def test_parse_tpp_zone1(self):
conn = TPPConnection(url="http://example.com/", user="", password="")
z = conn._parse_zone_data_to_object(json.loads(POLICY_TPP1))
self.assertEqual(z.country.value, "US")
self.assertEqual(z.locality.value, "Salt Lake")
self.assertEqual(z.province.value, "Utah")
self.assertEqual(z.organization.value, "Venafi Inc.")
def __init__(self, *args, **kwargs):
self.tpp_zone = TPP_ZONE
self.tpp_zone_ecdsa = TPP_ZONE_ECDSA
self.tpp_conn = TPPConnection(
TPP_USER,
TPP_PASSWORD,
TPP_URL,
http_request_kwargs={'verify': "/tmp/chain.pem"})
super(TestTPPMethods, self).__init__(*args, **kwargs)
def __init__(self, *args, **kwargs):
self.tpp_zone = environ['TPP_ZONE']
self.tpp_zone_ecdsa = environ['TPP_ZONE_ECDSA']
self.tpp_conn = TPPConnection(
USER,
PASSWORD,
TPPURL,
http_request_kwargs={"verify": "/tmp/chain.pem"})
super(TestTPPMethods, self).__init__(*args, **kwargs)
def test_parse_tpp_policy1(self):
conn = TPPConnection(url="http://example.com/", user="", password="")
raw_data = json.loads(POLICY_TPP1)
p = conn._parse_zone_config_to_policy(raw_data)
self.assertEqual(len(p.key_types), 7)
raw_data['Policy']['KeyPair']['KeySize']['Locked'] = True
p = conn._parse_zone_config_to_policy(raw_data)
self.assertEqual(len(p.key_types), 4)
raw_data['Policy']['KeyPair']['KeyAlgorithm']['Locked'] = True
p = conn._parse_zone_config_to_policy(raw_data)
self.assertEqual(len(p.key_types), 1)
def test_tpp(self):
ZONE = environ['TPPZONE']
print("Using TPP conection")
conn = TPPConnection(USER, PASSWORD, URL)
cn = randomword(10) + ".venafi.example.com"
cert_id, pkey, sn = enroll(conn, ZONE, cn)
renew(conn, cert_id, pkey, sn, cn)
def test_tpp_url_noramlization(self):
conn = TPPConnection(url="localhost", user="******", password="******")
self.assertEqual(conn._base_url, "https://localhost/vedsdk/")
conn._base_url = "http://localhost:8080"
self.assertEqual(conn._base_url, "https://localhost:8080/vedsdk/")
conn._base_url = "http://localhost:8080/"
self.assertEqual(conn._base_url, "https://localhost:8080/vedsdk/")
with self.assertRaises(Exception):
conn._base_url = "ftp://example.com"
with self.assertRaises(Exception):
conn._base_url = ""
with self.assertRaises(Exception):
conn._base_url = "https://"
def test_tpp(self):
zone = environ['TPPZONE']
print("Using TPP conection")
conn = TPPConnection(USER,
PASSWORD,
TPPURL,
http_request_kwargs={"verify": "/tmp/chain.pem"})
cn = randomword(10) + ".venafi.example.com"
cert_id, pkey, sn = enroll(conn, zone, cn)
cert = renew(conn, cert_id, pkey, sn, cn)
renew_by_thumbprint(conn, cert)
cn = randomword(10) + ".venafi.example.com"
enroll(conn, zone, cn, TEST_KEY_ECDSA[0], TEST_KEY_ECDSA[1])
cn = randomword(10) + ".venafi.example.com"
enroll(conn, zone, cn, TEST_KEY_RSA_4096[0], TEST_KEY_RSA_4096[1])
cn = randomword(10) + ".venafi.example.com"
enroll(conn, zone, cn, TEST_KEY_RSA_2048_ENCRYPTED[0],
TEST_KEY_RSA_2048_ENCRYPTED[1], 'venafi')
key = open("/tmp/csr-test.key.pem").read()
csr = open("/tmp/csr-test.csr.csr").read()
enroll(conn, zone, private_key=key, csr=csr)
class TestTPPMethods(unittest.TestCase):
def __init__(self, *args, **kwargs):
self.tpp_zone = TPP_ZONE
self.tpp_zone_ecdsa = TPP_ZONE_ECDSA
self.tpp_conn = TPPConnection(
TPP_USER,
TPP_PASSWORD,
TPP_URL,
http_request_kwargs={'verify': "/tmp/chain.pem"})
super(TestTPPMethods, self).__init__(*args, **kwargs)
def test_tpp_enroll(self):
cn = f"{random_word(10)}.venafi.example.com"
_, pkey, cert, _, cert_guid = enroll(self.tpp_conn, self.tpp_zone, cn)
cert_config = self.tpp_conn._get_certificate_details(cert_guid)
self.assertEqual(cert_config['Origin'], "Venafi VCert-Python")
def test_tpp_enroll_with_custom_fields(self):
cn = random_word(10) + ".venafi.example.com"
custom_fields = [
CustomField(name="custom", value="pythonTest"),
CustomField(name="cfList", value="item2"),
CustomField(name="cfListMulti", value="tier1"),
CustomField(name="cfListMulti", value="tier4")
]
cert_id, pkey, cert, _, cert_guid = enroll(conn=self.tpp_conn,
zone=self.tpp_zone,
cn=cn,
custom_fields=custom_fields)
cert_config = self.tpp_conn._get_certificate_details(cert_guid)
self.assertEqual(cert_config["Origin"], "Venafi VCert-Python")
def test_tpp_enroll_origin(self):
cn = random_word(10) + ".venafi.example.com"
_, pkey, cert, _, cert_guid = enroll(self.tpp_conn, self.tpp_zone, cn)
cert_config = self.tpp_conn._get_certificate_details(cert_guid)
self.assertEqual(cert_config["Origin"], "Venafi VCert-Python")
def test_tpp_renew(self):
cn = random_word(10) + ".venafi.example.com"
cert_id, pkey, cert, _, _ = enroll(self.tpp_conn, self.tpp_zone, cn)
cert = renew(self.tpp_conn, cert_id, pkey, cert.serial_number, cn)
def test_tpp_renew_twice(self):
cn = random_word(10) + ".venafi.example.com"
cert_id, pkey, cert, _, _ = enroll(self.tpp_conn, self.tpp_zone, cn)
time.sleep(5)
renew(self.tpp_conn, cert_id, pkey, cert.serial_number, cn)
time.sleep(5)
renew(self.tpp_conn, cert_id, pkey, cert.serial_number, cn)
def test_tpp_renew_by_thumbprint(self):
cn = random_word(10) + ".venafi.example.com"
cert_id, pkey, cert, _, _ = enroll(self.tpp_conn, self.tpp_zone, cn)
renew_by_thumbprint(self.tpp_conn, cert)
def test_tpp_renew_without_key_reuse(self):
renew_without_key_reuse(self, self.tpp_conn, self.tpp_zone)
def test_tpp_enroll_ecdsa(self):
cn = random_word(10) + ".venafi.example.com"
enroll(self.tpp_conn, self.tpp_zone_ecdsa, cn, TEST_KEY_ECDSA[0],
TEST_KEY_ECDSA[1])
def test_tpp_enroll_with_custom_key(self):
cn = random_word(10) + ".venafi.example.com"
enroll(self.tpp_conn, self.tpp_zone, cn, TEST_KEY_RSA_4096[0],
TEST_KEY_RSA_4096[1])
def test_tpp_enroll_with_encrypted_key(self):
cn = random_word(10) + ".venafi.example.com"
enroll(self.tpp_conn, self.tpp_zone, cn,
TEST_KEY_RSA_2048_ENCRYPTED[0], TEST_KEY_RSA_2048_ENCRYPTED[1],
'venafi')
def test_tpp_enroll_with_custom_csr(self):
key = open("/tmp/csr-test.key.pem").read()
csr = open("/tmp/csr-test.csr.csr").read()
enroll(self.tpp_conn, self.tpp_zone, private_key=key, csr=csr)
def test_tpp_enroll_with_zone_update_and_custom_origin(self):
cn = random_word(10) + ".venafi.example.com"
cert, cert_guid = enroll_with_zone_update(self.tpp_conn,
self.tpp_zone_ecdsa, cn)
cert_config = self.tpp_conn._get_certificate_details(cert_guid)
self.assertEqual(cert_config["Origin"], "Python-SDK ECDSA")
cert = x509.load_pem_x509_certificate(cert.cert.encode(),
default_backend())
key = cert.public_key()
self.assertEqual(key.curve.name, "secp521r1")
def test_tpp_read_zone_config(self):
zone = self.tpp_conn.read_zone_conf(self.tpp_zone)
self.assertEqual(zone.country.value, "US")
self.assertEqual(zone.province.value, "Utah")
self.assertEqual(zone.locality.value, "Salt Lake")
self.assertEqual(zone.organization.value, "Venafi Inc.")
self.assertEqual(zone.organizational_unit.value, ["Integrations"])
self.assertEqual(zone.key_type.key_type, KeyType.RSA)
self.assertEqual(zone.key_type.option, 2048)
def test_tpp_read_zone_unknown_zone(self):
with self.assertRaises(Exception):
self.tpp_conn.read_zone_conf("fdsfsd")
def test_tpp_retrieve_non_issued(self):
with self.assertRaises(Exception):
self.tpp_conn.retrieve_cert(
self.tpp_zone + "\\devops\\vcert\\test-non-issued.example.com")
def test_tpp_search_by_thumbpint(self):
req, cert = simple_enroll(self.tpp_conn, self.tpp_zone)
cert = x509.load_pem_x509_certificate(cert.cert.encode(),
default_backend())
fingerprint = binascii.hexlify(cert.fingerprint(
hashes.SHA1())).decode()
found = self.tpp_conn.search_by_thumbprint(fingerprint)
self.assertEqual(found, req.id)
def test_revoke_not_issued(self):
req = RevocationRequest(req_id=self.tpp_zone +
'\\not-issued.example.com')
with self.assertRaises(Exception):
self.tpp_conn.revoke_cert(req)
req = RevocationRequest(
thumbprint="2b25ff9f8725dfee37c6a7adcba31897b12e921d")
with self.assertRaises(Exception):
self.tpp_conn.revoke_cert(req)
req = RevocationRequest()
with self.assertRaises(Exception):
self.tpp_conn.revoke_cert(req)
def test_revoke_normal(self):
req, cert = simple_enroll(self.tpp_conn, self.tpp_zone)
rev_req = RevocationRequest(req_id=req.id)
self.tpp_conn.revoke_cert(rev_req)
time.sleep(1)
with self.assertRaises(Exception):
self.tpp_conn.renew_cert(req)
def test_revoke_without_disable(self):
req, cert = simple_enroll(self.tpp_conn, self.tpp_zone)
rev_req = RevocationRequest(req_id=req.id, disable=False)
self.tpp_conn.revoke_cert(rev_req)
time.sleep(1)
self.tpp_conn.renew_cert(req)
def test_revoke_normal_thumbprint(self):
req, cert = simple_enroll(self.tpp_conn, self.tpp_zone)
cert = x509.load_pem_x509_certificate(cert.cert.encode(),
default_backend())
thumbprint = binascii.hexlify(cert.fingerprint(hashes.SHA1())).decode()
rev_req = RevocationRequest(thumbprint=thumbprint)
self.tpp_conn.revoke_cert(rev_req)
time.sleep(1)
with self.assertRaises(Exception):
self.tpp_conn.renew_cert(req)