8da225a413
Change-Id: I8a9efff66a9e3579126071e9ad16bfafe7ccfc56
112 lines
3.8 KiB
Python
112 lines
3.8 KiB
Python
# Copyright (c) 2013 The Johns Hopkins University/Applied Physics Laboratory
|
|
# All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
"""
|
|
Test cases for the conf key manager.
|
|
"""
|
|
|
|
import binascii
|
|
import codecs
|
|
|
|
from castellan.common.objects import symmetric_key as key
|
|
|
|
import nova.conf
|
|
from nova import context
|
|
from nova import exception
|
|
from nova.keymgr import conf_key_mgr
|
|
from nova import test
|
|
|
|
|
|
CONF = nova.conf.CONF
|
|
decode_hex = codecs.getdecoder("hex_codec")
|
|
|
|
|
|
class ConfKeyManagerTestCase(test.NoDBTestCase):
|
|
def __init__(self, *args, **kwargs):
|
|
super(ConfKeyManagerTestCase, self).__init__(*args, **kwargs)
|
|
|
|
self._hex_key = '0' * 64
|
|
|
|
def _create_key_manager(self):
|
|
CONF.set_default('fixed_key', default=self._hex_key,
|
|
group='key_manager')
|
|
return conf_key_mgr.ConfKeyManager(CONF)
|
|
|
|
def setUp(self):
|
|
super(ConfKeyManagerTestCase, self).setUp()
|
|
|
|
self.ctxt = context.RequestContext('fake', 'fake')
|
|
self.key_mgr = self._create_key_manager()
|
|
encoded_key = bytes(binascii.unhexlify(self._hex_key))
|
|
self.key = key.SymmetricKey('AES', len(encoded_key) * 8, encoded_key)
|
|
self.key_id = self.key_mgr.key_id
|
|
|
|
def test_init(self):
|
|
key_manager = self._create_key_manager()
|
|
self.assertEqual(self._hex_key, key_manager._hex_key)
|
|
|
|
def test_init_value_error(self):
|
|
CONF.set_default('fixed_key', default=None, group='key_manager')
|
|
self.assertRaises(ValueError, conf_key_mgr.ConfKeyManager, CONF)
|
|
|
|
def test_create_key(self):
|
|
key_id_1 = self.key_mgr.create_key(self.ctxt, 'AES', 256)
|
|
key_id_2 = self.key_mgr.create_key(self.ctxt, 'AES', 256)
|
|
# ensure that the UUIDs are the same
|
|
self.assertEqual(key_id_1, key_id_2)
|
|
|
|
def test_create_null_context(self):
|
|
self.assertRaises(exception.Forbidden,
|
|
self.key_mgr.create_key, None, 'AES', 256)
|
|
|
|
def test_store_key(self):
|
|
key_bytes = bytes(binascii.unhexlify('0' * 64))
|
|
_key = key.SymmetricKey('AES', len(key_bytes) * 8, key_bytes)
|
|
key_id = self.key_mgr.store(self.ctxt, _key)
|
|
|
|
actual_key = self.key_mgr.get(self.ctxt, key_id)
|
|
self.assertEqual(_key, actual_key)
|
|
|
|
def test_store_null_context(self):
|
|
self.assertRaises(exception.Forbidden,
|
|
self.key_mgr.store, None, self.key)
|
|
|
|
def test_get_null_context(self):
|
|
self.assertRaises(exception.Forbidden,
|
|
self.key_mgr.get, None, None)
|
|
|
|
def test_get_unknown_key(self):
|
|
self.assertRaises(KeyError, self.key_mgr.get, self.ctxt, None)
|
|
|
|
def test_get(self):
|
|
self.assertEqual(self.key,
|
|
self.key_mgr.get(self.ctxt, self.key_id))
|
|
|
|
def test_delete_key(self):
|
|
key_id = self.key_mgr.create_key(self.ctxt, 'AES', 256)
|
|
self.key_mgr.delete(self.ctxt, key_id)
|
|
|
|
# key won't actually be deleted
|
|
self.assertEqual(self.key,
|
|
self.key_mgr.get(self.ctxt, key_id))
|
|
|
|
def test_delete_null_context(self):
|
|
self.assertRaises(exception.Forbidden,
|
|
self.key_mgr.delete, None, None)
|
|
|
|
def test_delete_unknown_key(self):
|
|
self.assertRaises(exception.KeyManagerError,
|
|
self.key_mgr.delete, self.ctxt, None)
|