mirror of
https://github.com/laurivosandi/certidude
synced 2024-12-23 00:25:18 +00:00
Add autosign handling for request submission test
This commit is contained in:
parent
4c9744308a
commit
f9429b2e94
@ -50,7 +50,7 @@ admin subnets = 0.0.0.0/0
|
|||||||
request subnets = 0.0.0.0/0
|
request subnets = 0.0.0.0/0
|
||||||
|
|
||||||
# Certificates are automatically signed for these subnets
|
# Certificates are automatically signed for these subnets
|
||||||
autosign subnets = 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
|
autosign subnets = 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
|
||||||
|
|
||||||
[logging]
|
[logging]
|
||||||
backend =
|
backend =
|
||||||
|
@ -21,13 +21,14 @@ def client():
|
|||||||
from certidude.api import certidude_app
|
from certidude.api import certidude_app
|
||||||
return testing.TestClient(certidude_app())
|
return testing.TestClient(certidude_app())
|
||||||
|
|
||||||
def generate_csr():
|
def generate_csr(cn=None):
|
||||||
key = rsa.generate_private_key(
|
key = rsa.generate_private_key(
|
||||||
public_exponent=65537,
|
public_exponent=65537,
|
||||||
key_size=1024,
|
key_size=1024,
|
||||||
backend=default_backend())
|
backend=default_backend())
|
||||||
csr = x509.CertificateSigningRequestBuilder(
|
csr = x509.CertificateSigningRequestBuilder()
|
||||||
).subject_name(x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, u"test")]))
|
if cn is not None:
|
||||||
|
csr = csr.subject_name(x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, cn)]))
|
||||||
buf = csr.sign(key, hashes.SHA256(), default_backend()
|
buf = csr.sign(key, hashes.SHA256(), default_backend()
|
||||||
).public_bytes(serialization.Encoding.PEM)
|
).public_bytes(serialization.Encoding.PEM)
|
||||||
return buf
|
return buf
|
||||||
@ -61,7 +62,7 @@ def test_cli_setup_authority():
|
|||||||
assert r.headers.get('content-type') == "application/x-x509-ca-cert"
|
assert r.headers.get('content-type') == "application/x-x509-ca-cert"
|
||||||
|
|
||||||
# Test request submission
|
# Test request submission
|
||||||
buf = generate_csr()
|
buf = generate_csr(cn=u"test")
|
||||||
|
|
||||||
r = client().simulate_post("/api/request/", body=buf)
|
r = client().simulate_post("/api/request/", body=buf)
|
||||||
assert r.status_code == 415 # wrong content type
|
assert r.status_code == 415 # wrong content type
|
||||||
@ -83,24 +84,31 @@ def test_cli_setup_authority():
|
|||||||
assert r.status_code == 303 # redirect to long poll
|
assert r.status_code == 303 # redirect to long poll
|
||||||
|
|
||||||
r = client().simulate_post("/api/request/",
|
r = client().simulate_post("/api/request/",
|
||||||
body=generate_csr(),
|
body=generate_csr(cn=u"test"),
|
||||||
headers={"content-type":"application/pkcs10"})
|
headers={"content-type":"application/pkcs10"})
|
||||||
assert r.status_code == 409 # duplicate cn, different keypair
|
assert r.status_code == 409 # duplicate cn, different keypair
|
||||||
|
|
||||||
r = client().simulate_get("/api/request/test/", headers={"Accept":"application/json"})
|
r = client().simulate_get("/api/request/test/", headers={"Accept":"application/json"})
|
||||||
assert r.status_code == 200
|
assert r.status_code == 200 # fetch as JSON ok
|
||||||
assert r.headers.get('content-type') == "application/json"
|
assert r.headers.get('content-type') == "application/json"
|
||||||
|
|
||||||
r = client().simulate_get("/api/request/test/", headers={"Accept":"application/x-pem-file"})
|
r = client().simulate_get("/api/request/test/", headers={"Accept":"application/x-pem-file"})
|
||||||
assert r.status_code == 200
|
assert r.status_code == 200 # fetch as PEM ok
|
||||||
assert r.headers.get('content-type') == "application/x-pem-file"
|
assert r.headers.get('content-type') == "application/x-pem-file"
|
||||||
|
|
||||||
r = client().simulate_get("/api/request/test/", headers={"Accept":"text/plain"})
|
r = client().simulate_get("/api/request/test/", headers={"Accept":"text/plain"})
|
||||||
assert r.status_code == 415
|
assert r.status_code == 415 # not available as plaintext
|
||||||
|
|
||||||
r = client().simulate_get("/api/request/nonexistant/", headers={"Accept":"application/json"})
|
r = client().simulate_get("/api/request/nonexistant/", headers={"Accept":"application/json"})
|
||||||
assert r.status_code == 404
|
assert r.status_code == 404 # nonexistant common names
|
||||||
|
|
||||||
|
r = client().simulate_post("/api/request/", query_string="autosign=1",
|
||||||
|
body=buf,
|
||||||
|
headers={"content-type":"application/pkcs10"})
|
||||||
|
assert r.status_code == 200 # autosign successful
|
||||||
|
assert r.headers.get('content-type') == "application/x-pem-file"
|
||||||
|
|
||||||
|
# TODO: submit messed up CSR-s: no CN, empty CN etc
|
||||||
|
|
||||||
# Test command line interface
|
# Test command line interface
|
||||||
result = runner.invoke(cli, ['list', '-srv'])
|
result = runner.invoke(cli, ['list', '-srv'])
|
||||||
|
Loading…
Reference in New Issue
Block a user