From 032f3e8f642a9edde35d0cfa8fdbc30a70ab5c4d Mon Sep 17 00:00:00 2001 From: Liam Marshall Date: Sun, 4 Oct 2015 15:00:57 -0500 Subject: [PATCH 1/7] crypto_util: test _pyopenssl_load --- letsencrypt/tests/crypto_util_test.py | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/letsencrypt/tests/crypto_util_test.py b/letsencrypt/tests/crypto_util_test.py index b4d2aa394..91c1160a0 100644 --- a/letsencrypt/tests/crypto_util_test.py +++ b/letsencrypt/tests/crypto_util_test.py @@ -212,6 +212,17 @@ class GetSANsFromCSRTest(unittest.TestCase): self.assertEqual( [], self._call(test_util.load_vector('csr-nosans.pem'))) +class PyOpenSslLoaderTest(unittest.TestCase): + def test_pyopenssl_load(self): + from letsencrypt.crypto_util import _pyopenssl_load + + method_mock = mock.MagicMock() + fake_data = "this is test data" + fake_types = ('fake loading type',) + _pyopenssl_load(fake_data, method_mock, fake_types) + method_mock.assert_called_with(fake_types[0], fake_data) + + if __name__ == '__main__': unittest.main() # pragma: no cover From 7b2d40ce552c89a9d2c7bf1a94be66372497a006 Mon Sep 17 00:00:00 2001 From: Liam Marshall Date: Sun, 4 Oct 2015 15:34:57 -0500 Subject: [PATCH 2/7] crypto_util: test pyopenssl_load_certificate(...) --- letsencrypt/tests/crypto_util_test.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/letsencrypt/tests/crypto_util_test.py b/letsencrypt/tests/crypto_util_test.py index 91c1160a0..9ad36c83b 100644 --- a/letsencrypt/tests/crypto_util_test.py +++ b/letsencrypt/tests/crypto_util_test.py @@ -222,7 +222,13 @@ class PyOpenSslLoaderTest(unittest.TestCase): _pyopenssl_load(fake_data, method_mock, fake_types) method_mock.assert_called_with(fake_types[0], fake_data) +class CertLoaderTest(unittest.TestCase): + def test_it(self): + from letsencrypt.crypto_util import pyopenssl_load_certificate + cert, file_type = pyopenssl_load_certificate(CERT) + self.assertEqual(cert.digest('sha1'), + OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, CERT).digest('sha1')) if __name__ == '__main__': unittest.main() # pragma: no cover From aa15fae11d9ec80ecce250c53d5028ed875885d3 Mon Sep 17 00:00:00 2001 From: Liam Marshall Date: Sun, 4 Oct 2015 15:37:10 -0500 Subject: [PATCH 3/7] crypto_util: merge _pyopenssl_load into pyopenssl_load_certificate --- letsencrypt/crypto_util.py | 24 +++++++++++------------- letsencrypt/tests/crypto_util_test.py | 12 +++--------- 2 files changed, 14 insertions(+), 22 deletions(-) diff --git a/letsencrypt/crypto_util.py b/letsencrypt/crypto_util.py index 79cd24ed6..eac0530aa 100644 --- a/letsencrypt/crypto_util.py +++ b/letsencrypt/crypto_util.py @@ -201,25 +201,23 @@ def valid_privkey(privkey): return False -def _pyopenssl_load(data, method, types=( - OpenSSL.crypto.FILETYPE_PEM, OpenSSL.crypto.FILETYPE_ASN1)): - openssl_errors = [] - for filetype in types: - try: - return method(filetype, data), filetype - except OpenSSL.crypto.Error as error: # TODO: anything else? - openssl_errors.append(error) - raise errors.Error("Unable to load: {0}".format(",".join( - str(error) for error in openssl_errors))) - - def pyopenssl_load_certificate(data): """Load PEM/DER certificate. :raises errors.Error: """ - return _pyopenssl_load(data, OpenSSL.crypto.load_certificate) + + openssl_errors = [] + + for file_type in (OpenSSL.crypto.FILETYPE_PEM, OpenSSL.crypto.FILETYPE_ASN1): + try: + return OpenSSL.crypto.load_certificate(file_type, data), file_type + except OpenSSL.crypto.Error as error: # TODO: other errors? + openssl_errors.append(error) + raise errors.Error("Unable to load: {0}".format(",".join( + str(error) for error in openssl_errors))) + def _get_sans_from_cert_or_req( diff --git a/letsencrypt/tests/crypto_util_test.py b/letsencrypt/tests/crypto_util_test.py index 9ad36c83b..8ac8a0adc 100644 --- a/letsencrypt/tests/crypto_util_test.py +++ b/letsencrypt/tests/crypto_util_test.py @@ -212,17 +212,10 @@ class GetSANsFromCSRTest(unittest.TestCase): self.assertEqual( [], self._call(test_util.load_vector('csr-nosans.pem'))) -class PyOpenSslLoaderTest(unittest.TestCase): - def test_pyopenssl_load(self): - from letsencrypt.crypto_util import _pyopenssl_load - - method_mock = mock.MagicMock() - fake_data = "this is test data" - fake_types = ('fake loading type',) - _pyopenssl_load(fake_data, method_mock, fake_types) - method_mock.assert_called_with(fake_types[0], fake_data) class CertLoaderTest(unittest.TestCase): + """Tests for letsencrypt.crypto_util.pyopenssl_load_certificate""" + def test_it(self): from letsencrypt.crypto_util import pyopenssl_load_certificate @@ -230,5 +223,6 @@ class CertLoaderTest(unittest.TestCase): self.assertEqual(cert.digest('sha1'), OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, CERT).digest('sha1')) + if __name__ == '__main__': unittest.main() # pragma: no cover From 7b50f5d9bf02c2cc69298c601098901a4741deb3 Mon Sep 17 00:00:00 2001 From: Liam Marshall Date: Sun, 4 Oct 2015 15:42:05 -0500 Subject: [PATCH 4/7] Make pep8 happy --- letsencrypt/crypto_util.py | 7 +++---- letsencrypt/tests/crypto_util_test.py | 2 +- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/letsencrypt/crypto_util.py b/letsencrypt/crypto_util.py index eac0530aa..777b4d006 100644 --- a/letsencrypt/crypto_util.py +++ b/letsencrypt/crypto_util.py @@ -213,15 +213,14 @@ def pyopenssl_load_certificate(data): for file_type in (OpenSSL.crypto.FILETYPE_PEM, OpenSSL.crypto.FILETYPE_ASN1): try: return OpenSSL.crypto.load_certificate(file_type, data), file_type - except OpenSSL.crypto.Error as error: # TODO: other errors? + except OpenSSL.crypto.Error as error: # TODO: other errors? openssl_errors.append(error) raise errors.Error("Unable to load: {0}".format(",".join( str(error) for error in openssl_errors))) - -def _get_sans_from_cert_or_req( - cert_or_req_str, load_func, typ=OpenSSL.crypto.FILETYPE_PEM): +def _get_sans_from_cert_or_req(cert_or_req_str, load_func, + typ=OpenSSL.crypto.FILETYPE_PEM): try: cert_or_req = load_func(typ, cert_or_req_str) except OpenSSL.crypto.Error as error: diff --git a/letsencrypt/tests/crypto_util_test.py b/letsencrypt/tests/crypto_util_test.py index 8ac8a0adc..b0c8c4482 100644 --- a/letsencrypt/tests/crypto_util_test.py +++ b/letsencrypt/tests/crypto_util_test.py @@ -221,7 +221,7 @@ class CertLoaderTest(unittest.TestCase): cert, file_type = pyopenssl_load_certificate(CERT) self.assertEqual(cert.digest('sha1'), - OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, CERT).digest('sha1')) + OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, CERT).digest('sha1')) if __name__ == '__main__': From b3bd71b42446d4ea5762c568e4256058791e54bf Mon Sep 17 00:00:00 2001 From: Liam Marshall Date: Sun, 4 Oct 2015 15:43:51 -0500 Subject: [PATCH 5/7] Use previously-returned file_type in assertion --- letsencrypt/tests/crypto_util_test.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/letsencrypt/tests/crypto_util_test.py b/letsencrypt/tests/crypto_util_test.py index b0c8c4482..c5b298e85 100644 --- a/letsencrypt/tests/crypto_util_test.py +++ b/letsencrypt/tests/crypto_util_test.py @@ -221,7 +221,7 @@ class CertLoaderTest(unittest.TestCase): cert, file_type = pyopenssl_load_certificate(CERT) self.assertEqual(cert.digest('sha1'), - OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, CERT).digest('sha1')) + OpenSSL.crypto.load_certificate(file_type, CERT).digest('sha1')) if __name__ == '__main__': From 9c8f09ec43e9ab84a0434e0a4a9bd9c833d0937d Mon Sep 17 00:00:00 2001 From: Liam Marshall Date: Sun, 4 Oct 2015 15:49:56 -0500 Subject: [PATCH 6/7] Test that loading an invalid cert throws an error --- letsencrypt/tests/crypto_util_test.py | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/letsencrypt/tests/crypto_util_test.py b/letsencrypt/tests/crypto_util_test.py index c5b298e85..e5217505d 100644 --- a/letsencrypt/tests/crypto_util_test.py +++ b/letsencrypt/tests/crypto_util_test.py @@ -8,6 +8,7 @@ import OpenSSL import mock import zope.component +from letsencrypt import errors from letsencrypt import interfaces from letsencrypt.tests import test_util @@ -216,13 +217,20 @@ class GetSANsFromCSRTest(unittest.TestCase): class CertLoaderTest(unittest.TestCase): """Tests for letsencrypt.crypto_util.pyopenssl_load_certificate""" - def test_it(self): + def test_load_valid_cert(self): from letsencrypt.crypto_util import pyopenssl_load_certificate cert, file_type = pyopenssl_load_certificate(CERT) self.assertEqual(cert.digest('sha1'), OpenSSL.crypto.load_certificate(file_type, CERT).digest('sha1')) + def test_load_invalid_cert(self): + from letsencrypt.crypto_util import pyopenssl_load_certificate + bad_cert_data = CERT.replace("BEGIN CERTIFICATE", "ASDFASDFASDF!!!") + + with self.assertRaises(errors.Error): + cert, file_type = pyopenssl_load_certificate(bad_cert_data) + if __name__ == '__main__': unittest.main() # pragma: no cover From 917a6d63734b63400e9bcf038ccf7d62853ec254 Mon Sep 17 00:00:00 2001 From: Liam Marshall Date: Sun, 4 Oct 2015 15:56:40 -0500 Subject: [PATCH 7/7] Make lint happy, remove unused variables from crypto_util_test --- letsencrypt/tests/crypto_util_test.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/letsencrypt/tests/crypto_util_test.py b/letsencrypt/tests/crypto_util_test.py index e5217505d..2e04c748a 100644 --- a/letsencrypt/tests/crypto_util_test.py +++ b/letsencrypt/tests/crypto_util_test.py @@ -229,7 +229,7 @@ class CertLoaderTest(unittest.TestCase): bad_cert_data = CERT.replace("BEGIN CERTIFICATE", "ASDFASDFASDF!!!") with self.assertRaises(errors.Error): - cert, file_type = pyopenssl_load_certificate(bad_cert_data) + pyopenssl_load_certificate(bad_cert_data) if __name__ == '__main__':