def test_encrypt_decrypt_x509(self):
with utils.tempdir() as tmpdir:
self.flags(ca_path=tmpdir)
project_id = "fake"
crypto.ensure_ca_filesystem()
cert = crypto.fetch_ca(project_id)
public_key = os.path.join(tmpdir, "public.pem")
with open(public_key, 'w') as keyfile:
keyfile.write(cert)
text = "some @#!%^* test text"
process_input = text.encode("ascii") if six.PY3 else text
enc, _err = utils.execute('openssl',
'rsautl',
'-certin',
'-encrypt',
'-inkey', '%s' % public_key,
process_input=process_input,
binary=True)
dec = crypto.decrypt_text(project_id, enc)
self.assertIsInstance(dec, bytes)
if six.PY3:
dec = dec.decode('ascii')
self.assertEqual(text, dec)
def test_launch_vpn_instance(self):
self.stubs.Set(self.cloudpipe.compute_api, "create", lambda *a, **kw:
(None, "r-fakeres"))
with utils.tempdir() as tmpdir:
self.flags(ca_path=tmpdir, keys_path=tmpdir)
crypto.ensure_ca_filesystem()
self.cloudpipe.launch_vpn_instance(self.context)
def test_get_encoded_zip(self):
with utils.tempdir() as tmpdir:
self.flags(ca_path=tmpdir)
crypto.ensure_ca_filesystem()
ret = self.cloudpipe.get_encoded_zip(self.project)
self.assertTrue(ret)
def test_encrypt_decrypt_x509(self):
with utils.tempdir() as tmpdir:
self.flags(ca_path=tmpdir)
project_id = "fake"
crypto.ensure_ca_filesystem()
cert = crypto.fetch_ca(project_id)
public_key = os.path.join(tmpdir, "public.pem")
with open(public_key, 'w') as keyfile:
keyfile.write(cert)
text = "some @#!%^* test text"
process_input = text.encode("ascii") if six.PY3 else text
enc, _err = utils.execute('openssl',
'rsautl',
'-certin',
'-encrypt',
'-inkey',
'%s' % public_key,
process_input=process_input,
binary=True)
dec = crypto.decrypt_text(project_id, enc)
self.assertIsInstance(dec, bytes)
if six.PY3:
dec = dec.decode('ascii')
self.assertEqual(text, dec)
def test_get_encoded_zip(self):
with utils.tempdir() as tmpdir:
self.flags(ca_path=tmpdir)
crypto.ensure_ca_filesystem()
ret = self.cloudpipe.get_encoded_zip(self.project)
self.assertTrue(ret)
def test_launch_vpn_instance(self):
self.stubs.Set(self.cloudpipe.compute_api,
"create",
lambda *a, **kw: (None, "r-fakeres"))
with utils.tempdir() as tmpdir:
self.flags(ca_path=tmpdir, keys_path=tmpdir)
crypto.ensure_ca_filesystem()
self.cloudpipe.launch_vpn_instance(self.context)
def test_encrypt_decrypt_x509(self):
with utils.tempdir() as tmpdir:
self.flags(ca_path=tmpdir)
project_id = "fake"
crypto.ensure_ca_filesystem()
cert = crypto.fetch_ca(project_id)
public_key = os.path.join(tmpdir, "public.pem")
with open(public_key, "w") as keyfile:
keyfile.write(cert)
text = "some @#!%^* test text"
enc, _err = utils.execute(
"openssl", "rsautl", "-certin", "-encrypt", "-inkey", "%s" % public_key, process_input=text
)
dec = crypto.decrypt_text(project_id, enc)
self.assertEqual(text, dec)
def test_can_generate_x509(self):
with utils.tempdir() as tmpdir:
self.flags(ca_path=tmpdir)
crypto.ensure_ca_filesystem()
_key, cert_str = crypto.generate_x509_cert("fake", "fake")
project_cert = crypto.fetch_ca(project_id="fake")
signed_cert_file = os.path.join(tmpdir, "signed")
with open(signed_cert_file, "w") as keyfile:
keyfile.write(cert_str)
project_cert_file = os.path.join(tmpdir, "project")
with open(project_cert_file, "w") as keyfile:
keyfile.write(project_cert)
enc, err = utils.execute("openssl", "verify", "-CAfile", project_cert_file, "-verbose", signed_cert_file)
self.assertFalse(err)
def test_encrypt_decrypt_x509(self):
with utils.tempdir() as tmpdir:
self.flags(ca_path=tmpdir)
project_id = "fake"
crypto.ensure_ca_filesystem()
cert = crypto.fetch_ca(project_id)
public_key = os.path.join(tmpdir, "public.pem")
with open(public_key, 'w') as keyfile:
keyfile.write(cert)
text = "some @#!%^* test text"
enc, _err = utils.execute('openssl',
'rsautl',
'-certin',
'-encrypt',
'-inkey', '%s' % public_key,
process_input=text)
dec = crypto.decrypt_text(project_id, enc)
self.assertEqual(text, dec)
def test_can_generate_x509(self):
with utils.tempdir() as tmpdir:
self.flags(ca_path=tmpdir)
crypto.ensure_ca_filesystem()
_key, cert_str = crypto.generate_x509_cert('fake', 'fake')
project_cert = crypto.fetch_ca(project_id='fake')
signed_cert_file = os.path.join(tmpdir, "signed")
with open(signed_cert_file, 'w') as keyfile:
keyfile.write(cert_str)
project_cert_file = os.path.join(tmpdir, "project")
with open(project_cert_file, 'w') as keyfile:
keyfile.write(project_cert)
enc, err = utils.execute('openssl', 'verify', '-CAfile',
project_cert_file, '-verbose', signed_cert_file)
self.assertFalse(err)
def test_can_generate_x509(self):
with utils.tempdir() as tmpdir:
self.flags(ca_path=tmpdir)
crypto.ensure_ca_filesystem()
_key, cert_str = crypto.generate_x509_cert('fake', 'fake')
project_cert = crypto.fetch_ca(project_id='fake')
signed_cert_file = os.path.join(tmpdir, "signed")
with open(signed_cert_file, 'w') as keyfile:
keyfile.write(cert_str)
project_cert_file = os.path.join(tmpdir, "project")
with open(project_cert_file, 'w') as keyfile:
keyfile.write(project_cert)
enc, err = utils.execute('openssl', 'verify', '-CAfile',
project_cert_file, '-verbose', signed_cert_file)
self.assertFalse(err)
def test_encrypt_decrypt_x509(self):
tmpdir = tempfile.mkdtemp()
self.flags(ca_path=tmpdir)
project_id = "fake"
try:
crypto.ensure_ca_filesystem()
cert = crypto.fetch_ca(project_id)
public_key = os.path.join(tmpdir, "public.pem")
with open(public_key, 'w') as keyfile:
keyfile.write(cert)
text = "some @#!%^* test text"
enc, _err = utils.execute('openssl',
'rsautl',
'-certin',
'-encrypt',
'-inkey', '%s' % public_key,
process_input=text)
dec = crypto.decrypt_text(project_id, enc)
self.assertEqual(text, dec)
finally:
shutil.rmtree(tmpdir)
def test_can_generate_x509(self):
tmpdir = tempfile.mkdtemp()
self.flags(ca_path=tmpdir)
try:
crypto.ensure_ca_filesystem()
_key, cert_str = crypto.generate_x509_cert('fake', 'fake')
project_cert = crypto.fetch_ca(project_id='fake')
cloud_cert = crypto.fetch_ca()
# TODO(vish): This will need to be replaced with something else
# when we remove M2Crypto
signed_cert = X509.load_cert_string(cert_str)
project_cert = X509.load_cert_string(project_cert)
cloud_cert = X509.load_cert_string(cloud_cert)
self.assertTrue(signed_cert.verify(project_cert.get_pubkey()))
if not FLAGS.use_project_ca:
self.assertTrue(signed_cert.verify(cloud_cert.get_pubkey()))
else:
self.assertFalse(signed_cert.verify(cloud_cert.get_pubkey()))
finally:
shutil.rmtree(tmpdir)
def init_host(self):
crypto.ensure_ca_filesystem()
def _do_test(mock_create):
with utils.tempdir() as tmpdir:
self.flags(ca_path=tmpdir, keys_path=tmpdir, group='crypto')
crypto.ensure_ca_filesystem()
self.cloudpipe.launch_vpn_instance(self.context)
def init_host(self):
crypto.ensure_ca_filesystem()
def _do_test(mock_create):
with utils.tempdir() as tmpdir:
self.flags(ca_path=tmpdir, keys_path=tmpdir, group="crypto")
crypto.ensure_ca_filesystem()
self.cloudpipe.launch_vpn_instance(self.context)