From c13ebf64b8d0e809ce1d9bac0c7db196c012ded8 Mon Sep 17 00:00:00 2001
From: Paul Cuzner <pcuzner@redhat.com>
Date: Mon, 16 Nov 2020 13:46:44 +1300
Subject: [PATCH] cephadm: add unit tests case for TLS

Adds tests to validate creation, and verification of
crt and key files

Signed-off-by: Paul Cuzner <pcuzner@redhat.com>
---
 src/pybind/mgr/tests/test_tls.py | 35 ++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)
 create mode 100644 src/pybind/mgr/tests/test_tls.py

diff --git a/src/pybind/mgr/tests/test_tls.py b/src/pybind/mgr/tests/test_tls.py
new file mode 100644
index 0000000000000..923d91917caf2
--- /dev/null
+++ b/src/pybind/mgr/tests/test_tls.py
@@ -0,0 +1,35 @@
+from mgr_util import create_self_signed_cert, verify_tls, ServerConfigException
+from OpenSSL import crypto, SSL
+
+import unittest
+
+
+class TLSchecks(unittest.TestCase):
+
+    def test_defaults(self):
+        crt, key = create_self_signed_cert()
+        verify_tls(crt, key)
+
+    def test_specific_dname(self):
+        crt, key = create_self_signed_cert(dname={'O': 'Ceph', 'OU': 'testsuite'})
+        verify_tls(crt, key)
+
+    def test_invalid_RDN(self):
+        self.assertRaises(ValueError, create_self_signed_cert, dname={'O': 'Ceph', 'Bogus': 'testsuite'})
+
+    def test_invalid_key(self):
+        crt, key = create_self_signed_cert()
+
+        # fudge the key, to force an error to be detected during verify_tls
+        fudged = f"{key[:-35]}c0ffee==\n{key[-25:]}".encode('utf-8')
+        self.assertRaises(ServerConfigException, verify_tls, crt, fudged)
+
+    def test_mismatched_tls(self):
+        crt, _ = create_self_signed_cert()
+
+        # generate another key
+        new_key = crypto.PKey()
+        new_key.generate_key(crypto.TYPE_RSA, 2048)
+        new_key = crypto.dump_privatekey(crypto.FILETYPE_PEM, new_key).decode('utf-8')
+
+        self.assertRaises(SSL.Error, verify_tls, crt, new_key)
-- 
2.39.5