Revision f97a7ada test/ganeti.utils.x509_unittest.py
b/test/ganeti.utils.x509_unittest.py | ||
---|---|---|
1 | 1 |
#!/usr/bin/python |
2 | 2 |
# |
3 | 3 |
|
4 |
# Copyright (C) 2006, 2007, 2010, 2011 Google Inc. |
|
4 |
# Copyright (C) 2006, 2007, 2010, 2011, 2012 Google Inc.
|
|
5 | 5 |
# |
6 | 6 |
# This program is free software; you can redistribute it and/or modify |
7 | 7 |
# it under the terms of the GNU General Public License as published by |
... | ... | |
164 | 164 |
# Not checking return value as this certificate is expired |
165 | 165 |
utils.VerifyX509Certificate(cert, 30, 7) |
166 | 166 |
|
167 |
@staticmethod |
|
168 |
def _GenCert(key, before, validity): |
|
169 |
# Urgh... mostly copied from x509.py :( |
|
170 |
|
|
171 |
# Create self-signed certificate |
|
172 |
cert = OpenSSL.crypto.X509() |
|
173 |
cert.set_serial_number(1) |
|
174 |
if before != 0: |
|
175 |
cert.gmtime_adj_notBefore(int(before)) |
|
176 |
cert.gmtime_adj_notAfter(validity) |
|
177 |
cert.set_issuer(cert.get_subject()) |
|
178 |
cert.set_pubkey(key) |
|
179 |
cert.sign(key, constants.X509_CERT_SIGN_DIGEST) |
|
180 |
return cert |
|
181 |
|
|
182 |
def testClockSkew(self): |
|
183 |
SKEW = constants.NODE_MAX_CLOCK_SKEW |
|
184 |
# Create private and public key |
|
185 |
key = OpenSSL.crypto.PKey() |
|
186 |
key.generate_key(OpenSSL.crypto.TYPE_RSA, constants.RSA_KEY_BITS) |
|
187 |
|
|
188 |
validity = 7 * 86400 |
|
189 |
# skew small enough, accepting cert; note that this is a timed |
|
190 |
# test, and could fail if the machine is so loaded that the next |
|
191 |
# few lines take more than NODE_MAX_CLOCK_SKEW / 2 |
|
192 |
for before in [-1, 0, SKEW / 4, SKEW / 2]: |
|
193 |
cert = self._GenCert(key, before, validity) |
|
194 |
result = utils.VerifyX509Certificate(cert, 1, 2) |
|
195 |
self.assertEqual(result, (None, None)) |
|
196 |
|
|
197 |
# skew too great, not accepting certs |
|
198 |
for before in [SKEW + 1, SKEW * 2, SKEW * 10]: |
|
199 |
cert = self._GenCert(key, before, validity) |
|
200 |
(status, msg) = utils.VerifyX509Certificate(cert, 1, 2) |
|
201 |
self.assertEqual(status, utils.CERT_WARNING) |
|
202 |
self.assertTrue(msg.startswith("Certificate not yet valid")) |
|
203 |
|
|
167 | 204 |
|
168 | 205 |
class TestVerifyCertificateInner(unittest.TestCase): |
169 | 206 |
def test(self): |
Also available in: Unified diff