tests/aaf/certservice/libraries/JksFilesValidator.py

   1 from OpenSSL import crypto
   2 from cryptography.x509.oid import ExtensionOID
   3 from cryptography import x509
   4 from EnvsReader import EnvsReader
   5
   6 class JksFilesValidator:
   7
   8   def __init__(self, mount_path):
   9     self.keystorePassPath = mount_path + '/keystore.pass'
  10     self.keystoreJksPath = mount_path + '/keystore.jks'
  11     self.truststorePassPath = mount_path + '/truststore.pass'
  12     self.truststoreJksPath = mount_path + '/truststore.jks'
  13
  14   def get_and_compare_data(self, path_to_env):
  15     data = self.get_data(path_to_env)
  16     return data, self.contains_expected_data(data)
  17
  18   def can_open_keystore_and_truststore_with_pass(self):
  19     can_open_keystore = self.can_open_jks_file_with_pass_file(self.keystorePassPath, self.keystoreJksPath)
  20     can_open_truststore = self.can_open_jks_file_with_pass_file(self.truststorePassPath, self.truststoreJksPath)
  21
  22     return can_open_keystore & can_open_truststore
  23
  24   def can_open_jks_file_with_pass_file(self, pass_file_path, jks_file_path):
  25     try:
  26       self.get_certificate(pass_file_path, jks_file_path)
  27       return True
  28     except:
  29       return False
  30
  31   def get_data(self, path_to_env):
  32     envs = self.get_envs_as_dict(EnvsReader().read_env_list_from_file(path_to_env))
  33     certificate = self.get_certificate(self.keystorePassPath, self.keystoreJksPath)
  34     data = self.get_owner_data_from_certificate(certificate)
  35     data['SANS'] = self.get_sans(certificate)
  36     return type('', (object,), {"expectedData": envs, "actualData": data})
  37
  38   def contains_expected_data(self, data):
  39     expectedData = data.expectedData
  40     actualData = data.actualData
  41     return cmp(expectedData, actualData) == 0
  42
  43   def get_owner_data_from_certificate(self, certificate):
  44     list = certificate.get_subject().get_components()
  45     return dict((k, v) for k, v in list)
  46
  47   def get_certificate(self, pass_file_path, jks_file_path):
  48     password = open(pass_file_path, 'rb').read()
  49     crypto.load_pkcs12(open(jks_file_path, 'rb').read(), password)
  50     return crypto.load_pkcs12(open(jks_file_path, 'rb').read(), password).get_certificate()
  51
  52   def get_sans(self, cert):
  53     extension = cert.to_cryptography().extensions.get_extension_for_oid(ExtensionOID.SUBJECT_ALTERNATIVE_NAME)
  54     dnsList = extension.value.get_values_for_type(x509.DNSName)
  55     return ':'.join(map(lambda dns: dns.encode('ascii','ignore'), dnsList))
  56
  57   def get_envs_as_dict(self, list):
  58     envs = self.get_list_of_pairs_by_mappings(list)
  59     return self.remove_nones_from_dict(envs)
  60
  61   def remove_nones_from_dict(self, dictionary):
  62     return dict((k, v) for k, v in dictionary.iteritems() if k is not None)
  63
  64   def get_list_of_pairs_by_mappings(self, list):
  65     mappings = self.get_mappings()
  66     listOfEnvs = map(lambda k: k.split('='), list)
  67     return dict((mappings.get(a[0]), a[1]) for a in listOfEnvs)
  68
  69   def get_mappings(self):
  70     return {'COMMON_NAME':'CN', 'ORGANIZATION':'O', 'ORGANIZATION_UNIT':'OU', 'LOCATION':'L', 'STATE':'ST', 'COUNTRY':'C', 'SANS':'SANS'}