def test_get_count_should_return_one_after_delete(self): session = self.ca_repo.get_session() project = models.Project() project.external_id = "my keystone id" project.save(session=session) ca_model = models.CertificateAuthority(self.parsed_ca) ca_model.project_id = project.id self.ca_repo.create_from(ca_model, session=session) ca_model = models.CertificateAuthority(self.parsed_ca) ca_model.project_id = project.id self.ca_repo.create_from(ca_model, session=session) session.commit() count = self.ca_repo.get_count(project.id, session=session) self.assertEqual(2, count) self.ca_repo.delete_entity_by_id(ca_model.id, "my keystone id", session=session) session.commit() count = self.ca_repo.get_count(project.id, session=session) self.assertEqual(1, count)
def create_cas(self, set_project_cas=True): self.project = res.get_or_create_project(self.project_id) self.global_project = res.get_or_create_global_preferred_project() project_repo.save(self.project) self.project_ca_ids = [] self.plugin_name = 'default_plugin' self.plugin_ca_id = 'default_plugin_ca_id_' self.ca_id = "id1" self.num_cas = 10 self.offset = 2 self.limit = 4 self.params = {'offset': self.offset, 'limit': self.limit} self._do_create_cas(set_project_cas) # create subca for DELETE testing parsed_ca = { 'plugin_name': self.plugin_name, 'plugin_ca_id': self.plugin_ca_id + "subca 1", 'name': self.plugin_name, 'description': 'Sub CA for default plugin', 'ca_signing_certificate': 'ZZZZZ' + "sub ca1", 'intermediates': 'YYYYY' + "sub ca1", 'project_id': self.project.id, 'creator_id': 'user12345' } ca = models.CertificateAuthority(parsed_ca) ca_repo.create_from(ca) ca_repo.save(ca) self.subca = ca self.num_cas += 1
def test_create_new_preferred_ca(self): ca = models.CertificateAuthority(self.parsed_ca) ca.id = '67890' project = models.Project() project.id = '12345' preferred_ca = models.PreferredCertificateAuthority(project.id, ca.id) self.assertEqual(ca.id, preferred_ca.ca_id) self.assertEqual(project.id, preferred_ca.project_id)
def setUp(self): super(WhenTestingCertificatePluginManager, self).setUp() self.cert_spec = {} self.plugin_returned = mock.MagicMock() self.plugin_name = common_utils.generate_fullname_for( self.plugin_returned) types_list = [ cm.CertificateRequestType.SIMPLE_CMC_REQUEST, cm.CertificateRequestType.CUSTOM_REQUEST ] self.plugin_returned.supported_request_types.return_value = types_list self.plugin_returned.supports.return_value = True self.plugin_loaded = mock.MagicMock(obj=self.plugin_returned) expiration = ( datetime.datetime.utcnow() + datetime.timedelta(days=cm.CA_INFO_DEFAULT_EXPIRATION_DAYS)) ca_info = { cm.INFO_NAME: "my_ca", cm.INFO_DESCRIPTION: "Certificate Authority my_ca", cm.INFO_CA_SIGNING_CERT: "Undefined", cm.INFO_INTERMEDIATES: "Undefined", cm.INFO_EXPIRATION: expiration.isoformat() } self.plugin_returned.get_ca_info.return_value = { 'plugin_ca_id1': ca_info } parsed_ca = { 'plugin_name': self.plugin_name, 'plugin_ca_id': 'plugin_ca_id1', 'name': self.plugin_name, 'description': 'Master CA for default plugin', 'ca_signing_certificate': 'ZZZZZ', 'intermediates': 'YYYYY' } self.ca = models.CertificateAuthority(parsed_ca) self.ca.id = 'ca_id' self.ca_repo = mock.MagicMock() self.ca_repo.get_by_create_date.return_value = (self.ca, 0, 1, 1) self.ca_repo.create_from.return_value = None self.ca_repo.get.return_value = self.ca self.project = models.Project() self.project.id = '12345' self.setup_ca_repository_mock(self.ca_repo) self.plugin_loaded = mock.MagicMock(obj=self.plugin_returned) self.manager = cm.CertificatePluginManager() self.manager.extensions = [self.plugin_loaded]
def test_new_ca_is_created_from_dict(self): ca = models.CertificateAuthority(self.parsed_ca) self.assertEqual(self.parsed_ca['plugin_name'], ca.plugin_name) self.assertEqual(self.parsed_ca['plugin_ca_id'], ca.plugin_ca_id) self.assertEqual(self.parsed_ca['name'], ca.ca_meta['name'].value) self.assertEqual(self.parsed_ca['description'], ca.ca_meta['description'].value) self.assertEqual(self.parsed_ca['ca_signing_certificate'], ca.ca_meta['ca_signing_certificate'].value) self.assertEqual(self.parsed_ca['intermediates'], ca.ca_meta['intermediates'].value) self.assertIsInstance(ca.expiration, datetime.datetime) self.assertEqual(ca.created_at, ca.updated_at)
def test_should_create_subca(self, mocked_task): self.create_cas() self.create_subca_request(self.selected_ca_id) mocked_task.return_value = models.CertificateAuthority( self.parsed_subca) resp = self.app.post_json( '/cas', self.subca_request, expect_errors=False) self.assertEqual(201, resp.status_int)
def _do_create_cas(self, set_project_cas): for ca_id in moves.range(self.num_cas): parsed_ca = { 'plugin_name': self.plugin_name, 'plugin_ca_id': self.plugin_ca_id + str(ca_id), 'name': self.plugin_name, 'description': 'Master CA for default plugin', 'ca_signing_certificate': 'ZZZZZ' + str(ca_id), 'intermediates': 'YYYYY' + str(ca_id) } ca = models.CertificateAuthority(parsed_ca) ca_repo.create_from(ca) ca_repo.save(ca) if ca_id == 1: # set global preferred ca pref_ca = models.PreferredCertificateAuthority( self.global_project.id, ca.id) preferred_ca_repo.create_from(pref_ca) preferred_ca_repo.save(pref_ca) self.global_preferred_ca = ca if ca_id == 2 and set_project_cas: # set project CA project_ca = models.ProjectCertificateAuthority( self.project.id, ca.id) project_ca_repo.create_from(project_ca) project_ca_repo.save(project_ca) self.project_ca_ids.append(ca.id) if ca_id == 3 and set_project_cas: # set project preferred CA project_ca = models.ProjectCertificateAuthority( self.project.id, ca.id) project_ca_repo.create_from(project_ca) project_ca_repo.save(project_ca) self.project_ca_ids.append(ca.id) pref_ca = models.PreferredCertificateAuthority( self.project.id, ca.id) preferred_ca_repo.create_from(pref_ca) preferred_ca_repo.save(pref_ca) self.preferred_ca = ca if ca_id == 4: # set ca for testing GETs for a single CA self.selected_ca_id = ca.id self.selected_plugin_ca_id = self.plugin_ca_id + str(ca_id) self.selected_signing_cert = 'ZZZZZ' + str(ca_id) self.selected_intermediates = 'YYYYY' + str(ca_id)
def create_subordinate_ca(project_model, name, description, subject_dn, parent_ca_ref, creator_id): """Create a subordinate CA :param name - name of the subordinate CA :param: description - description of the subordinate CA :param: subject_dn - subject DN of the subordinate CA :param: parent_ca_ref - Barbican URL reference to the parent CA :param: creator_id - id for creator of the subordinate CA :return: :class models.CertificateAuthority model object for new sub CA """ # check that the parent ref exists and is accessible parent_ca_id = hrefs.get_ca_id_from_ref(parent_ca_ref) ca_repo = repos.get_ca_repository() parent_ca = ca_repo.get(entity_id=parent_ca_id, suppress_exception=True) if not parent_ca: raise excep.InvalidParentCA(parent_ca_ref=parent_ca_ref) # Parent CA must be a base CA or a subCA owned by this project if (parent_ca.project_id is not None and parent_ca.project_id != project_model.id): raise excep.UnauthorizedSubCA() # get the parent plugin, raises CertPluginNotFound if missing cert_plugin = cert.CertificatePluginManager().get_plugin_by_name( parent_ca.plugin_name) # confirm that the plugin supports creating subordinate CAs if not cert_plugin.supports_create_ca(): raise excep.SubCAsNotSupported() # make call to create the subordinate ca create_ca_dto = cert.CACreateDTO( name=name, description=description, subject_dn=subject_dn, parent_ca_id=parent_ca.plugin_ca_id) new_ca_dict = cert_plugin.create_ca(create_ca_dto) if not new_ca_dict: raise excep.SubCANotCreated(name=name) # create and store the subordinate CA as a new certificate authority object new_ca_dict['plugin_name'] = parent_ca.plugin_name new_ca_dict['creator_id'] = creator_id new_ca_dict['project_id'] = project_model.id new_ca = models.CertificateAuthority(new_ca_dict) ca_repo.create_from(new_ca) return new_ca
def setUp(self): super(WhenCreatingCertificateOrders, self).setUp() self.certificate_meta = {'request': 'XXXXXX'} # Make sure we have a project self.project = resources.get_or_create_project(self.project_id) # Create CA's in the db self.available_ca_ids = [] for i in range(2): ca_information = { 'plugin_name': 'plugin_name', 'plugin_ca_id': 'plugin_name ca_id1', 'name': 'plugin name', 'description': 'Master CA for default plugin', 'ca_signing_certificate': 'XXXXX', 'intermediates': 'YYYYY' } ca_model = models.CertificateAuthority(ca_information) ca = ca_repo.create_from(ca_model) self.available_ca_ids.append(ca.id) foreign_project = resources.get_or_create_project('foreign_project') foreign_ca_information = { 'project_id': foreign_project.id, 'plugin_name': 'plugin_name', 'plugin_ca_id': 'plugin_name ca_id1', 'name': 'plugin name', 'description': 'Master CA for default plugin', 'ca_signing_certificate': 'XXXXX', 'intermediates': 'YYYYY' } foreign_ca_model = models.CertificateAuthority(foreign_ca_information) foreign_ca = ca_repo.create_from(foreign_ca_model) self.foreign_ca_id = foreign_ca.id repositories.commit()
def create_certificate_authority(project=None, parsed_ca_in=None, session=None): if not parsed_ca_in: parsed_ca_in = { 'plugin_name': 'plugin_name', 'plugin_ca_id': 'plugin_ca_id', 'expiration:': 'expiration', 'creator_id': 'creator_id', 'project_id': project.id } certificate_authority = models.CertificateAuthority( parsed_ca_in=parsed_ca_in) cert_auth_repo = repositories.get_ca_repository() cert_auth_repo.create_from(certificate_authority, session=session) return certificate_authority
def setUp(self): super(WhenCreatingSubordinateCAs, self).setUp() self.project = res.get_or_create_project('12345') self.project2 = res.get_or_create_project('56789') self.subject_name = "cn=subca1 signing certificate, o=example.com" self.creator_id = "user12345" self.name = "Subordinate CA #1" self.description = "This is a test subordinate CA" self.plugin_name = "dogtag_plugin" # create parent ca expiration = (datetime.datetime.utcnow() + datetime.timedelta(minutes=10)) parsed_ca = { 'plugin_name': self.plugin_name, 'plugin_ca_id': 'ca_master', 'expiration': expiration.isoformat(), 'name': 'Dogtag CA', 'description': 'Master CA for Dogtag plugin', 'ca_signing_certificate': 'XXXXX', 'intermediates': 'YYYYY' } self.parent_ca = models.CertificateAuthority(parsed_ca) ca_repo.create_from(self.parent_ca) self.parent_ca_ref = 'https://localhost:6311/cas/' + self.parent_ca.id self.new_ca_dict = { 'plugin_ca_id': 'ca_subordinate', 'expiration': expiration.isoformat(), 'name': 'Dogtag Subordinate CA', 'description': 'Subordinate CA for Dogtag plugin', 'ca_signing_certificate': 'XXXXX', 'intermediates': 'YYYYY', } # mock plugin and calls to plugin self.cert_plugin = mock.MagicMock() self.cert_plugin.supports_create_ca.return_value = True self.cert_plugin.create_ca.return_value = self.new_ca_dict self._config_cert_plugin()
def create_cas(self): self.project = res.get_or_create_project(self.project_id) project_repo.save(self.project) self.project_ca_ids = [] self.plugin_name = 'default_plugin' self.plugin_ca_id = 'default_plugin_ca_id_' self.ca_id = "id1" self.num_cas = 10 self.offset = 2 self.limit = 4 self.params = {'offset': self.offset, 'limit': self.limit} for ca_id in moves.range(self.num_cas): parsed_ca = { 'plugin_name': self.plugin_name, 'plugin_ca_id': self.plugin_ca_id + str(ca_id), 'name': self.plugin_name, 'description': 'Master CA for default plugin', 'ca_signing_certificate': 'ZZZZZ' + str(ca_id), 'intermediates': 'YYYYY' + str(ca_id) } ca = models.CertificateAuthority(parsed_ca) ca_repo.create_from(ca) ca_repo.save(ca) if ca_id == 1: # set global preferred ca pref_ca = models.PreferredCertificateAuthority( preferred_ca_repo.PREFERRED_PROJECT_ID, ca.id) preferred_ca_repo.create_from(pref_ca) preferred_ca_repo.save(pref_ca) self.global_ca_id = ca.id if ca_id == 2: # set project CA project_ca = models.ProjectCertificateAuthority( self.project.id, ca.id) project_ca_repo.create_from(project_ca) project_ca_repo.save(project_ca) self.project_ca_ids.append(ca.id) if ca_id == 3: # set project preferred CA project_ca = models.ProjectCertificateAuthority( self.project.id, ca.id) project_ca_repo.create_from(project_ca) project_ca_repo.save(project_ca) self.project_ca_ids.append(ca.id) pref_ca = models.PreferredCertificateAuthority( self.project.id, ca.id) preferred_ca_repo.create_from(pref_ca) preferred_ca_repo.save(pref_ca) self.preferred_project_ca_id = ca.id if ca_id == 4: # set ca for testing GETs for a single CA self.selected_ca_id = ca.id self.selected_plugin_ca_id = self.plugin_ca_id + str(ca_id) self.selected_signing_cert = 'ZZZZZ' + str(ca_id) self.selected_intermediates = 'YYYYY' + str(ca_id)
def _add_ca(self, parsed_ca, session): ca = self.ca_repo.create_from(models.CertificateAuthority(parsed_ca), session=session) return ca
def test_refresh_ca_list(self): utc_now = datetime.datetime.utcnow() expired_time = utc_now - datetime.timedelta(days=1) expiration = utc_now + datetime.timedelta(days=1) ca1_info = { cm.INFO_NAME: "expired_ca_to_be_modified", cm.INFO_DESCRIPTION: "expired_ca to be modified", cm.INFO_CA_SIGNING_CERT: "XXXXXXX-expired-XXXXXX", cm.INFO_INTERMEDIATES: "YYYYYYY-expired-YYYYYYY", cm.INFO_EXPIRATION: expired_time.isoformat() } ca1_modified_info = { cm.INFO_NAME: "expired_ca_to_be_modified", cm.INFO_DESCRIPTION: "expired_ca to be modified", cm.INFO_CA_SIGNING_CERT: "XXXXXXX-no-longer-expired-XXXXXX", cm.INFO_INTERMEDIATES: "YYYYYYY-no-longer-expired-YYYYYYY", cm.INFO_EXPIRATION: expiration.isoformat() } ca2_info = { cm.INFO_NAME: "expired_ca_to_be_deleted", cm.INFO_DESCRIPTION: "expired ca to be deleted", cm.INFO_CA_SIGNING_CERT: "XXXX-expired-to-be-deleted-XXXX", cm.INFO_INTERMEDIATES: "YYYY-expired-to-be-deleted-YYYY", cm.INFO_EXPIRATION: expired_time.isoformat() } ca3_info = { cm.INFO_NAME: "new-ca-to-be-added", cm.INFO_DESCRIPTION: "new-ca-to-be-added", cm.INFO_CA_SIGNING_CERT: "XXXX-to-be-addeed-XXXX", cm.INFO_INTERMEDIATES: "YYYY-to-be-added-YYYY", cm.INFO_EXPIRATION: expiration.isoformat() } self.plugin_returned.get_ca_info.return_value = { 'plugin_ca_id_ca1': ca1_modified_info, 'plugin_ca_id_ca3': ca3_info } parsed_ca1 = dict(ca1_info) parsed_ca1[cm.PLUGIN_CA_ID] = 'plugin_ca_id_ca1' parsed_ca1['plugin_name'] = self.plugin_name ca1 = models.CertificateAuthority(parsed_ca1) ca1.id = "ca1_id" parsed_ca2 = dict(ca2_info) parsed_ca2[cm.PLUGIN_CA_ID] = 'plugin_ca_id_ca2' parsed_ca2['plugin_name'] = self.plugin_name ca2 = models.CertificateAuthority(parsed_ca2) ca2.id = "ca2_id" side_effect = [(None, 0, 4, 0), ([ca1, ca2], 0, 4, 2)] self.ca_repo.get_by_create_date.side_effect = side_effect self.manager.refresh_ca_table() self.plugin_returned.get_ca_info.assert_called_once_with() self.ca_repo.update_entity.assert_called_once_with( ca1, ca1_modified_info) self.ca_repo.delete_entity_by_id.assert_called_once_with(ca2.id, None) self.ca_repo.create_from.assert_has_calls([])
def setUp(self): super(BaseCertificateRequestsTestCase, self).setUp() self.external_project_id = "56789" self.project = res.get_or_create_project(self.external_project_id) project_repo.save(self.project) self.barbican_meta_dto = mock.MagicMock() self.order_meta = {} self.plugin_meta = {} self.barbican_meta = {} self.result = cert_man.ResultDTO( cert_man.CertificateStatus.WAITING_FOR_CA ) self.result_follow_on = common.FollowOnProcessingStatusDTO() self.cert_plugin = mock.MagicMock() self.cert_plugin.issue_certificate_request.return_value = self.result self.cert_plugin.check_certificate_status.return_value = self.result self.store_plugin = mock.MagicMock() parsed_ca = { 'plugin_name': "cert_plugin", 'plugin_ca_id': "XXXX", 'name': "test ca", 'description': 'Test CA', 'ca_signing_certificate': 'ZZZZZ', 'intermediates': 'YYYYY' } self.ca = models.CertificateAuthority(parsed_ca) ca_repo.create_from(self.ca) self.ca_id = self.ca.id # second ca for testing parsed_ca = { 'plugin_name': "cert_plugin", 'plugin_ca_id': "XXXX2", 'name': "test ca2", 'description': 'Test CA2', 'ca_signing_certificate': 'ZZZZZ2', 'intermediates': 'YYYYY2' } self.ca2 = models.CertificateAuthority(parsed_ca) ca_repo.create_from(self.ca2) self.ca_id2 = self.ca2.id # data for preferred CA and global preferred CA tests # add those to the repo in those tests self.pref_ca = models.PreferredCertificateAuthority( self.project.id, self.ca_id) self.global_pref_ca = models.PreferredCertificateAuthority( self.project.id, self.ca_id) # data for stored key cases self.private_key = models.Secret() self.private_key.secret_type = 'PRIVATE' self.private_key.project_id = self.project.id secret_repo.create_from(self.private_key) self.public_key = models.Secret() self.public_key.secret_type = 'PUBLIC' self.public_key.project_id = self.project.id secret_repo.create_from(self.public_key) self.passphrase = models.Secret() self.passphrase.secret_type = 'PASSPHRASE' self.passphrase.project_id = self.project.id secret_repo.create_from(self.passphrase) self.private_key_value = None self.public_key_value = "public_key" self.passphrase_value = None self.parsed_container_with_passphrase = { 'name': 'container name', 'type': 'rsa', 'secret_refs': [ {'name': 'private_key', 'secret_ref': 'https://localhost/secrets/' + self.private_key.id}, {'name': 'public_key', 'secret_ref': 'https://localhost/secrets/' + self.public_key.id}, {'name': 'private_key_passphrase', 'secret_ref': 'https://localhost/secrets/' + self.passphrase.id} ] } self.parsed_container = { 'name': 'container name', 'type': 'rsa', 'secret_refs': [ {'name': 'private_key', 'secret_ref': 'https://localhost/secrets/' + self.private_key.id}, {'name': 'public_key', 'secret_ref': 'https://localhost/secrets/' + self.public_key.id} ] } self.container_with_passphrase = models.Container( self.parsed_container_with_passphrase) self.container_with_passphrase.project_id = self.project.id container_repo.create_from(self.container_with_passphrase) self.container = models.Container(self.parsed_container) self.container.project_id = self.project.id container_repo.create_from(self.container) repositories.commit() self.stored_key_meta = { cert_man.REQUEST_TYPE: cert_man.CertificateRequestType.STORED_KEY_REQUEST, "container_ref": "https://localhost/containers/" + self.container.id, "subject_dn": "cn=host.example.com,ou=dev,ou=us,o=example.com" } self.order = models.Order() self.order.meta = self.order_meta self.order.project_id = self.project.id self.order.order_barbican_meta = self.barbican_meta self.order.type = 'certificate' order_repo.create_from(self.order) self._config_cert_plugin() self._config_store_plugin() self._config_cert_event_plugin() self._config_save_meta_plugin() self._config_get_meta_plugin() self._config_save_barbican_meta_plugin() self._config_get_barbican_meta_plugin() self._config_barbican_meta_dto()
def create_ca(parsed_ca, id_ref="id"): """Generate a CA entity instance.""" ca = models.CertificateAuthority(parsed_ca) ca.id = id_ref return ca
def _add_ca(self, plugin_name, plugin_ca_id, ca_info): parsed_ca = dict(ca_info) parsed_ca['plugin_name'] = plugin_name parsed_ca['plugin_ca_id'] = plugin_ca_id new_ca = models.CertificateAuthority(parsed_ca) self.ca_repo.create_from(new_ca)