def test_ca_key_read_failure(self): """Test CA key read failure.""" csr_obj = certificate_ops.parse_csr(self.csr_sample, 'pem') config = "anchor.jsonloader.conf._config" self.sample_conf_ca['default_ca']['cert_path'] = 'tests/CA/root-ca.crt' self.sample_conf_ca['default_ca']['key_path'] = '/xxx/not/a/valid/path' data = self.sample_conf with mock.patch.dict(config, data): with self.assertRaises(http_status.HTTPException) as cm: certificate_ops.dispatch_sign('default_ra', csr_obj) self.assertEqual(cm.exception.code, 500)
def post(self): ra_name = self.ra_name logger.debug("processing signing request in registration authority %s", ra_name) try: auth_result = auth.validate(ra_name, pecan.request.POST.get('user'), pecan.request.POST.get('secret')) audit.emit_auth_event(ra_name, pecan.request.POST.get('user'), auth_result) except http_status.HTTPUnauthorized: audit.emit_auth_event(ra_name, pecan.request.POST.get('user'), None) raise try: csr = certificate_ops.parse_csr(pecan.request.POST.get('csr'), pecan.request.POST.get('encoding')) certificate_ops.validate_csr(ra_name, auth_result, csr, pecan.request) csr = certificate_ops.fixup_csr(ra_name, csr, pecan.request) cert, fingerprint = certificate_ops.dispatch_sign(ra_name, csr) audit.emit_signing_event(ra_name, pecan.request.POST.get('user'), auth_result, fingerprint=fingerprint) except Exception: audit.emit_signing_event(ra_name, pecan.request.POST.get('user'), auth_result) raise return cert
def post(self): ra_name = self.ra_name logger.debug("processing signing request in registration authority %s", ra_name) auth_result = auth.validate(ra_name, pecan.request.POST.get('user'), pecan.request.POST.get('secret')) csr = certificate_ops.parse_csr(pecan.request.POST.get('csr'), pecan.request.POST.get('encoding')) certificate_ops.validate_csr(ra_name, auth_result, csr, pecan.request) return certificate_ops.dispatch_sign(ra_name, csr)
def issue(reqid): dbdata = util.load_db(jsonloader.conf.ra_options["certdb_file"]) try: if dbdata[reqid].getStatus() == "Pending": dbdata[reqid].Issued = True elif dbdata[reqid].getStatus() == "Issued": return "Cannot issue, certificate already Issued" elif dbdata[reqid].getStatus() == "Denied": return "Cannot issue certificate already Denied" elif dbdata[reqid].getStatus() == "Revoked": return "Cannot issue certificate already Revoked" except Exception: return "Cannot find reqid %d in cert DB" % reqid dbdata[reqid].cert = certificate_ops.dispatch_sign(jsonloader.conf.ra_options["ra_name"], dbdata[reqid].get_X509csr())[0].replace("\n", ""), util.write_db(dbdata, jsonloader.conf.ra_options["certdb_file"]) return dbdata[reqid].toInfoString()