Barbican Cert Manager fails to correctly parse intermediates
This may be a candidate for stable/liberty backport. Change-Id: Ia61bbc7099630fa33ca0f1ee4825c2b01244c7f3 Closes-Bug: 1550535
This commit is contained in:
parent
3ec5d4fa51
commit
06f50c07ef
|
@ -23,6 +23,7 @@ from barbicanclient import client as barbican_client
|
|||
import six
|
||||
|
||||
from octavia.certificates.common import cert
|
||||
from octavia.common.tls_utils import cert_parser
|
||||
from octavia.i18n import _LE
|
||||
|
||||
|
||||
|
@ -42,7 +43,8 @@ class BarbicanCert(cert.Cert):
|
|||
|
||||
def get_intermediates(self):
|
||||
if self._cert_container.intermediates:
|
||||
return self._cert_container.intermediates.payload
|
||||
intermediates = self._cert_container.intermediates.payload
|
||||
return [imd for imd in cert_parser._split_x509s(intermediates)]
|
||||
|
||||
def get_private_key(self):
|
||||
if self._cert_container.private_key:
|
||||
|
|
|
@ -29,7 +29,7 @@ class Cert(object):
|
|||
|
||||
@abc.abstractmethod
|
||||
def get_intermediates(self):
|
||||
"""Returns the intermediate certificates."""
|
||||
"""Returns the intermediate certificates as a list."""
|
||||
pass
|
||||
|
||||
@abc.abstractmethod
|
||||
|
|
|
@ -18,13 +18,29 @@ import mock
|
|||
import octavia.certificates.common.barbican as barbican_common
|
||||
import octavia.tests.unit.base as base
|
||||
|
||||
X509_IMDS = """-----BEGIN CERTIFICATE-----
|
||||
First Intermediate Data
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN CERTIFICATE-----
|
||||
Second Intermediate Data
|
||||
-----END CERTIFICATE-----"""
|
||||
|
||||
X509_IMDS_LIST = [
|
||||
"""-----BEGIN CERTIFICATE-----
|
||||
First Intermediate Data
|
||||
-----END CERTIFICATE-----""",
|
||||
"""-----BEGIN CERTIFICATE-----
|
||||
Second Intermediate Data
|
||||
-----END CERTIFICATE-----"""
|
||||
]
|
||||
|
||||
|
||||
class TestBarbicanCert(base.TestCase):
|
||||
|
||||
def setUp(self):
|
||||
# Certificate data
|
||||
self.certificate = "My Certificate"
|
||||
self.intermediates = "My Intermediates"
|
||||
self.intermediates = X509_IMDS_LIST
|
||||
self.private_key = "My Private Key"
|
||||
self.private_key_passphrase = "My Private Key Passphrase"
|
||||
|
||||
|
@ -34,7 +50,7 @@ class TestBarbicanCert(base.TestCase):
|
|||
)
|
||||
self.intermediates_secret = barbican_client.secrets.Secret(
|
||||
api=mock.MagicMock(),
|
||||
payload=self.intermediates
|
||||
payload=X509_IMDS
|
||||
)
|
||||
self.private_key_secret = barbican_client.secrets.Secret(
|
||||
api=mock.MagicMock(),
|
||||
|
|
|
@ -26,6 +26,22 @@ import octavia.tests.unit.base as base
|
|||
|
||||
PROJECT_ID = "12345"
|
||||
|
||||
X509_IMDS = """-----BEGIN CERTIFICATE-----
|
||||
First Intermediate Data
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN CERTIFICATE-----
|
||||
Second Intermediate Data
|
||||
-----END CERTIFICATE-----"""
|
||||
|
||||
X509_IMDS_LIST = [
|
||||
"""-----BEGIN CERTIFICATE-----
|
||||
First Intermediate Data
|
||||
-----END CERTIFICATE-----""",
|
||||
"""-----BEGIN CERTIFICATE-----
|
||||
Second Intermediate Data
|
||||
-----END CERTIFICATE-----"""
|
||||
]
|
||||
|
||||
|
||||
class TestBarbicanManager(base.TestCase):
|
||||
|
||||
|
@ -42,6 +58,7 @@ class TestBarbicanManager(base.TestCase):
|
|||
self.private_key = mock.Mock(spec=secrets.Secret)
|
||||
self.certificate = mock.Mock(spec=secrets.Secret)
|
||||
self.intermediates = mock.Mock(spec=secrets.Secret)
|
||||
self.intermediates.payload = X509_IMDS
|
||||
self.private_key_passphrase = mock.Mock(spec=secrets.Secret)
|
||||
|
||||
container = mock.Mock(spec=containers.CertificateContainer)
|
||||
|
@ -180,7 +197,7 @@ class TestBarbicanManager(base.TestCase):
|
|||
self.assertEqual(data.get_certificate(),
|
||||
self.certificate.payload)
|
||||
self.assertEqual(data.get_intermediates(),
|
||||
self.intermediates.payload)
|
||||
X509_IMDS_LIST)
|
||||
self.assertEqual(data.get_private_key_passphrase(),
|
||||
self.private_key_passphrase.payload)
|
||||
|
||||
|
@ -205,7 +222,7 @@ class TestBarbicanManager(base.TestCase):
|
|||
self.assertEqual(data.get_certificate(),
|
||||
self.certificate.payload)
|
||||
self.assertEqual(data.get_intermediates(),
|
||||
self.intermediates.payload)
|
||||
X509_IMDS_LIST)
|
||||
self.assertEqual(data.get_private_key_passphrase(),
|
||||
self.private_key_passphrase.payload)
|
||||
|
||||
|
|
Loading…
Reference in New Issue