Revision 0602cef3 test/ganeti.utils.x509_unittest.py
| b/test/ganeti.utils.x509_unittest.py | ||
|---|---|---|
| 287 | 287 |
self.assert_(self._checkCertificate(cert1)) |
| 288 | 288 |
|
| 289 | 289 |
|
| 290 |
class TestCheckNodeCertificate(testutils.GanetiTestCase): |
|
| 291 |
def setUp(self): |
|
| 292 |
testutils.GanetiTestCase.setUp(self) |
|
| 293 |
self.tmpdir = tempfile.mkdtemp() |
|
| 294 |
|
|
| 295 |
def tearDown(self): |
|
| 296 |
testutils.GanetiTestCase.tearDown(self) |
|
| 297 |
shutil.rmtree(self.tmpdir) |
|
| 298 |
|
|
| 299 |
def testMismatchingKey(self): |
|
| 300 |
other_cert = self._TestDataFilename("cert1.pem")
|
|
| 301 |
node_cert = self._TestDataFilename("cert2.pem")
|
|
| 302 |
|
|
| 303 |
cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, |
|
| 304 |
utils.ReadFile(other_cert)) |
|
| 305 |
|
|
| 306 |
try: |
|
| 307 |
utils.CheckNodeCertificate(cert, _noded_cert_file=node_cert) |
|
| 308 |
except errors.GenericError, err: |
|
| 309 |
self.assertEqual(str(err), |
|
| 310 |
"Given cluster certificate does not match local key") |
|
| 311 |
else: |
|
| 312 |
self.fail("Exception was not raised")
|
|
| 313 |
|
|
| 314 |
def testMatchingKey(self): |
|
| 315 |
cert_filename = self._TestDataFilename("cert2.pem")
|
|
| 316 |
|
|
| 317 |
# Extract certificate |
|
| 318 |
cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, |
|
| 319 |
utils.ReadFile(cert_filename)) |
|
| 320 |
cert_pem = OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM, |
|
| 321 |
cert) |
|
| 322 |
|
|
| 323 |
utils.CheckNodeCertificate(cert, _noded_cert_file=cert_filename) |
|
| 324 |
|
|
| 325 |
def testMissingFile(self): |
|
| 326 |
cert_path = self._TestDataFilename("cert1.pem")
|
|
| 327 |
nodecert = utils.PathJoin(self.tmpdir, "does-not-exist") |
|
| 328 |
|
|
| 329 |
utils.CheckNodeCertificate(NotImplemented, _noded_cert_file=nodecert) |
|
| 330 |
|
|
| 331 |
self.assertFalse(os.path.exists(nodecert)) |
|
| 332 |
|
|
| 333 |
def testInvalidCertificate(self): |
|
| 334 |
tmpfile = utils.PathJoin(self.tmpdir, "cert") |
|
| 335 |
utils.WriteFile(tmpfile, data="not a certificate") |
|
| 336 |
|
|
| 337 |
self.assertRaises(errors.X509CertError, utils.CheckNodeCertificate, |
|
| 338 |
NotImplemented, _noded_cert_file=tmpfile) |
|
| 339 |
|
|
| 340 |
def testNoPrivateKey(self): |
|
| 341 |
cert = self._TestDataFilename("cert1.pem")
|
|
| 342 |
self.assertRaises(errors.X509CertError, utils.CheckNodeCertificate, |
|
| 343 |
NotImplemented, _noded_cert_file=cert) |
|
| 344 |
|
|
| 345 |
def testMismatchInNodeCert(self): |
|
| 346 |
cert1_path = self._TestDataFilename("cert1.pem")
|
|
| 347 |
cert2_path = self._TestDataFilename("cert2.pem")
|
|
| 348 |
tmpfile = utils.PathJoin(self.tmpdir, "cert") |
|
| 349 |
|
|
| 350 |
# Extract certificate |
|
| 351 |
cert1 = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, |
|
| 352 |
utils.ReadFile(cert1_path)) |
|
| 353 |
cert1_pem = OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM, |
|
| 354 |
cert1) |
|
| 355 |
|
|
| 356 |
# Extract mismatching key |
|
| 357 |
key2 = OpenSSL.crypto.load_privatekey(OpenSSL.crypto.FILETYPE_PEM, |
|
| 358 |
utils.ReadFile(cert2_path)) |
|
| 359 |
key2_pem = OpenSSL.crypto.dump_privatekey(OpenSSL.crypto.FILETYPE_PEM, |
|
| 360 |
key2) |
|
| 361 |
|
|
| 362 |
# Write to file |
|
| 363 |
utils.WriteFile(tmpfile, data=cert1_pem + key2_pem) |
|
| 364 |
|
|
| 365 |
try: |
|
| 366 |
utils.CheckNodeCertificate(cert1, _noded_cert_file=tmpfile) |
|
| 367 |
except errors.X509CertError, err: |
|
| 368 |
self.assertEqual(err.args, |
|
| 369 |
(tmpfile, "Certificate does not match with private key")) |
|
| 370 |
else: |
|
| 371 |
self.fail("Exception was not raised")
|
|
| 372 |
|
|
| 373 |
|
|
| 290 | 374 |
if __name__ == "__main__": |
| 291 | 375 |
testutils.GanetiTestProgram() |
Also available in: Unified diff