From 726052203cc80239f45435b6a1a2907315fab70f Mon Sep 17 00:00:00 2001 From: grindsa Date: Mon, 16 Dec 2024 18:28:34 +0100 Subject: [PATCH] [feat] log enrollment config in various ca_handlers --- acme_srv/helper.py | 45 +++++-- docs/acme_ca.md | 4 +- docs/asa.md | 3 + docs/certifier.md | 4 +- docs/digicert.md | 2 + docs/ejbca.md | 4 +- docs/entrust.md | 2 + docs/mscertsrv.md | 2 + docs/mswcce.md | 2 + docs/nclm.md | 3 + docs/xca.md | 2 + examples/ca_handler/acme_ca_handler.py | 10 +- examples/ca_handler/asa_ca_handler.py | 16 ++- examples/ca_handler/certifier_ca_handler.py | 11 +- examples/ca_handler/digicert_ca_handler.py | 9 +- examples/ca_handler/ejbca_ca_handler.py | 11 +- examples/ca_handler/entrust_ca_handler.py | 10 +- examples/ca_handler/mscertsrv_ca_handler.py | 10 +- examples/ca_handler/mswcce_ca_handler.py | 12 +- examples/ca_handler/nclm_ca_handler.py | 10 +- examples/ca_handler/xca_ca_handler.py | 10 +- test/test_acme_ca_handler.py | 104 +++++++++------- test/test_asa_ca_handler.py | 9 +- test/test_certifier_handler.py | 129 ++++++++++++-------- test/test_digicert.py | 55 ++++++--- test/test_ejbca_handler.py | 44 +++++-- test/test_entrust.py | 40 ++++-- test/test_helper.py | 13 ++ test/test_msca_handler.py | 49 ++++++-- test/test_nclm_ca_handler.py | 37 ++++-- test/test_xca_ca_handler.py | 9 +- 31 files changed, 484 insertions(+), 187 deletions(-) diff --git a/acme_srv/helper.py b/acme_srv/helper.py index 509c4653..b00fb6db 100644 --- a/acme_srv/helper.py +++ b/acme_srv/helper.py @@ -181,6 +181,28 @@ def config_headerinfo_load(logger: logging.Logger, config_dic: Dict[str, str]): logger.debug('config_headerinfo_load() ended') return header_info_field +def config_enroll_config_log_load(logger: logging.Logger, config_dic: Dict[str, str]): + """ load parameters """ + logger.debug('Helper.config_enroll_config_log_load()') + + enrollment_config_log = False + enrollment_config_log_skip_list = [] + + if 'CAhandler' in config_dic: + try: + enrollment_config_log = config_dic.getboolean('CAhandler', 'enrollment_config_log', fallback=False) + except Exception as err_: + logger.warning('CAhandler._config_load() enrollment_config_log failed with error: %s', err_) + + if 'enrollment_config_log_skip_list' in config_dic['CAhandler']: + try: + enrollment_config_log_skip_list = json.loads(config_dic['CAhandler']['enrollment_config_log_skip_list']) + except Exception as err_: + logger.warning('CAhandler._config_load() enrollment_config_log_skip_list failed with error: %s', err_) + enrollment_config_log_skip_list = 'ECLSLFAILURE' + + logger.debug('config_enroll_config_log_load() ended with: %s', enrollment_config_log) + return enrollment_config_log, enrollment_config_log_skip_list def eab_handler_load(logger: logging.Logger, config_dic: Dict) -> importlib.import_module: """ load and return eab_handler """ @@ -1920,18 +1942,21 @@ def csr_cn_lookup(logger: logging.Logger, csr: str) -> str: return csr_cn -def enrollment_config_log(logger: logging.Logger, obj: object, skiplist: List[str] = None): +def enrollment_config_log(logger: logging.Logger, obj: object, handler_skiplist: List[str] = None): """ log enrollment configuration """ logger.debug('Helper.enrollment_config_log()') - skip_list = ['logger', 'session', 'password', 'api_key', 'key', 'secret', 'token'] + skiplist = ['logger', 'session', 'password', 'api_key', 'api_password', 'key', 'secret', 'token'] - if skiplist: - skip_list.extend(skiplist) + if handler_skiplist and isinstance(handler_skiplist, list): + skiplist.extend(handler_skiplist) - enroll_parameter_list = [] - for key, value in obj.__dict__.items(): - if key.startswith('__') or key in skip_list: - continue - enroll_parameter_list.append(f'{key}: {value}') - logger.info('Enrollment configuration: %s', enroll_parameter_list) + if handler_skiplist and 'ECLSLFAILURE' in handler_skiplist: + logger.error('Enrollment configuration won\'t get logged due to a configuration error.') + else: + enroll_parameter_list = [] + for key, value in obj.__dict__.items(): + if key.startswith('__') or key in skiplist: + continue + enroll_parameter_list.append(f'{key}: {value}') + logger.info('Enrollment configuration: %s', enroll_parameter_list) diff --git a/docs/acme_ca.md b/docs/acme_ca.md index 76b00c35..c386a54d 100644 --- a/docs/acme_ca.md +++ b/docs/acme_ca.md @@ -51,7 +51,9 @@ The handler must be configured via `acme_srv`. | acme_account_email | email address used to register a new account | no | None | | allowed_domainlist | list of domain-names allowed for enrollment in json format example: ["bar.local$, bar.foo.local] | no | [] | | directory_path | path to directory ressource on ca server | no | '/directory' | -| eab_profiling | enable eab-profiling | None | False | +| eab_profiling | enable eab-profiling | no | False | +| enrollment_config_log | log enrollment parameters | no | False | +| enrollment_config_log_skip_list | list enrollment parameters not to be logged in json format example: [ "parameter1", "parameter2" ] | no | [] | | ssl_verify | verify certificates on SSL connections | no | True | - modify the server configuration (`acme_srv/acme_srv.cfg`) and add at least the following parameters. diff --git a/docs/asa.md b/docs/asa.md index d43359cc..7ed86887 100644 --- a/docs/asa.md +++ b/docs/asa.md @@ -36,6 +36,9 @@ cert_validity_days: - ca_name - name of the CA used to enroll certificates - profile_name - profile name - cert_validity_days - optional - polling timeout (default: 60s) +- eab_profiling - optional - [activate eab profiling](eab_profiling.md) (default: False) +- enrollment_config_log - optional - log enrollment parameters (default False) +- enrollment_config_log_skip_list - optional - list enrollment parameters not to be logged in json format example: [ "parameter1", "parameter2" ] (default: []) It is also recommended to increase the enrollment timeout to avoid that acme2certifier is closing the connection to early. diff --git a/docs/certifier.md b/docs/certifier.md index 71734aa4..27715a3b 100644 --- a/docs/certifier.md +++ b/docs/certifier.md @@ -31,9 +31,11 @@ eab_profiling: - api_password_variable - *optional* - name of the environment variable containing the password for the REST user (a configured `api_password` parameter in acme_srv.cfg takes precedence) - ca_bundle - optional - certificate bundle needed to validate the server certificate - can be True/False or a filename (default: True) - ca_name - name of the CA used to enroll certificates +- eab_profiling - optional - [activate eab profiling](eab_profiling.md) (default: False) +- enrollment_config_log - optional - log enrollment parameters (default False) +- enrollment_config_log_skip_list - optional - list enrollment parameters not to be logged in json format example: [ "parameter1", "parameter2" ] (default: []) - profile_id - optional - profileId - polling_timeout - optional - polling timeout (default: 60s) -- eab_profiling - optional - [activate eab profiling](eab_profiling.md) (default: False) Depending on CA policy configuration a CSR may require approval. In such a situation acme2certfier will poll the CA server to check the CSR status. The polling interval can be configured in acme.server.cfg. diff --git a/docs/digicert.md b/docs/digicert.md index e3bf9687..5a6cf2e1 100644 --- a/docs/digicert.md +++ b/docs/digicert.md @@ -42,6 +42,8 @@ eab_profiling: - order_validity - optional - oder validity (default: 1 year) - request_timeout - optional - requests timeout in seconds for requests (default: 5s) - eab_profiling - optional - [activate eab profiling](eab_profiling.md) (default: False) +- enrollment_config_log - optional - log enrollment parameters (default False) +- enrollment_config_log_skip_list - optional - list enrollment parameters not to be logged in json format example: [ "parameter1", "parameter2" ] (default: []) Use your favorite acme client for certificate enrollment. A list of clients used in our regression can be found in the [disclaimer section of our README file](../README.md) diff --git a/docs/ejbca.md b/docs/ejbca.md index 047eaf8d..e94b2dbc 100644 --- a/docs/ejbca.md +++ b/docs/ejbca.md @@ -45,8 +45,10 @@ eab_profiling: - cert_profile_name - name of the certificate profile - ee_profile_name - name of the end entity profile - ca_name - name of the CA used to enroll certificates -- request_timeout - optional - requests timeout in seconds for requests (default: 5s) - eab_profiling - optional - [activate eab profiling](eab_profiling.md) (default: False) +- enrollment_config_log - optional - log enrollment parameters (default False) +- enrollment_config_log_skip_list - optional - list enrollment parameters not to be logged in json format example: [ "parameter1", "parameter2" ] (default: []) +- request_timeout - optional - requests timeout in seconds for requests (default: 5s) You can test the connection by running the following curl command against your EJBCA server. diff --git a/docs/entrust.md b/docs/entrust.md index 9fbc2837..e5711716 100644 --- a/docs/entrust.md +++ b/docs/entrust.md @@ -42,6 +42,8 @@ eab_profiling: - allowed_domainlist: list of domain-names allowed for enrollment in json format (example: ["bar.local$, bar.foo.local]) - request_timeout - optional - requests timeout in seconds for requests (default: 5s) - eab_profiling - optional - [activate eab profiling](eab_profiling.md) (default: False) +- enrollment_config_log - optional - log enrollment parameters (default False) +- enrollment_config_log_skip_list - optional - list enrollment parameters not to be logged in json format example: [ "parameter1", "parameter2" ] (default: []) Use your favorite acme client for certificate enrollment. A list of clients used in our regression can be found in the [disclaimer section of our README file](../README.md) diff --git a/docs/mscertsrv.md b/docs/mscertsrv.md index c5566ca8..02f911a4 100644 --- a/docs/mscertsrv.md +++ b/docs/mscertsrv.md @@ -95,6 +95,8 @@ eab_profiling: False - template - certificate template used for enrollment - allowed_domainlist - *optional* - list of domain-names allowed for enrollment in json format example: ["bar.local$, bar.foo.local] - eab_profiling - optional - [activate eab profiling](eab_profiling.md) (default: False) +- enrollment_config_log - optional - log enrollment parameters (default False) +- enrollment_config_log_skip_list - optional - list enrollment parameters not to be logged in json format example: [ "parameter1", "parameter2" ] (default: []) ## Passing a template from client to server diff --git a/docs/mswcce.md b/docs/mswcce.md index 5483001d..1fbda707 100644 --- a/docs/mswcce.md +++ b/docs/mswcce.md @@ -87,6 +87,8 @@ eab_profiling: False - use_kerberos - use kerboros for authentication; if set to `False` authentication will be done via NTLM. Considering a [Microsoft accouncement from October 2023](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/the-evolution-of-windows-authentication/ba-p/3926848) the usage of Kerberos should be preferred. Nevertheless, for backwards compatibility reasons the default setting is `False` - allowed_domainlist - *optional* - list of domain-names allowed for enrollment in json format example: ["bar.local$, bar.foo.local] - eab_profiling - optional - [activate eab profiling](eab_profiling.md) (default: False) +- enrollment_config_log - optional - log enrollment parameters (default False) +- enrollment_config_log_skip_list - optional - list enrollment parameters not to be logged in json format example: [ "parameter1", "parameter2" ] (default: []) ## Passing a template from client to server diff --git a/docs/nclm.md b/docs/nclm.md index bdcc49ed..0f37fb9d 100644 --- a/docs/nclm.md +++ b/docs/nclm.md @@ -34,3 +34,6 @@ template_name: - ca_name - name of the CA used to enroll certificates - tsg_name - name of the target system group to store the certificates - template_name - optional - name of the template to be applied to CSR +- eab_profiling - optional - [activate eab profiling](eab_profiling.md) (default: False) +- enrollment_config_log - optional - log enrollment parameters (default False) +- enrollment_config_log_skip_list - optional - list enrollment parameters not to be logged in json format example: [ "parameter1", "parameter2" ] (default: []) diff --git a/docs/xca.md b/docs/xca.md index 37bb121e..c779dd1d 100644 --- a/docs/xca.md +++ b/docs/xca.md @@ -42,6 +42,8 @@ template_name: XCA template to be applied to CSRs - `ca_cert_chain_list` - *optional* - List of root and intermediate CA certificates to be added to the bundle return to an ACME-client (the issuing CA cert must not be included) - `template_name` - *optional* - name of the XCA template to be applied during certificate issuance - eab_profiling - optional - [activate eab profiling](eab_profiling.md) (default: False) +- enrollment_config_log - optional - log enrollment parameters (default False) +- enrollment_config_log_skip_list - optional - list enrollment parameters not to be logged in json format example: [ "parameter1", "parameter2" ] (default: []) Template support has been introduced starting from v0.13. Support is limited to the below parameters which can be applied during certificate issuance: diff --git a/examples/ca_handler/acme_ca_handler.py b/examples/ca_handler/acme_ca_handler.py index 433ec56f..30b7c552 100644 --- a/examples/ca_handler/acme_ca_handler.py +++ b/examples/ca_handler/acme_ca_handler.py @@ -15,7 +15,7 @@ from acme import client, messages from acme import errors from acme_srv.db_handler import DBstore -from acme_srv.helper import load_config, b64_url_recode, parse_url, allowed_domainlist_check, config_eab_profile_load, config_headerinfo_load, header_info_field_validate, eab_profile_header_info_check +from acme_srv.helper import load_config, b64_url_recode, parse_url, allowed_domainlist_check, config_eab_profile_load, config_headerinfo_load, header_info_field_validate, eab_profile_header_info_check, config_enroll_config_log_load, enrollment_config_log """ Config file section: @@ -50,6 +50,8 @@ def __init__(self, _debug: bool = False, logger: object = None): self.eab_profiling = False self.acme_keypath = None self.ssl_verify = True + self.enrollment_config_log = False + self.enrollment_config_log_skip_list = [] def __enter__(self): """ Makes CAhandler a Context Manager """ @@ -121,6 +123,8 @@ def _config_load(self): self.eab_profiling, self.eab_handler = config_eab_profile_load(self.logger, config_dic) # load header info self.header_info_field = config_headerinfo_load(self.logger, config_dic) + # load enrollment config log + self.enrollment_config_log, self.enrollment_config_log_skip_list = config_enroll_config_log_load(self.logger, config_dic) def _challenge_filter(self, authzr: messages.AuthorizationResource, chall_type: str = 'http-01') -> messages.ChallengeBody: """ filter authorization for challenge """ @@ -504,6 +508,10 @@ def enroll(self, csr: str) -> Tuple[str, str, str, str]: if not error: error = eab_profile_header_info_check(self.logger, self, csr, 'acme_url') + if self.enrollment_config_log: + self.enrollment_config_log_skip_list.extend(['dbstore', 'eab_mack_key']) + enrollment_config_log(self.logger, self, self.enrollment_config_log_skip_list) + if not error: try: user_key = self._user_key_load() diff --git a/examples/ca_handler/asa_ca_handler.py b/examples/ca_handler/asa_ca_handler.py index 5fed6432..713db342 100644 --- a/examples/ca_handler/asa_ca_handler.py +++ b/examples/ca_handler/asa_ca_handler.py @@ -6,7 +6,7 @@ import requests from requests.auth import HTTPBasicAuth # pylint: disable=e0401 -from acme_srv.helper import load_config, encode_url, csr_pubkey_get, csr_cn_get, csr_san_get, uts_now, uts_to_date_utc, b64_decode, cert_der2pem, convert_byte_to_string, cert_ski_get, config_eab_profile_load, config_headerinfo_load, eab_profile_header_info_check +from acme_srv.helper import load_config, encode_url, csr_pubkey_get, csr_cn_get, csr_san_get, uts_now, uts_to_date_utc, b64_decode, cert_der2pem, convert_byte_to_string, cert_ski_get, config_eab_profile_load, config_headerinfo_load, eab_profile_header_info_check, config_enroll_config_log_load, enrollment_config_log class CAhandler(object): @@ -28,6 +28,8 @@ def __init__(self, _debug: bool = None, logger: object = None): self.header_info_field = False self.eab_handler = None self.eab_profiling = False + self.enrollment_config_log = False + self.enrollment_config_log_skip_list = [] def __enter__(self): """ Makes CAhandler a Context Manager """ @@ -205,13 +207,17 @@ def _config_load(self): if not getattr(self, ele): self.logger.error('CAhandler._config_load(): %s not set', ele) - self._auth_set() - # load profiling self.eab_profiling, self.eab_handler = config_eab_profile_load(self.logger, config_dic) + + self._auth_set() + # load header info self.header_info_field = config_headerinfo_load(self.logger, config_dic) + # load enrollment config log + self.enrollment_config_log, self.enrollment_config_log_skip_list = config_enroll_config_log_load(self.logger, config_dic) + self.logger.debug('CAhandler._config_load() ended') def _csr_cn_get(self, csr: str) -> str: @@ -393,6 +399,10 @@ def enroll(self, csr: str) -> Tuple[str, str, str, str]: # check for eab profiling and header_info error = eab_profile_header_info_check(self.logger, self, csr, 'profile_name') + if self.enrollment_config_log: + self.enrollment_config_log_skip_list.extend(['api_password', 'auth']) + enrollment_config_log(self.logger, self, self.enrollment_config_log_skip_list) + if not error: # verify issuer error = self._issuer_verify() diff --git a/examples/ca_handler/certifier_ca_handler.py b/examples/ca_handler/certifier_ca_handler.py index 8c31050f..66342518 100644 --- a/examples/ca_handler/certifier_ca_handler.py +++ b/examples/ca_handler/certifier_ca_handler.py @@ -10,7 +10,7 @@ import requests from requests.auth import HTTPBasicAuth # pylint: disable=e0401 -from acme_srv.helper import load_config, cert_serial_get, uts_now, uts_to_date_utc, b64_decode, b64_encode, cert_pem2der, parse_url, proxy_check, error_dic_get, config_eab_profile_load, config_headerinfo_load, eab_profile_header_info_check +from acme_srv.helper import load_config, cert_serial_get, uts_now, uts_to_date_utc, b64_decode, b64_encode, cert_pem2der, parse_url, proxy_check, error_dic_get, config_eab_profile_load, config_headerinfo_load, eab_profile_header_info_check, config_enroll_config_log_load, enrollment_config_log class CAhandler(object): @@ -32,6 +32,8 @@ def __init__(self, debug: bool = False, logger: object = None): self.header_info_field = False self.eab_handler = None self.eab_profiling = False + self.enrollment_config_log = False + self.enrollment_config_log_skip_list = [] def __enter__(self): """ Makes ACMEHandler a Context Manager """ @@ -136,6 +138,10 @@ def _cert_get(self, csr: str) -> Dict[str, str]: ca_dic = self._ca_get_properties('name', self.ca_name) cert_dic = {} + if self.enrollment_config_log: + self.enrollment_config_log_skip_list.extend(['auth', 'api_password']) + enrollment_config_log(self.logger, self, self.enrollment_config_log_skip_list) + if 'href' in ca_dic: data = {'ca': ca_dic['href'], 'pkcs10': csr} @@ -258,6 +264,9 @@ def _config_parameter_load(self, config_dic: Dict[str, str]): except Exception: self.request_timeout = 20 + # load enrollment config log + self.enrollment_config_log, self.enrollment_config_log_skip_list = config_enroll_config_log_load(self.logger, config_dic) + # load profile_id self.profile_id = config_dic['CAhandler'].get('profile_id', None) diff --git a/examples/ca_handler/digicert_ca_handler.py b/examples/ca_handler/digicert_ca_handler.py index 35070a71..c2a8a150 100644 --- a/examples/ca_handler/digicert_ca_handler.py +++ b/examples/ca_handler/digicert_ca_handler.py @@ -5,7 +5,7 @@ import json import requests # pylint: disable=e0401 -from acme_srv.helper import load_config, cert_pem2der, b64_encode, allowed_domainlist_check, eab_profile_header_info_check, uts_now, uts_to_date_utc, cert_serial_get, config_eab_profile_load, config_headerinfo_load, request_operation, csr_cn_lookup +from acme_srv.helper import load_config, cert_pem2der, b64_encode, allowed_domainlist_check, eab_profile_header_info_check, uts_now, uts_to_date_utc, cert_serial_get, config_eab_profile_load, config_headerinfo_load, request_operation, csr_cn_lookup, config_enroll_config_log_load, enrollment_config_log CONTENT_TYPE = 'application/json' @@ -29,6 +29,8 @@ def __init__(self, _debug: bool = None, logger: object = None): self.header_info_field = False self.eab_handler = None self.eab_profiling = False + self.enrollment_config_log = False + self.enrollment_config_log_skip_list = [] def __enter__(self): """ Makes CAhandler a Context Manager """ @@ -131,6 +133,8 @@ def _config_load(self): self.eab_profiling, self.eab_handler = config_eab_profile_load(self.logger, config_dic) # load header info self.header_info_field = config_headerinfo_load(self.logger, config_dic) + # load enrollment config log + self.enrollment_config_log, self.enrollment_config_log_skip_list = config_enroll_config_log_load(self.logger, config_dic) self.logger.debug('CAhandler._config_load() ended') @@ -139,6 +143,9 @@ def _order_send(self, csr: str, csr_cn) -> Tuple[str, str]: self.logger.debug('CAhandler._order_send()') order_url = f'{self.api_url}order/certificate/{self.cert_type}' + if self.enrollment_config_log: + enrollment_config_log(self.logger, self, self.enrollment_config_log_skip_list) + if not csr.endswith('='): # padding if needed csr = csr + '=' * (-len(csr) % 4) diff --git a/examples/ca_handler/ejbca_ca_handler.py b/examples/ca_handler/ejbca_ca_handler.py index 6b15389e..50d16928 100644 --- a/examples/ca_handler/ejbca_ca_handler.py +++ b/examples/ca_handler/ejbca_ca_handler.py @@ -5,7 +5,7 @@ import requests from requests_pkcs12 import Pkcs12Adapter # pylint: disable=e0401 -from acme_srv.helper import load_config, build_pem_file, b64_url_recode, cert_der2pem, b64_decode, convert_byte_to_string, cert_serial_get, cert_issuer_get, encode_url, config_eab_profile_load, config_headerinfo_load, eab_profile_header_info_check +from acme_srv.helper import load_config, build_pem_file, b64_url_recode, cert_der2pem, b64_decode, convert_byte_to_string, cert_serial_get, cert_issuer_get, encode_url, config_eab_profile_load, config_headerinfo_load, eab_profile_header_info_check, config_enroll_config_log_load, enrollment_config_log class CAhandler(object): @@ -27,6 +27,8 @@ def __init__(self, _debug: bool = False, logger: object = None): self.header_info_field = False self.eab_handler = None self.eab_profiling = False + self.enrollment_config_log = False + self.enrollment_config_log_skip_list = [] def __enter__(self): """ Makes CAhandler a Context Manager """ @@ -171,6 +173,9 @@ def _config_load(self): for ele in ['api_host', 'cert_profile_name', 'ee_profile_name', 'ca_name', 'username', 'enrollment_code']: if not variable_dic[ele]: self.logger.error('CAhandler._config_load(): configuration incomplete: parameter "%s" is missing in configuration file.', ele) + + # load enrollment config log + self.enrollment_config_log, self.enrollment_config_log_skip_list = config_enroll_config_log_load(self.logger, config_dic) self.logger.debug('CAhandler._config_load() ended') def _api_post(self, url: str, data: Dict[str, str]) -> Dict[str, str]: @@ -206,6 +211,10 @@ def _enroll(self, csr: str) -> Tuple[str, str, str]: # prepare the CSR to be signed csr = build_pem_file(self.logger, None, b64_url_recode(self.logger, csr), None, True) + + if self.enrollment_config_log: + enrollment_config_log(self.logger, self, self.enrollment_config_log_skip_list) + sign_response = self._sign(csr) if 'certificate' in sign_response and 'certificate_chain' in sign_response: diff --git a/examples/ca_handler/entrust_ca_handler.py b/examples/ca_handler/entrust_ca_handler.py index df5ab70d..6a000907 100644 --- a/examples/ca_handler/entrust_ca_handler.py +++ b/examples/ca_handler/entrust_ca_handler.py @@ -8,7 +8,7 @@ import requests from requests_pkcs12 import Pkcs12Adapter # pylint: disable=e0401 -from acme_srv.helper import load_config, cert_pem2der, b64_encode, allowed_domainlist_check, eab_profile_header_info_check, uts_now, uts_to_date_utc, cert_serial_get, config_eab_profile_load, config_headerinfo_load, header_info_get, b64_url_recode, request_operation, csr_cn_lookup +from acme_srv.helper import load_config, cert_pem2der, b64_encode, allowed_domainlist_check, eab_profile_header_info_check, uts_now, uts_to_date_utc, cert_serial_get, config_eab_profile_load, config_headerinfo_load, header_info_get, b64_url_recode, request_operation, csr_cn_lookup, config_enroll_config_log_load, enrollment_config_log CONTENT_TYPE = 'application/json' @@ -65,6 +65,8 @@ def __init__(self, _debug: bool = None, logger: object = None): self.header_info_field = False self.eab_handler = None self.eab_profiling = False + self.enrollment_config_log = False + self.enrollment_config_log_skip_list = [] def __enter__(self): """ Makes CAhandler a Context Manager """ @@ -178,6 +180,8 @@ def _config_load(self): self.eab_profiling, self.eab_handler = config_eab_profile_load(self.logger, config_dic) # load header info self.header_info_field = config_headerinfo_load(self.logger, config_dic) + # load enrollment config log + self.enrollment_config_log, self.enrollment_config_log_skip_list = config_enroll_config_log_load(self.logger, config_dic) self.logger.debug('CAhandler._config_load() ended') @@ -400,6 +404,10 @@ def _enroll(self, csr: str) -> Tuple[str, str]: cert_bundle = None poll_indentifier = None + if self.enrollment_config_log: + self.enrollment_config_log_skip_list.extend(['cert_passphrase', 'client_key']) + enrollment_config_log(self.logger, self, self.enrollment_config_log_skip_list) + # get CN and SANs cn = csr_cn_lookup(self.logger, csr) diff --git a/examples/ca_handler/mscertsrv_ca_handler.py b/examples/ca_handler/mscertsrv_ca_handler.py index 8783a87c..a225d7a8 100644 --- a/examples/ca_handler/mscertsrv_ca_handler.py +++ b/examples/ca_handler/mscertsrv_ca_handler.py @@ -9,7 +9,7 @@ from cryptography.hazmat.primitives.serialization.pkcs7 import load_pem_pkcs7_certificates, load_der_pkcs7_certificates # pylint: disable=e0401, e0611 from examples.ca_handler.certsrv import Certsrv -from acme_srv.helper import load_config, b64_url_recode, convert_byte_to_string, proxy_check, convert_string_to_byte, header_info_get, allowed_domainlist_check, eab_profile_header_info_check, config_eab_profile_load # pylint: disable=e0401 +from acme_srv.helper import load_config, b64_url_recode, convert_byte_to_string, proxy_check, convert_string_to_byte, header_info_get, allowed_domainlist_check, eab_profile_header_info_check, config_eab_profile_load, config_enroll_config_log_load, enrollment_config_log # pylint: disable=e0401 class CAhandler(object): @@ -31,6 +31,8 @@ def __init__(self, _debug: bool = False, logger: object = None): self.verify = True self.eab_handler = None self.eab_profiling = False + self.enrollment_config_log = False + self.enrollment_config_log_skip_list = [] def __enter__(self): """ Makes CAhandler a Context Manager """ @@ -154,6 +156,9 @@ def _config_parameters_load(self, config_dic: Dict[str, str]): self.verify = config_dic.getboolean('CAhandler', 'verify', fallback=True) + # load enrollment config log + self.enrollment_config_log, self.enrollment_config_log_skip_list = config_enroll_config_log_load(self.logger, config_dic) + if 'allowed_domainlist' in config_dic['CAhandler']: try: self.allowed_domainlist = json.loads(config_dic['CAhandler']['allowed_domainlist']) @@ -312,6 +317,9 @@ def _enroll(self, csr: str) -> Tuple[str, str, str]: # check connection and credentials auth_check = self._check_credentials(ca_server) + if self.enrollment_config_log: + enrollment_config_log(self.logger, self, self.enrollment_config_log_skip_list) + if auth_check: # enroll certificate (error, cert_bundle, cert_raw) = self._csr_process(ca_server, csr) diff --git a/examples/ca_handler/mswcce_ca_handler.py b/examples/ca_handler/mswcce_ca_handler.py index 47f62f5c..01a2da50 100644 --- a/examples/ca_handler/mswcce_ca_handler.py +++ b/examples/ca_handler/mswcce_ca_handler.py @@ -20,7 +20,8 @@ allowed_domainlist_check, eab_profile_header_info_check, config_eab_profile_load, - enrollment_config_log + enrollment_config_log, + config_enroll_config_log_load ) @@ -45,6 +46,7 @@ def __init__(self, _debug: bool = False, logger: object = None): self.eab_handler = None self.eab_profiling = False self.enrollment_config_log = False + self.enrollment_config_log_skip_list = [] def __enter__(self): """Makes CAhandler a Context Manager""" @@ -123,10 +125,8 @@ def _config_parameters_load(self, config_dic: Dict[str, str]): self.ca_bundle = config_dic.get('CAhandler', 'ca_bundle', fallback=None) self.template = config_dic.get('CAhandler', 'template', fallback=None) - try: - self.enrollment_config_log = config_dic.getboolean('CAhandler', 'enrollment_config_log', fallback=False) - except Exception as err_: - self.logger.warning('CAhandler._config_load() enrollment_config_log failed with error: %s', err_) + # load enrollment config log + self.enrollment_config_log, self.enrollment_config_log_skip_list = config_enroll_config_log_load(self.logger, config_dic) try: self.timeout = config_dic.getint('CAhandler', 'timeout', fallback=5) @@ -195,7 +195,7 @@ def request_create(self) -> Request: self.logger.debug('CAhandler.request_create()') if self.enrollment_config_log: - enrollment_config_log(self.logger, self) + enrollment_config_log(self.logger, self, self.enrollment_config_log_skip_list) target = Target( domain=self.target_domain, diff --git a/examples/ca_handler/nclm_ca_handler.py b/examples/ca_handler/nclm_ca_handler.py index 29b46216..0b9d9230 100644 --- a/examples/ca_handler/nclm_ca_handler.py +++ b/examples/ca_handler/nclm_ca_handler.py @@ -7,7 +7,7 @@ from typing import List, Tuple, Dict import requests # pylint: disable=e0401, r0913 -from acme_srv.helper import load_config, build_pem_file, b64_encode, b64_url_recode, convert_string_to_byte, cert_serial_get, uts_now, parse_url, proxy_check, error_dic_get, uts_to_date_utc, header_info_get, eab_profile_header_info_check, config_eab_profile_load, config_headerinfo_load +from acme_srv.helper import load_config, build_pem_file, b64_encode, b64_url_recode, convert_string_to_byte, cert_serial_get, uts_now, parse_url, proxy_check, error_dic_get, uts_to_date_utc, header_info_get, eab_profile_header_info_check, config_eab_profile_load, config_headerinfo_load, config_enroll_config_log_load, enrollment_config_log class CAhandler(object): @@ -31,6 +31,8 @@ def __init__(self, _debug=None, logger=None): self.header_info_field = False self.eab_handler = None self.eab_profiling = False + self.enrollment_config_log = False + self.enrollment_config_log_skip_list = [] def __enter__(self): """ Makes CAhandler a Context Manager """ @@ -414,6 +416,8 @@ def _config_load(self): self.eab_profiling, self.eab_handler = config_eab_profile_load(self.logger, config_dic) # load header info self.header_info_field = config_headerinfo_load(self.logger, config_dic) + # load enrollment config log + self.enrollment_config_log, self.enrollment_config_log_skip_list = config_enroll_config_log_load(self.logger, config_dic) self.logger.debug('CAhandler._config_load() ended') @@ -549,6 +553,10 @@ def _enroll(self, csr: str, ca_id: int) -> Tuple[str, str, str, str]: cert_raw = None cert_id = None + if self.enrollment_config_log: + self.enrollment_config_log_skip_list.extend(['headers', 'credential_dic']) + enrollment_config_log(self.logger, self, self.enrollment_config_log_skip_list) + if ca_id and self.container_info_dic['id']: # enroll operation (error, cert_bundle, cert_raw, cert_id) = self._cert_enroll(csr, ca_id) diff --git a/examples/ca_handler/xca_ca_handler.py b/examples/ca_handler/xca_ca_handler.py index b1bef301..178e5e3c 100644 --- a/examples/ca_handler/xca_ca_handler.py +++ b/examples/ca_handler/xca_ca_handler.py @@ -14,7 +14,7 @@ from cryptography.x509.oid import ExtendedKeyUsageOID from OpenSSL import crypto as pyossslcrypto # pylint: disable=e0401 -from acme_srv.helper import load_config, build_pem_file, uts_now, uts_to_date_utc, b64_encode, b64_decode, b64_url_recode, cert_serial_get, convert_string_to_byte, convert_byte_to_string, csr_cn_get, csr_san_get, error_dic_get, config_headerinfo_load, config_eab_profile_load, eab_profile_header_info_check +from acme_srv.helper import load_config, build_pem_file, uts_now, uts_to_date_utc, b64_encode, b64_decode, b64_url_recode, cert_serial_get, convert_string_to_byte, convert_byte_to_string, csr_cn_get, csr_san_get, error_dic_get, config_headerinfo_load, config_eab_profile_load, eab_profile_header_info_check, config_enroll_config_log_load, enrollment_config_log DEFAULT_DATE_FORMAT = '%Y%m%d%H%M%SZ' @@ -41,6 +41,8 @@ def __init__(self, debug: bool = False, logger: object = None): self.header_info_field = None self.eab_handler = None self.eab_profiling = False + self.enrollment_config_log = False + self.enrollment_config_log_skip_list = [] def __enter__(self): """ Makes ACMEHandler a Context Manager """ @@ -238,6 +240,10 @@ def _cert_subject_generate(self, req: object, request_name: str, dn_dic: Dict[st def _cert_sign(self, csr: str, request_name: str, ca_key: object, ca_cert: object, ca_id: int) -> Tuple[str, str]: # pylint: disable=R0913 self.logger.debug('Certificate._cert_sign()') + if self.enrollment_config_log: + self.enrollment_config_log_skip_list.extend(['dbs', 'passphrase']) + enrollment_config_log(self.logger, self, self.enrollment_config_log_skip_list) + # load template if configured if self.template_name: (dn_dic, template_dic) = self._template_load() @@ -359,6 +365,8 @@ def _config_load(self): self.eab_profiling, self.eab_handler = config_eab_profile_load(self.logger, config_dic) # load header info self.header_info_field = config_headerinfo_load(self.logger, config_dic) + # load enrollment config log + self.enrollment_config_log, self.enrollment_config_log_skip_list = config_enroll_config_log_load(self.logger, config_dic) def _csr_import(self, csr, request_name): """ check existance of csr and load into db """ diff --git a/test/test_acme_ca_handler.py b/test/test_acme_ca_handler.py index b0ae7a3e..ef185d92 100644 --- a/test/test_acme_ca_handler.py +++ b/test/test_acme_ca_handler.py @@ -768,25 +768,41 @@ def test_053_poll(self): """ test poll """ self.assertEqual(('Not implemented', None, None, 'poll_identifier', False), self.cahandler.poll('cert_name', 'poll_identifier','csr')) + @patch('examples.ca_handler.acme_ca_handler.enrollment_config_log') + @patch('examples.ca_handler.acme_ca_handler.CAhandler._enroll') + @patch('examples.ca_handler.acme_ca_handler.CAhandler._registration_lookup') + @patch('examples.ca_handler.acme_ca_handler.CAhandler._user_key_load') + @patch('acme.client.ClientNetwork') + @patch('acme.messages') + def test_054_enroll(self, mock_messages, mock_clientnw, mock_key, mock_reg, mock_enroll, mock_ecl): + """ test enroll registration error """ + mock_key.return_value = 'key' + mock_reg.return_value = 'mock_reg' + mock_enroll.return_value = ('error', 'fullchain', 'raw') + self.assertEqual(('error', 'fullchain', 'raw', None), self.cahandler.enroll('csr')) + self.assertFalse(mock_ecl.called) + @patch('examples.ca_handler.acme_ca_handler.enrollment_config_log') @patch('examples.ca_handler.acme_ca_handler.CAhandler._enroll') @patch('examples.ca_handler.acme_ca_handler.CAhandler._registration_lookup') @patch('examples.ca_handler.acme_ca_handler.CAhandler._user_key_load') @patch('acme.client.ClientNetwork') @patch('acme.messages') - def test_054_enroll(self, mock_messages, mock_clientnw, mock_key, mock_reg, mock_enroll): + def test_055_enroll(self, mock_messages, mock_clientnw, mock_key, mock_reg, mock_enroll, mock_ecl): """ test enroll registration error """ mock_key.return_value = 'key' mock_reg.return_value = 'mock_reg' + self.cahandler.enrollment_config_log = True mock_enroll.return_value = ('error', 'fullchain', 'raw') self.assertEqual(('error', 'fullchain', 'raw', None), self.cahandler.enroll('csr')) + self.assertTrue(mock_ecl.called) @patch('examples.ca_handler.acme_ca_handler.CAhandler._enroll') @patch('examples.ca_handler.acme_ca_handler.CAhandler._registration_lookup') @patch('examples.ca_handler.acme_ca_handler.CAhandler._user_key_load') @patch('acme.client.ClientNetwork') @patch('acme.messages') - def test_055_enroll(self, mock_messages, mock_clientnw, mock_key, mock_reg, mock_enroll): + def test_056_enroll(self, mock_messages, mock_clientnw, mock_key, mock_reg, mock_enroll): """ test enroll registration error """ mock_key.return_value = 'key' mock_reg.return_value = None @@ -806,7 +822,7 @@ def test_055_enroll(self, mock_messages, mock_clientnw, mock_key, mock_reg, mock @patch('acme.client.ClientV2.new_order') @patch('acme.client.ClientNetwork') @patch('acme.messages') - def test_056_enroll(self, mock_messages, mock_clientnw, mock_c2o, mock_ach, mock_pof, mock_key, mock_reg, mock_cinfo, mock_store, mock_dumpcert, mock_loadcert): + def test_057_enroll(self, mock_messages, mock_clientnw, mock_c2o, mock_ach, mock_pof, mock_key, mock_reg, mock_cinfo, mock_store, mock_dumpcert, mock_loadcert): """ test enroll with no account configured """ mock_key.return_value = 'key' mock_messages = Mock() @@ -841,7 +857,7 @@ def test_056_enroll(self, mock_messages, mock_clientnw, mock_c2o, mock_ach, mock @patch('acme.client.ClientV2.new_order') @patch('acme.client.ClientNetwork') @patch('acme.messages') - def test_057_enroll(self, mock_messages, mock_clientnw, mock_c2o, mock_ach, mock_pof, mock_key, mock_reg, mock_cinfo, mock_store, mock_dumpcert, mock_loadcert, mock_csrchk): + def test_058_enroll(self, mock_messages, mock_clientnw, mock_c2o, mock_ach, mock_pof, mock_key, mock_reg, mock_cinfo, mock_store, mock_dumpcert, mock_loadcert, mock_csrchk): """ test enroll with existing account """ self.cahandler.account = 'account' mock_key.return_value = 'key' @@ -878,7 +894,7 @@ def test_057_enroll(self, mock_messages, mock_clientnw, mock_c2o, mock_ach, mock @patch('acme.client.ClientV2.new_order') @patch('acme.client.ClientNetwork') @patch('acme.messages') - def test_058_enroll(self, mock_messages, mock_clientnw, mock_c2o, mock_ach, mock_pof, mock_key, mock_reg, mock_cinfo, mock_store, mock_dumpcert, mock_loadcert, mock_csrchk): + def test_059_enroll(self, mock_messages, mock_clientnw, mock_c2o, mock_ach, mock_pof, mock_key, mock_reg, mock_cinfo, mock_store, mock_dumpcert, mock_loadcert, mock_csrchk): """ test enroll with bodystatus invalid """ mock_key.return_value = 'key' mock_messages = Mock() @@ -917,7 +933,7 @@ def test_058_enroll(self, mock_messages, mock_clientnw, mock_c2o, mock_ach, mock @patch('acme.client.ClientV2.new_order') @patch('acme.client.ClientNetwork') @patch('acme.messages') - def test_059_enroll(self, mock_messages, mock_clientnw, mock_c2o, mock_ach, mock_pof, mock_key, mock_reg, mock_cinfo, mock_store, mock_dumpcert, mock_loadcert, mock_csrchk): + def test_060_enroll(self, mock_messages, mock_clientnw, mock_c2o, mock_ach, mock_pof, mock_key, mock_reg, mock_cinfo, mock_store, mock_dumpcert, mock_loadcert, mock_csrchk): """ test enroll with no fullchain """ mock_key.return_value = 'key' mock_messages = Mock() @@ -950,7 +966,7 @@ def test_059_enroll(self, mock_messages, mock_clientnw, mock_c2o, mock_ach, mock @patch('examples.ca_handler.acme_ca_handler.CAhandler._account_register') @patch('examples.ca_handler.acme_ca_handler.CAhandler._challenge_store') @patch('examples.ca_handler.acme_ca_handler.CAhandler._user_key_load') - def test_060_enroll(self, mock_key, mock_store, mock_reg, mock_nw, mock_newreg, mock_csrchk): + def test_061_enroll(self, mock_key, mock_store, mock_reg, mock_nw, mock_newreg, mock_csrchk): """ test enroll exception during enrollment """ mock_csrchk.return_value = True mock_key.side_effect = Exception('ex_user_key_load') @@ -969,7 +985,7 @@ def test_060_enroll(self, mock_key, mock_store, mock_reg, mock_nw, mock_newreg, @patch('examples.ca_handler.acme_ca_handler.CAhandler._account_register') @patch('examples.ca_handler.acme_ca_handler.CAhandler._challenge_store') @patch('examples.ca_handler.acme_ca_handler.CAhandler._user_key_load') - def test_061_enroll(self, mock_key, mock_store, mock_reg, mock_nw, mock_newreg, mock_csrchk, mock_profilechk): + def test_062_enroll(self, mock_key, mock_store, mock_reg, mock_nw, mock_newreg, mock_csrchk, mock_profilechk): """ test enroll exception during enrollment """ mock_profilechk.return_value = False mock_csrchk.return_value = False @@ -990,7 +1006,7 @@ def test_061_enroll(self, mock_key, mock_store, mock_reg, mock_nw, mock_newreg, @patch('examples.ca_handler.acme_ca_handler.CAhandler._account_register') @patch('examples.ca_handler.acme_ca_handler.CAhandler._challenge_store') @patch('examples.ca_handler.acme_ca_handler.CAhandler._user_key_load') - def test_062_enroll(self, mock_key, mock_store, mock_reg, mock_nw, mock_newreg, mock_csrchk, mock_profilechk): + def test_063_enroll(self, mock_key, mock_store, mock_reg, mock_nw, mock_newreg, mock_csrchk, mock_profilechk): """ test enroll exception during enrollment """ mock_profilechk.return_value = False mock_csrchk.return_value = False @@ -1017,7 +1033,7 @@ def test_062_enroll(self, mock_key, mock_store, mock_reg, mock_nw, mock_newreg, @patch('acme.client.ClientV2.new_order') @patch('acme.client.ClientNetwork') @patch('acme.messages') - def test_063_enroll(self, mock_messages, mock_clientnw, mock_c2o, mock_ach, mock_pof, mock_key, mock_reg, mock_cinfo, mock_store, mock_dumpcert, mock_loadcert, mock_csrchk, mock_issue): + def test_064_enroll(self, mock_messages, mock_clientnw, mock_c2o, mock_ach, mock_pof, mock_key, mock_reg, mock_cinfo, mock_store, mock_dumpcert, mock_loadcert, mock_csrchk, mock_issue): """ test enroll with bodystatus None (existing account) """ mock_key.return_value = 'key' mock_messages = Mock() @@ -1047,7 +1063,7 @@ def test_063_enroll(self, mock_messages, mock_clientnw, mock_c2o, mock_ach, mock self.assertIn('INFO:test_a2c:Existing but not configured ACME account: uri', lcm.output) @patch('acme.messages') - def test_064__account_lookup(self, mock_messages): + def test_065__account_lookup(self, mock_messages): """ test account register existing account - no replacement """ response = Mock() response.uri = 'urluriacc_info' @@ -1061,7 +1077,7 @@ def test_064__account_lookup(self, mock_messages): self.assertEqual('urluriacc_info', self.cahandler.account) @patch('acme.messages') - def test_065__account_lookup(self, mock_messages): + def test_066__account_lookup(self, mock_messages): """ test account register existing account - url replacement """ response = Mock() response.uri = 'urluriacc_info' @@ -1076,7 +1092,7 @@ def test_065__account_lookup(self, mock_messages): self.assertEqual('uriacc_info', self.cahandler.account) @patch('acme.messages') - def test_066__account_lookup(self, mock_messages): + def test_067__account_lookup(self, mock_messages): """ test account register existing account - acct_path replacement """ response = Mock() response.uri = 'urluriacc_info' @@ -1091,7 +1107,7 @@ def test_066__account_lookup(self, mock_messages): self.assertEqual('urluri', self.cahandler.account) @patch('acme.messages') - def test_067__account_lookup(self, mock_messages): + def test_068__account_lookup(self, mock_messages): """ test account register existing account - acct_path replacement """ response = Mock() response.uri = 'urluriacc_info' @@ -1115,7 +1131,7 @@ def test_067__account_lookup(self, mock_messages): @patch('josepy.ComparableX509') @patch('OpenSSL.crypto.load_certificate') @patch('os.path.exists') - def test_068_revoke(self, mock_exists, mock_load, mock_comp, mock_nw, mock_mess, mock_reg, mock_revoke, mock_key): + def test_069_revoke(self, mock_exists, mock_load, mock_comp, mock_nw, mock_mess, mock_reg, mock_revoke, mock_key): """ test revoke successful """ self.cahandler.acme_keyfile = 'keyfile' self.cahandler.account = 'account' @@ -1139,7 +1155,7 @@ def test_068_revoke(self, mock_exists, mock_load, mock_comp, mock_nw, mock_mess, @patch('josepy.ComparableX509') @patch('OpenSSL.crypto.load_certificate') @patch('os.path.exists') - def test_069_revoke(self, mock_exists, mock_load, mock_comp, mock_nw, mock_mess, mock_reg, mock_revoke, mock_key): + def test_070_revoke(self, mock_exists, mock_load, mock_comp, mock_nw, mock_mess, mock_reg, mock_revoke, mock_key): """ test revoke invalid status after reglookup """ self.cahandler.acme_keyfile = 'keyfile' self.cahandler.account = 'account' @@ -1163,7 +1179,7 @@ def test_069_revoke(self, mock_exists, mock_load, mock_comp, mock_nw, mock_mess, @patch('josepy.ComparableX509') @patch('OpenSSL.crypto.load_certificate') @patch('os.path.exists') - def test_070_revoke(self, mock_exists, mock_load, mock_comp, mock_nw, mock_mess, mock_lookup, mock_key): + def test_071_revoke(self, mock_exists, mock_load, mock_comp, mock_nw, mock_mess, mock_lookup, mock_key): """ test revoke account lookup failed """ self.cahandler.acme_keyfile = 'keyfile' mock_exists.return_value = True @@ -1182,7 +1198,7 @@ def test_070_revoke(self, mock_exists, mock_load, mock_comp, mock_nw, mock_mess, @patch('josepy.ComparableX509') @patch('OpenSSL.crypto.load_certificate') @patch('os.path.exists') - def test_071_revoke(self, mock_exists, mock_load, mock_comp, mock_kload, mock_nw, mock_mess, mock_lookup): + def test_072_revoke(self, mock_exists, mock_load, mock_comp, mock_kload, mock_nw, mock_mess, mock_lookup): """ test revoke user key load failed """ self.cahandler.acme_keyfile = 'keyfile' mock_exists.return_value = False @@ -1194,7 +1210,7 @@ def test_071_revoke(self, mock_exists, mock_load, mock_comp, mock_kload, mock_nw @patch("builtins.open", mock_open(read_data='mock_open'), create=True) @patch('josepy.ComparableX509') @patch('OpenSSL.crypto.load_certificate') - def test_072_revoke(self, mock_load, mock_comp): + def test_073_revoke(self, mock_load, mock_comp): """ test revoke exception during processing """ self.cahandler.acme_keyfile = 'keyfile' mock_load.side_effect = Exception('ex_user_key_load') @@ -1203,7 +1219,7 @@ def test_072_revoke(self, mock_load, mock_comp): self.assertIn('ERROR:test_a2c:CAhandler.enroll: error: ex_user_key_load', lcm.output) @patch('requests.post') - def test_073__zerossl_eab_get(self, mock_post): + def test_074__zerossl_eab_get(self, mock_post): """ CAhandler._zerossl_eab_get() - all ok """ mock_post.return_value.json.return_value = {'success': True, 'eab_kid': 'eab_kid', 'eab_hmac_key': 'eab_hmac_key'} self.cahandler._zerossl_eab_get() @@ -1212,7 +1228,7 @@ def test_073__zerossl_eab_get(self, mock_post): self.assertEqual('eab_hmac_key', self.cahandler.eab_hmac_key) @patch('requests.post') - def test_074__zerossl_eab_get(self, mock_post): + def test_075__zerossl_eab_get(self, mock_post): """ CAhandler._zerossl_eab_get() - success false """ mock_post.return_value.json.return_value = {'success': False, 'eab_kid': 'eab_kid', 'eab_hmac_key': 'eab_hmac_key'} mock_post.return_value.text = 'text' @@ -1224,7 +1240,7 @@ def test_074__zerossl_eab_get(self, mock_post): self.assertIn('ERROR:test_a2c:CAhandler._zerossl_eab_get() failed: text', lcm.output) @patch('requests.post') - def test_075__zerossl_eab_get(self, mock_post): + def test_076__zerossl_eab_get(self, mock_post): """ CAhandler._zerossl_eab_get() - no success key """ mock_post.return_value.json.return_value = {'eab_kid': 'eab_kid', 'eab_hmac_key': 'eab_hmac_key'} mock_post.return_value.text = 'text' @@ -1236,7 +1252,7 @@ def test_075__zerossl_eab_get(self, mock_post): self.assertIn('ERROR:test_a2c:CAhandler._zerossl_eab_get() failed: text', lcm.output) @patch('requests.post') - def test_076__zerossl_eab_get(self, mock_post): + def test_077__zerossl_eab_get(self, mock_post): """ CAhandler._zerossl_eab_get() - no eab_kid key """ mock_post.return_value.json.return_value = {'success': True, 'eab_hmac_key': 'eab_hmac_key'} mock_post.return_value.text = 'text' @@ -1248,7 +1264,7 @@ def test_076__zerossl_eab_get(self, mock_post): self.assertIn('ERROR:test_a2c:CAhandler._zerossl_eab_get() failed: text', lcm.output) @patch('requests.post') - def test_077__zerossl_eab_get(self, mock_post): + def test_078__zerossl_eab_get(self, mock_post): """ CAhandler._zerossl_eab_get() - no eab_mac key """ mock_post.return_value.json.return_value = {'success': True, 'eab_kid': 'eab_kid'} mock_post.return_value.text = 'text' @@ -1260,7 +1276,7 @@ def test_077__zerossl_eab_get(self, mock_post): self.assertIn('ERROR:test_a2c:CAhandler._zerossl_eab_get() failed: text', lcm.output) @patch('examples.ca_handler.acme_ca_handler.CAhandler._challenge_info') - def test_078__order_authorization(self, mock_info): + def test_079__order_authorization(self, mock_info): """ CAhandler._order_authorization - sectigo challenge """ order = Mock() order.authorizations = ['foo'] @@ -1268,7 +1284,7 @@ def test_078__order_authorization(self, mock_info): self.assertTrue(self.cahandler._order_authorization('acmeclient', order, 'user_key')) @patch('examples.ca_handler.acme_ca_handler.CAhandler._challenge_info') - def test_079__order_authorization(self, mock_info): + def test_080__order_authorization(self, mock_info): """ CAhandler._order_authorization - sectigo challenge """ order = Mock() order.authorizations = ['foo'] @@ -1276,7 +1292,7 @@ def test_079__order_authorization(self, mock_info): self.assertFalse(self.cahandler._order_authorization('acmeclient', order, 'user_key')) @patch('examples.ca_handler.acme_ca_handler.CAhandler._challenge_info') - def test_080__order_authorization(self, mock_info): + def test_081__order_authorization(self, mock_info): """ CAhandler._order_authorization - sectigo challenge """ order = Mock() order.authorizations = ['foo'] @@ -1284,27 +1300,27 @@ def test_080__order_authorization(self, mock_info): self.assertFalse(self.cahandler._order_authorization('acmeclient', order, 'user_key')) @patch('examples.ca_handler.acme_ca_handler.CAhandler._challenge_info') - def test_081__order_authorization(self, mock_info): + def test_082__order_authorization(self, mock_info): """ CAhandler._order_authorization - sectigo challenge """ order = Mock() order.authorizations = ['foo'] mock_info.return_value = [None, 'string', 'challenge'] self.assertFalse(self.cahandler._order_authorization('acmeclient', order, 'user_key')) - def test_082_eab_profile_list_check(self): + def test_083_eab_profile_list_check(self): """ test eab_profile_list_check """ with self.assertLogs('test_a2c', level='INFO') as lcm: self.assertFalse(self.cahandler.eab_profile_list_check('eab_handler', 'csr', 'acme_keyfile', 'key_file')) self.assertIn('ERROR:test_a2c:CAhandler._eab_profile_list_check(): acme_keyfile is not allowed in profile', lcm.output) - def test_083_eab_profile_list_check(self): + def test_084_eab_profile_list_check(self): """ test eab_profile_list_check """ with self.assertLogs('test_a2c', level='INFO') as lcm: self.assertEqual('acme_keypath is missing in config', self.cahandler.eab_profile_list_check('eab_handler', 'csr', 'acme_url', 'acme_url')) self.assertIn('ERROR:test_a2c:CAhandler._eab_profile_list_check(): acme_keypath is missing in config', lcm.output) @patch('examples.ca_handler.acme_ca_handler.header_info_field_validate') - def test_084_eab_profile_list_check(self, mock_hiv ): + def test_085_eab_profile_list_check(self, mock_hiv ): """ test eab_profile_list_check """ mock_hiv.return_value = ('http://acme_url', None) self.cahandler.acme_keypath = 'acme_keypath' @@ -1313,7 +1329,7 @@ def test_084_eab_profile_list_check(self, mock_hiv ): self.assertEqual('acme_keypath/acme_url.json', self.cahandler.acme_keyfile) @patch('examples.ca_handler.acme_ca_handler.header_info_field_validate') - def test_085_eab_profile_list_check(self, mock_hiv ): + def test_086_eab_profile_list_check(self, mock_hiv ): """ test eab_profile_list_check """ mock_hiv.return_value = (None, 'error') self.cahandler.acme_keypath = 'acme_keypath' @@ -1322,7 +1338,7 @@ def test_085_eab_profile_list_check(self, mock_hiv ): self.assertEqual('acme_keyfile', self.cahandler.acme_keyfile) @patch('examples.ca_handler.acme_ca_handler.header_info_field_validate') - def test_086_eab_profile_list_check(self, mock_hiv ): + def test_087_eab_profile_list_check(self, mock_hiv ): """ test eab_profile_list_check """ mock_hiv.return_value = ('http://acme_url', None) self.cahandler.acme_keypath = 'acme_keypath' @@ -1331,7 +1347,7 @@ def test_086_eab_profile_list_check(self, mock_hiv ): self.assertEqual('acme_keyfile', self.cahandler.acme_keyfile) @patch('examples.ca_handler.acme_ca_handler.header_info_field_validate') - def test_087_eab_profile_list_check(self, mock_hiv ): + def test_088_eab_profile_list_check(self, mock_hiv ): """ test eab_profile_list_check """ mock_hiv.return_value = ('http://acme_url', None) self.cahandler.acme_keypath = 'acme_keypath' @@ -1342,7 +1358,7 @@ def test_087_eab_profile_list_check(self, mock_hiv ): self.assertEqual('acme_keyfile', self.cahandler.acme_keyfile) @patch('examples.ca_handler.acme_ca_handler.header_info_field_validate') - def test_088_eab_profile_list_check(self, mock_hiv ): + def test_089_eab_profile_list_check(self, mock_hiv ): """ test eab_profile_list_check """ mock_hiv.return_value = ('http://acme_url', None) self.cahandler.acme_keypath = 'acme_keypath' @@ -1353,7 +1369,7 @@ def test_088_eab_profile_list_check(self, mock_hiv ): self.assertEqual('acme_keyfile', self.cahandler.acme_keyfile) @patch("builtins.open", new_callable=mock_open, read_data='{}') - def test_089_account_to_keyfile(self, mock_file): + def test_090_account_to_keyfile(self, mock_file): """ test account_to_keyfile """ self.cahandler.acme_keyfile = 'dummy_keyfile_path' self.cahandler.account = 'dummy_account' @@ -1361,7 +1377,7 @@ def test_089_account_to_keyfile(self, mock_file): self.assertTrue(mock_file.called) @patch("builtins.open", new_callable=mock_open, read_data='{}') - def test_090_account_to_keyfile(self, mock_file): + def test_091_account_to_keyfile(self, mock_file): """ test account_to_keyfile """ self.cahandler.acme_keyfile = 'dummy_keyfile_path' self.cahandler.account = None @@ -1369,7 +1385,7 @@ def test_090_account_to_keyfile(self, mock_file): self.assertFalse(mock_file.called) @patch("builtins.open", new_callable=mock_open, read_data='{}') - def test_091_account_to_keyfile(self, mock_file): + def test_092_account_to_keyfile(self, mock_file): """ test account_to_keyfile """ self.cahandler.acme_keyfile = None self.cahandler.account = 'dummy_account' @@ -1377,7 +1393,7 @@ def test_091_account_to_keyfile(self, mock_file): self.assertFalse(mock_file.called) @patch("builtins.open", new_callable=mock_open, read_data='{}') - def test_092_account_to_keyfile(self, mock_file): + def test_093_account_to_keyfile(self, mock_file): """ test account_to_keyfile """ self.cahandler.acme_keyfile = 'dummy_keyfile_path' self.cahandler.account = 'dummy_account' @@ -1387,35 +1403,35 @@ def test_092_account_to_keyfile(self, mock_file): self.assertTrue(mock_file.called) self.assertIn('ERROR:test_a2c:CAhandler._account_to_keyfile() failed: ex_json_dump', lcm.output) - def test_093_accountname_get(self): + def test_094_accountname_get(self): """ test accountname_get """ url = 'url' acme_url = 'acme_url' path_dic = {'acct_path': 'acct_path'} self.assertEqual('url', self.cahandler._accountname_get(url, acme_url, path_dic)) - def test_094_accountname_get(self): + def test_095_accountname_get(self): """ test accountname_get """ url = 'acme_url/foo' acme_url = 'acme_url' path_dic = {'acct_path': 'acct_path'} self.assertEqual('/foo', self.cahandler._accountname_get(url, acme_url, path_dic)) - def test_095_accountname_get(self): + def test_096_accountname_get(self): """ test accountname_get """ url = 'acme_url/foo/acct_path' acme_url = 'acme_url' path_dic = {'acct_path': 'acct_path'} self.assertEqual('/foo/', self.cahandler._accountname_get(url, acme_url, path_dic)) - def test_096_accountname_get(self): + def test_097_accountname_get(self): """ test accountname_get """ url = 'acme_url/acct_path/foo' acme_url = 'acme_url' path_dic = {'acct_path': '/'} self.assertEqual('acct_path/foo', self.cahandler._accountname_get(url, acme_url, path_dic)) - def test_097_accountname_get(self): + def test_098_accountname_get(self): """ test accountname_get """ url = 'acme_url/foo/foo' acme_url = 'acme_url' diff --git a/test/test_asa_ca_handler.py b/test/test_asa_ca_handler.py index b7a507fa..b9ecc442 100644 --- a/test/test_asa_ca_handler.py +++ b/test/test_asa_ca_handler.py @@ -553,6 +553,7 @@ def test_042___issuer_chain_get(self, mock_req, mock_pem): self.assertFalse(self.cahandler._issuer_chain_get()) self.assertFalse(mock_pem.called) + @patch('examples.ca_handler.asa_ca_handler.enrollment_config_log') @patch('examples.ca_handler.asa_ca_handler.CAhandler._api_post') @patch('examples.ca_handler.asa_ca_handler.convert_byte_to_string') @patch('examples.ca_handler.asa_ca_handler.cert_der2pem') @@ -563,7 +564,7 @@ def test_042___issuer_chain_get(self, mock_req, mock_pem): @patch('examples.ca_handler.asa_ca_handler.CAhandler._issuer_chain_get') @patch('examples.ca_handler.asa_ca_handler.CAhandler._issuer_verify') @patch('examples.ca_handler.asa_ca_handler.eab_profile_header_info_check') - def test_043_enroll(self, mock_pv, mock_iv, mock_icg, mock_cpg, mockccg, mock_vdg, mock_b64, mock_d2p, mock_b2s, mock_post): + def test_043_enroll(self, mock_pv, mock_iv, mock_icg, mock_cpg, mockccg, mock_vdg, mock_b64, mock_d2p, mock_b2s, mock_post, mock_ecl): """ test enroll() """ mock_iv.return_value = None mock_pv.return_value = 'pv_error' @@ -583,7 +584,9 @@ def test_043_enroll(self, mock_pv, mock_iv, mock_icg, mock_cpg, mockccg, mock_vd self.assertFalse(mock_post.called) self.assertFalse(mock_b2s.called) self.assertFalse(mock_d2p.called) + self.assertFalse(mock_ecl.called) + @patch('examples.ca_handler.asa_ca_handler.enrollment_config_log') @patch('examples.ca_handler.asa_ca_handler.CAhandler._api_post') @patch('examples.ca_handler.asa_ca_handler.convert_byte_to_string') @patch('examples.ca_handler.asa_ca_handler.cert_der2pem') @@ -594,7 +597,7 @@ def test_043_enroll(self, mock_pv, mock_iv, mock_icg, mock_cpg, mockccg, mock_vd @patch('examples.ca_handler.asa_ca_handler.CAhandler._issuer_chain_get') @patch('examples.ca_handler.asa_ca_handler.CAhandler._profile_verify') @patch('examples.ca_handler.asa_ca_handler.CAhandler._issuer_verify') - def test_044_enroll(self, mock_iv, mock_pv, mock_icg, mock_cpg, mockccg, mock_vdg, mock_b64, mock_d2p, mock_b2s, mock_post): + def test_044_enroll(self, mock_iv, mock_pv, mock_icg, mock_cpg, mockccg, mock_vdg, mock_b64, mock_d2p, mock_b2s, mock_post, mock_ecl): """ test enroll() """ mock_iv.return_value = None mock_pv.return_value = None @@ -603,6 +606,7 @@ def test_044_enroll(self, mock_iv, mock_pv, mock_icg, mock_cpg, mockccg, mock_vd mock_post.return_value = (200, 'cert') mock_b2s.return_value = 'bcert' self.cahandler.header_info_field = 'foo' + self.cahandler.enrollment_config_log = True self.assertEqual((None, 'bcertissuer_chain', 'cert', None), self.cahandler.enroll('csr')) self.assertTrue(mock_iv.called) self.assertTrue(mock_pv.called) @@ -614,6 +618,7 @@ def test_044_enroll(self, mock_iv, mock_pv, mock_icg, mock_cpg, mockccg, mock_vd self.assertTrue(mock_post.called) self.assertTrue(mock_b2s.called) self.assertTrue(mock_d2p.called) + self.assertTrue(mock_ecl.called) @patch('examples.ca_handler.asa_ca_handler.CAhandler._api_post') @patch('examples.ca_handler.asa_ca_handler.convert_byte_to_string') diff --git a/test/test_certifier_handler.py b/test/test_certifier_handler.py index a2c5f8b2..8d16c076 100644 --- a/test/test_certifier_handler.py +++ b/test/test_certifier_handler.py @@ -515,8 +515,31 @@ def test_048__cert_get(self, mock_caget, mock_post): self.assertEqual({'mock': 'post'}, self.cahandler._cert_get('csr')) self.assertEqual(100, self.cahandler.profile_id) + @patch('examples.ca_handler.certifier_ca_handler.enrollment_config_log') + @patch('examples.ca_handler.certifier_ca_handler.CAhandler._api_post') + @patch('examples.ca_handler.certifier_ca_handler.CAhandler._ca_get_properties') + def test_049__cert_get(self, mock_caget, mock_post, mock_ecl): + """ CAhandler._ca_get_properties() _ca_get_properties does returns "href" key """ + self.cahandler.api_host = 'api_host' + mock_caget.return_value = {'href': 'href'} + mock_post.return_value = {'mock': 'post'} + self.assertEqual({'mock': 'post'}, self.cahandler._cert_get('csr')) + self.assertFalse(mock_ecl.called) + + @patch('examples.ca_handler.certifier_ca_handler.enrollment_config_log') + @patch('examples.ca_handler.certifier_ca_handler.CAhandler._api_post') + @patch('examples.ca_handler.certifier_ca_handler.CAhandler._ca_get_properties') + def test_050__cert_get(self, mock_caget, mock_post, mock_ecl): + """ CAhandler._ca_get_properties() _ca_get_properties does returns "href" key """ + self.cahandler.api_host = 'api_host' + self.cahandler.enrollment_config_log = True + mock_caget.return_value = {'href': 'href'} + mock_post.return_value = {'mock': 'post'} + self.assertEqual({'mock': 'post'}, self.cahandler._cert_get('csr')) + self.assertTrue(mock_ecl.called) + @patch('requests.get') - def test_049__cert_get_properties(self, mock_req): + def test_051__cert_get_properties(self, mock_req): """ CAhandler._cert_get_properties() all good """ self.cahandler.api_host = 'api_host' self.cahandler.auth = 'auth' @@ -526,7 +549,7 @@ def test_049__cert_get_properties(self, mock_req): self.assertEqual({'foo': 'bar'}, self.cahandler._cert_get_properties('serial', 'link')) @patch('requests.get') - def test_050__cert_get_properties(self, mock_get): + def test_052__cert_get_properties(self, mock_get): """ CAhandler._cert_get_properties() all good """ self.cahandler.api_host = 'api_host' self.cahandler.auth = 'auth' @@ -535,24 +558,24 @@ def test_050__cert_get_properties(self, mock_get): self.assertEqual({'status': 500, 'message': 'exc_api_get', 'statusMessage': 'Internal Server Error'}, self.cahandler._cert_get_properties('serial', 'link')) self.assertIn('ERROR:test_a2c:CAhandler._cert_get_properties() returned error: exc_api_get', lcm.output) - def test_051_poll(self): + def test_053_poll(self): """ CAhandler.poll() poll_identifier is none """ self.assertEqual((None, None, None, None, False), self.cahandler.poll('cert_name', None, 'csr')) @patch('examples.ca_handler.certifier_ca_handler.CAhandler._request_poll') - def test_052_poll(self, mock_poll): + def test_054_poll(self, mock_poll): """ CAhandler.poll() poll_identifier is none """ mock_poll.return_value = ('error', 'cert_bundle', 'cert_raw', 'poll_identifier', 'rejected') self.assertEqual(('error', 'cert_bundle', 'cert_raw', 'poll_identifier', 'rejected'), self.cahandler.poll('cert_name', 'poll_identifier', 'csr')) - def test_053__loop_poll(self): + def test_055__loop_poll(self): """ CAhandler._loop_poll() - no request url""" request_url = None self.assertEqual((None, None, None, None), self.cahandler._loop_poll(request_url)) @patch('time.sleep') @patch('requests.get') - def test_054__loop_poll(self, mock_get, mock_sleep): + def test_056__loop_poll(self, mock_get, mock_sleep): """ CAhandler._loop_poll() - nothing come back from request get""" self.cahandler.polling_timeout = 5 self.cahandler.timeout = 0 @@ -565,7 +588,7 @@ def test_054__loop_poll(self, mock_get, mock_sleep): @patch('time.sleep') @patch('requests.get') - def test_055__loop_poll(self, mock_get, mock_sleep): + def test_057__loop_poll(self, mock_get, mock_sleep): """ CAhandler._loop_poll() - no status returned from request get""" self.cahandler.polling_timeout = 5 self.cahandler.timeout = 0 @@ -577,7 +600,7 @@ def test_055__loop_poll(self, mock_get, mock_sleep): self.assertEqual((None, None, None, 'request_url'), self.cahandler._loop_poll(request_url)) @patch('requests.get') - def test_056__loop_poll(self, mock_get): + def test_058__loop_poll(self, mock_get): """ CAhandler._loop_poll() - status "rejected" returned from request get""" self.cahandler.polling_timeout = 6 self.cahandler.timeout = 0 @@ -589,7 +612,7 @@ def test_056__loop_poll(self, mock_get): @patch('time.sleep') @patch('requests.get') - def test_057__loop_poll(self, mock_get, mock_sleep): + def test_059__loop_poll(self, mock_get, mock_sleep): """ CAhandler._loop_poll() - status "accepted" returned from request get but no certificate in""" self.cahandler.polling_timeout = 6 self.cahandler.timeout = 0 @@ -602,7 +625,7 @@ def test_057__loop_poll(self, mock_get, mock_sleep): @patch('time.sleep') @patch('requests.get') - def test_058__loop_poll(self, mock_get, mock_sleep): + def test_060__loop_poll(self, mock_get, mock_sleep): """ CAhandler._loop_poll() - status "accepted" returned from request "certifiate" in but no "certificateBase64" in 2dn request """ self.cahandler.polling_timeout = 6 self.cahandler.timeout = 0 @@ -615,7 +638,7 @@ def test_058__loop_poll(self, mock_get, mock_sleep): @patch('examples.ca_handler.certifier_ca_handler.CAhandler._pem_cert_chain_generate') @patch('requests.get') - def test_059__loop_poll(self, mock_get, mock_chain): + def test_061__loop_poll(self, mock_get, mock_chain): """ CAhandler._loop_poll() - status "accepted" returned from request "certifiate" in but no "certificateBase64" in 2dn request """ self.cahandler.polling_timeout = 6 self.cahandler.timeout = 0 @@ -627,32 +650,32 @@ def test_059__loop_poll(self, mock_get, mock_chain): self.assertEqual((None, 'foo', 'certificateBase64', None), self.cahandler._loop_poll(request_url)) @patch('examples.ca_handler.certifier_ca_handler.CAhandler._cert_get') - def test_060_enroll(self, mock_certget): + def test_062_enroll(self, mock_certget): """ CAhandler.enroll() _cert_get returns None """ mock_certget.return_value = {} self.assertEqual(('internal error', None, None, None), self.cahandler.enroll('csr')) @patch('examples.ca_handler.certifier_ca_handler.CAhandler._cert_get') - def test_061_enroll(self, mock_certget): + def test_063_enroll(self, mock_certget): """ CAhandler.enroll() _cert_get returns wrong information """ mock_certget.return_value = {'foo': 'bar'} self.assertEqual(('no certificate information found', None, None, None), self.cahandler.enroll('csr')) @patch('examples.ca_handler.certifier_ca_handler.CAhandler._cert_get') - def test_062_enroll(self, mock_certget): + def test_064_enroll(self, mock_certget): """ CAhandler.enroll() _cert_get returns status without error message """ mock_certget.return_value = {'foo': 'bar', 'status': 'foo'} self.assertEqual(('unknown error', None, None, None), self.cahandler.enroll('csr')) @patch('examples.ca_handler.certifier_ca_handler.CAhandler._cert_get') - def test_063_enroll(self, mock_certget): + def test_065_enroll(self, mock_certget): """ CAhandler.enroll() _cert_get returns status with error message """ mock_certget.return_value = {'foo': 'bar', 'status': 'foo', 'message': 'message'} self.assertEqual(('message', None, None, None), self.cahandler.enroll('csr')) @patch('examples.ca_handler.certifier_ca_handler.CAhandler._pem_cert_chain_generate') @patch('examples.ca_handler.certifier_ca_handler.CAhandler._cert_get') - def test_064_enroll(self, mock_certget, mock_chain): + def test_066_enroll(self, mock_certget, mock_chain): """ CAhandler.enroll() _cert_get returns certb64 """ mock_certget.return_value = {'foo': 'bar', 'certificateBase64': 'certificateBase64'} mock_chain.return_value = 'mock_chain' @@ -660,7 +683,7 @@ def test_064_enroll(self, mock_certget, mock_chain): @patch('examples.ca_handler.certifier_ca_handler.CAhandler._loop_poll') @patch('examples.ca_handler.certifier_ca_handler.CAhandler._cert_get') - def test_065_enroll(self, mock_certget, mock_loop): + def test_067_enroll(self, mock_certget, mock_loop): """ CAhandler.enroll() _cert_get returns certb64 """ mock_certget.return_value = {'foo': 'bar', 'href': 'href'} mock_loop.return_value = ('error', 'cert_bundle', 'cert_raw', 'poll_identifier') @@ -669,7 +692,7 @@ def test_065_enroll(self, mock_certget, mock_loop): @patch('examples.ca_handler.certifier_ca_handler.eab_profile_header_info_check') @patch('examples.ca_handler.certifier_ca_handler.CAhandler._loop_poll') @patch('examples.ca_handler.certifier_ca_handler.CAhandler._cert_get') - def test_066_enroll(self, mock_certget, mock_loop, mock_prof): + def test_068_enroll(self, mock_certget, mock_loop, mock_prof): """ CAhandler.enroll() _cert_get returns certb64 """ mock_certget.return_value = {'foo': 'bar', 'href': 'href'} mock_loop.return_value = ('error', 'cert_bundle', 'cert_raw', 'poll_identifier') @@ -680,7 +703,7 @@ def test_066_enroll(self, mock_certget, mock_loop, mock_prof): @patch('examples.ca_handler.certifier_ca_handler.eab_profile_header_info_check') @patch('examples.ca_handler.certifier_ca_handler.CAhandler._loop_poll') @patch('examples.ca_handler.certifier_ca_handler.CAhandler._cert_get') - def test_067_enroll(self, mock_certget, mock_loop, mock_prof): + def test_069_enroll(self, mock_certget, mock_loop, mock_prof): """ CAhandler.enroll() _cert_get returns certb64 """ mock_certget.return_value = {'foo': 'bar', 'href': 'href'} mock_loop.return_value = ('error', 'cert_bundle', 'cert_raw', 'poll_identifier') @@ -693,7 +716,7 @@ def test_067_enroll(self, mock_certget, mock_loop, mock_prof): @patch('examples.ca_handler.certifier_ca_handler.eab_profile_header_info_check') @patch('examples.ca_handler.certifier_ca_handler.CAhandler._loop_poll') @patch('examples.ca_handler.certifier_ca_handler.CAhandler._cert_get') - def test_068_enroll(self, mock_certget, mock_loop, mock_prof): + def test_070_enroll(self, mock_certget, mock_loop, mock_prof): """ CAhandler.enroll() _cert_get returns certb64 """ mock_certget.return_value = {'foo': 'bar', 'href': 'href'} mock_loop.return_value = ('error', 'cert_bundle', 'cert_raw', 'poll_identifier') @@ -707,7 +730,7 @@ def test_068_enroll(self, mock_certget, mock_loop, mock_prof): @patch('examples.ca_handler.certifier_ca_handler.eab_profile_header_info_check') @patch('examples.ca_handler.certifier_ca_handler.CAhandler._loop_poll') @patch('examples.ca_handler.certifier_ca_handler.CAhandler._cert_get') - def test_069_enroll(self, mock_certget, mock_loop, mock_prof): + def test_071_enroll(self, mock_certget, mock_loop, mock_prof): """ CAhandler.enroll() _cert_get returns certb64 """ mock_certget.return_value = {'foo': 'bar', 'href': 'href'} mock_loop.return_value = ('error', 'cert_bundle', 'cert_raw', 'poll_identifier') @@ -720,20 +743,20 @@ def test_069_enroll(self, mock_certget, mock_loop, mock_prof): self.assertEqual(self.cahandler.profile_id, None) @patch('examples.ca_handler.certifier_ca_handler.CAhandler._ca_get_properties') - def test_070_revoke(self, mock_getca): + def test_072_revoke(self, mock_getca): """ CAhandler.revoke() _ca_get_properties returns nothing """ mock_getca.return_value = {} self.assertEqual((404, 'urn:ietf:params:acme:error:serverInternal', 'CA could not be found'), self.cahandler.revoke('cert')) @patch('examples.ca_handler.certifier_ca_handler.CAhandler._ca_get_properties') - def test_071_revoke(self, mock_getca): + def test_073_revoke(self, mock_getca): """ CAhandler.revoke() _ca_get_properties returns wrong information """ mock_getca.return_value = {'foo': 'bar'} self.assertEqual((404, 'urn:ietf:params:acme:error:serverInternal', 'CA could not be found'), self.cahandler.revoke('cert')) @patch('examples.ca_handler.certifier_ca_handler.cert_serial_get') @patch('examples.ca_handler.certifier_ca_handler.CAhandler._ca_get_properties') - def test_072_revoke(self, mock_getca, mock_serial): + def test_074_revoke(self, mock_getca, mock_serial): """ CAhandler.revoke() _ca_get_properties cert_serial_get failed """ mock_getca.return_value = {'foo': 'bar', 'href': 'href'} mock_serial.return_value = None @@ -742,7 +765,7 @@ def test_072_revoke(self, mock_getca, mock_serial): @patch('examples.ca_handler.certifier_ca_handler.CAhandler._cert_get_properties') @patch('examples.ca_handler.certifier_ca_handler.cert_serial_get') @patch('examples.ca_handler.certifier_ca_handler.CAhandler._ca_get_properties') - def test_073_revoke(self, mock_getca, mock_serial, mock_getcert): + def test_075_revoke(self, mock_getca, mock_serial, mock_getcert): """ CAhandler.revoke() _ca_get_properties get_cert_properties failed """ mock_getca.return_value = {'foo': 'bar', 'href': 'href'} mock_serial.return_value = 123 @@ -752,7 +775,7 @@ def test_073_revoke(self, mock_getca, mock_serial, mock_getcert): @patch('examples.ca_handler.certifier_ca_handler.CAhandler._cert_get_properties') @patch('examples.ca_handler.certifier_ca_handler.cert_serial_get') @patch('examples.ca_handler.certifier_ca_handler.CAhandler._ca_get_properties') - def test_074_revoke(self, mock_getca, mock_serial, mock_getcert): + def test_076_revoke(self, mock_getca, mock_serial, mock_getcert): """ CAhandler.revoke() _ca_get_properties get_cert_properties returns wrong information """ mock_getca.return_value = {'foo': 'bar', 'href': 'href'} mock_serial.return_value = 123 @@ -762,7 +785,7 @@ def test_074_revoke(self, mock_getca, mock_serial, mock_getcert): @patch('examples.ca_handler.certifier_ca_handler.CAhandler._cert_get_properties') @patch('examples.ca_handler.certifier_ca_handler.cert_serial_get') @patch('examples.ca_handler.certifier_ca_handler.CAhandler._ca_get_properties') - def test_075_revoke(self, mock_getca, mock_serial, mock_getcert): + def test_077_revoke(self, mock_getca, mock_serial, mock_getcert): """ CAhandler.revoke() _ca_get_properties get_cert_properties empty cert_list """ mock_getca.return_value = {'foo': 'bar', 'href': 'href'} mock_serial.return_value = 123 @@ -772,7 +795,7 @@ def test_075_revoke(self, mock_getca, mock_serial, mock_getcert): @patch('examples.ca_handler.certifier_ca_handler.CAhandler._cert_get_properties') @patch('examples.ca_handler.certifier_ca_handler.cert_serial_get') @patch('examples.ca_handler.certifier_ca_handler.CAhandler._ca_get_properties') - def test_076_revoke(self, mock_getca, mock_serial, mock_getcert): + def test_078_revoke(self, mock_getca, mock_serial, mock_getcert): """ CAhandler.revoke() _ca_get_properties get_cert_properties returns cert_list with wrong information """ mock_getca.return_value = {'foo': 'bar', 'href': 'href'} mock_serial.return_value = 123 @@ -783,7 +806,7 @@ def test_076_revoke(self, mock_getca, mock_serial, mock_getcert): @patch('examples.ca_handler.certifier_ca_handler.CAhandler._cert_get_properties') @patch('examples.ca_handler.certifier_ca_handler.cert_serial_get') @patch('examples.ca_handler.certifier_ca_handler.CAhandler._ca_get_properties') - def test_077_revoke(self, mock_getca, mock_serial, mock_getcert, mock_post): + def test_079_revoke(self, mock_getca, mock_serial, mock_getcert, mock_post): """ CAhandler.revoke() _ca_get_properties get_cert_properties returns cert_list revocation successful """ mock_getca.return_value = {'foo': 'bar', 'href': 'href'} mock_serial.return_value = 123 @@ -795,7 +818,7 @@ def test_077_revoke(self, mock_getca, mock_serial, mock_getcert, mock_post): @patch('examples.ca_handler.certifier_ca_handler.CAhandler._cert_get_properties') @patch('examples.ca_handler.certifier_ca_handler.cert_serial_get') @patch('examples.ca_handler.certifier_ca_handler.CAhandler._ca_get_properties') - def test_078_revoke(self, mock_getca, mock_serial, mock_getcert, mock_post): + def test_080_revoke(self, mock_getca, mock_serial, mock_getcert, mock_post): """ CAhandler.revoke() _ca_get_properties get_cert_properties returns href. revocation returns status without message """ mock_getca.return_value = {'foo': 'bar', 'href': 'href'} mock_serial.return_value = 123 @@ -807,7 +830,7 @@ def test_078_revoke(self, mock_getca, mock_serial, mock_getcert, mock_post): @patch('examples.ca_handler.certifier_ca_handler.CAhandler._cert_get_properties') @patch('examples.ca_handler.certifier_ca_handler.cert_serial_get') @patch('examples.ca_handler.certifier_ca_handler.CAhandler._ca_get_properties') - def test_079_revoke(self, mock_getca, mock_serial, mock_getcert, mock_post): + def test_081_revoke(self, mock_getca, mock_serial, mock_getcert, mock_post): """ CAhandler.revoke() _ca_get_properties get_cert_properties returns href. revocation returns status with message """ mock_getca.return_value = {'foo': 'bar', 'href': 'href'} mock_serial.return_value = 123 @@ -815,7 +838,7 @@ def test_079_revoke(self, mock_getca, mock_serial, mock_getcert, mock_post): mock_post.return_value = {'foo': 'bar', 'status': 'status', 'message': 'message'} self.assertEqual((400, 'urn:ietf:params:acme:error:alreadyRevoked', 'message'), self.cahandler.revoke('cert')) - def test_080_trigger(self): + def test_082_trigger(self): """ CAhandler.trigger() - no payload given """ payload = None self.assertEqual(('No payload given', None, None), self.cahandler.trigger(payload)) @@ -824,7 +847,7 @@ def test_080_trigger(self): @patch('examples.ca_handler.certifier_ca_handler.cert_pem2der') @patch('examples.ca_handler.certifier_ca_handler.b64_decode') @patch('examples.ca_handler.certifier_ca_handler.b64_encode') - def test_081_trigger(self, mock_b64dec, mock_b64enc, mock_p2d, mock_caprop): + def test_083_trigger(self, mock_b64dec, mock_b64enc, mock_p2d, mock_caprop): """ CAhandler.trigger() - payload but ca_lookup failed""" payload = 'foo' mock_b64dec.return_value = 'foodecode' @@ -837,7 +860,7 @@ def test_081_trigger(self, mock_b64dec, mock_b64enc, mock_p2d, mock_caprop): @patch('examples.ca_handler.certifier_ca_handler.cert_pem2der') @patch('examples.ca_handler.certifier_ca_handler.b64_decode') @patch('examples.ca_handler.certifier_ca_handler.b64_encode') - def test_082_trigger(self, mock_b64dec, mock_b64enc, mock_p2d, mock_caprop, mock_serial): + def test_084_trigger(self, mock_b64dec, mock_b64enc, mock_p2d, mock_caprop, mock_serial): """ CAhandler.trigger() - payload serial number lookup failed""" payload = 'foo' mock_b64dec.return_value = 'foodecode' @@ -852,7 +875,7 @@ def test_082_trigger(self, mock_b64dec, mock_b64enc, mock_p2d, mock_caprop, mock @patch('examples.ca_handler.certifier_ca_handler.cert_pem2der') @patch('examples.ca_handler.certifier_ca_handler.b64_decode') @patch('examples.ca_handler.certifier_ca_handler.b64_encode') - def test_083_trigger(self, mock_b64dec, mock_b64enc, mock_p2d, mock_caprop, mock_serial, mock_certprop): + def test_085_trigger(self, mock_b64dec, mock_b64enc, mock_p2d, mock_caprop, mock_serial, mock_certprop): """ CAhandler.trigger() - payload serial number lookup failed""" payload = 'foo' mock_b64dec.return_value = 'foodecode' @@ -869,7 +892,7 @@ def test_083_trigger(self, mock_b64dec, mock_b64enc, mock_p2d, mock_caprop, mock @patch('examples.ca_handler.certifier_ca_handler.cert_pem2der') @patch('examples.ca_handler.certifier_ca_handler.b64_decode') @patch('examples.ca_handler.certifier_ca_handler.b64_encode') - def test_084_trigger(self, mock_b64dec, mock_b64enc, mock_p2d, mock_caprop, mock_serial, mock_certprop, mock_chain): + def test_086_trigger(self, mock_b64dec, mock_b64enc, mock_p2d, mock_caprop, mock_serial, mock_certprop, mock_chain): """ CAhandler.trigger() - payload serial number lookup failed""" payload = 'foo' mock_b64dec.return_value = 'foodecode' @@ -887,7 +910,7 @@ def test_084_trigger(self, mock_b64dec, mock_b64enc, mock_p2d, mock_caprop, mock @patch('examples.ca_handler.certifier_ca_handler.cert_pem2der') @patch('examples.ca_handler.certifier_ca_handler.b64_decode') @patch('examples.ca_handler.certifier_ca_handler.b64_encode') - def test_085_trigger(self, mock_b64dec, mock_b64enc, mock_p2d, mock_caprop, mock_serial, mock_certprop, mock_chain): + def test_087_trigger(self, mock_b64dec, mock_b64enc, mock_p2d, mock_caprop, mock_serial, mock_certprop, mock_chain): """ CAhandler.trigger() - payload serial number lookup failed""" payload = 'foo' mock_b64dec.return_value = 'foodecode' @@ -898,23 +921,23 @@ def test_085_trigger(self, mock_b64dec, mock_b64enc, mock_p2d, mock_caprop, mock mock_chain.return_value = 'chain' self.assertEqual((None, 'chain', 'foodecode'), self.cahandler.trigger(payload)) - def test_086__pem_cert_chain_generate(self): + def test_088__pem_cert_chain_generate(self): """ _pem_cert_chain_generate - empty cert_dic """ cert_dic = {} self.assertFalse(self.cahandler._pem_cert_chain_generate(cert_dic)) - def test_087__pem_cert_chain_generate(self): + def test_089__pem_cert_chain_generate(self): """ _pem_cert_chain_generate - wrong dic """ cert_dic = {'foo': 'bar'} self.assertFalse(self.cahandler._pem_cert_chain_generate(cert_dic)) - def test_088__pem_cert_chain_generate(self): + def test_090__pem_cert_chain_generate(self): """ _pem_cert_chain_generate - certificateBase64 in dict """ cert_dic = {'certificateBase64': 'certificateBase64'} self.assertEqual('-----BEGIN CERTIFICATE-----\ncertificateBase64\n-----END CERTIFICATE-----\n', self.cahandler._pem_cert_chain_generate(cert_dic)) @patch('requests.get') - def test_089__pem_cert_chain_generate(self, mock_get): + def test_091__pem_cert_chain_generate(self, mock_get): """ _pem_cert_chain_generate - issuer in dict without certificateBase64 """ cert_dic = {'issuer': 'issuer'} mockresponse = Mock() @@ -923,7 +946,7 @@ def test_089__pem_cert_chain_generate(self, mock_get): self.assertFalse(self.cahandler._pem_cert_chain_generate(cert_dic)) @patch('requests.get') - def test_090__pem_cert_chain_generate(self, mock_get): + def test_092__pem_cert_chain_generate(self, mock_get): """ _pem_cert_chain_generate - request returns "certificates" but no active """ cert_dic = {'issuer': 'issuer', 'certificateBase64': 'certificateBase641'} mockresponse1 = Mock() @@ -934,7 +957,7 @@ def test_090__pem_cert_chain_generate(self, mock_get): self.assertEqual('-----BEGIN CERTIFICATE-----\ncertificateBase641\n-----END CERTIFICATE-----\n', self.cahandler._pem_cert_chain_generate(cert_dic)) @patch('requests.get') - def test_091__pem_cert_chain_generate(self, mock_get): + def test_093__pem_cert_chain_generate(self, mock_get): """ _pem_cert_chain_generate - request returns certificate and active, 2nd request is bogus """ cert_dic = {'issuer': 'issuer', 'certificateBase64': 'certificateBase641'} mockresponse1 = Mock() @@ -945,7 +968,7 @@ def test_091__pem_cert_chain_generate(self, mock_get): self.assertEqual('-----BEGIN CERTIFICATE-----\ncertificateBase641\n-----END CERTIFICATE-----\n', self.cahandler._pem_cert_chain_generate(cert_dic)) @patch('requests.get') - def test_092__pem_cert_chain_generate(self, mock_get): + def test_094__pem_cert_chain_generate(self, mock_get): """ _pem_cert_chain_generate - request returns certificate two certs """ cert_dic = {'issuer': 'issuer', 'certificateBase64': 'certificateBase641'} mockresponse1 = Mock() @@ -958,7 +981,7 @@ def test_092__pem_cert_chain_generate(self, mock_get): self.assertEqual('-----BEGIN CERTIFICATE-----\ncertificateBase641\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\ncertificateBase642\n-----END CERTIFICATE-----\n', self.cahandler._pem_cert_chain_generate(cert_dic)) @patch('requests.get') - def test_093__pem_cert_chain_generate(self, mock_get): + def test_095__pem_cert_chain_generate(self, mock_get): """ _pem_cert_chain_generate - request returns certificate three certs """ cert_dic = {'issuer': 'issuer', 'certificateBase64': 'certificateBase641'} mockresponse1 = Mock() @@ -975,7 +998,7 @@ def test_093__pem_cert_chain_generate(self, mock_get): self.assertEqual('-----BEGIN CERTIFICATE-----\ncertificateBase641\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\ncertificateBase642\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\ncertificateBase643\n-----END CERTIFICATE-----\n', self.cahandler._pem_cert_chain_generate(cert_dic)) @patch('requests.get') - def test_094__pem_cert_chain_generate(self, mock_get): + def test_096__pem_cert_chain_generate(self, mock_get): """ _pem_cert_chain_generate - issuerCa in """ cert_dic = {'issuerCa': 'issuerCa', 'certificateBase64': 'certificateBase641'} mockresponse1 = Mock() @@ -985,12 +1008,12 @@ def test_094__pem_cert_chain_generate(self, mock_get): mock_get.side_effect = [mockresponse1, mockresponse2] self.assertEqual('-----BEGIN CERTIFICATE-----\ncertificateBase641\n-----END CERTIFICATE-----\n', self.cahandler._pem_cert_chain_generate(cert_dic)) - def test_095__enter__(self): + def test_097__enter__(self): """ test __enter__ """ self.cahandler.__enter__() @patch('requests.get') - def test_096_request_poll(self, mock_get): + def test_098_request_poll(self, mock_get): """ test request poll request returned exception """ mock_get.side_effect = Exception('exc_api_get') result = ('"status" field not found in response.', None, None, 'url', False) @@ -999,7 +1022,7 @@ def test_096_request_poll(self, mock_get): self.assertIn('ERROR:test_a2c:CAhandler._request.poll() returned: exc_api_get', lcm.output) @patch('requests.get') - def test_097_request_poll(self, mock_get): + def test_099_request_poll(self, mock_get): """ test request poll request returned unknown status """ mockresponse = Mock() mockresponse.json = lambda: {'status': 'unknown'} @@ -1008,7 +1031,7 @@ def test_097_request_poll(self, mock_get): self.assertEqual(result, self.cahandler._request_poll('url')) @patch('requests.get') - def test_098_request_poll(self, mock_get): + def test_100_request_poll(self, mock_get): """ test request poll request returned status rejected """ mockresponse = Mock() mockresponse.json = lambda: {'status': 'rejected'} @@ -1017,7 +1040,7 @@ def test_098_request_poll(self, mock_get): self.assertEqual(result, self.cahandler._request_poll('url')) @patch('requests.get') - def test_099_request_poll(self, mock_get): + def test_101_request_poll(self, mock_get): """ test request poll request returned status accepted but no certinformation in """ mockresponse = Mock() mockresponse.json = lambda: {'status': 'accepted', 'foo': 'bar'} @@ -1026,7 +1049,7 @@ def test_099_request_poll(self, mock_get): self.assertEqual(result, self.cahandler._request_poll('url')) @patch('requests.get') - def test_100_request_poll(self, mock_get): + def test_102_request_poll(self, mock_get): """ test request poll request returned status accepted but no certinformation in """ mockresponse = Mock() mockresponse.json = lambda: {'status': 'accepted', 'certificate': 'certificate'} @@ -1036,7 +1059,7 @@ def test_100_request_poll(self, mock_get): @patch('examples.ca_handler.certifier_ca_handler.CAhandler._pem_cert_chain_generate') @patch('requests.get') - def test_101_request_poll(self, mock_get, mock_pemgen): + def test_103_request_poll(self, mock_get, mock_pemgen): """ test request poll request returned status accepted but no certinformation in """ mockresponse = Mock() mockresponse.json = lambda: {'status': 'accepted', 'certificate': 'certificate', 'certificateBase64': 'certificateBase64'} diff --git a/test/test_digicert.py b/test/test_digicert.py index a2bd402c..73a84d0e 100644 --- a/test/test_digicert.py +++ b/test/test_digicert.py @@ -552,9 +552,10 @@ def test_040_order_send(self, mock_post, mock_orgid): self.assertEqual((500, 'organisation_id is missing'), self.cahandler._order_send('csr', 'cn')) self.assertFalse(mock_orgid.called) + @patch('examples.ca_handler.digicert_ca_handler.enrollment_config_log') @patch('examples.ca_handler.digicert_ca_handler.CAhandler._organiation_id_get') @patch('examples.ca_handler.digicert_ca_handler.CAhandler._api_post') - def test_041_order_send(self, mock_post, mock_orgid): + def test_041_order_send(self, mock_post, mock_orgid, mock_ecl): """ test _order_send() """ mock_post.return_value = ('code', 'content') self.cahandler.api_key = None @@ -563,10 +564,26 @@ def test_041_order_send(self, mock_post, mock_orgid): mock_orgid.return_value = 1 self.assertEqual((500, 'organisation_id is missing'), self.cahandler._order_send('csr', 'cn')) self.assertFalse(mock_orgid.called) + self.assertFalse(mock_ecl.called) + + @patch('examples.ca_handler.digicert_ca_handler.enrollment_config_log') + @patch('examples.ca_handler.digicert_ca_handler.CAhandler._organiation_id_get') + @patch('examples.ca_handler.digicert_ca_handler.CAhandler._api_post') + def test_042_order_send(self, mock_post, mock_orgid, mock_ecl): + """ test _order_send() """ + mock_post.return_value = ('code', 'content') + self.cahandler.api_key = None + self.cahandler.organization_name = 'organization_name' + self.cahandler.organization_id = None + self.cahandler.enrollment_config_log = True + mock_orgid.return_value = 1 + self.assertEqual((500, 'organisation_id is missing'), self.cahandler._order_send('csr', 'cn')) + self.assertFalse(mock_orgid.called) + self.assertTrue(mock_ecl.called) @patch('examples.ca_handler.digicert_ca_handler.cert_pem2der') @patch('examples.ca_handler.digicert_ca_handler.b64_encode') - def test_042_order_response_parse(self, mock_b64, mock_pem2der): + def test_043_order_response_parse(self, mock_b64, mock_pem2der): """ test _order_parse() """ content_dic = {'id': 'id', 'certificate_chain': [{'pem': 'pem1'}, {'pem': 'pem2'}, {'pem': 'pem3'}]} mock_b64.return_value = 'b64' @@ -574,7 +591,7 @@ def test_042_order_response_parse(self, mock_b64, mock_pem2der): @patch('examples.ca_handler.digicert_ca_handler.cert_pem2der') @patch('examples.ca_handler.digicert_ca_handler.b64_encode') - def test_043_order_response_parse(self, mock_b64, mock_pem2der): + def test_044_order_response_parse(self, mock_b64, mock_pem2der): """ test _order_parse() """ content_dic = {'id': 'id', 'cert_chain': [{'pem': 'pem1'}, {'pem': 'pem2'}, {'pem': 'pem3'}]} mock_b64.return_value = 'b64' @@ -584,7 +601,7 @@ def test_043_order_response_parse(self, mock_b64, mock_pem2der): @patch('examples.ca_handler.digicert_ca_handler.cert_pem2der') @patch('examples.ca_handler.digicert_ca_handler.b64_encode') - def test_044_order_response_parse(self, mock_b64, mock_pem2der): + def test_045_order_response_parse(self, mock_b64, mock_pem2der): """ test _order_parse() """ content_dic = {'id': 'id', 'certificate_chain': [{'pem': 'pem1'}, {'_pem': 'pem2'}, {'pem': 'pem3'}]} mock_b64.return_value = 'b64' @@ -594,7 +611,7 @@ def test_044_order_response_parse(self, mock_b64, mock_pem2der): @patch('examples.ca_handler.digicert_ca_handler.cert_pem2der') @patch('examples.ca_handler.digicert_ca_handler.b64_encode') - def test_045_order_response_parse(self, mock_b64, mock_pem2der): + def test_046_order_response_parse(self, mock_b64, mock_pem2der): """ test _order_parse() """ content_dic = {'_id': 'id', 'certificate_chain': [{'pem': 'pem1'}, {'pem': 'pem2'}, {'pem': 'pem3'}]} mock_b64.return_value = 'b64' @@ -603,7 +620,7 @@ def test_045_order_response_parse(self, mock_b64, mock_pem2der): self.assertIn('ERROR:test_a2c:CAhandler._order_response_parse() polling_identifier generation failed: no id in response', lcm.output) @patch('examples.ca_handler.digicert_ca_handler.CAhandler._api_get') - def test_046_organiation_id_get(self, mock_get): + def test_047_organiation_id_get(self, mock_get): """ test _organiation_id_get() """ mock_get.return_value = (500, {'id': 'id'}) self.cahandler.organization_name = 'organization_name' @@ -613,14 +630,14 @@ def test_046_organiation_id_get(self, mock_get): self.assertFalse(self.cahandler.organization_id) @patch('examples.ca_handler.digicert_ca_handler.CAhandler._api_get') - def test_047_organiation_id_get(self, mock_get): + def test_048_organiation_id_get(self, mock_get): """ test _organiation_id_get() """ mock_get.return_value = (200, {'organizations': [{'name': 'name1', 'id': 'id1'}, {'name': 'name2', 'id': 'id2'}, {'name': 'name3', 'id': 'id3'}]}) self.cahandler.organization_name = 'name1' self.assertEqual('id1', self.cahandler._organiation_id_get()) @patch('examples.ca_handler.digicert_ca_handler.CAhandler._api_get') - def test_048_organiation_id_get(self, mock_get): + def test_049_organiation_id_get(self, mock_get): """ test _organiation_id_get() """ mock_get.return_value = (200, {'organizations': [{'name': 'name1', 'id': 'id1'}, {'name': 'name2', 'id': 'id2'}, {'name': 'name3', 'id': 'id3'}]}) self.cahandler.organization_name = 'name2' @@ -628,7 +645,7 @@ def test_048_organiation_id_get(self, mock_get): @patch('examples.ca_handler.digicert_ca_handler.eab_profile_header_info_check') @patch('examples.ca_handler.digicert_ca_handler.CAhandler._allowed_domainlist_check') - def test_049_csr_check(self, mock_dlchk, mock_ehichk): + def test_050_csr_check(self, mock_dlchk, mock_ehichk): """ test _csr_check() """ mock_dlchk.return_value = 'mock_dlchk' mock_ehichk.return_value = 'mock_hichk' @@ -637,7 +654,7 @@ def test_049_csr_check(self, mock_dlchk, mock_ehichk): @patch('examples.ca_handler.digicert_ca_handler.eab_profile_header_info_check') @patch('examples.ca_handler.digicert_ca_handler.CAhandler._allowed_domainlist_check') - def test_050_csr_check(self, mock_dlchk, mock_ehichk): + def test_051_csr_check(self, mock_dlchk, mock_ehichk): """ test _csr_check() """ mock_dlchk.return_value = False mock_ehichk.return_value = 'mock_hichk' @@ -645,7 +662,7 @@ def test_050_csr_check(self, mock_dlchk, mock_ehichk): @patch('examples.ca_handler.digicert_ca_handler.eab_profile_header_info_check') @patch('examples.ca_handler.digicert_ca_handler.CAhandler._allowed_domainlist_check') - def test_051_csr_check(self, mock_dlchk, mock_ehichk): + def test_052_csr_check(self, mock_dlchk, mock_ehichk): """ test _csr_check() """ mock_dlchk.return_value = False mock_ehichk.return_value = False @@ -656,7 +673,7 @@ def test_051_csr_check(self, mock_dlchk, mock_ehichk): @patch('examples.ca_handler.digicert_ca_handler.csr_cn_lookup') @patch('examples.ca_handler.digicert_ca_handler.CAhandler._csr_check') @patch('examples.ca_handler.digicert_ca_handler.CAhandler._config_check') - def test_052_enroll(self, mock_cfgchk, mock_csrchk, mock_cnget, mock_ordersend, mock_orderparse): + def test_053_enroll(self, mock_cfgchk, mock_csrchk, mock_cnget, mock_ordersend, mock_orderparse): """ test enroll() """ mock_cfgchk.return_value = 'mock_cfgchk' mock_csrchk.return_value = 'mock_csrchk' @@ -675,7 +692,7 @@ def test_052_enroll(self, mock_cfgchk, mock_csrchk, mock_cnget, mock_ordersend, @patch('examples.ca_handler.digicert_ca_handler.csr_cn_lookup') @patch('examples.ca_handler.digicert_ca_handler.CAhandler._csr_check') @patch('examples.ca_handler.digicert_ca_handler.CAhandler._config_check') - def test_053_enroll(self, mock_cfgchk, mock_csrchk, mock_cnget, mock_ordersend, mock_orderparse): + def test_054_enroll(self, mock_cfgchk, mock_csrchk, mock_cnget, mock_ordersend, mock_orderparse): """ test enroll() """ mock_cfgchk.return_value = False mock_csrchk.return_value = 'mock_csrchk' @@ -694,7 +711,7 @@ def test_053_enroll(self, mock_cfgchk, mock_csrchk, mock_cnget, mock_ordersend, @patch('examples.ca_handler.digicert_ca_handler.csr_cn_lookup') @patch('examples.ca_handler.digicert_ca_handler.CAhandler._csr_check') @patch('examples.ca_handler.digicert_ca_handler.CAhandler._config_check') - def test_054_enroll(self, mock_cfgchk, mock_csrchk, mock_cnget, mock_ordersend, mock_orderparse): + def test_055_enroll(self, mock_cfgchk, mock_csrchk, mock_cnget, mock_ordersend, mock_orderparse): """ test enroll() """ mock_cfgchk.return_value = False mock_csrchk.return_value = False @@ -713,7 +730,7 @@ def test_054_enroll(self, mock_cfgchk, mock_csrchk, mock_cnget, mock_ordersend, @patch('examples.ca_handler.digicert_ca_handler.csr_cn_lookup') @patch('examples.ca_handler.digicert_ca_handler.CAhandler._csr_check') @patch('examples.ca_handler.digicert_ca_handler.CAhandler._config_check') - def test_055_enroll(self, mock_cfgchk, mock_csrchk, mock_cnget, mock_ordersend, mock_orderparse): + def test_056_enroll(self, mock_cfgchk, mock_csrchk, mock_cnget, mock_ordersend, mock_orderparse): """ test enroll() """ mock_cfgchk.return_value = False mock_csrchk.return_value = False @@ -732,7 +749,7 @@ def test_055_enroll(self, mock_cfgchk, mock_csrchk, mock_cnget, mock_ordersend, @patch('examples.ca_handler.digicert_ca_handler.csr_cn_lookup') @patch('examples.ca_handler.digicert_ca_handler.CAhandler._csr_check') @patch('examples.ca_handler.digicert_ca_handler.CAhandler._config_check') - def test_056_enroll(self, mock_cfgchk, mock_csrchk, mock_cnget, mock_ordersend, mock_orderparse): + def test_057_enroll(self, mock_cfgchk, mock_csrchk, mock_cnget, mock_ordersend, mock_orderparse): """ test enroll() """ mock_cfgchk.return_value = False mock_csrchk.return_value = False @@ -748,7 +765,7 @@ def test_056_enroll(self, mock_cfgchk, mock_csrchk, mock_cnget, mock_ordersend, @patch('examples.ca_handler.digicert_ca_handler.CAhandler._api_put') @patch('examples.ca_handler.digicert_ca_handler.cert_serial_get') - def test_057_revoke(self, mock_serial, mock_put): + def test_058_revoke(self, mock_serial, mock_put): """ test revoke() """ mock_serial.return_value = 'serial' mock_put.return_value = ('code', 'content') @@ -756,7 +773,7 @@ def test_057_revoke(self, mock_serial, mock_put): @patch('examples.ca_handler.digicert_ca_handler.CAhandler._api_put') @patch('examples.ca_handler.digicert_ca_handler.cert_serial_get') - def test_058_revoke(self, mock_serial, mock_put): + def test_059_revoke(self, mock_serial, mock_put): """ test revoke() """ mock_serial.return_value = None mock_put.return_value = ('code', 'content') @@ -764,7 +781,7 @@ def test_058_revoke(self, mock_serial, mock_put): @patch('examples.ca_handler.digicert_ca_handler.CAhandler._api_put') @patch('examples.ca_handler.digicert_ca_handler.cert_serial_get') - def test_059_revoke(self, mock_serial, mock_put): + def test_060_revoke(self, mock_serial, mock_put): """ test revoke() """ mock_serial.return_value = 'serial' mock_put.return_value = (204, 'content') diff --git a/test/test_ejbca_handler.py b/test/test_ejbca_handler.py index f93cee33..59a68106 100644 --- a/test/test_ejbca_handler.py +++ b/test/test_ejbca_handler.py @@ -623,6 +623,7 @@ def test_060_enroll(self, mock_status, mock_sign, mock_pem, mock_recode, mock_de self.assertFalse(mock_d2p.called) self.assertFalse(mock_b2s.called) + @patch('examples.ca_handler.ejbca_ca_handler.enrollment_config_log') @patch('examples.ca_handler.ejbca_ca_handler.convert_byte_to_string') @patch('examples.ca_handler.ejbca_ca_handler.cert_der2pem') @patch('examples.ca_handler.ejbca_ca_handler.b64_decode') @@ -630,7 +631,7 @@ def test_060_enroll(self, mock_status, mock_sign, mock_pem, mock_recode, mock_de @patch('examples.ca_handler.ejbca_ca_handler.build_pem_file') @patch('examples.ca_handler.ejbca_ca_handler.CAhandler._sign') @patch('examples.ca_handler.ejbca_ca_handler.CAhandler._status_get') - def test_061_enroll(self, mock_status, mock_sign, mock_pem, mock_recode, mock_decode, mock_d2p, mock_b2s): + def test_061_enroll(self, mock_status, mock_sign, mock_pem, mock_recode, mock_decode, mock_d2p, mock_b2s, mock_ecl): """ test enrollment """ mock_status.return_value = {'status': 'ok'} mock_sign.return_value = {'certificate_chain': 'certificate_chain'} @@ -643,6 +644,31 @@ def test_061_enroll(self, mock_status, mock_sign, mock_pem, mock_recode, mock_de self.assertFalse(mock_decode.called) self.assertFalse(mock_d2p.called) self.assertFalse(mock_b2s.called) + self.assertFalse(mock_ecl.called) + + @patch('examples.ca_handler.ejbca_ca_handler.enrollment_config_log') + @patch('examples.ca_handler.ejbca_ca_handler.convert_byte_to_string') + @patch('examples.ca_handler.ejbca_ca_handler.cert_der2pem') + @patch('examples.ca_handler.ejbca_ca_handler.b64_decode') + @patch('examples.ca_handler.ejbca_ca_handler.b64_url_recode') + @patch('examples.ca_handler.ejbca_ca_handler.build_pem_file') + @patch('examples.ca_handler.ejbca_ca_handler.CAhandler._sign') + @patch('examples.ca_handler.ejbca_ca_handler.CAhandler._status_get') + def test_062_enroll(self, mock_status, mock_sign, mock_pem, mock_recode, mock_decode, mock_d2p, mock_b2s, mock_ecl): + """ test enrollment """ + mock_status.return_value = {'status': 'ok'} + mock_sign.return_value = {'certificate_chain': 'certificate_chain'} + self.cahandler.enrollment_config_log = True + with self.assertLogs('test_a2c', level='INFO') as lcm: + self.assertEqual(('Malformed response', None, None, None), self.cahandler.enroll('csr')) + self.assertIn("ERROR:test_a2c:CAhandler.enroll(): Malformed Rest response: {'certificate_chain': 'certificate_chain'}", lcm.output) + self.assertTrue(mock_recode.called) + self.assertTrue(mock_pem.called) + self.assertTrue(mock_sign.called) + self.assertFalse(mock_decode.called) + self.assertFalse(mock_d2p.called) + self.assertFalse(mock_b2s.called) + self.assertTrue(mock_ecl.called) @patch('examples.ca_handler.ejbca_ca_handler.eab_profile_header_info_check') @patch('examples.ca_handler.ejbca_ca_handler.convert_byte_to_string') @@ -652,7 +678,7 @@ def test_061_enroll(self, mock_status, mock_sign, mock_pem, mock_recode, mock_de @patch('examples.ca_handler.ejbca_ca_handler.build_pem_file') @patch('examples.ca_handler.ejbca_ca_handler.CAhandler._sign') @patch('examples.ca_handler.ejbca_ca_handler.CAhandler._status_get') - def test_062_enroll(self, mock_status, mock_sign, mock_pem, mock_recode, mock_decode, mock_d2p, mock_b2s, profile_header_info_check): + def test_063_enroll(self, mock_status, mock_sign, mock_pem, mock_recode, mock_decode, mock_d2p, mock_b2s, profile_header_info_check): """ test enrollment one ca-cert """ mock_status.return_value = {'status': 'ok'} mock_sign.return_value = {'certificate': 'certificate', 'certificate_chain': ['certificate_chain']} @@ -674,7 +700,7 @@ def test_062_enroll(self, mock_status, mock_sign, mock_pem, mock_recode, mock_de @patch('examples.ca_handler.ejbca_ca_handler.build_pem_file') @patch('examples.ca_handler.ejbca_ca_handler.CAhandler._sign') @patch('examples.ca_handler.ejbca_ca_handler.CAhandler._status_get') - def test_063_enroll(self, mock_status, mock_sign, mock_pem, mock_recode, mock_decode, mock_d2p, mock_b2s, profile_header_info_check): + def test_064_enroll(self, mock_status, mock_sign, mock_pem, mock_recode, mock_decode, mock_d2p, mock_b2s, profile_header_info_check): """ test enrollment one ca-cert """ mock_status.return_value = {'status': 'ok'} mock_sign.return_value = {'certificate': 'certificate', 'certificate_chain': ['certificate_chain']} @@ -695,7 +721,7 @@ def test_063_enroll(self, mock_status, mock_sign, mock_pem, mock_recode, mock_de @patch('examples.ca_handler.ejbca_ca_handler.build_pem_file') @patch('examples.ca_handler.ejbca_ca_handler.CAhandler._sign') @patch('examples.ca_handler.ejbca_ca_handler.CAhandler._status_get') - def test_064_enroll(self, mock_status, mock_sign, mock_pem, mock_recode, mock_decode, mock_d2p, mock_b2s): + def test_065_enroll(self, mock_status, mock_sign, mock_pem, mock_recode, mock_decode, mock_d2p, mock_b2s): """ test enrollment two ca-certs """ mock_status.return_value = {'status': 'ok'} mock_sign.return_value = {'certificate': 'certificate', 'certificate_chain': ['certificate_chain', 'certificate_chain']} @@ -713,7 +739,7 @@ def test_064_enroll(self, mock_status, mock_sign, mock_pem, mock_recode, mock_de @patch('examples.ca_handler.ejbca_ca_handler.CAhandler._cert_status_check') @patch('examples.ca_handler.ejbca_ca_handler.cert_issuer_get') @patch('examples.ca_handler.ejbca_ca_handler.cert_serial_get') - def test_065_revoke(self, mock_serial, mock_issuer, mock_status, mock_encode, mock_put): + def test_066_revoke(self, mock_serial, mock_issuer, mock_status, mock_encode, mock_put): """ test revoke operation malformed api response """ mock_status.return_value = {} self.assertEqual((400, 'urn:ietf:params:acme:error:serverInternal', 'Unknown status'), self.cahandler.revoke('cert')) @@ -725,7 +751,7 @@ def test_065_revoke(self, mock_serial, mock_issuer, mock_status, mock_encode, mo @patch('examples.ca_handler.ejbca_ca_handler.CAhandler._cert_status_check') @patch('examples.ca_handler.ejbca_ca_handler.cert_issuer_get') @patch('examples.ca_handler.ejbca_ca_handler.cert_serial_get') - def test_066_revoke(self, mock_serial, mock_issuer, mock_status, mock_encode, mock_put): + def test_067_revoke(self, mock_serial, mock_issuer, mock_status, mock_encode, mock_put): """ test revoke operation cert already revoked """ mock_status.return_value = {'revoked': True} self.assertEqual((400, 'urn:ietf:params:acme:error:alreadyRevoked', 'Certificate has already been revoked'), self.cahandler.revoke('cert')) @@ -737,7 +763,7 @@ def test_066_revoke(self, mock_serial, mock_issuer, mock_status, mock_encode, mo @patch('examples.ca_handler.ejbca_ca_handler.CAhandler._cert_status_check') @patch('examples.ca_handler.ejbca_ca_handler.cert_issuer_get') @patch('examples.ca_handler.ejbca_ca_handler.cert_serial_get') - def test_067_revoke(self, mock_serial, mock_issuer, mock_status, mock_encode, mock_put): + def test_068_revoke(self, mock_serial, mock_issuer, mock_status, mock_encode, mock_put): """ test revoke operation - revocation response malformed """ mock_status.return_value = {'revoked': False} mock_put.return_value = {'foo': 'bar'} @@ -753,7 +779,7 @@ def test_067_revoke(self, mock_serial, mock_issuer, mock_status, mock_encode, mo @patch('examples.ca_handler.ejbca_ca_handler.CAhandler._cert_status_check') @patch('examples.ca_handler.ejbca_ca_handler.cert_issuer_get') @patch('examples.ca_handler.ejbca_ca_handler.cert_serial_get') - def test_068_revoke(self, mock_serial, mock_issuer, mock_status, mock_encode, mock_put): + def test_069_revoke(self, mock_serial, mock_issuer, mock_status, mock_encode, mock_put): """ test revoke operation - revocation unsuccessful """ mock_status.return_value = {'revoked': False} mock_put.return_value = {'revoked': False} @@ -769,7 +795,7 @@ def test_068_revoke(self, mock_serial, mock_issuer, mock_status, mock_encode, mo @patch('examples.ca_handler.ejbca_ca_handler.CAhandler._cert_status_check') @patch('examples.ca_handler.ejbca_ca_handler.cert_issuer_get') @patch('examples.ca_handler.ejbca_ca_handler.cert_serial_get') - def test_069_revoke(self, mock_serial, mock_issuer, mock_status, mock_encode, mock_put): + def test_070_revoke(self, mock_serial, mock_issuer, mock_status, mock_encode, mock_put): """ test revoke operation - revocation unsuccessful """ mock_status.return_value = {'revoked': False} mock_put.return_value = {'revoked': True} diff --git a/test/test_entrust.py b/test/test_entrust.py index 48b7bea8..2f4ebfe7 100644 --- a/test/test_entrust.py +++ b/test/test_entrust.py @@ -1078,10 +1078,11 @@ def test_082_response_parse(self, mock_der, mock_enc): self.assertTrue(mock_der.called) self.assertTrue(mock_enc.called) + @patch('examples.ca_handler.entrust_ca_handler.enrollment_config_log') @patch('examples.ca_handler.entrust_ca_handler.CAhandler._response_parse') @patch('examples.ca_handler.entrust_ca_handler.csr_cn_lookup') @patch('examples.ca_handler.entrust_ca_handler.CAhandler._api_post') - def test_083_enroll(self, mock_req, mock_cn, mock_parse): + def test_083_enroll(self, mock_req, mock_cn, mock_parse, mock_ecl): """ test _enroll() """ mock_cn.return_value = 'cn' mock_req.return_value = (201, 'response') @@ -1090,6 +1091,7 @@ def test_083_enroll(self, mock_req, mock_cn, mock_parse): self.assertTrue(mock_cn.called) self.assertTrue(mock_req.called) self.assertTrue(mock_parse.called) + self.assertFalse(mock_ecl.called) @patch('examples.ca_handler.entrust_ca_handler.CAhandler._response_parse') @patch('examples.ca_handler.entrust_ca_handler.csr_cn_lookup') @@ -1117,9 +1119,25 @@ def test_085_enroll(self, mock_req, mock_cn, mock_parse): self.assertTrue(mock_req.called) self.assertFalse(mock_parse.called) + @patch('examples.ca_handler.entrust_ca_handler.enrollment_config_log') + @patch('examples.ca_handler.entrust_ca_handler.CAhandler._response_parse') + @patch('examples.ca_handler.entrust_ca_handler.csr_cn_lookup') + @patch('examples.ca_handler.entrust_ca_handler.CAhandler._api_post') + def test_086_enroll(self, mock_req, mock_cn, mock_parse, mock_ecl): + """ test _enroll() """ + mock_cn.return_value = 'cn' + mock_req.return_value = (201, 'response') + mock_parse.return_value = ('cert_bundle', 'cert_raw', 'poll_indentifier') + self.cahandler.enrollment_config_log = True + self.assertEqual((None, 'cert_bundle', 'cert_raw', 'poll_indentifier'), self.cahandler._enroll('csr')) + self.assertTrue(mock_cn.called) + self.assertTrue(mock_req.called) + self.assertTrue(mock_parse.called) + self.assertTrue(mock_ecl.called) + @patch('examples.ca_handler.entrust_ca_handler.CAhandler._enroll') @patch('examples.ca_handler.entrust_ca_handler.CAhandler._enroll_check') - def test_086_enroll(self, mock_chk, mock_enroll): + def test_087_enroll(self, mock_chk, mock_enroll): """ test enroll() """ mock_chk.return_value = None mock_enroll.return_value = ('mock_err', 'mock_bundle', 'mock_raw', 'mock_poll') @@ -1127,7 +1145,7 @@ def test_086_enroll(self, mock_chk, mock_enroll): @patch('examples.ca_handler.entrust_ca_handler.CAhandler._enroll') @patch('examples.ca_handler.entrust_ca_handler.CAhandler._enroll_check') - def test_087_enroll(self, mock_chk, mock_enroll): + def test_088_enroll(self, mock_chk, mock_enroll): """ test enroll() """ mock_chk.return_value = 'mock_chk' mock_enroll.return_value = ('mock_err', 'mock_bundle', 'mock_raw', 'mock_poll') @@ -1135,7 +1153,7 @@ def test_087_enroll(self, mock_chk, mock_enroll): @patch('examples.ca_handler.entrust_ca_handler.CAhandler._api_post') @patch('examples.ca_handler.entrust_ca_handler.CAhandler._trackingid_get') - def test_088_revoke(self, mock_track, mock_req): + def test_089_revoke(self, mock_track, mock_req): """ test revoke() """ mock_track.return_value = 'tracking_id' mock_req.return_value = (200, 'response') @@ -1143,7 +1161,7 @@ def test_088_revoke(self, mock_track, mock_req): @patch('examples.ca_handler.entrust_ca_handler.CAhandler._api_post') @patch('examples.ca_handler.entrust_ca_handler.CAhandler._trackingid_get') - def test_089_revoke(self, mock_track, mock_req): + def test_090_revoke(self, mock_track, mock_req): """ test revoke() """ mock_track.return_value = 'tracking_id' mock_req.return_value = (500, 'response') @@ -1151,14 +1169,14 @@ def test_089_revoke(self, mock_track, mock_req): @patch('examples.ca_handler.entrust_ca_handler.CAhandler._api_post') @patch('examples.ca_handler.entrust_ca_handler.CAhandler._trackingid_get') - def test_090_revoke(self, mock_track, mock_req): + def test_091_revoke(self, mock_track, mock_req): """ test revoke() """ mock_track.return_value = None mock_req.return_value = (200, 'response') self.assertEqual((500, 'urn:ietf:params:acme:error:serverInternal', 'Failed to get tracking id'), self.cahandler.revoke('csr')) @patch('examples.ca_handler.entrust_ca_handler.CAhandler._api_get') - def test_091_certificates_get(self, mock_req): + def test_092_certificates_get(self, mock_req): """ test certificates_get() """ mock_req.return_value = (500, 'response') with self.assertLogs('test_a2c', level='INFO') as lcm: @@ -1166,7 +1184,7 @@ def test_091_certificates_get(self, mock_req): self.assertIn('ERROR:test_a2c:CAhandler.certificates_get() failed with code: 500', lcm.output) @patch('examples.ca_handler.entrust_ca_handler.CAhandler._api_get') - def test_092_certificates_get(self, mock_req): + def test_093_certificates_get(self, mock_req): """ test certificates_get() """ content = {'certificates': [1, 2, 3, 4], 'summary': {'total': 4}} mock_req.return_value = (200, content) @@ -1175,7 +1193,7 @@ def test_092_certificates_get(self, mock_req): self.assertIn('INFO:test_a2c:fetching certs offset: 0, limit: 200, total: 1, buffered: 0', lcm.output) @patch('examples.ca_handler.entrust_ca_handler.CAhandler._api_get') - def test_093_certificates_get(self, mock_req): + def test_094_certificates_get(self, mock_req): """ test certificates_get() """ response1 = (200, {'certificates': [1, 2, 3, 4], 'summary': {'total': 8}}) response2 = (200, {'certificates': [5, 6, 7, 8]}) @@ -1186,7 +1204,7 @@ def test_093_certificates_get(self, mock_req): self.assertIn('INFO:test_a2c:fetching certs offset: 200, limit: 200, total: 8, buffered: 4', lcm.output) @patch('examples.ca_handler.entrust_ca_handler.CAhandler._api_get') - def test_094_certificates_get(self, mock_req): + def test_095_certificates_get(self, mock_req): """ test certificates_get() """ response1 = (200, {'certificates': [1, 2, 3, 4]}) response2 = (200, {'certificates': [5, 6, 7, 8]}) @@ -1196,7 +1214,7 @@ def test_094_certificates_get(self, mock_req): self.assertEqual('Certificates lookup failed: did not get any total value', str(err.exception)) @patch('examples.ca_handler.entrust_ca_handler.CAhandler._api_get') - def test_095_certificates_get(self, mock_req): + def test_096_certificates_get(self, mock_req): """ test certificates_get() """ response1 = (200, {'certificates': [1, 2, 3, 4], 'summary': {'total': 9}}) response2 = (200, {'certificates': [5, 6, 7, 8]}) diff --git a/test/test_helper.py b/test/test_helper.py index 28779055..7f0d1315 100644 --- a/test/test_helper.py +++ b/test/test_helper.py @@ -3249,6 +3249,19 @@ class myclass: self.assertFalse(self.enrollment_config_log(self.logger, myclass, ['foo', 'bar'])) self.assertIn("INFO:test_a2c:Enrollment configuration: ['foobar: foobar_val']", lcm.output) + def test_398_enrollment_config_log(self): + """ test enrollment_config_log() """ + class myclass: + pass + myclass.foo = 'foo_val' + myclass.bar = 'bar_val' + myclass.foobar = 'foobar_val' + myclass.password = 'password_val' + myclass.secret = 'secret_val' + with self.assertLogs('test_a2c', level='INFO') as lcm: + self.assertFalse(self.enrollment_config_log(self.logger, myclass, 'ECLSLFAILURE')) + self.assertIn("ERROR:test_a2c:Enrollment configuration won't get logged due to a configuration error.", lcm.output) + if __name__ == '__main__': unittest.main() diff --git a/test/test_msca_handler.py b/test/test_msca_handler.py index e83a54b0..01474952 100644 --- a/test/test_msca_handler.py +++ b/test/test_msca_handler.py @@ -753,22 +753,51 @@ def test_052_enroll(self, mock_certserver, mock_credchk, mockwrap, mock_b2s, moc self.assertEqual(('get_cert', None, None, None), self.cahandler.enroll('csr')) self.assertIn('ERROR:test_a2c:ca_server.get_cert() failed with error: get_cert', lcm.output) + @patch('examples.ca_handler.mscertsrv_ca_handler.enrollment_config_log') + @patch('examples.ca_handler.mscertsrv_ca_handler.CAhandler._check_credentials') + @patch('certsrv.Certsrv') + def test_053_enroll(self, mock_certserver, mock_credchk, mock_ecl): + """ enroll credential check failed """ + self.cahandler.host = 'host' + self.cahandler.user = 'user' + self.cahandler.password = 'password' + self.cahandler.template = 'template' + mock_certserver.return_value = 'foo' + mock_credchk.return_value = False + self.assertEqual(('Connection or Credentialcheck failed.', None, None, None), self.cahandler.enroll('csr')) + self.assertFalse(mock_ecl.called) + + @patch('examples.ca_handler.mscertsrv_ca_handler.enrollment_config_log') + @patch('examples.ca_handler.mscertsrv_ca_handler.CAhandler._check_credentials') + @patch('certsrv.Certsrv') + def test_054_enroll(self, mock_certserver, mock_credchk, mock_ecl): + """ enroll credential check failed """ + self.cahandler.host = 'host' + self.cahandler.user = 'user' + self.cahandler.password = 'password' + self.cahandler.template = 'template' + self.cahandler.enrollment_config_log = True + mock_certserver.return_value = 'foo' + mock_credchk.return_value = False + self.assertEqual(('Connection or Credentialcheck failed.', None, None, None), self.cahandler.enroll('csr')) + self.assertTrue(mock_ecl.called) + @patch('examples.ca_handler.mscertsrv_ca_handler.header_info_get') - def test_053_template_name_get(self, mock_header): + def test_055_template_name_get(self, mock_header): """ test _template_name_get()""" mock_header.return_value = [{'header_info': '{"header_field": "template=foo lego-cli/4.14.2 xenolf-acme/4.14.2 (release; linux; amd64)"}'}] self.cahandler.header_info_field = 'header_field' self.assertEqual('foo', self.cahandler._template_name_get('csr')) @patch('examples.ca_handler.mscertsrv_ca_handler.header_info_get') - def test_054_template_name_get(self, mock_header): + def test_056_template_name_get(self, mock_header): """ test _template_name_get()""" mock_header.return_value = [{'header_info': '{"header_field": "Template=foo lego-cli/4.14.2 xenolf-acme/4.14.2 (release; linux; amd64)"}'}] self.cahandler.header_info_field = 'header_field' self.assertEqual('foo', self.cahandler._template_name_get('csr')) @patch('examples.ca_handler.mscertsrv_ca_handler.header_info_get') - def test_055_template_name_get(self, mock_header): + def test_057_template_name_get(self, mock_header): """ test _template_name_get()""" mock_header.return_value = [{'header_info': 'header_info'}] self.cahandler.header_info_field = 'header_field' @@ -776,19 +805,19 @@ def test_055_template_name_get(self, mock_header): self.assertFalse(self.cahandler._template_name_get('csr')) self.assertIn('ERROR:test_a2c:CAhandler._template_name_get() could not parse template: Expecting value: line 1 column 1 (char 0)', lcm.output) - def test_056_config_headerinfo_load(self): + def test_058_config_headerinfo_load(self): """ test config_headerinfo_load()""" config_dic = {'Order': {'header_info_list': '["foo", "bar", "foobar"]'}} self.cahandler._config_headerinfo_load(config_dic) self.assertEqual( 'foo', self.cahandler.header_info_field) - def test_057_config_headerinfo_load(self): + def test_059_config_headerinfo_load(self): """ test config_headerinfo_load()""" config_dic = {'Order': {'header_info_list': '["foo"]'}} self.cahandler._config_headerinfo_load(config_dic) self.assertEqual( 'foo', self.cahandler.header_info_field) - def test_058_config_headerinfo_load(self): + def test_060_config_headerinfo_load(self): """ test config_headerinfo_load()""" config_dic = {'Order': {'header_info_list': 'foo'}} with self.assertLogs('test_a2c', level='INFO') as lcm: @@ -796,28 +825,28 @@ def test_058_config_headerinfo_load(self): self.assertFalse(self.cahandler.header_info_field) self.assertIn('WARNING:test_a2c:Order._config_orderconfig_load() header_info_list failed with error: Expecting value: line 1 column 1 (char 0)', lcm.output) - def test_059__config_url_load(self): + def test_061__config_url_load(self): """ test _config_url_load()""" config_dic = {'CAhandler': {'url': 'foo'}} self.cahandler._config_url_load(config_dic) self.assertEqual( 'foo', self.cahandler.url) @patch.dict('os.environ', {'url_variable': 'foo1'}) - def test_060__config_url_load(self): + def test_062__config_url_load(self): """ test _config_url_load()""" config_dic = {'CAhandler': {'url_variable': 'url_variable'}} self.cahandler._config_url_load(config_dic) self.assertEqual( 'foo1', self.cahandler.url) @patch.dict('os.environ', {'url_variable': 'foo1'}) - def test_061__config_url_load(self): + def test_063__config_url_load(self): """ test _config_url_load()""" config_dic = {'CAhandler': {'url_variable': 'url_variable', 'url': 'foo'}} self.cahandler._config_url_load(config_dic) self.assertEqual( 'foo', self.cahandler.url) @patch.dict('os.environ', {'url_variable': 'foo1'}) - def test_062__config_url_load(self): + def test_064__config_url_load(self): """ test _config_url_load()""" config_dic = {'CAhandler': {'url_variable': 'doesnotexist'}} with self.assertLogs('test_a2c', level='INFO') as lcm: diff --git a/test/test_nclm_ca_handler.py b/test/test_nclm_ca_handler.py index 2d8e06c8..f3cc6054 100644 --- a/test/test_nclm_ca_handler.py +++ b/test/test_nclm_ca_handler.py @@ -1011,11 +1011,12 @@ def test_091__revocation_status_poll(self, mock_req, mock_sleep): err_dic = {'serverinternal': 'serverinternal'} self.assertEqual((500, 'serverinternal', 'Revocation operation failed: Timeout'), self.cahandler._revocation_status_poll('cert_id', err_dic)) + @patch('examples.ca_handler.nclm_ca_handler.enrollment_config_log') @patch('examples.ca_handler.nclm_ca_handler.CAhandler._cert_enroll') @patch('examples.ca_handler.nclm_ca_handler.CAhandler._template_id_lookup') @patch('examples.ca_handler.nclm_ca_handler.CAhandler._ca_policylink_id_lookup') @patch('examples.ca_handler.nclm_ca_handler.b64_url_recode') - def test_092_enroll(self, mock_recode, mock_policy, mock_template, mock_enroll): + def test_092_enroll(self, mock_recode, mock_policy, mock_template, mock_enroll, mock_ecl): """ test enroll """ mock_recode.return_value = 'csr' mock_policy.return_value = 'policylink_id' @@ -1028,12 +1029,34 @@ def test_092_enroll(self, mock_recode, mock_policy, mock_template, mock_enroll): self.assertTrue(mock_policy.called) self.assertTrue(mock_template.called) self.assertTrue(mock_enroll.called) + self.assertFalse(mock_ecl.called) + @patch('examples.ca_handler.nclm_ca_handler.enrollment_config_log') @patch('examples.ca_handler.nclm_ca_handler.CAhandler._cert_enroll') @patch('examples.ca_handler.nclm_ca_handler.CAhandler._template_id_lookup') @patch('examples.ca_handler.nclm_ca_handler.CAhandler._ca_policylink_id_lookup') @patch('examples.ca_handler.nclm_ca_handler.b64_url_recode') - def test_093_enroll(self, mock_recode, mock_policy, mock_template, mock_enroll): + def test_093_enroll(self, mock_recode, mock_policy, mock_template, mock_enroll, mock_ecl): + """ test enroll """ + mock_recode.return_value = 'csr' + mock_policy.return_value = 'policylink_id' + mock_template.return_value = 'template_id' + mock_enroll.return_value = ('error', 'bundle', 'raw', 'cert_id') + self.cahandler.enrollment_config_log = True + self.cahandler.template_info_dic = {'name': 'name', 'id': None} + self.cahandler.container_info_dic = {'name': 'name', 'id': 'id'} + self.assertEqual(('error', 'bundle', 'raw', 'cert_id'), self.cahandler.enroll('csr')) + self.assertTrue(mock_recode.called) + self.assertTrue(mock_policy.called) + self.assertTrue(mock_template.called) + self.assertTrue(mock_enroll.called) + self.assertTrue(mock_ecl.called) + + @patch('examples.ca_handler.nclm_ca_handler.CAhandler._cert_enroll') + @patch('examples.ca_handler.nclm_ca_handler.CAhandler._template_id_lookup') + @patch('examples.ca_handler.nclm_ca_handler.CAhandler._ca_policylink_id_lookup') + @patch('examples.ca_handler.nclm_ca_handler.b64_url_recode') + def test_094_enroll(self, mock_recode, mock_policy, mock_template, mock_enroll): """ test enroll """ mock_recode.return_value = 'csr' mock_policy.return_value = 'policylink_id' @@ -1051,7 +1074,7 @@ def test_093_enroll(self, mock_recode, mock_policy, mock_template, mock_enroll): @patch('examples.ca_handler.nclm_ca_handler.CAhandler._template_id_lookup') @patch('examples.ca_handler.nclm_ca_handler.CAhandler._ca_policylink_id_lookup') @patch('examples.ca_handler.nclm_ca_handler.b64_url_recode') - def test_094_enroll(self, mock_recode, mock_policy, mock_template, mock_enroll): + def test_095_enroll(self, mock_recode, mock_policy, mock_template, mock_enroll): """ test enroll """ mock_recode.return_value = 'csr' mock_policy.return_value = None @@ -1069,7 +1092,7 @@ def test_094_enroll(self, mock_recode, mock_policy, mock_template, mock_enroll): @patch('examples.ca_handler.nclm_ca_handler.CAhandler._template_id_lookup') @patch('examples.ca_handler.nclm_ca_handler.CAhandler._ca_policylink_id_lookup') @patch('examples.ca_handler.nclm_ca_handler.b64_url_recode') - def test_095_enroll(self, mock_recode, mock_policy, mock_template, mock_enroll): + def test_096_enroll(self, mock_recode, mock_policy, mock_template, mock_enroll): """ test enroll """ mock_recode.return_value = 'csr' mock_policy.return_value = None @@ -1089,7 +1112,7 @@ def test_095_enroll(self, mock_recode, mock_policy, mock_template, mock_enroll): @patch('examples.ca_handler.nclm_ca_handler.CAhandler._template_id_lookup') @patch('examples.ca_handler.nclm_ca_handler.CAhandler._ca_policylink_id_lookup') @patch('examples.ca_handler.nclm_ca_handler.b64_url_recode') - def test_096_enroll(self, mock_recode, mock_policy, mock_template, mock_enroll, mock_eab): + def test_097_enroll(self, mock_recode, mock_policy, mock_template, mock_enroll, mock_eab): """ test enroll """ mock_recode.return_value = 'csr' mock_policy.return_value = 'policylink_id' @@ -1108,7 +1131,7 @@ def test_096_enroll(self, mock_recode, mock_policy, mock_template, mock_enroll, @patch('examples.ca_handler.nclm_ca_handler.CAhandler._api_post') @patch('examples.ca_handler.nclm_ca_handler.CAhandler._cert_id_lookup') @patch('examples.ca_handler.nclm_ca_handler.error_dic_get') - def test_097_revoke(self, mock_err, mock_idl, mock_post, mock_poll): + def test_098_revoke(self, mock_err, mock_idl, mock_post, mock_poll): """ test revoke """ mock_err.return_value = {'foo': 'bar', 'serverinternal': 'serverinternal'} mock_idl.return_value = 'cert_id' @@ -1124,7 +1147,7 @@ def test_097_revoke(self, mock_err, mock_idl, mock_post, mock_poll): @patch('examples.ca_handler.nclm_ca_handler.CAhandler._api_post') @patch('examples.ca_handler.nclm_ca_handler.CAhandler._cert_id_lookup') @patch('examples.ca_handler.nclm_ca_handler.error_dic_get') - def test_098_revoke(self, mock_err, mock_idl, mock_post, mock_poll): + def test_099_revoke(self, mock_err, mock_idl, mock_post, mock_poll): """ test revoke """ mock_err.return_value = {'foo': 'bar', 'serverinternal': 'serverinternal'} mock_idl.return_value = 'cert_id' diff --git a/test/test_xca_ca_handler.py b/test/test_xca_ca_handler.py index a4b1aa21..e491d1fa 100644 --- a/test/test_xca_ca_handler.py +++ b/test/test_xca_ca_handler.py @@ -1655,6 +1655,7 @@ def test_188_enroll(self, mock_chk, mock_reqname, mock_csr, mock_b64, mock_build self.assertFalse(mock_sign.called) self.assertTrue(mock_prof.called) + @patch('examples.ca_handler.xca_ca_handler.enrollment_config_log') @patch('examples.ca_handler.xca_ca_handler.x509.CertificateBuilder') @patch('examples.ca_handler.xca_ca_handler.b64_encode') @patch('examples.ca_handler.xca_ca_handler.convert_byte_to_string') @@ -1665,7 +1666,7 @@ def test_188_enroll(self, mock_chk, mock_reqname, mock_csr, mock_b64, mock_build @patch('examples.ca_handler.xca_ca_handler.x509.load_pem_x509_csr') @patch('examples.ca_handler.xca_ca_handler.convert_string_to_byte') @patch('examples.ca_handler.xca_ca_handler.CAhandler._template_load') - def test_189_cert_sign(self, mock_teml_load, mock_str2byte, mock_load, mock_extlist, mock_hash, mock_store, mock_chain, mock_cvt, mock_b64, mock_builder): + def test_189_cert_sign(self, mock_teml_load, mock_str2byte, mock_load, mock_extlist, mock_hash, mock_store, mock_chain, mock_cvt, mock_b64, mock_builder, mock_ecl): """ test cert sign """ ca_cert = Mock() ca_cert.subject = 'subject' @@ -1684,7 +1685,9 @@ def test_189_cert_sign(self, mock_teml_load, mock_str2byte, mock_load, mock_extl self.assertTrue(mock_chain.called) self.assertTrue(mock_cvt.called) self.assertTrue(mock_builder.called) + self.assertFalse(mock_ecl.called) + @patch('examples.ca_handler.xca_ca_handler.enrollment_config_log') @patch('examples.ca_handler.xca_ca_handler.x509.CertificateBuilder') @patch('examples.ca_handler.xca_ca_handler.b64_encode') @patch('examples.ca_handler.xca_ca_handler.convert_byte_to_string') @@ -1695,7 +1698,7 @@ def test_189_cert_sign(self, mock_teml_load, mock_str2byte, mock_load, mock_extl @patch('examples.ca_handler.xca_ca_handler.x509.load_pem_x509_csr') @patch('examples.ca_handler.xca_ca_handler.convert_string_to_byte') @patch('examples.ca_handler.xca_ca_handler.CAhandler._template_load') - def test_190_cert_sign(self, mock_teml_load, mock_str2byte, mock_load, mock_extlist, mock_hash, mock_store, mock_chain, mock_cvt, mock_b64, mock_builder): + def test_190_cert_sign(self, mock_teml_load, mock_str2byte, mock_load, mock_extlist, mock_hash, mock_store, mock_chain, mock_cvt, mock_b64, mock_builder, mock_ecl): """ test cert sign """ ca_cert = Mock() ca_cert.subject = 'subject' @@ -1705,6 +1708,7 @@ def test_190_cert_sign(self, mock_teml_load, mock_str2byte, mock_load, mock_extl self.cahandler.template_name = 'template_name' mock_extlist.return_value = [{'name': 'name', 'critical': True}] mock_teml_load.return_value = [{'foo': 'bar'}, {'foo': 'bar'}] + self.cahandler.enrollment_config_log = True mock_builder.return_value.not_valid_before.return_value.not_valid_after.return_value.issuer_name.return_value.serial_number.return_value.public_key.return_value.add_extension.return_value.subject_name.return_value.sign.return_value.serial_number = 1234 self.assertEqual(('mock_pem', 'mock_cvt'), self.cahandler._cert_sign('csr', 'request_name', 'ca_key', ca_cert, 'ca_id')) self.assertTrue(mock_teml_load.called) @@ -1716,6 +1720,7 @@ def test_190_cert_sign(self, mock_teml_load, mock_str2byte, mock_load, mock_extl self.assertTrue(mock_chain.called) self.assertTrue(mock_cvt.called) self.assertTrue(mock_builder.called) + self.assertTrue(mock_ecl.called) @patch('examples.ca_handler.xca_ca_handler.x509.CertificateBuilder') @patch('examples.ca_handler.xca_ca_handler.b64_encode')