openstack/barbican
Code Issues Proposed changes

Modified plugin contract to include barbican-meta-dto

Browse Source 
We expect the barbican-meta-dto to be used for storing a CSR generated
in the stored key mechanism, as well as the plugin_ca_id.  These
fields are added here, but the code that uses them will be added in a
subsequent CR.

Change-Id: I27c20130228a20484ed601020614d45521a348f5
Implements: blueprint identify-cas
This commit is contained in:
Ade Lee
2015-02-20 15:09:56 -05:00
parent ae8d47ebd1
commit 5ca60eb4e1
9 changed files with 219 additions and 83 deletions
Download Patch File Download Diff File Expand all files Collapse all files

61
barbican/plugin/dogtag.py
View File

@@ -611,13 +611,15 @@ class DogtagCAPlugin(cm.CertificatePluginBase):
except pki.CertNotFoundException:
return None
def check_certificate_status(self, order_id, order_meta, plugin_meta):
def check_certificate_status(self, order_id, order_meta, plugin_meta,
barbican_meta_dto):
"""Check the status of a certificate request.
:param order_id: ID of the order associated with this request
:param order_meta: order_metadata associated with this order
:param plugin_meta: data populated by previous calls for this order,
in particular the request_id
:param barbican_meta_dto: additional data needed to process order.
:return: cm.ResultDTO
"""
request_id = self._get_request_id(order_id, plugin_meta, "checking")
@@ -675,7 +677,8 @@ class DogtagCAPlugin(cm.CertificatePluginBase):
u._("Invalid request_status returned by CA"))
@_catch_request_exception
def issue_certificate_request(self, order_id, order_meta, plugin_meta):
def issue_certificate_request(self, order_id, order_meta, plugin_meta,
barbican_meta_dto):
"""Issue a certificate request to the Dogtag CA
Call the relevant certificate issuance function depending on the
@@ -685,6 +688,7 @@ class DogtagCAPlugin(cm.CertificatePluginBase):
:param order_meta: dict containing all the inputs for this request.
This includes the request_type.
:param plugin_meta: Used to store data for status check
:param barbican_meta_dto: additional data needed to process order.
:return: cm.ResultDTO
"""
request_type = order_meta.get(
@@ -707,55 +711,70 @@ class DogtagCAPlugin(cm.CertificatePluginBase):
"Dogtag plugin does not support %s request type".format(
request_type))
return jump_table[request_type](order_id, order_meta, plugin_meta)
return jump_table[request_type](order_id, order_meta, plugin_meta,
barbican_meta_dto)
@_catch_enrollment_exceptions
def _issue_simple_cmc_request(self, order_id, order_meta, plugin_meta):
def _issue_simple_cmc_request(self, order_id, order_meta, plugin_meta,
barbican_meta_dto):
"""Issue a simple CMC request to the Dogtag CA.
:param order_id:
:param order_meta:
:param plugin_meta:
:param barbican_meta_dto:
:return: cm.ResultDTO
"""
if barbican_meta_dto.generated_csr is not None:
csr = barbican_meta_dto.generated_csr
else:
csr = order_meta.get('request_data')
profile_id = self.simple_cmc_profile
inputs = {
'cert_request_type': 'pkcs10',
'cert_request': order_meta.get('request_data')
'cert_request': csr
}
request = self.certclient.create_enrollment_request(profile_id, inputs)
results = self.certclient.submit_enrollment_request(request)
return self._process_enrollment_results(results, plugin_meta)
return self._process_enrollment_results(results,
plugin_meta,
barbican_meta_dto)
def _issue_full_cmc_request(self, order_id, order_meta, plugin_meta):
def _issue_full_cmc_request(self, order_id, order_meta, plugin_meta,
barbican_meta_dto):
"""Issue a full CMC request to the Dogtag CA.
:param order_id:
:param order_meta:
:param plugin_meta:
:param barbican_meta_dto:
:return: cm.ResultDTO
"""
raise DogtagPluginNotSupportedException(
"Dogtag plugin does not support %s request type".format(
cm.CertificateRequestType.FULL_CMC_REQUEST))
def _issue_stored_key_request(self, order_id, order_meta, plugin_meta):
def _issue_stored_key_request(self, order_id, order_meta, plugin_meta,
barbican_meta_dto):
"""Issue a simple CMC request to the Dogtag CA.
:param order_id:
:param order_meta:
:param plugin_meta:
:param barbican_meta_dto:
:return: cm.ResultDTO
"""
return self._issue_simple_cmc_request(
order_id,
order_meta,
plugin_meta)
plugin_meta,
barbican_meta_dto)
@_catch_enrollment_exceptions
def _issue_custom_certificate_request(self, order_id, order_meta,
plugin_meta):
plugin_meta, barbican_meta_dto):
"""Issue a custom certificate request to Dogtag CA
For now, we assume that we are talking to the Dogtag CA that
@@ -771,6 +790,7 @@ class DogtagCAPlugin(cm.CertificatePluginBase):
expose syntax. Depending on the profile, only the relevant fields
will be populated in the request. All others will be ignored.
:param plugin_meta: Used to store data for status check.
:param barbican_meta_dto: Extra data to aid in processing.
:return: cm.ResultDTO
"""
profile_id = order_meta.get(self.PROFILE_ID, None)
@@ -780,13 +800,18 @@ class DogtagCAPlugin(cm.CertificatePluginBase):
status_message=u._("No profile_id specified"))
results = self.certclient.enroll_cert(profile_id, order_meta)
return self._process_enrollment_results(results, plugin_meta)
return self._process_enrollment_results(results,
plugin_meta,
barbican_meta_dto)
def _process_enrollment_results(self, enrollment_results, plugin_meta):
def _process_enrollment_results(self, enrollment_results, plugin_meta,
barbican_meta_dto):
"""Process results received from Dogtag CA for enrollment
:param enrollment_results: list of CertEnrollmentResult objects
:param plugin_meta: metadata dict for storing plugin specific data
:param barbican_meta_dto: object containing extra data to help process
the request
:return: cm.ResultDTO
"""
@@ -831,7 +856,8 @@ class DogtagCAPlugin(cm.CertificatePluginBase):
certificate=cert.encoded,
intermediates=cert.pkcs7_cert_chain)
def modify_certificate_request(self, order_id, order_meta, plugin_meta):
def modify_certificate_request(self, order_id, order_meta, plugin_meta,
barbican_meta_dto):
"""Modify a certificate request.
Once a certificate request is generated, it cannot be modified.
@@ -843,14 +869,15 @@ class DogtagCAPlugin(cm.CertificatePluginBase):
modified request data will be present here.
:param plugin_meta: data stored on behalf of the plugin for further
operations
:param barbican_meta_dto: additional data needed to process order.
:return: ResultDTO:
"""
result_dto = self.cancel_certificate_request(
order_id, order_meta, plugin_meta)
order_id, order_meta, plugin_meta, barbican_meta_dto)
if result_dto.status == cm.CertificateStatus.REQUEST_CANCELED:
return self.issue_certificate_request(
order_id, order_meta, plugin_meta)
order_id, order_meta, plugin_meta, barbican_meta_dto)
elif result_dto.status == cm.CertificateStatus.INVALID_OPERATION:
return cm.ResultDTO(
cm.CertificateStatus.INVALID_OPERATION,
@@ -864,13 +891,15 @@ class DogtagCAPlugin(cm.CertificatePluginBase):
return result_dto
@_catch_request_exception
def cancel_certificate_request(self, order_id, order_meta, plugin_meta):
def cancel_certificate_request(self, order_id, order_meta, plugin_meta,
barbican_meta_dto):
"""Cancel a certificate request.
:param order_id: ID for the order associated with this request
:param order_meta: order metadata fdr this request
:param plugin_meta: data stored by plugin for further processing.
In particular, the request_id
:param barbican_meta_dto: additional data needed to process order.
:return: cm.ResultDTO:
"""
request_id = self._get_request_id(order_id, plugin_meta, "cancelling")

51
barbican/plugin/interface/certificate_manager.py
View File

@@ -211,7 +211,8 @@ class CertificatePluginBase(object):
"""
@abc.abstractmethod
def issue_certificate_request(self, order_id, order_meta, plugin_meta):
def issue_certificate_request(self, order_id, order_meta, plugin_meta,
barbican_meta_dto):
"""Create the initial order
:param order_id: ID associated with the order
@@ -220,6 +221,11 @@ class CertificatePluginBase(object):
this plugin. Plugins may also update/add
information here which Barbican will persist
on their behalf
:param barbican_meta_dto:
Data transfer object :class:`BarbicanMetaDTO` containing data
added to the request by the Barbican server to provide additional
context for processing, but which are not in
the original request. For example, the plugin_ca_id
:returns: A :class:`ResultDTO` instance containing the result
populated by the plugin implementation
:rtype: :class:`ResultDTO`
@@ -227,7 +233,8 @@ class CertificatePluginBase(object):
raise NotImplementedError # pragma: no cover
@abc.abstractmethod
def modify_certificate_request(self, order_id, order_meta, plugin_meta):
def modify_certificate_request(self, order_id, order_meta, plugin_meta,
barbican_meta_dto):
"""Update the order meta-data
:param order_id: ID associated with the order
@@ -236,6 +243,11 @@ class CertificatePluginBase(object):
this plugin. Plugins may also update/add
information here which Barbican will persist
on their behalf
:param barbican_meta_dto:
Data transfer object :class:`BarbicanMetaDTO` containing data
added to the request by the Barbican server to provide additional
context for processing, but which are not in
the original request. For example, the plugin_ca_id
:returns: A :class:`ResultDTO` instance containing the result
populated by the plugin implementation
:rtype: :class:`ResultDTO`
@@ -243,7 +255,8 @@ class CertificatePluginBase(object):
raise NotImplementedError # pragma: no cover
@abc.abstractmethod
def cancel_certificate_request(self, order_id, order_meta, plugin_meta):
def cancel_certificate_request(self, order_id, order_meta, plugin_meta,
barbican_meta_dto):
"""Cancel the order
:param order_id: ID associated with the order
@@ -252,6 +265,11 @@ class CertificatePluginBase(object):
this plugin. Plugins may also update/add
information here which Barbican will persist
on their behalf
:param barbican_meta_dto:
Data transfer object :class:`BarbicanMetaDTO` containing data
added to the request by the Barbican server to provide additional
context for processing, but which are not in
the original request. For example, the plugin_ca_id
:returns: A :class:`ResultDTO` instance containing the result
populated by the plugin implementation
:rtype: :class:`ResultDTO`
@@ -259,7 +277,8 @@ class CertificatePluginBase(object):
raise NotImplementedError # pragma: no cover
@abc.abstractmethod
def check_certificate_status(self, order_id, order_meta, plugin_meta):
def check_certificate_status(self, order_id, order_meta, plugin_meta,
barbican_meta_dto):
"""Check status of the order
:param order_id: ID associated with the order
@@ -268,6 +287,11 @@ class CertificatePluginBase(object):
this plugin. Plugins may also update/add
information here which Barbican will persist
on their behalf
:param barbican_meta_dto:
Data transfer object :class:`BarbicanMetaDTO` containing data
added to the request by the Barbican server to provide additional
context for processing, but which are not in
the original request. For example, the plugin_ca_id
:returns: A :class:`ResultDTO` instance containing the result
populated by the plugin implementation
:rtype: :class:`ResultDTO`
@@ -348,6 +372,25 @@ class ResultDTO(object):
self.retry_method = retry_method
class BarbicanMetaDTO(object):
"""Barbican meta data transfer object
Information needed to process a certificate request that is not specified
in the original request, and written by Barbican core, that is needed
by the plugin to process requests.
"""
def __init__(self, plugin_ca_id=None, generated_csr=None):
"""Creates a new BarbicanMetaDTO.
:param plugin_ca_id: ca_id as known to the plugin
:param generated_csr: csr generated in the stored-key case
:return: BarbicanMetaDTO
"""
self.plugin_ca_id = plugin_ca_id
self.generated_csr = generated_csr
class CertificatePluginManager(named.NamedExtensionManager):
def __init__(self, conf=CONF, invoke_on_load=True,
invoke_args=(), invoke_kwargs={}):

16
barbican/plugin/simple_certificate_manager.py
View File

@@ -24,7 +24,8 @@ LOG = utils.getLogger(__name__)
class SimpleCertificatePlugin(cert.CertificatePluginBase):
"""Simple/default certificate plugin."""
def issue_certificate_request(self, order_id, order_meta, plugin_meta):
def issue_certificate_request(self, order_id, order_meta, plugin_meta,
barbican_meta_dto):
"""Create the initial order with CA
:param order_id: ID associated with the order
@@ -33,6 +34,7 @@ class SimpleCertificatePlugin(cert.CertificatePluginBase):
this plugin. Plugins may also update/add
information here which Barbican will persist
on their behalf.
:param barbican_meta_dto: additional data needed to process order.
:returns: A :class:`ResultDTO` instance containing the result
populated by the plugin implementation
:rtype: :class:`ResultDTO`
@@ -40,7 +42,8 @@ class SimpleCertificatePlugin(cert.CertificatePluginBase):
LOG.info(u._LI('Invoking issue_certificate_request()'))
return cert.ResultDTO(cert.CertificateStatus.WAITING_FOR_CA)
def modify_certificate_request(self, order_id, order_meta, plugin_meta):
def modify_certificate_request(self, order_id, order_meta, plugin_meta,
barbican_meta_dto):
"""Update the order meta-data
:param order_id: ID associated with the order
@@ -49,6 +52,7 @@ class SimpleCertificatePlugin(cert.CertificatePluginBase):
this plugin. Plugins may also update/add
information here which Barbican will persist
on their behalf.
:param barbican_meta_dto: additional data needed to process order.
:returns: A :class:`ResultDTO` instance containing the result
populated by the plugin implementation
:rtype: :class:`ResultDTO`
@@ -56,7 +60,8 @@ class SimpleCertificatePlugin(cert.CertificatePluginBase):
LOG.info(u._LI('Invoking modify_certificate_request()'))
return cert.ResultDTO(cert.CertificateStatus.WAITING_FOR_CA)
def cancel_certificate_request(self, order_id, order_meta, plugin_meta):
def cancel_certificate_request(self, order_id, order_meta, plugin_meta,
barbican_meta_dto):
"""Cancel the order
:param order_id: ID associated with the order
@@ -65,6 +70,7 @@ class SimpleCertificatePlugin(cert.CertificatePluginBase):
this plugin. Plugins may also update/add
information here which Barbican will persist
on their behalf.
:param barbican_meta_dto: additional data needed to process order.
:returns: A :class:`ResultDTO` instance containing the result
populated by the plugin implementation
:rtype: :class:`ResultDTO`
@@ -72,7 +78,8 @@ class SimpleCertificatePlugin(cert.CertificatePluginBase):
LOG.info(u._LI('Invoking cancel_certificate_request()'))
return cert.ResultDTO(cert.CertificateStatus.REQUEST_CANCELED)
def check_certificate_status(self, order_id, order_meta, plugin_meta):
def check_certificate_status(self, order_id, order_meta, plugin_meta,
barbican_meta_dto):
"""Check status of the order
:param order_id: ID associated with the order
@@ -81,6 +88,7 @@ class SimpleCertificatePlugin(cert.CertificatePluginBase):
this plugin. Plugins may also update/add
information here which Barbican will persist
on their behalf.
:param barbican_meta_dto: additional data needed to process order.
:returns: A :class:`ResultDTO` instance containing the result
populated by the plugin implementation
:rtype: :class:`ResultDTO`

16
barbican/plugin/symantec.py
View File

@@ -59,7 +59,8 @@ class SymantecCertificatePlugin(cert.CertificatePluginBase):
if self.url == None:
raise ValueError(u._("url is required"))
def issue_certificate_request(self, order_id, order_meta, plugin_meta):
def issue_certificate_request(self, order_id, order_meta, plugin_meta,
barbican_meta_dto):
"""Create the initial order with CA
:param order_id: ID associated with the order
@@ -68,6 +69,7 @@ class SymantecCertificatePlugin(cert.CertificatePluginBase):
this plugin. Plugins may also update/add
information here which Barbican will persist
on their behalf.
:param barbican_meta_dto: additional data needed to process order.
:returns: ResultDTO
"""
successful, error_msg, can_retry = _ca_create_order(order_meta,
@@ -84,7 +86,8 @@ class SymantecCertificatePlugin(cert.CertificatePluginBase):
return cert.ResultDTO(status=status, status_message=message)
def modify_certificate_request(self, order_id, order_meta, plugin_meta):
def modify_certificate_request(self, order_id, order_meta, plugin_meta,
barbican_meta_dto):
"""Update the order meta-data
:param order_id: ID associated with the order
@@ -93,10 +96,12 @@ class SymantecCertificatePlugin(cert.CertificatePluginBase):
this plugin. Plugins may also update/add
information here which Barbican will persist
on their behalf.
:param barbican_meta_dto: additional data needed to process order.
"""
raise NotImplementedError # pragma: no cover
def cancel_certificate_request(self, order_id, order_meta, plugin_meta):
def cancel_certificate_request(self, order_id, order_meta, plugin_meta,
barbican_meta_dto):
"""Cancel the order
:param order_id: ID associated with the order
@@ -105,10 +110,12 @@ class SymantecCertificatePlugin(cert.CertificatePluginBase):
this plugin. Plugins may also update/add
information here which Barbican will persist
on their behalf.
:param barbican_meta_dto: additional data needed to process order.
"""
raise NotImplementedError # pragma: no cover
def check_certificate_status(self, order_id, order_meta, plugin_meta):
def check_certificate_status(self, order_id, order_meta, plugin_meta,
barbican_meta_dto):
"""Check status of the order
:param order_id: ID associated with the order
@@ -117,6 +124,7 @@ class SymantecCertificatePlugin(cert.CertificatePluginBase):
this plugin. Plugins may also update/add
information here which Barbican will persist
on their behalf.
:param barbican_meta_dto: additional data needed to process order.
"""
raise NotImplementedError # pragma: no cover

33
barbican/tasks/certificate_resources.py
View File

@@ -75,17 +75,24 @@ def issue_certificate_request(order_model, project_model, repos):
container_model = None
plugin_meta = _get_plugin_meta(order_model, repos)
barbican_meta_dto = cert.BarbicanMetaDTO()
# Locate a suitable plugin to issue a certificate.
cert_plugin = cert.CertificatePluginManager().get_plugin(order_model.meta)
request_type = order_model.meta.get(cert.REQUEST_TYPE)
if request_type == cert.CertificateRequestType.STORED_KEY_REQUEST:
_generate_csr(order_model, repos)
csr = order_model.order_barbican_metadata.get('generated_csr')
if csr is None:
csr = _generate_csr(order_model, repos)
order_model.order_barbican_metadata['generated_csr'] = csr
order_model.save()
barbican_meta_dto.generated_csr = csr
result = cert_plugin.issue_certificate_request(order_model.id,
order_model.meta,
plugin_meta)
plugin_meta,
barbican_meta_dto)
# Save plugin order plugin state
_save_plugin_metadata(order_model, plugin_meta, repos)
@@ -134,13 +141,15 @@ def check_certificate_request(order_model, project_model, plugin_name, repos):
"""
container_model = None
plugin_meta = _get_plugin_meta(order_model, repos)
barbican_meta_dto = cert.BarbicanMetaDTO()
cert_plugin = cert.CertificatePluginManager().get_plugin_by_name(
plugin_name)
result = cert_plugin.check_certificate_request(order_model.id,
order_model.meta,
plugin_meta)
plugin_meta,
barbican_meta_dto)
# Save plugin order plugin state
_save_plugin_metadata(order_model, plugin_meta, repos)
@@ -245,8 +254,14 @@ def _get_plugin_meta(order_model, repos):
def _generate_csr(order_model, repos):
"""Generate a CSR from the public key and add to the order metadata."""
"""Generate a CSR from the public key.
:param: order_model - order for the request
:param: repos - parameter to get to repositories
:return: CSR (certificate signing request) in PEM format
:raise: :class:`StoredKeyPrivateKeyNotFound` if private key not found
:class:`StoredKeyContainerNotFound` if container not found
"""
container_ref = order_model.meta.get('container_ref')
# extract container_id as the last part of the URL
@@ -292,14 +307,8 @@ def _generate_csr(order_model, repos):
pass
req.sign(pkey, 'sha256')
# TODO(alee-3) For now, we store the CSR in the order_meta. We need
# to revisit whether this is the right place to store this data as it
# is not data that was provided by the client. We may end up storing
# it in the barbican_metadata structure.
order_model.meta['request'] = crypto.dump_certificate_request(
crypto.FILETYPE_PEM, req)
order_model.save()
csr = crypto.dump_certificate_request(crypto.FILETYPE_PEM, req)
return csr
def _notify_ca_unavailable(order_model, result):

69
barbican/tests/plugin/test_dogtag.py
View File

@@ -306,6 +306,8 @@ class WhenTestingDogtagCAPlugin(utils.BaseTestCase):
dogtag_cert.CertRequestStatus.COMPLETE)
self.modified_request.cert_id = self.cert_id_mock
self.barbican_meta_dto = cm.BarbicanMetaDTO()
def tearDown(self):
super(WhenTestingDogtagCAPlugin, self).tearDown()
self.patcher.stop()
@@ -318,7 +320,7 @@ class WhenTestingDogtagCAPlugin(utils.BaseTestCase):
self.certclient_mock.enroll_cert.return_value = enrollment_results
result_dto = self.plugin.issue_certificate_request(
self.order_id, order_meta, plugin_meta)
self.order_id, order_meta, plugin_meta, self.barbican_meta_dto)
self.certclient_mock.enroll_cert.assert_called_once_with(
self.profile_id,
@@ -357,7 +359,7 @@ class WhenTestingDogtagCAPlugin(utils.BaseTestCase):
enrollment_results)
result_dto = self.plugin.issue_certificate_request(
self.order_id, order_meta, plugin_meta)
self.order_id, order_meta, plugin_meta, self.barbican_meta_dto)
self.certclient_mock.create_enrollment_request.assert_called_once_with(
self.cfg_mock.dogtag_plugin.simple_cmc_profile,
@@ -395,7 +397,8 @@ class WhenTestingDogtagCAPlugin(utils.BaseTestCase):
self.plugin.issue_certificate_request,
self.order_id,
order_meta,
plugin_meta
plugin_meta,
self.barbican_meta_dto
)
def test_issue_stored_key_request(self):
@@ -431,7 +434,8 @@ class WhenTestingDogtagCAPlugin(utils.BaseTestCase):
self.plugin.issue_certificate_request,
self.order_id,
order_meta,
plugin_meta
plugin_meta,
self.barbican_meta_dto
)
def test_issue_return_data_error_with_no_profile_id(self):
@@ -439,7 +443,7 @@ class WhenTestingDogtagCAPlugin(utils.BaseTestCase):
plugin_meta = {}
result_dto = self.plugin.issue_certificate_request(
self.order_id, order_meta, plugin_meta)
self.order_id, order_meta, plugin_meta, self.barbican_meta_dto)
self.assertEqual(result_dto.status,
cm.CertificateStatus.CLIENT_DATA_ISSUE_SEEN,
@@ -459,7 +463,7 @@ class WhenTestingDogtagCAPlugin(utils.BaseTestCase):
self.certclient_mock.enroll_cert.return_value = enrollment_results
result_dto = self.plugin.issue_certificate_request(
self.order_id, order_meta, plugin_meta)
self.order_id, order_meta, plugin_meta, self.barbican_meta_dto)
self.certclient_mock.enroll_cert.assert_called_once_with(
self.profile_id,
@@ -485,7 +489,7 @@ class WhenTestingDogtagCAPlugin(utils.BaseTestCase):
self.certclient_mock.enroll_cert.return_value = enrollment_results
result_dto = self.plugin.issue_certificate_request(
self.order_id, order_meta, plugin_meta)
self.order_id, order_meta, plugin_meta, self.barbican_meta_dto)
self.certclient_mock.enroll_cert.assert_called_once_with(
self.profile_id,
@@ -511,7 +515,7 @@ class WhenTestingDogtagCAPlugin(utils.BaseTestCase):
self.certclient_mock.enroll_cert.return_value = enrollment_results
result_dto = self.plugin.issue_certificate_request(
self.order_id, order_meta, plugin_meta)
self.order_id, order_meta, plugin_meta, self.barbican_meta_dto)
self.certclient_mock.enroll_cert.assert_called_once_with(
self.profile_id,
@@ -540,7 +544,8 @@ class WhenTestingDogtagCAPlugin(utils.BaseTestCase):
self.plugin.issue_certificate_request,
self.order_id,
order_meta,
plugin_meta
plugin_meta,
self.barbican_meta_dto
)
self.assertEqual(
@@ -563,7 +568,8 @@ class WhenTestingDogtagCAPlugin(utils.BaseTestCase):
self.plugin.issue_certificate_request,
self.order_id,
order_meta,
plugin_meta
plugin_meta,
self.barbican_meta_dto
)
self.assertEqual(
@@ -579,7 +585,7 @@ class WhenTestingDogtagCAPlugin(utils.BaseTestCase):
pki.BadRequestException("bad request"))
result_dto = self.plugin.issue_certificate_request(
self.order_id, order_meta, plugin_meta)
self.order_id, order_meta, plugin_meta, self.barbican_meta_dto)
self.certclient_mock.enroll_cert.assert_called_once_with(
self.profile_id,
@@ -601,7 +607,8 @@ class WhenTestingDogtagCAPlugin(utils.BaseTestCase):
self.plugin.issue_certificate_request,
self.order_id,
order_meta,
plugin_meta
plugin_meta,
self.barbican_meta_dto
)
def test_issue_return_ca_unavailable(self):
@@ -612,7 +619,7 @@ class WhenTestingDogtagCAPlugin(utils.BaseTestCase):
request_exceptions.RequestException())
result_dto = self.plugin.issue_certificate_request(
self.order_id, order_meta, plugin_meta)
self.order_id, order_meta, plugin_meta, self.barbican_meta_dto)
self.certclient_mock.enroll_cert.assert_called_once_with(
self.profile_id,
@@ -630,7 +637,7 @@ class WhenTestingDogtagCAPlugin(utils.BaseTestCase):
self.certclient_mock.review_request.return_value = self.review_response
result_dto = self.plugin.cancel_certificate_request(
self.order_id, order_meta, plugin_meta)
self.order_id, order_meta, plugin_meta, self.barbican_meta_dto)
self.certclient_mock.cancel_request.assert_called_once_with(
self.request_id_mock,
@@ -648,7 +655,7 @@ class WhenTestingDogtagCAPlugin(utils.BaseTestCase):
pki.RequestNotFoundException("request_not_found"))
result_dto = self.plugin.cancel_certificate_request(
self.order_id, order_meta, plugin_meta)
self.order_id, order_meta, plugin_meta, self.barbican_meta_dto)
self.certclient_mock.review_request.assert_called_once_with(
self.request_id_mock)
@@ -666,7 +673,7 @@ class WhenTestingDogtagCAPlugin(utils.BaseTestCase):
pki.ConflictingOperationException("conflicting_operation"))
result_dto = self.plugin.cancel_certificate_request(
self.order_id, order_meta, plugin_meta)
self.order_id, order_meta, plugin_meta, self.barbican_meta_dto)
self.certclient_mock.cancel_request.assert_called_once_with(
self.request_id_mock,
@@ -684,7 +691,7 @@ class WhenTestingDogtagCAPlugin(utils.BaseTestCase):
request_exceptions.RequestException("request_exception"))
result_dto = self.plugin.cancel_certificate_request(
self.order_id, order_meta, plugin_meta)
self.order_id, order_meta, plugin_meta, self.barbican_meta_dto)
self.assertEqual(result_dto.status,
cm.CertificateStatus.CA_UNAVAILABLE_FOR_REQUEST,
@@ -699,7 +706,8 @@ class WhenTestingDogtagCAPlugin(utils.BaseTestCase):
self.plugin.cancel_certificate_request,
self.order_id,
order_meta,
plugin_meta
plugin_meta,
self.barbican_meta_dto
)
def test_check_status(self):
@@ -710,7 +718,7 @@ class WhenTestingDogtagCAPlugin(utils.BaseTestCase):
self.certclient_mock.get_cert.return_value = self.cert
result_dto = self.plugin.check_certificate_status(
self.order_id, order_meta, plugin_meta)
self.order_id, order_meta, plugin_meta, self.barbican_meta_dto)
self.certclient_mock.get_request.assert_called_once_with(
self.request_id_mock)
@@ -734,7 +742,8 @@ class WhenTestingDogtagCAPlugin(utils.BaseTestCase):
self.plugin.check_certificate_status,
self.order_id,
order_meta,
plugin_meta
plugin_meta,
self.barbican_meta_dto
)
def test_check_status_rejected(self):
@@ -745,7 +754,7 @@ class WhenTestingDogtagCAPlugin(utils.BaseTestCase):
self.certclient_mock.get_request.return_value = self.request
result_dto = self.plugin.check_certificate_status(
self.order_id, order_meta, plugin_meta)
self.order_id, order_meta, plugin_meta, self.barbican_meta_dto)
self.certclient_mock.get_request.assert_called_once_with(
self.request_id_mock)
@@ -765,7 +774,7 @@ class WhenTestingDogtagCAPlugin(utils.BaseTestCase):
self.certclient_mock.get_request.return_value = self.request
result_dto = self.plugin.check_certificate_status(
self.order_id, order_meta, plugin_meta)
self.order_id, order_meta, plugin_meta, self.barbican_meta_dto)
self.certclient_mock.get_request.assert_called_once_with(
self.request_id_mock)
@@ -785,7 +794,7 @@ class WhenTestingDogtagCAPlugin(utils.BaseTestCase):
self.certclient_mock.get_request.return_value = self.request
result_dto = self.plugin.check_certificate_status(
self.order_id, order_meta, plugin_meta)
self.order_id, order_meta, plugin_meta, self.barbican_meta_dto)
self.certclient_mock.get_request.assert_called_once_with(
self.request_id_mock)
@@ -809,7 +818,8 @@ class WhenTestingDogtagCAPlugin(utils.BaseTestCase):
self.plugin.check_certificate_status,
self.order_id,
order_meta,
plugin_meta
plugin_meta,
self.barbican_meta_dto
)
def test_modify_request(self):
@@ -826,7 +836,7 @@ class WhenTestingDogtagCAPlugin(utils.BaseTestCase):
self.certclient_mock.enroll_cert.return_value = enrollment_results
result_dto = self.plugin.modify_certificate_request(
self.order_id, order_meta, plugin_meta)
self.order_id, order_meta, plugin_meta, self.barbican_meta_dto)
self.certclient_mock.cancel_request.assert_called_once_with(
self.request_id_mock,
@@ -859,7 +869,7 @@ class WhenTestingDogtagCAPlugin(utils.BaseTestCase):
pki.RequestNotFoundException("request_not_found"))
result_dto = self.plugin.modify_certificate_request(
self.order_id, order_meta, plugin_meta)
self.order_id, order_meta, plugin_meta, self.barbican_meta_dto)
self.certclient_mock.review_request.assert_called_once_with(
self.request_id_mock)
@@ -877,7 +887,7 @@ class WhenTestingDogtagCAPlugin(utils.BaseTestCase):
pki.ConflictingOperationException("conflicting_operation"))
result_dto = self.plugin.modify_certificate_request(
self.order_id, order_meta, plugin_meta)
self.order_id, order_meta, plugin_meta, self.barbican_meta_dto)
self.certclient_mock.cancel_request.assert_called_once_with(
self.request_id_mock,
@@ -895,7 +905,7 @@ class WhenTestingDogtagCAPlugin(utils.BaseTestCase):
request_exceptions.RequestException("request_exception"))
result_dto = self.plugin.modify_certificate_request(
self.order_id, order_meta, plugin_meta)
self.order_id, order_meta, plugin_meta, self.barbican_meta_dto)
self.assertEqual(result_dto.status,
cm.CertificateStatus.CA_UNAVAILABLE_FOR_REQUEST,
@@ -910,5 +920,6 @@ class WhenTestingDogtagCAPlugin(utils.BaseTestCase):
self.plugin.modify_certificate_request,
self.order_id,
order_meta,
plugin_meta
plugin_meta,
self.barbican_meta_dto
)

8
barbican/tests/plugin/test_simple_certificate_manager.py
View File

@@ -24,22 +24,22 @@ class WhenTestingSimpleCertificateManagerPlugin(testtools.TestCase):
self.plugin = simple.SimpleCertificatePlugin()
def test_issue_certificate_request(self):
result = self.plugin.issue_certificate_request(None, None, None)
result = self.plugin.issue_certificate_request(None, None, None, None)
self.assertEqual(cm.CertificateStatus.WAITING_FOR_CA, result.status)
def test_check_certificate_status(self):
result = self.plugin.check_certificate_status(None, None, None)
result = self.plugin.check_certificate_status(None, None, None, None)
self.assertEqual(cm.CertificateStatus.WAITING_FOR_CA, result.status)
def test_modify_certificate_request(self):
result = self.plugin.modify_certificate_request(None, None, None)
result = self.plugin.modify_certificate_request(None, None, None, None)
self.assertEqual(cm.CertificateStatus.WAITING_FOR_CA, result.status)
def test_cancel_certificate_request(self):
result = self.plugin.cancel_certificate_request(None, None, None)
result = self.plugin.cancel_certificate_request(None, None, None, None)
self.assertEqual(cm.CertificateStatus.REQUEST_CANCELED, result.status)

14
barbican/tests/plugin/test_symantec.py
View File

@@ -17,6 +17,7 @@ import mock
import testtools
try:
import barbican.plugin.interface.certificate_manager as cm
import barbican.plugin.symantec as sym
imports_ok = True
except ImportError:
@@ -40,6 +41,7 @@ class WhenTestingSymantecPlugin(utils.BaseTestCase):
self.error_msg = 'Error Message Here'
self.symantec = sym.SymantecCertificatePlugin()
self.barbican_plugin_dto = cm.BarbicanMetaDTO()
self.symantec_patcher = mock.patch(
'barbican.plugin.symantec._ca_create_order'
@@ -60,7 +62,8 @@ class WhenTestingSymantecPlugin(utils.BaseTestCase):
result = self.symantec.issue_certificate_request(
order_id,
self.order_meta,
plugin_meta
plugin_meta,
self.barbican_plugin_dto
)
self.assertEqual(result.status, "waiting for CA")
@@ -74,7 +77,8 @@ class WhenTestingSymantecPlugin(utils.BaseTestCase):
result = self.symantec.issue_certificate_request(
order_id,
self.order_meta,
plugin_meta
plugin_meta,
self.barbican_plugin_dto
)
self.assertEqual(result.status, "client data issue seen")
@@ -88,7 +92,8 @@ class WhenTestingSymantecPlugin(utils.BaseTestCase):
result = self.symantec.issue_certificate_request(
order_id,
self.order_meta,
plugin_meta
plugin_meta,
self.barbican_plugin_dto
)
self.assertEqual(result.status, "CA unavailable for request")
@@ -101,5 +106,6 @@ class WhenTestingSymantecPlugin(utils.BaseTestCase):
self.symantec.check_certificate_status,
order_id,
self.order_meta,
plugin_meta
plugin_meta,
self.barbican_plugin_dto
)

34
barbican/tests/tasks/test_certificate_resources.py
View File

@@ -110,8 +110,10 @@ class WhenIssuingCertificateRequests(utils.BaseTestCase):
super(WhenIssuingCertificateRequests, self).setUp()
self.project_id = "56789"
self.order_id = "12345"
self.barbican_meta_dto = mock.MagicMock()
self.order_meta = {}
self.plugin_meta = {}
self.barbican_meta = {}
self.result = cert_man.ResultDTO(
cert_man.CertificateStatus.WAITING_FOR_CA
)
@@ -123,6 +125,7 @@ class WhenIssuingCertificateRequests(utils.BaseTestCase):
self.order_model.id = self.order_id
self.order_model.meta = self.order_meta
self.order_model.project_id = self.project_id
self.order_model.order_barbican_meta = self.barbican_meta
self.repos = mock.MagicMock()
self.project_model = mock.MagicMock()
@@ -130,6 +133,7 @@ class WhenIssuingCertificateRequests(utils.BaseTestCase):
self._config_cert_event_plugin()
self._config_save_meta_plugin()
self._config_get_meta_plugin()
self._config_barbican_meta_dto()
self.private_key_secret_id = "private_key_secret_id"
self.public_key_secret_id = "public_key_secret_id"
@@ -173,6 +177,7 @@ class WhenIssuingCertificateRequests(utils.BaseTestCase):
"https://localhost/containers/" + self.container_id,
"subject_name": "cn=host.example.com,ou=dev,ou=us,o=example.com"
}
self.order_model.order_barbican_metadata = {}
def stored_key_side_effect(self, *args, **kwargs):
if args[0] == self.private_key_secret_id:
@@ -190,6 +195,7 @@ class WhenIssuingCertificateRequests(utils.BaseTestCase):
self.save_plugin_meta_patcher.stop()
self.get_plugin_meta_patcher.stop()
self.cert_event_plugin_patcher.stop()
self.barbican_meta_dto_patcher.stop()
def test_should_return_waiting_for_ca(self):
self.result.status = cert_man.CertificateStatus.WAITING_FOR_CA
@@ -241,7 +247,8 @@ class WhenIssuingCertificateRequests(utils.BaseTestCase):
self.repos)
self._verify_issue_certificate_plugins_called()
self.assertIsNotNone(self.order_meta['request'])
self.assertIsNotNone(
self.order_model.order_barbican_metadata['generated_csr'])
# TODO(alee-3) Add tests to validate the request based on the validator
# code that dave-mccowan is adding.
@@ -267,7 +274,8 @@ class WhenIssuingCertificateRequests(utils.BaseTestCase):
self.repos)
self._verify_issue_certificate_plugins_called()
self.assertIsNotNone(self.order_meta['request'])
self.assertIsNotNone(
self.order_model.order_barbican_metadata['generated_csr'])
# TODO(alee-3) Add tests to validate the request based on the validator
# code that dave-mccowan is adding.
@@ -293,7 +301,8 @@ class WhenIssuingCertificateRequests(utils.BaseTestCase):
self.repos)
self._verify_issue_certificate_plugins_called()
self.assertIsNotNone(self.order_meta['request'])
self.assertIsNotNone(
self.order_model.order_barbican_metadata['generated_csr'])
# TODO(alee-3) Add tests to validate the request based on the validator
# code that dave-mccowan is adding.
@@ -318,7 +327,8 @@ class WhenIssuingCertificateRequests(utils.BaseTestCase):
self.repos)
self._verify_issue_certificate_plugins_called()
self.assertIsNotNone(self.order_meta['request'])
self.assertIsNotNone(
self.order_model.order_barbican_metadata['generated_csr'])
# TODO(alee-3) Add tests to validate the request based on the validator
# code that dave-mccowan is adding.
@@ -388,7 +398,8 @@ class WhenIssuingCertificateRequests(utils.BaseTestCase):
self.repos)
self._verify_issue_certificate_plugins_called()
self.assertIsNotNone(self.order_meta['request'])
self.assertIsNotNone(
self.order_model.order_barbican_metadata['generated_csr'])
# TODO(alee-3) Add tests to validate the request based on the validator
# code that dave-mccowan is adding.
@@ -443,7 +454,8 @@ class WhenIssuingCertificateRequests(utils.BaseTestCase):
self.cert_plugin.issue_certificate_request.assert_called_once_with(
self.order_id,
self.order_meta,
self.plugin_meta
self.plugin_meta,
self.barbican_meta_dto
)
self.mock_save_plugin.assert_called_once_with(
@@ -487,3 +499,13 @@ class WhenIssuingCertificateRequests(utils.BaseTestCase):
**get_plugin_config
)
self.get_plugin_meta_patcher.start()
def _config_barbican_meta_dto(self):
"""Mock the BarbicanMetaDTO."""
get_plugin_config = {'return_value': self.barbican_meta_dto}
self.barbican_meta_dto_patcher = mock.patch(
'barbican.plugin.interface.certificate_manager'
'.BarbicanMetaDTO',
**get_plugin_config
)
self.barbican_meta_dto_patcher.start()