github.com/chasestarr/deis@v1.13.5-0.20170519182049-1d9e59fbdbfc/controller/api/tests/test_certificate.py (about) 1 from __future__ import unicode_literals 2 3 import json 4 5 from django.contrib.auth.models import User 6 from django.test import TestCase 7 from rest_framework.authtoken.models import Token 8 9 from api.models import App, Certificate 10 11 12 class CertificateTest(TestCase): 13 14 """Tests creation of domain SSL certificates""" 15 16 fixtures = ['tests.json'] 17 18 def setUp(self): 19 self.user = User.objects.get(username='autotest') 20 self.token = Token.objects.get(user=self.user).key 21 self.user2 = User.objects.get(username='autotest2') 22 self.token2 = Token.objects.get(user=self.user).key 23 self.url = '/v1/certs' 24 self.app = App.objects.create(owner=self.user, id='test-app') 25 self.key = """-----BEGIN RSA PRIVATE KEY----- 26 MIIEogIBAAKCAQEAwyLIwjpUQkAmh/z6JvQMAtvNu/dBuCt+R8cnQMEw4VglglMw 27 YKAm2ZXA03LYWk5EO52YaDZKPAqjng+m4k+B0ble5XG4vFRTlBhln0cR3UAYlm7Z 28 tZp/6JR1STwph+9520DUsndPTOO3ApcMMuap5yLRYApHfOwbyoiaCCUuaE/XyZn6 29 FN/9Zj1V1IMcdu8//HtM2vbDkZ5yJbUzDSqUInHXZUp7OF+kUKwem0CN+SGk20ue 30 AQ3Loxg9RWcXwA8keZ1StQsNzmRzQTP/XGEvaTrJKgBkk9GHnxmC00L9q+zb0BaH 31 aZ5KXCKbwf0mCqOZngHuKTvKpD62TvPz46xE4wIDAQABAoIBABr5HO0UKP97ZJgZ 32 lO57f4mJnpej5vaxNGRxl/Bwg/QyPgUUwLQqjxQ2ig/waQ2akf33m9CT6JECG3nG 33 yhewS86UpBRtMs79jQwEj0+EAGkn6f4pVniu4Y1hsBCue0MqDBsNjBkbOt/y/iIi 34 hPIoRkYH3w86fIU9Ed5eIYSMtyx91wpGBwwpCh4ztfQ5jbBMZ0F5J+EnvzC41x2K 35 1o0bN6pr51epQBuyHz3SNAX0ce67f0jLhPSDl76nzsQsHem7rTPY4ZFTsRZE7lW0 36 lSA0S0z/sGpdoo1g0qvzg6T73/x8g0pdtf0N2ckbbafMvX1lba86Su9/KDRpS0RK 37 dymBkFkCgYEA6VQfKG2lZ1vEPq5JUQ8be1KbqzSEfvyqXd3Cb7iFcVVP3kNCRk6m 38 O04NJYUxDuF1LpWemGt5UCUUdLxcGFTYDW6gAKyfTuve87PPVvuHNsnJcJWW77aV 39 +yDhXgYUy9fCLMxtZwTwCCrqXEUtSgK5hvlwa8bYL/dE7YGhOa2ap/8CgYEA1hil 40 ezP8REe+Z+M8tSt2hoZsxrBuso2pZRAxuMqiO0/trA3d0w2M51vSm1/NxM2JpW2y 41 SPtE9CbngyGeHNdC/SvEkHOZxKacimoD2LUjAcVA+5r+shK+ssMqnniy9Qh13AGg 42 Pj3ba9j10T3zzAhItefpIu5E+swhqs1xmhTQwx0CgYBYVzY4y1K9kFv702cE3rBr 43 /7nal1a28ZjbUzPjsrwrTb6gi1yTXAHKIGIP257YYHpKefGDCeXzdyaIkCxaNf1b 44 EJBZ0QG8EsfmAyU0bKUkFEBFdQ2hksK0Qx2wyKKlDvqAlaGySIdMwFrdNn/QLrnp 45 pZVv6Og/OOKK/fJ58QXGJwKBgDOsmzRTZc3tKw3UEPEBXog1pceHChDalEoqUHXz 46 opiCQDFI34NzP9EPnpOV2gpoOZLOGTv4ObpcMYC6+ninlCmbCMR8wl5ugFYAJJGH 47 lr10qKyRymucjp6C8KRzKW5u7lN9qPmc4Hr1UM+CDnfuf+433VNrAwctgerBz2uL 48 HqAZAoGAYbrDiueIFxHDrkCkefSyAn4Wlo6KhPSUiSqvM9k5gBWZedcvJrjbvCmW 49 K1NefGc57cAb906Lwa3MpUmKEA5IYTGsO87iAFnDMcuu+w6RwiwV/DNY8xB6dtuz 50 r8G+so0UVAch6q1OBBSBaKC1Vn3fzT72zvS7/e5BZ0p5KrqCIZg= 51 -----END RSA PRIVATE KEY-----""" 52 self.autotest_example_com_cert = """-----BEGIN CERTIFICATE----- 53 MIID3jCCAsYCCQDg75CmAL+avjANBgkqhkiG9w0BAQUFADCBsDELMAkGA1UEBhMC 54 Q0ExGTAXBgNVBAgTEEJyaXRpc2gtQ29sdW1iaWExEjAQBgNVBAcTCVZhbmNvdXZl 55 cjEtMCsGA1UEChMkRmlzaHdvcmtzIERldmVsb3BtZW50IGFuZCBDb25zdWx0aW5n 56 MR0wGwYDVQQDExRhdXRvdGVzdC5leGFtcGxlLmNvbTEkMCIGCSqGSIb3DQEJARYV 57 bWF0dGhld2ZAZmlzaHdvcmtzLmlvMB4XDTE1MDMwNjE3MTQyN1oXDTE2MDMwNTE3 58 MTQyN1owgbAxCzAJBgNVBAYTAkNBMRkwFwYDVQQIExBCcml0aXNoLUNvbHVtYmlh 59 MRIwEAYDVQQHEwlWYW5jb3V2ZXIxLTArBgNVBAoTJEZpc2h3b3JrcyBEZXZlbG9w 60 bWVudCBhbmQgQ29uc3VsdGluZzEdMBsGA1UEAxMUYXV0b3Rlc3QuZXhhbXBsZS5j 61 b20xJDAiBgkqhkiG9w0BCQEWFW1hdHRoZXdmQGZpc2h3b3Jrcy5pbzCCASIwDQYJ 62 KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMMiyMI6VEJAJof8+ib0DALbzbv3Qbgr 63 fkfHJ0DBMOFYJYJTMGCgJtmVwNNy2FpORDudmGg2SjwKo54PpuJPgdG5XuVxuLxU 64 U5QYZZ9HEd1AGJZu2bWaf+iUdUk8KYfvedtA1LJ3T0zjtwKXDDLmqeci0WAKR3zs 65 G8qImgglLmhP18mZ+hTf/WY9VdSDHHbvP/x7TNr2w5GeciW1Mw0qlCJx12VKezhf 66 pFCsHptAjfkhpNtLngENy6MYPUVnF8APJHmdUrULDc5kc0Ez/1xhL2k6ySoAZJPR 67 h58ZgtNC/avs29AWh2meSlwim8H9JgqjmZ4B7ik7yqQ+tk7z8+OsROMCAwEAATAN 68 BgkqhkiG9w0BAQUFAAOCAQEAwYpXB8z4aOBedyHikbtVjDs1k0LEtWRAX/RXQY4I 69 BAYTnO+eGs/p7o+e3LGrIt/pX8kJ0RgD7TLITUJCZ69KkG9GzZaJ/CgQgqEa4Goh 70 JCI5u5a5nkTE6zZgAkkvpbA3Mj6WXGkGk7QEiO1e6e3y0jIBhDo1piD+DIppMWwM 71 OI0/r46FDlPHnm+y7UmTx+GZB4RAxnFaJE5L76w63oIPaRc/zkhS49AYiSmlawxj 72 thejiQz0ThCMBw7QMpVOiSvYAlQG0ATsRYwdTDqENIWKlerOLCSuxmbqe8XeDKhq 73 0ExzRJX9L9CjFIx9k+fIebIJWdv4Y4YUEtbLVmkKeghVJA== 74 -----END CERTIFICATE-----""" 75 76 def test_create_certificate_with_domain(self): 77 """Tests creating a certificate.""" 78 body = {'certificate': self.autotest_example_com_cert, 'key': self.key} 79 response = self.client.post(self.url, json.dumps(body), content_type='application/json', 80 HTTP_AUTHORIZATION='token {}'.format(self.token)) 81 self.assertEqual(response.status_code, 201) 82 83 def test_create_wildcard_certificate(self): 84 """Tests creating a wildcard certificate, which should be disabled.""" 85 body = {'certificate': self.autotest_example_com_cert, 86 'key': self.key, 87 'common_name': '*.example.com'} 88 response = self.client.post(self.url, json.dumps(body), content_type='application/json', 89 HTTP_AUTHORIZATION='token {}'.format(self.token)) 90 self.assertEqual(response.status_code, 400) 91 self.assertEqual(json.loads(response.content), 92 {'common_name': ['Wildcard certificates are not supported']}) 93 94 def test_create_certificate_with_different_common_name(self): 95 """ 96 In some cases such as with SAN certificates, the certificate can cover more 97 than a single domain. In that case, we want to be able to specify the common 98 name for the certificate/key. 99 """ 100 body = {'certificate': self.autotest_example_com_cert, 101 'key': self.key, 102 'common_name': 'foo.example.com'} 103 response = self.client.post(self.url, json.dumps(body), content_type='application/json', 104 HTTP_AUTHORIZATION='token {}'.format(self.token)) 105 self.assertEqual(response.status_code, 201) 106 self.assertEqual(response.data['common_name'], 'foo.example.com') 107 108 def test_get_certificate_screens_data(self): 109 """ 110 When a user retrieves a certificate, only the common name and expiry date should be 111 displayed. 112 """ 113 body = {'certificate': self.autotest_example_com_cert, 'key': self.key} 114 self.client.post(self.url, json.dumps(body), content_type='application/json', 115 HTTP_AUTHORIZATION='token {}'.format(self.token)) 116 response = self.client.get('{}/{}'.format(self.url, 'autotest.example.com'), 117 HTTP_AUTHORIZATION='token {}'.format(self.token)) 118 expected = {'common_name': 'autotest.example.com', 119 'expires': '2016-03-05T17:14:27UTC'} 120 for key, value in expected.items(): 121 self.assertEqual(response.data[key], value) 122 123 def test_certficate_denied_requests(self): 124 """Disallow put/patch requests""" 125 response = self.client.put(self.url, HTTP_AUTHORIZATION='token {}'.format(self.token)) 126 self.assertEqual(response.status_code, 405) 127 response = self.client.patch(self.url, HTTP_AUTHORIZATION='token {}'.format(self.token)) 128 self.assertEqual(response.status_code, 405) 129 130 def test_delete_certificate(self): 131 """Destroying a certificate should generate a 204 response""" 132 Certificate.objects.create(owner=self.user, 133 common_name='autotest.example.com', 134 certificate=self.autotest_example_com_cert) 135 url = '/v1/certs/autotest.example.com' 136 response = self.client.delete(url, HTTP_AUTHORIZATION='token {}'.format(self.token)) 137 self.assertEqual(response.status_code, 204) 138 # deleting a wildcard cert should work too (even though they're unsupported right now) 139 # https://github.com/deis/deis/issues/3533 140 Certificate.objects.create(owner=self.user, 141 common_name='*.example.com', 142 certificate=self.autotest_example_com_cert) 143 url = '/v1/certs/*.example.com' 144 response = self.client.delete(url, HTTP_AUTHORIZATION='token {}'.format(self.token)) 145 self.assertEqual(response.status_code, 204)