def test_get_count_should_return_one_after_delete(self):
session = self.ca_repo.get_session()
project = models.Project()
project.external_id = "my keystone id"
project.save(session=session)
ca_model = models.CertificateAuthority(self.parsed_ca)
ca_model.project_id = project.id
self.ca_repo.create_from(ca_model, session=session)
ca_model = models.CertificateAuthority(self.parsed_ca)
ca_model.project_id = project.id
self.ca_repo.create_from(ca_model, session=session)
session.commit()
count = self.ca_repo.get_count(project.id, session=session)
self.assertEqual(2, count)
self.ca_repo.delete_entity_by_id(ca_model.id,
"my keystone id",
session=session)
session.commit()
count = self.ca_repo.get_count(project.id, session=session)
self.assertEqual(1, count)
def create_cas(self, set_project_cas=True):
self.project = res.get_or_create_project(self.project_id)
self.global_project = res.get_or_create_global_preferred_project()
project_repo.save(self.project)
self.project_ca_ids = []
self.plugin_name = 'default_plugin'
self.plugin_ca_id = 'default_plugin_ca_id_'
self.ca_id = "id1"
self.num_cas = 10
self.offset = 2
self.limit = 4
self.params = {'offset': self.offset, 'limit': self.limit}
self._do_create_cas(set_project_cas)
# create subca for DELETE testing
parsed_ca = {
'plugin_name': self.plugin_name,
'plugin_ca_id': self.plugin_ca_id + "subca 1",
'name': self.plugin_name,
'description': 'Sub CA for default plugin',
'ca_signing_certificate': 'ZZZZZ' + "sub ca1",
'intermediates': 'YYYYY' + "sub ca1",
'project_id': self.project.id,
'creator_id': 'user12345'
}
ca = models.CertificateAuthority(parsed_ca)
ca_repo.create_from(ca)
ca_repo.save(ca)
self.subca = ca
self.num_cas += 1
def test_create_new_preferred_ca(self):
ca = models.CertificateAuthority(self.parsed_ca)
ca.id = '67890'
project = models.Project()
project.id = '12345'
preferred_ca = models.PreferredCertificateAuthority(project.id, ca.id)
self.assertEqual(ca.id, preferred_ca.ca_id)
self.assertEqual(project.id, preferred_ca.project_id)
def setUp(self):
super(WhenTestingCertificatePluginManager, self).setUp()
self.cert_spec = {}
self.plugin_returned = mock.MagicMock()
self.plugin_name = common_utils.generate_fullname_for(
self.plugin_returned)
types_list = [
cm.CertificateRequestType.SIMPLE_CMC_REQUEST,
cm.CertificateRequestType.CUSTOM_REQUEST
]
self.plugin_returned.supported_request_types.return_value = types_list
self.plugin_returned.supports.return_value = True
self.plugin_loaded = mock.MagicMock(obj=self.plugin_returned)
expiration = (
datetime.datetime.utcnow() +
datetime.timedelta(days=cm.CA_INFO_DEFAULT_EXPIRATION_DAYS))
ca_info = {
cm.INFO_NAME: "my_ca",
cm.INFO_DESCRIPTION: "Certificate Authority my_ca",
cm.INFO_CA_SIGNING_CERT: "Undefined",
cm.INFO_INTERMEDIATES: "Undefined",
cm.INFO_EXPIRATION: expiration.isoformat()
}
self.plugin_returned.get_ca_info.return_value = {
'plugin_ca_id1': ca_info
}
parsed_ca = {
'plugin_name': self.plugin_name,
'plugin_ca_id': 'plugin_ca_id1',
'name': self.plugin_name,
'description': 'Master CA for default plugin',
'ca_signing_certificate': 'ZZZZZ',
'intermediates': 'YYYYY'
}
self.ca = models.CertificateAuthority(parsed_ca)
self.ca.id = 'ca_id'
self.ca_repo = mock.MagicMock()
self.ca_repo.get_by_create_date.return_value = (self.ca, 0, 1, 1)
self.ca_repo.create_from.return_value = None
self.ca_repo.get.return_value = self.ca
self.project = models.Project()
self.project.id = '12345'
self.setup_ca_repository_mock(self.ca_repo)
self.plugin_loaded = mock.MagicMock(obj=self.plugin_returned)
self.manager = cm.CertificatePluginManager()
self.manager.extensions = [self.plugin_loaded]
def test_new_ca_is_created_from_dict(self):
ca = models.CertificateAuthority(self.parsed_ca)
self.assertEqual(self.parsed_ca['plugin_name'], ca.plugin_name)
self.assertEqual(self.parsed_ca['plugin_ca_id'], ca.plugin_ca_id)
self.assertEqual(self.parsed_ca['name'], ca.ca_meta['name'].value)
self.assertEqual(self.parsed_ca['description'],
ca.ca_meta['description'].value)
self.assertEqual(self.parsed_ca['ca_signing_certificate'],
ca.ca_meta['ca_signing_certificate'].value)
self.assertEqual(self.parsed_ca['intermediates'],
ca.ca_meta['intermediates'].value)
self.assertIsInstance(ca.expiration, datetime.datetime)
self.assertEqual(ca.created_at, ca.updated_at)
def test_should_create_subca(self, mocked_task):
self.create_cas()
self.create_subca_request(self.selected_ca_id)
mocked_task.return_value = models.CertificateAuthority(
self.parsed_subca)
resp = self.app.post_json(
'/cas',
self.subca_request,
expect_errors=False)
self.assertEqual(201, resp.status_int)
def _do_create_cas(self, set_project_cas):
for ca_id in moves.range(self.num_cas):
parsed_ca = {
'plugin_name': self.plugin_name,
'plugin_ca_id': self.plugin_ca_id + str(ca_id),
'name': self.plugin_name,
'description': 'Master CA for default plugin',
'ca_signing_certificate': 'ZZZZZ' + str(ca_id),
'intermediates': 'YYYYY' + str(ca_id)
}
ca = models.CertificateAuthority(parsed_ca)
ca_repo.create_from(ca)
ca_repo.save(ca)
if ca_id == 1:
# set global preferred ca
pref_ca = models.PreferredCertificateAuthority(
self.global_project.id,
ca.id)
preferred_ca_repo.create_from(pref_ca)
preferred_ca_repo.save(pref_ca)
self.global_preferred_ca = ca
if ca_id == 2 and set_project_cas:
# set project CA
project_ca = models.ProjectCertificateAuthority(
self.project.id, ca.id)
project_ca_repo.create_from(project_ca)
project_ca_repo.save(project_ca)
self.project_ca_ids.append(ca.id)
if ca_id == 3 and set_project_cas:
# set project preferred CA
project_ca = models.ProjectCertificateAuthority(
self.project.id, ca.id)
project_ca_repo.create_from(project_ca)
project_ca_repo.save(project_ca)
self.project_ca_ids.append(ca.id)
pref_ca = models.PreferredCertificateAuthority(
self.project.id, ca.id)
preferred_ca_repo.create_from(pref_ca)
preferred_ca_repo.save(pref_ca)
self.preferred_ca = ca
if ca_id == 4:
# set ca for testing GETs for a single CA
self.selected_ca_id = ca.id
self.selected_plugin_ca_id = self.plugin_ca_id + str(ca_id)
self.selected_signing_cert = 'ZZZZZ' + str(ca_id)
self.selected_intermediates = 'YYYYY' + str(ca_id)
def create_subordinate_ca(project_model, name, description, subject_dn,
parent_ca_ref, creator_id):
"""Create a subordinate CA
:param name - name of the subordinate CA
:param: description - description of the subordinate CA
:param: subject_dn - subject DN of the subordinate CA
:param: parent_ca_ref - Barbican URL reference to the parent CA
:param: creator_id - id for creator of the subordinate CA
:return: :class models.CertificateAuthority model object for new sub CA
"""
# check that the parent ref exists and is accessible
parent_ca_id = hrefs.get_ca_id_from_ref(parent_ca_ref)
ca_repo = repos.get_ca_repository()
parent_ca = ca_repo.get(entity_id=parent_ca_id, suppress_exception=True)
if not parent_ca:
raise excep.InvalidParentCA(parent_ca_ref=parent_ca_ref)
# Parent CA must be a base CA or a subCA owned by this project
if (parent_ca.project_id is not None and
parent_ca.project_id != project_model.id):
raise excep.UnauthorizedSubCA()
# get the parent plugin, raises CertPluginNotFound if missing
cert_plugin = cert.CertificatePluginManager().get_plugin_by_name(
parent_ca.plugin_name)
# confirm that the plugin supports creating subordinate CAs
if not cert_plugin.supports_create_ca():
raise excep.SubCAsNotSupported()
# make call to create the subordinate ca
create_ca_dto = cert.CACreateDTO(
name=name,
description=description,
subject_dn=subject_dn,
parent_ca_id=parent_ca.plugin_ca_id)
new_ca_dict = cert_plugin.create_ca(create_ca_dto)
if not new_ca_dict:
raise excep.SubCANotCreated(name=name)
# create and store the subordinate CA as a new certificate authority object
new_ca_dict['plugin_name'] = parent_ca.plugin_name
new_ca_dict['creator_id'] = creator_id
new_ca_dict['project_id'] = project_model.id
new_ca = models.CertificateAuthority(new_ca_dict)
ca_repo.create_from(new_ca)
return new_ca
def setUp(self):
super(WhenCreatingCertificateOrders, self).setUp()
self.certificate_meta = {'request': 'XXXXXX'}
# Make sure we have a project
self.project = resources.get_or_create_project(self.project_id)
# Create CA's in the db
self.available_ca_ids = []
for i in range(2):
ca_information = {
'plugin_name': 'plugin_name',
'plugin_ca_id': 'plugin_name ca_id1',
'name': 'plugin name',
'description': 'Master CA for default plugin',
'ca_signing_certificate': 'XXXXX',
'intermediates': 'YYYYY'
}
ca_model = models.CertificateAuthority(ca_information)
ca = ca_repo.create_from(ca_model)
self.available_ca_ids.append(ca.id)
foreign_project = resources.get_or_create_project('foreign_project')
foreign_ca_information = {
'project_id': foreign_project.id,
'plugin_name': 'plugin_name',
'plugin_ca_id': 'plugin_name ca_id1',
'name': 'plugin name',
'description': 'Master CA for default plugin',
'ca_signing_certificate': 'XXXXX',
'intermediates': 'YYYYY'
}
foreign_ca_model = models.CertificateAuthority(foreign_ca_information)
foreign_ca = ca_repo.create_from(foreign_ca_model)
self.foreign_ca_id = foreign_ca.id
repositories.commit()
def create_certificate_authority(project=None,
parsed_ca_in=None,
session=None):
if not parsed_ca_in:
parsed_ca_in = {
'plugin_name': 'plugin_name',
'plugin_ca_id': 'plugin_ca_id',
'expiration:': 'expiration',
'creator_id': 'creator_id',
'project_id': project.id
}
certificate_authority = models.CertificateAuthority(
parsed_ca_in=parsed_ca_in)
cert_auth_repo = repositories.get_ca_repository()
cert_auth_repo.create_from(certificate_authority, session=session)
return certificate_authority
def setUp(self):
super(WhenCreatingSubordinateCAs, self).setUp()
self.project = res.get_or_create_project('12345')
self.project2 = res.get_or_create_project('56789')
self.subject_name = "cn=subca1 signing certificate, o=example.com"
self.creator_id = "user12345"
self.name = "Subordinate CA #1"
self.description = "This is a test subordinate CA"
self.plugin_name = "dogtag_plugin"
# create parent ca
expiration = (datetime.datetime.utcnow() +
datetime.timedelta(minutes=10))
parsed_ca = {
'plugin_name': self.plugin_name,
'plugin_ca_id': 'ca_master',
'expiration': expiration.isoformat(),
'name': 'Dogtag CA',
'description': 'Master CA for Dogtag plugin',
'ca_signing_certificate': 'XXXXX',
'intermediates': 'YYYYY'
}
self.parent_ca = models.CertificateAuthority(parsed_ca)
ca_repo.create_from(self.parent_ca)
self.parent_ca_ref = 'https://localhost:6311/cas/' + self.parent_ca.id
self.new_ca_dict = {
'plugin_ca_id': 'ca_subordinate',
'expiration': expiration.isoformat(),
'name': 'Dogtag Subordinate CA',
'description': 'Subordinate CA for Dogtag plugin',
'ca_signing_certificate': 'XXXXX',
'intermediates': 'YYYYY',
}
# mock plugin and calls to plugin
self.cert_plugin = mock.MagicMock()
self.cert_plugin.supports_create_ca.return_value = True
self.cert_plugin.create_ca.return_value = self.new_ca_dict
self._config_cert_plugin()
def create_cas(self):
self.project = res.get_or_create_project(self.project_id)
project_repo.save(self.project)
self.project_ca_ids = []
self.plugin_name = 'default_plugin'
self.plugin_ca_id = 'default_plugin_ca_id_'
self.ca_id = "id1"
self.num_cas = 10
self.offset = 2
self.limit = 4
self.params = {'offset': self.offset, 'limit': self.limit}
for ca_id in moves.range(self.num_cas):
parsed_ca = {
'plugin_name': self.plugin_name,
'plugin_ca_id': self.plugin_ca_id + str(ca_id),
'name': self.plugin_name,
'description': 'Master CA for default plugin',
'ca_signing_certificate': 'ZZZZZ' + str(ca_id),
'intermediates': 'YYYYY' + str(ca_id)
}
ca = models.CertificateAuthority(parsed_ca)
ca_repo.create_from(ca)
ca_repo.save(ca)
if ca_id == 1:
# set global preferred ca
pref_ca = models.PreferredCertificateAuthority(
preferred_ca_repo.PREFERRED_PROJECT_ID, ca.id)
preferred_ca_repo.create_from(pref_ca)
preferred_ca_repo.save(pref_ca)
self.global_ca_id = ca.id
if ca_id == 2:
# set project CA
project_ca = models.ProjectCertificateAuthority(
self.project.id, ca.id)
project_ca_repo.create_from(project_ca)
project_ca_repo.save(project_ca)
self.project_ca_ids.append(ca.id)
if ca_id == 3:
# set project preferred CA
project_ca = models.ProjectCertificateAuthority(
self.project.id, ca.id)
project_ca_repo.create_from(project_ca)
project_ca_repo.save(project_ca)
self.project_ca_ids.append(ca.id)
pref_ca = models.PreferredCertificateAuthority(
self.project.id, ca.id)
preferred_ca_repo.create_from(pref_ca)
preferred_ca_repo.save(pref_ca)
self.preferred_project_ca_id = ca.id
if ca_id == 4:
# set ca for testing GETs for a single CA
self.selected_ca_id = ca.id
self.selected_plugin_ca_id = self.plugin_ca_id + str(ca_id)
self.selected_signing_cert = 'ZZZZZ' + str(ca_id)
self.selected_intermediates = 'YYYYY' + str(ca_id)
def _add_ca(self, parsed_ca, session):
ca = self.ca_repo.create_from(models.CertificateAuthority(parsed_ca),
session=session)
return ca
def test_refresh_ca_list(self):
utc_now = datetime.datetime.utcnow()
expired_time = utc_now - datetime.timedelta(days=1)
expiration = utc_now + datetime.timedelta(days=1)
ca1_info = {
cm.INFO_NAME: "expired_ca_to_be_modified",
cm.INFO_DESCRIPTION: "expired_ca to be modified",
cm.INFO_CA_SIGNING_CERT: "XXXXXXX-expired-XXXXXX",
cm.INFO_INTERMEDIATES: "YYYYYYY-expired-YYYYYYY",
cm.INFO_EXPIRATION: expired_time.isoformat()
}
ca1_modified_info = {
cm.INFO_NAME: "expired_ca_to_be_modified",
cm.INFO_DESCRIPTION: "expired_ca to be modified",
cm.INFO_CA_SIGNING_CERT: "XXXXXXX-no-longer-expired-XXXXXX",
cm.INFO_INTERMEDIATES: "YYYYYYY-no-longer-expired-YYYYYYY",
cm.INFO_EXPIRATION: expiration.isoformat()
}
ca2_info = {
cm.INFO_NAME: "expired_ca_to_be_deleted",
cm.INFO_DESCRIPTION: "expired ca to be deleted",
cm.INFO_CA_SIGNING_CERT: "XXXX-expired-to-be-deleted-XXXX",
cm.INFO_INTERMEDIATES: "YYYY-expired-to-be-deleted-YYYY",
cm.INFO_EXPIRATION: expired_time.isoformat()
}
ca3_info = {
cm.INFO_NAME: "new-ca-to-be-added",
cm.INFO_DESCRIPTION: "new-ca-to-be-added",
cm.INFO_CA_SIGNING_CERT: "XXXX-to-be-addeed-XXXX",
cm.INFO_INTERMEDIATES: "YYYY-to-be-added-YYYY",
cm.INFO_EXPIRATION: expiration.isoformat()
}
self.plugin_returned.get_ca_info.return_value = {
'plugin_ca_id_ca1': ca1_modified_info,
'plugin_ca_id_ca3': ca3_info
}
parsed_ca1 = dict(ca1_info)
parsed_ca1[cm.PLUGIN_CA_ID] = 'plugin_ca_id_ca1'
parsed_ca1['plugin_name'] = self.plugin_name
ca1 = models.CertificateAuthority(parsed_ca1)
ca1.id = "ca1_id"
parsed_ca2 = dict(ca2_info)
parsed_ca2[cm.PLUGIN_CA_ID] = 'plugin_ca_id_ca2'
parsed_ca2['plugin_name'] = self.plugin_name
ca2 = models.CertificateAuthority(parsed_ca2)
ca2.id = "ca2_id"
side_effect = [(None, 0, 4, 0), ([ca1, ca2], 0, 4, 2)]
self.ca_repo.get_by_create_date.side_effect = side_effect
self.manager.refresh_ca_table()
self.plugin_returned.get_ca_info.assert_called_once_with()
self.ca_repo.update_entity.assert_called_once_with(
ca1, ca1_modified_info)
self.ca_repo.delete_entity_by_id.assert_called_once_with(ca2.id, None)
self.ca_repo.create_from.assert_has_calls([])
def setUp(self):
super(BaseCertificateRequestsTestCase, self).setUp()
self.external_project_id = "56789"
self.project = res.get_or_create_project(self.external_project_id)
project_repo.save(self.project)
self.barbican_meta_dto = mock.MagicMock()
self.order_meta = {}
self.plugin_meta = {}
self.barbican_meta = {}
self.result = cert_man.ResultDTO(
cert_man.CertificateStatus.WAITING_FOR_CA
)
self.result_follow_on = common.FollowOnProcessingStatusDTO()
self.cert_plugin = mock.MagicMock()
self.cert_plugin.issue_certificate_request.return_value = self.result
self.cert_plugin.check_certificate_status.return_value = self.result
self.store_plugin = mock.MagicMock()
parsed_ca = {
'plugin_name': "cert_plugin",
'plugin_ca_id': "XXXX",
'name': "test ca",
'description': 'Test CA',
'ca_signing_certificate': 'ZZZZZ',
'intermediates': 'YYYYY'
}
self.ca = models.CertificateAuthority(parsed_ca)
ca_repo.create_from(self.ca)
self.ca_id = self.ca.id
# second ca for testing
parsed_ca = {
'plugin_name': "cert_plugin",
'plugin_ca_id': "XXXX2",
'name': "test ca2",
'description': 'Test CA2',
'ca_signing_certificate': 'ZZZZZ2',
'intermediates': 'YYYYY2'
}
self.ca2 = models.CertificateAuthority(parsed_ca)
ca_repo.create_from(self.ca2)
self.ca_id2 = self.ca2.id
# data for preferred CA and global preferred CA tests
# add those to the repo in those tests
self.pref_ca = models.PreferredCertificateAuthority(
self.project.id,
self.ca_id)
self.global_pref_ca = models.PreferredCertificateAuthority(
self.project.id,
self.ca_id)
# data for stored key cases
self.private_key = models.Secret()
self.private_key.secret_type = 'PRIVATE'
self.private_key.project_id = self.project.id
secret_repo.create_from(self.private_key)
self.public_key = models.Secret()
self.public_key.secret_type = 'PUBLIC'
self.public_key.project_id = self.project.id
secret_repo.create_from(self.public_key)
self.passphrase = models.Secret()
self.passphrase.secret_type = 'PASSPHRASE'
self.passphrase.project_id = self.project.id
secret_repo.create_from(self.passphrase)
self.private_key_value = None
self.public_key_value = "public_key"
self.passphrase_value = None
self.parsed_container_with_passphrase = {
'name': 'container name',
'type': 'rsa',
'secret_refs': [
{'name': 'private_key',
'secret_ref': 'https://localhost/secrets/' +
self.private_key.id},
{'name': 'public_key',
'secret_ref': 'https://localhost/secrets/' +
self.public_key.id},
{'name': 'private_key_passphrase',
'secret_ref': 'https://localhost/secrets/' +
self.passphrase.id}
]
}
self.parsed_container = {
'name': 'container name',
'type': 'rsa',
'secret_refs': [
{'name': 'private_key',
'secret_ref': 'https://localhost/secrets/' +
self.private_key.id},
{'name': 'public_key',
'secret_ref': 'https://localhost/secrets/' +
self.public_key.id}
]
}
self.container_with_passphrase = models.Container(
self.parsed_container_with_passphrase)
self.container_with_passphrase.project_id = self.project.id
container_repo.create_from(self.container_with_passphrase)
self.container = models.Container(self.parsed_container)
self.container.project_id = self.project.id
container_repo.create_from(self.container)
repositories.commit()
self.stored_key_meta = {
cert_man.REQUEST_TYPE:
cert_man.CertificateRequestType.STORED_KEY_REQUEST,
"container_ref":
"https://localhost/containers/" + self.container.id,
"subject_dn": "cn=host.example.com,ou=dev,ou=us,o=example.com"
}
self.order = models.Order()
self.order.meta = self.order_meta
self.order.project_id = self.project.id
self.order.order_barbican_meta = self.barbican_meta
self.order.type = 'certificate'
order_repo.create_from(self.order)
self._config_cert_plugin()
self._config_store_plugin()
self._config_cert_event_plugin()
self._config_save_meta_plugin()
self._config_get_meta_plugin()
self._config_save_barbican_meta_plugin()
self._config_get_barbican_meta_plugin()
self._config_barbican_meta_dto()
def create_ca(parsed_ca, id_ref="id"):
"""Generate a CA entity instance."""
ca = models.CertificateAuthority(parsed_ca)
ca.id = id_ref
return ca
def _add_ca(self, plugin_name, plugin_ca_id, ca_info):
parsed_ca = dict(ca_info)
parsed_ca['plugin_name'] = plugin_name
parsed_ca['plugin_ca_id'] = plugin_ca_id
new_ca = models.CertificateAuthority(parsed_ca)
self.ca_repo.create_from(new_ca)
