diff options
author | David Höppner <0xffea@gmail.com> | 2013-02-22 18:43:56 +0100 |
---|---|---|
committer | David Höppner <0xffea@gmail.com> | 2013-03-06 21:11:33 +0100 |
commit | b1474da1413b0334b8975875ebb584df8a1342f5 (patch) | |
tree | 4b3e2604552b72266b2ae117acffb08f93aeec3b /tests/test_cert_setup.py | |
parent | 1f7c863a9ce3df695fbc98c3a53f0e6b4d172e4d (diff) | |
download | keystone-b1474da1413b0334b8975875ebb584df8a1342f5.tar.gz keystone-b1474da1413b0334b8975875ebb584df8a1342f5.tar.xz keystone-b1474da1413b0334b8975875ebb584df8a1342f5.zip |
unable to load certificate should abort request
If openssl returns with a command line error (3), we assume
the PKI certificate is not properly installed. Added
'try ... except' blocks to cms_sign_text and cms_sign_token
calls.
Fixes: bug #1103569
Change-Id: Iad98738e990d3ab1ec0d0015840d76cf948ae560
Diffstat (limited to 'tests/test_cert_setup.py')
-rw-r--r-- | tests/test_cert_setup.py | 31 |
1 files changed, 30 insertions, 1 deletions
diff --git a/tests/test_cert_setup.py b/tests/test_cert_setup.py index b11386ed..76396fd9 100644 --- a/tests/test_cert_setup.py +++ b/tests/test_cert_setup.py @@ -19,11 +19,14 @@ import os import shutil from keystone.common import openssl +from keystone import exception from keystone import test +from keystone import token ROOTDIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) SSLDIR = "%s/tests/ssl/" % ROOTDIR CONF = test.CONF +DEFAULT_DOMAIN_ID = CONF.identity.default_domain_id def rootdir(*p): @@ -42,6 +45,29 @@ class CertSetupTestCase(test.TestCase): CONF.signing.ca_certs = os.path.join(CERTDIR, "ca.pem") CONF.signing.keyfile = os.path.join(KEYDIR, "signing_key.pem") + self.load_backends() + self.controller = token.controllers.Auth() + + def test_can_handle_missing_certs(self): + self.opt_in_group('signing', token_format='PKI') + self.opt_in_group('signing', certfile='invalid') + user = { + 'id': 'fake1', + 'name': 'fake1', + 'password': 'fake1', + 'domain_id': DEFAULT_DOMAIN_ID + } + body_dict = { + 'passwordCredentials': { + 'userId': user['id'], + 'password': user['password'], + }, + } + self.identity_api.create_user(user['id'], user) + self.assertRaises(exception.UnexpectedError, + self.controller.authenticate, + {}, body_dict) + def test_create_certs(self): ssl = openssl.ConfigurePKI(None, None) ssl.run() @@ -50,5 +76,8 @@ class CertSetupTestCase(test.TestCase): self.assertTrue(os.path.exists(CONF.signing.keyfile)) def tearDown(self): - shutil.rmtree(rootdir(SSLDIR)) + try: + shutil.rmtree(rootdir(SSLDIR)) + except OSError: + pass super(CertSetupTestCase, self).tearDown() |