Skip to content

Commit dbd5778

Browse files
tedhtchangtedhtchang
committed
Add more cert test cases
1 parent 2a46674 commit dbd5778

File tree

1 file changed

+35
-2
lines changed

1 file changed

+35
-2
lines changed

Diff for: tests/unit_test.py

+35-2
Original file line numberDiff line numberDiff line change
@@ -1986,25 +1986,58 @@ def test_AWManager_submit_remove(mocker, capsys):
19861986
assert testaw.submitted == False
19871987

19881988

1989+
from cryptography.x509 import load_pem_x509_certificate
1990+
import base64
1991+
from cryptography.hazmat.primitives.serialization import (
1992+
load_pem_private_key,
1993+
Encoding,
1994+
PublicFormat,
1995+
)
1996+
1997+
19891998
def test_generate_ca_cert():
19901999
"""
19912000
test the function codeflare_sdk.utils.generate_ca_cert generates the correct outputs
19922001
"""
19932002
key, certificate = generate_ca_cert()
2003+
cert = load_pem_x509_certificate(base64.b64decode(certificate))
2004+
private_pub_key_bytes = (
2005+
load_pem_private_key(base64.b64decode(key), password=None)
2006+
.public_key()
2007+
.public_bytes(Encoding.PEM, PublicFormat.SubjectPublicKeyInfo)
2008+
)
2009+
cert_pub_key_bytes = cert.public_key().public_bytes(
2010+
Encoding.PEM, PublicFormat.SubjectPublicKeyInfo
2011+
)
19942012
assert type(key) == str
19952013
assert type(certificate) == str
2014+
# Veirfy ca.cert is self signed
2015+
assert cert.verify_directly_issued_by(cert) == None
2016+
# Verify cert has the public key bytes from the private key
2017+
assert cert_pub_key_bytes == private_pub_key_bytes
19962018

19972019

19982020
def test_generate_tls_cert(mocker):
19992021
"""
20002022
test the function codeflare_sdk.utils.generate_ca_cert generates the correct outputs
20012023
"""
2002-
ca_private_key_bytes, _ = generate_ca_cert()
2003-
2024+
ca_private_key_bytes, ca_cert = generate_ca_cert()
20042025
mocker.patch("openshift.invoke", return_value=openshift.Result("fake"))
20052026
mocker.patch("openshift.Result.out", return_value=ca_private_key_bytes)
20062027
generate_tls_cert("cluster", "namespace")
2028+
with open(os.path.join("tls-cluster-namespace", "ca.crt"), "w") as f:
2029+
f.write(base64.b64decode(ca_cert).decode("utf-8"))
2030+
# verify the required files exist
20072031
assert os.path.exists("tls-cluster-namespace")
2032+
assert os.path.exists(os.path.join("tls-cluster-namespace", "ca.crt"))
2033+
assert os.path.exists(os.path.join("tls-cluster-namespace", "tls.crt"))
2034+
assert os.path.exists(os.path.join("tls-cluster-namespace", "tls.key"))
2035+
2036+
# verify the that the signed tls.crt is issued by the ca_cert (root cert)
2037+
with open(os.path.join("tls-cluster-namespace", "tls.crt"), "r") as f:
2038+
tls_cert = load_pem_x509_certificate(f.read().encode("utf-8"))
2039+
root_cert = load_pem_x509_certificate(base64.b64decode(ca_cert))
2040+
assert tls_cert.verify_directly_issued_by(root_cert) == None
20082041

20092042

20102043
def test_export_env():

0 commit comments

Comments
 (0)