def test_x509_parses(self): self.assertRaises(exceptions.UnreadableCert, cert_parser.validate_cert, "BAD CERT") self.assertTrue(cert_parser.validate_cert(ALT_EXT_CRT)) self.assertTrue( cert_parser.validate_cert(ALT_EXT_CRT, private_key=UNENCRYPTED_PKCS8_CRT_KEY))
def validate_tls_container(container_ref): cert_container = None lb_id = None if curr_listener: lb_id = curr_listener['loadbalancer_id'] else: lb_id = listener.get('loadbalancer_id') try: cert_container = CERT_MANAGER_PLUGIN.CertManager.get_cert( container_ref, lb_id=lb_id) except Exception as e: if hasattr(e, 'status_code') and e.status_code == 404: raise loadbalancerv2.TLSContainerNotFound( container_id=container_ref) else: # Could be a keystone configuration error... raise loadbalancerv2.CertManagerError( ref=container_ref, reason=e.message ) try: cert_parser.validate_cert( cert_container.get_certificate(), private_key=cert_container.get_private_key(), private_key_passphrase=( cert_container.get_private_key_passphrase()), intermediates=cert_container.get_intermediates()) except Exception as e: CERT_MANAGER_PLUGIN.CertManager.delete_cert( container_ref, lb_id) raise loadbalancerv2.TLSContainerInvalid( container_id=container_ref, reason=str(e))
def test_x509_parses(self): self.assertRaises(exceptions.UnreadableCert, cert_parser.validate_cert, "BAD CERT") self.assertTrue(cert_parser.validate_cert(six.u(ALT_EXT_CRT))) self.assertTrue(cert_parser.validate_cert(ALT_EXT_CRT)) self.assertTrue(cert_parser.validate_cert(ALT_EXT_CRT, private_key=UNENCRYPTED_PKCS8_CRT_KEY))
def test_validate_cert_and_key_match(self): self.assertTrue( cert_parser.validate_cert(ALT_EXT_CRT, private_key=ALT_EXT_CRT_KEY)) self.assertRaises(exceptions.MisMatchedKey, cert_parser.validate_cert, ALT_EXT_CRT, private_key=SOME_OTHER_RSA_KEY)
def validate_tls_container(container_ref): cert_container = None try: cert_container = CERT_MANAGER_PLUGIN.CertManager.get_cert( container_ref, check_only=True) except Exception: raise loadbalancerv2.TLSContainerNotFound( container_id=container_ref) try: cert_parser.validate_cert( cert_container.get_certificate(), private_key=cert_container.get_private_key(), private_key_passphrase=( cert_container.get_private_key_passphrase()), intermediates=cert_container.get_intermediates()) except Exception as e: raise loadbalancerv2.TLSContainerInvalid( container_id=container_ref, reason=str(e))
def test_validate_cert_and_key_match(self): self.assertTrue(cert_parser.validate_cert(ALT_EXT_CRT, private_key=ALT_EXT_CRT_KEY)) self.assertRaises(exceptions.MisMatchedKey, cert_parser.validate_cert, ALT_EXT_CRT, private_key=SOME_OTHER_RSA_KEY)
def test_x509_parses_intermediates(self): # Should not throw error when parsing with intermediates cert_parser.validate_cert(ALT_EXT_CRT, UNENCRYPTED_PKCS8_CRT_KEY, intermediates=X509_IMDS)