diff --git a/docs/developer/plugins/index.rst b/docs/developer/plugins/index.rst index 6bfbd205..3168c21e 100644 --- a/docs/developer/plugins/index.rst +++ b/docs/developer/plugins/index.rst @@ -77,6 +77,7 @@ The `IssuerPlugin` interface only required that you implement one function:: def create_certificate(self, options): # requests.get('a third party') + Lemur will pass a dictionary of all possible options for certificate creation. Optionally the `IssuerPlugin` exposes another function for authority create:: @@ -84,7 +85,13 @@ Optionally the `IssuerPlugin` exposes another function for authority create:: def create_authority(self, options): # request.get('a third party') -If implemented this function will be used to allow users to create external Certificate Authorities. + +If implemented this function will be used to allow users to create external Certificate Authorities. From this function +you are expected to return the ROOT certificate authority, any intermediates that Authority might provide and any roles +you wish to be associated with this authority. + +.. Note:: You do not need to associate roles to the authority at creation time as they can always be associated after the +fact. Testing @@ -158,3 +165,5 @@ Running tests follows the py.test standard. As long as your test files and metho =========================== 1 passed in 0.35 seconds ============================ +.. SeeAlso:: Lemur bundles several plugins that use the same interfaces mentioned above. View the source: #TODO + diff --git a/lemur/__init__.py b/lemur/__init__.py index 39432438..aada8abe 100644 --- a/lemur/__init__.py +++ b/lemur/__init__.py @@ -8,8 +8,6 @@ """ -from flask import jsonify - from lemur import factory from lemur.users.views import mod as users_bp diff --git a/lemur/auth/views.py b/lemur/auth/views.py index 06e77f77..fd7255ca 100644 --- a/lemur/auth/views.py +++ b/lemur/auth/views.py @@ -14,8 +14,6 @@ from flask import g, Blueprint, current_app, abort from flask.ext.restful import reqparse, Resource, Api from flask.ext.principal import Identity, identity_changed -from lemur.common.crypto import unlock - from lemur.auth.permissions import admin_permission from lemur.users import service as user_service from lemur.roles import service as role_service @@ -234,24 +232,7 @@ class Ping(Resource): return dict(token=create_token(user)) -class Unlock(AuthenticatedResource): - def __init__(self): - self.reqparse = reqparse.RequestParser() - super(Unlock, self).__init__() - - @admin_permission.require(http_exception=403) - def post(self): - self.reqparse.add_argument('password', type=str, required=True, location='json') - args = self.reqparse.parse_args() - unlock(args['password']) - return { - "message": "You have successfully unlocked this Lemur instance", - "type": "success" - } - - api.add_resource(Login, '/auth/login', endpoint='login') api.add_resource(Ping, '/auth/ping', endpoint='ping') -api.add_resource(Unlock, '/auth/unlock', endpoint='unlock') diff --git a/lemur/certificates/service.py b/lemur/certificates/service.py index 7c3bc9af..fb52a812 100644 --- a/lemur/certificates/service.py +++ b/lemur/certificates/service.py @@ -5,13 +5,9 @@ :license: Apache, see LICENSE for more details. .. moduleauthor:: Kevin Glisson """ -import os import arrow import string import random -import hashlib -import datetime -import subprocess from sqlalchemy import func, or_ from flask import g, current_app @@ -20,8 +16,6 @@ from lemur import database from lemur.common.services.aws import iam from lemur.plugins.base import plugins from lemur.certificates.models import Certificate -from lemur.certificates.exceptions import UnableToCreateCSR, \ - UnableToCreatePrivateKey, MissingFiles from lemur.accounts.models import Account from lemur.accounts import service as account_service @@ -29,6 +23,12 @@ from lemur.authorities.models import Authority from lemur.roles.models import Role +from cryptography import x509 +from cryptography.hazmat.backends import default_backend +from cryptography.hazmat.primitives import hashes, serialization +from cryptography.hazmat.primitives.asymmetric import rsa + + def get(cert_id): """ @@ -127,23 +127,17 @@ def mint(issuer_options): authority = issuer_options['authority'] issuer = plugins.get(authority.plugin_name) - # NOTE if we wanted to support more issuers it might make sense to - # push CSR creation down to the plugin - path = create_csr(issuer.get_csr_config(issuer_options)) - challenge, csr, csr_config, private_key = load_ssl_pack(path) - issuer_options['challenge'] = challenge + csr, private_key = create_csr(issuer_options) + + issuer_options['challenge'] = create_challenge() issuer_options['creator'] = g.user.email cert_body, cert_chain = issuer.create_certificate(csr, issuer_options) - cert = save_cert(cert_body, private_key, cert_chain, challenge, csr_config, issuer_options.get('accounts')) + cert = save_cert(cert_body, private_key, cert_chain, issuer_options.get('accounts')) cert.user = g.user cert.authority = authority database.update(cert) - - # securely delete pack after saving it to RDS and IAM (if applicable) - delete_ssl_pack(path) - return cert, private_key, cert_chain, @@ -151,7 +145,7 @@ def import_certificate(**kwargs): """ Uploads already minted certificates and pulls the required information into Lemur. - This is to be used for certificates that are reated outside of Lemur but + This is to be used for certificates that are created outside of Lemur but should still be tracked. Internally this is used to bootstrap Lemur with external @@ -188,7 +182,7 @@ def save_cert(cert_body, private_key, cert_chain, challenge, csr_config, account :param cert_chain: :param challenge: :param csr_config: - :param account_ids: + :param accounts: """ cert = Certificate(cert_body, private_key, challenge, cert_chain, csr_config) # if we have an AWS accounts lets upload them @@ -301,94 +295,91 @@ def create_csr(csr_config): :param csr_config: """ + private_key = rsa.generate_private_key( + public_exponent=65537, + key_size=2048, + backend=default_backend() + ) - # we create a no colliding file name - path = create_path(hashlib.md5(csr_config).hexdigest()) + builder = x509.CertificateSigningRequestBuilder() + builder = builder.subject_name(x509.Name([ + x509.NameAttribute(x509.OID_COMMON_NAME, csr_config['commonName']), + x509.NameAttribute(x509.OID_ORGANIZATION_NAME, csr_config['organization']), + x509.NameAttribute(x509.OID_ORGANIZATIONAL_UNIT_NAME, csr_config['organizationalUnit']), + x509.NameAttribute(x509.OID_COUNTRY_NAME, csr_config['country']), + x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, csr_config['state']), + x509.NameAttribute(x509.OID_LOCALITY_NAME, csr_config['location']) + ])) - challenge = create_challenge() - challenge_path = os.path.join(path, 'challenge.txt') + builder = builder.add_extension( + x509.BasicConstraints(ca=False, path_length=None), critical=True, + ) - with open(challenge_path, 'w') as c: - c.write(challenge) + #for k, v in csr_config.get('extensions', {}).items(): + # if k == 'subAltNames': + # builder = builder.add_extension( + # x509.SubjectAlternativeName([x509.DNSName(n) for n in v]), critical=True, + # ) - csr_path = os.path.join(path, 'csr_config.txt') + # TODO support more CSR options, none of the authorities support these atm + # builder.add_extension( + # x509.KeyUsage( + # digital_signature=digital_signature, + # content_commitment=content_commitment, + # key_encipherment=key_enipherment, + # data_encipherment=data_encipherment, + # key_agreement=key_agreement, + # key_cert_sign=key_cert_sign, + # crl_sign=crl_sign, + # encipher_only=enchipher_only, + # decipher_only=decipher_only + # ), critical=True + # ) + # + # # we must maintain our own list of OIDs here + # builder.add_extension( + # x509.ExtendedKeyUsage( + # server_authentication=server_authentication, + # email= + # ) + # ) + # + # builder.add_extension( + # x509.AuthorityInformationAccess() + # ) + # + # builder.add_extension( + # x509.AuthorityKeyIdentifier() + # ) + # + # builder.add_extension( + # x509.SubjectKeyIdentifier() + # ) + # + # builder.add_extension( + # x509.CRLDistributionPoints() + # ) + # + # builder.add_extension( + # x509.ObjectIdentifier(oid) + # ) - with open(csr_path, 'w') as f: - f.write(csr_config) + request = builder.sign( + private_key, hashes.SHA256(), default_backend() + ) - #TODO use cloudCA to seed a -rand file for each call - #TODO replace openssl shell calls with cryptograph - with open('/dev/null', 'w') as devnull: - code = subprocess.call(['openssl', 'genrsa', - '-out', os.path.join(path, 'private.key'), '2048'], - stdout=devnull, stderr=devnull) + # serialize our private key and CSR + pem = private_key.private_bytes( + encoding=serialization.Encoding.PEM, + format=serialization.PrivateFormat.PKCS8, + encryption_algorithm=serialization.NoEncryption() + ) - if code != 0: - raise UnableToCreatePrivateKey(code) - - with open('/dev/null', 'w') as devnull: - code = subprocess.call(['openssl', 'req', '-new', '-sha256', '-nodes', - '-config', csr_path, "-key", os.path.join(path, 'private.key'), - "-out", os.path.join(path, 'request.csr')], stdout=devnull, stderr=devnull) - - if code != 0: - raise UnableToCreateCSR(code) - - return path - - -def create_path(domain_hash): - """ - - :param domain_hash: - :return: - """ - path = os.path.join('/tmp', domain_hash) - - try: - os.mkdir(path) - except OSError as e: - now = datetime.datetime.now() - path = os.path.join('/tmp', "{}.{}".format(domain_hash, now.strftime('%s'))) - os.mkdir(path) - current_app.logger.warning(e) - - current_app.logger.debug("Writing ssl files to: {}".format(path)) - return path - - -def load_ssl_pack(path): - """ - Loads the information created by openssl to be used by other functions. - - :param path: - """ - if len(os.listdir(path)) != 4: - raise MissingFiles(path) - - with open(os.path.join(path, 'challenge.txt')) as c: - challenge = c.read() - - with open(os.path.join(path, 'request.csr')) as r: - csr = r.read() - - with open(os.path.join(path, 'csr_config.txt')) as config: - csr_config = config.read() - - with open(os.path.join(path, 'private.key')) as key: - private_key = key.read() - - return (challenge, csr, csr_config, private_key,) - - -def delete_ssl_pack(path): - """ - Removes the temporary files associated with CSR creation. - - :param path: - """ - subprocess.check_call(['srm', '-r', path]) + csr = request.public_bytes( + encoding=serialization.Encoding.PEM + ) + return csr, pem def create_challenge(): """ diff --git a/lemur/common/crypto.py b/lemur/common/crypto.py deleted file mode 100644 index 80b03e42..00000000 --- a/lemur/common/crypto.py +++ /dev/null @@ -1,185 +0,0 @@ -""" -.. module: lemur.common.crypto - :platform: Unix - :synopsis: This module contains all cryptographic function's in Lemur - :copyright: (c) 2015 by Netflix Inc., see AUTHORS for more - :license: Apache, see LICENSE for more details. -.. moduleauthor:: Kevin Glisson - -""" -import os -import ssl -import StringIO -import functools -from Crypto import Random -from Crypto.Cipher import AES -from hashlib import sha512 - -from flask import current_app - -from lemur.factory import create_app - - -old_init = ssl.SSLSocket.__init__ - -@functools.wraps(old_init) -def ssl_bug(self, *args, **kwargs): - kwargs['ssl_version'] = ssl.PROTOCOL_TLSv1 - old_init(self, *args, **kwargs) - -ssl.SSLSocket.__init__ = ssl_bug - - -def derive_key_and_iv(password, salt, key_length, iv_length): - """ - Derives the key and iv from the password and salt. - - :param password: - :param salt: - :param key_length: - :param iv_length: - :return: key, iv - """ - d = d_i = '' - - while len(d) < key_length + iv_length: - d_i = sha512(d_i + password + salt).digest() - d += d_i - - return d[:key_length], d[key_length:key_length+iv_length] - - -def encrypt(in_file, out_file, password, key_length=32): - """ - Encrypts a file. - - :param in_file: - :param out_file: - :param password: - :param key_length: - """ - bs = AES.block_size - salt = Random.new().read(bs - len('Salted__')) - key, iv = derive_key_and_iv(password, salt, key_length, bs) - cipher = AES.new(key, AES.MODE_CBC, iv) - out_file.write('Salted__' + salt) - finished = False - while not finished: - chunk = in_file.read(1024 * bs) - if len(chunk) == 0 or len(chunk) % bs != 0: - padding_length = bs - (len(chunk) % bs) - chunk += padding_length * chr(padding_length) - finished = True - out_file.write(cipher.encrypt(chunk)) - - -def decrypt(in_file, out_file, password, key_length=32): - """ - Decrypts a file. - - :param in_file: - :param out_file: - :param password: - :param key_length: - :raise ValueError: - """ - bs = AES.block_size - salt = in_file.read(bs)[len('Salted__'):] - key, iv = derive_key_and_iv(password, salt, key_length, bs) - cipher = AES.new(key, AES.MODE_CBC, iv) - next_chunk = '' - finished = False - while not finished: - chunk, next_chunk = next_chunk, cipher.decrypt(in_file.read(1024 * bs)) - if len(next_chunk) == 0: - padding_length = ord(chunk[-1]) - if padding_length < 1 or padding_length > bs: - raise ValueError("bad decrypt pad (%d)" % padding_length) - # all the pad-bytes must be the same - if chunk[-padding_length:] != (padding_length * chr(padding_length)): - # this is similar to the bad decrypt:evp_enc.c from openssl program - raise ValueError("bad decrypt") - chunk = chunk[:-padding_length] - finished = True - out_file.write(chunk) - - -def encrypt_string(string, password): - """ - Encrypts a string. - - :param string: - :param password: - :return: - """ - in_file = StringIO.StringIO(string) - enc_file = StringIO.StringIO() - encrypt(in_file, enc_file, password) - enc_file.seek(0) - return enc_file.read() - - -def decrypt_string(string, password): - """ - Decrypts a string. - - :param string: - :param password: - :return: - """ - in_file = StringIO.StringIO(string) - out_file = StringIO.StringIO() - decrypt(in_file, out_file, password) - out_file.seek(0) - return out_file.read() - - -def lock(password): - """ - Encrypts Lemur's KEY_PATH. This directory can be used to store secrets needed for normal - Lemur operation. This is especially useful for storing secrets needed for communication - with third parties (e.g. external certificate authorities). - - Lemur does not assume anything about the contents of the directory and will attempt to - encrypt all files contained within. Currently this has only been tested against plain - text files. - - :param password: - """ - dest_dir = os.path.join(current_app.config.get("KEY_PATH"), "encrypted") - - if not os.path.exists(dest_dir): - current_app.logger.debug("Creating encryption directory: {0}".format(dest_dir)) - os.makedirs(dest_dir) - - for root, dirs, files in os.walk(os.path.join(current_app.config.get("KEY_PATH"), 'decrypted')): - for f in files: - source = os.path.join(root, f) - dest = os.path.join(dest_dir, f + ".enc") - with open(source, 'rb') as in_file, open(dest, 'wb') as out_file: - encrypt(in_file, out_file, password) - - -def unlock(password): - """ - Decrypts Lemur's KEY_PATH, allowing lemur to use the secrets within. - - This reverses the :func:`lock` function. - - :param password: - """ - dest_dir = os.path.join(current_app.config.get("KEY_PATH"), "decrypted") - source_dir = os.path.join(current_app.config.get("KEY_PATH"), "encrypted") - - if not os.path.exists(dest_dir): - current_app.logger.debug("Creating decryption directory: {0}".format(dest_dir)) - os.makedirs(dest_dir) - - for root, dirs, files in os.walk(source_dir): - for f in files: - source = os.path.join(source_dir, f) - dest = os.path.join(dest_dir, ".".join(f.split(".")[:-1])) - with open(source, 'rb') as in_file, open(dest, 'wb') as out_file: - current_app.logger.debug("Writing file: {0} Source: {1}".format(dest, source)) - decrypt(in_file, out_file, password) - diff --git a/lemur/manage.py b/lemur/manage.py index 9e553b5f..1ff0d9f5 100755 --- a/lemur/manage.py +++ b/lemur/manage.py @@ -1,9 +1,10 @@ -#!/usr/bin/env python import os import sys import base64 from gunicorn.config import make_settings +from cryptography.fernet import Fernet + from flask import current_app from flask.ext.script import Manager, Command, Option, Group, prompt_pass from flask.ext.migrate import Migrate, MigrateCommand, stamp @@ -20,7 +21,6 @@ from lemur.certificates import sync from lemur.elbs.sync import sync_all_elbs from lemur import create_app -from lemur.common.crypto import encrypt, decrypt, lock, unlock # Needed to be imported so that SQLAlchemy create_all can find our models from lemur.users.models import User @@ -133,78 +133,6 @@ def create(): stamp(revision='head') -@manager.command -def lock(): - """ - Encrypts all of the files in the `keys` directory with the password - given. This is a useful function to ensure that you do no check in - your key files into source code in clear text. - - :return: - """ - password = prompt_pass("Please enter the encryption password") - lock(password) - sys.stdout.write("[+] Lemur keys have been encrypted!\n") - - -@manager.command -def unlock(): - """ - Decrypts all of the files in the `keys` directory with the password - given. This is most commonly used during the startup sequence of Lemur - allowing it to go from source code to something that can communicate - with external services. - - :return: - """ - password = prompt_pass("Please enter the encryption password") - unlock(password) - sys.stdout.write("[+] Lemur keys have been unencrypted!\n") - - -@manager.command -def encrypt_file(source): - """ - Utility to encrypt sensitive files, Lemur will decrypt these - files when admin enters the correct password. - - Uses AES-256-CBC encryption - """ - dest = source + ".encrypted" - password = prompt_pass("Please enter the encryption password") - password1 = prompt_pass("Please confirm the encryption password") - if password != password1: - sys.stdout.write("[!] Encryption passwords do not match!\n") - return - - with open(source, 'rb') as in_file, open(dest, 'wb') as out_file: - encrypt(in_file, out_file, password) - - sys.stdout.write("[+] Writing encryption files... {0}!\n".format(dest)) - - -@manager.command -def decrypt_file(source): - """ - Utility to decrypt, Lemur will decrypt these - files when admin enters the correct password. - - Assumes AES-256-CBC encryption - """ - # cleanup extensions a bit - if ".encrypted" in source: - dest = ".".join(source.split(".")[:-1]) + ".decrypted" - else: - dest = source + ".decrypted" - - password = prompt_pass("Please enter the encryption password") - - with open(source, 'rb') as in_file, open(dest, 'wb') as out_file: - decrypt(in_file, out_file, password) - - sys.stdout.write("[+] Writing decrypted files... {0}!\n".format(dest)) - - @manager.command def check_revoked(): """ @@ -453,7 +381,84 @@ def create_config(config_path=None): with open(config_path, 'w') as f: f.write(config) - sys.stdout.write("Created a new configuration file {0}\n".format(config_path)) + sys.stdout.write("[+] Created a new configuration file {0}\n".format(config_path)) + + +@manager.command +def lock(path=None): + """ + Encrypts a given path. This directory can be used to store secrets needed for normal + Lemur operation. This is especially useful for storing secrets needed for communication + with third parties (e.g. external certificate authorities). + + Lemur does not assume anything about the contents of the directory and will attempt to + encrypt all files contained within. Currently this has only been tested against plain + text files. + + Path defaults ~/.lemur/keys + + :param: path + """ + if not path: + path = os.path.expanduser('~/.lemur/keys') + + dest_dir = os.path.join(path, "encrypted") + sys.stdout.write("[!] Generating a new key...\n") + + key = Fernet.generate_key() + + if not os.path.exists(dest_dir): + sys.stdout.write("[+] Creating encryption directory: {0}\n".format(dest_dir)) + os.makedirs(dest_dir) + + for root, dirs, files in os.walk(os.path.join(path, 'decrypted')): + for f in files: + source = os.path.join(root, f) + dest = os.path.join(dest_dir, f + ".enc") + with open(source, 'rb') as in_file, open(dest, 'wb') as out_file: + f = Fernet(key) + data = f.encrypt(in_file.read()) + out_file.write(data) + sys.stdout.write("[+] Writing file: {0} Source: {1}\n".format(dest, source)) + + sys.stdout.write("[+] Keys have been encrypted with key {0}\n".format(key)) + + +@manager.command +def unlock(path=None): + """ + Decrypts all of the files in a given directory with provided password. + This is most commonly used during the startup sequence of Lemur + allowing it to go from source code to something that can communicate + with external services. + + Path defaults ~/.lemur/keys + + :param: path + """ + key = prompt_pass("[!] Please enter the encryption password") + + if not path: + path = os.path.expanduser('~/.lemur/keys') + + dest_dir = os.path.join(path, "decrypted") + source_dir = os.path.join(path, "encrypted") + + if not os.path.exists(dest_dir): + sys.stdout.write("[+] Creating decryption directory: {0}\n".format(dest_dir)) + os.makedirs(dest_dir) + + for root, dirs, files in os.walk(source_dir): + for f in files: + source = os.path.join(source_dir, f) + dest = os.path.join(dest_dir, ".".join(f.split(".")[:-1])) + with open(source, 'rb') as in_file, open(dest, 'wb') as out_file: + f = Fernet(key) + data = f.decrypt(in_file.read()) + out_file.write(data) + sys.stdout.write("[+] Writing file: {0} Source: {1}\n".format(dest, source)) + + sys.stdout.write("[+] Keys have been unencrypted!\n") def main(): diff --git a/lemur/plugins/bases/issuer.py b/lemur/plugins/bases/issuer.py index b7cb14a4..b2e5c964 100644 --- a/lemur/plugins/bases/issuer.py +++ b/lemur/plugins/bases/issuer.py @@ -19,6 +19,3 @@ class IssuerPlugin(Plugin): def create_authority(self): raise NotImplemented - def get_csr_config(self): - raise NotImplementedError - diff --git a/lemur/plugins/lemur_verisign/plugin.py b/lemur/plugins/lemur_verisign/plugin.py index e3881272..c31f499f 100644 --- a/lemur/plugins/lemur_verisign/plugin.py +++ b/lemur/plugins/lemur_verisign/plugin.py @@ -151,6 +151,3 @@ class VerisignPlugin(IssuerPlugin): response = self.session.post(url, headers={'content-type': 'application/x-www-form-urlencoded'}) return self.handle_response(response.content)['Response']['Order'] - def get_authorities(self): - pass - diff --git a/lemur/tests/conftest.py b/lemur/tests/conftest.py index 50bfd144..849a3a7d 100644 --- a/lemur/tests/conftest.py +++ b/lemur/tests/conftest.py @@ -45,7 +45,6 @@ def app(): ctx.pop() - @pytest.yield_fixture(scope="session") def db(app, request): _db.drop_all() @@ -72,7 +71,6 @@ def session(db, request): @pytest.yield_fixture(scope="function") -def client(app, session): - with app.test_client() as client: - yield client +def client(app, session, client): + yield client diff --git a/lemur/tests/test_accounts.py b/lemur/tests/test_accounts.py index 2712947c..7665bfc6 100644 --- a/lemur/tests/test_accounts.py +++ b/lemur/tests/test_accounts.py @@ -22,11 +22,11 @@ def test_account_get(client): def test_account_post(client): - assert client.post(api.url_for(Accounts, account_id=1), {}).status_code == 405 + assert client.post(api.url_for(Accounts, account_id=1), data={}).status_code == 405 def test_account_put(client): - assert client.put(api.url_for(Accounts, account_id=1), {}).status_code == 401 + assert client.put(api.url_for(Accounts, account_id=1), data={}).status_code == 401 def test_account_delete(client): @@ -34,7 +34,7 @@ def test_account_delete(client): def test_account_patch(client): - assert client.patch(api.url_for(Accounts, account_id=1), {}).status_code == 405 + assert client.patch(api.url_for(Accounts, account_id=1), data={}).status_code == 405 VALID_USER_HEADER_TOKEN = { @@ -45,7 +45,7 @@ def test_auth_account_get(client): def test_auth_account_post_(client): - assert client.post(api.url_for(Accounts, account_id=1), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 405 + assert client.post(api.url_for(Accounts, account_id=1), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 405 def test_auth_account_put(client): @@ -57,7 +57,7 @@ def test_auth_account_delete(client): def test_auth_account_patch(client): - assert client.patch(api.url_for(Accounts, account_id=1), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 405 + assert client.patch(api.url_for(Accounts, account_id=1), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 405 VALID_ADMIN_HEADER_TOKEN = { @@ -68,7 +68,7 @@ def test_admin_account_get(client): def test_admin_account_post(client): - assert client.post(api.url_for(Accounts, account_id=1), {}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405 + assert client.post(api.url_for(Accounts, account_id=1), data={}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405 def test_admin_account_put(client): @@ -80,7 +80,7 @@ def test_admin_account_delete(client): def test_admin_account_patch(client): - assert client.patch(api.url_for(Accounts, account_id=1), {}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405 + assert client.patch(api.url_for(Accounts, account_id=1), data={}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405 def test_accounts_get(client): @@ -88,11 +88,11 @@ def test_accounts_get(client): def test_accounts_post(client): - assert client.post(api.url_for(AccountsList), {}).status_code == 401 + assert client.post(api.url_for(AccountsList), data={}).status_code == 401 def test_accounts_put(client): - assert client.put(api.url_for(AccountsList), {}).status_code == 405 + assert client.put(api.url_for(AccountsList), data={}).status_code == 405 def test_accounts_delete(client): @@ -100,7 +100,7 @@ def test_accounts_delete(client): def test_accounts_patch(client): - assert client.patch(api.url_for(AccountsList), {}).status_code == 405 + assert client.patch(api.url_for(AccountsList), data={}).status_code == 405 def test_auth_accounts_get(client): @@ -108,7 +108,7 @@ def test_auth_accounts_get(client): def test_auth_accounts_post(client): - assert client.post(api.url_for(AccountsList), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 403 + assert client.post(api.url_for(AccountsList), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 403 def test_admin_accounts_get(client): diff --git a/lemur/tests/test_authorities.py b/lemur/tests/test_authorities.py index e55db48a..e66147e5 100644 --- a/lemur/tests/test_authorities.py +++ b/lemur/tests/test_authorities.py @@ -16,11 +16,11 @@ def test_authority_get(client): def test_authority_post(client): - assert client.post(api.url_for(Authorities, authority_id=1), {}).status_code == 405 + assert client.post(api.url_for(Authorities, authority_id=1), data={}).status_code == 405 def test_authority_put(client): - assert client.put(api.url_for(Authorities, authority_id=1), {}).status_code == 401 + assert client.put(api.url_for(Authorities, authority_id=1), data={}).status_code == 401 def test_authority_delete(client): @@ -28,7 +28,7 @@ def test_authority_delete(client): def test_authority_patch(client): - assert client.patch(api.url_for(Authorities, authority_id=1), {}).status_code == 405 + assert client.patch(api.url_for(Authorities, authority_id=1), data={}).status_code == 405 def test_authorities_get(client): @@ -36,11 +36,11 @@ def test_authorities_get(client): def test_authorities_post(client): - assert client.post(api.url_for(AuthoritiesList), {}).status_code == 401 + assert client.post(api.url_for(AuthoritiesList), data={}).status_code == 401 def test_authorities_put(client): - assert client.put(api.url_for(AuthoritiesList), {}).status_code == 405 + assert client.put(api.url_for(AuthoritiesList), data={}).status_code == 405 def test_authorities_delete(client): @@ -48,7 +48,7 @@ def test_authorities_delete(client): def test_authorities_patch(client): - assert client.patch(api.url_for(AuthoritiesList), {}).status_code == 405 + assert client.patch(api.url_for(AuthoritiesList), data={}).status_code == 405 def test_certificate_authorities_get(client): @@ -56,11 +56,11 @@ def test_certificate_authorities_get(client): def test_certificate_authorities_post(client): - assert client.post(api.url_for(AuthoritiesList), {}).status_code == 401 + assert client.post(api.url_for(AuthoritiesList), data={}).status_code == 401 def test_certificate_authorities_put(client): - assert client.put(api.url_for(AuthoritiesList), {}).status_code == 405 + assert client.put(api.url_for(AuthoritiesList), data={}).status_code == 405 def test_certificate_authorities_delete(client): @@ -68,7 +68,7 @@ def test_certificate_authorities_delete(client): def test_certificate_authorities_patch(client): - assert client.patch(api.url_for(AuthoritiesList), {}).status_code == 405 + assert client.patch(api.url_for(AuthoritiesList), data={}).status_code == 405 VALID_USER_HEADER_TOKEN = { @@ -80,7 +80,7 @@ def test_auth_authority_get(client): def test_auth_authority_post_(client): - assert client.post(api.url_for(Authorities, authority_id=1), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 405 + assert client.post(api.url_for(Authorities, authority_id=1), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 405 def test_auth_authority_put(client): @@ -92,7 +92,7 @@ def test_auth_authority_delete(client): def test_auth_authority_patch(client): - assert client.patch(api.url_for(Authorities, authority_id=1), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 405 + assert client.patch(api.url_for(Authorities, authority_id=1), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 405 def test_auth_authorities_get(client): @@ -100,7 +100,7 @@ def test_auth_authorities_get(client): def test_auth_authorities_post(client): - assert client.post(api.url_for(AuthoritiesList), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 400 + assert client.post(api.url_for(AuthoritiesList), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 400 def test_auth_certificates_authorities_get(client): @@ -116,7 +116,7 @@ def test_admin_authority_get(client): def test_admin_authority_post(client): - assert client.post(api.url_for(Authorities, authority_id=1), {}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405 + assert client.post(api.url_for(Authorities, authority_id=1), data={}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405 def test_admin_authority_put(client): @@ -136,11 +136,11 @@ def test_admin_authorities_get(client): def test_admin_authorities_post(client): - assert client.post(api.url_for(AuthoritiesList), {}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 400 + assert client.post(api.url_for(AuthoritiesList), data={}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 400 def test_admin_authorities_put(client): - assert client.put(api.url_for(AuthoritiesList), {}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405 + assert client.put(api.url_for(AuthoritiesList), data={}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405 def test_admin_authorities_delete(client): diff --git a/lemur/tests/test_certificates.py b/lemur/tests/test_certificates.py index 4470149d..5990c09c 100644 --- a/lemur/tests/test_certificates.py +++ b/lemur/tests/test_certificates.py @@ -1,18 +1,6 @@ -import os import pytest -from mock import mock_open, patch from lemur.certificates.views import * -#def test_crud(session): -# role = create('role1') -# assert role.id > 0 -# -# role = update(role.id, 'role_new', None, []) -# assert role.name == 'role_new' -# delete(role.id) -# assert get(role.id) == None - - def test_valid_authority(session): assert 1 == 2 @@ -33,28 +21,26 @@ def test_private_key_str(): private_key_str('dfsdfsdf', 'test') -def test_create_csr(): - from lemur.tests.certs import CSR_CONFIG +def test_create_basic_csr(): from lemur.certificates.service import create_csr - m = mock_open() - with patch('lemur.certificates.service.open', m, create=True): - path = create_csr(CSR_CONFIG) - assert path == '' + csr_config = dict( + commonName=u'example.com', + organization=u'Example, Inc.', + organizationalUnit=u'Operations', + country=u'US', + state=u'CA', + location=u'A place', + extensions=dict(subAltNames=[u'test.example.com', u'test2.example.com']) + ) + csr, pem = create_csr(csr_config) + + private_key = serialization.load_pem_private_key(pem, password=None, backend=default_backend()) + csr = x509.load_pem_x509_csr(csr, default_backend()) + for name in csr.subject: + assert name.value in csr_config.values() -def test_create_path(): - assert 1 == 2 - - -def test_load_ssl_pack(): - assert 1 == 2 - - -def test_delete_ssl_path(): - assert 1 == 2 - - -def test_import_certificate(session): +def test_import_certificate(): assert 1 == 2 @@ -137,20 +123,17 @@ def test_create_name(): True ) == 'SAN-example.com-ExampleInc-20150507-20150512' -def test_is_expired(): - assert 1 == 2 - def test_certificate_get(client): assert client.get(api.url_for(Certificates, certificate_id=1)).status_code == 401 def test_certificate_post(client): - assert client.post(api.url_for(Certificates, certificate_id=1), {}).status_code == 405 + assert client.post(api.url_for(Certificates, certificate_id=1), data={}).status_code == 405 def test_certificate_put(client): - assert client.put(api.url_for(Certificates, certificate_id=1), {}).status_code == 401 + assert client.put(api.url_for(Certificates, certificate_id=1), data={}).status_code == 401 def test_certificate_delete(client): @@ -158,7 +141,7 @@ def test_certificate_delete(client): def test_certificate_patch(client): - assert client.patch(api.url_for(Certificates, certificate_id=1), {}).status_code == 405 + assert client.patch(api.url_for(Certificates, certificate_id=1), data={}).status_code == 405 def test_certificates_get(client): @@ -166,11 +149,11 @@ def test_certificates_get(client): def test_certificates_post(client): - assert client.post(api.url_for(CertificatesList), {}).status_code == 401 + assert client.post(api.url_for(CertificatesList), data={}).status_code == 401 def test_certificates_put(client): - assert client.put(api.url_for(CertificatesList), {}).status_code == 405 + assert client.put(api.url_for(CertificatesList), data={}).status_code == 405 def test_certificates_delete(client): @@ -178,7 +161,7 @@ def test_certificates_delete(client): def test_certificates_patch(client): - assert client.patch(api.url_for(CertificatesList), {}).status_code == 405 + assert client.patch(api.url_for(CertificatesList), data={}).status_code == 405 def test_certificate_credentials_get(client): @@ -186,11 +169,11 @@ def test_certificate_credentials_get(client): def test_certificate_credentials_post(client): - assert client.post(api.url_for(CertificatePrivateKey, certificate_id=1), {}).status_code == 405 + assert client.post(api.url_for(CertificatePrivateKey, certificate_id=1), data={}).status_code == 405 def test_certificate_credentials_put(client): - assert client.put(api.url_for(CertificatePrivateKey, certificate_id=1), {}).status_code == 405 + assert client.put(api.url_for(CertificatePrivateKey, certificate_id=1), data={}).status_code == 405 def test_certificate_credentials_delete(client): @@ -198,7 +181,7 @@ def test_certificate_credentials_delete(client): def test_certificate_credentials_patch(client): - assert client.patch(api.url_for(CertificatePrivateKey, certificate_id=1), {}).status_code == 405 + assert client.patch(api.url_for(CertificatePrivateKey, certificate_id=1), data={}).status_code == 405 def test_certificates_upload_get(client): @@ -206,11 +189,11 @@ def test_certificates_upload_get(client): def test_certificates_upload_post(client): - assert client.post(api.url_for(CertificatesUpload), {}).status_code == 401 + assert client.post(api.url_for(CertificatesUpload), data={}).status_code == 401 def test_certificates_upload_put(client): - assert client.put(api.url_for(CertificatesUpload), {}).status_code == 405 + assert client.put(api.url_for(CertificatesUpload), data={}).status_code == 405 def test_certificates_upload_delete(client): @@ -218,7 +201,7 @@ def test_certificates_upload_delete(client): def test_certificates_upload_patch(client): - assert client.patch(api.url_for(CertificatesUpload), {}).status_code == 405 + assert client.patch(api.url_for(CertificatesUpload), data={}).status_code == 405 VALID_USER_HEADER_TOKEN = { @@ -230,7 +213,7 @@ def test_auth_certificate_get(client): def test_auth_certificate_post_(client): - assert client.post(api.url_for(Certificates, certificate_id=1), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 405 + assert client.post(api.url_for(Certificates, certificate_id=1), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 405 def test_auth_certificate_put(client): @@ -242,7 +225,7 @@ def test_auth_certificate_delete(client): def test_auth_certificate_patch(client): - assert client.patch(api.url_for(Certificates, certificate_id=1), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 405 + assert client.patch(api.url_for(Certificates, certificate_id=1), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 405 def test_auth_certificates_get(client): @@ -250,7 +233,7 @@ def test_auth_certificates_get(client): def test_auth_certificates_post(client): - assert client.post(api.url_for(CertificatesList), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 400 + assert client.post(api.url_for(CertificatesList), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 400 def test_auth_certificate_credentials_get(client): @@ -258,11 +241,11 @@ def test_auth_certificate_credentials_get(client): def test_auth_certificate_credentials_post(client): - assert client.post(api.url_for(CertificatePrivateKey, certificate_id=1), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 405 + assert client.post(api.url_for(CertificatePrivateKey, certificate_id=1), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 405 def test_auth_certificate_credentials_put(client): - assert client.put(api.url_for(CertificatePrivateKey, certificate_id=1), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 405 + assert client.put(api.url_for(CertificatePrivateKey, certificate_id=1), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 405 def test_auth_certificate_credentials_delete(client): @@ -270,7 +253,7 @@ def test_auth_certificate_credentials_delete(client): def test_auth_certificate_credentials_patch(client): - assert client.patch(api.url_for(CertificatePrivateKey, certificate_id=1), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 405 + assert client.patch(api.url_for(CertificatePrivateKey, certificate_id=1), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 405 def test_auth_certificates_upload_get(client): @@ -278,11 +261,11 @@ def test_auth_certificates_upload_get(client): def test_auth_certificates_upload_post(client): - assert client.post(api.url_for(CertificatesUpload), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 400 + assert client.post(api.url_for(CertificatesUpload), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 400 def test_auth_certificates_upload_put(client): - assert client.put(api.url_for(CertificatesUpload), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 405 + assert client.put(api.url_for(CertificatesUpload), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 405 def test_auth_certificates_upload_delete(client): @@ -290,7 +273,7 @@ def test_auth_certificates_upload_delete(client): def test_auth_certificates_upload_patch(client): - assert client.patch(api.url_for(CertificatesUpload), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 405 + assert client.patch(api.url_for(CertificatesUpload), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 405 VALID_ADMIN_HEADER_TOKEN = { @@ -302,7 +285,7 @@ def test_admin_certificate_get(client): def test_admin_certificate_post(client): - assert client.post(api.url_for(Certificates, certificate_id=1), {}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405 + assert client.post(api.url_for(Certificates, certificate_id=1), data={}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405 def test_admin_certificate_put(client): @@ -314,7 +297,7 @@ def test_admin_certificate_delete(client): def test_admin_certificate_patch(client): - assert client.patch(api.url_for(Certificates, certificate_id=1), {}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405 + assert client.patch(api.url_for(Certificates, certificate_id=1), data={}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405 def test_admin_certificates_get(client): @@ -328,7 +311,7 @@ def test_admin_certificate_credentials_get(client): def test_admin_certificate_credentials_post(client): - assert client.post(api.url_for(CertificatePrivateKey, certificate_id=1), {}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405 + assert client.post(api.url_for(CertificatePrivateKey, certificate_id=1), data={}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405 def test_admin_certificate_credentials_put(client): @@ -340,5 +323,5 @@ def test_admin_certificate_credentials_delete(client): def test_admin_certificate_credentials_patch(client): - assert client.patch(api.url_for(CertificatePrivateKey, certificate_id=1), {}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405 + assert client.patch(api.url_for(CertificatePrivateKey, certificate_id=1), data={}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405 diff --git a/lemur/tests/test_domains.py b/lemur/tests/test_domains.py index 9d57f142..e8f94728 100644 --- a/lemur/tests/test_domains.py +++ b/lemur/tests/test_domains.py @@ -5,11 +5,11 @@ def test_domain_get(client): def test_domain_post(client): - assert client.post(api.url_for(Domains, domain_id=1), {}).status_code == 405 + assert client.post(api.url_for(Domains, domain_id=1), data={}).status_code == 405 def test_domain_put(client): - assert client.put(api.url_for(Domains, domain_id=1), {}).status_code == 405 + assert client.put(api.url_for(Domains, domain_id=1), data={}).status_code == 405 def test_domain_delete(client): @@ -17,7 +17,7 @@ def test_domain_delete(client): def test_domain_patch(client): - assert client.patch(api.url_for(Domains, domain_id=1), {}).status_code == 405 + assert client.patch(api.url_for(Domains, domain_id=1), data={}).status_code == 405 VALID_USER_HEADER_TOKEN = { @@ -28,7 +28,7 @@ def test_auth_domain_get(client): def test_auth_domain_post_(client): - assert client.post(api.url_for(Domains, domain_id=1), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 405 + assert client.post(api.url_for(Domains, domain_id=1), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 405 def test_auth_domain_put(client): @@ -40,7 +40,7 @@ def test_auth_domain_delete(client): def test_auth_domain_patch(client): - assert client.patch(api.url_for(Domains, domain_id=1), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 405 + assert client.patch(api.url_for(Domains, domain_id=1), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 405 VALID_ADMIN_HEADER_TOKEN = { @@ -51,7 +51,7 @@ def test_admin_domain_get(client): def test_admin_domain_post(client): - assert client.post(api.url_for(Domains, domain_id=1), {}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405 + assert client.post(api.url_for(Domains, domain_id=1), data={}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405 def test_admin_domain_put(client): @@ -63,7 +63,7 @@ def test_admin_domain_delete(client): def test_admin_domain_patch(client): - assert client.patch(api.url_for(Domains, domain_id=1), {}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405 + assert client.patch(api.url_for(Domains, domain_id=1), data={}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405 def test_domains_get(client): @@ -71,11 +71,11 @@ def test_domains_get(client): def test_domains_post(client): - assert client.post(api.url_for(DomainsList), {}).status_code == 405 + assert client.post(api.url_for(DomainsList), data={}).status_code == 405 def test_domains_put(client): - assert client.put(api.url_for(DomainsList), {}).status_code == 405 + assert client.put(api.url_for(DomainsList), data={}).status_code == 405 def test_domains_delete(client): @@ -83,7 +83,7 @@ def test_domains_delete(client): def test_domains_patch(client): - assert client.patch(api.url_for(DomainsList), {}).status_code == 405 + assert client.patch(api.url_for(DomainsList), data={}).status_code == 405 def test_auth_domains_get(client): @@ -101,11 +101,11 @@ def test_certificate_domains_get(client): def test_certificate_domains_post(client): - assert client.post(api.url_for(CertificateDomains, certificate_id=1), {}).status_code == 405 + assert client.post(api.url_for(CertificateDomains, certificate_id=1), data={}).status_code == 405 def test_certificate_domains_put(client): - assert client.put(api.url_for(CertificateDomains, certificate_id=1), {}).status_code == 405 + assert client.put(api.url_for(CertificateDomains, certificate_id=1), data={}).status_code == 405 def test_certificate_domains_delete(client): @@ -113,7 +113,7 @@ def test_certificate_domains_delete(client): def test_certificate_domains_patch(client): - assert client.patch(api.url_for(CertificateDomains, certificate_id=1), {}).status_code == 405 + assert client.patch(api.url_for(CertificateDomains, certificate_id=1), data={}).status_code == 405 def test_auth_certificate_domains_get(client): diff --git a/lemur/tests/test_pack/challenge.txt b/lemur/tests/test_pack/challenge.txt deleted file mode 100644 index 21c7ddb9..00000000 --- a/lemur/tests/test_pack/challenge.txt +++ /dev/null @@ -1 +0,0 @@ -KRPZPA&*!_~%dbnuzf153594 \ No newline at end of file diff --git a/lemur/tests/test_pack/csr_config.txt b/lemur/tests/test_pack/csr_config.txt deleted file mode 100644 index 0704e5bc..00000000 --- a/lemur/tests/test_pack/csr_config.txt +++ /dev/null @@ -1,38 +0,0 @@ - - # Configuration for standard CSR generation for Netflix - # Used for procuring VeriSign certificates - # Author: jachan - # Contact: cloudsecurity@netflix.com - - [ req ] - # Use a 2048 bit private key - default_bits = 2048 - default_keyfile = key.pem - prompt = no - encrypt_key = no - - # base request - distinguished_name = req_distinguished_name - - # extensions - # Uncomment the following line if you are requesting a SAN cert - #req_extensions = req_ext - - # distinguished_name - [ req_distinguished_name ] - countryName = "US" # C= - stateOrProvinceName = "CALIFORNIA" # ST= - localityName = "Los Gatos" # L= - organizationName = "Netflix, Inc." # O= - organizationalUnitName = "Operations" # OU= - # This is the hostname/subject name on the certificate - commonName = "dfdsflkj.net" # CN= - - [ req_ext ] - # Uncomment the following line if you are requesting a SAN cert - #subjectAltName = @alt_names - - [alt_names] - # Put your SANs here - - \ No newline at end of file diff --git a/lemur/tests/test_pack/private.key b/lemur/tests/test_pack/private.key deleted file mode 100644 index a70fee5f..00000000 --- a/lemur/tests/test_pack/private.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAvNudwW+UeQqkpY71MIdEg501AFlPKuOXG2xU8DZhvZS6dKv+ -kDmIWdEqodDgkQiy0jyTgTwxwRqDSw96R6ZgrXefUoJJo66aCsosTBZtVaE85f1L -bj2+3U678c+rekUdkrnGcGCo6b8QtdvBpiDy2clneox8tSvmffAdcR1uCv/790/k -PzQ/djWDX9JcBRyDkcTJwYC0/ek7URvA/+MXmgUL13T+gWKqduaKuIBlFetonDjn -nO11QUBiusIuHV62wzKn8m5Nc+4XoaBR0YWMFn/g6qXDYrwfCsMpka7vSWJFv5Ff -yf+7kY3wU4xIwU2vXlIDcCsdUu6b/pYoQ0YOsQIDAQABAoIBAGbFH6iWnnXrq8MH -8zcQNOFmF+RztRgCt0TOA76f6TowB/LbcXBsTl2J7CgYMUvbLuwm2KHX7r9FPTMI -XiNFT5C16rYMfiQbLGo4sDhLb/3L+wawem6oHQfzA2VH++lSWRByFaEriF+CgIZl -6pALl/uZlLzkXCx+kjPwCSV3vV0wFkDnNs6+wPrz2IhkePsuC8J0QKQLlwsES2It -Gizzhpehdv9lc9MyZC//1QlD9gMDl5ok5Bt1Xm2c12XUEEcLlKQkJxiOrBOfXPmV -PHCdLc7gZO30hc6dyQ1SSnLpywhz/a0ir2GMvkMbS5hculpcZmwEcdZl1HYD8ObP -yOMbPE0CgYEA4LVGJKGtbM8RiBB0MstxNstMYVJ4mXB0lSQ0RazdO3S3ojn+oLpF -b2pvV6m9WnHiCGigWkzhqtGGCo6aqE0MoiR4jTN8GhiZz4ggDDaVgc4Px5reUD+r -tRsTpBHseGQ+ODGgkMI8eJYkdyqkECkYjAOrdy6uorvgxUAZecRIfJMCgYEA1yhM -7NidTNRuA+huS5GcQwQweTM6P1qF7Kfk1JYQMVu4gibLZiLHlWCyHI9lrbI7IaMm -g/4jXXoewv7IvyrrSEFulkPeVWxCe3mjfQ8JANfUj4kuR915LSn4lX2pbUgUS66K -vJSUJtnzLUmb8khLEcOmDbmTFZl8D/bTHFFZlisCgYAeelfWNhuoq3lMRDcOgKuN -bAujE6WJ4kfdxrhUTvr+ynjxxv3zXPB4CS6q7Dnjn5ix3UcKmGzvV1Xf7rGpbDHv -eBTlyfrmKzoJfQQjw++JWKKpRycqKUin2tFSKqAxQB90Tb7ig4XiMTMm+qCgFILg -0sqZ8rn7FpKJDoWmD2ppgwKBgG2Dl9QeVcKbhfv7PNi+HvmFkl6+knFY1D4nHzSN -xWQ6OWoV8QXlwgzokQA0hR6qT6rJbntUyg90b1/1a5zSbbvzgiR+GxcD6bsLqQmo -s354XTtKKgJuWpWAfYUp1ylGvP3gs8FVJyu3WC2+/9+MqJk8KrNlt9YQr7M4gTAy -wBTNAoGAGU7Po4uI3xDKGLLK/ot3D3P8U9ByfeLlrUZtTz1PASsMOr92bkXmUPlE -DYUd5uFfwwlvbMNT1Ooeyrzg3bARd9B6ATyMkOaJeGoQwFAI468iucnm9rNXB+/t -U2rbIi1pXSm8zSNEY85tf6C8DU/5YbcAPf47a2UYhwCpYAJfMk0= ------END RSA PRIVATE KEY----- diff --git a/lemur/tests/test_pack/request.csr b/lemur/tests/test_pack/request.csr deleted file mode 100644 index 7b2eecf5..00000000 --- a/lemur/tests/test_pack/request.csr +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIICvzCCAacCAQAwejELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNBTElGT1JOSUEx -EjAQBgNVBAcTCUxvcyBHYXRvczEWMBQGA1UEChMNTmV0ZmxpeCwgSW5jLjETMBEG -A1UECxMKT3BlcmF0aW9uczEVMBMGA1UEAxMMZGZkc2Zsa2oubmV0MIIBIjANBgkq -hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvNudwW+UeQqkpY71MIdEg501AFlPKuOX -G2xU8DZhvZS6dKv+kDmIWdEqodDgkQiy0jyTgTwxwRqDSw96R6ZgrXefUoJJo66a -CsosTBZtVaE85f1Lbj2+3U678c+rekUdkrnGcGCo6b8QtdvBpiDy2clneox8tSvm -ffAdcR1uCv/790/kPzQ/djWDX9JcBRyDkcTJwYC0/ek7URvA/+MXmgUL13T+gWKq -duaKuIBlFetonDjnnO11QUBiusIuHV62wzKn8m5Nc+4XoaBR0YWMFn/g6qXDYrwf -CsMpka7vSWJFv5Ffyf+7kY3wU4xIwU2vXlIDcCsdUu6b/pYoQ0YOsQIDAQABoAAw -DQYJKoZIhvcNAQEFBQADggEBAE8b0+IYGiR64Me/L0/njYvSR5WR4EnjW99Sc8X5 -k93zpk4hExrZhrlkDBA/jUHhBZcPNV9w/YkhSu5ubPjRp9gRM2d4B9gGJFAs+bwe -LS9hCOxWIMKgvaBMEDQFcwqAv6kEJzmrIa7LtWS39wNfdko2hANtm7z9qskc8bPr -265+Z48DwSNCF4RPhVp9eDifjHrj0I//GMXYa92uvgj1BlPo/SGMS+XFQF779p2b -622HmUCop3pYeIyYd6rirvl9+KwqvIhm2MqHk62eHOK7Bn/FPev8OUDeV6pIvvSV -UxsEHjjLm0V/lOD65lROc7dTq4jO5PkpoKnFQDgV5v0Bf/k= ------END CERTIFICATE REQUEST----- diff --git a/lemur/tests/test_pack/server.crt b/lemur/tests/test_pack/server.crt deleted file mode 100644 index 64ec5358..00000000 --- a/lemur/tests/test_pack/server.crt +++ /dev/null @@ -1,21 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDcDCCAlgCCQC8msHu/aa61zANBgkqhkiG9w0BAQUFADB6MQswCQYDVQQGEwJV -UzETMBEGA1UECBMKQ0FMSUZPUk5JQTESMBAGA1UEBxMJTG9zIEdhdG9zMRYwFAYD -VQQKEw1OZXRmbGl4LCBJbmMuMRMwEQYDVQQLEwpPcGVyYXRpb25zMRUwEwYDVQQD -EwxkZmRzZmxrai5uZXQwHhcNMTQwNTI1MTczMDMzWhcNMTUwNTI1MTczMDMzWjB6 -MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ0FMSUZPUk5JQTESMBAGA1UEBxMJTG9z -IEdhdG9zMRYwFAYDVQQKEw1OZXRmbGl4LCBJbmMuMRMwEQYDVQQLEwpPcGVyYXRp -b25zMRUwEwYDVQQDEwxkZmRzZmxrai5uZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IB -DwAwggEKAoIBAQC8253Bb5R5CqSljvUwh0SDnTUAWU8q45cbbFTwNmG9lLp0q/6Q -OYhZ0Sqh0OCRCLLSPJOBPDHBGoNLD3pHpmCtd59SgkmjrpoKyixMFm1VoTzl/Utu -Pb7dTrvxz6t6RR2SucZwYKjpvxC128GmIPLZyWd6jHy1K+Z98B1xHW4K//v3T+Q/ -ND92NYNf0lwFHIORxMnBgLT96TtRG8D/4xeaBQvXdP6BYqp25oq4gGUV62icOOec -7XVBQGK6wi4dXrbDMqfybk1z7hehoFHRhYwWf+DqpcNivB8KwymRru9JYkW/kV/J -/7uRjfBTjEjBTa9eUgNwKx1S7pv+lihDRg6xAgMBAAEwDQYJKoZIhvcNAQEFBQAD -ggEBAJHwa4l2iSiFBb6wVFBJEWEt31qp+njiVCoTg2OJzCT60Xb26hkrsiTldIIh -eB9+y+fwdfwopzWhkNbIOlCfudx/uxtpor8/3BRbjSlNwDUg2L8pfAircJMFLQUM -O6nqPOBWCe8hXwe9FQM/oFOavf/AAw/FED+892xlytjirK9u3B28O20W11+fY7hp -8LQVBrMoVxFeLWmmwETAltJ7HEYutplRzYTM0vLBARl4Vd5kLJlY3j2Dp1ZpRGcg -CrQp26UD/oaAPGtiZQSC4LJ+4JfOuuqbm3CI24QMCh9rxv3ZoOQnFuC+7cZgqrat -V4bxCrVvWhrrDSgy9+A80NVzQ3k= ------END CERTIFICATE----- diff --git a/lemur/tests/test_roles.py b/lemur/tests/test_roles.py index b40e0772..7339aeb4 100644 --- a/lemur/tests/test_roles.py +++ b/lemur/tests/test_roles.py @@ -18,11 +18,11 @@ def test_role_get(client): def test_role_post(client): - assert client.post(api.url_for(Roles, role_id=1), {}).status_code == 405 + assert client.post(api.url_for(Roles, role_id=1), data={}).status_code == 405 def test_role_put(client): - assert client.put(api.url_for(Roles, role_id=1), {}).status_code == 401 + assert client.put(api.url_for(Roles, role_id=1), data={}).status_code == 401 def test_role_delete(client): @@ -30,7 +30,7 @@ def test_role_delete(client): def test_role_patch(client): - assert client.patch(api.url_for(Roles, role_id=1), {}).status_code == 405 + assert client.patch(api.url_for(Roles, role_id=1), data={}).status_code == 405 def test_roles_get(client): @@ -38,11 +38,11 @@ def test_roles_get(client): def test_roles_post(client): - assert client.post(api.url_for(RolesList), {}).status_code == 401 + assert client.post(api.url_for(RolesList), data={}).status_code == 401 def test_roles_put(client): - assert client.put(api.url_for(RolesList), {}).status_code == 405 + assert client.put(api.url_for(RolesList), data={}).status_code == 405 def test_roles_delete(client): @@ -50,7 +50,7 @@ def test_roles_delete(client): def test_roles_patch(client): - assert client.patch(api.url_for(RolesList), {}).status_code == 405 + assert client.patch(api.url_for(RolesList), data={}).status_code == 405 def test_role_credentials_get(client): @@ -58,11 +58,11 @@ def test_role_credentials_get(client): def test_role_credentials_post(client): - assert client.post(api.url_for(RoleViewCredentials, role_id=1), {}).status_code == 405 + assert client.post(api.url_for(RoleViewCredentials, role_id=1), data={}).status_code == 405 def test_role_credentials_put(client): - assert client.put(api.url_for(RoleViewCredentials, role_id=1), {}).status_code == 405 + assert client.put(api.url_for(RoleViewCredentials, role_id=1), data={}).status_code == 405 def test_role_credentials_delete(client): @@ -70,7 +70,7 @@ def test_role_credentials_delete(client): def test_role_credentials_patch(client): - assert client.patch(api.url_for(RoleViewCredentials, role_id=1), {}).status_code == 405 + assert client.patch(api.url_for(RoleViewCredentials, role_id=1), data={}).status_code == 405 def test_user_roles_get(client): @@ -78,11 +78,11 @@ def test_user_roles_get(client): def test_user_roles_post(client): - assert client.post(api.url_for(UserRolesList, user_id=1), {}).status_code == 405 + assert client.post(api.url_for(UserRolesList, user_id=1), data={}).status_code == 405 def test_user_roles_put(client): - assert client.put(api.url_for(UserRolesList, user_id=1), {}).status_code == 405 + assert client.put(api.url_for(UserRolesList, user_id=1), data={}).status_code == 405 def test_user_roles_delete(client): @@ -90,7 +90,7 @@ def test_user_roles_delete(client): def test_user_roles_patch(client): - assert client.patch(api.url_for(UserRolesList, user_id=1), {}).status_code == 405 + assert client.patch(api.url_for(UserRolesList, user_id=1), data={}).status_code == 405 def test_authority_roles_get(client): @@ -98,11 +98,11 @@ def test_authority_roles_get(client): def test_authority_roles_post(client): - assert client.post(api.url_for(AuthorityRolesList, authority_id=1), {}).status_code == 405 + assert client.post(api.url_for(AuthorityRolesList, authority_id=1), data={}).status_code == 405 def test_authority_roles_put(client): - assert client.put(api.url_for(AuthorityRolesList, authority_id=1), {}).status_code == 405 + assert client.put(api.url_for(AuthorityRolesList, authority_id=1), data={}).status_code == 405 def test_authority_roles_delete(client): @@ -110,7 +110,7 @@ def test_authority_roles_delete(client): def test_authority_roles_patch(client): - assert client.patch(api.url_for(AuthorityRolesList, authority_id=1), {}).status_code == 405 + assert client.patch(api.url_for(AuthorityRolesList, authority_id=1), data={}).status_code == 405 VALID_USER_HEADER_TOKEN = { @@ -122,7 +122,7 @@ def test_auth_role_get(client): def test_auth_role_post_(client): - assert client.post(api.url_for(Roles, role_id=1), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 405 + assert client.post(api.url_for(Roles, role_id=1), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 405 def test_auth_role_put(client): @@ -134,7 +134,7 @@ def test_auth_role_delete(client): def test_auth_role_patch(client): - assert client.patch(api.url_for(Roles, role_id=1), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 405 + assert client.patch(api.url_for(Roles, role_id=1), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 405 def test_auth_roles_get(client): @@ -142,7 +142,7 @@ def test_auth_roles_get(client): def test_auth_roles_post(client): - assert client.post(api.url_for(RolesList), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 403 + assert client.post(api.url_for(RolesList), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 403 def test_auth_role_credentials_get(client): @@ -150,11 +150,11 @@ def test_auth_role_credentials_get(client): def test_auth_role_credentials_post(client): - assert client.post(api.url_for(RoleViewCredentials, role_id=1), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 405 + assert client.post(api.url_for(RoleViewCredentials, role_id=1), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 405 def test_auth_role_credentials_put(client): - assert client.put(api.url_for(RoleViewCredentials, role_id=1), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 405 + assert client.put(api.url_for(RoleViewCredentials, role_id=1), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 405 def test_auth_role_credentials_delete(client): @@ -162,7 +162,7 @@ def test_auth_role_credentials_delete(client): def test_auth_role_credentials_patch(client): - assert client.patch(api.url_for(RoleViewCredentials, role_id=1), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 405 + assert client.patch(api.url_for(RoleViewCredentials, role_id=1), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 405 def test_auth_user_roles_get(client): @@ -170,11 +170,11 @@ def test_auth_user_roles_get(client): def test_auth_user_roles_post(client): - assert client.post(api.url_for(UserRolesList, user_id=1), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 405 + assert client.post(api.url_for(UserRolesList, user_id=1), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 405 def test_auth_user_roles_put(client): - assert client.put(api.url_for(UserRolesList, user_id=1), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 405 + assert client.put(api.url_for(UserRolesList, user_id=1), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 405 def test_auth_user_roles_delete(client): @@ -182,7 +182,7 @@ def test_auth_user_roles_delete(client): def test_auth_user_roles_patch(client): - assert client.patch(api.url_for(UserRolesList, user_id=1), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 405 + assert client.patch(api.url_for(UserRolesList, user_id=1), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 405 def test_auth_authority_roles_get(client): @@ -190,11 +190,11 @@ def test_auth_authority_roles_get(client): def test_auth_authority_roles_post(client): - assert client.post(api.url_for(AuthorityRolesList, authority_id=1), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 405 + assert client.post(api.url_for(AuthorityRolesList, authority_id=1), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 405 def test_auth_authority_roles_put(client): - assert client.put(api.url_for(AuthorityRolesList, authority_id=1), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 405 + assert client.put(api.url_for(AuthorityRolesList, authority_id=1), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 405 def test_auth_authority_roles_delete(client): @@ -202,7 +202,7 @@ def test_auth_authority_roles_delete(client): def test_auth_authority_roles_patch(client): - assert client.patch(api.url_for(AuthorityRolesList, authority_id=1), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 405 + assert client.patch(api.url_for(AuthorityRolesList, authority_id=1), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 405 VALID_ADMIN_HEADER_TOKEN = { @@ -214,7 +214,7 @@ def test_admin_role_get(client): def test_admin_role_post(client): - assert client.post(api.url_for(Roles, role_id=1), {}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405 + assert client.post(api.url_for(Roles, role_id=1), data={}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405 def test_admin_role_put(client): @@ -226,7 +226,7 @@ def test_admin_role_delete(client): def test_admin_role_patch(client): - assert client.patch(api.url_for(Roles, role_id=1), {}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405 + assert client.patch(api.url_for(Roles, role_id=1), data={}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405 def test_admin_roles_get(client): @@ -240,11 +240,11 @@ def test_admin_role_credentials_get(client): def test_admin_role_credentials_post(client): - assert client.post(api.url_for(RolesList), {}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 400 + assert client.post(api.url_for(RolesList), data={}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 400 def test_admin_role_credentials_put(client): - assert client.put(api.url_for(RolesList), {}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405 + assert client.put(api.url_for(RolesList), data={}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405 def test_admin_role_credentials_delete(client): @@ -252,7 +252,7 @@ def test_admin_role_credentials_delete(client): def test_admin_role_credentials_patch(client): - assert client.patch(api.url_for(RolesList), {}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405 + assert client.patch(api.url_for(RolesList), data={}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405 def test_admin_user_roles_get(client): @@ -260,11 +260,11 @@ def test_admin_user_roles_get(client): def test_admin_user_roles_post(client): - assert client.post(api.url_for(UserRolesList, user_id=1), {}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405 + assert client.post(api.url_for(UserRolesList, user_id=1), data={}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405 def test_admin_user_roles_put(client): - assert client.put(api.url_for(UserRolesList, user_id=1), {}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405 + assert client.put(api.url_for(UserRolesList, user_id=1), data={}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405 def test_admin_user_roles_delete(client): @@ -272,7 +272,7 @@ def test_admin_user_roles_delete(client): def test_admin_user_roles_patch(client): - assert client.patch(api.url_for(UserRolesList, user_id=1), {}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405 + assert client.patch(api.url_for(UserRolesList, user_id=1), data={}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405 def test_admin_authority_roles_get(client): @@ -280,11 +280,11 @@ def test_admin_authority_roles_get(client): def test_admin_authority_roles_post(client): - assert client.post(api.url_for(AuthorityRolesList, authority_id=1), {}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405 + assert client.post(api.url_for(AuthorityRolesList, authority_id=1), data={}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405 def test_admin_authority_roles_put(client): - assert client.put(api.url_for(AuthorityRolesList, authority_id=1), {}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405 + assert client.put(api.url_for(AuthorityRolesList, authority_id=1), data={}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405 def test_admin_authority_roles_delete(client): @@ -292,7 +292,7 @@ def test_admin_authority_roles_delete(client): def test_admin_authority_roles_patch(client): - assert client.patch(api.url_for(AuthorityRolesList, authority_id=1), {}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405 + assert client.patch(api.url_for(AuthorityRolesList, authority_id=1), data={}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405 def test_admin_roles_crud(client): diff --git a/setup.py b/setup.py index 58f3f8d2..509630cb 100644 --- a/setup.py +++ b/setup.py @@ -47,7 +47,8 @@ tests_require = [ 'pyflakes', 'moto', 'nose', - 'pytest' + 'pytest', + 'pytest-flask' ] docs_require = [