From a232b83601f4f8b2fe6964239a568acad3fa764a Mon Sep 17 00:00:00 2001 From: Christian Breunig Date: Mon, 1 Jan 2024 23:47:53 +0100 Subject: wireguard: T3642: use base64 validator --- interface-definitions/interfaces_wireguard.xml.in | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/interface-definitions/interfaces_wireguard.xml.in b/interface-definitions/interfaces_wireguard.xml.in index f3fe0f1da..fba1064ef 100644 --- a/interface-definitions/interfaces_wireguard.xml.in +++ b/interface-definitions/interfaces_wireguard.xml.in @@ -44,9 +44,9 @@ Base64 encoded private key - [0-9a-zA-Z\+/]{43}= + - Key is not valid 44-character (32-bytes) base64 + Key is not base64-encoded @@ -64,18 +64,18 @@ base64 encoded public key - [0-9a-zA-Z\+/]{43}= + - Key is not valid 44-character (32-bytes) base64 + Key is not base64-encoded base64 encoded preshared key - [0-9a-zA-Z\+/]{43}= + - Key is not valid 44-character (32-bytes) base64 + Key is not base64-encoded -- cgit v1.2.3 From 679be4c9742ffd5c317742c6c20a268a5e044f0c Mon Sep 17 00:00:00 2001 From: Christian Breunig Date: Mon, 1 Jan 2024 23:55:32 +0100 Subject: pki: T3642: add missing base64 constraint on PEM keys --- interface-definitions/pki.xml.in | 32 ++++++++++++++++++++++++++++++++ smoketest/scripts/cli/test_pki.py | 26 +------------------------- 2 files changed, 33 insertions(+), 25 deletions(-) diff --git a/interface-definitions/pki.xml.in b/interface-definitions/pki.xml.in index a13a357fd..3449819be 100644 --- a/interface-definitions/pki.xml.in +++ b/interface-definitions/pki.xml.in @@ -14,6 +14,10 @@ CA certificate in PEM format + + + + CA certificate is not base64-encoded #include @@ -25,6 +29,10 @@ CA private key in PEM format + + + + CA private key is not base64-encoded @@ -38,6 +46,10 @@ Certificate revocation list in PEM format + + + + CRL is not base64-encoded @@ -57,6 +69,10 @@ Certificate in PEM format + + + + Certificate is not base64-encoded #include @@ -68,6 +84,10 @@ Certificate private key in PEM format + + + + Certificate private key is not base64-encoded @@ -94,6 +114,10 @@ DH parameters in PEM format + + + + DH parameters are not base64-encoded @@ -111,6 +135,10 @@ Public key in PEM format + + + + Public key is not base64-encoded @@ -123,6 +151,10 @@ Private key in PEM format + + + + Private key is not base64-encoded diff --git a/smoketest/scripts/cli/test_pki.py b/smoketest/scripts/cli/test_pki.py index b18b0b039..2ccc63b2c 100755 --- a/smoketest/scripts/cli/test_pki.py +++ b/smoketest/scripts/cli/test_pki.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2021 VyOS maintainers and contributors +# Copyright (C) 2021-2024 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -186,30 +186,6 @@ class TestPKI(VyOSUnitTestSHIM.TestCase): with self.assertRaises(ConfigSessionError): self.cli_commit() - def test_invalid_certificate(self): - self.cli_set(base_path + ['certificate', 'smoketest', 'certificate', 'invalidcertdata']) - - with self.assertRaises(ConfigSessionError): - self.cli_commit() - - def test_invalid_public_key(self): - self.cli_set(base_path + ['key-pair', 'smoketest', 'public', 'key', 'invalidkeydata']) - - with self.assertRaises(ConfigSessionError): - self.cli_commit() - - def test_invalid_private_key(self): - self.cli_set(base_path + ['key-pair', 'smoketest', 'private', 'key', 'invalidkeydata']) - - with self.assertRaises(ConfigSessionError): - self.cli_commit() - - def test_invalid_dh_parameters(self): - self.cli_set(base_path + ['dh', 'smoketest', 'parameters', 'thisisinvalid']) - - with self.assertRaises(ConfigSessionError): - self.cli_commit() - def test_certificate_in_use(self): self.cli_set(base_path + ['certificate', 'smoketest', 'certificate', valid_ca_cert.replace('\n','')]) self.cli_set(base_path + ['certificate', 'smoketest', 'private', 'key', valid_ca_private_key.replace('\n','')]) -- cgit v1.2.3