From d58a5f403b5ca38f7d9e3546ee6e515c769178d1 Mon Sep 17 00:00:00 2001 From: Ewen Date: Wed, 17 Aug 2022 16:46:02 +0200 Subject: [PATCH] :fire: [#46] -- removing code related to certificate and replacing by librairie --- testapp/settings.py | 1 + tests/data/Readme.md | 14 - tests/data/invalid.certificate | 1 - tests/data/test.certificate | 31 -- tests/data/test.key | 52 --- tests/data/test2.certificate | 31 -- tests/data/test2.key | 52 --- tests/test_certificates.py | 312 ------------------ tests/test_commands.py | 72 ---- zgw_consumers/admin.py | 40 +-- zgw_consumers/constants.py | 3 - zgw_consumers/forms.py | 28 -- zgw_consumers/management/__init__.py | 0 zgw_consumers/management/commands/__init__.py | 0 .../management/commands/dump_certs.py | 32 -- zgw_consumers/models/__init__.py | 2 - zgw_consumers/models/certificates.py | 99 ------ zgw_consumers/models/services.py | 2 +- zgw_consumers/utils.py | 6 - 19 files changed, 3 insertions(+), 775 deletions(-) delete mode 100644 tests/data/Readme.md delete mode 100644 tests/data/invalid.certificate delete mode 100644 tests/data/test.certificate delete mode 100644 tests/data/test.key delete mode 100644 tests/data/test2.certificate delete mode 100644 tests/data/test2.key delete mode 100644 tests/test_certificates.py delete mode 100644 tests/test_commands.py delete mode 100644 zgw_consumers/forms.py delete mode 100644 zgw_consumers/management/__init__.py delete mode 100644 zgw_consumers/management/commands/__init__.py delete mode 100644 zgw_consumers/management/commands/dump_certs.py delete mode 100644 zgw_consumers/models/certificates.py diff --git a/testapp/settings.py b/testapp/settings.py index a4d4643..3f1c7c0 100644 --- a/testapp/settings.py +++ b/testapp/settings.py @@ -45,6 +45,7 @@ "django.contrib.messages", "django.contrib.admin", "zgw_consumers", + "simple_certmanager", "testapp", ] diff --git a/tests/data/Readme.md b/tests/data/Readme.md deleted file mode 100644 index 3fd0975..0000000 --- a/tests/data/Readme.md +++ /dev/null @@ -1,14 +0,0 @@ -# Test files for certificate model - -## Certificate and key - -The `test.certificate` and the `test.key` were generated using the following command: - -```bash -openssl req -newkey rsa:4096 -x509 -sha256 -days 365 -nodes -out test.certificate -keyout test.key -``` - -The tests making use of these certificates are: -- `tests/test_certificates.py` - -These tests will potentially start failing once the test certificate expires. diff --git a/tests/data/invalid.certificate b/tests/data/invalid.certificate deleted file mode 100644 index 3076455..0000000 --- a/tests/data/invalid.certificate +++ /dev/null @@ -1 +0,0 @@ -Invalid certificate diff --git a/tests/data/test.certificate b/tests/data/test.certificate deleted file mode 100644 index a023739..0000000 --- a/tests/data/test.certificate +++ /dev/null @@ -1,31 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFazCCA1OgAwIBAgIUMj7jD3mrtM1jy3N3biQZyxTyPrEwDQYJKoZIhvcNAQEL -BQAwRTELMAkGA1UEBhMCTkwxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM -GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMjAyMjExNDI2NTFaFw0yMzAy -MjExNDI2NTFaMEUxCzAJBgNVBAYTAk5MMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw -HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggIiMA0GCSqGSIb3DQEB -AQUAA4ICDwAwggIKAoICAQDct1hsGxUdlxgP58W78e0ZOtFByeeEfRNgN0tOdR9Z -cnWJnEHxlTcr0hhYvkSQSrUojdRtJU0hVqi4xCjY3YDM/Uh9175+tS5EeuIrc1KZ -9mGXkQxI/4nWUEnduOzV7zPKqVSvhg6AVZgrutHU21UUJjPHlqxR+IE/QuEC+vD/ -RYXtf56384tEj+V8b8XlyHolr21+cU1nU8n3Krr3VrX5vTeo3kvUFWKVRiseEDA5 -BMldWK94uvF92Kjkh9jrJ37e8KAecCRHV0Jv45yjzMOIydV2bh/HbDzTyKc1WcPb -PGNbCS85Dz1RqBEtIR1KKuxDXtAd7a26t6ZmwHaBhorPTf5sVTDAvcTKaVx5dU3p -ZLt6x9jEmCdkDMncxiiER1xThocc8dw76fyE6ddEhh4d/LPseFrMU0OOICw/SyBz -egiuPqIEg9DfmI94G3i14S2W0QPZi/y9lZBTfgm+ILeZrOhaz5m1lgHUjLIjP5fs -tQL8IYxc5lQ42epw/DcAYLJ0P+oxhzBhF1wFydmHO4NbeuSGG+2A5PAR3uVlfsqe -RpFg9hEK8UAgvmn3382zoKyOmUVjNL3qT7b0S7bYGUk2A+RVkP4qLv/odDBii33i -LTq2+u3t/7isC9C6dTB959BHzv/G0AI2w3rCruofolnEPMbAc+7LNe80b6KOttym -TwIDAQABo1MwUTAdBgNVHQ4EFgQU7mOz04EBtc6WoGnjLGezQ0tvKPIwHwYDVR0j -BBgwFoAU7mOz04EBtc6WoGnjLGezQ0tvKPIwDwYDVR0TAQH/BAUwAwEB/zANBgkq -hkiG9w0BAQsFAAOCAgEAcE5kB8ofPAAtsVKVAT4ej15w5FDuDXKgToaBk4VIr7Ed -ZwsVvlhtRjMTcaZfJxrX7X6/myeOnU6GM1TJyjtzkOPh124vLUJ+DsDqvS+gpzu0 -cSiSU2tv0H8KKPylb+cKJmkLEEJdnAzTNST3VgxhQMQGI5f72vAWrr+FnszPJ87W -DoN/bIv8gm+uOTJWQKS1PE1amrcHHshpm945w8sT2DPhvmxZ0G2/IQ8LeTHkJY+/ -6ASlxSXFKpyafyAiGycU+xn1+TzubkgDyj0P8bdP1FT21JxxX+9NdtfR48TjFe8f -lN6AIMMTdlm2QEYyJ8tP0S7z7RwkCyZ2jy0BvPBZU4E6TYMsQ3xj1AUB8RiHuOUv -1jUTlYi4d2PRJPln/P9H8oEE3fU4JtlVfURS4xrVRWhs05V/tkVMda1SLjO5F0Lg -X+2zM+IhqAJZhC+9ztRYtK7K969667g7ro9scF/axuGOlU3A7Ku4BHTLP0DQrI3c -GI+Ks9NOUzOYdxeYxQJ2eJXy6HU/ogoyWD4XaNNy2/mjEyCe9l2NDuD4bQ2wMECD -9oY4FjlVYKoKxWmHy0fwKa65V0tTb4RDMPntOFZwrAyH6b5N0/E1/Oe9x0ZYztZb -oevo9SZjyUBpI9oGJ1H9pL4lnCLZMHqJYvSTU7NCwxmV1ysnJMI8ScugTVrEjvs= ------END CERTIFICATE----- diff --git a/tests/data/test.key b/tests/data/test.key deleted file mode 100644 index 58f7fe0..0000000 --- a/tests/data/test.key +++ /dev/null @@ -1,52 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDct1hsGxUdlxgP -58W78e0ZOtFByeeEfRNgN0tOdR9ZcnWJnEHxlTcr0hhYvkSQSrUojdRtJU0hVqi4 -xCjY3YDM/Uh9175+tS5EeuIrc1KZ9mGXkQxI/4nWUEnduOzV7zPKqVSvhg6AVZgr -utHU21UUJjPHlqxR+IE/QuEC+vD/RYXtf56384tEj+V8b8XlyHolr21+cU1nU8n3 -Krr3VrX5vTeo3kvUFWKVRiseEDA5BMldWK94uvF92Kjkh9jrJ37e8KAecCRHV0Jv -45yjzMOIydV2bh/HbDzTyKc1WcPbPGNbCS85Dz1RqBEtIR1KKuxDXtAd7a26t6Zm -wHaBhorPTf5sVTDAvcTKaVx5dU3pZLt6x9jEmCdkDMncxiiER1xThocc8dw76fyE -6ddEhh4d/LPseFrMU0OOICw/SyBzegiuPqIEg9DfmI94G3i14S2W0QPZi/y9lZBT -fgm+ILeZrOhaz5m1lgHUjLIjP5fstQL8IYxc5lQ42epw/DcAYLJ0P+oxhzBhF1wF -ydmHO4NbeuSGG+2A5PAR3uVlfsqeRpFg9hEK8UAgvmn3382zoKyOmUVjNL3qT7b0 -S7bYGUk2A+RVkP4qLv/odDBii33iLTq2+u3t/7isC9C6dTB959BHzv/G0AI2w3rC -ruofolnEPMbAc+7LNe80b6KOttymTwIDAQABAoICAHw349fT1ip1IuGwu6RvH9WX -OLYh/96c1g7Mj+F0IVSiCmyMOMDSDd7nuzQWwVfD8/kC+Y8D80jUENkL7UFASIEV -+3p3tYpyRbvcvPVfThnAhGRdCeD7kIPBZBEZRpGQskFY04SFmhu4EJBr8DQvzM4u -Qe4OaqUnivYjmaenu4KvihSEQrucocDQi4NhFKuiDLyw4prLAZkpmv00W01gy8Hm -MDEmCt8tufHxL8sXqUwt2XZjtz3nWIpPKZ6UpgySieDG5Ba9Xm2YOpfmLf4x+8o8 -bZrdl50Q2ZsHzrND9eqpLfHKVX1zijsur5wKiwV26slvzwlI/wGa4lfp8cgsBGpj -4S3xk+itJkmq2NWIuJqETuKsLBOLl2sxxIyaeIG0qnVtFgFqlYAiMgNPP1sqoWrf -lg7WUxinA5K9IA3U5GmfIJ9C7SR/Nl6L52CJv60AhHr6YeGd8rRoAU2kjLFtnmGi -ThDEYXbtgdXYVxtMy5xpaECLgWrgRUuRSqF5hQSHElGQFBvB0DwdCW/CRdEjxvtq -9Ir0HHaxJCm5qVLA01CysV0s7zpk9jBwULCYwXdSo6SzqRTz9vuYkLGfqfUO5oBs -cz1ES4UfzrdzkvVMdxPnBpoeHTlX+UE/SPs0iubPcrzOW7tJD6PnVVNo/ULjW74n -3qCibRnL3++s851FkAzBAoIBAQD3TO8L5qcHMLVqpGeyWNNtTk39YDIBQIi+2i6J -wSi+PaY4atMnvUi2kp6FHohdnjhAbdGti7yonhoSWvuibdq3wkIqZqX+IGdhfyvb -TkvjKD5EOILGeFsRbKpHr1BasKvUWDBhIS2mG3GSG4lkqntip4qy3UK1G2Mz+Sdp -RuameMZlQzk1ssKI/lgIlt0UcIzz1G83MUnHvc7TAS/Np+1tAC1snUXxwPpEOcg5 -/gPgPWkzzNmCJLQO68o/XsrVsRj564A5NoMIt3YcsmPMHkH1HrK4oFOhYj+26D+6 -0x3O2Fkcy7dS7AW9x/1Rx8z1ByDaQaTBGp5gkxkyHfoEqjU3AoIBAQDkewGcrQDb -tFKezypSHWcOGU+ViUKNRnrZOTw/wVzxgaoPXubBfoSm3SkLAHUELpHpr+tX1Htm -J3Q3OFOky5ft3+70ophSXStTCP5B4q8Qh0BLEvBiQ2A/owZfAmhCrtfaZcdNOS5o -1Dv8IuqP5HeIkruds05DbuPC8HaMbJMFqiQ3uqCMCtW9VGaEj2emXVrwHgNYEMnw -ngts0VQFjC22btwYnyrUkkv+v1MI/j56pVft6Yci3xDjOzMKdYDHW+219uDIy+QJ -sEGvgtHb924Jj86WtNQbTORfuFluDuUJcDn7Id1Q3j4wXHAIbOT7dOMMJQuzLXx6 -V3IFOFQ5DyOpAoIBAQDfYHmoOU5z+zZTPm+ANCW93PYrQQHKCb27Dp7sxTIFLPCA -k1Vp1trgNu3C9oJcdbb/03KLHOZrNGv+WnpjDHF8fJaBcDjNo/1dnp5BuKZpaAde -XeEaXsp7objpiVy+nkiHRKVmhq6SFMXwILlo2WkcApQQ3jUMG9Hut0Y3HNjoU714 -6FC7xV1cmslv8L1/Ye6frCpNI1Mufa9c/vxr+hxG0ds1+ZWdOh+VEtBeOajMmwv0 -wztRB9AwjiEgPoJepVoXHPa0Nx4C+JxSbXwhes8/Ftx+UitYYcOFdqFiIqIRHXDY -xtYvq4vAEe4qOZxTU34ERzkHSAD44MXodBVKs2ffAoIBAQC8bTVHIOY0SuJYVkFw -tw7mcblQeYKJQDbQLoOhkLY19dlqE7n6mXyMoJfYmufmKwHq10ofhPy/oooVgD57 -CeyiIKvQ1McKJgw0zpXhgDEgUGqVf2j/oNEfqjL25+VUGR2q34UeCqpbiaxuo90O -Dj0GRPy1ccp5kloDyov6AxC8+zQjQaZl2Amtuo1RhXLVoOf+XsIjPrVL2wtREtFY -QeLxMTwSkjGgXYaO8Ppp0EN2oiWB77Wi7JPg0lGlroIl54qDJrb64iuOUe3Z8Olh -nw0AlbiqUTcbzK4Kwt3+BgqdXhBzK9p5ds+S0qkSSbwOJLearHKZskmWG8fMxkev -Ru0BAoIBAEh2h5N4gWuBSoajaK01YtluWM6QgSv45xpkAkePwa1icPAHTh7Li6kb -SdkpWwTzMEYIdL88HxRtOUWEIiI037rVSiIzYd7anYAQpylowFHThv1kjfjI35Gj -gOWJmwqlXkddHb6LvNUNuw0thrchnxLvHBP2K7Moj1+dIeKjnD4i61BsUDoGbVp5 -28ux/blVa747TK4BWnpXcbpXsfja5tS8iQOED3vWI3y4zcwyUM/YuE0vblvsklKe -UhHnUmNO7g5FMkvvWZTu92kyYz0e7WM2Qf7QEP3OU/8WQ5m4vdHRj8c1G6N1p+Bl -tfabFmjRQy0gCxvdhTQnEVAUNs6dF4c= ------END PRIVATE KEY----- diff --git a/tests/data/test2.certificate b/tests/data/test2.certificate deleted file mode 100644 index ce59d62..0000000 --- a/tests/data/test2.certificate +++ /dev/null @@ -1,31 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFazCCA1OgAwIBAgIULVvTOxM1BmHZOMEbnweRI3AfJZQwDQYJKoZIhvcNAQEL -BQAwRTELMAkGA1UEBhMCTkwxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM -GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMjAyMjgwOTQwMTVaFw0yMzAy -MjgwOTQwMTVaMEUxCzAJBgNVBAYTAk5MMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw -HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggIiMA0GCSqGSIb3DQEB -AQUAA4ICDwAwggIKAoICAQCgj770wxA3Y9ZZIFjurCSwO83Ui1O4WNHz7fWy6NT3 -amJK53xgyF0lDJDI4Xju9mDiNV6Sfkg5y4nAJYIC9lqnLuiUVjTIbqxMdbD7P8MW -sA1U7IbfjDTOgkT3OQV2vQd5lQTfIkLHur8EV0x3fjtEl5kA/9a+sx3t8ZvNPPI0 -GiiRHQSLVMiy3tqh4zxrKtcm9lObAgjHOtlcJxpjon1sINjjS0i/nRZ8VTK2uZxH -RsF6IumQIAb7khawkzN/1C4Mix3ZVd/uibuyMxHL288yd90VVReevEP7yQtNwxpF -+UnPIpTeihwf04MGS2/0NikUook6GkkYIN0i5VR7/rxTLLRaWVeBowdDJ467BUnj -0Lix6swbGttxwUPSx4SewfNqpWk61jo1rY4AGCytZTKI491GqHF9qmduKxWYtrX4 -+pNRXe7PXXxh57LAXTMIk53gs0iOG184Lr3w5etCdab1XEfjhuNOwez71Y7CrVXN -riK5ocF/oFHzLSRruHC01lMSoxV7Axm0zpuElHfFavhp6drXUP2yTwhvqUPUrXtk -epjZML6IYc7NvFNMXUeCCFiQ9z4bz84xQu7QNV7v8lxfSVq2loJwu/RXm+WMeFyG -qKw05yOglnjklekM5O0UEVR0dVG6BanmRc8CF7vH/nUnOAPHYBfvN5MVXHfw5nQb -FwIDAQABo1MwUTAdBgNVHQ4EFgQUrthVkptJGmdkXulbM5Nh3P+gs9swHwYDVR0j -BBgwFoAUrthVkptJGmdkXulbM5Nh3P+gs9swDwYDVR0TAQH/BAUwAwEB/zANBgkq -hkiG9w0BAQsFAAOCAgEAALMaY6TPLdDHqjt4MDZHL7D39ZtC/FvgkC7sLO9Rr8gT -aufX8lQda5oZfQx1yj1+yWLcXcwgP87CFMoMME6ewxryfvs81ysjfSawRVHrrvEI -GD2AAnuxvrlr8D4ufUxzgJ/oIwJuD2hRydBWZ7R/DFqSO+E8vILNi+skT2IFcNYE -bsYvwo+ykYpPjot4V15RUa++YiFeGUmRjUEPjFdsN+RiLHUGy2td/9/uTzmay5uS -HODzboO5Dwc1D1Ex+kohY7YZWhAsUCvJTVE8K4U6fQQhMxDSXYaLhiT2CykUqcIC -RBmP1Vx9Dx0Zz9wI5sXw29rC0ITkBA1uMvnaF9uP6W8WbYxEDYIWrzJveUwFxUT4 -M8tkvNVwBTxXJDiaHtX+xmk20gUn/bBUlnInjDYmyzIu5LCbLykfgmHcnzVTfZ10 -+aohRQOkDQHqxN0j0rexMyLPPXnjRHB9puhTHq6yuEUCd3Hplkpj8s5/NuZlI2M1 -5hMWsPZbHLCxiOC+CuKeZFjSGhuDrEfkTZdKILcHY1cz3jVF5rhhgVSJVenSIOxF -uRmMYBD41wVprJtQ8QtdgrHd7otKDp6adKmMC17h9h/9trr6+cwbbL6gm1NDaUTt -IhY/ICpt4QUVDX9e4EwV98Wimpw2Y9SiY9hQi/N3VZcHp1UAcl410jX2PGsPxV4= ------END CERTIFICATE----- diff --git a/tests/data/test2.key b/tests/data/test2.key deleted file mode 100644 index 6e3f13f..0000000 --- a/tests/data/test2.key +++ /dev/null @@ -1,52 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCgj770wxA3Y9ZZ -IFjurCSwO83Ui1O4WNHz7fWy6NT3amJK53xgyF0lDJDI4Xju9mDiNV6Sfkg5y4nA -JYIC9lqnLuiUVjTIbqxMdbD7P8MWsA1U7IbfjDTOgkT3OQV2vQd5lQTfIkLHur8E -V0x3fjtEl5kA/9a+sx3t8ZvNPPI0GiiRHQSLVMiy3tqh4zxrKtcm9lObAgjHOtlc -Jxpjon1sINjjS0i/nRZ8VTK2uZxHRsF6IumQIAb7khawkzN/1C4Mix3ZVd/uibuy -MxHL288yd90VVReevEP7yQtNwxpF+UnPIpTeihwf04MGS2/0NikUook6GkkYIN0i -5VR7/rxTLLRaWVeBowdDJ467BUnj0Lix6swbGttxwUPSx4SewfNqpWk61jo1rY4A -GCytZTKI491GqHF9qmduKxWYtrX4+pNRXe7PXXxh57LAXTMIk53gs0iOG184Lr3w -5etCdab1XEfjhuNOwez71Y7CrVXNriK5ocF/oFHzLSRruHC01lMSoxV7Axm0zpuE -lHfFavhp6drXUP2yTwhvqUPUrXtkepjZML6IYc7NvFNMXUeCCFiQ9z4bz84xQu7Q -NV7v8lxfSVq2loJwu/RXm+WMeFyGqKw05yOglnjklekM5O0UEVR0dVG6BanmRc8C -F7vH/nUnOAPHYBfvN5MVXHfw5nQbFwIDAQABAoICAE7JmruCiI+VlxYPEHS11h8A -iaUVZVSdiRD4oMtVA0QRWQBGjTr0tvg6LUXVlkE0dyApbinWe9yYaxT1ktGfT6ag -FxLLJoWAAV5XliwEAtg8NZ6JnjlOFI+NTwg9W9gDNArOPCC+MCTQF3Gq4OP19mFX -PoZGBHt5a2NaXsiccoFsoKFsqtEwHnffcUtlNT2lPQRqdWYn3mTdFNHqgkGH96G6 -kJMgWydjjygdqpANjolPSBuFzDSj8qk565Zj9S5x0NLo5RHD2Om1fnwYIVB2oTqz -pLIWGkwTOAzyf3B+H4Ncq4JQBtsYzGo1oSLSm7IrbYcppsrzIREM91ZrUES0IHat -Al+MLdxey9c2oSTjXyaDEnWaeO6YYS6z+gRCmLpfyan+xznUy0O9GZSuxPgT3pu9 -z+r599wHsuFuilMJhVUsRuZyViEWRSs+6e26hZWgN5MZEikG1Ikq4QU86jM04k5/ -787GkscvLuR3BU4VUP9kFDhJtEL2Gp18peDzLPt+hzFSA0AsZj4RBd1UzBlVtrxZ -xgrHc/JFSYvHsOGAeos44T7lO7V2m23Xz1zXgiwGlMUF4IgXMzkK87gHqBiWuuP1 -blGKYSedoM7wj/f68bXVo4sI2D2LQ98Vm+0Sxe7kwVb6NHcBvE/HtmD01IGQp2AB -16teRynBltgmBKmtBkyZAoIBAQDO9PmCELhZ9BSEQXg7EM6QVAAygVwgmpu5AlQe -w7mSTwlWy/X9xxGWRGO9uARK9eajPww0d7DRDxkeegcs9VffdbUgKSiQpzyn6LzI -2+DGCsVcMRiuczrYwblKCzJYgfa7sqtrGzFXb9uUq1XY4jJcbwYVhBGJRZ0PwFlY -Dh3I79FK3rDWdsBKVQZWcEJNxFPX3IFbI2bqXIZSz77pTvnLAOhx62WwzAiFaric -jN9/VQPpDSlfBhT0bIUUEYiauXqzM3+M5Gn5EatqrWM2jutEQRsnK9P4BD4R0RZJ -12drWag/+nnfKNSD3O44eIQ9NgQprCd0tRI9CQ6biVk3Q4WlAoIBAQDGnDJW7U51 -X4XVOArMzUaOiIbaelM26eQzWRRl9R2zf6b/TXn9QhOWB/6ZL9HgjtYioDZQg2eM -Qb1LwHwFsZQcD/fjVjnPezxx/H54IEp46/FgI/7g6r9uoRfSxmO4xGQ9jW+nSsWK -eSYIj+Uz66sizVbLFVP1//H6bwVF7t8lYAIzYGGwNiHTULAJn08R9nbA+haloSgY -QrrEZ+VjR1FF1dOjYVnvNvCGftNNV55dq74SGnN5O7G/KsbG1r5Jp2iyD2/3EmZ0 -nW2asi66ABoUef9HPuABr/Ht74TQSMZxU9JNPhX/jRn4+53rp0rg0Xfz1B/YIjNB -hpDQEPnjC1kLAoIBAQDF2lHG1LFJ3hzXK7gDz9eLB6OApUcsLGL/hohhOQDqLQFi -p28vBOd9Xzhzob8I4vlxy86hQmQaGXMMPeEqTAuMKH3Wl0KeuCM26zvAUuUasCVq -M83CyYrSurGnZfjlwKnfW7qhlMehLeEgyoQx6l33HHUWkMIrGBBFhMBlfGlhNlRC -XY92GOVQquR6MqxQqIb3cWmBdeDn4TjRZqa/aa9JMj8G2eLIGOd0lUiU8eChXOd2 -IA0TOT9DRZQcUX7lXLk/JNamHaBqa0gTnluhRxUIla2dzzrAe13Trq6+PV4ztO0y -7QUiIWi5/7cG6cCSvFdSd7Do1Erxav06GR7fxH+5AoIBADMDMYbUQv+wvk5Kq7N4 -0jOP65s4KiGDp8JskemyMKPHGNygSMH888zoVsN/3ddguK2CGxFI/xKuW/GWCgTo -XJNsoo34uraI/7iDUvSFzrsKVyALfs7EXNEMfXL80+ZEQz7wEgqVEPIFNfijBQr1 -8CnrNezJmJwp1jwtwdv5g8U0yLvreIvrC3scUWrXSVbiyBO+6Iw4PXUlxpTl3qxG -SCC40Dg5rADeSp8w+hL2e02x7Ar4UkqEQ55HXXD6/TsrzZ9WibqbNkejm+BM/eV2 -WzyBLUleY+jrCSfFCob4+kdncS+3z6yo0E/8SM6bVIc0JiwxgtBf0Gx3JMDca2Ke -qosCggEBAKIdeEDQanNF3e0jrT/jud+t6HqkjqqNA5rXct0PU8acigMTxjAAdOPL -V2QiN9bnaSPiWVIfgrcnGm8ZRDign6EVUxHSQ3KbALA7pTUa4lvd1hgCi/qXRRLR -VuwY0ONeNYSnuO1F29HwcJWkI3Tgs+nUodalhL+OArtye0SG+JozNtPjyuoBqjo5 -3F9u3uWTwuJL80uLWPctStZeg+Mgn8WrXSwMPGyKUtBAWDklZ8c7DwIS4AellGDI -WOqNYFkzToQRXoKr8YlIwu33g3YssZWlGMKbWHD7BD85PD8dvCNLWcgs/TZObGg4 -vT7mYP0Eq6MxFMaDw5825M9GoV3vVVY= ------END PRIVATE KEY----- diff --git a/tests/test_certificates.py b/tests/test_certificates.py deleted file mode 100644 index 393461e..0000000 --- a/tests/test_certificates.py +++ /dev/null @@ -1,312 +0,0 @@ -from datetime import datetime -from pathlib import Path - -from django.contrib.admin import AdminSite -from django.contrib.auth.models import User -from django.core.files import File -from django.db.models.deletion import ProtectedError -from django.test import RequestFactory, TestCase, TransactionTestCase - -import requests_mock -from privates.test import temp_private_root - -from zgw_consumers.admin import CertificateAdmin -from zgw_consumers.constants import APITypes, CertificateTypes -from zgw_consumers.forms import CertificateAdminForm -from zgw_consumers.models import Certificate, Service - -TEST_FILES = Path(__file__).parent / "data" - - -@temp_private_root() -class CertificateTests(TestCase): - def test_calculated_properties(self): - with open(TEST_FILES / "test.certificate", "r") as client_certificate_f, open( - TEST_FILES / "test.key", "r" - ) as key_f: - certificate = Certificate.objects.create( - label="Test certificate", - type=CertificateTypes.key_pair, - public_certificate=File(client_certificate_f, name="test.certificate"), - private_key=File(key_f, name="test.key"), - ) - - self.assertEqual(datetime(2023, 2, 21, 14, 26, 51), certificate.expiry_date) - self.assertEqual( - "C: NL, ST: Some-State, O: Internet Widgits Pty Ltd", certificate.issuer - ) - self.assertEqual( - "C: NL, ST: Some-State, O: Internet Widgits Pty Ltd", certificate.subject - ) - - def test_admin_validation_invalid_certificate(self): - with open(TEST_FILES / "invalid.certificate", "r") as client_certificate_f: - form = CertificateAdminForm( - { - "label": "Test invalid certificate", - "type": CertificateTypes.cert_only, - }, - {"public_certificate": File(client_certificate_f)}, - ) - - self.assertFalse(form.is_valid()) - - def test_admin_validation_valid_certificate(self): - with open(TEST_FILES / "test.certificate", "r") as client_certificate_f: - form = CertificateAdminForm( - { - "label": "Test invalid certificate", - "type": CertificateTypes.cert_only, - }, - {"public_certificate": File(client_certificate_f)}, - ) - - self.assertTrue(form.is_valid()) - - def test_invalid_key_pair(self): - with open(TEST_FILES / "test.certificate", "r") as client_certificate_f, open( - TEST_FILES / "test2.key", "r" - ) as key_f: - certificate = Certificate.objects.create( - label="Test certificate", - type=CertificateTypes.key_pair, - public_certificate=File(client_certificate_f, name="test.certificate"), - private_key=File(key_f, name="test2.key"), - ) - - self.assertFalse(certificate.is_valid_key_pair()) - - def test_valid_key_pair(self): - with open(TEST_FILES / "test.certificate", "r") as client_certificate_f, open( - TEST_FILES / "test.key", "r" - ) as key_f: - certificate = Certificate.objects.create( - label="Test certificate", - type=CertificateTypes.key_pair, - public_certificate=File(client_certificate_f, name="test.certificate"), - private_key=File(key_f, name="test.key"), - ) - - self.assertTrue(certificate.is_valid_key_pair()) - - def test_valid_key_pair_missing_key(self): - with open(TEST_FILES / "test.certificate", "r") as client_certificate_f: - certificate = Certificate.objects.create( - label="Test certificate", - type=CertificateTypes.key_pair, - public_certificate=File(client_certificate_f, name="test.certificate"), - ) - - self.assertIsNone(certificate.is_valid_key_pair()) - - def test_admin_changelist_doesnt_crash_on_missing_files(self): - # Github #39 - with open(TEST_FILES / "test.certificate", "r") as client_certificate_f, open( - TEST_FILES / "test.key", "r" - ) as key_f: - certificate = Certificate.objects.create( - label="Test certificate", - type=CertificateTypes.key_pair, - public_certificate=File(client_certificate_f, name="test.certificate"), - private_key=File(key_f, name="test.key"), - ) - - # delete the physical files from media storage - Path(certificate.public_certificate.path).unlink() - Path(certificate.private_key.path).unlink() - - certificate_admin = CertificateAdmin(model=Certificate, admin_site=AdminSite()) - - # fake a superuser admin request to changelist - request = RequestFactory().get("/dummy") - request.user = User.objects.create_user(is_superuser=True, username="admin") - response = certificate_admin.changelist_view(request) - - # calling .render() to force actual rendering and trigger issue - response.render() - - self.assertEqual(response.status_code, 200) - - -@temp_private_root() -class ServiceWithCertificateTests(TestCase): - @classmethod - def setUpTestData(cls): - client_certificate_f = open(TEST_FILES / "test.certificate", "r") - server_certificate_f = open(TEST_FILES / "test2.certificate", "r") - key_f = open(TEST_FILES / "test.key", "r") - - cls.client_certificate = Certificate.objects.create( - label="Test client certificate", - type=CertificateTypes.key_pair, - public_certificate=File(client_certificate_f, name="test.certificate"), - private_key=File(key_f, name="test.key"), - ) - cls.client_certificate_only = Certificate.objects.create( - label="Test client certificate (only cert)", - type=CertificateTypes.cert_only, - public_certificate=File(client_certificate_f, name="test1.certificate"), - ) - cls.server_certificate = Certificate.objects.create( - label="Test server certificate", - type=CertificateTypes.cert_only, - public_certificate=File(server_certificate_f, name="test2.certificate"), - ) - - client_certificate_f.close() - server_certificate_f.close() - key_f.close() - - def test_build_client_with_server_and_client_certificates(self): - oas_path = Path(__file__).parent / "schemas/drc.yaml" - - with open(oas_path, "r") as oas_file: - service = Service.objects.create( - label="Test", - api_type=APITypes.drc, - api_root="https://foo.bar", - oas_file=File(oas_file, name="schema.yaml"), - client_certificate=self.client_certificate, - server_certificate=self.server_certificate, - ) - - client = service.build_client() - - with requests_mock.Mocker() as m: - m.get("https://foo.bar") - client.request("https://foo.bar", "enkelvoudiginformatieobject_list") - history = m.request_history - - request_with_tls = history[0] - - self.assertTupleEqual( - ( - self.client_certificate.public_certificate.path, - self.client_certificate.private_key.path, - ), - request_with_tls.cert, - ) - self.assertEqual( - self.server_certificate.public_certificate.path, request_with_tls.verify - ) - - def test_build_client_with_only_client_certificates(self): - oas_path = Path(__file__).parent / "schemas/drc.yaml" - - with open(oas_path, "r") as oas_file: - service = Service.objects.create( - label="Test", - api_type=APITypes.drc, - api_root="https://foo.bar", - oas_file=File(oas_file, name="schema.yaml"), - client_certificate=self.client_certificate, - ) - - client = service.build_client() - - with requests_mock.Mocker() as m: - m.get("https://foo.bar") - client.request("https://foo.bar", "enkelvoudiginformatieobject_list") - history = m.request_history - - request_with_tls = history[0] - - self.assertTupleEqual( - ( - self.client_certificate.public_certificate.path, - self.client_certificate.private_key.path, - ), - request_with_tls.cert, - ) - self.assertTrue(request_with_tls.verify) - - def test_build_client_with_only_client_certificates_no_key(self): - oas_path = Path(__file__).parent / "schemas/drc.yaml" - - with open(oas_path, "r") as oas_file: - service = Service.objects.create( - label="Test", - api_type=APITypes.drc, - api_root="https://foo.bar", - oas_file=File(oas_file, name="schema.yaml"), - client_certificate=self.client_certificate_only, - ) - - client = service.build_client() - - with requests_mock.Mocker() as m: - m.get("https://foo.bar") - client.request("https://foo.bar", "enkelvoudiginformatieobject_list") - history = m.request_history - - request_with_tls = history[0] - - self.assertEqual( - self.client_certificate_only.public_certificate.path, request_with_tls.cert - ) - self.assertTrue(request_with_tls.verify) - - def test_build_client_with_only_server_certificates(self): - oas_path = Path(__file__).parent / "schemas/drc.yaml" - - with open(oas_path, "r") as oas_file: - service = Service.objects.create( - label="Test", - api_type=APITypes.drc, - api_root="https://foo.bar", - oas_file=File(oas_file, name="schema.yaml"), - server_certificate=self.server_certificate, - ) - - client = service.build_client() - - with requests_mock.Mocker() as m: - m.get("https://foo.bar") - client.request("https://foo.bar", "enkelvoudiginformatieobject_list") - history = m.request_history - - request_with_tls = history[0] - - self.assertEqual( - self.server_certificate.public_certificate.path, request_with_tls.verify - ) - - def test_certificate_deletion_with_services(self): - oas_path = Path(__file__).parent / "schemas/drc.yaml" - - with open(TEST_FILES / "test.certificate", "r") as certificate_f: - certificate = Certificate.objects.create( - label="Test client certificate", - type=CertificateTypes.cert_only, - public_certificate=File(certificate_f, name="test.certificate"), - ) - - with open(oas_path, "r") as oas_file: - Service.objects.create( - label="Test", - api_type=APITypes.drc, - api_root="https://foo.bar", - oas_file=File(oas_file, name="schema.yaml"), - client_certificate=certificate, - ) - - with self.assertRaises(ProtectedError): - certificate.delete() - - -@temp_private_root() -class TestCertificateFilesDeletion(TransactionTestCase): - def test_certificate_deletion_deletes_files(self): - with open(TEST_FILES / "test.certificate", "r") as certificate_f: - certificate = Certificate.objects.create( - label="Test client certificate", - type=CertificateTypes.cert_only, - public_certificate=File(certificate_f, name="test.certificate"), - ) - - file_path = certificate.public_certificate.path - storage = certificate.public_certificate.storage - - certificate.delete() - - self.assertFalse(storage.exists(file_path)) diff --git a/tests/test_commands.py b/tests/test_commands.py deleted file mode 100644 index a29b37c..0000000 --- a/tests/test_commands.py +++ /dev/null @@ -1,72 +0,0 @@ -import zipfile -from pathlib import Path - -from django.core.files import File -from django.core.management import call_command -from django.test import TestCase - -from freezegun import freeze_time -from privates.test import temp_private_root - -from zgw_consumers.constants import CertificateTypes -from zgw_consumers.models import Certificate - -TEST_FILES = Path(__file__).parent / "data" - - -@freeze_time("2022-01-01") -@temp_private_root() -class CertificateDumpTests(TestCase): - def setUp(self) -> None: - super().setUp() - - def remove_certs_archive(): - Path("certificates.zip").unlink() - - self.addCleanup(remove_certs_archive) - - def test_dump_certificate_files(self): - with open(TEST_FILES / "test.certificate", "r") as client_certificate_f, open( - TEST_FILES / "test.key", "r" - ) as key_f: - certificate1 = Certificate.objects.create( - label="Test certificate", - type=CertificateTypes.key_pair, - public_certificate=File(client_certificate_f, name="test.certificate"), - private_key=File(key_f, name="test.key"), - ) - - certificate2 = Certificate.objects.create( - label="Test certificate2", - type=CertificateTypes.key_pair, - public_certificate=File(client_certificate_f, name="test.certificate2"), - private_key=File(key_f, name="test.key2"), - ) - - call_command("dump_certs") - - expected_files = [ - "ssl_certs_keys/2022/01/01/test.certificate", - "ssl_certs_keys/2022/01/01/test.key", - "ssl_certs_keys/2022/01/01/test.certificate2", - "ssl_certs_keys/2022/01/01/test.key2", - ] - zf = zipfile.ZipFile("certificates.zip", "r") - - self.assertEqual(zf.namelist(), expected_files) - self.assertEqual( - zf.open("ssl_certs_keys/2022/01/01/test.certificate").read(), - certificate1.public_certificate.read(), - ) - self.assertEqual( - zf.open("ssl_certs_keys/2022/01/01/test.key").read(), - certificate1.private_key.read(), - ) - self.assertEqual( - zf.open("ssl_certs_keys/2022/01/01/test.certificate2").read(), - certificate2.public_certificate.read(), - ) - self.assertEqual( - zf.open("ssl_certs_keys/2022/01/01/test.key2").read(), - certificate2.private_key.read(), - ) diff --git a/zgw_consumers/admin.py b/zgw_consumers/admin.py index b42e3d5..47d17bf 100644 --- a/zgw_consumers/admin.py +++ b/zgw_consumers/admin.py @@ -5,8 +5,7 @@ from solo.admin import SingletonModelAdmin from .admin_fields import get_nlx_field, get_zaaktype_field -from .forms import CertificateAdminForm -from .models.certificates import Certificate + from .models.services import NLXConfig, Service from .widgets import NoDownloadPrivateFileWidget @@ -30,43 +29,6 @@ class NLXConfigAdmin(PrivateMediaMixin, SingletonModelAdmin): private_media_file_widget = NoDownloadPrivateFileWidget -@admin.register(Certificate) -class CertificateAdmin(PrivateMediaMixin, admin.ModelAdmin): - form = CertificateAdminForm - - fields = ("label", "type", "public_certificate", "private_key") - list_display = ("get_label", "type", "expiry_date", "is_valid_key_pair") - list_filter = ("label", "type") - search_fields = ("label", "type") - - private_media_fields = ("public_certificate", "private_key") - - def get_label(self, obj): - return str(obj) - - get_label.short_description = _("label") - get_label.admin_order_field = "label" - - def expiry_date(self, obj=None): - # alias model property to catch file not found errors - try: - return obj.expiry_date - except FileNotFoundError: - return _("file not found") - - expiry_date.short_description = _("expiry date") - - def is_valid_key_pair(self, obj=None): - # alias model method to catch file not found errors - try: - return obj.is_valid_key_pair() - except FileNotFoundError: - return None - - is_valid_key_pair.short_description = _("valid key pair") - is_valid_key_pair.boolean = True - - class ListZaaktypenMixin: zaaktype_fields = () diff --git a/zgw_consumers/constants.py b/zgw_consumers/constants.py index a00f762..65bbb2b 100644 --- a/zgw_consumers/constants.py +++ b/zgw_consumers/constants.py @@ -31,6 +31,3 @@ class NLXDirectories(DjangoChoices): prod = ChoiceItem("prod", _("Prod")) -class CertificateTypes(DjangoChoices): - key_pair = ChoiceItem("key_pair", _("Key-pair")) - cert_only = ChoiceItem("cert_only", _("Certificate only")) diff --git a/zgw_consumers/forms.py b/zgw_consumers/forms.py deleted file mode 100644 index 6b79c8c..0000000 --- a/zgw_consumers/forms.py +++ /dev/null @@ -1,28 +0,0 @@ -from django import forms -from django.core.exceptions import ValidationError -from django.utils.translation import gettext_lazy as _ - -from OpenSSL import crypto - -from .models import Certificate - - -class CertificateAdminForm(forms.ModelForm): - class Meta: - model = Certificate - fields = "__all__" - - def clean_public_certificate(self): - if self.cleaned_data["public_certificate"].closed: - self.cleaned_data["public_certificate"].open() - self.cleaned_data["public_certificate"].seek(0) - - try: - crypto.load_certificate( - crypto.FILETYPE_PEM, - self.cleaned_data["public_certificate"].read(), - ) - except Exception: - raise ValidationError(_("Invalid certificate"), code="invalid") - - return self.cleaned_data["public_certificate"] diff --git a/zgw_consumers/management/__init__.py b/zgw_consumers/management/__init__.py deleted file mode 100644 index e69de29..0000000 diff --git a/zgw_consumers/management/commands/__init__.py b/zgw_consumers/management/commands/__init__.py deleted file mode 100644 index e69de29..0000000 diff --git a/zgw_consumers/management/commands/dump_certs.py b/zgw_consumers/management/commands/dump_certs.py deleted file mode 100644 index d250d87..0000000 --- a/zgw_consumers/management/commands/dump_certs.py +++ /dev/null @@ -1,32 +0,0 @@ -import zipfile - -from django.core.management.base import BaseCommand -from django.utils.translation import gettext_lazy as _ - -from zgw_consumers.models import Certificate - - -class Command(BaseCommand): - help = "Dump all certificates to a .zip archive" - - def add_arguments(self, parser): - parser.add_argument( - "--filename", - help=_("Name of the archive to write data to"), - type=str, - default="certificates.zip", - ) - - def handle(self, *args, **options): - filename = options["filename"] - certs = Certificate.objects.all() - with zipfile.ZipFile(filename, "w") as zf: - for cert in certs: - if cert.public_certificate: - zf.write( - cert.public_certificate.path, - arcname=cert.public_certificate.name, - ) - - if cert.private_key: - zf.write(cert.private_key.path, arcname=cert.private_key.name) diff --git a/zgw_consumers/models/__init__.py b/zgw_consumers/models/__init__.py index 16306da..2c046e2 100644 --- a/zgw_consumers/models/__init__.py +++ b/zgw_consumers/models/__init__.py @@ -1,9 +1,7 @@ -from .certificates import Certificate from .fields import ServiceUrlField from .services import NLXConfig, Service __all__ = [ - "Certificate", "Service", "NLXConfig", "ServiceUrlField", diff --git a/zgw_consumers/models/certificates.py b/zgw_consumers/models/certificates.py deleted file mode 100644 index 18d67e8..0000000 --- a/zgw_consumers/models/certificates.py +++ /dev/null @@ -1,99 +0,0 @@ -from datetime import date, datetime -from typing import Optional - -from django.db import models -from django.utils.translation import gettext, gettext_lazy as _ - -from OpenSSL import SSL, crypto -from privates.fields import PrivateMediaFileField - -from ..constants import CertificateTypes -from ..mixins import DeleteFileFieldFilesMixin -from ..utils import pretty_print_certificate_components - - -class Certificate(DeleteFileFieldFilesMixin, models.Model): - label = models.CharField( - _("label"), - max_length=100, - help_text=_("Recognisable label for the certificate"), - ) - type = models.CharField( - _("type"), - max_length=20, - choices=CertificateTypes.choices, - help_text=_( - "Is this only a certificate or is there an associated private key?" - ), - ) - public_certificate = PrivateMediaFileField( - _("public certificate"), - help_text=_("The content of the certificate"), - upload_to="ssl_certs_keys/%Y/%m/%d", - ) - private_key = PrivateMediaFileField( - _("private key"), - help_text=_("The content of the private key"), - blank=True, - upload_to="ssl_certs_keys/%Y/%m/%d", - ) - - class Meta: - verbose_name = _("certificate") - verbose_name_plural = _("certificates") - - _certificate_obj = None - _private_key_obj = None - - def __str__(self): - return self.label or gettext("(missing label)") - - @property - def _certificate(self): - if not self._certificate_obj: - with self.public_certificate.open(mode="rb") as certificate_f: - self._certificate_obj = crypto.load_certificate( - crypto.FILETYPE_PEM, certificate_f.read() - ) - return self._certificate_obj - - @property - def _private_key(self): - if not self._private_key_obj: - with self.private_key.open(mode="rb") as key_f: - self._private_key_obj = crypto.load_privatekey( - crypto.FILETYPE_PEM, key_f.read() - ) - return self._private_key_obj - - @property - def expiry_date(self) -> datetime: - expiry = self._certificate.get_notAfter() - return datetime.strptime(expiry.decode("utf-8"), "%Y%m%d%H%M%SZ") - - @property - def issuer(self) -> str: - issuer_x509name = self._certificate.get_issuer() - return pretty_print_certificate_components(issuer_x509name) - - @property - def subject(self) -> str: - subject_x509name = self._certificate.get_subject() - return pretty_print_certificate_components(subject_x509name) - - def is_valid_key_pair(self) -> Optional[bool]: - if not self.private_key: - return None - - context = SSL.Context(SSL.TLSv1_2_METHOD) - context.use_privatekey(self._private_key) - context.use_certificate(self._certificate) - - try: - context.check_privatekey() - except SSL.Error: - return False - - return True - - is_valid_key_pair.boolean = True diff --git a/zgw_consumers/models/services.py b/zgw_consumers/models/services.py index 22db6c5..f04bda5 100644 --- a/zgw_consumers/models/services.py +++ b/zgw_consumers/models/services.py @@ -17,7 +17,7 @@ from ..client import ZGWClient, get_client_class from ..constants import APITypes, AuthTypes, NLXDirectories from ..query import ServiceManager -from . import Certificate +from simple_certmanager.models import Certificate from .abstract import RestAPIService diff --git a/zgw_consumers/utils.py b/zgw_consumers/utils.py index 4c8cc24..d89d321 100644 --- a/zgw_consumers/utils.py +++ b/zgw_consumers/utils.py @@ -26,9 +26,3 @@ def value(self): return cached_value -def pretty_print_certificate_components(x509name) -> str: - components = [ - (label.decode("utf-8"), value.decode("utf-8")) - for (label, value) in x509name.get_components() - ] - return ", ".join([f"{label}: {value}" for (label, value) in components])