Sign CSRs issued in SnakeOilCA tests

In OpenSSL 1.0.2a CSRs that are not signed are now considered invalid and will throw an error when trying to load them. This commit fixes that and also moves the repeated code to a single function to improve the tests' readability. Change-Id: I7a60717b7f473a6f2724eed515aa094819b7f621 Closes-Bug: #1443075
2015-04-12 16:22:45 +03:00 · 2015-04-12 16:22:45 +03:00 · c27f2b75b6
commit c27f2b75b6
parent 0982ea7ffb
2 changed files with 25 additions and 22 deletions
--- a/barbican/tests/certificate_utils.py
+++ b/barbican/tests/certificate_utils.py
@ -13,6 +13,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+"""
+The following functions were created for testing purposes.
+"""
 from OpenSSL import crypto


@ -22,20 +25,26 @@ def create_key_pair(type, bits):
    return key_pair


-def create_good_csr():
-    """For testing, generate a CSR that will pass validation."""
+def get_valid_csr_object():
+    """Create a valid X509Req object"""
    key_pair = create_key_pair(crypto.TYPE_RSA, 2048)
    csr = crypto.X509Req()
    subject = csr.get_subject()
    setattr(subject, "CN", "host.example.net")
    csr.set_pubkey(key_pair)
    csr.sign(key_pair, "sha256")
+    return csr
+
+
+def create_good_csr():
+    """Generate a CSR that will pass validation."""
+    csr = get_valid_csr_object()
    pem = crypto.dump_certificate_request(crypto.FILETYPE_PEM, csr)
    return pem


 def create_csr_that_has_not_been_signed():
-    """For testing, generate a CSR that has not been signed."""
+    """Generate a CSR that has not been signed."""
    key_pair = create_key_pair(crypto.TYPE_RSA, 2048)
    csr = crypto.X509Req()
    subject = csr.get_subject()
@ -46,7 +55,7 @@ def create_csr_that_has_not_been_signed():


 def create_csr_signed_with_wrong_key():
-    """For testing, generate a CSR that has been signed by the wrong key."""
+    """Generate a CSR that has been signed by the wrong key."""
    key_pair1 = create_key_pair(crypto.TYPE_RSA, 2048)
    key_pair2 = create_key_pair(crypto.TYPE_RSA, 2048)
    csr = crypto.X509Req()
@ -61,12 +70,12 @@ def create_csr_signed_with_wrong_key():


 def create_bad_csr():
-    """For testing, generate a CSR that will not parse."""
+    """Generate a CSR that will not parse."""
    return "Bad PKCS10 Data"


 def create_csr_with_bad_subject_dn():
-    """For testing, generate a CSR that has a bad subject dn."""
+    """Generate a CSR that has a bad subject dn."""
    key_pair = create_key_pair(crypto.TYPE_RSA, 2048)
    csr = crypto.X509Req()
    subject = csr.get_subject()
--- a/barbican/tests/plugin/test_snakeoil_ca.py
+++ b/barbican/tests/plugin/test_snakeoil_ca.py
@ -23,6 +23,7 @@ from oslo.config import fixture as oslo_fixture

 import barbican.plugin.interface.certificate_manager as cm
 from barbican.plugin import snakeoil_ca
+from barbican.tests import certificate_utils
 from barbican.tests import utils


@ -95,10 +96,8 @@ class CertManagerTestCase(BaseTestCase):
        crypto.verify(self.ca.cert, sig[1:], der[0], 'sha256')

    def test_gen_cert_no_file_storage(self):
-        key = crypto.PKey()
-        key.generate_key(crypto.TYPE_RSA, 512)
-        req = crypto.X509Req()
-        req.set_pubkey(key)
+        req = certificate_utils.get_valid_csr_object()
+
        cm = snakeoil_ca.CertManager(self.ca)
        cert = cm.make_certificate(req)
        first_serial = cert.get_serial_number()
@ -113,10 +112,8 @@ class CertManagerTestCase(BaseTestCase):
        cert = cm.make_certificate(req)

    def test_gen_cert_with_file_storage(self):
-        key = crypto.PKey()
-        key.generate_key(crypto.TYPE_RSA, 512)
-        req = crypto.X509Req()
-        req.set_pubkey(key)
+        req = certificate_utils.get_valid_csr_object()
+
        cm = snakeoil_ca.CertManager(self.ca)
        cert = cm.make_certificate(req)
        cert_enc = crypto.dump_certificate(crypto.FILETYPE_ASN1, cert)
@ -140,10 +137,8 @@ class SnakeoilCAPluginTestCase(BaseTestCase):
        self.order_id = mock.MagicMock()

    def test_issue_certificate_request(self):
-        key = crypto.PKey()
-        key.generate_key(crypto.TYPE_RSA, 512)
-        req = crypto.X509Req()
-        req.set_pubkey(key)
+        req = certificate_utils.get_valid_csr_object()
+
        req_enc = crypto.dump_certificate_request(crypto.FILETYPE_PEM, req)
        order_meta = {'request_data': req_enc}
        resp = self.plugin.issue_certificate_request(self.order_id,
@ -151,10 +146,8 @@ class SnakeoilCAPluginTestCase(BaseTestCase):
        crypto.load_certificate(crypto.FILETYPE_PEM, resp.certificate)

    def test_issue_certificate_request_set_subject(self):
-        key = crypto.PKey()
-        key.generate_key(crypto.TYPE_RSA, 512)
-        req = crypto.X509Req()
-        req.set_pubkey(key)
+        req = certificate_utils.get_valid_csr_object()
+
        subj = req.get_subject()
        subj.countryName = 'US'
        subj.stateOrProvinceName = 'OR'
@ -162,6 +155,7 @@ class SnakeoilCAPluginTestCase(BaseTestCase):
        subj.organizationName = 'Testers Anon'
        subj.organizationalUnitName = 'Testers OU'
        subj.commonName = 'Testing'
+
        req_enc = crypto.dump_certificate_request(crypto.FILETYPE_PEM, req)
        order_meta = {'request_data': req_enc}
        resp = self.plugin.issue_certificate_request(self.order_id,