def testMismatchInNodeCert(self):
cert1_path = testutils.TestDataFilename("cert1.pem")
cert2_path = testutils.TestDataFilename("cert2.pem")
tmpfile = utils.PathJoin(self.tmpdir, "cert")
# Extract certificate
cert1 = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM,
utils.ReadFile(cert1_path))
cert1_pem = OpenSSL.crypto.dump_certificate(
OpenSSL.crypto.FILETYPE_PEM, cert1)
# Extract mismatching key
key2 = OpenSSL.crypto.load_privatekey(OpenSSL.crypto.FILETYPE_PEM,
utils.ReadFile(cert2_path))
key2_pem = OpenSSL.crypto.dump_privatekey(OpenSSL.crypto.FILETYPE_PEM,
key2)
# Write to file
utils.WriteFile(tmpfile, data=cert1_pem + key2_pem)
try:
utils.CheckNodeCertificate(cert1, _noded_cert_file=tmpfile)
except errors.X509CertError, err:
self.assertEqual(
err.args,
(tmpfile, "Certificate does not match with private key"))
def testMissingFile(self):
cert_path = testutils.TestDataFilename("cert1.pem")
nodecert = utils.PathJoin(self.tmpdir, "does-not-exist")
utils.CheckNodeCertificate(NotImplemented, _noded_cert_file=nodecert)
self.assertFalse(os.path.exists(nodecert))
def testMatchingKey(self):
cert_filename = testutils.TestDataFilename("cert2.pem")
# Extract certificate
cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM,
utils.ReadFile(cert_filename))
cert_pem = OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM,
cert)
utils.CheckNodeCertificate(cert, _noded_cert_file=cert_filename)
def testMismatchingKey(self):
other_cert = testutils.TestDataFilename("cert1.pem")
node_cert = testutils.TestDataFilename("cert2.pem")
cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM,
utils.ReadFile(other_cert))
try:
utils.CheckNodeCertificate(cert, _noded_cert_file=node_cert)
except errors.GenericError, err:
self.assertEqual(
str(err), "Given cluster certificate does not match local key")