Пример #1
0
    def test_create_raises(self):
        mock_connectionection = Mock()
        mock_connectionection.call.return_value = {
            'ET_BAPIRET2': [{
                'TYPE': 'E',
                'MESSAGE': 'Invalid storage'
            }]
        }

        ssl_storage = SSLCertStorage(mock_connectionection, 'RAISE', 'TEST')

        with self.assertRaises(InvalidSSLStorage) as cm:
            ssl_storage.create()

        self.assertEquals(mock_connectionection.call.call_args_list, [
            mock.call('SSFR_PSE_CREATE',
                      IS_STRUST_IDENTITY={
                          'PSE_CONTEXT': 'RAISE',
                          'PSE_APPLIC': 'TEST'
                      },
                      IV_ALG='R',
                      IV_KEYLEN=2048,
                      IV_REPLACE_EXISTING_PSE='-')
        ])

        self.assertEqual(str(cm.exception),
                         str([{
                             'TYPE': 'E',
                             'MESSAGE': 'Invalid storage'
                         }]))
Пример #2
0
    def test_exists_raises(self):
        mock_connectionection = Mock()
        mock_connectionection.call.return_value = {
            'ET_BAPIRET2': [{
                'TYPE': 'E',
                'MESSAGE': 'Invalid storage'
            }]
        }

        ssl_storage = SSLCertStorage(mock_connectionection, 'RAISE', 'TEST')

        with self.assertRaises(InvalidSSLStorage) as cm:
            ssl_storage.exists()

        self.assertEqual(mock_connectionection.call.call_args_list, [
            mock.call('SSFR_PSE_CHECK',
                      IS_STRUST_IDENTITY={
                          'PSE_CONTEXT': 'RAISE',
                          'PSE_APPLIC': 'TEST'
                      })
        ])

        self.assertEqual(
            str(cm.exception),
            'The SSL Storage RAISE/TEST is broken: Invalid storage')
Пример #3
0
    def test_put_certificate_fail_and_return_msg(self):
        mock_connectionection = Mock()
        mock_connectionection.call.return_value = {
            'ET_BAPIRET2': [{
                'TYPE': 'E',
                'NUMBER': '522',
                'MESSAGE': 'Put has failed'
            }]
        }

        ssl_storage = SSLCertStorage(mock_connectionection, 'PUTERR', 'TEST')

        result = ssl_storage.put_certificate('plain old data')

        self.assertEqual(result,
                         'SSFR_PUT_CERTIFICATE reported Error 522 - ' \
                         'probably already exists (check manually): Put has failed'
                         )

        self.assertEqual(mock_connectionection.call.call_args_list, [
            mock.call('SSFR_PUT_CERTIFICATE',
                      IS_STRUST_IDENTITY={
                          'PSE_CONTEXT': 'PUTERR',
                          'PSE_APPLIC': 'TEST'
                      },
                      IV_CERTIFICATE=u'plain old data')
        ])
Пример #4
0
    def test_put_certificate_fail(self):
        mock_connectionection = Mock()
        mock_connectionection.call.return_value = {
            'ET_BAPIRET2': [{
                'TYPE': 'E',
                'MESSAGE': 'Put has failed'
            }]
        }

        ssl_storage = SSLCertStorage(mock_connectionection, 'PUTERR', 'TEST')

        with self.assertRaises(PutCertificateError) as cm:
            ssl_storage.put_certificate('plain old data')

        self.assertEquals(mock_connectionection.call.call_args_list, [
            mock.call('SSFR_PUT_CERTIFICATE',
                      IS_STRUST_IDENTITY={
                          'PSE_CONTEXT': 'PUTERR',
                          'PSE_APPLIC': 'TEST'
                      },
                      IV_CERTIFICATE=u'plain old data')
        ])

        self.assertEquals(
            str(cm.exception),
            'Failed to put the CERT to the SSL Storage PUTERR/TEST: '
            'Put has failed')
    def test_parse_certificate(self):
        mock_connection = Mock()
        mock_connection.call.return_value = {'EV_SUBJECT': 'cert subject'}

        ssl_storage = SSLCertStorage(mock_connection, 'PUTOK', 'TEST')

        result = ssl_storage.parse_certificate(b'binary cert data')

        self.assertEqual(mock_connection.call.call_args_list, [
            mock.call('SSFR_PARSE_CERTIFICATE',
                      IV_CERTIFICATE=b'binary cert data')
        ])

        self.assertEqual(result, {'EV_SUBJECT': 'cert subject'})
Пример #6
0
def ssl_storages_from_arguments(connection, args):
    """Helper function to build list of storages from cli arguments"""

    identities = []

    for storage in args.storage:
        if storage in (CLIENT_ANONYMOUS, CLIENT_STANDART):
            identities.append(IDENTITY_MAPPING[storage])
        else:
            raise SAPCliError(f'Unknown storage: {storage}')

    for identity in args.identity:
        try:
            identities.append(Identity(*identity.split('/')))
        except (ValueError, TypeError):
            # pylint: disable=raise-missing-from
            raise SAPCliError(f'Invalid identity format: {identity}')

    ssl_storages = []
    for identity in identities:
        ssl_storage = SSLCertStorage(connection, identity.pse_context,
                                     identity.pse_applic)
        ssl_storages.append(ssl_storage)

    return ssl_storages
Пример #7
0
    def test_create_ok_default(self):
        mock_connectionection = Mock()
        mock_connectionection.call.return_value = {'ET_BAPIRET2': []}

        ssl_storage = SSLCertStorage(mock_connectionection, 'NOTRAISE', 'TEST')
        ssl_storage.create()

        self.assertEquals(mock_connectionection.call.call_args_list, [
            mock.call('SSFR_PSE_CREATE',
                      IS_STRUST_IDENTITY={
                          'PSE_CONTEXT': 'NOTRAISE',
                          'PSE_APPLIC': 'TEST'
                      },
                      IV_ALG='R',
                      IV_KEYLEN=2048,
                      IV_REPLACE_EXISTING_PSE='-')
        ])
Пример #8
0
    def test_ctor(self):
        mock_connectionection = Mock()

        ssl_storage = SSLCertStorage(mock_connectionection, 'CTXT', 'APPL')

        self.assertIs(ssl_storage._connection, mock_connectionection)
        self.assertEqual(ssl_storage.identity['PSE_CONTEXT'], 'CTXT')
        self.assertEqual(ssl_storage.identity['PSE_APPLIC'], 'APPL')
Пример #9
0
    def test_exists_yes(self):
        mock_connectionection = Mock()
        mock_connectionection.call.return_value = {
            'ET_BAPIRET2': [{
                'TYPE': 'S'
            }]
        }

        ssl_storage = SSLCertStorage(mock_connectionection, 'NOTRAISE', 'TEST')
        self.assertTrue(ssl_storage.exists())

        self.assertEquals(mock_connectionection.call.call_args_list, [
            mock.call('SSFR_PSE_CHECK',
                      IS_STRUST_IDENTITY={
                          'PSE_CONTEXT': 'NOTRAISE',
                          'PSE_APPLIC': 'TEST'
                      })
        ])
Пример #10
0
    def test_put_certificate(self):
        mock_connectionection = Mock()
        mock_connectionection.call.return_value = {'ET_BAPIRET2': []}

        ssl_storage = SSLCertStorage(mock_connectionection, 'PUTOK', 'TEST')

        result = ssl_storage.put_certificate('plain old data')

        self.assertEqual(result, 'OK')

        self.assertEqual(mock_connectionection.call.call_args_list, [
            mock.call('SSFR_PUT_CERTIFICATE',
                      IS_STRUST_IDENTITY={
                          'PSE_CONTEXT': 'PUTOK',
                          'PSE_APPLIC': 'TEST'
                      },
                      IV_CERTIFICATE=u'plain old data')
        ])
Пример #11
0
    def test_create_ok_all_params(self):
        mock_connectionection = Mock()
        mock_connectionection.call.return_value = {'ET_BAPIRET2': []}

        ssl_storage = SSLCertStorage(mock_connectionection, 'NOTRAISE', 'TEST')
        ssl_storage.create(alg='S', keylen=4096, replace=True, dn='ou=test')

        self.assertEquals(mock_connectionection.call.call_args_list, [
            mock.call('SSFR_PSE_CREATE',
                      IS_STRUST_IDENTITY={
                          'PSE_CONTEXT': 'NOTRAISE',
                          'PSE_APPLIC': 'TEST'
                      },
                      IV_ALG='S',
                      IV_KEYLEN=4096,
                      IV_REPLACE_EXISTING_PSE='X',
                      IV_DN='ou=test')
        ])
Пример #12
0
    def test_exists_raises_if_not_ret(self):
        mock_connectionection = Mock()
        mock_connectionection.call.return_value = {'ET_BAPIRET2': []}

        ssl_storage = SSLCertStorage(mock_connectionection, 'RAISE', 'TEST')

        with self.assertRaises(InvalidSSLStorage) as cm:
            ssl_storage.exists()

        self.assertEqual(mock_connectionection.call.call_args_list, [
            mock.call('SSFR_PSE_CHECK',
                      IS_STRUST_IDENTITY={
                          'PSE_CONTEXT': 'RAISE',
                          'PSE_APPLIC': 'TEST'
                      })
        ])

        self.assertEqual(
            str(cm.exception),
            'Received no response from the server - check STRUST manually.')
Пример #13
0
def putcertificate(connection, args):
    """Uploads X.509 Base64 certificates into SAP to enable SSL peer verification
       of remote servers

        Exceptions:
            - SAPCliError:
                - when the given storage does not belong to the storage white list
                - when identity argument has invalid format
    """

    identities = []

    for storage in args.storage:
        if storage in (CLIENT_ANONYMOUS, CLIENT_STANDART):
            identities.append(IDENTITY_MAPPING[storage])
        else:
            raise SAPCliError(f'Unknown storage: {storage}')

    for identity in args.identity:
        try:
            identities.append(Identity(*identity.split('/')))
        except (ValueError, TypeError):
            # pylint: disable=raise-missing-from
            raise SAPCliError('Invalid identity format')

    ssl_storages = []
    for identity in identities:
        ssl_storage = SSLCertStorage(connection, identity.pse_context, identity.pse_applic)

        if not ssl_storage.exists():
            ssl_storage.create(
                alg=args.algorithm,
                keylen=args.key_length,
                dn=args.dn
            )

        logging.debug('SSL Storage is OK: %s', ssl_storage)
        ssl_storages.append(ssl_storage)

    for file_path in args.paths:
        logging.info('Processing the file: %s', file_path)
        with open(file_path, 'rb') as cert_file:
            cert_contents = cert_file.read()
            for ssl_storage in ssl_storages:
                logging.info('Adding the file: %s to %s', file_path, ssl_storage)
                logging.info(ssl_storage.put_certificate(cert_contents))

    logging.info('Notifying ICM ... ')
    notify_icm_changed_pse(connection)

    for updated_storage in ssl_storages:
        logging.info('Certificates of %s:', str(updated_storage))

        for cert in iter_storage_certificates(updated_storage):
            logging.info('* %s', cert['EV_SUBJECT'])
Пример #14
0
    def test_str(self):
        conn = Connection()

        ssl_storage = SSLCertStorage(conn, 'STR', 'TEST')
        self.assertEquals(str(ssl_storage), 'SSL Storage STR/TEST')
Пример #15
0
    def test_repr(self):
        mock_connectionection = Mock()

        ssl_storage = SSLCertStorage(mock_connectionection, 'REPR', 'TEST')
        self.assertEquals(repr(ssl_storage), 'SSL Storage REPR/TEST')