Пример #1
0
    def test_encrypt_decrypt_x509(self):
        with utils.tempdir() as tmpdir:
            self.flags(ca_path=tmpdir)
            project_id = "fake"
            crypto.ensure_ca_filesystem()

            cert = crypto.fetch_ca(project_id)
            public_key = os.path.join(tmpdir, "public.pem")
            with open(public_key, 'w') as keyfile:
                keyfile.write(cert)

            text = "some @#!%^* test text"
            process_input = text.encode("ascii") if six.PY3 else text
            enc, _err = utils.execute('openssl',
                                     'rsautl',
                                     '-certin',
                                     '-encrypt',
                                     '-inkey', '%s' % public_key,
                                     process_input=process_input,
                                     binary=True)

            dec = crypto.decrypt_text(project_id, enc)
            self.assertIsInstance(dec, bytes)
            if six.PY3:
                dec = dec.decode('ascii')
            self.assertEqual(text, dec)
Пример #2
0
 def test_launch_vpn_instance(self):
     self.stubs.Set(self.cloudpipe.compute_api, "create", lambda *a, **kw:
                    (None, "r-fakeres"))
     with utils.tempdir() as tmpdir:
         self.flags(ca_path=tmpdir, keys_path=tmpdir)
         crypto.ensure_ca_filesystem()
         self.cloudpipe.launch_vpn_instance(self.context)
Пример #3
0
    def test_get_encoded_zip(self):
        with utils.tempdir() as tmpdir:
            self.flags(ca_path=tmpdir)
            crypto.ensure_ca_filesystem()

            ret = self.cloudpipe.get_encoded_zip(self.project)
            self.assertTrue(ret)
    def test_encrypt_decrypt_x509(self):
        with utils.tempdir() as tmpdir:
            self.flags(ca_path=tmpdir)
            project_id = "fake"
            crypto.ensure_ca_filesystem()

            cert = crypto.fetch_ca(project_id)
            public_key = os.path.join(tmpdir, "public.pem")
            with open(public_key, 'w') as keyfile:
                keyfile.write(cert)

            text = "some @#!%^* test text"
            process_input = text.encode("ascii") if six.PY3 else text
            enc, _err = utils.execute('openssl',
                                      'rsautl',
                                      '-certin',
                                      '-encrypt',
                                      '-inkey',
                                      '%s' % public_key,
                                      process_input=process_input,
                                      binary=True)

            dec = crypto.decrypt_text(project_id, enc)
            self.assertIsInstance(dec, bytes)
            if six.PY3:
                dec = dec.decode('ascii')
            self.assertEqual(text, dec)
Пример #5
0
    def test_get_encoded_zip(self):
        with utils.tempdir() as tmpdir:
            self.flags(ca_path=tmpdir)
            crypto.ensure_ca_filesystem()

            ret = self.cloudpipe.get_encoded_zip(self.project)
            self.assertTrue(ret)
Пример #6
0
 def test_launch_vpn_instance(self):
     self.stubs.Set(self.cloudpipe.compute_api,
                    "create",
                    lambda *a, **kw: (None, "r-fakeres"))
     with utils.tempdir() as tmpdir:
         self.flags(ca_path=tmpdir, keys_path=tmpdir)
         crypto.ensure_ca_filesystem()
         self.cloudpipe.launch_vpn_instance(self.context)
Пример #7
0
 def test_encrypt_decrypt_x509(self):
     with utils.tempdir() as tmpdir:
         self.flags(ca_path=tmpdir)
         project_id = "fake"
         crypto.ensure_ca_filesystem()
         cert = crypto.fetch_ca(project_id)
         public_key = os.path.join(tmpdir, "public.pem")
         with open(public_key, "w") as keyfile:
             keyfile.write(cert)
         text = "some @#!%^* test text"
         enc, _err = utils.execute(
             "openssl", "rsautl", "-certin", "-encrypt", "-inkey", "%s" % public_key, process_input=text
         )
         dec = crypto.decrypt_text(project_id, enc)
         self.assertEqual(text, dec)
Пример #8
0
    def test_can_generate_x509(self):
        with utils.tempdir() as tmpdir:
            self.flags(ca_path=tmpdir)
            crypto.ensure_ca_filesystem()
            _key, cert_str = crypto.generate_x509_cert("fake", "fake")

            project_cert = crypto.fetch_ca(project_id="fake")

            signed_cert_file = os.path.join(tmpdir, "signed")
            with open(signed_cert_file, "w") as keyfile:
                keyfile.write(cert_str)

            project_cert_file = os.path.join(tmpdir, "project")
            with open(project_cert_file, "w") as keyfile:
                keyfile.write(project_cert)

            enc, err = utils.execute("openssl", "verify", "-CAfile", project_cert_file, "-verbose", signed_cert_file)
            self.assertFalse(err)
Пример #9
0
 def test_encrypt_decrypt_x509(self):
     with utils.tempdir() as tmpdir:
         self.flags(ca_path=tmpdir)
         project_id = "fake"
         crypto.ensure_ca_filesystem()
         cert = crypto.fetch_ca(project_id)
         public_key = os.path.join(tmpdir, "public.pem")
         with open(public_key, 'w') as keyfile:
             keyfile.write(cert)
         text = "some @#!%^* test text"
         enc, _err = utils.execute('openssl',
                                  'rsautl',
                                  '-certin',
                                  '-encrypt',
                                  '-inkey', '%s' % public_key,
                                  process_input=text)
         dec = crypto.decrypt_text(project_id, enc)
         self.assertEqual(text, dec)
Пример #10
0
    def test_can_generate_x509(self):
        with utils.tempdir() as tmpdir:
            self.flags(ca_path=tmpdir)
            crypto.ensure_ca_filesystem()
            _key, cert_str = crypto.generate_x509_cert('fake', 'fake')

            project_cert = crypto.fetch_ca(project_id='fake')

            signed_cert_file = os.path.join(tmpdir, "signed")
            with open(signed_cert_file, 'w') as keyfile:
                keyfile.write(cert_str)

            project_cert_file = os.path.join(tmpdir, "project")
            with open(project_cert_file, 'w') as keyfile:
                keyfile.write(project_cert)

            enc, err = utils.execute('openssl', 'verify', '-CAfile',
                    project_cert_file, '-verbose', signed_cert_file)
            self.assertFalse(err)
Пример #11
0
    def test_can_generate_x509(self):
        with utils.tempdir() as tmpdir:
            self.flags(ca_path=tmpdir)
            crypto.ensure_ca_filesystem()
            _key, cert_str = crypto.generate_x509_cert('fake', 'fake')

            project_cert = crypto.fetch_ca(project_id='fake')

            signed_cert_file = os.path.join(tmpdir, "signed")
            with open(signed_cert_file, 'w') as keyfile:
                keyfile.write(cert_str)

            project_cert_file = os.path.join(tmpdir, "project")
            with open(project_cert_file, 'w') as keyfile:
                keyfile.write(project_cert)

            enc, err = utils.execute('openssl', 'verify', '-CAfile',
                    project_cert_file, '-verbose', signed_cert_file)
            self.assertFalse(err)
Пример #12
0
 def test_encrypt_decrypt_x509(self):
     tmpdir = tempfile.mkdtemp()
     self.flags(ca_path=tmpdir)
     project_id = "fake"
     try:
         crypto.ensure_ca_filesystem()
         cert = crypto.fetch_ca(project_id)
         public_key = os.path.join(tmpdir, "public.pem")
         with open(public_key, 'w') as keyfile:
             keyfile.write(cert)
         text = "some @#!%^* test text"
         enc, _err = utils.execute('openssl',
                                  'rsautl',
                                  '-certin',
                                  '-encrypt',
                                  '-inkey', '%s' % public_key,
                                  process_input=text)
         dec = crypto.decrypt_text(project_id, enc)
         self.assertEqual(text, dec)
     finally:
         shutil.rmtree(tmpdir)
Пример #13
0
    def test_can_generate_x509(self):
        tmpdir = tempfile.mkdtemp()
        self.flags(ca_path=tmpdir)
        try:
            crypto.ensure_ca_filesystem()
            _key, cert_str = crypto.generate_x509_cert('fake', 'fake')

            project_cert = crypto.fetch_ca(project_id='fake')
            cloud_cert = crypto.fetch_ca()
            # TODO(vish): This will need to be replaced with something else
            #             when we remove M2Crypto
            signed_cert = X509.load_cert_string(cert_str)
            project_cert = X509.load_cert_string(project_cert)
            cloud_cert = X509.load_cert_string(cloud_cert)
            self.assertTrue(signed_cert.verify(project_cert.get_pubkey()))

            if not FLAGS.use_project_ca:
                self.assertTrue(signed_cert.verify(cloud_cert.get_pubkey()))
            else:
                self.assertFalse(signed_cert.verify(cloud_cert.get_pubkey()))
        finally:
            shutil.rmtree(tmpdir)
Пример #14
0
 def init_host(self):
     crypto.ensure_ca_filesystem()
Пример #15
0
 def _do_test(mock_create):
     with utils.tempdir() as tmpdir:
         self.flags(ca_path=tmpdir, keys_path=tmpdir, group='crypto')
         crypto.ensure_ca_filesystem()
         self.cloudpipe.launch_vpn_instance(self.context)
Пример #16
0
 def init_host(self):
     crypto.ensure_ca_filesystem()
Пример #17
0
 def _do_test(mock_create):
     with utils.tempdir() as tmpdir:
         self.flags(ca_path=tmpdir, keys_path=tmpdir, group="crypto")
         crypto.ensure_ca_filesystem()
         self.cloudpipe.launch_vpn_instance(self.context)