def test_set_ca_cert_duplicate_id_invalid(self, mock_util_chk, mock_load_pk, mock_check_pk, mock_load_cert, mock_expired): """ Test API set_ca_cert raises exception when loading certificate fails """ cert_util = EdgeCertUtil() mock_util_chk.return_value = True with patch(OPEN_BUILTIN, mock_open(read_data='MOCKED')): mock_load_pk.return_value = crypto.PKey() mock_check_pk.return_value = True mock_load_cert.return_value = crypto.X509() mock_expired.return_value = False cert_util.set_ca_cert('root', ca_cert_file_path=CA_CERT_FILE_NAME, ca_root_cert_file_path=CA_OWNER_CERT_FILE_NAME, ca_root_chain_cert_file_path=CA_CHAIN_CERT_FILE_NAME, ca_private_key_file_path=CA_PRIVATE_KEY_FILE_NAME, passphrase='1234') with self.assertRaises(edgectl.errors.EdgeValueError): cert_util.set_ca_cert('root', ca_cert_file_path=CA_CERT_FILE_NAME, ca_root_cert_file_path=CA_OWNER_CERT_FILE_NAME, ca_root_chain_cert_file_path=CA_CHAIN_CERT_FILE_NAME, ca_private_key_file_path=CA_PRIVATE_KEY_FILE_NAME, passphrase='1234')
def test_set_ca_cert_missing_cert_files_invalid(self): """ Test API set_ca_cert raises exception when files found to not exist """ cert_util = EdgeCertUtil() with patch('edgectl.utils.EdgeUtils.check_if_file_exists') as mock_check_file: mock_check_file.side_effect = self._check_if_file_exists_helper with self.assertRaises(edgectl.errors.EdgeValueError): cert_util.set_ca_cert('root', ca_cert_file_path=INVALID_FILE, ca_root_cert_file_path=CA_OWNER_CERT_FILE_NAME, ca_root_chain_cert_file_path=CA_CHAIN_CERT_FILE_NAME, ca_private_key_file_path=CA_PRIVATE_KEY_FILE_NAME) with self.assertRaises(edgectl.errors.EdgeValueError): cert_util.set_ca_cert('root', ca_cert_file_path=CA_CERT_FILE_NAME, ca_root_cert_file_path=INVALID_FILE, ca_root_chain_cert_file_path=CA_CHAIN_CERT_FILE_NAME, ca_private_key_file_path=CA_PRIVATE_KEY_FILE_NAME) with self.assertRaises(edgectl.errors.EdgeValueError): cert_util.set_ca_cert('root', ca_cert_file_path=CA_CERT_FILE_NAME, ca_root_cert_file_path=CA_OWNER_CERT_FILE_NAME, ca_root_chain_cert_file_path=INVALID_FILE, ca_private_key_file_path=CA_PRIVATE_KEY_FILE_NAME) with self.assertRaises(edgectl.errors.EdgeValueError): cert_util.set_ca_cert('root', ca_cert_file_path=CA_CERT_FILE_NAME, ca_root_cert_file_path=CA_OWNER_CERT_FILE_NAME, ca_root_chain_cert_file_path=CA_CHAIN_CERT_FILE_NAME, ca_private_key_file_path=INVALID_FILE)
def test_set_ca_cert_missing_args_invalid(self): """ Test API set_ca_cert raises exception when all required args are not provided """ cert_util = EdgeCertUtil() with patch('edgectl.utils.EdgeUtils.check_if_file_exists', MagicMock(return_value=True)): with self.assertRaises(edgectl.errors.EdgeValueError): cert_util.set_ca_cert('root', ca_root_cert_file_path=CA_OWNER_CERT_FILE_NAME, ca_root_chain_cert_file_path=CA_CHAIN_CERT_FILE_NAME, ca_private_key_file_path=CA_PRIVATE_KEY_FILE_NAME) with self.assertRaises(edgectl.errors.EdgeValueError): cert_util.set_ca_cert('root', ca_cert_file_path=CA_CERT_FILE_NAME, ca_root_chain_cert_file_path=CA_CHAIN_CERT_FILE_NAME, ca_private_key_file_path=CA_PRIVATE_KEY_FILE_NAME) with self.assertRaises(edgectl.errors.EdgeValueError): cert_util.set_ca_cert('root', ca_cert_file_path=CA_CERT_FILE_NAME, ca_root_cert_file_path=CA_OWNER_CERT_FILE_NAME, ca_private_key_file_path=CA_PRIVATE_KEY_FILE_NAME) with self.assertRaises(edgectl.errors.EdgeValueError): cert_util.set_ca_cert('root', ca_cert_file_path=CA_CERT_FILE_NAME, ca_root_cert_file_path=CA_OWNER_CERT_FILE_NAME, ca_root_chain_cert_file_path=CA_CHAIN_CERT_FILE_NAME) with patch(OPEN_BUILTIN, mock_open(read_data='MOCKEDPASSWORD')) as mocked_open: mocked_open.side_effect = IOError()
def test_set_ca_cert_open_failure_invalid(self): """ Test API set_ca_cert raises exception when open() cert private key file fails """ cert_util = EdgeCertUtil() with patch('edgectl.utils.EdgeUtils.check_if_file_exists', MagicMock(return_value=True)): with patch(OPEN_BUILTIN, mock_open(read_data='MOCKED')) as mocked_open: mocked_open.side_effect = IOError() with self.assertRaises(edgectl.errors.EdgeFileAccessError): cert_util.set_ca_cert('root', ca_cert_file_path=CA_CERT_FILE_NAME, ca_root_cert_file_path=CA_OWNER_CERT_FILE_NAME, ca_root_chain_cert_file_path=CA_CHAIN_CERT_FILE_NAME, ca_private_key_file_path=CA_PRIVATE_KEY_FILE_NAME, passphrase='1234') mocked_open.assert_called_with(CA_PRIVATE_KEY_FILE_NAME, 'rb')
def test_set_ca_cert_load_privatekey_failure_invalid(self, mock_util_chk, mock_load_pk): """ Test API set_ca_cert raises exception when calling API load_privatekey """ cert_util = EdgeCertUtil() mock_util_chk.return_value = True with patch(OPEN_BUILTIN, mock_open(read_data='MOCKED')) as mocked_open: mock_load_pk.side_effect = crypto.Error() with self.assertRaises(edgectl.errors.EdgeValueError): cert_util.set_ca_cert('root', ca_cert_file_path=CA_CERT_FILE_NAME, ca_root_cert_file_path=CA_OWNER_CERT_FILE_NAME, ca_root_chain_cert_file_path=CA_CHAIN_CERT_FILE_NAME, ca_private_key_file_path=CA_PRIVATE_KEY_FILE_NAME, passphrase='1234') mocked_open.assert_called_with(CA_PRIVATE_KEY_FILE_NAME, 'rb') mock_load_pk.assert_called_with(crypto.FILETYPE_PEM, 'MOCKED', passphrase='1234')
def test_set_ca_cert_load_cert_io_failure_invalid(self, mock_util_chk, mock_load_pk, mock_check_pk, mock_load_cert): """ Test API set_ca_cert raises exception when loading certificate fails """ cert_util = EdgeCertUtil() mock_util_chk.return_value = True with patch(OPEN_BUILTIN, mock_open(read_data='MOCKED')): mock_load_pk.return_value = crypto.PKey() mock_check_pk.return_value = True mock_load_cert.side_effect = IOError() with self.assertRaises(edgectl.errors.EdgeFileAccessError): cert_util.set_ca_cert('root', ca_cert_file_path=CA_CERT_FILE_NAME, ca_root_cert_file_path=CA_OWNER_CERT_FILE_NAME, ca_root_chain_cert_file_path=CA_CHAIN_CERT_FILE_NAME, ca_private_key_file_path=CA_PRIVATE_KEY_FILE_NAME, passphrase='1234') mock_load_cert.assert_called_with(crypto.FILETYPE_PEM, 'MOCKED')
def test_set_ca_cert_passphrase_invalid(self): """ Test API set_ca_cert raises exception when passphrase is invalid """ cert_util = EdgeCertUtil() with patch('edgectl.utils.EdgeUtils.check_if_file_exists', MagicMock(return_value=True)): with self.assertRaises(edgectl.errors.EdgeValueError): cert_util.set_ca_cert('root', ca_cert_file_path=CA_CERT_FILE_NAME, ca_root_cert_file_path=CA_OWNER_CERT_FILE_NAME, ca_root_chain_cert_file_path=CA_CHAIN_CERT_FILE_NAME, ca_private_key_file_path=CA_PRIVATE_KEY_FILE_NAME, passphrase='') with self.assertRaises(edgectl.errors.EdgeValueError): cert_util.set_ca_cert('root', ca_cert_file_path=CA_CERT_FILE_NAME, ca_root_cert_file_path=CA_OWNER_CERT_FILE_NAME, ca_root_chain_cert_file_path=CA_CHAIN_CERT_FILE_NAME, ca_private_key_file_path=CA_PRIVATE_KEY_FILE_NAME, passphrase='123') bad_pass_1024 = 'a' * 1024 with self.assertRaises(edgectl.errors.EdgeValueError): cert_util.set_ca_cert('root', ca_cert_file_path=CA_CERT_FILE_NAME, ca_root_cert_file_path=CA_OWNER_CERT_FILE_NAME, ca_root_chain_cert_file_path=CA_CHAIN_CERT_FILE_NAME, ca_private_key_file_path=CA_PRIVATE_KEY_FILE_NAME, passphrase=bad_pass_1024)
def _generate_certs_using_device_ca(certificate_config, hostname, certs_dir): log.info('Generating Device CA based certificates at: %s', certs_dir) agent_ca_phrase = None if certificate_config.force_no_passwords is False: agent_ca_phrase = certificate_config.agent_ca_passphrase if agent_ca_phrase is None or agent_ca_phrase == '': bypass_opts = ['--agent-ca-passphrase', '--agent-ca-passphrase-file'] agent_ca_phrase = EdgeHostPlatform._prompt_password('Edge Agent', bypass_opts, 'agentCAPassphraseFilePath') cert_util = EdgeCertUtil() chain_cert_file = certificate_config.device_ca_chain_cert_file_path private_key_file = certificate_config.device_ca_private_key_file_path cert_util.set_ca_cert('edge-device-ca', ca_cert_file_path=certificate_config.device_ca_cert_file_path, ca_root_cert_file_path=certificate_config.owner_ca_cert_file_path, ca_root_chain_cert_file_path=chain_cert_file, ca_private_key_file_path=private_key_file, passphrase=certificate_config.device_ca_passphrase) EdgeHostPlatform._generate_certs_common(cert_util, hostname, certs_dir, agent_ca_phrase)