lemur/lemur/tests/test_pending_certificates.py

import json

import pytest

from marshmallow import ValidationError
from lemur.pending_certificates.views import *  # noqa
from .vectors import CSR_STR, INTERMEDIATE_CERT_STR, VALID_ADMIN_API_TOKEN, VALID_ADMIN_HEADER_TOKEN, \
    VALID_USER_HEADER_TOKEN, WILDCARD_CERT_STR


def test_increment_attempt(pending_certificate):
    from lemur.pending_certificates.service import increment_attempt
    initial_attempt = pending_certificate.number_attempts
    attempts = increment_attempt(pending_certificate)
    assert attempts == initial_attempt + 1


def test_create_pending_certificate(async_issuer_plugin, async_authority, user):
    from lemur.certificates.service import create
    pending_cert = create(authority=async_authority, csr=CSR_STR, owner='joe@example.com', creator=user['user'],
                          common_name='ACommonName')
    assert pending_cert.external_id == '12345'


def test_create_pending(pending_certificate, user, session):
    import copy
    from lemur.pending_certificates.service import create_certificate, get
    cert = {'body': WILDCARD_CERT_STR,
            'chain': INTERMEDIATE_CERT_STR,
            'external_id': '54321'}

    # Weird copy because the session behavior.  pending_certificate is a valid object but the
    # return of vars(pending_certificate) is a sessionobject, and so nothing from the pending_cert
    # is used to create the certificate.  Maybe a bug due to using vars(), and should copy every
    # field explicitly.
    pending_certificate = copy.copy(get(pending_certificate.id))
    real_cert = create_certificate(pending_certificate, cert, user['user'])
    assert real_cert.owner == pending_certificate.owner
    assert real_cert.notify == pending_certificate.notify
    assert real_cert.private_key == pending_certificate.private_key
    assert real_cert.external_id == '54321'


@pytest.mark.parametrize("token,status", [
    (VALID_USER_HEADER_TOKEN, 403),
    (VALID_ADMIN_HEADER_TOKEN, 204),
    (VALID_ADMIN_API_TOKEN, 204),
    ('', 401)
])
def test_pending_cancel(client, pending_certificate, token, status):
    assert client.delete(api.url_for(PendingCertificates, pending_certificate_id=pending_certificate.id),
                         data=json.dumps({'note': "unit test", 'send_email': False}),
                         headers=token).status_code == status


def test_pending_upload(pending_certificate_from_full_chain_ca):
    from lemur.pending_certificates.service import upload
    from lemur.certificates.service import get

    cert = {'body': WILDCARD_CERT_STR,
            'chain': None,
            'external_id': None
    }

    pending_cert = upload(pending_certificate_from_full_chain_ca.id, **cert)
    assert pending_cert.resolved
    assert get(pending_cert.resolved_cert_id)


def test_pending_upload_with_chain(pending_certificate_from_partial_chain_ca):
    from lemur.pending_certificates.service import upload
    from lemur.certificates.service import get

    cert = {'body': WILDCARD_CERT_STR,
            'chain': INTERMEDIATE_CERT_STR,
            'external_id': None
    }

    pending_cert = upload(pending_certificate_from_partial_chain_ca.id, **cert)
    assert pending_cert.resolved
    assert get(pending_cert.resolved_cert_id)


def test_invalid_pending_upload_with_chain(pending_certificate_from_partial_chain_ca):
    from lemur.pending_certificates.service import upload

    cert = {'body': WILDCARD_CERT_STR,
            'chain': None,
            'external_id': None
    }
    with pytest.raises(ValidationError) as err:
        upload(pending_certificate_from_partial_chain_ca.id, **cert)
    assert str(err.value).startswith(
        'Incorrect chain certificate(s) provided: \'*.wild.example.org\' is not signed by \'LemurTrust Unittests Root CA 2018')