openstack
/
octavia
Code Issues Proposed changes

Barbican Cert Manager fails to correctly parse intermediates 

This may be a candidate for stable/liberty backport.

Change-Id: Ia61bbc7099630fa33ca0f1ee4825c2b01244c7f3
Closes-Bug: 1550535
This commit is contained in:
Adam Harwell 2016-02-26 16:37:33 -06:00
parent 3ec5d4fa51
commit 06f50c07ef
4 changed files with 41 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
octavia/certificates/common/barbican.py
View File

@ -23,6 +23,7 @@ from barbicanclient import client as barbican_client
import six
from octavia.certificates.common import cert
from octavia.common.tls_utils import cert_parser
from octavia.i18n import _LE
@ -42,7 +43,8 @@ class BarbicanCert(cert.Cert):
def get_intermediates(self):
if self._cert_container.intermediates:
return self._cert_container.intermediates.payload
intermediates = self._cert_container.intermediates.payload
return [imd for imd in cert_parser._split_x509s(intermediates)]
def get_private_key(self):
if self._cert_container.private_key:

2
octavia/certificates/common/cert.py
View File

@ -29,7 +29,7 @@ class Cert(object):
@abc.abstractmethod
def get_intermediates(self):
"""Returns the intermediate certificates."""
"""Returns the intermediate certificates as a list."""
pass
@abc.abstractmethod

20
octavia/tests/unit/certificates/common/test_barbican.py
View File

@ -18,13 +18,29 @@ import mock
import octavia.certificates.common.barbican as barbican_common
import octavia.tests.unit.base as base
X509_IMDS = """-----BEGIN CERTIFICATE-----
First Intermediate Data
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
Second Intermediate Data
-----END CERTIFICATE-----"""
X509_IMDS_LIST = [
"""-----BEGIN CERTIFICATE-----
First Intermediate Data
-----END CERTIFICATE-----""",
"""-----BEGIN CERTIFICATE-----
Second Intermediate Data
-----END CERTIFICATE-----"""
]
class TestBarbicanCert(base.TestCase):
def setUp(self):
# Certificate data
self.certificate = "My Certificate"
self.intermediates = "My Intermediates"
self.intermediates = X509_IMDS_LIST
self.private_key = "My Private Key"
self.private_key_passphrase = "My Private Key Passphrase"
@ -34,7 +50,7 @@ class TestBarbicanCert(base.TestCase):
)
self.intermediates_secret = barbican_client.secrets.Secret(
api=mock.MagicMock(),
payload=self.intermediates
payload=X509_IMDS
)
self.private_key_secret = barbican_client.secrets.Secret(
api=mock.MagicMock(),

21
octavia/tests/unit/certificates/manager/test_barbican.py
View File

@ -26,6 +26,22 @@ import octavia.tests.unit.base as base
PROJECT_ID = "12345"
X509_IMDS = """-----BEGIN CERTIFICATE-----
First Intermediate Data
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
Second Intermediate Data
-----END CERTIFICATE-----"""
X509_IMDS_LIST = [
"""-----BEGIN CERTIFICATE-----
First Intermediate Data
-----END CERTIFICATE-----""",
"""-----BEGIN CERTIFICATE-----
Second Intermediate Data
-----END CERTIFICATE-----"""
]
class TestBarbicanManager(base.TestCase):
@ -42,6 +58,7 @@ class TestBarbicanManager(base.TestCase):
self.private_key = mock.Mock(spec=secrets.Secret)
self.certificate = mock.Mock(spec=secrets.Secret)
self.intermediates = mock.Mock(spec=secrets.Secret)
self.intermediates.payload = X509_IMDS
self.private_key_passphrase = mock.Mock(spec=secrets.Secret)
container = mock.Mock(spec=containers.CertificateContainer)
@ -180,7 +197,7 @@ class TestBarbicanManager(base.TestCase):
self.assertEqual(data.get_certificate(),
self.certificate.payload)
self.assertEqual(data.get_intermediates(),
self.intermediates.payload)
X509_IMDS_LIST)
self.assertEqual(data.get_private_key_passphrase(),
self.private_key_passphrase.payload)
@ -205,7 +222,7 @@ class TestBarbicanManager(base.TestCase):
self.assertEqual(data.get_certificate(),
self.certificate.payload)
self.assertEqual(data.get_intermediates(),
self.intermediates.payload)
X509_IMDS_LIST)
self.assertEqual(data.get_private_key_passphrase(),
self.private_key_passphrase.payload)