Uncaught ManagedObjectNotFoundError exception leads to 500 error

ManagedObjectNotFoundError which is raised from a several places of castellan library (for example castellan/key_manager/barbican_key_manager.py) is not caught in signature_utils.py. Caught ManagedObjectNotFoundError and raised SignatureVerificationError to avoid 500 error response. Change-Id: Ia8310f8cc9604d11cc4a25617b55a1b61436cd71 Closes-Bug: #1736679
2017-12-06 10:03:05 +00:00 · 2017-12-06 10:03:05 +00:00 · 74ca49cab6
parent ad25a4016c
commit 74ca49cab6
2 changed files with 19 additions and 1 deletions
--- a/cursive/signature_utils.py
+++ b/cursive/signature_utils.py
@ -15,6 +15,7 @@
 import binascii

 from castellan.common.exception import KeyManagerError
+from castellan.common.exception import ManagedObjectNotFoundError
 from castellan import key_manager
 from cryptography.hazmat.backends import default_backend
 from cryptography.hazmat.primitives.asymmetric import dsa
@ -314,6 +315,10 @@ def get_certificate(context, signature_certificate_uuid):
    try:
        # The certificate retrieved here is a castellan certificate object
        cert = keymgr_api.get(context, signature_certificate_uuid)
+    except ManagedObjectNotFoundError as e:
+        raise exception.SignatureVerificationError(
+            reason=_('Certificate not found with ID: %s')
+            % signature_certificate_uuid)
    except KeyManagerError as e:
        # The problem encountered may be backend-specific, since castellan
        # can use different backends.  Rather than importing all possible
--- a/cursive/tests/unit/test_signature_utils.py
+++ b/cursive/tests/unit/test_signature_utils.py
@ -15,6 +15,7 @@ import datetime
 import mock

 from castellan.common.exception import KeyManagerError
+from castellan.common.exception import ManagedObjectNotFoundError
 import cryptography.exceptions as crypto_exceptions
 from cryptography.hazmat.backends import default_backend
 from cryptography.hazmat.primitives.asymmetric import dsa
@ -53,13 +54,17 @@ class FakeKeyManager(object):
        self.certs = {'invalid_format_cert':
                      FakeCastellanCertificate('A' * 256, 'BLAH'),
                      'valid_format_cert':
-                      FakeCastellanCertificate('A' * 256, 'X.509')}
+                      FakeCastellanCertificate('A' * 256, 'X.509'),
+                      'invalid-cert-uuid': ManagedObjectNotFoundError()
+                      }

    def get(self, context, cert_uuid):
        cert = self.certs.get(cert_uuid)

        if cert is None:
            raise KeyManagerError("No matching certificate found.")
+        if isinstance(cert, ManagedObjectNotFoundError):
+            raise cert

        return cert

@ -361,3 +366,11 @@ class TestSignatureUtils(base.TestCase):
                               'Invalid certificate format: .*',
                               signature_utils.get_certificate, None,
                               cert_uuid)
+
+    @mock.patch('castellan.key_manager.API', return_value=FakeKeyManager())
+    def test_get_certificate_id_not_exist(self, mock_key_manager):
+        bad_cert_uuid = 'invalid-cert-uuid'
+        self.assertRaisesRegex(exception.SignatureVerificationError,
+                               'Certificate not found with ID: .*',
+                               signature_utils.get_certificate, None,
+                               bad_cert_uuid)