Mike Geppert
9c7acfa430
- Changed Let's Encrypt configuration to use production environment by default - Added DNS validation for Let's Encrypt certificates - Added certificate verification functionality - Added debug logging with file names and line numbers - Added test files for new features - Updated documentation to clarify Let's Encrypt usage
139 lines
5.7 KiB
Python
139 lines
5.7 KiB
Python
#!/usr/bin/env python3
|
|
"""
|
|
Tests for the certificate verification functionality of the SSL Manager.
|
|
|
|
This module contains tests for verifying certificates after initialization.
|
|
"""
|
|
|
|
import os
|
|
import sys
|
|
import json
|
|
import tempfile
|
|
import unittest
|
|
from unittest.mock import patch, MagicMock
|
|
|
|
# Add the src directory to the Python path
|
|
sys.path.insert(0, os.path.abspath(os.path.join(os.path.dirname(__file__), '../src')))
|
|
|
|
from ssl_manager import SSLManager
|
|
|
|
|
|
class TestCertVerification(unittest.TestCase):
|
|
"""Test cases for certificate verification functionality."""
|
|
|
|
def setUp(self):
|
|
"""Set up test fixtures."""
|
|
# Create a temporary directory for test files
|
|
self.temp_dir = tempfile.TemporaryDirectory()
|
|
|
|
# Sample config for testing
|
|
self.test_config = {
|
|
"cert_dir": self.temp_dir.name,
|
|
"default_port": 8443,
|
|
"connection_timeout": 5.0,
|
|
"default_validity_days": 730,
|
|
"key_size": 4096,
|
|
"unifi": {
|
|
"host": "test.unifi.local",
|
|
"username": "testuser",
|
|
"password": "testpass",
|
|
"site": "testsite",
|
|
"ssh_port": 2222,
|
|
"ssh_username": "sshuser",
|
|
"ssh_password": "sshpass",
|
|
"ssh_key_path": "~/test-ssh-key"
|
|
}
|
|
}
|
|
|
|
# Create a temporary config file
|
|
self.config_path = os.path.join(self.temp_dir.name, "test_config.json")
|
|
with open(self.config_path, 'w') as f:
|
|
json.dump(self.test_config, f)
|
|
|
|
def tearDown(self):
|
|
"""Tear down test fixtures."""
|
|
# Clean up the temporary directory
|
|
self.temp_dir.cleanup()
|
|
|
|
def test_verify_current_certificate_missing(self):
|
|
"""Test verification when certificate is missing."""
|
|
# Create an SSLManager with the test config
|
|
ssl_manager = SSLManager(config_path=self.config_path)
|
|
|
|
# Verify that cert_verification is set and indicates missing certificate
|
|
self.assertIsNotNone(ssl_manager.cert_verification)
|
|
self.assertEqual(ssl_manager.cert_verification['status'], 'Missing')
|
|
self.assertFalse(ssl_manager.cert_verification['exists'])
|
|
self.assertFalse(ssl_manager.cert_verification['valid'])
|
|
|
|
@patch('ssl_manager.SSLManager.validate_cert_chain')
|
|
def test_verify_current_certificate_valid(self, mock_validate):
|
|
"""Test verification when certificate is valid."""
|
|
# Mock the validate_cert_chain method to return True
|
|
mock_validate.return_value = True
|
|
|
|
# Create a dummy certificate file
|
|
cert_path = os.path.join(self.temp_dir.name, "test.unifi.local.crt")
|
|
with open(cert_path, 'w') as f:
|
|
f.write("-----BEGIN CERTIFICATE-----\nDummy Certificate\n-----END CERTIFICATE-----")
|
|
|
|
# Create an SSLManager with the test config
|
|
ssl_manager = SSLManager(config_path=self.config_path)
|
|
|
|
# Verify that cert_verification is set and indicates valid certificate
|
|
self.assertIsNotNone(ssl_manager.cert_verification)
|
|
self.assertEqual(ssl_manager.cert_verification['status'], 'Valid')
|
|
self.assertTrue(ssl_manager.cert_verification['exists'])
|
|
self.assertTrue(ssl_manager.cert_verification['valid'])
|
|
self.assertEqual(ssl_manager.cert_verification['cert_path'], cert_path)
|
|
|
|
# Verify that validate_cert_chain was called with the correct path
|
|
mock_validate.assert_called_once_with(cert_path)
|
|
|
|
@patch('ssl_manager.SSLManager.validate_cert_chain')
|
|
def test_verify_current_certificate_invalid(self, mock_validate):
|
|
"""Test verification when certificate is invalid."""
|
|
# Mock the validate_cert_chain method to return False
|
|
mock_validate.return_value = False
|
|
|
|
# Create a dummy certificate file
|
|
cert_path = os.path.join(self.temp_dir.name, "test.unifi.local.crt")
|
|
with open(cert_path, 'w') as f:
|
|
f.write("-----BEGIN CERTIFICATE-----\nDummy Certificate\n-----END CERTIFICATE-----")
|
|
|
|
# Create an SSLManager with the test config
|
|
ssl_manager = SSLManager(config_path=self.config_path)
|
|
|
|
# Verify that cert_verification is set and indicates invalid certificate
|
|
self.assertIsNotNone(ssl_manager.cert_verification)
|
|
self.assertEqual(ssl_manager.cert_verification['status'], 'Invalid')
|
|
self.assertTrue(ssl_manager.cert_verification['exists'])
|
|
self.assertFalse(ssl_manager.cert_verification['valid'])
|
|
self.assertEqual(ssl_manager.cert_verification['cert_path'], cert_path)
|
|
|
|
# Verify that validate_cert_chain was called with the correct path
|
|
mock_validate.assert_called_once_with(cert_path)
|
|
|
|
def test_verify_current_certificate_no_host(self):
|
|
"""Test verification when no UniFi host is configured."""
|
|
# Create a config with no UniFi host
|
|
config_no_host = self.test_config.copy()
|
|
config_no_host["unifi"]["host"] = ""
|
|
|
|
# Create a temporary config file
|
|
config_path_no_host = os.path.join(self.temp_dir.name, "test_config_no_host.json")
|
|
with open(config_path_no_host, 'w') as f:
|
|
json.dump(config_no_host, f)
|
|
|
|
# Create an SSLManager with the modified config
|
|
ssl_manager = SSLManager(config_path=config_path_no_host)
|
|
|
|
# Verify that cert_verification is set and indicates not configured
|
|
self.assertIsNotNone(ssl_manager.cert_verification)
|
|
self.assertEqual(ssl_manager.cert_verification['status'], 'Not configured')
|
|
self.assertFalse(ssl_manager.cert_verification['exists'])
|
|
self.assertFalse(ssl_manager.cert_verification['valid'])
|
|
|
|
|
|
if __name__ == '__main__':
|
|
unittest.main() |