1
0
mirror of https://github.com/laurivosandi/certidude synced 2024-12-23 00:25:18 +00:00

Add autosign handling for request submission test

This commit is contained in:
Lauri Võsandi 2017-04-25 16:40:33 +03:00
parent 4c9744308a
commit f9429b2e94
2 changed files with 18 additions and 10 deletions

View File

@ -50,7 +50,7 @@ admin subnets = 0.0.0.0/0
request subnets = 0.0.0.0/0 request subnets = 0.0.0.0/0
# Certificates are automatically signed for these subnets # Certificates are automatically signed for these subnets
autosign subnets = 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 autosign subnets = 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
[logging] [logging]
backend = backend =

View File

@ -21,13 +21,14 @@ def client():
from certidude.api import certidude_app from certidude.api import certidude_app
return testing.TestClient(certidude_app()) return testing.TestClient(certidude_app())
def generate_csr(): def generate_csr(cn=None):
key = rsa.generate_private_key( key = rsa.generate_private_key(
public_exponent=65537, public_exponent=65537,
key_size=1024, key_size=1024,
backend=default_backend()) backend=default_backend())
csr = x509.CertificateSigningRequestBuilder( csr = x509.CertificateSigningRequestBuilder()
).subject_name(x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, u"test")])) if cn is not None:
csr = csr.subject_name(x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, cn)]))
buf = csr.sign(key, hashes.SHA256(), default_backend() buf = csr.sign(key, hashes.SHA256(), default_backend()
).public_bytes(serialization.Encoding.PEM) ).public_bytes(serialization.Encoding.PEM)
return buf return buf
@ -61,7 +62,7 @@ def test_cli_setup_authority():
assert r.headers.get('content-type') == "application/x-x509-ca-cert" assert r.headers.get('content-type') == "application/x-x509-ca-cert"
# Test request submission # Test request submission
buf = generate_csr() buf = generate_csr(cn=u"test")
r = client().simulate_post("/api/request/", body=buf) r = client().simulate_post("/api/request/", body=buf)
assert r.status_code == 415 # wrong content type assert r.status_code == 415 # wrong content type
@ -83,24 +84,31 @@ def test_cli_setup_authority():
assert r.status_code == 303 # redirect to long poll assert r.status_code == 303 # redirect to long poll
r = client().simulate_post("/api/request/", r = client().simulate_post("/api/request/",
body=generate_csr(), body=generate_csr(cn=u"test"),
headers={"content-type":"application/pkcs10"}) headers={"content-type":"application/pkcs10"})
assert r.status_code == 409 # duplicate cn, different keypair assert r.status_code == 409 # duplicate cn, different keypair
r = client().simulate_get("/api/request/test/", headers={"Accept":"application/json"}) r = client().simulate_get("/api/request/test/", headers={"Accept":"application/json"})
assert r.status_code == 200 assert r.status_code == 200 # fetch as JSON ok
assert r.headers.get('content-type') == "application/json" assert r.headers.get('content-type') == "application/json"
r = client().simulate_get("/api/request/test/", headers={"Accept":"application/x-pem-file"}) r = client().simulate_get("/api/request/test/", headers={"Accept":"application/x-pem-file"})
assert r.status_code == 200 assert r.status_code == 200 # fetch as PEM ok
assert r.headers.get('content-type') == "application/x-pem-file" assert r.headers.get('content-type') == "application/x-pem-file"
r = client().simulate_get("/api/request/test/", headers={"Accept":"text/plain"}) r = client().simulate_get("/api/request/test/", headers={"Accept":"text/plain"})
assert r.status_code == 415 assert r.status_code == 415 # not available as plaintext
r = client().simulate_get("/api/request/nonexistant/", headers={"Accept":"application/json"}) r = client().simulate_get("/api/request/nonexistant/", headers={"Accept":"application/json"})
assert r.status_code == 404 assert r.status_code == 404 # nonexistant common names
r = client().simulate_post("/api/request/", query_string="autosign=1",
body=buf,
headers={"content-type":"application/pkcs10"})
assert r.status_code == 200 # autosign successful
assert r.headers.get('content-type') == "application/x-pem-file"
# TODO: submit messed up CSR-s: no CN, empty CN etc
# Test command line interface # Test command line interface
result = runner.invoke(cli, ['list', '-srv']) result = runner.invoke(cli, ['list', '-srv'])