]>
git.ipfire.org Git - thirdparty/pdns.git/blob - regression-tests.api/test_cryptokeys.py
6 from test_helper
import ApiTestCase
, is_auth
, pdnsutil
, unique_zone_name
8 @unittest.skipIf(not is_auth(), "Not applicable")
9 class Cryptokeys(ApiTestCase
):
12 super(Cryptokeys
, self
).setUp()
14 self
.zone
= unique_zone_name()
15 self
.zone_nodot
= self
.zone
[:-1]
19 'nameservers': ['ns1.example.com.', 'ns2.example.com.']
21 r
= self
.session
.post(
22 self
.url("/api/v1/servers/localhost/zones"),
23 data
=json
.dumps(payload
),
24 headers
={'content-type': 'application/json'})
25 self
.assert_success_json(r
)
26 self
.assertEqual(r
.status_code
, 201)
29 super(Cryptokeys
, self
).tearDown()
30 self
.remove_zone_key(self
.keyid
)
32 # Adding a key to self.zone using the pdnsutil command
33 def add_zone_key(self
, status
=['inactive']):
34 return pdnsutil("add-zone-key", self
.zone_nodot
, "ksk", *status
)
36 # Removes a key from self.zone by id using the pdnsutil command
37 def remove_zone_key(self
, key_id
):
38 return pdnsutil("remove-zone-key", self
.zone_nodot
, str(key_id
))
40 # This method tests the DELETE api call.
41 def test_delete(self
):
42 self
.keyid
= self
.add_zone_key()
44 #checks the status code. I don't know how to test explicit that the backend fail removing a key.
45 r
= self
.session
.delete(self
.url("/api/v1/servers/localhost/zones/"+self
.zone
+"/cryptokeys/"+self
.keyid
))
46 self
.assertEqual(r
.status_code
, 204)
47 self
.assertEqual(r
.content
, b
"")
49 # Check that the key is actually deleted
50 out
= pdnsutil("list-keys", self
.zone
)
51 self
.assertNotIn(self
.zone
, out
)
53 def test_get_wrong_zone(self
):
54 self
.keyid
= self
.add_zone_key()
55 r
= self
.session
.get(self
.url("/api/v1/servers/localhost/zones/"+self
.zone
+"fail/cryptokeys/"+self
.keyid
))
56 self
.assertEqual(r
.status_code
, 404)
58 def test_delete_wrong_id(self
):
59 self
.keyid
= self
.add_zone_key()
60 r
= self
.session
.delete(self
.url("/api/v1/servers/localhost/zones/"+self
.zone
+"/cryptokeys/1234567"))
61 self
.assertEqual(r
.status_code
, 404)
63 def test_delete_wrong_zone(self
):
64 self
.keyid
= self
.add_zone_key()
65 #checks for not covered zonename
66 r
= self
.session
.delete(self
.url("/api/v1/servers/localhost/zones/"+self
.zone
+"fail/cryptokeys/"+self
.keyid
))
67 self
.assertEqual(r
.status_code
, 404)
69 def test_delete_key_is_gone(self
):
70 self
.keyid
= self
.add_zone_key()
71 self
.remove_zone_key(self
.keyid
)
72 #checks for key is gone. Its ok even if no key had to be deleted. Or something went wrong with the backend.
73 r
= self
.session
.delete(self
.url("/api/v1/servers/localhost/zones/"+self
.zone
+"/cryptokeys/"+self
.keyid
))
74 self
.assertEqual(r
.status_code
, 404)
76 # Prepares the json object for Post and sends it to the server
77 def add_key(self
, content
='', type='ksk', active
='true', algo
='', bits
=None):
83 payload
['algorithm'] = algo
85 payload
['bits'] = bits
87 payload
['content'] = content
88 print("create key with payload:", payload
)
89 r
= self
.session
.post(
90 self
.url("/api/v1/servers/localhost/zones/"+self
.zone
+"/cryptokeys"),
91 data
=json
.dumps(payload
),
92 headers
={'content-type': 'application/json'})
96 # Test POST for a positive result and delete the added key
97 def post_helper(self
, content
='', algo
='', bits
=None):
98 r
= self
.add_key(content
=content
, algo
=algo
, bits
=bits
)
99 self
.assert_success_json(r
)
100 self
.assertEqual(r
.status_code
, 201)
102 # Only a ksk added, so expected type is csk
103 self
.assertEqual(response
['keytype'], 'csk')
104 self
.keyid
= response
['id']
105 # Check if the key is actually added
106 out
= pdnsutil("list-keys", self
.zone_nodot
)
107 self
.assertIn(self
.zone_nodot
, out
)
109 # Test POST to add a key with default algorithm
113 # Test POST to add a key with specific algorithm number
114 def test_post_specific_number(self
):
115 self
.post_helper(algo
=10, bits
=1024)
117 # Test POST to add a key with specific name and bits
118 def test_post_specific_name_bits(self
):
119 self
.post_helper(algo
="rsasha256", bits
=2048)
121 # Test POST to add a key with specific name
122 def test_post_specific_name(self
):
123 self
.post_helper(algo
='ecdsa256')
125 # Test POST to add a private key from external resource
126 def test_post_content(self
):
127 self
.post_helper(content
="Private-key-format: v1.2\n"+
128 "Algorithm: 8 (RSASHA256)\n"+
129 "Modulus: 4GlYLGgDI7ohnP8SmEW8EBERbNRusDcg0VQda/EPVHU=\n"+
130 "PublicExponent: AQAB\n"+
131 "PrivateExponent: JBnuXF5zOtkjtSz3odV+Fk5UNUTTeCsiI16dkcM7TVU=\n"+
132 "Prime1: /w7TM4118RoSEvP8+dgnCw==\n"+
133 "Prime2: 4T2KhkYLa3w7rdK3Cb2ifw==\n"+
134 "Exponent1: 3aeKj9Ct4JuhfWsgPBhGxQ==\n"+
135 "Exponent2: tfh1OMPQKBdnU6iATjNR2w==\n"+
136 "Coefficient: eVrHe/kauqOewSKndIImrg==)\n")
138 def test_post_wrong_key_format(self
):
139 r
= self
.add_key(content
="trollololoooolll")
140 self
.assert_error_json(r
)
141 self
.assertEqual(r
.status_code
, 422)
142 self
.assertIn("Key could not be parsed. Make sure your key format is correct.",r
.json()['error'])
144 def test_post_wrong_keytype(self
):
145 r
= self
.add_key(type='sdfdhhgj')
146 self
.assert_error_json(r
)
147 self
.assertEqual(r
.status_code
, 422)
148 self
.assertIn("Invalid keytype",r
.json()['error'])
150 def test_post_wrong_bits_format(self
):
151 r
= self
.add_key(bits
='sdfdhhgj')
152 self
.assert_error_json(r
)
153 self
.assertEqual(r
.status_code
, 422)
154 self
.assertIn("'bits' must be a positive integer value",r
.json()['error'])
156 r
= self
.add_key(bits
='5.5')
157 self
.assert_error_json(r
)
158 self
.assertEqual(r
.status_code
, 422)
159 self
.assertIn("'bits' must be a positive integer value",r
.json()['error'])
161 r
= self
.add_key(bits
='-6')
162 self
.assert_error_json(r
)
163 self
.assertEqual(r
.status_code
, 422)
164 self
.assertIn("'bits' must be a positive integer value",r
.json()['error'])
166 def test_post_unsupported_algorithm(self
):
167 r
= self
.add_key(algo
='lkjhgf')
168 self
.assert_error_json(r
)
169 self
.assertEqual(r
.status_code
, 422)
170 self
.assertIn("Unknown algorithm:",r
.json()['error'])
172 def test_post_forgot_bits(self
):
173 r
= self
.add_key(algo
="rsasha256")
174 self
.assert_error_json(r
)
175 self
.assertEqual(r
.status_code
, 422)
176 self
.assertIn("key requires the size (in bits) to be passed", r
.json()['error'])
178 def test_post_wrong_bit_size(self
):
179 r
= self
.add_key(algo
=10, bits
=30)
180 self
.assert_error_json(r
)
181 self
.assertEqual(r
.status_code
,422)
182 self
.assertIn("The algorithm does not support the given bit size.", r
.json()['error'])
184 def test_post_can_not_guess_key_size(self
):
185 r
= self
.add_key(algo
=17)
186 self
.assert_error_json(r
)
187 self
.assertEqual(r
.status_code
,422)
188 self
.assertIn("Can not guess key size for algorithm", r
.json()['error'])
190 def test_put_activate_key(self
):
191 self
.keyid
= self
.add_zone_key()
197 r
= self
.session
.put(
198 self
.url("/api/v1/servers/localhost/zones/"+self
.zone
+"/cryptokeys/"+self
.keyid
),
199 data
=json
.dumps(payload
),
200 headers
={'content-type': 'application/json'})
201 self
.assertEqual(r
.status_code
, 204)
202 self
.assertEqual(r
.content
, b
"")
204 # check if key is activated
205 out
= pdnsutil("show-zone", self
.zone_nodot
)
206 self
.assertIn("Active", out
)
208 def test_put_deactivate_key(self
):
209 self
.keyid
= self
.add_zone_key(status
=['active'])
216 r
= self
.session
.put(
217 self
.url("/api/v1/servers/localhost/zones/"+self
.zone
+"/cryptokeys/"+self
.keyid
),
218 data
=json
.dumps(payload2
),
219 headers
={'content-type': 'application/json'})
220 self
.assertEqual(r
.status_code
, 204)
221 self
.assertEqual(r
.content
, b
"")
223 # check if key is deactivated
224 out
= pdnsutil("show-zone", self
.zone_nodot
)
225 self
.assertIn("Inactive", out
)
227 def test_put_deactivate_inactive_key(self
):
228 self
.keyid
= self
.add_zone_key()
236 r
= self
.session
.put(
237 self
.url("/api/v1/servers/localhost/zones/"+self
.zone
+"/cryptokeys/"+self
.keyid
),
238 data
=json
.dumps(payload
),
239 headers
={'content-type': 'application/json'})
240 self
.assertEqual(r
.status_code
, 204)
241 self
.assertEqual(r
.content
, b
"")
243 # check if key is still deactivated
244 out
= pdnsutil("show-zone", self
.zone_nodot
)
245 self
.assertIn("Inactive", out
)
247 def test_put_activate_active_key(self
):
248 self
.keyid
= self
.add_zone_key(status
=['active'])
255 r
= self
.session
.put(
256 self
.url("/api/v1/servers/localhost/zones/"+self
.zone
+"/cryptokeys/"+self
.keyid
),
257 data
=json
.dumps(payload2
),
258 headers
={'content-type': 'application/json'})
259 self
.assertEqual(r
.status_code
, 204)
260 self
.assertEqual(r
.content
, b
"")
262 # check if key is activated
263 out
= pdnsutil("show-zone", self
.zone_nodot
)
264 self
.assertIn("Active", out
)
266 def test_put_unpublish_key(self
):
267 self
.keyid
= self
.add_zone_key(status
=['active'])
273 r
= self
.session
.put(
274 self
.url("/api/v1/servers/localhost/zones/"+self
.zone
+"/cryptokeys/"+self
.keyid
),
275 data
=json
.dumps(payload
),
276 headers
={'content-type': 'application/json'})
277 self
.assertEqual(r
.status_code
, 204)
278 self
.assertEqual(r
.content
, b
"")
280 # check if key is activated
281 out
= pdnsutil("show-zone", self
.zone_nodot
)
282 self
.assertIn("Unpublished", out
)
284 def test_put_publish_key(self
):
285 self
.keyid
= self
.add_zone_key(status
=['active', 'unpublished'])
292 r
= self
.session
.put(
293 self
.url("/api/v1/servers/localhost/zones/"+self
.zone
+"/cryptokeys/"+self
.keyid
),
294 data
=json
.dumps(payload2
),
295 headers
={'content-type': 'application/json'})
296 self
.assertEqual(r
.status_code
, 204)
297 self
.assertEqual(r
.content
, b
"")
299 # check if key is deactivated
300 out
= pdnsutil("show-zone", self
.zone_nodot
)
301 self
.assertIn("Published", out
)
303 def test_put_publish_published_key(self
):
304 self
.keyid
= self
.add_zone_key(status
=['active'])
312 r
= self
.session
.put(
313 self
.url("/api/v1/servers/localhost/zones/"+self
.zone
+"/cryptokeys/"+self
.keyid
),
314 data
=json
.dumps(payload
),
315 headers
={'content-type': 'application/json'})
316 self
.assertEqual(r
.status_code
, 204)
317 self
.assertEqual(r
.content
, b
"")
319 # check if key is still deactivated
320 out
= pdnsutil("show-zone", self
.zone_nodot
)
321 self
.assertIn("Published", out
)
323 def test_put_unpublish_unpublished_key(self
):
324 self
.keyid
= self
.add_zone_key(status
=['active', 'unpublished'])
331 r
= self
.session
.put(
332 self
.url("/api/v1/servers/localhost/zones/"+self
.zone
+"/cryptokeys/"+self
.keyid
),
333 data
=json
.dumps(payload2
),
334 headers
={'content-type': 'application/json'})
335 self
.assertEqual(r
.status_code
, 204)
336 self
.assertEqual(r
.content
, b
"")
338 # check if key is activated
339 out
= pdnsutil("show-zone", self
.zone_nodot
)
340 self
.assertIn("Unpublished", out
)