Revision f97a7ada test/ganeti.utils.x509_unittest.py

b/test/ganeti.utils.x509_unittest.py
1 1 
#!/usr/bin/python
2 2 
#
3 3 

  		





  4
  
  
    
# Copyright (C) 2006, 2007, 2010, 2011 Google Inc.


  		





  
  4
  
    
# Copyright (C) 2006, 2007, 2010, 2011, 2012 Google Inc.


  		





  5
  5
  
    
#


  		





  6
  6
  
    
# This program is free software; you can redistribute it and/or modify


  		





  7
  7
  
    
# it under the terms of the GNU General Public License as published by


  		





  ......




  164
  164
  
    
    # Not checking return value as this certificate is expired


  		





  165
  165
  
    
    utils.VerifyX509Certificate(cert, 30, 7)


  		





  166
  166
  
    

  		





  
  167
  
    
  @staticmethod


  		





  
  168
  
    
  def _GenCert(key, before, validity):


  		





  
  169
  
    
    # Urgh... mostly copied from x509.py :(


  		





  
  170
  
    

  		





  
  171
  
    
    # Create self-signed certificate


  		





  
  172
  
    
    cert = OpenSSL.crypto.X509()


  		





  
  173
  
    
    cert.set_serial_number(1)


  		





  
  174
  
    
    if before != 0:


  		





  
  175
  
    
      cert.gmtime_adj_notBefore(int(before))


  		





  
  176
  
    
    cert.gmtime_adj_notAfter(validity)


  		





  
  177
  
    
    cert.set_issuer(cert.get_subject())


  		





  
  178
  
    
    cert.set_pubkey(key)


  		





  
  179
  
    
    cert.sign(key, constants.X509_CERT_SIGN_DIGEST)


  		





  
  180
  
    
    return cert


  		





  
  181
  
    

  		





  
  182
  
    
  def testClockSkew(self):


  		





  
  183
  
    
    SKEW = constants.NODE_MAX_CLOCK_SKEW


  		





  
  184
  
    
    # Create private and public key


  		





  
  185
  
    
    key = OpenSSL.crypto.PKey()


  		





  
  186
  
    
    key.generate_key(OpenSSL.crypto.TYPE_RSA, constants.RSA_KEY_BITS)


  		





  
  187
  
    

  		





  
  188
  
    
    validity = 7 * 86400


  		





  
  189
  
    
    # skew small enough, accepting cert; note that this is a timed


  		





  
  190
  
    
    # test, and could fail if the machine is so loaded that the next


  		





  
  191
  
    
    # few lines take more than NODE_MAX_CLOCK_SKEW / 2


  		





  
  192
  
    
    for before in [-1, 0, SKEW / 4, SKEW / 2]:


  		





  
  193
  
    
      cert = self._GenCert(key, before, validity)


  		





  
  194
  
    
      result = utils.VerifyX509Certificate(cert, 1, 2)


  		





  
  195
  
    
      self.assertEqual(result, (None, None))


  		





  
  196
  
    

  		





  
  197
  
    
    # skew too great, not accepting certs


  		





  
  198
  
    
    for before in [SKEW + 1, SKEW * 2, SKEW * 10]:


  		





  
  199
  
    
      cert = self._GenCert(key, before, validity)


  		





  
  200
  
    
      (status, msg) = utils.VerifyX509Certificate(cert, 1, 2)


  		





  
  201
  
    
      self.assertEqual(status, utils.CERT_WARNING)


  		





  
  202
  
    
      self.assertTrue(msg.startswith("Certificate not yet valid"))


  		





  
  203
  
    

  		





  167
  204
  
    

  		





  168
  205
  
    
class TestVerifyCertificateInner(unittest.TestCase):


  		





  169
  206
  
    
  def test(self):


  		












Also available in:
  Unified diff