]>
git.proxmox.com Git - ceph.git/blob - ceph/src/pybind/mgr/tests/test_tls.py
1 from mgr_util
import create_self_signed_cert
, verify_tls
, ServerConfigException
2 from OpenSSL
import crypto
, SSL
7 class TLSchecks(unittest
.TestCase
):
9 def test_defaults(self
):
10 crt
, key
= create_self_signed_cert()
13 def test_specific_dname(self
):
14 crt
, key
= create_self_signed_cert(dname
={'O': 'Ceph', 'OU': 'testsuite'})
17 def test_invalid_RDN(self
):
18 self
.assertRaises(ValueError, create_self_signed_cert
, dname
={'O': 'Ceph', 'Bogus': 'testsuite'})
20 def test_invalid_key(self
):
21 crt
, key
= create_self_signed_cert()
23 # fudge the key, to force an error to be detected during verify_tls
24 fudged
= f
"{key[:-35]}c0ffee==\n{key[-25:]}".encode('utf-8')
25 self
.assertRaises(ServerConfigException
, verify_tls
, crt
, fudged
)
27 def test_mismatched_tls(self
):
28 crt
, _
= create_self_signed_cert()
30 # generate another key
31 new_key
= crypto
.PKey()
32 new_key
.generate_key(crypto
.TYPE_RSA
, 2048)
33 new_key
= crypto
.dump_privatekey(crypto
.FILETYPE_PEM
, new_key
).decode('utf-8')
35 self
.assertRaises(SSL
.Error
, verify_tls
, crt
, new_key
)