lauri/certidude
1
0
Fork 0
mirror of https://github.com/laurivosandi/certidude synced 2025-10-31 09:29:13 +00:00
Code Issues Activity

tests: Test CRL checks on client side

Browse Source
This commit is contained in:
Lauri Võsandi
2017-05-04 07:38:49 +00:00
parent 68f6b9f6f6
commit 2ffcc64d86
3 changed files with 42 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.travis.yml
View File

@@ -19,9 +19,8 @@ install:
script:
- sudo find /home/ -type d -exec chmod 755 {} \; # Allow certidude serve to read templates
- sudo useradd adminbot -G sudo -p '$1$PBkf5waA$n9EV6WJ7PS6lyGWkgeTPf1'
- sudo useradd userbot -G users -p '$1$PBkf5waA$n9EV6WJ7PS6lyGWkgeTPf1'
- sudo useradd userbot -G users -p '$1$PBkf5waA$n9EV6WJ7PS6lyGWkgeTPf1' -c "User Bot,,,"
- sudo chmod 777 . # Allow forked processes to write .coverage files
- sudo mkdir -p /etc/NetworkManager/system-connections/ # Allow config file creation without having NM installed
- sudo coverage run --parallel-mode --source certidude -m py.test tests
- sudo coverage combine
- sudo coverage report

6
certidude/__init__.py
View File

@@ -1,6 +0,0 @@
try:
from future.standard_library import install_aliases
install_aliases()
except ImportError:
pass

61
tests/test_cli.py
View File

@@ -168,6 +168,10 @@ def test_cli_setup_authority():
assert r.headers.get('content-type') == "application/x-x509-ca-cert"
assert r.text == buf
r = client().simulate_get("/api/certificate")
assert r.status_code == 200
assert r.headers.get('content-type') == "application/x-x509-ca-cert"
assert r.text == buf
# Password is bot, users created by Travis
usertoken = "Basic dXNlcmJvdDpib3Q="
@@ -191,6 +195,15 @@ def test_cli_setup_authority():
assert r.status_code == 200, r.text # if this breaks certidude serve has no read access to static folder
r = requests.get("http://ca.example.lan/nonexistant.html")
assert r.status_code == 404, r.text
r = requests.get("http://ca.example.lan/../nonexistant.html")
assert r.status_code == 403, r.text
r = client().simulate_get("/index.html")
assert r.status_code == 200, r.text
r = client().simulate_get("/nonexistant.html")
assert r.status_code == 404, r.text
r = client().simulate_get("/../nonexistant.html")
assert r.status_code == 403, r.text
# Test request submission
buf = generate_csr(cn=u"test")
@@ -301,20 +314,6 @@ def test_cli_setup_authority():
assert "Stored request " in inbox.pop(), inbox
assert not inbox
# Test session API call
r = client().simulate_get("/api/", headers={"Authorization":usertoken})
assert r.status_code == 200
r = client().simulate_get("/api/", headers={"Authorization":admintoken})
assert r.status_code == 200
r = client().simulate_get("/api/", headers={"Accept":"text/plain", "Authorization":admintoken})
assert r.status_code == 415 # invalid media type
r = client().simulate_get("/api/")
assert r.status_code == 401
# Test signed certificate API call
r = client().simulate_get("/api/signed/nonexistant/")
assert r.status_code == 404, r.text
@@ -357,9 +356,9 @@ def test_cli_setup_authority():
# Insert lease as if VPN gateway had submitted it
path, _, _ = authority.get_signed("test")
from xattr import setxattr
from xattr import setxattr, getxattr, listxattr
setxattr(path, "user.lease.address", b"127.0.0.1")
setxattr(path, "user.lease.last_seen", b"random")
setxattr(path, "user.lease.last_seen", datetime.utcnow().strftime("%Y-%m-%dT%H:%M:%S.%f")[:-3] + "Z")
r = client().simulate_get("/api/signed/test/attr/")
assert r.status_code == 200, r.text
@@ -393,12 +392,12 @@ def test_cli_setup_authority():
assert r.status_code == 200, r.text
# Tags can be overwritten only by admin
r = client().simulate_put("/api/signed/test/tag/other/")
r = client().simulate_put("/api/signed/test/tag/something/")
assert r.status_code == 401, r.text
r = client().simulate_put("/api/signed/test/tag/other/",
r = client().simulate_put("/api/signed/test/tag/something/",
headers={"Authorization":usertoken})
assert r.status_code == 403, r.text
r = client().simulate_put("/api/signed/test/tag/other/",
r = client().simulate_put("/api/signed/test/tag/something/",
body="value=else",
headers={"content-type": "application/x-www-form-urlencoded", "Authorization":admintoken})
assert r.status_code == 200, r.text
@@ -412,6 +411,7 @@ def test_cli_setup_authority():
r = client().simulate_delete("/api/signed/test/tag/else/",
headers={"content-type": "application/x-www-form-urlencoded", "Authorization":admintoken})
assert r.status_code == 200, r.text
assert "user.xdg.tags" not in listxattr(path, "user.xdg.tags")
# Test revocation
@@ -437,6 +437,21 @@ def test_cli_setup_authority():
assert r.status_code == 200, r.text
assert r.headers.get('content-type') == "application/json; charset=UTF-8"
# Test session API call
r = client().simulate_get("/api/", headers={"Authorization":usertoken})
assert r.status_code == 200
r = client().simulate_get("/api/", headers={"Authorization":admintoken})
assert r.status_code == 200
r = client().simulate_get("/api/", headers={"Accept":"text/plain", "Authorization":admintoken})
assert r.status_code == 415 # invalid media type
r = client().simulate_get("/api/")
assert r.status_code == 401
# Test token mech
r = client().simulate_post("/api/token/")
assert r.status_code == 404, r.text
@@ -663,12 +678,18 @@ def test_cli_setup_authority():
# Test revocation on command-line
child_pid = os.fork()
if not child_pid:
result = runner.invoke(cli, ['revoke', 'www.example.lan'])
result = runner.invoke(cli, ['revoke', 'roadwarrior4'])
assert not result.exception, result.output
return
else:
os.waitpid(child_pid, 0)
# Test revocation check on client side
result = runner.invoke(cli, ["request", "--no-wait"])
assert not result.exception, result.output
assert "Certificate has been revoked, wiping keys and certificates" in result.output, result.output
assert "Writing certificate to:" in result.output, result.output
result = runner.invoke(cli, ['list', '-srv'])
assert not result.exception, result.output
result = runner.invoke(cli, ['cron'])