):
        return False

    # Check that the identity certificate was signed by the configured identity CA
    certfu = CertFileUtils()
    if not certfu.validate_certificate(cert, ca_cert):
        _LOG.error("[security].splice_server_identity_cert failed validation against CA: [security].splice_server_identity_ca")
        return False
    if not certfu.validate_priv_key_to_certificate(key, cert):
        _LOG.error("[security].splice_server_identity_key is not matched to [security].splice_server_identity_cert")
        return False
    SERVER_IDENTITY_VALID = True
    return SERVER_IDENTITY_VALID