Browse Source

Uncaught ManagedObjectNotFoundError exception leads to 500 error

ManagedObjectNotFoundError which is raised from a several places of
castellan library
(for example castellan/key_manager/barbican_key_manager.py) is not
caught in signature_utils.py.

Caught ManagedObjectNotFoundError and raised SignatureVerificationError
to avoid 500 error response.

Change-Id: Ia8310f8cc9604d11cc4a25617b55a1b61436cd71
Closes-Bug: #1736679
Abhishek Kekane 1 year ago
parent
commit
74ca49cab6
2 changed files with 19 additions and 1 deletions
  1. 5
    0
      cursive/signature_utils.py
  2. 14
    1
      cursive/tests/unit/test_signature_utils.py

+ 5
- 0
cursive/signature_utils.py View File

@@ -15,6 +15,7 @@
15 15
 import binascii
16 16
 
17 17
 from castellan.common.exception import KeyManagerError
18
+from castellan.common.exception import ManagedObjectNotFoundError
18 19
 from castellan import key_manager
19 20
 from cryptography.hazmat.backends import default_backend
20 21
 from cryptography.hazmat.primitives.asymmetric import dsa
@@ -314,6 +315,10 @@ def get_certificate(context, signature_certificate_uuid):
314 315
     try:
315 316
         # The certificate retrieved here is a castellan certificate object
316 317
         cert = keymgr_api.get(context, signature_certificate_uuid)
318
+    except ManagedObjectNotFoundError as e:
319
+        raise exception.SignatureVerificationError(
320
+            reason=_('Certificate not found with ID: %s')
321
+            % signature_certificate_uuid)
317 322
     except KeyManagerError as e:
318 323
         # The problem encountered may be backend-specific, since castellan
319 324
         # can use different backends.  Rather than importing all possible

+ 14
- 1
cursive/tests/unit/test_signature_utils.py View File

@@ -15,6 +15,7 @@ import datetime
15 15
 import mock
16 16
 
17 17
 from castellan.common.exception import KeyManagerError
18
+from castellan.common.exception import ManagedObjectNotFoundError
18 19
 import cryptography.exceptions as crypto_exceptions
19 20
 from cryptography.hazmat.backends import default_backend
20 21
 from cryptography.hazmat.primitives.asymmetric import dsa
@@ -53,13 +54,17 @@ class FakeKeyManager(object):
53 54
         self.certs = {'invalid_format_cert':
54 55
                       FakeCastellanCertificate('A' * 256, 'BLAH'),
55 56
                       'valid_format_cert':
56
-                      FakeCastellanCertificate('A' * 256, 'X.509')}
57
+                      FakeCastellanCertificate('A' * 256, 'X.509'),
58
+                      'invalid-cert-uuid': ManagedObjectNotFoundError()
59
+                      }
57 60
 
58 61
     def get(self, context, cert_uuid):
59 62
         cert = self.certs.get(cert_uuid)
60 63
 
61 64
         if cert is None:
62 65
             raise KeyManagerError("No matching certificate found.")
66
+        if isinstance(cert, ManagedObjectNotFoundError):
67
+            raise cert
63 68
 
64 69
         return cert
65 70
 
@@ -361,3 +366,11 @@ class TestSignatureUtils(base.TestCase):
361 366
                                'Invalid certificate format: .*',
362 367
                                signature_utils.get_certificate, None,
363 368
                                cert_uuid)
369
+
370
+    @mock.patch('castellan.key_manager.API', return_value=FakeKeyManager())
371
+    def test_get_certificate_id_not_exist(self, mock_key_manager):
372
+        bad_cert_uuid = 'invalid-cert-uuid'
373
+        self.assertRaisesRegex(exception.SignatureVerificationError,
374
+                               'Certificate not found with ID: .*',
375
+                               signature_utils.get_certificate, None,
376
+                               bad_cert_uuid)

Loading…
Cancel
Save