Skip to content

Commit

Permalink
[doc] updated documentation and unittests
Browse files Browse the repository at this point in the history
  • Loading branch information
@grindsa
grindsa committed Jun 14, 2024
1 parent 78e1e0a commit 5b744e1
Show file tree
Hide file tree
Showing 3 changed files with 48 additions and 47 deletions.
1 change: 1 addition & 0 deletions docs/acme_ca.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -182,6 +182,7 @@ below an example key-file:
"hmac": "YW5vdXRoZXJfdmVyeV9sb25nX2htYWNfZm9yX2tleWlkXzAxX3doaWNoIHdpbGxfYmUgdXNlZF9kdXJpbmcgcmVncmVzc2lvbg",
"cahandler": {
"acme_url": "https://acme-staging-v02.api.letsencrypt.org",
"acme_keyfile": "/var/www/acme2certifier/volume/acme_ca/le_key.json",
"allowed_domainlist": ["www.example.com", "www.example.org", "*.acme"]
}
},
Expand Down
2 changes: 1 addition & 1 deletion examples/ca_handler/acme_ca_handler.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ def _config_account_load(self, config_dic: Dict[str, str]):
self.logger.debug('CAhandler._config_account_load()')

if 'acme_keyfile' in config_dic['CAhandler']:
acme_keyfile = config_dic['CAhandler']['acme_keyfile']
self.acme_keyfile = config_dic['CAhandler']['acme_keyfile']
else:
self.logger.error('CAhandler._config_load() configuration incomplete: "acme_keyfile" parameter is missing in config file')

Expand Down
92 changes: 46 additions & 46 deletions test/test_acme_ca_handler.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,8 +49,8 @@ def test_003__config_load(self, mock_load_cfg):
mock_load_cfg.return_value = {}
with self.assertLogs('test_a2c', level='INFO') as lcm:
self.cahandler._config_load()
self.assertFalse(self.cahandler.keyfile)
self.assertFalse(self.cahandler.url)
self.assertFalse(self.cahandler.acme_keyfile)
self.assertFalse(self.cahandler.acme_url)
self.assertFalse(self.cahandler.account)
self.assertEqual({'directory_path': '/directory', 'acct_path' : '/acme/acct/'}, self.cahandler.path_dic)
self.assertEqual(2048, self.cahandler.key_size)
Expand All @@ -63,8 +63,8 @@ def test_004__config_load(self, mock_load_cfg):
mock_load_cfg.return_value = {'CAhandler': {}}
with self.assertLogs('test_a2c', level='INFO') as lcm:
self.cahandler._config_load()
self.assertFalse(self.cahandler.keyfile)
self.assertFalse(self.cahandler.url)
self.assertFalse(self.cahandler.acme_keyfile)
self.assertFalse(self.cahandler.acme_url)
self.assertFalse(self.cahandler.account)
self.assertEqual({'directory_path': '/directory', 'acct_path' : '/acme/acct/'}, self.cahandler.path_dic)
self.assertEqual(2048, self.cahandler.key_size)
Expand All @@ -78,8 +78,8 @@ def test_005__config_load(self, mock_load_cfg):
mock_load_cfg.return_value = {'CAhandler': {'foo': 'bar'}}
with self.assertLogs('test_a2c', level='INFO') as lcm:
self.cahandler._config_load()
self.assertFalse(self.cahandler.keyfile)
self.assertFalse(self.cahandler.url)
self.assertFalse(self.cahandler.acme_keyfile)
self.assertFalse(self.cahandler.acme_url)
self.assertFalse(self.cahandler.account)
self.assertEqual({'directory_path': '/directory', 'acct_path' : '/acme/acct/'}, self.cahandler.path_dic)
self.assertEqual(2048, self.cahandler.key_size)
Expand All @@ -93,8 +93,8 @@ def test_006__config_load(self, mock_load_cfg):
mock_load_cfg.return_value = {'CAhandler': {'acme_keyfile': 'key_file'}}
with self.assertLogs('test_a2c', level='INFO') as lcm:
self.cahandler._config_load()
self.assertEqual('key_file', self.cahandler.keyfile)
self.assertFalse(self.cahandler.url)
self.assertEqual('key_file', self.cahandler.acme_keyfile)
self.assertFalse(self.cahandler.acme_url)
self.assertFalse(self.cahandler.account)
self.assertEqual({'directory_path': '/directory', 'acct_path' : '/acme/acct/'}, self.cahandler.path_dic)
self.assertEqual(2048, self.cahandler.key_size)
Expand All @@ -107,8 +107,8 @@ def test_007__config_load(self, mock_load_cfg):
mock_load_cfg.return_value = {'CAhandler': {'acme_url': 'url'}}
with self.assertLogs('test_a2c', level='INFO') as lcm:
self.cahandler._config_load()
self.assertFalse(self.cahandler.keyfile)
self.assertEqual('url', self.cahandler.url)
self.assertFalse(self.cahandler.acme_keyfile)
self.assertEqual('url', self.cahandler.acme_url)
self.assertFalse(self.cahandler.account)
self.assertEqual({'directory_path': '/directory', 'acct_path' : '/acme/acct/'}, self.cahandler.path_dic)
self.assertEqual(2048, self.cahandler.key_size)
Expand All @@ -121,8 +121,8 @@ def test_008__config_load(self, mock_load_cfg):
mock_load_cfg.return_value = {'CAhandler': {'acme_account': 'acme_account'}}
with self.assertLogs('test_a2c', level='INFO') as lcm:
self.cahandler._config_load()
self.assertFalse(self.cahandler.keyfile)
self.assertFalse(self.cahandler.url)
self.assertFalse(self.cahandler.acme_keyfile)
self.assertFalse(self.cahandler.acme_url)
self.assertEqual('acme_account', self.cahandler.account)
self.assertEqual({'directory_path': '/directory', 'acct_path' : '/acme/acct/'}, self.cahandler.path_dic)
self.assertEqual(2048, self.cahandler.key_size)
Expand All @@ -136,8 +136,8 @@ def test_009__config_load(self, mock_load_cfg):
mock_load_cfg.return_value = {'CAhandler': {'acme_account_keysize': 'acme_account_keysize'}}
with self.assertLogs('test_a2c', level='INFO') as lcm:
self.cahandler._config_load()
self.assertFalse(self.cahandler.keyfile)
self.assertFalse(self.cahandler.url)
self.assertFalse(self.cahandler.acme_keyfile)
self.assertFalse(self.cahandler.acme_url)
self.assertFalse(self.cahandler.account)
self.assertEqual({'directory_path': '/directory', 'acct_path' : '/acme/acct/'}, self.cahandler.path_dic)
self.assertEqual('acme_account_keysize', self.cahandler.key_size)
Expand All @@ -151,8 +151,8 @@ def test_010__config_load(self, mock_load_cfg):
mock_load_cfg.return_value = {'CAhandler': {'acme_account_email': 'acme_account_email'}}
with self.assertLogs('test_a2c', level='INFO') as lcm:
self.cahandler._config_load()
self.assertFalse(self.cahandler.keyfile)
self.assertFalse(self.cahandler.url)
self.assertFalse(self.cahandler.acme_keyfile)
self.assertFalse(self.cahandler.acme_url)
self.assertFalse(self.cahandler.account)
self.assertEqual({'directory_path': '/directory', 'acct_path' : '/acme/acct/'}, self.cahandler.path_dic)
self.assertEqual(2048, self.cahandler.key_size)
Expand All @@ -166,8 +166,8 @@ def test_011__config_load(self, mock_load_cfg):
mock_load_cfg.return_value = {'CAhandler': {'directory_path': 'directory_path'}}
with self.assertLogs('test_a2c', level='INFO') as lcm:
self.cahandler._config_load()
self.assertFalse(self.cahandler.keyfile)
self.assertFalse(self.cahandler.url)
self.assertFalse(self.cahandler.acme_keyfile)
self.assertFalse(self.cahandler.acme_url)
self.assertFalse(self.cahandler.account)
self.assertEqual({'acct_path': '/acme/acct/', 'directory_path': 'directory_path'}, self.cahandler.path_dic)
self.assertEqual(2048, self.cahandler.key_size)
Expand All @@ -181,8 +181,8 @@ def test_012__config_load(self, mock_load_cfg):
mock_load_cfg.return_value = {'CAhandler': {'account_path': 'account_path'}}
with self.assertLogs('test_a2c', level='INFO') as lcm:
self.cahandler._config_load()
self.assertFalse(self.cahandler.keyfile)
self.assertFalse(self.cahandler.url)
self.assertFalse(self.cahandler.acme_keyfile)
self.assertFalse(self.cahandler.acme_url)
self.assertFalse(self.cahandler.account)
self.assertEqual({'acct_path': 'account_path', 'directory_path': '/directory'}, self.cahandler.path_dic)
self.assertEqual(2048, self.cahandler.key_size)
Expand All @@ -196,8 +196,8 @@ def test_013__config_load(self, mock_load_cfg):
mock_load_cfg.return_value = {'CAhandler': {'allowed_domainlist': '["foo", "bar"]'}}
with self.assertLogs('test_a2c', level='INFO') as lcm:
self.cahandler._config_load()
self.assertFalse(self.cahandler.keyfile)
self.assertFalse(self.cahandler.url)
self.assertFalse(self.cahandler.acme_keyfile)
self.assertFalse(self.cahandler.acme_url)
self.assertFalse(self.cahandler.account)
self.assertEqual({'acct_path': '/acme/acct/', 'directory_path': '/directory'}, self.cahandler.path_dic)
self.assertEqual(2048, self.cahandler.key_size)
Expand All @@ -212,8 +212,8 @@ def test_014__config_load(self, mock_load_cfg):
mock_load_cfg.return_value = {'CAhandler': {'allowed_domainlist': 'foo'}}
with self.assertLogs('test_a2c', level='INFO') as lcm:
self.cahandler._config_load()
self.assertFalse(self.cahandler.keyfile)
self.assertFalse(self.cahandler.url)
self.assertFalse(self.cahandler.acme_keyfile)
self.assertFalse(self.cahandler.acme_url)
self.assertFalse(self.cahandler.account)
self.assertEqual({'acct_path': '/acme/acct/', 'directory_path': '/directory'}, self.cahandler.path_dic)
self.assertEqual(2048, self.cahandler.key_size)
Expand All @@ -229,8 +229,8 @@ def test_015__config_load(self, mock_load_cfg):
mock_load_cfg.return_value = {'CAhandler': {'eab_kid': 'eab_kid'}}
with self.assertLogs('test_a2c', level='INFO') as lcm:
self.cahandler._config_load()
self.assertFalse(self.cahandler.keyfile)
self.assertFalse(self.cahandler.url)
self.assertFalse(self.cahandler.acme_keyfile)
self.assertFalse(self.cahandler.acme_url)
self.assertFalse(self.cahandler.account)
self.assertEqual({'acct_path': '/acme/acct/', 'directory_path': '/directory'}, self.cahandler.path_dic)
self.assertEqual(2048, self.cahandler.key_size)
Expand All @@ -247,8 +247,8 @@ def test_016__config_load(self, mock_load_cfg):
mock_load_cfg.return_value = {'CAhandler': {'eab_hmac_key': 'eab_hmac_key'}}
with self.assertLogs('test_a2c', level='INFO') as lcm:
self.cahandler._config_load()
self.assertFalse(self.cahandler.keyfile)
self.assertFalse(self.cahandler.url)
self.assertFalse(self.cahandler.acme_keyfile)
self.assertFalse(self.cahandler.acme_url)
self.assertFalse(self.cahandler.account)
self.assertEqual({'acct_path': '/acme/acct/', 'directory_path': '/directory'}, self.cahandler.path_dic)
self.assertEqual(2048, self.cahandler.key_size)
Expand Down Expand Up @@ -438,7 +438,7 @@ def test_033__account_register(self, mock_messages):
acmeclient.query_registration = Mock(return_value = response)
mock_messages = Mock()
directory = {'newAccount': 'newAccount'}
self.cahandler.url = 'url'
self.cahandler.acme_url = 'url'
self.cahandler.path_dic = {'acct_path': 'acct_path'}
with self.assertLogs('test_a2c', level='INFO') as lcm:
self.assertEqual('uri', self.cahandler._account_register(acmeclient, 'user_key', directory).uri)
Expand All @@ -454,7 +454,7 @@ def test_034__account_register(self, mock_messages):
acmeclient.query_registration = Mock(return_value = response)
mock_messages = Mock()
directory = {'newAccount': 'newAccount'}
self.cahandler.url = 'url'
self.cahandler.acme_url = 'url'
self.cahandler.path_dic = {'acct_path': 'acct_path'}
with self.assertLogs('test_a2c', level='INFO') as lcm:
self.assertEqual('urluri', self.cahandler._account_register(acmeclient, 'user_key', directory).uri)
Expand All @@ -470,7 +470,7 @@ def test_035__account_register(self, mock_messages):
acmeclient.query_registration = Mock(return_value = response)
mock_messages = Mock()
directory = {'newAccount': 'newAccount'}
self.cahandler.url = 'url'
self.cahandler.acme_url = 'url'
self.cahandler.path_dic = {'acct_path': 'acct_path'}
with self.assertLogs('test_a2c', level='INFO') as lcm:
self.assertEqual('acct_pathuri', self.cahandler._account_register(acmeclient, 'user_key', directory).uri)
Expand All @@ -486,7 +486,7 @@ def test_036__account_register(self, mock_messages):
acmeclient.new_account = Mock(return_value = response)
mock_messages = Mock()
self.cahandler.email = 'email'
self.cahandler.url = 'url'
self.cahandler.acme_url = 'url'
self.cahandler.path_dic = {'acct_path': 'acct_path'}
with self.assertLogs('test_a2c', level='INFO') as lcm:
self.assertEqual('newuri', self.cahandler._account_register(acmeclient, 'user_key', 'directory').uri)
Expand All @@ -501,7 +501,7 @@ def test_037__account_register(self, mock_messages):
acmeclient = Mock()
acmeclient.new_account = Mock(return_value = response)
mock_messages = Mock()
self.cahandler.url = 'url'
self.cahandler.acme_url = 'url'
self.cahandler.path_dic = {'acct_path': 'acct_path'}
with self.assertLogs('test_a2c', level='INFO') as lcm:
self.assertFalse(self.cahandler._account_register(acmeclient, 'user_key', 'directory'))
Expand Down Expand Up @@ -530,7 +530,7 @@ def test_039__account_register(self, mock_messages):
mock_messages = Mock()
self.cahandler.email = 'email'
self.cahandler.path_dic = {'acct_path1': 'acct_path'}
self.cahandler.url = 'url'
self.cahandler.acme_url = 'url'
self.assertEqual('newuri', self.cahandler._account_register(acmeclient, 'user_key', 'directory').uri)
self.assertFalse(self.cahandler.account)

Expand All @@ -545,7 +545,7 @@ def test_040__account_register(self, mock_messages, mock_eab):
mock_messages = Mock()
self.cahandler.email = 'email'
self.cahandler.path_dic = {'acct_path': 'acct_path'}
self.cahandler.url = 'url'
self.cahandler.acme_url = 'url'
self.assertEqual('urluri', self.cahandler._account_register(acmeclient, 'user_key', 'directory').uri)
self.assertEqual('uri', self.cahandler.account)
self.assertFalse(mock_eab.called)
Expand All @@ -561,8 +561,8 @@ def test_041__account_register(self, mock_messages, mock_eab):
mock_messages = Mock()
self.cahandler.email = 'email'
self.cahandler.path_dic = {'acct_path': 'acct_path'}
self.cahandler.url = 'zerossl.com'
self.cahandler.url_dic = {'host': 'acme.zerossl.com'}
self.cahandler.acme_url = 'zerossl.com'
self.cahandler.acme_url_dic = {'host': 'acme.zerossl.com'}
self.assertEqual('zerossl.comuri', self.cahandler._account_register(acmeclient, 'user_key', 'directory').uri)
self.assertEqual('uri', self.cahandler.account)
self.assertTrue(mock_eab.called)
Expand All @@ -578,7 +578,7 @@ def test_042__account_register(self, mock_messages, mock_eab):
mock_messages = Mock()
self.cahandler.email = 'email'
self.cahandler.path_dic = {'acct_path': 'acct_path'}
self.cahandler.url = 'url'
self.cahandler.acme_url = 'url'
self.assertEqual('urluri', self.cahandler._account_register(acmeclient, 'user_key', 'directory').uri)
self.assertEqual('uri', self.cahandler.account)
self.assertFalse(mock_eab.called)
Expand All @@ -594,7 +594,7 @@ def test_043__account_register(self, mock_messages, mock_eab):
mock_eab.return_value = Mock()
self.cahandler.email = 'email'
self.cahandler.path_dic = {'acct_path': 'acct_path'}
self.cahandler.url = 'url'
self.cahandler.acme_url = 'url'
self.cahandler.eab_kid = 'kid'
self.cahandler.eab_hmac_key = 'hmac_key'
self.assertEqual('urluri', self.cahandler._account_register(acmeclient, 'user_key', 'directory').uri)
Expand Down Expand Up @@ -880,7 +880,7 @@ def test_055__account_lookup(self, mock_messages):
acmeclient.query_registration = Mock(return_value = response)
mock_messages = Mock()
directory = {'newAccount': 'newAccount'}
self.cahandler.url = 'url'
self.cahandler.acme_url = 'url'
with self.assertLogs('test_a2c', level='INFO') as lcm:
self.cahandler._account_lookup(acmeclient, 'reg', directory)
self.assertIn('INFO:test_a2c:CAhandler._account_lookup: found existing account: urluriacc_info', lcm.output)
Expand Down Expand Up @@ -910,7 +910,7 @@ def test_057__account_lookup(self, mock_messages):
acmeclient.query_registration = Mock(return_value = response)
mock_messages = Mock()
directory = {'newAccount': 'newAccount'}
self.cahandler.url = 'url'
self.cahandler.acme_url = 'url'
self.cahandler.path_dic = {'acct_path': 'acc_info'}
with self.assertLogs('test_a2c', level='INFO') as lcm:
self.cahandler._account_lookup(acmeclient, 'reg', directory)
Expand All @@ -928,7 +928,7 @@ def test_057__account_lookup(self, mock_messages):
@patch('os.path.exists')
def test_058_revoke(self, mock_exists, mock_load, mock_comp, mock_kload, mock_nw, mock_mess, mock_reg, mock_revoke):
""" test revoke successful """
self.cahandler.keyfile = 'keyfile'
self.cahandler.acme_keyfile = 'keyfile'
self.cahandler.account = 'account'
mock_exists.return_value = True
response = Mock()
Expand All @@ -947,7 +947,7 @@ def test_058_revoke(self, mock_exists, mock_load, mock_comp, mock_kload, mock_nw
@patch('os.path.exists')
def test_059_revoke(self, mock_exists, mock_load, mock_comp, mock_kload, mock_nw, mock_mess, mock_reg, mock_revoke):
""" test revoke invalid status after reglookup """
self.cahandler.keyfile = 'keyfile'
self.cahandler.acme_keyfile = 'keyfile'
self.cahandler.account = 'account'
mock_exists.return_value = True
response = Mock()
Expand All @@ -966,7 +966,7 @@ def test_059_revoke(self, mock_exists, mock_load, mock_comp, mock_kload, mock_nw
@patch('os.path.exists')
def test_060_revoke(self, mock_exists, mock_load, mock_comp, mock_kload, mock_nw, mock_mess, mock_lookup):
""" test revoke account lookup failed """
self.cahandler.keyfile = 'keyfile'
self.cahandler.acme_keyfile = 'keyfile'
mock_exists.return_value = True
self.assertEqual((500, 'urn:ietf:params:acme:error:serverInternal', 'account lookup failed'), self.cahandler.revoke('cert', 'reason', 'date'))
self.assertTrue(mock_lookup.called)
Expand All @@ -981,7 +981,7 @@ def test_060_revoke(self, mock_exists, mock_load, mock_comp, mock_kload, mock_nw
@patch('os.path.exists')
def test_061_revoke(self, mock_exists, mock_load, mock_comp, mock_kload, mock_nw, mock_mess, mock_lookup):
""" test revoke user key load failed """
self.cahandler.keyfile = 'keyfile'
self.cahandler.acme_keyfile = 'keyfile'
mock_exists.return_value = False
with self.assertLogs('test_a2c', level='INFO') as lcm:
self.assertEqual((500, 'urn:ietf:params:acme:error:serverInternal', 'Internal Error'), self.cahandler.revoke('cert', 'reason', 'date'))
Expand All @@ -993,7 +993,7 @@ def test_061_revoke(self, mock_exists, mock_load, mock_comp, mock_kload, mock_nw
@patch('OpenSSL.crypto.load_certificate')
def test_062_revoke(self, mock_load, mock_comp):
""" test revoke exception during processing """
self.cahandler.keyfile = 'keyfile'
self.cahandler.acme_keyfile = 'keyfile'
mock_load.side_effect = Exception('ex_user_key_load')
with self.assertLogs('test_a2c', level='INFO') as lcm:
self.assertEqual((500, 'urn:ietf:params:acme:error:serverInternal', 'ex_user_key_load'), self.cahandler.revoke('cert', 'reason', 'date'))
Expand Down

0 comments on commit 5b744e1

Please sign in to comment.