def _add_ca__to_project_and_get_preferred(self, ca_ref):
resp = self.ca_behaviors.add_ca_to_project(ca_ref, user_name=admin_a)
self.assertEqual(204, resp.status_code)
resp = self.ca_behaviors.get_preferred(user_name=admin_a)
self.assertEqual(200, resp.status_code)
ca_id = hrefs.get_ca_id_from_ref(resp.model.ca_ref)
self.assertEqual(hrefs.get_ca_id_from_ref(ca_ref), ca_id)
resp = self.ca_behaviors.remove_ca_from_project(
ca_ref, user_name=admin_a)
self.assertEqual(204, resp.status_code)
resp = self.ca_behaviors.get_preferred(user_name=admin_a)
self.assertEqual(404, resp.status_code)
def test_project_preferred_overrides_global_preferred(self):
if self.num_cas < 2:
self.skipTest("At least two CAs are required for this test")
resp = self.ca_behaviors.get_preferred(user_name=admin_a)
self.assertEqual(404, resp.status_code)
resp = self.ca_behaviors.set_global_preferred(
ca_ref=self.cas[1], user_name=service_admin)
self.assertEqual(204, resp.status_code)
resp = self.ca_behaviors.get_preferred(user_name=admin_a)
self.assertEqual(200, resp.status_code)
ca_id = hrefs.get_ca_id_from_ref(resp.model.ca_ref)
self.assertEqual(self.ca_ids[1], ca_id)
resp = self.ca_behaviors.add_ca_to_project(
ca_ref=self.cas[0], user_name=admin_a)
self.assertEqual(204, resp.status_code)
resp = self.ca_behaviors.get_preferred(user_name=admin_a)
self.assertEqual(200, resp.status_code)
ca_id = hrefs.get_ca_id_from_ref(resp.model.ca_ref)
self.assertEqual(self.ca_ids[0], ca_id)
resp = self.ca_behaviors.remove_ca_from_project(
ca_ref=self.cas[0], user_name=admin_a)
self.assertEqual(204, resp.status_code)
resp = self.ca_behaviors.get_preferred(user_name=admin_a)
ca_id = hrefs.get_ca_id_from_ref(resp.model.ca_ref)
self.assertEqual(self.ca_ids[1], ca_id)
resp = self.ca_behaviors.unset_global_preferred(
user_name=service_admin)
self.assertEqual(204, resp.status_code)
resp = self.ca_behaviors.get_preferred(user_name=admin_a)
self.assertEqual(404, resp.status_code)
def create_subordinate_ca(project_model, name, description, subject_dn,
parent_ca_ref, creator_id):
"""Create a subordinate CA
:param name - name of the subordinate CA
:param: description - description of the subordinate CA
:param: subject_dn - subject DN of the subordinate CA
:param: parent_ca_ref - Barbican URL reference to the parent CA
:param: creator_id - id for creator of the subordinate CA
:return: :class models.CertificateAuthority model object for new sub CA
"""
# check that the parent ref exists and is accessible
parent_ca_id = hrefs.get_ca_id_from_ref(parent_ca_ref)
ca_repo = repos.get_ca_repository()
parent_ca = ca_repo.get(entity_id=parent_ca_id, suppress_exception=True)
if not parent_ca:
raise excep.InvalidParentCA(parent_ca_ref=parent_ca_ref)
# Parent CA must be a base CA or a subCA owned by this project
if (parent_ca.project_id is not None and
parent_ca.project_id != project_model.id):
raise excep.UnauthorizedSubCA()
# get the parent plugin, raises CertPluginNotFound if missing
cert_plugin = cert.CertificatePluginManager().get_plugin_by_name(
parent_ca.plugin_name)
# confirm that the plugin supports creating subordinate CAs
if not cert_plugin.supports_create_ca():
raise excep.SubCAsNotSupported()
# make call to create the subordinate ca
create_ca_dto = cert.CACreateDTO(
name=name,
description=description,
subject_dn=subject_dn,
parent_ca_id=parent_ca.plugin_ca_id)
new_ca_dict = cert_plugin.create_ca(create_ca_dto)
if not new_ca_dict:
raise excep.SubCANotCreated(name=name)
# create and store the subordinate CA as a new certificate authority object
new_ca_dict['plugin_name'] = parent_ca.plugin_name
new_ca_dict['creator_id'] = creator_id
new_ca_dict['project_id'] = project_model.id
new_ca = models.CertificateAuthority(new_ca_dict)
ca_repo.create_from(new_ca)
return new_ca
def test_global_preferred_set_and_unset(self):
resp = self.ca_behaviors.set_global_preferred(
ca_ref=self.cas[0], user_name=service_admin)
self.assertEqual(204, resp.status_code)
resp = self.ca_behaviors.get_global_preferred(user_name=service_admin)
self.assertEqual(200, resp.status_code)
ca_id = hrefs.get_ca_id_from_ref(resp.model.ca_ref)
self.assertEqual(self.ca_ids[0], ca_id)
resp = self.ca_behaviors.unset_global_preferred(
user_name=service_admin)
self.assertEqual(204, resp.status_code)
resp = self.ca_behaviors.get_global_preferred(user_name=service_admin)
self.assertEqual(404, resp.status_code)
def send_test_order(self, ca_ref=None, user_name=None,
expected_return=202):
test_model = order_models.OrderModel(**self.simple_cmc_data)
test_model.meta['request_data'] = base64.b64encode(
certutil.create_good_csr())
if ca_ref is not None:
ca_id = hrefs.get_ca_id_from_ref(ca_ref)
test_model.meta['ca_id'] = ca_id
create_resp, order_ref = self.order_behaviors.create_order(
test_model, user_name=user_name)
self.assertEqual(expected_return, create_resp.status_code)
if expected_return == 202:
self.assertIsNotNone(order_ref)
return order_ref
def test_response_should_all_except_subca_from_all_subresource(self):
self.create_cas()
self.app.extra_environ = {
'barbican.context': self._build_context("other_project",
user="******")
}
self.params['limit'] = 100
self.params['offset'] = 0
self.params['plugin_name'] = self.plugin_name
resp = self.app.get('/cas/all', self.params)
self.assertIn('total', resp.namespace)
self.assertEqual(self.num_cas - 1, resp.namespace['total'])
ca_refs = list(resp.namespace['cas'])
for ca_ref in ca_refs:
ca_id = hrefs.get_ca_id_from_ref(ca_ref)
self.assertNotEqual(ca_id, self.subca.id)
def test_response_should_list_subca_and_project_cas(self):
self.create_cas()
self.app.extra_environ = {
'barbican.context': self._build_context(self.project_id,
user="******")
}
self.params['limit'] = 100
self.params['offset'] = 0
resp = self.app.get('/cas/', self.params)
self.assertIn('total', resp.namespace)
self.assertEqual(3, resp.namespace['total'])
ca_refs = list(resp.namespace['cas'])
for ca_ref in ca_refs:
ca_id = hrefs.get_ca_id_from_ref(ca_ref)
if not ((ca_id in self.project_ca_ids)
or (ca_id == self.subca.id)):
self.fail("Invalid CA reference returned")
def setUp(self):
super(GlobalPreferredCATestCase, self).setUp()
(_, self.cas, self.num_cas, _, _) = self.ca_behaviors.get_cas()
self.ca_ids = [hrefs.get_ca_id_from_ref(ref) for ref in self.cas]
