def test_manual_enrolled(self, vault, **kwargs): self.assertIsNotNone(vault) vault_uri = vault.properties.vault_uri cert_name = 'unknownIssuerCert' cert_policy = CertificatePolicy(key_properties=KeyProperties(exportable=True, key_type='RSA', key_size=2048, reuse_key=False), secret_properties=SecretProperties(content_type='application/x-pkcs12'), issuer_parameters=IssuerParameters(name='Unknown'), x509_certificate_properties=X509CertificateProperties( subject='CN=*.microsoft.com', subject_alternative_names=SubjectAlternativeNames( dns_names=['onedrive.microsoft.com', 'xbox.microsoft.com'] ), validity_in_months=24 )) # get pending certificate signing request cert_operation = self.client.create_certificate(vault_uri, cert_name, cert_policy) pending_version_csr = self.client.get_pending_certificate_signing_request(vault_uri, cert_name) try: self.assertEqual(cert_operation.csr, pending_version_csr) except Exception as ex: pass finally: self.client.delete_certificate(vault_uri, cert_name)
def _scaffold_certificate_profile(): template = CertificatePolicy( key_properties=KeyProperties( exportable=True, key_type=u'(optional) RSA or RSA-HSM (default RSA)', key_size=2048, reuse_key=True), secret_properties=SecretProperties( content_type=u'application/x-pkcs12 or application/x-pem-file'), x509_certificate_properties=X509CertificateProperties( key_usage=[ KeyUsageType.c_rl_sign, KeyUsageType.data_encipherment, KeyUsageType.digital_signature, KeyUsageType.key_encipherment, KeyUsageType.key_agreement, KeyUsageType.key_cert_sign ], subject_alternative_names=SubjectAlternativeNames( emails=[u'*****@*****.**'], dns_names=[u'hr.contoso.com', u'm.contoso.com'], upns=[]), subject= u'C=US, ST=WA, L=Redmond, O=Contoso, OU=Contoso HR, CN=www.contoso.com', ekus=[u'1.3.6.1.5.5.7.3.1'], validity_in_months=24), lifetime_actions=[ LifetimeAction(trigger=Trigger(days_before_expiry=90), action=Action(action_type=ActionType.auto_renew)) ], issuer_parameters=IssuerParameters( name=u'Unknown, Self, or {IssuerName}', certificate_type=u'(optional) DigiCert, GlobalSign or WoSign'), attributes=CertificateAttributes(enabled=True)) del template.id del template.attributes return template
def _default_certificate_profile(): template = CertificatePolicy( key_properties=KeyProperties(exportable=True, key_type=u'RSA', key_size=2048, reuse_key=True), secret_properties=SecretProperties( content_type=u'application/x-pkcs12'), x509_certificate_properties=X509CertificateProperties( key_usage=[ KeyUsageType.c_rl_sign, KeyUsageType.data_encipherment, KeyUsageType.digital_signature, KeyUsageType.key_encipherment, KeyUsageType.key_agreement, KeyUsageType.key_cert_sign ], subject=u'CN=CLIGetDefaultPolicy', validity_in_months=12), lifetime_actions=[ LifetimeAction(trigger=Trigger(days_before_expiry=90), action=Action(action_type=ActionType.auto_renew)) ], issuer_parameters=IssuerParameters(name=u'Self', ), attributes=CertificateAttributes(enabled=True)) del template.id del template.attributes del template.issuer_parameters.certificate_type del template.lifetime_actions[0].trigger.lifetime_percentage del template.x509_certificate_properties.subject_alternative_names del template.x509_certificate_properties.ekus return template
def test_recover_and_purge(self, vault, **kwargs): self.assertIsNotNone(vault) vault_uri = vault.properties.vault_uri certs = {} cert_policy = CertificatePolicy(key_properties=KeyProperties(exportable=True, key_type='RSA', key_size=2048, reuse_key=False), secret_properties=SecretProperties(content_type='application/x-pkcs12'), issuer_parameters=IssuerParameters(name='Self'), x509_certificate_properties=X509CertificateProperties( subject='CN=*.microsoft.com', subject_alternative_names=SubjectAlternativeNames( dns_names=['onedrive.microsoft.com', 'xbox.microsoft.com'] ), validity_in_months=24 )) # create certificates to recover for i in range(0, self.list_test_size): cert_name = self.get_resource_name('certrec{}'.format(str(i))) certs[cert_name] = self._import_common_certificate(vault_uri, cert_name) # create certificates to purge for i in range(0, self.list_test_size): cert_name = self.get_resource_name('certprg{}'.format(str(i))) certs[cert_name] = self._import_common_certificate(vault_uri, cert_name) # delete all certificates for cert_name in certs.keys(): delcert = self.client.delete_certificate(vault_uri, cert_name) print(delcert) if not self.is_playback(): time.sleep(30) # validate all our deleted certificates are returned by get_deleted_certificates deleted = [KeyVaultId.parse_certificate_id(s.id).name for s in self.client.get_deleted_certificates(vault_uri)] # self.assertTrue(all(s in deleted for s in certs.keys())) # recover select secrets for certificate_name in [s for s in certs.keys() if s.startswith('certrec')]: self.client.recover_deleted_certificate(vault_uri, certificate_name) # purge select secrets for certificate_name in [s for s in certs.keys() if s.startswith('certprg')]: self.client.purge_deleted_certificate(vault_uri, certificate_name) if not self.is_playback(): time.sleep(30) # validate none of our deleted certificates are returned by get_deleted_certificates deleted = [KeyVaultId.parse_secret_id(s.id).name for s in self.client.get_deleted_certificates(vault_uri)] self.assertTrue(not any(s in deleted for s in certs.keys())) # validate the recovered certificates expected = {k: v for k, v in certs.items() if k.startswith('certrec')} actual = {k: self.client.get_certificate(vault_uri, k, KeyVaultId.version_none) for k in expected.keys()} self.assertEqual(len(set(expected.keys()) & set(actual.keys())), len(expected))
def test_crud_operations(self, vault, **kwargs): self.assertIsNotNone(vault) vault_uri = vault.properties.vault_uri cert_name = self.get_resource_name('cert') cert_policy = CertificatePolicy(key_properties=KeyProperties(exportable=True, key_type='RSA', key_size=2048, reuse_key=False), secret_properties=SecretProperties(content_type='application/x-pkcs12'), issuer_parameters=IssuerParameters(name='Self'), x509_certificate_properties=X509CertificateProperties( subject='CN=*.microsoft.com', subject_alternative_names=SubjectAlternativeNames( dns_names=['onedrive.microsoft.com', 'xbox.microsoft.com'] ), validity_in_months=24 )) # create certificate interval_time = 5 if not self.is_playback() else 0 cert_operation = self.client.create_certificate(vault_uri, cert_name, cert_policy) while True: pending_cert = self.client.get_certificate_operation(vault_uri, cert_name) self._validate_certificate_operation(pending_cert, vault_uri, cert_name, cert_policy) if pending_cert.status.lower() == 'completed': cert_id = KeyVaultId.parse_certificate_operation_id(pending_cert.target) break elif pending_cert.status.lower() != 'inprogress': raise Exception('Unknown status code for pending certificate: {}'.format(pending_cert)) time.sleep(interval_time) # get certificate cert_bundle = self.client.get_certificate(cert_id.vault, cert_id.name, '') self._validate_certificate_bundle(cert_bundle, vault_uri, cert_name, cert_policy) # get certificate as secret secret_id = KeyVaultId.parse_secret_id(cert_bundle.sid) secret_bundle = self.client.get_secret(secret_id.vault, secret_id.name, secret_id.version) # update certificate cert_policy.tags = {'tag1': 'value1'} cert_bundle = self.client.update_certificate(cert_id.vault, cert_id.name, cert_id.version, cert_policy) self._validate_certificate_bundle(cert_bundle, vault_uri, cert_name, cert_policy) # delete certificate cert_bundle = self.client.delete_certificate(vault_uri, cert_name) self._validate_certificate_bundle(cert_bundle, vault_uri, cert_name, cert_policy) # get certificate returns not found try: self.client.get_certificate(cert_id.vault, cert_id.name, '') self.fail('Get should fail') except Exception as ex: if not hasattr(ex, 'message') or 'not found' not in ex.message.lower(): raise ex
def test_async_request_cancellation_and_deletion(self, vault, **kwargs): self.assertIsNotNone(vault) vault_uri = vault.properties.vault_uri cert_name = 'asyncCanceledDeletedCert' cert_policy = CertificatePolicy(key_properties=KeyProperties(exportable=True, key_type='RSA', key_size=2048, reuse_key=False), secret_properties=SecretProperties(content_type='application/x-pkcs12'), issuer_parameters=IssuerParameters(name='Self'), x509_certificate_properties=X509CertificateProperties( subject='CN=*.microsoft.com', subject_alternative_names=SubjectAlternativeNames( dns_names=['onedrive.microsoft.com', 'xbox.microsoft.com'] ), validity_in_months=24 )) # create certificate self.client.create_certificate(vault_uri, cert_name, cert_policy) # cancel certificate operation cancel_operation = self.client.update_certificate_operation(vault_uri, cert_name, True) self.assertTrue(hasattr(cancel_operation, 'cancellation_requested')) self.assertTrue(cancel_operation.cancellation_requested) self._validate_certificate_operation(cancel_operation, vault_uri, cert_name, cert_policy) retrieved_operation = self.client.get_certificate_operation(vault_uri, cert_name) self.assertTrue(hasattr(retrieved_operation, 'cancellation_requested')) self.assertTrue(retrieved_operation.cancellation_requested) self._validate_certificate_operation(retrieved_operation, vault_uri, cert_name, cert_policy) # delete certificate operation deleted_operation = self.client.delete_certificate_operation(vault_uri, cert_name) self.assertIsNotNone(deleted_operation) self._validate_certificate_operation(deleted_operation, vault_uri, cert_name, cert_policy) try: self.client.get_certificate_operation(vault_uri, cert_name) self.fail('Get should fail') except Exception as ex: if not hasattr(ex, 'message') or 'not found' not in ex.message.lower(): raise ex # delete cancelled certificate operation self.client.delete_certificate(vault_uri, cert_name)