1
2 """Unit tests for Online CA Web Service client
3 """
4 __author__ = "P J Kershaw"
5 __date__ = "28/05/12"
6 __copyright__ = "(C) 2012 Science and Technology Facilities Council"
7 __license__ = "BSD - see LICENSE file in top-level directory"
8 __contact__ = "Philip.Kershaw@stfc.ac.uk"
9 __revision__ = '$Id$'
10 import logging
11 logging.basicConfig(level=logging.DEBUG)
12 import unittest
13 import os
14 from getpass import getpass
15 from ConfigParser import SafeConfigParser, NoOptionError
16
17 from OpenSSL import crypto, SSL
18
19 from ndg.httpsclient.ssl_context_util import make_ssl_context
20
21 from contrail.security.onlineca.client import OnlineCaClient
22 from contrail.security.onlineca.client.test import TEST_CA_DIR, TEST_DIR
23
24 log = logging.getLogger(__name__)
25
26
28 """Test OnlineCA Service Client"""
29 config_filepath = os.environ.get('TEST_ONLINECA_CLIENT_CFG_FILEPATH') or \
30 os.path.join(TEST_DIR, 'test_onlineca_client.cfg')
31
33 self.cfg = SafeConfigParser({'here': TEST_DIR})
34 self.cfg.optionxform = str
35 self.cfg.read(self.__class__.config_filepath)
36
37 unittest.TestCase.__init__(self, *args, **kwargs)
38
40 opt_name = 'OnlineCaClientTestCase.test01_get_trustroots'
41 server_url = self.cfg.get(opt_name, 'uri')
42
43 onlineca_client = OnlineCaClient()
44 onlineca_client.ca_cert_dir = TEST_CA_DIR
45
46 trustroots = onlineca_client.get_trustroots(server_url, bootstrap=True,
47 write_to_ca_cert_dir=True)
48 self.assert_(trustroots)
49 for i in trustroots.items():
50 log.info("%s:\n%s" % i)
51
53 opt_name = 'OnlineCaClientTestCase.test02_logon'
54 username = self.cfg.get(opt_name, 'username')
55 pem_out_filepath = self.cfg.get(opt_name, 'pem_out_filepath')
56
57 try:
58 password = self.cfg.get(opt_name, 'password')
59 except NoOptionError:
60 password = getpass('OnlineCaClientTestCase.test01_logon password: ')
61
62 server_url = self.cfg.get(opt_name, 'uri')
63
64 onlineca_client = OnlineCaClient()
65 onlineca_client.ca_cert_dir = TEST_CA_DIR
66
67 key_pair, cert = onlineca_client.logon(username, password, server_url,
68 pem_out_filepath=pem_out_filepath)
69 self.assert_(key_pair)
70 self.assert_(cert)
71
72 subj = cert.get_subject()
73 self.assert_(subj)
74 self.assert_(subj.CN)
75
76 log.info("Returned key pair\n%r",
77 crypto.dump_privatekey(crypto.FILETYPE_PEM, key_pair))
78 log.info("Returned certificate subject %r" % subj)
79 log.info("Returned certificate issuer %r" % cert.get_issuer())
80
82
83 opt_name = 'OnlineCaClientTestCase.test03_logon_with_ssl_client_authn'
84 username = self.cfg.get(opt_name, 'username')
85 try:
86 password = self.cfg.get(opt_name, 'password')
87 except NoOptionError:
88 password = ''
89
90 server_url = self.cfg.get(opt_name, 'uri')
91 client_cert_filepath = self.cfg.get(opt_name, 'client_cert_filepath')
92 client_key_filepath = self.cfg.get(opt_name, 'client_key_filepath')
93
94 onlineca_client = OnlineCaClient()
95
96 ssl_ctx = make_ssl_context(cert_file=client_cert_filepath,
97 key_file=client_key_filepath,
98 ca_dir=TEST_CA_DIR,
99 verify_peer=True,
100 url=server_url,
101 method=SSL.TLSv1_METHOD)
102
103 res = onlineca_client.logon(username, password, server_url,
104 ssl_ctx=ssl_ctx)
105 self.assert_(res)
106
107 pem_out = res.read()
108 cert = crypto.load_certificate(crypto.FILETYPE_PEM, pem_out)
109 subj = cert.get_subject()
110 self.assert_(subj)
111 self.assert_(subj.CN)
112
113 log.info("Returned certificate subject %r" % subj)
114 log.info("Returned certificate issuer %r" % cert.get_issuer())
115
116
117 if __name__ == "__main__":
118 unittest.main()
119