Skip to content

Instantly share code, notes, and snippets.

@tbielawa

tbielawa/fixup_cert_parsing_tests.patch

Created February 28, 2017 19:20
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save tbielawa/9ba0ab93223d6d9cf9a96c9d42ce11ce to your computer and use it in GitHub Desktop.
Save tbielawa/9ba0ab93223d6d9cf9a96c9d42ce11ce to your computer and use it in GitHub Desktop.
Download ZIP
Raw
fixup_cert_parsing_tests.patch
From 21713422e20dd80e24a758ff4c700da2e4c1c3b8 Mon Sep 17 00:00:00 2001
From: Tim Bielawa <tbielawa@redhat.com>
Date: Tue, 28 Feb 2017 11:19:48 -0800
Subject: [PATCH] Add another cert parsing test
---
.../test/test_fakeopensslclasses.py | 55 +++++++++++++++++++++-
1 file changed, 53 insertions(+), 2 deletions(-)
diff --git a/roles/openshift_certificate_expiry/test/test_fakeopensslclasses.py b/roles/openshift_certificate_expiry/test/test_fakeopensslclasses.py
index 226cae3..c87655c 100644
--- a/roles/openshift_certificate_expiry/test/test_fakeopensslclasses.py
+++ b/roles/openshift_certificate_expiry/test/test_fakeopensslclasses.py
@@ -1,7 +1,7 @@
'''
Unit tests for the FakeOpenSSL classes
'''
-
+import datetime
import os
import subprocess
import sys
@@ -11,8 +11,9 @@ import pytest
module_path = os.path.join('/'.join(os.path.realpath(__file__).split('/')[:-2]), 'library')
sys.path.insert(0, module_path)
-from openshift_cert_expiry import FakeOpenSSLCertificate # noqa: E402
+from openshift_cert_expiry import FakeOpenSSLCertificate, load_and_handle_cert # noqa: E402
+cert_serials = [6, 5, 4]
@pytest.fixture(scope='module')
def fake_valid_cert(valid_cert):
@@ -77,3 +78,53 @@ def test_subject_alt_names(valid_cert, fake_valid_cert):
# Verify all dns sans are present
for name in valid_cert['dns']:
assert 'DNS:{}'.format(name) in f_san
+
+
+def test_load_and_handle_cert(valid_cert, fake_valid_cert):
+ """Params:
+
+* `valid_cert` comes from the 'valid_cert' fixture in conftest.py
+* `fake_valid_cert` comes from the `fake_valid_cert` fixture in this file
+ """
+ NOW = datetime.datetime.now()
+
+ # Verify load_and_handle accepts valid certs created for testing
+
+ # valid_cert.realpath() returns a `LocalPath` object from the
+ # `py.path` library. The string rep of this object is the actual
+ # path to the file it encapsulates.
+ valid_file_path = str(valid_cert['cert_file'])
+ with open(valid_file_path) as fp:
+ cert_string = fp.read()
+
+ (cert_subject,
+ cert_expiry_date,
+ time_remaining,
+ cert_serial) = load_and_handle_cert(cert_string, NOW)
+
+ # And this verifies we can handle fake certs
+ (fake_cert_subject,
+ fake_cert_expiry_date,
+ fake_time_remaining,
+ fake_cert_serial) = load_and_handle_cert(fake_valid_cert.cert_string, NOW)
+
+ # Do the serials match up?
+ assert fake_cert_serial == cert_serial
+
+ # We examine 3 certificates (see the test fixture wrapping
+ # `valid_cert` in conftest.py). They start with 4 and increment up
+ # to 6. This test function is ran for each certificate. As they
+ # come in, pop the last cert off the list and verify it matches
+ # the cert that was created.
+ assert cert_serial == cert_serials.pop()
+
+ # Does the date math add up?
+ assert cert_expiry_date == NOW + time_remaining
+ assert fake_cert_expiry_date == NOW + fake_time_remaining
+
+ # More testing on the results of the load_and_handle_cert function
+ # could be implemented here as well, such as verifying subjects
+ # match up.
+
+ # Additionally, we still need a way to test the case where
+ # OpenSSL.crypto isn't able to be imported.
--
2.9.3
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment