aboutsummaryrefslogtreecommitdiffstats
path: root/tests/aaf/certservice/libraries/JksFilesValidator.py
blob: 8c150de408ad69008233cce966b0340b6371e492 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70

from OpenSSL import crypto
from cryptography.x509.oid import ExtensionOID
from cryptography import x509
from EnvsReader import EnvsReader

class JksFilesValidator:

  def __init__(self, mount_path):
    self.keystorePassPath = mount_path + '/keystore.pass'
    self.keystoreJksPath = mount_path + '/keystore.jks'
    self.truststorePassPath = mount_path + '/truststore.pass'
    self.truststoreJksPath = mount_path + '/truststore.jks'

  def get_and_compare_data(self, path_to_env):
    data = self.get_data(path_to_env)
    return data, self.contains_expected_data(data)

  def can_open_keystore_and_truststore_with_pass(self):
    can_open_keystore = self.can_open_jks_file_with_pass_file(self.keystorePassPath, self.keystoreJksPath)
    can_open_truststore = self.can_open_jks_file_with_pass_file(self.truststorePassPath, self.truststoreJksPath)

    return can_open_keystore & can_open_truststore

  def can_open_jks_file_with_pass_file(self, pass_file_path, jks_file_path):
    try:
      self.get_certificate(pass_file_path, jks_file_path)
      return True
    except:
      return False

  def get_data(self, path_to_env):
    envs = self.get_envs_as_dict(EnvsReader().read_env_list_from_file(path_to_env))
    certificate = self.get_certificate(self.keystorePassPath, self.keystoreJksPath)
    data = self.get_owner_data_from_certificate(certificate)
    data['SANS'] = self.get_sans(certificate)
    return type('', (object,), {"expectedData": envs, "actualData": data})

  def contains_expected_data(self, data):
    expectedData = data.expectedData
    actualData = data.actualData
    return cmp(expectedData, actualData) == 0

  def get_owner_data_from_certificate(self, certificate):
    list = certificate.get_subject().get_components()
    return dict((k, v) for k, v in list)

  def get_certificate(self, pass_file_path, jks_file_path):
    password = open(pass_file_path, 'rb').read()
    crypto.load_pkcs12(open(jks_file_path, 'rb').read(), password)
    return crypto.load_pkcs12(open(jks_file_path, 'rb').read(), password).get_certificate()

  def get_sans(self, cert):
    extension = cert.to_cryptography().extensions.get_extension_for_oid(ExtensionOID.SUBJECT_ALTERNATIVE_NAME)
    dnsList = extension.value.get_values_for_type(x509.DNSName)
    return ':'.join(map(lambda dns: dns.encode('ascii','ignore'), dnsList))

  def get_envs_as_dict(self, list):
    envs = self.get_list_of_pairs_by_mappings(list)
    return self.remove_nones_from_dict(envs)

  def remove_nones_from_dict(self, dictionary):
    return dict((k, v) for k, v in dictionary.iteritems() if k is not None)

  def get_list_of_pairs_by_mappings(self, list):
    mappings = self.get_mappings()
    listOfEnvs = map(lambda k: k.split('='), list)
    return dict((mappings.get(a[0]), a[1]) for a in listOfEnvs)

  def get_mappings(self):
    return {'COMMON_NAME':'CN', 'ORGANIZATION':'O', 'ORGANIZATION_UNIT':'OU', 'LOCATION':'L', 'STATE':'ST', 'COUNTRY':'C', 'SANS':'SANS'}