-
Notifications
You must be signed in to change notification settings - Fork 52
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
CBQE-7208: 7/n Infra for pkcs#8 private keys
Also adding an unrelated change to add a negative test for mult CA Change-Id: Ie3bc4cf627a36299a9eb91b565698c0609224424 Reviewed-on: http://review.couchbase.org/c/testrunner/+/162636 Tested-by: Sumedh Basarkod <sumedhpb8@gmail.com> Tested-by: Balakumaran G <balakumaran.gopal@couchbase.com> Reviewed-by: Sumedh Basarkod <sumedhpb8@gmail.com> Reviewed-by: Balakumaran G <balakumaran.gopal@couchbase.com>
- Loading branch information
Showing
4 changed files
with
222 additions
and
28 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
import copy | ||
import json | ||
|
||
from pytests.basetestcase import BaseTestCase | ||
from pytests.security.x509_multiple_CA_util import x509main, Validation | ||
|
||
|
||
class MultipleCANegative(BaseTestCase): | ||
|
||
def setUp(self): | ||
super(MultipleCANegative, self).setUp() | ||
self.x509 = x509main(host=self.master) | ||
for server in self.servers: | ||
self.x509.delete_inbox_folder_on_server(server=server) | ||
self.basic_url = "https://" + self.servers[0].ip + ":18091/pools/default/" | ||
|
||
def tearDown(self): | ||
self.x509 = x509main(host=self.master) | ||
self.x509.teardown_certs(servers=self.servers) | ||
super(MultipleCANegative, self).tearDown() | ||
|
||
def test_untrusted_client_cert_fails(self): | ||
""" | ||
Verify that a client cert signed by an untrusted root | ||
CA is not authenticated | ||
""" | ||
self.x509.generate_multiple_x509_certs(servers=self.servers) | ||
self.log.info("Manifest #########\n {0}".format(json.dumps(x509main.manifest, indent=4))) | ||
cas = copy.deepcopy(x509main.root_ca_names) | ||
cas.remove("clientroot") # make "clientroot" ca untrusted | ||
for server in self.servers[:self.nodes_init]: | ||
_ = self.x509.upload_root_certs(server=server, root_ca_names=cas) | ||
self.x509.upload_node_certs(servers=self.servers[:self.nodes_init]) | ||
self.x509.upload_client_cert_settings(server=self.servers[0]) | ||
client_cert_path_tuple = self.x509.get_client_cert(int_ca_name="iclient1_clientroot") | ||
self.x509_validation = Validation(server=self.servers[0], | ||
cacert=None, | ||
client_cert_path_tuple=client_cert_path_tuple) | ||
try: | ||
status, content, response = self.x509_validation.urllib_request(api=self.basic_url) | ||
except Exception as e: | ||
self.log.info("Rest api connection with untrusted client cert " | ||
"didn't work as expected {0}".format(e)) | ||
else: | ||
self.fail("Rest api connection with untrusted client cert worked") | ||
try: | ||
client = self.x509_validation.sdk_connection() | ||
self.x509_validation.creates_sdk(client) | ||
except Exception as e: | ||
self.log.info("SDk connection with untrusted client cert didn't work " | ||
"as expected {0}".format(e)) | ||
else: | ||
self.fail("SDK connection with untrusted client cert worked") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters