From f179e74a4a8daddc26adcc1107e5f3e1c16d92e6 Mon Sep 17 00:00:00 2001 From: Charles Hendrie Date: Tue, 11 Oct 2016 00:43:23 -0500 Subject: [PATCH] Fix Java export default password generator (#441) When exporting a certificate, the password is an optional parameter. When a password is not supplied by the caller, a default password is generated by the method. The generation library creates the random password as a bytes object. The bytes object raises an error in the 'keytool' command used to export the certificate. The keytool is expecting the password to be a str object. The fix is to decode the generated password from a bytes object to a str object. The associated Java plugin tests have been updated to verify the export method returns the password as a str object. In addition, the tests have been updated to correctly test the export methods response object. The original tests treated the response as a single object. The current export methods return a tuple of data (type, password, data). In order to make the tests compatible with both Python2 and Python3, the 'six' library was used to test the password is in fact a string. --- lemur/plugins/lemur_java/plugin.py | 4 +- lemur/plugins/lemur_java/tests/test_java.py | 49 ++++++++++++++++++--- 2 files changed, 46 insertions(+), 7 deletions(-) diff --git a/lemur/plugins/lemur_java/plugin.py b/lemur/plugins/lemur_java/plugin.py index e3304d21..247ffeb4 100644 --- a/lemur/plugins/lemur_java/plugin.py +++ b/lemur/plugins/lemur_java/plugin.py @@ -178,7 +178,7 @@ class JavaTruststoreExportPlugin(ExportPlugin): if self.get_option('passphrase', options): passphrase = self.get_option('passphrase', options) else: - passphrase = Fernet.generate_key() + passphrase = Fernet.generate_key().decode('utf-8') with mktemppath() as jks_tmp: create_truststore(body, chain, jks_tmp, alias, passphrase) @@ -228,7 +228,7 @@ class JavaKeystoreExportPlugin(ExportPlugin): if self.get_option('passphrase', options): passphrase = self.get_option('passphrase', options) else: - passphrase = Fernet.generate_key() + passphrase = Fernet.generate_key().decode('utf-8') if self.get_option('alias', options): alias = self.get_option('alias', options) diff --git a/lemur/plugins/lemur_java/tests/test_java.py b/lemur/plugins/lemur_java/tests/test_java.py index c4d18be6..6df7ff1c 100644 --- a/lemur/plugins/lemur_java/tests/test_java.py +++ b/lemur/plugins/lemur_java/tests/test_java.py @@ -1,21 +1,60 @@ import pytest +import six + from lemur.tests.vectors import INTERNAL_CERTIFICATE_A_STR, INTERNAL_PRIVATE_KEY_A_STR -def test_export_certificate_to_jks(app): +def test_export_truststore(app): from lemur.plugins.base import plugins + p = plugins.get('java-truststore-jks') options = [{'name': 'passphrase', 'value': 'test1234'}] - raw = p.export(INTERNAL_CERTIFICATE_A_STR, "", "", options) - assert raw != b"" + actual = p.export(INTERNAL_CERTIFICATE_A_STR, "", "", options) + + assert actual[0] == 'jks' + assert actual[1] == 'test1234' + assert isinstance(actual[2], bytes) + + +def test_export_truststore_default_password(app): + from lemur.plugins.base import plugins + + p = plugins.get('java-truststore-jks') + options = [] + actual = p.export(INTERNAL_CERTIFICATE_A_STR, "", "", options) + + assert actual[0] == 'jks' + assert isinstance(actual[1], str) + assert isinstance(actual[2], bytes) def test_export_keystore(app): from lemur.plugins.base import plugins + p = plugins.get('java-keystore-jks') options = [{'name': 'passphrase', 'value': 'test1234'}] + with pytest.raises(Exception): p.export(INTERNAL_CERTIFICATE_A_STR, "", "", options) - raw = p.export(INTERNAL_CERTIFICATE_A_STR, "", INTERNAL_PRIVATE_KEY_A_STR, options) - assert raw != b"" + actual = p.export(INTERNAL_CERTIFICATE_A_STR, "", INTERNAL_PRIVATE_KEY_A_STR, options) + + assert actual[0] == 'jks' + assert actual[1] == 'test1234' + assert isinstance(actual[2], bytes) + + +def test_export_keystore_default_password(app): + from lemur.plugins.base import plugins + + p = plugins.get('java-keystore-jks') + options = [] + + with pytest.raises(Exception): + p.export(INTERNAL_CERTIFICATE_A_STR, "", "", options) + + actual = p.export(INTERNAL_CERTIFICATE_A_STR, "", INTERNAL_PRIVATE_KEY_A_STR, options) + + assert actual[0] == 'jks' + assert isinstance(actual[1], six.string_types) + assert isinstance(actual[2], bytes)