From be5dea1c694439d3dc9d1dfd5fa4307e28138c1a Mon Sep 17 00:00:00 2001 From: ptoohill1 Date: Thu, 2 Apr 2015 11:36:55 -0500 Subject: [PATCH] Fixes cert_parser intermediate validation Updates cert_parser to only validate the intermediate and not compare to private key Update tests Change-Id: I27dedfc9f8ff80c39c4e1452eb6c8560b5fc9a5b Closes-Bug: #1439770 --- neutron_lbaas/common/tls_utils/cert_parser.py | 2 +- .../tests/unit/common/tls_utils/test_cert_parser.py | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/neutron_lbaas/common/tls_utils/cert_parser.py b/neutron_lbaas/common/tls_utils/cert_parser.py index 60b096bd5..71ded6681 100644 --- a/neutron_lbaas/common/tls_utils/cert_parser.py +++ b/neutron_lbaas/common/tls_utils/cert_parser.py @@ -42,7 +42,7 @@ def validate_cert(certificate, private_key=None, x509 = _get_x509_from_pem_bytes(certificate) if intermediates: for x509Pem in _split_x509s(intermediates): - x509 = _get_x509_from_pem_bytes(x509Pem) + _get_x509_from_pem_bytes(x509Pem) if private_key: pkey = _read_privatekey(private_key, passphrase=private_key_passphrase) diff --git a/neutron_lbaas/tests/unit/common/tls_utils/test_cert_parser.py b/neutron_lbaas/tests/unit/common/tls_utils/test_cert_parser.py index e0b9854f0..760e98bc7 100644 --- a/neutron_lbaas/tests/unit/common/tls_utils/test_cert_parser.py +++ b/neutron_lbaas/tests/unit/common/tls_utils/test_cert_parser.py @@ -226,6 +226,12 @@ class TestTLSParseUtils(base.BaseTestCase): self.assertTrue(cert_parser.validate_cert(ALT_EXT_CRT, private_key=UNENCRYPTED_PKCS8_CRT_KEY)) + def test_x509_parses_intermediates(self): + # Should not throw error when parsing with intermediates + cert_parser.validate_cert(ALT_EXT_CRT, + UNENCRYPTED_PKCS8_CRT_KEY, + intermediates=X509_IMDS) + def test_read_private_key(self): self.assertRaises(exceptions.NeedsPassphrase, cert_parser._read_privatekey,