]>
git.ipfire.org Git - thirdparty/pdns.git/blob - regression-tests.api/test_cryptokeys.py
6 from test_helper
import ApiTestCase
, is_auth
8 @unittest.skipIf(not is_auth(), "Not applicable")
9 class Cryptokeys(ApiTestCase
):
11 def __init__(self
, *args
, **kwds
):
12 super(Cryptokeys
, self
).__init
__(*args
, **kwds
)
14 self
.zone
= "cryptokeys.org"
17 super(Cryptokeys
,self
).tearDown()
18 self
.remove_zone_key(self
.keyid
)
20 # Adding a key to self.zone using the pdnsutil command
21 def add_zone_key(self
, status
='inactive'):
23 return subprocess
.check_output(["../pdns/pdnsutil", "--config-dir=.", "add-zone-key", self
.zone
, "ksk", status
], stderr
=open(os
.devnull
, 'wb'))
24 except subprocess
.CalledProcessError
as e
:
25 self
.fail("pdnsutil add-zone-key failed: "+e
.output
)
27 # Removes a key from self.zone by id using the pdnsutil command
28 def remove_zone_key(self
, key_id
):
30 subprocess
.check_output(["../pdns/pdnsutil", "--config-dir=.", "remove-zone-key", self
.zone
, str(key_id
)])
31 except subprocess
.CalledProcessError
as e
:
32 self
.fail("pdnsutil remove-zone-key failed: "+e
.output
)
34 # This method tests the DELETE api call.
35 def test_delete(self
):
36 self
.keyid
= self
.add_zone_key()
38 #checks the status code. I don't know how to test explicit that the backend fail removing a key.
39 r
= self
.session
.delete(self
.url("/api/v1/servers/localhost/zones/"+self
.zone
+"/cryptokeys/"+self
.keyid
))
40 self
.assertEquals(r
.status_code
, 200)
41 self
.assertEquals(r
.content
, "")
43 # Check that the key is actually deleted
45 out
= subprocess
.check_output(["../pdns/pdnsutil", "--config-dir=.", "list-keys", self
.zone
])
46 self
.assertNotIn(self
.zone
, out
)
47 except subprocess
.CalledProcessError
as e
:
48 self
.fail("pdnsutil list-keys failed: " + e
.output
)
50 def test_delete_wrong_zone(self
):
51 self
.keyid
= self
.add_zone_key()
52 #checks for not covered zonename
53 r
= self
.session
.delete(self
.url("/api/v1/servers/localhost/zones/"+self
.zone
+"fail/cryptokeys/"+self
.keyid
))
54 self
.assertEquals(r
.status_code
, 400)
56 def test_delete_key_is_gone(self
):
57 self
.keyid
= self
.add_zone_key()
58 self
.remove_zone_key(self
.keyid
)
59 #checks for key is gone. Its ok even if no key had to be deleted. Or something went wrong with the backend.
60 r
= self
.session
.delete(self
.url("/api/v1/servers/localhost/zones/"+self
.zone
+"/cryptokeys/"+self
.keyid
))
61 self
.assertEquals(r
.status_code
, 200)
62 self
.assertEquals(r
.content
, "")
64 # Prepares the json object for Post and sends it to the server
65 def add_key(self
, content
='', type='ksk', active
='true' , algo
='', bits
=0):
78 payload
['bits'] = bits
80 payload
['content'] = content
81 r
= self
.session
.post(
82 self
.url("/api/v1/servers/localhost/zones/"+self
.zone
+"/cryptokeys"),
83 data
=json
.dumps(payload
),
84 headers
={'content-type': 'application/json'})
88 # Test POST for a positive result and delete the added key
89 def post_helper(self
,content
='', algo
='', bits
=0):
90 r
= self
.add_key(content
=content
, algo
=algo
, bits
=bits
)
91 self
.assert_success_json(r
)
92 self
.assertEquals(r
.status_code
, 201)
94 # Only a ksk added, so expected type is csk
95 self
.assertEquals(response
['keytype'], 'csk')
96 self
.keyid
= response
['id']
97 # Check if the key is actually added
99 out
= subprocess
.check_output(["../pdns/pdnsutil", "--config-dir=.", "list-keys", self
.zone
])
100 self
.assertIn(self
.zone
, out
)
101 except subprocess
.CalledProcessError
as e
:
102 self
.fail("pdnsutil list-keys failed: " + e
.output
)
104 # Test POST to add a key with default algorithm
108 # Test POST to add a key with specific algorithm number
109 def test_post_specific_number(self
):
110 self
.post_helper(algo
=10, bits
=512)
112 # Test POST to add a key with specific name and bits
113 def test_post_specific_name_bits(self
):
114 self
.post_helper(algo
="rsasha256", bits
=256)
116 # Test POST to add a key with specific name
117 def test_post_specific_name(self
):
118 self
.post_helper(algo
='ecdsa256')
120 # Test POST to add a private key from external resource
121 def test_post_content(self
):
122 self
.post_helper(content
="Private-key-format: v1.2\n"+
123 "Algorithm: 8 (RSASHA256)\n"+
124 "Modulus: 4GlYLGgDI7ohnP8SmEW8EBERbNRusDcg0VQda/EPVHU=\n"+
125 "PublicExponent: AQAB\n"+
126 "PrivateExponent: JBnuXF5zOtkjtSz3odV+Fk5UNUTTeCsiI16dkcM7TVU=\n"+
127 "Prime1: /w7TM4118RoSEvP8+dgnCw==\n"+
128 "Prime2: 4T2KhkYLa3w7rdK3Cb2ifw==\n"+
129 "Exponent1: 3aeKj9Ct4JuhfWsgPBhGxQ==\n"+
130 "Exponent2: tfh1OMPQKBdnU6iATjNR2w==\n"+
131 "Coefficient: eVrHe/kauqOewSKndIImrg==)\n")
133 def test_post_wrong_key_format(self
):
134 r
= self
.add_key(content
="trollololoooolll")
135 self
.assert_error_json(r
)
136 self
.assertEquals(r
.status_code
, 422)
137 self
.assertIn("Key could not be parsed. Make sure your key format is correct.",r
.json()['error'])
139 def test_post_wrong_keytype(self
):
140 r
= self
.add_key(type='sdfdhhgj')
141 self
.assert_error_json(r
)
142 self
.assertEquals(r
.status_code
, 422)
143 self
.assertIn("Invalid keytype",r
.json()['error'])
145 def test_post_wrong_bits_format(self
):
146 r
= self
.add_key(bits
='sdfdhhgj')
147 self
.assert_error_json(r
)
148 self
.assertEquals(r
.status_code
, 422)
149 self
.assertIn("'bits' must be a positive integer value",r
.json()['error'])
151 r
= self
.add_key(bits
='5.5')
152 self
.assert_error_json(r
)
153 self
.assertEquals(r
.status_code
, 422)
154 self
.assertIn("'bits' must be a positive integer value",r
.json()['error'])
156 r
= self
.add_key(bits
='-6')
157 self
.assert_error_json(r
)
158 self
.assertEquals(r
.status_code
, 422)
159 self
.assertIn("'bits' must be a positive integer value",r
.json()['error'])
161 def test_post_unsupported_algorithm(self
):
162 r
= self
.add_key(algo
='lkjhgf')
163 self
.assert_error_json(r
)
164 self
.assertEquals(r
.status_code
, 422)
165 self
.assertIn("Unknown algorithm:",r
.json()['error'])
167 def test_post_forgot_bits(self
):
168 r
= self
.add_key(algo
="rsasha256")
169 self
.assert_error_json(r
)
170 self
.assertEquals(r
.status_code
, 422)
171 self
.assertIn("key requires the size (in bits) to be passed", r
.json()['error'])
173 def test_post_wrong_bit_size(self
):
174 r
= self
.add_key(algo
=10, bits
=30)
175 self
.assert_error_json(r
)
176 self
.assertEquals(r
.status_code
,422)
177 self
.assertIn("The algorithm does not support the given bit size.", r
.json()['error'])
179 def test_post_can_not_guess_key_size(self
):
180 r
= self
.add_key(algo
=17)
181 self
.assert_error_json(r
)
182 self
.assertEquals(r
.status_code
,422)
183 self
.assertIn("Can not guess key size for algorithm", r
.json()['error'])
185 def test_put_activate_key(self
):
186 self
.keyid
= self
.add_zone_key()
191 r
= self
.session
.put(
192 self
.url("/api/v1/servers/localhost/zones/"+self
.zone
+"/cryptokeys/"+self
.keyid
),
193 data
=json
.dumps(payload
),
194 headers
={'content-type': 'application/json'})
195 self
.assertEquals(r
.status_code
, 204)
196 self
.assertEquals(r
.content
, "")
198 # check if key is activated
200 out
= subprocess
.check_output(["../pdns/pdnsutil", "--config-dir=.", "show-zone", self
.zone
])
201 self
.assertIn("Active", out
)
202 except subprocess
.CalledProcessError
as e
:
203 self
.fail("pdnsutil show-zone failed: " + e
.output
)
205 def test_put_deactivate_key(self
):
206 self
.keyid
= self
.add_zone_key(status
='active')
212 r
= self
.session
.put(
213 self
.url("/api/v1/servers/localhost/zones/"+self
.zone
+"/cryptokeys/"+self
.keyid
),
214 data
=json
.dumps(payload2
),
215 headers
={'content-type': 'application/json'})
216 self
.assertEquals(r
.status_code
, 204)
217 self
.assertEquals(r
.content
, "")
219 # check if key is deactivated
221 out
= subprocess
.check_output(["../pdns/pdnsutil", "--config-dir=.", "show-zone", self
.zone
])
222 self
.assertIn("Inactive", out
)
223 except subprocess
.CalledProcessError
as e
:
224 self
.fail("pdnsutil show-zone failed: " + e
.output
)
226 def test_put_deactivate_inactive_key(self
):
227 self
.keyid
= self
.add_zone_key()
234 r
= self
.session
.put(
235 self
.url("/api/v1/servers/localhost/zones/"+self
.zone
+"/cryptokeys/"+self
.keyid
),
236 data
=json
.dumps(payload
),
237 headers
={'content-type': 'application/json'})
238 self
.assertEquals(r
.status_code
, 204)
239 self
.assertEquals(r
.content
, "")
241 # check if key is still deactivated
243 out
= subprocess
.check_output(["../pdns/pdnsutil", "--config-dir=.", "show-zone", self
.zone
])
244 self
.assertIn("Inactive", out
)
245 except subprocess
.CalledProcessError
as e
:
246 self
.fail("pdnsutil show-zone failed: " + e
.output
)
248 def test_put_activate_active_key(self
):
249 self
.keyid
=self
.add_zone_key(status
='active')
255 r
= self
.session
.put(
256 self
.url("/api/v1/servers/localhost/zones/"+self
.zone
+"/cryptokeys/"+self
.keyid
),
257 data
=json
.dumps(payload2
),
258 headers
={'content-type': 'application/json'})
259 self
.assertEquals(r
.status_code
, 204)
260 self
.assertEquals(r
.content
, "")
262 # check if key is activated
264 out
= subprocess
.check_output(["../pdns/pdnsutil", "--config-dir=.", "show-zone", self
.zone
])
265 self
.assertIn("Active", out
)
266 except subprocess
.CalledProcessError
as e
:
267 self
.fail("pdnsutil show-zone failed: " + e
.output
)