Uncaught ManagedObjectNotFoundError exception leads to 500 error
ManagedObjectNotFoundError which is raised from a several places of castellan library (for example castellan/key_manager/barbican_key_manager.py) is not caught in signature_utils.py. Caught ManagedObjectNotFoundError and raised SignatureVerificationError to avoid 500 error response. Change-Id: Ia8310f8cc9604d11cc4a25617b55a1b61436cd71 Closes-Bug: #1736679
This commit is contained in:
parent
ad25a4016c
commit
74ca49cab6
|
@ -15,6 +15,7 @@
|
|||
import binascii
|
||||
|
||||
from castellan.common.exception import KeyManagerError
|
||||
from castellan.common.exception import ManagedObjectNotFoundError
|
||||
from castellan import key_manager
|
||||
from cryptography.hazmat.backends import default_backend
|
||||
from cryptography.hazmat.primitives.asymmetric import dsa
|
||||
|
@ -314,6 +315,10 @@ def get_certificate(context, signature_certificate_uuid):
|
|||
try:
|
||||
# The certificate retrieved here is a castellan certificate object
|
||||
cert = keymgr_api.get(context, signature_certificate_uuid)
|
||||
except ManagedObjectNotFoundError as e:
|
||||
raise exception.SignatureVerificationError(
|
||||
reason=_('Certificate not found with ID: %s')
|
||||
% signature_certificate_uuid)
|
||||
except KeyManagerError as e:
|
||||
# The problem encountered may be backend-specific, since castellan
|
||||
# can use different backends. Rather than importing all possible
|
||||
|
|
|
@ -15,6 +15,7 @@ import datetime
|
|||
import mock
|
||||
|
||||
from castellan.common.exception import KeyManagerError
|
||||
from castellan.common.exception import ManagedObjectNotFoundError
|
||||
import cryptography.exceptions as crypto_exceptions
|
||||
from cryptography.hazmat.backends import default_backend
|
||||
from cryptography.hazmat.primitives.asymmetric import dsa
|
||||
|
@ -53,13 +54,17 @@ class FakeKeyManager(object):
|
|||
self.certs = {'invalid_format_cert':
|
||||
FakeCastellanCertificate('A' * 256, 'BLAH'),
|
||||
'valid_format_cert':
|
||||
FakeCastellanCertificate('A' * 256, 'X.509')}
|
||||
FakeCastellanCertificate('A' * 256, 'X.509'),
|
||||
'invalid-cert-uuid': ManagedObjectNotFoundError()
|
||||
}
|
||||
|
||||
def get(self, context, cert_uuid):
|
||||
cert = self.certs.get(cert_uuid)
|
||||
|
||||
if cert is None:
|
||||
raise KeyManagerError("No matching certificate found.")
|
||||
if isinstance(cert, ManagedObjectNotFoundError):
|
||||
raise cert
|
||||
|
||||
return cert
|
||||
|
||||
|
@ -361,3 +366,11 @@ class TestSignatureUtils(base.TestCase):
|
|||
'Invalid certificate format: .*',
|
||||
signature_utils.get_certificate, None,
|
||||
cert_uuid)
|
||||
|
||||
@mock.patch('castellan.key_manager.API', return_value=FakeKeyManager())
|
||||
def test_get_certificate_id_not_exist(self, mock_key_manager):
|
||||
bad_cert_uuid = 'invalid-cert-uuid'
|
||||
self.assertRaisesRegex(exception.SignatureVerificationError,
|
||||
'Certificate not found with ID: .*',
|
||||
signature_utils.get_certificate, None,
|
||||
bad_cert_uuid)
|
||||
|
|
Loading…
Reference in New Issue