Commit 62978dd3 authored by Łukasz Nowak's avatar Łukasz Nowak

check_certificate: Support certificate only configuration

parent de8c7232
...@@ -16,7 +16,7 @@ class RunPromise(GenericPromise): ...@@ -16,7 +16,7 @@ class RunPromise(GenericPromise):
""" """
certificate_file = self.getConfig('certificate') certificate_file = self.getConfig('certificate')
key_file = self.getConfig('key') key_file = self.getConfig('key', None)
try: try:
certificate_expiration_days = int( certificate_expiration_days = int(
...@@ -36,22 +36,6 @@ class RunPromise(GenericPromise): ...@@ -36,22 +36,6 @@ class RunPromise(GenericPromise):
certificate_file, e)) certificate_file, e))
return return
try:
with open(key_file, 'r') as fh:
key = serialization.load_pem_private_key(
str2bytes(fh.read()), None, default_backend())
except Exception as e:
self.logger.error(
'ERROR Problem loading key %r, error: %s' % (key_file, e))
return
if certificate.public_key().public_numbers() != \
key.public_key().public_numbers():
self.logger.error(
'ERROR Certificate %r does not match key %r' % (
certificate_file, key_file))
return
if certificate.not_valid_after - datetime.timedelta( if certificate.not_valid_after - datetime.timedelta(
days=certificate_expiration_days) < datetime.datetime.utcnow(): days=certificate_expiration_days) < datetime.datetime.utcnow():
self.logger.error( self.logger.error(
...@@ -59,5 +43,26 @@ class RunPromise(GenericPromise): ...@@ -59,5 +43,26 @@ class RunPromise(GenericPromise):
certificate_file, certificate_expiration_days)) certificate_file, certificate_expiration_days))
return return
self.logger.info( if key_file is not None:
'OK Certificate %r and key %r are ok' % (certificate_file, key_file)) try:
with open(key_file, 'r') as fh:
key = serialization.load_pem_private_key(
str2bytes(fh.read()), None, default_backend())
except Exception as e:
self.logger.error(
'ERROR Problem loading key %r, error: %s' % (key_file, e))
return
if certificate.public_key().public_numbers() != \
key.public_key().public_numbers():
self.logger.error(
'ERROR Certificate %r does not match key %r' % (
certificate_file, key_file))
return
if key_file:
self.logger.info(
'OK Certificate %r and key %r are ok' % (certificate_file, key_file))
else:
self.logger.info(
'OK Certificate %r is ok, no key provided' % (certificate_file,))
...@@ -146,6 +146,19 @@ class TestCheckCertificate(TestPromisePluginMixin): ...@@ -146,6 +146,19 @@ class TestCheckCertificate(TestPromisePluginMixin):
self.certificate_path, self.key_path) self.certificate_path, self.key_path)
) )
def test_no_key_provided(self):
self.createKeyCertificate()
self.writePromise({
'certificate': self.certificate_path,
})
self.configureLauncher()
self.launcher.run()
self.assertPassedMessage(
self.getPromiseResult(self.promise_name),
"OK Certificate '%s' is ok, no key provided" % (
self.certificate_path,)
)
def test_no_key(self): def test_no_key(self):
self.createKeyCertificate() self.createKeyCertificate()
nokey_path = os.path.join(self.tempdir, 'nokey.pem') nokey_path = os.path.join(self.tempdir, 'nokey.pem')
...@@ -206,6 +219,20 @@ class TestCheckCertificate(TestPromisePluginMixin): ...@@ -206,6 +219,20 @@ class TestCheckCertificate(TestPromisePluginMixin):
self.certificate_path,) self.certificate_path,)
) )
def test_expires_no_key(self):
self.createKeyCertificate(days=5)
self.writePromise({
'certificate': self.certificate_path,
})
self.configureLauncher()
with self.assertRaises(PromiseError):
self.launcher.run()
self.assertFailedMessage(
self.getPromiseResult(self.promise_name),
"ERROR Certificate '%s' will expire in less than 15 days" % (
self.certificate_path,)
)
def test_expires_custom(self): def test_expires_custom(self):
self.createKeyCertificate(days=19) self.createKeyCertificate(days=19)
self.writePromise({ self.writePromise({
...@@ -222,6 +249,21 @@ class TestCheckCertificate(TestPromisePluginMixin): ...@@ -222,6 +249,21 @@ class TestCheckCertificate(TestPromisePluginMixin):
self.certificate_path,) self.certificate_path,)
) )
def test_expires_custom_no_key(self):
self.createKeyCertificate(days=19)
self.writePromise({
'certificate': self.certificate_path,
'certificate-expiration-days': '20'
})
self.configureLauncher()
with self.assertRaises(PromiseError):
self.launcher.run()
self.assertFailedMessage(
self.getPromiseResult(self.promise_name),
"ERROR Certificate '%s' will expire in less than 20 days" % (
self.certificate_path,)
)
def test_expires_bad_value(self): def test_expires_bad_value(self):
self.createKeyCertificate(days=14) self.createKeyCertificate(days=14)
self.writePromise({ self.writePromise({
...@@ -237,6 +279,20 @@ class TestCheckCertificate(TestPromisePluginMixin): ...@@ -237,6 +279,20 @@ class TestCheckCertificate(TestPromisePluginMixin):
"ERROR certificate-expiration-days is wrong: 'bad'" "ERROR certificate-expiration-days is wrong: 'bad'"
) )
def test_expires_bad_value_no_key(self):
self.createKeyCertificate(days=14)
self.writePromise({
'certificate': self.certificate_path,
'certificate-expiration-days': 'bad'
})
self.configureLauncher()
with self.assertRaises(PromiseError):
self.launcher.run()
self.assertFailedMessage(
self.getPromiseResult(self.promise_name),
"ERROR certificate-expiration-days is wrong: 'bad'"
)
class TestCheckCertificateSameFile(TestCheckCertificate): class TestCheckCertificateSameFile(TestCheckCertificate):
same_file = True same_file = True
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment