ceph/src/pybind/mgr/tests/test_tls.py

   1 from mgr_util import create_self_signed_cert, verify_tls, ServerConfigException
   2 from OpenSSL import crypto, SSL
   3
   4 import unittest
   5
   6
   7 class TLSchecks(unittest.TestCase):
   8
   9     def test_defaults(self):
  10         crt, key = create_self_signed_cert()
  11         verify_tls(crt, key)
  12
  13     def test_specific_dname(self):
  14         crt, key = create_self_signed_cert(dname={'O': 'Ceph', 'OU': 'testsuite'})
  15         verify_tls(crt, key)
  16
  17     def test_invalid_RDN(self):
  18         self.assertRaises(ValueError, create_self_signed_cert, dname={'O': 'Ceph', 'Bogus': 'testsuite'})
  19
  20     def test_invalid_key(self):
  21         crt, key = create_self_signed_cert()
  22
  23         # fudge the key, to force an error to be detected during verify_tls
  24         fudged = f"{key[:-35]}c0ffee==\n{key[-25:]}".encode('utf-8')
  25         self.assertRaises(ServerConfigException, verify_tls, crt, fudged)
  26
  27     def test_mismatched_tls(self):
  28         crt, _ = create_self_signed_cert()
  29
  30         # generate another key
  31         new_key = crypto.PKey()
  32         new_key.generate_key(crypto.TYPE_RSA, 2048)
  33         new_key = crypto.dump_privatekey(crypto.FILETYPE_PEM, new_key).decode('utf-8')
  34
  35         self.assertRaises(SSL.Error, verify_tls, crt, new_key)