예제 #1
0
def test_get_or_increase_name(session, certificate):
    from lemur.certificates.models import get_or_increase_name
    from lemur.tests.factories import CertificateFactory

    serial = "AFF2DB4F8D2D4D8E80FA382AE27C2333"

    assert get_or_increase_name(certificate.name,
                                certificate.serial) == "{0}-{1}".format(
                                    certificate.name, serial)

    certificate.name = "test-cert-11111111"
    assert (get_or_increase_name(certificate.name,
                                 certificate.serial) == "test-cert-11111111-" +
            serial)

    certificate.name = "test-cert-11111111-1"
    assert (get_or_increase_name(
        "test-cert-11111111-1",
        certificate.serial) == "test-cert-11111111-1-" + serial)

    CertificateFactory(name="certificate1")
    CertificateFactory(name="certificate1-" + serial)
    session.commit()

    assert get_or_increase_name("certificate1",
                                int(serial,
                                    16)) == "certificate1-{}-1".format(serial)
예제 #2
0
def test_send_expiration_notification():
    from lemur.notifications.messaging import send_expiration_notifications

    verify_sender_email(
    )  # emails are sent to owner and security; SNS only used for configured notification
    topic_arn, sqs_client, queue_url = create_and_subscribe_to_topic()

    notification = NotificationFactory(plugin_name="aws-sns")
    notification.options = get_options()

    now = arrow.utcnow()
    in_ten_days = now + timedelta(
        days=10,
        hours=1)  # a bit more than 10 days since we'll check in the future

    certificate = CertificateFactory()
    certificate.not_after = in_ten_days
    certificate.notifications.append(notification)

    assert send_expiration_notifications([],
                                         []) == (3, 0
                                                 )  # owner, SNS, and security

    received_messages = sqs_client.receive_message(
        QueueUrl=queue_url)["Messages"]
    assert len(received_messages) == 1
    expected_message = format_message(
        certificate_notification_output_schema.dump(certificate).data,
        "expiration", notification.options)
    actual_message = json.loads(received_messages[0]["Body"])["Message"]
    assert actual_message == expected_message
예제 #3
0
def test_send_rotation_notification(notification_plugin, certificate):
    from lemur.notifications.messaging import send_rotation_notification
    verify_sender_email()

    new_cert = CertificateFactory()
    new_cert.replaces.append(certificate)
    assert send_rotation_notification(new_cert)
    new_cert.endpoints = [EndpointFactory()]
    assert send_rotation_notification(new_cert)
예제 #4
0
def create_cert_that_expires_in_days(days,
                                     serial=None,
                                     domains=None,
                                     owner=None):
    import random
    from random import randrange
    from string import ascii_lowercase

    now = arrow.utcnow()
    not_after = now + timedelta(
        days=days,
        hours=1)  # a bit more than specified since we'll check in the future

    certificate = CertificateFactory()
    certificate.not_after = not_after
    certificate.notify = True
    certificate.owner = ''.join(
        random.choice(ascii_lowercase) for _ in range(10)) + '@example.com'
    endpoints = []
    for i in range(0, randrange(0, 5)):
        endpoints.append(EndpointFactory())
    certificate.endpoints = endpoints
    if serial:
        certificate.serial = serial
    if owner:
        certificate.owner = owner
    if domains:
        certificate.domains = domains
    return certificate
예제 #5
0
def prepare_test():
    verify_sender_email()  # emails are sent to owner and security; Slack only used for configured notification

    notification = NotificationFactory(plugin_name="slack-notification")
    notification.options = get_options()

    now = arrow.utcnow()
    in_ten_days = now + timedelta(days=10, hours=1)  # a bit more than 10 days since we'll check in the future

    certificate = CertificateFactory()
    certificate.not_after = in_ten_days
    certificate.notifications.append(notification)
예제 #6
0
def test_issued_cert_count_for_authority(authority):
    from lemur.tests.factories import CertificateFactory
    from lemur.certificates.service import get_issued_cert_count_for_authority

    assert get_issued_cert_count_for_authority(authority) == 0

    # create a few certs issued by the authority
    CertificateFactory(authority=authority, name="test_issued_cert_count_for_authority1")
    CertificateFactory(authority=authority, name="test_issued_cert_count_for_authority2")
    CertificateFactory(authority=authority, name="test_issued_cert_count_for_authority3")

    assert get_issued_cert_count_for_authority(authority) == 3
예제 #7
0
def test_send_rotation_notification(certificate, endpoint, source_plugin):
    from lemur.notifications.messaging import send_rotation_notification
    from lemur.deployment.service import rotate_certificate

    new_certificate = CertificateFactory()
    rotate_certificate(endpoint, new_certificate)
    new_certificate.replaces.append(certificate)
    assert endpoint.certificate == new_certificate

    verify_sender_email()
    assert send_rotation_notification(new_certificate)
    new_certificate.endpoints = [EndpointFactory()]
    assert send_rotation_notification(new_certificate)
예제 #8
0
def create_cert_that_expires_in_days(days):
    from random import randrange

    now = arrow.utcnow()
    not_after = now + timedelta(days=days, hours=1)  # a bit more than specified since we'll check in the future

    certificate = CertificateFactory()
    certificate.not_after = not_after
    certificate.notify = True
    endpoints = []
    for i in range(0, randrange(0, 5)):
        endpoints.append(EndpointFactory())
    certificate.endpoints = endpoints
    return certificate
예제 #9
0
def test_rotate_certificate(client, source_plugin):
    from lemur.deployment.service import rotate_certificate
    new_certificate = CertificateFactory()
    endpoint = EndpointFactory()

    rotate_certificate(endpoint, new_certificate)
    assert endpoint.certificate == new_certificate
예제 #10
0
def test_render(certificate, endpoint):
    from lemur.certificates.schemas import certificate_notification_output_schema

    new_cert = CertificateFactory()
    new_cert.replaces.append(certificate)

    certificates = [certificate_notification_output_schema.dump(certificate).data]

    template = env.get_template('{}.html'.format('expiration'))

    with open(os.path.join(dir_path, 'expiration-rendered.html'), 'w') as f:
        body = template.render(dict(certificates=certificates, hostname='lemur.test.example.com'))
        f.write(body)

    template = env.get_template('{}.html'.format('rotation'))

    certificate.endpoints.append(endpoint)

    with open(os.path.join(dir_path, 'rotation-rendered.html'), 'w') as f:
        body = template.render(
            dict(
                certificate=certificate_notification_output_schema.dump(certificate).data,
                hostname='lemur.test.example.com'
            )
        )
        f.write(body)
예제 #11
0
def test_render_reissued_with_no_endpoints(certificate):
    new_cert = CertificateFactory()
    new_cert.replaces.append(certificate)

    assert render_html(
        "reissued_with_no_endpoints", get_options(),
        certificate_notification_output_schema.dump(new_cert).data)
예제 #12
0
def test_render(certificate, endpoint):
    from lemur.certificates.schemas import certificate_notification_output_schema

    new_cert = CertificateFactory()
    new_cert.replaces.append(certificate)

    data = {
        'certificates':
        [certificate_notification_output_schema.dump(certificate).data],
        'options': [{
            'name': 'interval',
            'value': 10
        }, {
            'name': 'unit',
            'value': 'days'
        }]
    }

    template = env.get_template('{}.html'.format('expiration'))

    with open(os.path.join(dir_path, 'expiration-rendered.html'), 'w') as f:
        body = template.render(
            dict(message=data, hostname='lemur.test.example.com'))
        f.write(body)

    template = env.get_template('{}.html'.format('rotation'))

    certificate.endpoints.append(endpoint)

    with open(os.path.join(dir_path, 'rotation-rendered.html'), 'w') as f:
        body = template.render(
            dict(certificate=certificate_notification_output_schema.dump(
                certificate).data,
                 hostname='lemur.test.example.com'))
        f.write(body)
예제 #13
0
def test_send_expiration_notification():
    from lemur.notifications.messaging import send_expiration_notifications

    notification = NotificationFactory(plugin_name="slack-notification")
    notification.options = get_options()

    now = arrow.utcnow()
    in_ten_days = now + timedelta(
        days=10,
        hours=1)  # a bit more than 10 days since we'll check in the future

    certificate = CertificateFactory()
    certificate.not_after = in_ten_days
    certificate.notifications.append(notification)

    assert send_expiration_notifications([]) == (2, 0)
예제 #14
0
def test_get_or_increase_name(session, certificate):
    from lemur.certificates.models import get_or_increase_name
    from lemur.tests.factories import CertificateFactory

    serial = 'AFF2DB4F8D2D4D8E80FA382AE27C2333'

    assert get_or_increase_name(certificate.name,
                                certificate.serial) == '{0}-{1}'.format(
                                    certificate.name, serial)

    certificate.name = 'test-cert-11111111'
    assert get_or_increase_name(
        certificate.name, certificate.serial) == 'test-cert-11111111-' + serial

    certificate.name = 'test-cert-11111111-1'
    assert get_or_increase_name(
        'test-cert-11111111-1',
        certificate.serial) == 'test-cert-11111111-1-' + serial

    cert2 = CertificateFactory(name='certificate1-' + serial)
    session.commit()

    assert get_or_increase_name('certificate1',
                                int(serial,
                                    16)) == 'certificate1-{}-1'.format(serial)
예제 #15
0
파일: test_slack.py 프로젝트: yiluzhu/lemur 
def test_send_expiration_notification():
    from lemur.notifications.messaging import send_expiration_notifications

    verify_sender_email()  # emails are sent to owner and security; Slack only used for configured notification

    notification = NotificationFactory(plugin_name="slack-notification")
    notification.options = get_options()

    now = arrow.utcnow()
    in_ten_days = now + timedelta(days=10, hours=1)  # a bit more than 10 days since we'll check in the future

    certificate = CertificateFactory()
    certificate.not_after = in_ten_days
    certificate.notifications.append(notification)

    assert send_expiration_notifications([]) == (3, 0)  # owner, Slack, and security
예제 #16
0
def test_send_expiration_notification_disabled():
    from lemur.notifications.messaging import send_expiration_notifications
    from lemur.tests.factories import CertificateFactory
    from lemur.tests.factories import NotificationFactory

    now = arrow.utcnow()
    in_ten_days = now + timedelta(days=10, hours=1)  # a bit more than 10 days since we'll check in the future
    certificate = CertificateFactory()
    notification = NotificationFactory(plugin_name="email-notification")

    certificate.not_after = in_ten_days
    certificate.notifications.append(notification)
    certificate.notifications[0].options = get_options()

    verify_sender_email()
    assert send_expiration_notifications([], ['email-notification']) == (0, 0)
예제 #17
0
def test_send_expiration_notification_no_security_team():
    from lemur.notifications.messaging import send_expiration_notifications
    from lemur.tests.factories import CertificateFactory
    from lemur.tests.factories import NotificationFactory

    now = arrow.utcnow()
    in_ten_days = now + timedelta(days=10, hours=1)  # a bit more than 10 days since we'll check in the future
    certificate = CertificateFactory(name="TEST1")
    notification = NotificationFactory(plugin_name="email-notification")

    certificate.not_after = in_ten_days
    certificate.notifications.append(notification)
    certificate.notifications[0].options = get_options()

    verify_sender_email()
    assert send_expiration_notifications([], [], True) == (3, 0)  # owner (1) and recipients (2)
예제 #18
0
파일: test_email.py 프로젝트: yiluzhu/lemur 
def test_render_expiration(certificate, endpoint):
    new_cert = CertificateFactory()
    new_cert.replaces.append(certificate)

    assert render_html(
        "expiration", get_options(),
        [certificate_notification_output_schema.dump(certificate).data])
예제 #19
0
def test_send_reissue_no_endpoints_notification(certificate):
    from lemur.notifications.messaging import send_reissue_no_endpoints_notification

    verify_sender_email()
    new_certificate = CertificateFactory()
    new_certificate.replaces.append(certificate)
    verify_sender_email()
    assert send_reissue_no_endpoints_notification(certificate, new_certificate)
예제 #20
0
def test_render_rotation(certificate, endpoint):
    new_cert = CertificateFactory()
    new_cert.replaces.append(certificate)
    new_cert.endpoints.append(endpoint)

    assert render_html(
        "rotation", get_options(),
        certificate_notification_output_schema.dump(new_cert).data)
예제 #21
0
def test_send_expiration_notification():
    from lemur.notifications.messaging import send_expiration_notifications
    from lemur.tests.factories import CertificateFactory
    from lemur.tests.factories import NotificationFactory

    now = arrow.utcnow()
    in_ten_days = now + timedelta(days=10, hours=1)  # a bit more than 10 days since we'll check in the future
    certificate = CertificateFactory()
    notification = NotificationFactory(plugin_name="email-notification")

    certificate.not_after = in_ten_days
    certificate.notifications.append(notification)
    certificate.notifications[0].options = get_options()

    verify_sender_email()
    # exclude "TEST1" certs so we don't pick up certs from the last test tests
    assert send_expiration_notifications(["TEST1"], []) == (4, 0)  # owner (1), recipients (2), and security (1)
예제 #22
0
파일: test_roles.py 프로젝트: sakti/lemur 
def test_multiple_authority_certificate_association(session, client):
    role = RoleFactory()
    authority = AuthorityFactory()
    certificate = CertificateFactory()
    authority1 = AuthorityFactory()
    certificate1 = CertificateFactory()

    role.authorities.append(authority)
    role.authorities.append(authority1)
    role.certificates.append(certificate)
    role.certificates.append(certificate1)

    session.commit()
    assert role.authorities[0].name == authority.name
    assert role.authorities[1].name == authority1.name
    assert role.certificates[0].name == certificate.name
    assert role.certificates[1].name == certificate1.name
예제 #23
0
파일: test_sns.py 프로젝트: vsnine/lemur 
def prepare_test():
    verify_sender_email()  # emails are sent to owner and security; SNS only used for configured notification

    # set all existing notifications to disabled so we don't have multiple conflicting in the tests
    for prior_notification in service.get_all():
        service.update(prior_notification.id, prior_notification.label, prior_notification.plugin_name,
                       prior_notification.options, prior_notification.description, False, [], [])

    notification = NotificationFactory(plugin_name="aws-sns")
    notification.options = get_options()

    now = arrow.utcnow()
    in_ten_days = now + timedelta(days=10, hours=1)  # a bit more than 10 days since we'll check in the future

    certificate = CertificateFactory()
    certificate.not_after = in_ten_days
    certificate.notifications.append(notification)

    return notification, certificate
예제 #24
0
def test_send_reissue_no_endpoints_notification(notification_plugin, endpoint,
                                                certificate):
    from lemur.notifications.messaging import send_reissue_no_endpoints_notification
    verify_sender_email()

    new_cert = CertificateFactory()
    new_cert.replaces.append(certificate)
    assert send_reissue_no_endpoints_notification(certificate, new_cert)
    certificate.endpoints.append(endpoint)
    assert not send_reissue_no_endpoints_notification(certificate, new_cert)
예제 #25
0
def test_send_reissue_no_endpoints_notification_excluded_destination(
        destination_plugin, notification_plugin, certificate, destination):
    from lemur.notifications.messaging import send_reissue_no_endpoints_notification
    verify_sender_email()

    new_cert = CertificateFactory()
    new_cert.replaces.append(certificate)
    destination.label = 'not-excluded-destination'
    certificate.destinations.append(destination)
    assert send_reissue_no_endpoints_notification(certificate, new_cert)
    # specified in tests/conf.py
    destination.label = 'excluded-destination'
    assert not send_reissue_no_endpoints_notification(certificate, new_cert)
예제 #26
0
def test_get_or_increase_name(session, certificate):
    from lemur.certificates.models import get_or_increase_name
    from lemur.tests.factories import CertificateFactory

    assert get_or_increase_name(certificate.name, certificate.serial) == '{0}-3E9'.format(certificate.name)

    certificate.name = 'test-cert-11111111'
    assert get_or_increase_name(certificate.name, certificate.serial) == 'test-cert-11111111-3E9'

    certificate.name = 'test-cert-11111111-1'
    assert get_or_increase_name('test-cert-11111111-1', certificate.serial) == 'test-cert-11111111-1-3E9'

    cert2 = CertificateFactory(name='certificate1-3E9')
    session.commit()

    assert get_or_increase_name('certificate1', 1001) == 'certificate1-3E9-1'
예제 #27
0
def create_ca_cert_that_expires_in_days(days):
    now = arrow.utcnow()
    not_after = now + timedelta(days=days, hours=1)  # a bit more than specified since we'll check in the future

    authority = AuthorityFactory()
    certificate = CertificateFactory()
    certificate.not_after = not_after
    certificate.notify = True
    certificate.root_authority_id = authority.id
    certificate.authority_id = None
    return certificate
예제 #28
0
def test_delete_cert(session):
    from lemur.certificates.service import delete, get
    from lemur.tests.factories import CertificateFactory

    delete_this = CertificateFactory(name='DELETEME')
    session.commit()

    cert_exists = get(delete_this.id)

    # it needs to exist first
    assert cert_exists

    delete(delete_this.id)
    cert_exists = get(delete_this.id)

    # then not exist after delete
    assert not cert_exists
예제 #29
0
def test_cleanup_after_revoke(session, issuer_plugin, crypto_authority):
    from lemur.certificates.service import cleanup_after_revoke, get
    from lemur.tests.factories import CertificateFactory

    revoke_this = CertificateFactory(name="REVOKEME")
    session.commit()

    to_be_revoked = get(revoke_this.id)
    assert to_be_revoked
    to_be_revoked.notify = True
    to_be_revoked.rotation = True

    # Assuming the cert is revoked by corresponding issuer, update the records in lemur
    cleanup_after_revoke(to_be_revoked)
    revoked_cert = get(to_be_revoked.id)

    # then not exist after delete
    assert revoked_cert
    assert revoked_cert.status == "revoked"
    assert not revoked_cert.notify
    assert not revoked_cert.rotation
    assert not revoked_cert.destinations
예제 #30
0
def test_render(certificate, endpoint):
    from lemur.certificates.schemas import certificate_notification_output_schema

    new_cert = CertificateFactory()
    new_cert.replaces.append(certificate)

    data = {
        "certificates":
        [certificate_notification_output_schema.dump(certificate).data],
        "options": [
            {
                "name": "interval",
                "value": 10
            },
            {
                "name": "unit",
                "value": "days"
            },
        ],
    }

    template = env.get_template("{}.html".format("expiration"))

    body = template.render(
        dict(message=data, hostname="lemur.test.example.com"))

    template = env.get_template("{}.html".format("rotation"))

    certificate.endpoints.append(endpoint)

    body = template.render(
        dict(
            certificate=certificate_notification_output_schema.dump(
                certificate).data,
            hostname="lemur.test.example.com",
        ))