Revision 0602cef3 test/ganeti.utils.x509_unittest.py
b/test/ganeti.utils.x509_unittest.py | ||
---|---|---|
287 | 287 |
self.assert_(self._checkCertificate(cert1)) |
288 | 288 |
|
289 | 289 |
|
290 |
class TestCheckNodeCertificate(testutils.GanetiTestCase): |
|
291 |
def setUp(self): |
|
292 |
testutils.GanetiTestCase.setUp(self) |
|
293 |
self.tmpdir = tempfile.mkdtemp() |
|
294 |
|
|
295 |
def tearDown(self): |
|
296 |
testutils.GanetiTestCase.tearDown(self) |
|
297 |
shutil.rmtree(self.tmpdir) |
|
298 |
|
|
299 |
def testMismatchingKey(self): |
|
300 |
other_cert = self._TestDataFilename("cert1.pem") |
|
301 |
node_cert = self._TestDataFilename("cert2.pem") |
|
302 |
|
|
303 |
cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, |
|
304 |
utils.ReadFile(other_cert)) |
|
305 |
|
|
306 |
try: |
|
307 |
utils.CheckNodeCertificate(cert, _noded_cert_file=node_cert) |
|
308 |
except errors.GenericError, err: |
|
309 |
self.assertEqual(str(err), |
|
310 |
"Given cluster certificate does not match local key") |
|
311 |
else: |
|
312 |
self.fail("Exception was not raised") |
|
313 |
|
|
314 |
def testMatchingKey(self): |
|
315 |
cert_filename = self._TestDataFilename("cert2.pem") |
|
316 |
|
|
317 |
# Extract certificate |
|
318 |
cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, |
|
319 |
utils.ReadFile(cert_filename)) |
|
320 |
cert_pem = OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM, |
|
321 |
cert) |
|
322 |
|
|
323 |
utils.CheckNodeCertificate(cert, _noded_cert_file=cert_filename) |
|
324 |
|
|
325 |
def testMissingFile(self): |
|
326 |
cert_path = self._TestDataFilename("cert1.pem") |
|
327 |
nodecert = utils.PathJoin(self.tmpdir, "does-not-exist") |
|
328 |
|
|
329 |
utils.CheckNodeCertificate(NotImplemented, _noded_cert_file=nodecert) |
|
330 |
|
|
331 |
self.assertFalse(os.path.exists(nodecert)) |
|
332 |
|
|
333 |
def testInvalidCertificate(self): |
|
334 |
tmpfile = utils.PathJoin(self.tmpdir, "cert") |
|
335 |
utils.WriteFile(tmpfile, data="not a certificate") |
|
336 |
|
|
337 |
self.assertRaises(errors.X509CertError, utils.CheckNodeCertificate, |
|
338 |
NotImplemented, _noded_cert_file=tmpfile) |
|
339 |
|
|
340 |
def testNoPrivateKey(self): |
|
341 |
cert = self._TestDataFilename("cert1.pem") |
|
342 |
self.assertRaises(errors.X509CertError, utils.CheckNodeCertificate, |
|
343 |
NotImplemented, _noded_cert_file=cert) |
|
344 |
|
|
345 |
def testMismatchInNodeCert(self): |
|
346 |
cert1_path = self._TestDataFilename("cert1.pem") |
|
347 |
cert2_path = self._TestDataFilename("cert2.pem") |
|
348 |
tmpfile = utils.PathJoin(self.tmpdir, "cert") |
|
349 |
|
|
350 |
# Extract certificate |
|
351 |
cert1 = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, |
|
352 |
utils.ReadFile(cert1_path)) |
|
353 |
cert1_pem = OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM, |
|
354 |
cert1) |
|
355 |
|
|
356 |
# Extract mismatching key |
|
357 |
key2 = OpenSSL.crypto.load_privatekey(OpenSSL.crypto.FILETYPE_PEM, |
|
358 |
utils.ReadFile(cert2_path)) |
|
359 |
key2_pem = OpenSSL.crypto.dump_privatekey(OpenSSL.crypto.FILETYPE_PEM, |
|
360 |
key2) |
|
361 |
|
|
362 |
# Write to file |
|
363 |
utils.WriteFile(tmpfile, data=cert1_pem + key2_pem) |
|
364 |
|
|
365 |
try: |
|
366 |
utils.CheckNodeCertificate(cert1, _noded_cert_file=tmpfile) |
|
367 |
except errors.X509CertError, err: |
|
368 |
self.assertEqual(err.args, |
|
369 |
(tmpfile, "Certificate does not match with private key")) |
|
370 |
else: |
|
371 |
self.fail("Exception was not raised") |
|
372 |
|
|
373 |
|
|
290 | 374 |
if __name__ == "__main__": |
291 | 375 |
testutils.GanetiTestProgram() |
Also available in: Unified diff