diff options
author | Christian Breunig <christian@breunig.cc> | 2024-01-01 23:55:32 +0100 |
---|---|---|
committer | Mergify <37929162+mergify[bot]@users.noreply.github.com> | 2024-01-02 07:30:43 +0000 |
commit | d5c8b7bb23b9ba52c8ecee582c0f7b067c10cabd (patch) | |
tree | 77a93c1f340495d4a35883d515b926c24ee33deb | |
parent | 26b54b267d48ffdf9eb0d9d4f229b374483adf25 (diff) | |
download | vyos-1x-d5c8b7bb23b9ba52c8ecee582c0f7b067c10cabd.tar.gz vyos-1x-d5c8b7bb23b9ba52c8ecee582c0f7b067c10cabd.zip |
pki: T3642: add missing base64 constraint on PEM keys
(cherry picked from commit 679be4c9742ffd5c317742c6c20a268a5e044f0c)
-rw-r--r-- | interface-definitions/pki.xml.in | 32 | ||||
-rwxr-xr-x | smoketest/scripts/cli/test_pki.py | 26 |
2 files changed, 33 insertions, 25 deletions
diff --git a/interface-definitions/pki.xml.in b/interface-definitions/pki.xml.in index a13a357fd..3449819be 100644 --- a/interface-definitions/pki.xml.in +++ b/interface-definitions/pki.xml.in @@ -14,6 +14,10 @@ <leafNode name="certificate"> <properties> <help>CA certificate in PEM format</help> + <constraint> + <validator name="base64"/> + </constraint> + <constraintErrorMessage>CA certificate is not base64-encoded</constraintErrorMessage> </properties> </leafNode> #include <include/generic-description.xml.i> @@ -25,6 +29,10 @@ <leafNode name="key"> <properties> <help>CA private key in PEM format</help> + <constraint> + <validator name="base64"/> + </constraint> + <constraintErrorMessage>CA private key is not base64-encoded</constraintErrorMessage> </properties> </leafNode> <leafNode name="password-protected"> @@ -38,6 +46,10 @@ <leafNode name="crl"> <properties> <help>Certificate revocation list in PEM format</help> + <constraint> + <validator name="base64"/> + </constraint> + <constraintErrorMessage>CRL is not base64-encoded</constraintErrorMessage> <multi/> </properties> </leafNode> @@ -57,6 +69,10 @@ <leafNode name="certificate"> <properties> <help>Certificate in PEM format</help> + <constraint> + <validator name="base64"/> + </constraint> + <constraintErrorMessage>Certificate is not base64-encoded</constraintErrorMessage> </properties> </leafNode> #include <include/generic-description.xml.i> @@ -68,6 +84,10 @@ <leafNode name="key"> <properties> <help>Certificate private key in PEM format</help> + <constraint> + <validator name="base64"/> + </constraint> + <constraintErrorMessage>Certificate private key is not base64-encoded</constraintErrorMessage> </properties> </leafNode> <leafNode name="password-protected"> @@ -94,6 +114,10 @@ <leafNode name="parameters"> <properties> <help>DH parameters in PEM format</help> + <constraint> + <validator name="base64"/> + </constraint> + <constraintErrorMessage>DH parameters are not base64-encoded</constraintErrorMessage> </properties> </leafNode> </children> @@ -111,6 +135,10 @@ <leafNode name="key"> <properties> <help>Public key in PEM format</help> + <constraint> + <validator name="base64"/> + </constraint> + <constraintErrorMessage>Public key is not base64-encoded</constraintErrorMessage> </properties> </leafNode> </children> @@ -123,6 +151,10 @@ <leafNode name="key"> <properties> <help>Private key in PEM format</help> + <constraint> + <validator name="base64"/> + </constraint> + <constraintErrorMessage>Private key is not base64-encoded</constraintErrorMessage> </properties> </leafNode> <leafNode name="password-protected"> diff --git a/smoketest/scripts/cli/test_pki.py b/smoketest/scripts/cli/test_pki.py index b18b0b039..2ccc63b2c 100755 --- a/smoketest/scripts/cli/test_pki.py +++ b/smoketest/scripts/cli/test_pki.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2021 VyOS maintainers and contributors +# Copyright (C) 2021-2024 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -186,30 +186,6 @@ class TestPKI(VyOSUnitTestSHIM.TestCase): with self.assertRaises(ConfigSessionError): self.cli_commit() - def test_invalid_certificate(self): - self.cli_set(base_path + ['certificate', 'smoketest', 'certificate', 'invalidcertdata']) - - with self.assertRaises(ConfigSessionError): - self.cli_commit() - - def test_invalid_public_key(self): - self.cli_set(base_path + ['key-pair', 'smoketest', 'public', 'key', 'invalidkeydata']) - - with self.assertRaises(ConfigSessionError): - self.cli_commit() - - def test_invalid_private_key(self): - self.cli_set(base_path + ['key-pair', 'smoketest', 'private', 'key', 'invalidkeydata']) - - with self.assertRaises(ConfigSessionError): - self.cli_commit() - - def test_invalid_dh_parameters(self): - self.cli_set(base_path + ['dh', 'smoketest', 'parameters', 'thisisinvalid']) - - with self.assertRaises(ConfigSessionError): - self.cli_commit() - def test_certificate_in_use(self): self.cli_set(base_path + ['certificate', 'smoketest', 'certificate', valid_ca_cert.replace('\n','')]) self.cli_set(base_path + ['certificate', 'smoketest', 'private', 'key', valid_ca_private_key.replace('\n','')]) |