test_keystore.py 16 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399
  1. # -*- coding: utf-8 -*-
  2. """
  3. Test cases for keystore state
  4. """
  5. # Import Python libs
  6. from __future__ import absolute_import, print_function, unicode_literals
  7. # Import Salt Libs
  8. import salt.states.keystore as keystore
  9. # Import Salt Testing Libs
  10. from tests.support.mixins import LoaderModuleMockMixin
  11. from tests.support.mock import MagicMock, patch
  12. from tests.support.unit import TestCase
  13. class KeystoreTestCase(TestCase, LoaderModuleMockMixin):
  14. """
  15. Test cases for salt.states.keystore
  16. """
  17. def setup_loader_modules(self):
  18. return {keystore: {"__opts__": {"test": False}}}
  19. @patch("os.path.exists", MagicMock(return_value=True))
  20. def test_cert_already_present(self):
  21. """
  22. Test for existing value_present
  23. """
  24. cert_return = [
  25. {
  26. "valid_until": "August 21 2017",
  27. "sha1": "07:1C:B9:4F:0C:C8:51:4D:02:41:24:70:8E:E8:B2:68:7B:D7:D9:D5",
  28. "valid_start": "August 22 2012",
  29. "type": "TrustedCertEntry",
  30. "alias": "stringhost",
  31. "expired": True,
  32. }
  33. ]
  34. x509_return = {
  35. "Not After": "2017-08-21 05:26:54",
  36. "Subject Hash": "97:95:14:4F",
  37. "Serial Number": "0D:FA",
  38. "SHA1 Finger Print": "07:1C:B9:4F:0C:C8:51:4D:02:41:24:70:8E:E8:B2:68:7B:D7:D9:D5",
  39. "SHA-256 Finger Print": "5F:0F:B5:16:65:81:AA:E6:4A:10:1C:15:83:B1:BE:BE:74:E8:14:A9:1E:7A:8A:14:BA:1E:83:5D:78:F6:E9:E7",
  40. "MD5 Finger Print": "80:E6:17:AF:78:D8:E4:B8:FB:5F:41:3A:27:1D:CC:F2",
  41. "Version": 1,
  42. "Key Size": 512,
  43. "Public Key": "-----BEGIN PUBLIC KEY-----\nMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJv8ZpB5hEK7qxP9K3v43hUS5fGT4waK\ne7ix4Z4mu5UBv+cw7WSFAt0Vaag0sAbsPzU8Hhsrj/qPABvfB8asUwcCAwEAAQ==\n-----END PUBLIC KEY-----\n",
  44. "Issuer": {
  45. "C": "JP",
  46. "organizationName": "Frank4DD",
  47. "CN": "Frank4DD Web CA",
  48. "SP": "Tokyo",
  49. "L": "Chuo-ku",
  50. "emailAddress": "support@frank4dd.com",
  51. "OU": "WebCert Support",
  52. },
  53. "Issuer Hash": "92:DA:45:6B",
  54. "Not Before": "2012-08-22 05:26:54",
  55. "Subject": {
  56. "C": "JP",
  57. "SP": "Tokyo",
  58. "organizationName": "Frank4DD",
  59. "CN": "www.example.com",
  60. },
  61. }
  62. name = "keystore.jks"
  63. passphrase = "changeit"
  64. entries = [
  65. {
  66. "alias": "stringhost",
  67. "certificate": """-----BEGIN CERTIFICATE-----
  68. MIICEjCCAXsCAg36MA0GCSqGSIb3DQEBBQUAMIGbMQswCQYDVQQGEwJKUDEOMAwG
  69. A1UECBMFVG9reW8xEDAOBgNVBAcTB0NodW8ta3UxETAPBgNVBAoTCEZyYW5rNERE
  70. MRgwFgYDVQQLEw9XZWJDZXJ0IFN1cHBvcnQxGDAWBgNVBAMTD0ZyYW5rNEREIFdl
  71. YiBDQTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmcmFuazRkZC5jb20wHhcNMTIw
  72. ODIyMDUyNjU0WhcNMTcwODIxMDUyNjU0WjBKMQswCQYDVQQGEwJKUDEOMAwGA1UE
  73. CAwFVG9reW8xETAPBgNVBAoMCEZyYW5rNEREMRgwFgYDVQQDDA93d3cuZXhhbXBs
  74. ZS5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEAm/xmkHmEQrurE/0re/jeFRLl
  75. 8ZPjBop7uLHhnia7lQG/5zDtZIUC3RVpqDSwBuw/NTweGyuP+o8AG98HxqxTBwID
  76. AQABMA0GCSqGSIb3DQEBBQUAA4GBABS2TLuBeTPmcaTaUW/LCB2NYOy8GMdzR1mx
  77. 8iBIu2H6/E2tiY3RIevV2OW61qY2/XRQg7YPxx3ffeUugX9F4J/iPnnu1zAxxyBy
  78. 2VguKv4SWjRFoRkIfIlHX0qVviMhSlNy2ioFLy7JcPZb+v3ftDGywUqcBiVDoea0
  79. Hn+GmxZA\n-----END CERTIFICATE-----""",
  80. }
  81. ]
  82. state_return = {
  83. "name": name,
  84. "changes": {},
  85. "result": True,
  86. "comment": "No changes made.\n",
  87. }
  88. # with patch.dict(keystore.__opts__, {'test': False}):
  89. with patch.dict(
  90. keystore.__salt__, {"keystore.list": MagicMock(return_value=cert_return)}
  91. ):
  92. with patch.dict(
  93. keystore.__salt__,
  94. {"x509.read_certificate": MagicMock(return_value=x509_return)},
  95. ):
  96. self.assertDictEqual(
  97. keystore.managed(name, passphrase, entries), state_return
  98. )
  99. with patch.dict(keystore.__opts__, {"test": True}):
  100. with patch.dict(
  101. keystore.__salt__,
  102. {"keystore.list": MagicMock(return_value=cert_return)},
  103. ):
  104. with patch.dict(
  105. keystore.__salt__,
  106. {"x509.read_certificate": MagicMock(return_value=x509_return)},
  107. ):
  108. self.assertDictEqual(
  109. keystore.managed(name, passphrase, entries), state_return
  110. )
  111. @patch("os.path.exists", MagicMock(return_value=True))
  112. def test_cert_update(self):
  113. """
  114. Test for existing value_present
  115. """
  116. cert_return = [
  117. {
  118. "valid_until": "August 21 2017",
  119. "sha1": "07:1C:B9:4F:0C:C8:51:4D:02:41:24:70:8E:E8:B2:68:7B:D7:D9:D5",
  120. "valid_start": "August 22 2012",
  121. "type": "TrustedCertEntry",
  122. "alias": "stringhost",
  123. "expired": True,
  124. }
  125. ]
  126. x509_return = {
  127. "Not After": "2017-08-21 05:26:54",
  128. "Subject Hash": "97:95:14:4F",
  129. "Serial Number": "0D:FA",
  130. "SHA1 Finger Print": "07:1C:B9:4F:0C:C8:51:4D:02:41:24:70:8E:E8:B2:68:7B:D7:D9:D6",
  131. "SHA-256 Finger Print": "5F:0F:B5:16:65:81:AA:E6:4A:10:1C:15:83:B1:BE:BE:74:E8:14:A9:1E:7A:8A:14:BA:1E:83:5D:78:F6:E9:E7",
  132. "MD5 Finger Print": "80:E6:17:AF:78:D8:E4:B8:FB:5F:41:3A:27:1D:CC:F2",
  133. "Version": 1,
  134. "Key Size": 512,
  135. "Public Key": "-----BEGIN PUBLIC KEY-----\nMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJv8ZpB5hEK7qxP9K3v43hUS5fGT4waK\ne7ix4Z4mu5UBv+cw7WSFAt0Vaag0sAbsPzU8Hhsrj/qPABvfB8asUwcCAwEAAQ==\n-----END PUBLIC KEY-----\n",
  136. "Issuer": {
  137. "C": "JP",
  138. "organizationName": "Frank4DD",
  139. "CN": "Frank4DD Web CA",
  140. "SP": "Tokyo",
  141. "L": "Chuo-ku",
  142. "emailAddress": "support@frank4dd.com",
  143. "OU": "WebCert Support",
  144. },
  145. "Issuer Hash": "92:DA:45:6B",
  146. "Not Before": "2012-08-22 05:26:54",
  147. "Subject": {
  148. "C": "JP",
  149. "SP": "Tokyo",
  150. "organizationName": "Frank4DD",
  151. "CN": "www.example.com",
  152. },
  153. }
  154. name = "keystore.jks"
  155. passphrase = "changeit"
  156. entries = [
  157. {
  158. "alias": "stringhost",
  159. "certificate": """-----BEGIN CERTIFICATE-----
  160. MIICEjCCAXsCAg36MA0GCSqGSIb3DQEBBQUAMIGbMQswCQYDVQQGEwJKUDEOMAwG
  161. A1UECBMFVG9reW8xEDAOBgNVBAcTB0NodW8ta3UxETAPBgNVBAoTCEZyYW5rNERE
  162. MRgwFgYDVQQLEw9XZWJDZXJ0IFN1cHBvcnQxGDAWBgNVBAMTD0ZyYW5rNEREIFdl
  163. YiBDQTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmcmFuazRkZC5jb20wHhcNMTIw
  164. ODIyMDUyNjU0WhcNMTcwODIxMDUyNjU0WjBKMQswCQYDVQQGEwJKUDEOMAwGA1UE
  165. CAwFVG9reW8xETAPBgNVBAoMCEZyYW5rNEREMRgwFgYDVQQDDA93d3cuZXhhbXBs
  166. ZS5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEAm/xmkHmEQrurE/0re/jeFRLl
  167. 8ZPjBop7uLHhnia7lQG/5zDtZIUC3RVpqDSwBuw/NTweGyuP+o8AG98HxqxTBwID
  168. AQABMA0GCSqGSIb3DQEBBQUAA4GBABS2TLuBeTPmcaTaUW/LCB2NYOy8GMdzR1mx
  169. 8iBIu2H6/E2tiY3RIevV2OW61qY2/XRQg7YPxx3ffeUugX9F4J/iPnnu1zAxxyBy
  170. 2VguKv4SWjRFoRkIfIlHX0qVviMhSlNy2ioFLy7JcPZb+v3ftDGywUqcBiVDoea0
  171. Hn+GmxZA\n-----END CERTIFICATE-----""",
  172. }
  173. ]
  174. test_return = {
  175. "name": name,
  176. "changes": {},
  177. "result": None,
  178. "comment": "Alias stringhost would have been updated\n",
  179. }
  180. state_return = {
  181. "name": name,
  182. "changes": {"stringhost": "Updated"},
  183. "result": True,
  184. "comment": "Alias stringhost updated.\n",
  185. }
  186. with patch.dict(keystore.__opts__, {"test": True}):
  187. with patch.dict(
  188. keystore.__salt__,
  189. {"keystore.list": MagicMock(return_value=cert_return)},
  190. ):
  191. with patch.dict(
  192. keystore.__salt__,
  193. {"x509.read_certificate": MagicMock(return_value=x509_return)},
  194. ):
  195. self.assertDictEqual(
  196. keystore.managed(name, passphrase, entries), test_return
  197. )
  198. with patch.dict(
  199. keystore.__salt__, {"keystore.list": MagicMock(return_value=cert_return)}
  200. ):
  201. with patch.dict(
  202. keystore.__salt__,
  203. {"x509.read_certificate": MagicMock(return_value=x509_return)},
  204. ):
  205. with patch.dict(
  206. keystore.__salt__, {"keystore.remove": MagicMock(return_value=True)}
  207. ):
  208. with patch.dict(
  209. keystore.__salt__,
  210. {"keystore.add": MagicMock(return_value=True)},
  211. ):
  212. self.assertDictEqual(
  213. keystore.managed(name, passphrase, entries), state_return
  214. )
  215. @patch("os.path.exists", MagicMock(return_value=False))
  216. def test_new_file(self):
  217. """
  218. Test for existing value_present
  219. """
  220. name = "keystore.jks"
  221. passphrase = "changeit"
  222. entries = [
  223. {
  224. "alias": "stringhost",
  225. "certificate": """-----BEGIN CERTIFICATE-----
  226. MIICEjCCAXsCAg36MA0GCSqGSIb3DQEBBQUAMIGbMQswCQYDVQQGEwJKUDEOMAwG
  227. A1UECBMFVG9reW8xEDAOBgNVBAcTB0NodW8ta3UxETAPBgNVBAoTCEZyYW5rNERE
  228. MRgwFgYDVQQLEw9XZWJDZXJ0IFN1cHBvcnQxGDAWBgNVBAMTD0ZyYW5rNEREIFdl
  229. YiBDQTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmcmFuazRkZC5jb20wHhcNMTIw
  230. ODIyMDUyNjU0WhcNMTcwODIxMDUyNjU0WjBKMQswCQYDVQQGEwJKUDEOMAwGA1UE
  231. CAwFVG9reW8xETAPBgNVBAoMCEZyYW5rNEREMRgwFgYDVQQDDA93d3cuZXhhbXBs
  232. ZS5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEAm/xmkHmEQrurE/0re/jeFRLl
  233. 8ZPjBop7uLHhnia7lQG/5zDtZIUC3RVpqDSwBuw/NTweGyuP+o8AG98HxqxTBwID
  234. AQABMA0GCSqGSIb3DQEBBQUAA4GBABS2TLuBeTPmcaTaUW/LCB2NYOy8GMdzR1mx
  235. 8iBIu2H6/E2tiY3RIevV2OW61qY2/XRQg7YPxx3ffeUugX9F4J/iPnnu1zAxxyBy
  236. 2VguKv4SWjRFoRkIfIlHX0qVviMhSlNy2ioFLy7JcPZb+v3ftDGywUqcBiVDoea0
  237. Hn+GmxZA\n-----END CERTIFICATE-----""",
  238. }
  239. ]
  240. test_return = {
  241. "name": name,
  242. "changes": {},
  243. "result": None,
  244. "comment": "Alias stringhost would have been added\n",
  245. }
  246. state_return = {
  247. "name": name,
  248. "changes": {"stringhost": "Added"},
  249. "result": True,
  250. "comment": "Alias stringhost added.\n",
  251. }
  252. with patch.dict(keystore.__opts__, {"test": True}):
  253. self.assertDictEqual(
  254. keystore.managed(name, passphrase, entries), test_return
  255. )
  256. with patch.dict(
  257. keystore.__salt__, {"keystore.remove": MagicMock(return_value=True)}
  258. ):
  259. with patch.dict(
  260. keystore.__salt__, {"keystore.add": MagicMock(return_value=True)}
  261. ):
  262. self.assertDictEqual(
  263. keystore.managed(name, passphrase, entries), state_return
  264. )
  265. @patch("os.path.exists", MagicMock(return_value=True))
  266. def test_force_remove(self):
  267. """
  268. Test for existing value_present
  269. """
  270. cert_return = [
  271. {
  272. "valid_until": "August 21 2017",
  273. "sha1": "07:1C:B9:4F:0C:C8:51:4D:02:41:24:70:8E:E8:B2:68:7B:D7:D9:D5",
  274. "valid_start": "August 22 2012",
  275. "type": "TrustedCertEntry",
  276. "alias": "oldhost",
  277. "expired": True,
  278. }
  279. ]
  280. x509_return = {
  281. "Not After": "2017-08-21 05:26:54",
  282. "Subject Hash": "97:95:14:4F",
  283. "Serial Number": "0D:FA",
  284. "SHA1 Finger Print": "07:1C:B9:4F:0C:C8:51:4D:02:41:24:70:8E:E8:B2:68:7B:D7:D9:D6",
  285. "SHA-256 Finger Print": "5F:0F:B5:16:65:81:AA:E6:4A:10:1C:15:83:B1:BE:BE:74:E8:14:A9:1E:7A:8A:14:BA:1E:83:5D:78:F6:E9:E7",
  286. "MD5 Finger Print": "80:E6:17:AF:78:D8:E4:B8:FB:5F:41:3A:27:1D:CC:F2",
  287. "Version": 1,
  288. "Key Size": 512,
  289. "Public Key": "-----BEGIN PUBLIC KEY-----\nMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJv8ZpB5hEK7qxP9K3v43hUS5fGT4waK\ne7ix4Z4mu5UBv+cw7WSFAt0Vaag0sAbsPzU8Hhsrj/qPABvfB8asUwcCAwEAAQ==\n-----END PUBLIC KEY-----\n",
  290. "Issuer": {
  291. "C": "JP",
  292. "organizationName": "Frank4DD",
  293. "CN": "Frank4DD Web CA",
  294. "SP": "Tokyo",
  295. "L": "Chuo-ku",
  296. "emailAddress": "support@frank4dd.com",
  297. "OU": "WebCert Support",
  298. },
  299. "Issuer Hash": "92:DA:45:6B",
  300. "Not Before": "2012-08-22 05:26:54",
  301. "Subject": {
  302. "C": "JP",
  303. "SP": "Tokyo",
  304. "organizationName": "Frank4DD",
  305. "CN": "www.example.com",
  306. },
  307. }
  308. name = "keystore.jks"
  309. passphrase = "changeit"
  310. entries = [
  311. {
  312. "alias": "stringhost",
  313. "certificate": """-----BEGIN CERTIFICATE-----
  314. MIICEjCCAXsCAg36MA0GCSqGSIb3DQEBBQUAMIGbMQswCQYDVQQGEwJKUDEOMAwG
  315. A1UECBMFVG9reW8xEDAOBgNVBAcTB0NodW8ta3UxETAPBgNVBAoTCEZyYW5rNERE
  316. MRgwFgYDVQQLEw9XZWJDZXJ0IFN1cHBvcnQxGDAWBgNVBAMTD0ZyYW5rNEREIFdl
  317. YiBDQTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmcmFuazRkZC5jb20wHhcNMTIw
  318. ODIyMDUyNjU0WhcNMTcwODIxMDUyNjU0WjBKMQswCQYDVQQGEwJKUDEOMAwGA1UE
  319. CAwFVG9reW8xETAPBgNVBAoMCEZyYW5rNEREMRgwFgYDVQQDDA93d3cuZXhhbXBs
  320. ZS5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEAm/xmkHmEQrurE/0re/jeFRLl
  321. 8ZPjBop7uLHhnia7lQG/5zDtZIUC3RVpqDSwBuw/NTweGyuP+o8AG98HxqxTBwID
  322. AQABMA0GCSqGSIb3DQEBBQUAA4GBABS2TLuBeTPmcaTaUW/LCB2NYOy8GMdzR1mx
  323. 8iBIu2H6/E2tiY3RIevV2OW61qY2/XRQg7YPxx3ffeUugX9F4J/iPnnu1zAxxyBy
  324. 2VguKv4SWjRFoRkIfIlHX0qVviMhSlNy2ioFLy7JcPZb+v3ftDGywUqcBiVDoea0
  325. Hn+GmxZA\n-----END CERTIFICATE-----""",
  326. }
  327. ]
  328. test_return = {
  329. "name": name,
  330. "changes": {},
  331. "result": None,
  332. "comment": "Alias stringhost would have been updated\nAlias oldhost would have been removed",
  333. }
  334. state_return = {
  335. "name": name,
  336. "changes": {"oldhost": "Removed", "stringhost": "Updated"},
  337. "result": True,
  338. "comment": "Alias stringhost updated.\nAlias oldhost removed.\n",
  339. }
  340. with patch.dict(keystore.__opts__, {"test": True}):
  341. with patch.dict(
  342. keystore.__salt__,
  343. {"keystore.list": MagicMock(return_value=cert_return)},
  344. ):
  345. with patch.dict(
  346. keystore.__salt__,
  347. {"x509.read_certificate": MagicMock(return_value=x509_return)},
  348. ):
  349. self.assertDictEqual(
  350. keystore.managed(name, passphrase, entries, force_remove=True),
  351. test_return,
  352. )
  353. with patch.dict(
  354. keystore.__salt__, {"keystore.list": MagicMock(return_value=cert_return)}
  355. ):
  356. with patch.dict(
  357. keystore.__salt__,
  358. {"x509.read_certificate": MagicMock(return_value=x509_return)},
  359. ):
  360. with patch.dict(
  361. keystore.__salt__, {"keystore.remove": MagicMock(return_value=True)}
  362. ):
  363. with patch.dict(
  364. keystore.__salt__,
  365. {"keystore.add": MagicMock(return_value=True)},
  366. ):
  367. self.assertDictEqual(
  368. keystore.managed(
  369. name, passphrase, entries, force_remove=True
  370. ),
  371. state_return,
  372. )