示例#1
0
    def _generate_self_signed_certs(certificate_config, hostname, certs_dir):
        log.info('Generating self signed certificates at: %s', certs_dir)

        device_ca_phrase = None
        agent_ca_phrase = None
        if certificate_config.force_no_passwords is False:
            device_ca_phrase = certificate_config.device_ca_passphrase
            if device_ca_phrase is None or device_ca_phrase == '':
                bypass_opts = ['--device-ca-passphrase', '--device-ca-passphrase-file']
                device_ca_phrase = EdgeHostPlatform._prompt_password('Edge Device',
                                                                     bypass_opts,
                                                                     'deviceCAPassphraseFilePath')

            agent_ca_phrase = certificate_config.agent_ca_passphrase
            if agent_ca_phrase is None or agent_ca_phrase == '':
                bypass_opts = ['--agent-ca-passphrase', '--agent-ca-passphrase-file']
                agent_ca_phrase = EdgeHostPlatform._prompt_password('Edge Agent',
                                                                    bypass_opts,
                                                                    'agentCAPassphraseFilePath')

        cert_util = EdgeCertUtil()
        cert_util.create_root_ca_cert('edge-device-ca',
		                              validity_days_from_now=365,
									  subject_dict=certificate_config.certificate_subject_dict,
									  passphrase=device_ca_phrase)
        EdgeHostPlatform._generate_certs_common(cert_util,
                                                hostname,
                                                certs_dir,
                                                agent_ca_phrase)
示例#2
0
 def test_create_root_ca_cert_duplicate_ids_invalid(self):
     """
     Test API create_root_ca_cert raises exception when duplicate id's are used
     """
     cert_util = EdgeCertUtil()
     cert_util.create_root_ca_cert('root', subject_dict=VALID_SUBJECT_DICT)
     with self.assertRaises(edgectl.errors.EdgeValueError):
         cert_util.create_root_ca_cert('root', subject_dict=VALID_SUBJECT_DICT)
示例#3
0
 def test_create_server_cert_duplicate_ids_invalid(self):
     """
     Test API create_server_cert raises exception when invalid validity day values used
     """
     cert_util = EdgeCertUtil()
     cert_util.create_root_ca_cert('root', subject_dict=VALID_SUBJECT_DICT)
     with self.assertRaises(edgectl.errors.EdgeValueError):
         cert_util.create_server_cert('root', 'root', host_name='name')
示例#4
0
 def test_export_cert_artifacts_to_dir_invalid_dir_invalid(self, mock_chk_dir):
     """
     Test API export_cert_artifacts_to_dir raises exception when invalid id used
     """
     cert_util = EdgeCertUtil()
     cert_util.create_root_ca_cert('root', subject_dict=VALID_SUBJECT_DICT)
     with self.assertRaises(edgectl.errors.EdgeValueError):
         mock_chk_dir.return_value = False
         cert_util.export_cert_artifacts_to_dir('root', 'some_dir')
示例#5
0
 def test_create_root_ca_cert_validity_days_invalid(self):
     """
     Test API create_root_ca_cert raises exception when invalid validity day values are used
     """
     cert_util = EdgeCertUtil()
     for validity in [-1, 0, 366, 1096]:
         with self.assertRaises(edgectl.errors.EdgeValueError):
             cert_util.create_root_ca_cert('root',
                                           subject_dict=VALID_SUBJECT_DICT,
                                           validity_days_from_now=validity)
示例#6
0
 def test_create_root_ca_cert_subject_dict_invalid(self):
     """
     Test API create_root_ca_cert raises exception when invalid cert dicts are used
     """
     cert_util = EdgeCertUtil()
     with patch('edgectl.utils.EdgeCertUtil.is_valid_certificate_subject',
                MagicMock(return_value=False)):
         with self.assertRaises(edgectl.errors.EdgeValueError):
             cert_util.create_root_ca_cert('root',
                                           subject_dict=VALID_SUBJECT_DICT)
示例#7
0
    def test_create_server_cert_passphrase_invalid(self):
        """
        Test API create_server_cert raises exception when passphrase is invalid
        """
        cert_util = EdgeCertUtil()
        cert_util.create_root_ca_cert('root', subject_dict=VALID_SUBJECT_DICT)
        with self.assertRaises(edgectl.errors.EdgeValueError):
            cert_util.create_server_cert('server', 'root', host_name='name', passphrase='')

        with self.assertRaises(edgectl.errors.EdgeValueError):
            cert_util.create_server_cert('server', 'root', host_name='name', passphrase='123')

        bad_pass = '******' * 1024
        with self.assertRaises(edgectl.errors.EdgeValueError):
            cert_util.create_server_cert('server', 'root', host_name='name', passphrase=bad_pass)
示例#8
0
    def test_create_server_cert_hostname_invalid(self):
        """
        Test API create_server_cert raises exception when hostname is invalid
        """
        cert_util = EdgeCertUtil()
        cert_util.create_root_ca_cert('root', subject_dict=VALID_SUBJECT_DICT)
        with self.assertRaises(edgectl.errors.EdgeValueError):
            cert_util.create_server_cert('int', 'root')

        with self.assertRaises(edgectl.errors.EdgeValueError):
            cert_util.create_server_cert('int', 'root', host_name=None)

        with self.assertRaises(edgectl.errors.EdgeValueError):
            cert_util.create_server_cert('int', 'root', host_name='')

        bad_hostname = 'a' * 65
        with self.assertRaises(edgectl.errors.EdgeValueError):
            cert_util.create_server_cert('int', 'root', host_name=bad_hostname)