def __init__(self, *args, **kwargs):
self.tpp_zone = environ['TPP_ZONE']
self.tpp_conn = TPPTokenConnection(
url=TPP_TOKEN_URL,
user=USER,
password=PASSWORD,
http_request_kwargs={"verify": "/tmp/chain.pem"})
super(TestTPPTokenAccess, self).__init__(*args, **kwargs)
def __init__(self, *args, **kwargs):
self.tpp_zone = TPP_ZONE
self.tpp_zone_ecdsa = TPP_ZONE_ECDSA
self.tpp_conn = TPPTokenConnection(
url=TPP_TOKEN_URL,
user=TPP_USER,
password=TPP_PASSWORD,
http_request_kwargs={'verify': "/tmp/chain.pem"})
super(TestTPPTokenMethods, self).__init__(*args, **kwargs)
def __init__(self, *args, **kwargs):
self.tpp_conn = TPPTokenConnection(
url=TPP_TOKEN_URL,
http_request_kwargs={'verify': "/tmp/chain.pem"})
auth = Authentication(user=TPP_USER,
password=TPP_PASSWORD,
scope=SCOPE_SSH)
self.tpp_conn.get_access_token(auth)
super(TestTPPSSHCertificate, self).__init__(*args, **kwargs)
def __init__(self, *args, **kwargs):
self.tpp_conn = TPPTokenConnection(
url=TPP_TOKEN_URL,
http_request_kwargs={'verify': "/tmp/chain.pem"})
auth = Authentication(user=TPP_USER,
password=TPP_PASSWORD,
scope=SCOPE_PM)
self.tpp_conn.get_access_token(auth)
self.json_file = _resolve_resources_path(POLICY_SPEC_JSON)
self.yaml_file = _resolve_resources_path(POLICY_SPEC_YAML)
super(TestTPPPolicyManagement, self).__init__(*args, **kwargs)
class TestTPPPolicyManagement(unittest.TestCase):
def __init__(self, *args, **kwargs):
self.tpp_conn = TPPTokenConnection(
url=TPP_TOKEN_URL,
http_request_kwargs={'verify': "/tmp/chain.pem"})
auth = Authentication(user=TPP_USER,
password=TPP_PASSWORD,
scope=SCOPE_PM)
self.tpp_conn.get_access_token(auth)
self.json_file = _resolve_resources_path(POLICY_SPEC_JSON)
self.yaml_file = _resolve_resources_path(POLICY_SPEC_YAML)
super(TestTPPPolicyManagement, self).__init__(*args, **kwargs)
def test_create_policy_from_json(self):
# ps = json_parser.parse_file(self.json_file)
# self._create_policy_tpp(policy_spec=ps)
pass
def test_create_policy_yaml(self):
# ps = yaml_parser.parse_file(self.yaml_file)
# self._create_policy_tpp(policy_spec=ps)
pass
def test_create_policy_full(self):
policy = _get_policy_obj(ca_type=CA_TYPE_TPP)
policy.key_pair.rsa_key_sizes = [2048]
self._create_policy_tpp(policy=policy, defaults=_get_defaults_obj())
def test_create_policy_empty(self):
self._create_policy_tpp()
def test_create_policy_no_policy(self):
self._create_policy_tpp(defaults=_get_defaults_obj())
def test_create_policy_no_defaults(self):
policy = _get_policy_obj(ca_type=CA_TYPE_TPP)
policy.key_pair.rsa_key_sizes = [2048]
self._create_policy_tpp(policy=policy)
def _create_policy_tpp(self, policy_spec=None, policy=None, defaults=None):
zone = f"{TPP_PM_ROOT}\\{_get_tpp_policy_name()}"
create_policy(self.tpp_conn, zone, policy_spec, policy, defaults)
class TestTPPTokenAccess(unittest.TestCase):
def __init__(self, *args, **kwargs):
self.tpp_zone = environ['TPP_ZONE']
self.tpp_conn = TPPTokenConnection(
url=TPP_TOKEN_URL,
user=USER,
password=PASSWORD,
http_request_kwargs={"verify": "/tmp/chain.pem"})
super(TestTPPTokenAccess, self).__init__(*args, **kwargs)
def test_get_access_token(self):
try:
token_info = self.tpp_conn.get_access_token()
self.assertIsNotNone(token_info)
self.assertIsNotNone(token_info.access_token)
self.assertIsNotNone(token_info.refresh_token)
self.assertIsNotNone(token_info.expires)
except ClientBadData:
self.fail("Error in Test Data")
except ServerUnexptedBehavior as sub:
self.fail("Error from server: %s" % sub.__str__())
def test_refresh_access_token(self):
try:
self.tpp_conn.get_access_token()
refresh_info = self.tpp_conn.refresh_access_token()
self.assertIsNotNone(refresh_info)
self.assertIsNotNone(refresh_info.access_token)
self.assertIsNotNone(refresh_info.refresh_token)
self.assertIsNotNone(refresh_info.expires)
except ClientBadData:
self.fail("Error in Test Data")
except ServerUnexptedBehavior as sub:
self.fail("Error from server: %s" % sub.__str__())
def test_revoke_access_token(self):
try:
self.tpp_conn.get_access_token()
status, resp = self.tpp_conn.revoke_access_token()
self.assertEqual(status, 200)
except Exception as err:
self.fail("Error happened: %s" % err.__str__())
cn = randomword(10) + ".venafi.example.com"
with self.assertRaises(Exception):
enroll(self.tpp_conn, self.tpp_zone, cn)
class TestTPPTokenMethods(unittest.TestCase):
def __init__(self, *args, **kwargs):
self.tpp_zone = environ['TPP_ZONE']
self.tpp_zone_ecdsa = environ['TPP_ZONE_ECDSA']
self.tpp_conn = TPPTokenConnection(
url=TPP_TOKEN_URL,
user=USER,
password=PASSWORD,
http_request_kwargs={"verify": "/tmp/chain.pem"})
super(TestTPPTokenMethods, self).__init__(*args, **kwargs)
def test_tpp_token_enroll(self):
cn = randomword(10) + ".venafi.example.com"
try:
cert_id, pkey, cert, _ = enroll(self.tpp_conn, self.tpp_zone, cn)
except Exception as err:
self.fail("Error in test: %s" % err.__str__)
def test_tpp_token_enroll_origin(self):
cn = randomword(10) + ".venafi.example.com"
try:
cert_id, pkey, cert, _ = enroll(self.tpp_conn, self.tpp_zone, cn)
except Exception as err:
self.fail("Error in test: %s" % err.__str__())
def test_tpp_token_renew(self):
cn = randomword(10) + ".venafi.example.com"
cert_id, pkey, cert, _ = enroll(self.tpp_conn, self.tpp_zone, cn)
cert = renew(self.tpp_conn, cert_id, pkey, cert.serial_number, cn)
def test_tpp_token_renew_twice(self):
cn = randomword(10) + ".venafi.example.com"
cert_id, pkey, cert, _ = enroll(self.tpp_conn, self.tpp_zone, cn)
time.sleep(5)
renew(self.tpp_conn, cert_id, pkey, cert.serial_number, cn)
time.sleep(5)
renew(self.tpp_conn, cert_id, pkey, cert.serial_number, cn)
def test_tpp_token_renew_by_thumbprint(self):
cn = randomword(10) + ".venafi.example.com"
cert_id, pkey, cert, _ = enroll(self.tpp_conn, self.tpp_zone, cn)
renew_by_thumbprint(self.tpp_conn, cert)
def test_tpp_token_renew_without_key_reuse(self):
renew_without_key_reuse(self, self.tpp_conn, self.tpp_zone)
def test_tpp_token_enroll_ecdsa(self):
cn = randomword(10) + ".venafi.example.com"
enroll(self.tpp_conn, self.tpp_zone_ecdsa, cn, TEST_KEY_ECDSA[0],
TEST_KEY_ECDSA[1])
def test_tpp_token_enroll_with_custom_key(self):
cn = randomword(10) + ".venafi.example.com"
enroll(self.tpp_conn, self.tpp_zone, cn, TEST_KEY_RSA_4096[0],
TEST_KEY_RSA_4096[1])
def test_tpp_token_enroll_with_encrypted_key(self):
cn = randomword(10) + ".venafi.example.com"
enroll(self.tpp_conn, self.tpp_zone, cn,
TEST_KEY_RSA_2048_ENCRYPTED[0], TEST_KEY_RSA_2048_ENCRYPTED[1],
'venafi')
def test_tpp_token_enroll_with_custom_csr(self):
key = open("/tmp/csr-test.key.pem").read()
csr = open("/tmp/csr-test.csr.csr").read()
enroll(self.tpp_conn, self.tpp_zone, private_key=key, csr=csr)
def test_tpp_token_enroll_with_zone_update_and_custom_origin(self):
cn = randomword(10) + ".venafi.example.com"
cert = enroll_with_zone_update(self.tpp_conn, self.tpp_zone_ecdsa, cn)
cert = x509.load_pem_x509_certificate(cert.cert.encode(),
default_backend())
key = cert.public_key()
self.assertEqual(key.curve.name, "secp521r1")
def test_tpp_token_read_zone_config(self):
zone = self.tpp_conn.read_zone_conf(self.tpp_zone)
self.assertEqual(zone.country.value, "US")
self.assertEqual(zone.province.value, "Utah")
self.assertEqual(zone.locality.value, "Salt Lake")
self.assertEqual(zone.organization.value, "Venafi Inc.")
self.assertEqual(zone.organizational_unit.value, ["Integrations"])
self.assertEqual(zone.key_type.key_type, KeyType.RSA)
self.assertEqual(zone.key_type.option, 2048)
def test_tpp_token_read_zone_unknown_zone(self):
with self.assertRaises(Exception):
self.tpp_conn.read_zone_conf("fdsfsd")
def test_tpp_token_retrieve_non_issued(self):
with self.assertRaises(Exception):
self.tpp_conn.retrieve_cert(
self.tpp_zone + "\\devops\\vcert\\test-non-issued.example.com")
def test_tpp_token_search_by_thumbprint(self):
req, cert = simple_enroll(self.tpp_conn, self.tpp_zone)
cert = x509.load_pem_x509_certificate(cert.cert.encode(),
default_backend())
fingerprint = binascii.hexlify(cert.fingerprint(
hashes.SHA1())).decode()
found = self.tpp_conn.search_by_thumbprint(fingerprint)
self.assertEqual(found, req.id)
def test_token_revoke_not_issued(self):
req = RevocationRequest(req_id=self.tpp_zone +
'\\not-issued.example.com')
with self.assertRaises(Exception):
self.tpp_conn.revoke_cert(req)
req = RevocationRequest(
thumbprint="2b25ff9f8725dfee37c6a7adcba31897b12e921d")
with self.assertRaises(Exception):
self.tpp_conn.revoke_cert(req)
req = RevocationRequest()
with self.assertRaises(Exception):
self.tpp_conn.revoke_cert(req)
def test_token_revoke_normal(self):
req, cert = simple_enroll(self.tpp_conn, self.tpp_zone)
rev_req = RevocationRequest(req_id=req.id)
self.tpp_conn.revoke_cert(rev_req)
time.sleep(1)
with self.assertRaises(Exception):
self.tpp_conn.renew_cert(req)
def test_token_revoke_without_disable(self):
req, cert = simple_enroll(self.tpp_conn, self.tpp_zone)
rev_req = RevocationRequest(req_id=req.id, disable=False)
self.tpp_conn.revoke_cert(rev_req)
time.sleep(1)
self.tpp_conn.renew_cert(req)
def test_token_revoke_normal_thumbprint(self):
req, cert = simple_enroll(self.tpp_conn, self.tpp_zone)
cert = x509.load_pem_x509_certificate(cert.cert.encode(),
default_backend())
thumbprint = binascii.hexlify(cert.fingerprint(hashes.SHA1())).decode()
rev_req = RevocationRequest(thumbprint=thumbprint)
self.tpp_conn.revoke_cert(rev_req)
time.sleep(1)
with self.assertRaises(Exception):
self.tpp_conn.renew_cert(req)
class TestTPPTokenMethods(unittest.TestCase):
def __init__(self, *args, **kwargs):
self.tpp_zone = TPP_ZONE
self.tpp_zone_ecdsa = TPP_ZONE_ECDSA
self.tpp_conn = TPPTokenConnection(
url=TPP_TOKEN_URL,
user=TPP_USER,
password=TPP_PASSWORD,
http_request_kwargs={'verify': "/tmp/chain.pem"})
super(TestTPPTokenMethods, self).__init__(*args, **kwargs)
def test_tpp_token_enroll(self):
cn = f"{random_word(10)}.venafi.example.com"
try:
cert_id, pkey, cert, _, cert_guid = enroll(self.tpp_conn,
self.tpp_zone, cn)
cert_config = self.tpp_conn._get_certificate_details(cert_guid)
self.assertEqual(cert_config['Origin'], "Venafi VCert-Python")
except Exception as err:
self.fail(f"Error in test: {err.message}")
def test_tpp_token_enroll_with_service_generated_csr(self):
cn = f"{random_word(10)}.venafi.example.com"
try:
_, _, _, _, cert_guid = enroll(self.tpp_conn,
self.tpp_zone,
cn=cn,
password="******",
service_generated_csr=True)
cert_config = self.tpp_conn._get_certificate_details(cert_guid)
self.assertEqual(cert_config['Origin'], "Venafi VCert-Python")
except Exception as err:
self.fail(f"Error in test: {err.message}")
def test_tpp_token_enroll_with_custom_fields(self):
cn = f"{random_word(10)}.venafi.example.com"
custom_fields = [
CustomField(name="custom", value="pythonTest"),
CustomField(name="cfList", value="item2"),
CustomField(name="cfListMulti", value="tier1"),
CustomField(name="cfListMulti", value="tier4")
]
try:
cert_id, pkey, cert, _, cert_guid = enroll(
conn=self.tpp_conn,
zone=self.tpp_zone,
cn=cn,
custom_fields=custom_fields)
cert_config = self.tpp_conn._get_certificate_details(cert_guid)
self.assertEqual(cert_config['Origin'], "Venafi VCert-Python")
except Exception as err:
self.fail(f"Error in test: {err.__str__}")
def test_tpp_token_enroll_origin(self):
cn = f"{random_word(10)}.venafi.example.com"
try:
cert_id, pkey, cert, _, _ = enroll(self.tpp_conn, self.tpp_zone,
cn)
except Exception as err:
self.fail(f"Error in test: {err.__str__()}")
def test_tpp_token_renew(self):
cn = f"{random_word(10)}.venafi.example.com"
cert_id, pkey, cert, _, _ = enroll(self.tpp_conn, self.tpp_zone, cn)
cert = renew(self.tpp_conn, cert_id, pkey, cert.serial_number, cn)
def test_tpp_token_renew_twice(self):
cn = f"{random_word(10)}.venafi.example.com"
cert_id, pkey, cert, _, _ = enroll(self.tpp_conn, self.tpp_zone, cn)
time.sleep(5)
renew(self.tpp_conn, cert_id, pkey, cert.serial_number, cn)
time.sleep(5)
renew(self.tpp_conn, cert_id, pkey, cert.serial_number, cn)
def test_tpp_token_renew_by_thumbprint(self):
cn = f"{random_word(10)}.venafi.example.com"
cert_id, pkey, cert, _, _ = enroll(self.tpp_conn, self.tpp_zone, cn)
renew_by_thumbprint(self.tpp_conn, cert)
def test_tpp_token_renew_without_key_reuse(self):
renew_without_key_reuse(self, self.tpp_conn, self.tpp_zone)
def test_tpp_token_enroll_ecdsa(self):
cn = f"{random_word(10)}.venafi.example.com"
enroll(self.tpp_conn, self.tpp_zone_ecdsa, cn, TEST_KEY_ECDSA[0],
TEST_KEY_ECDSA[1])
def test_tpp_token_enroll_with_custom_key(self):
cn = f"{random_word(10)}.venafi.example.com"
enroll(self.tpp_conn, self.tpp_zone, cn, TEST_KEY_RSA_4096[0],
TEST_KEY_RSA_4096[1])
def test_tpp_token_enroll_with_encrypted_key(self):
cn = f"{random_word(10)}.venafi.example.com"
enroll(self.tpp_conn, self.tpp_zone, cn,
TEST_KEY_RSA_2048_ENCRYPTED[0], TEST_KEY_RSA_2048_ENCRYPTED[1],
'venafi')
def test_tpp_token_enroll_with_custom_csr(self):
key = open("/tmp/csr-test.key.pem").read()
csr = open("/tmp/csr-test.csr.csr").read()
enroll(self.tpp_conn, self.tpp_zone, private_key=key, csr=csr)
def test_tpp_token_enroll_with_zone_update_and_custom_origin(self):
cn = f"{random_word(10)}.venafi.example.com"
cert, cert_guid = enroll_with_zone_update(self.tpp_conn,
self.tpp_zone_ecdsa, cn)
cert_config = self.tpp_conn._get_certificate_details(cert_guid)
self.assertEqual(cert_config['Origin'], "Python-SDK ECDSA")
cert = x509.load_pem_x509_certificate(cert.cert.encode(),
default_backend())
key = cert.public_key()
self.assertEqual(key.curve.name, "secp521r1")
def test_tpp_token_read_zone_config(self):
zone = self.tpp_conn.read_zone_conf(self.tpp_zone)
self.assertEqual(zone.country.value, "US")
self.assertEqual(zone.province.value, "Utah")
self.assertEqual(zone.locality.value, "Salt Lake")
self.assertEqual(zone.organization.value, "Venafi Inc.")
self.assertEqual(zone.organizational_unit.value, ["Integrations"])
self.assertEqual(zone.key_type.key_type, KeyType.RSA)
self.assertEqual(zone.key_type.option, 2048)
def test_tpp_token_read_zone_unknown_zone(self):
with self.assertRaises(Exception):
self.tpp_conn.read_zone_conf("fdsfsd")
def test_tpp_token_retrieve_non_issued(self):
with self.assertRaises(Exception):
self.tpp_conn.retrieve_cert(
f"{self.tpp_zone}\\devops\\vcert\\test-non-issued.example.com")
def test_tpp_token_search_by_thumbprint(self):
req, cert = simple_enroll(self.tpp_conn, self.tpp_zone)
cert = x509.load_pem_x509_certificate(cert.cert.encode(),
default_backend())
fingerprint = binascii.hexlify(cert.fingerprint(
hashes.SHA1())).decode()
found = self.tpp_conn.search_by_thumbprint(fingerprint)
self.assertEqual(found, req.id)
def test_token_revoke_not_issued(self):
req = RevocationRequest(
req_id=f"{self.tpp_zone}\\not-issued.example.com")
with self.assertRaises(Exception):
self.tpp_conn.revoke_cert(req)
req = RevocationRequest(
thumbprint="2b25ff9f8725dfee37c6a7adcba31897b12e921d")
with self.assertRaises(Exception):
self.tpp_conn.revoke_cert(req)
req = RevocationRequest()
with self.assertRaises(Exception):
self.tpp_conn.revoke_cert(req)
def test_token_revoke_normal(self):
req, cert = simple_enroll(self.tpp_conn, self.tpp_zone)
rev_req = RevocationRequest(req_id=req.id)
self.tpp_conn.revoke_cert(rev_req)
time.sleep(1)
with self.assertRaises(Exception):
self.tpp_conn.renew_cert(req)
def test_token_revoke_without_disable(self):
req, cert = simple_enroll(self.tpp_conn, self.tpp_zone)
rev_req = RevocationRequest(req_id=req.id, disable=False)
self.tpp_conn.revoke_cert(rev_req)
time.sleep(1)
self.tpp_conn.renew_cert(req)
def test_token_revoke_normal_thumbprint(self):
req, cert = simple_enroll(self.tpp_conn, self.tpp_zone)
cert = x509.load_pem_x509_certificate(cert.cert.encode(),
default_backend())
thumbprint = binascii.hexlify(cert.fingerprint(hashes.SHA1())).decode()
rev_req = RevocationRequest(thumbprint=thumbprint)
self.tpp_conn.revoke_cert(rev_req)
time.sleep(1)
with self.assertRaises(Exception):
self.tpp_conn.renew_cert(req)
def test_tpp_token_enroll_valid_hours(self):
cn = f"{random_word(10)}.venafi.example.com"
request = CertificateRequest(common_name=cn)
request.san_dns = [
"www.client.venafi.example.com", "ww1.client.venafi.example.com"
]
request.email_addresses = [
"*****@*****.**", "*****@*****.**"
]
request.ip_addresses = ["127.0.0.1", u"192.168.1.1"]
request.user_principal_names = [
"*****@*****.**", "*****@*****.**"
]
request.uniform_resource_identifiers = [
"https://www.venafi.com", "https://venafi.cloud"
]
custom_fields = [
CustomField(name="custom", value="pythonTest"),
CustomField(name="cfList", value="item2"),
CustomField(name="cfListMulti", value="tier1"),
CustomField(name="cfListMulti", value="tier4")
]
request.custom_fields = custom_fields
request.validity_hours = 144
request.issuer_hint = IssuerHint.MICROSOFT
expected_date = datetime.utcnow() + timedelta(
hours=request.validity_hours)
self.tpp_conn.request_cert(request, self.tpp_zone)
cert = self.tpp_conn.retrieve_cert(request)
cert = x509.load_pem_x509_certificate(cert.cert.encode(),
default_backend())
assert isinstance(cert, x509.Certificate)
expiration_date = cert.not_valid_after
# Due to some roundings and delays in operations on the server side, the certificate expiration date
# is not exactly the same as the one used in the request. A gap is allowed in this scenario to compensate
# this delays and roundings.
delta = timedelta(seconds=60)
date_format = "%Y-%m-%d %H:%M:%S"
self.assertAlmostEqual(
expected_date,
expiration_date,
delta=delta,
msg=f"Delta between expected and expiration date is too big."
f"\nExpected: {expected_date.strftime(date_format)}"
f"\nGot: {expiration_date.strftime(date_format)}"
f"\nExpected_delta: {delta.total_seconds()} seconds.")
def test_get_access_token(self):
try:
token_info = self.tpp_conn.get_access_token()
self.assertIsNotNone(token_info)
self.assertIsNotNone(token_info.access_token)
self.assertIsNotNone(token_info.refresh_token)
self.assertIsNotNone(token_info.expires)
except ClientBadData:
self.fail("Error in Test Data")
except ServerUnexptedBehavior as sub:
self.fail(f"Error from server: {sub.__str__()}")
def test_refresh_access_token(self):
try:
self.tpp_conn.get_access_token()
refresh_info = self.tpp_conn.refresh_access_token()
self.assertIsNotNone(refresh_info)
self.assertIsNotNone(refresh_info.access_token)
self.assertIsNotNone(refresh_info.refresh_token)
self.assertIsNotNone(refresh_info.expires)
except ClientBadData:
self.fail("Error in Test Data")
except ServerUnexptedBehavior as sub:
self.fail(f"Error from server: {sub.__str__()}")
def test_revoke_access_token(self):
try:
self.tpp_conn.get_access_token()
status, resp = self.tpp_conn.revoke_access_token()
self.assertEqual(status, 200)
except Exception as err:
self.fail(f"Error happened: {err.__str__()}")
cn = f"{random_word(10)}.venafi.example.com"
with self.assertRaises(Exception):
enroll(self.tpp_conn, self.tpp_zone, cn)
class TestTPPSSHCertificate(unittest.TestCase):
def __init__(self, *args, **kwargs):
self.tpp_conn = TPPTokenConnection(
url=TPP_TOKEN_URL,
http_request_kwargs={'verify': "/tmp/chain.pem"})
auth = Authentication(user=TPP_USER,
password=TPP_PASSWORD,
scope=SCOPE_SSH)
self.tpp_conn.get_access_token(auth)
super(TestTPPSSHCertificate, self).__init__(*args, **kwargs)
def test_enroll_local_generated_keypair(self):
keypair = SSHKeyPair()
keypair.generate(key_size=4096, passphrase="foobar")
request = SSHCertRequest(cadn=TPP_SSH_CADN, key_id=_random_key_id())
request.validity_period = "4h"
request.source_addresses = ["test.com"]
request.set_public_key_data(keypair.public_key())
response = _enroll_ssh_cert(self.tpp_conn, request)
self.assertTrue(
response.private_key_data is None,
SERVICE_GENERATED_NO_KEY_ERROR.format("Private", "not",
request.key_id))
self.assertTrue(
response.public_key_data,
SERVICE_GENERATED_NO_KEY_ERROR.format("Public", "",
request.key_id))
self.assertTrue(
response.public_key_data == request.get_public_key_data(),
f"Public key on response does not match request."
f"\nExpected: {request.get_public_key_data()}"
f"\nGot: {response.public_key_data}")
self.assertTrue(response.certificate_data,
SSH_CERT_DATA_ERROR.format(request.key_id))
def test_enroll_service_generated_keypair(self):
request = SSHCertRequest(cadn=TPP_SSH_CADN, key_id=_random_key_id())
request.validity_period = "4h"
request.source_addresses = ["test.com"]
response = _enroll_ssh_cert(self.tpp_conn, request)
self.assertTrue(
response.private_key_data,
SERVICE_GENERATED_NO_KEY_ERROR.format("Private", "",
request.key_id))
self.assertTrue(
response.public_key_data,
SERVICE_GENERATED_NO_KEY_ERROR.format("Public", "",
request.key_id))
self.assertTrue(response.certificate_data,
SSH_CERT_DATA_ERROR.format(request.key_id))
def test_retrieve_ca_public_key(self):
tpp_connector = venafi_connection(
platform=VenafiPlatform.TPP,
url=TPP_TOKEN_URL,
http_request_kwargs={'verify': "/tmp/chain.pem"})
request = SSHCATemplateRequest(ca_template=TPP_SSH_CADN)
ssh_config = tpp_connector.retrieve_ssh_config(ca_request=request)
self.assertIsNotNone(ssh_config.ca_public_key,
f"{TPP_SSH_CADN} Public Key data is empty")
self.assertIsNone(ssh_config.ca_principals,
f"{TPP_SSH_CADN} default principals is not empty")
log.debug(
f"{TPP_SSH_CADN} Public Key data:\n{ssh_config.ca_public_key}")
def test_retrieve_ca_public_key_and_principals(self):
request = SSHCATemplateRequest(ca_template=TPP_SSH_CADN)
ssh_config = self.tpp_conn.retrieve_ssh_config(ca_request=request)
self.assertIsNotNone(ssh_config.ca_public_key,
f"{TPP_SSH_CADN} Public Key data is empty")
self.assertIsNotNone(ssh_config.ca_principals,
f"{TPP_SSH_CADN} default principals is empty")
log.debug(
f"{TPP_SSH_CADN} Public Key data: {ssh_config.ca_public_key}")
log.debug(
f"{TPP_SSH_CADN} default principals: {ssh_config.ca_principals}")