Added function for deleting default trusted CA certs.

2 files changed, 52 insertions, 21 deletions

diff --git a/cloudinit/CloudConfig/cc_ca_certs.py b/cloudinit/CloudConfig/cc_ca_certs.py
index a51dbe9f..b2ac7d60 100644
--- a/cloudinit/CloudConfig/cc_ca_certs.py
+++ b/cloudinit/CloudConfig/cc_ca_certs.py
@@ -23,7 +23,10 @@ import ConfigParser
 import cloudinit.CloudConfig as cc
 import cloudinit.util as util
 
-CERT_FILENAME = "/usr/share/ca-certificates/cloud-init-provided.crt"
+CA_CERT_PATH = "/usr/share/ca-certificates/"
+CA_CERT_FILENAME = "cloud-init-ca-certs.crt"
+CA_CERT_CONFIG = "/etc/ca-certificates.conf"
+CA_CERT_SYSTEM_PATH = "/etc/ssl/certs/"
 
 def write_file(filename, contents, owner, group, mode):
     """
@@ -38,11 +41,29 @@ def write_file(filename, contents, owner, group, mode):
     """
     raise NotImplementedError()
 
+def append_to_file(filename, contents):
+    """
+    Append C{contents} to an existing file on the filesystem. If the file
+    doesn't exist it will be created with the default owner and permissions.
+
+    @param filename: Full path to the new file.
+    @param contents: The contents to append to the file.
+    """
+    raise NotImplementedError()
+
+def delete_dir_contents(dirname):
+    """
+    Delete all the contents of the directory specified by C{dirname} without
+    deleting the directory itself.
+
+    @param dirname: The directory whose contents should be deleted.
+    """
+    raise NotImplementedError()
+
 def update_ca_certs():
     """
     Updates the CA certificate cache on the current machine.
     """
-    check_call(["dpkg-reconfigure", "ca-certificates"])
     check_call(["update-ca-certificates"])
 
 def add_ca_certs(certs):
@@ -54,13 +75,17 @@ def add_ca_certs(certs):
     """
     if certs:
         cert_file_contents = "\n".join(certs)
-        write_file(CERT_FILENAME, cert_file_contents, "root", "root", "644")
+        cert_file_fullpath = os.path.join(CA_CERT_PATH, CA_CERT_FILENAME)
+        write_file(cert_file_fullpath, cert_file_contents, "root", "root", "644")
+        append_to_file(CA_CERT_CONFIG, CA_CERT_FILENAME) 
 
 def remove_default_ca_certs():
     """
     Removes all default trusted CA certificates from the system.
     """
-    raise NotImplementedError()
+    delete_dir_contents(CA_CERT_PATH)
+    delete_dir_contents(CA_CERT_SYSTEM_PATH)
+    write_file(CA_CERT_CONFIG, "", "root", "root", "644")
 
 def handle(name, cfg, cloud, log, args):
     """
diff --git a/tests/unittests/test_handler_ca_certs.py b/tests/unittests/test_handler_ca_certs.py
index 08126d19..7c6dc873 100644
--- a/tests/unittests/test_handler_ca_certs.py
+++ b/tests/unittests/test_handler_ca_certs.py
@@ -1,7 +1,7 @@
 from unittest import TestCase
 from mocker import MockerTestCase
 
-from cloudinit.CloudConfig.cc_ca_certs import handle, write_file, update_ca_certs, add_ca_certs, remove_default_ca_certs
+from cloudinit.CloudConfig.cc_ca_certs import handle, write_file, update_ca_certs, add_ca_certs, remove_default_ca_certs, append_to_file, delete_dir_contents
 
 
 class TestNoConfig(MockerTestCase):
@@ -126,9 +126,11 @@ class TestAddCaCerts(MockerTestCase):
         """Test adding a single certificate to the trusted CAs"""
         cert = "CERT1\nLINE2\nLINE3"
 
-        mock = self.mocker.replace(write_file, passthrough=False)
-        mock("/usr/share/ca-certificates/cloud-init-provided.crt",
-             cert, "root", "root", "644")
+        mock_write = self.mocker.replace(write_file, passthrough=False)
+        mock_append = self.mocker.replace(append_to_file, passthrough=False)
+        mock_write("/usr/share/ca-certificates/cloud-init-ca-certs.crt",
+                   cert, "root", "root", "644")
+        mock_append("/etc/ca-certificates.conf", "cloud-init-ca-certs.crt")
         self.mocker.replay()
 
         add_ca_certs([cert])
@@ -138,9 +140,11 @@ class TestAddCaCerts(MockerTestCase):
         certs = ["CERT1\nLINE2\nLINE3", "CERT2\nLINE2\nLINE3"]
         expected_cert_file = "\n".join(certs)
 
-        mock = self.mocker.replace(write_file, passthrough=False)
-        mock("/usr/share/ca-certificates/cloud-init-provided.crt",
-             expected_cert_file, "root", "root", "644")
+        mock_write = self.mocker.replace(write_file, passthrough=False)
+        mock_append = self.mocker.replace(append_to_file, passthrough=False)
+        mock_write("/usr/share/ca-certificates/cloud-init-ca-certs.crt",
+                   expected_cert_file, "root", "root", "644")
+        mock_append("/etc/ca-certificates.conf", "cloud-init-ca-certs.crt")
         self.mocker.replay()
 
         add_ca_certs(certs)
@@ -150,19 +154,21 @@ class TestUpdateCaCerts(MockerTestCase):
     def test_commands(self):
         mock_check_call = self.mocker.replace("subprocess.check_call",
                                               passthrough=False)
-        mock_check_call(["dpkg-reconfigure", "ca-certificates"])
         mock_check_call(["update-ca-certificates"])
         self.mocker.replay()
 
         update_ca_certs()
 
 
-#class TestRemoveDefaultCaCerts(MockerTestCase):
-#    def test_commands(self):
-#        mock_check_call = self.mocker.replace("subprocess.check_call",
-#                                              passthrough=False)
-#        mock_check_call(["dpkg-reconfigure", "ca-certificates"])
-#        mock_check_call(["update-ca-certificates"])
-#        self.mocker.replay()
-#
-#        update_ca_certs()
+class TestRemoveDefaultCaCerts(MockerTestCase):
+    def test_commands(self):
+        mock_delete_dir_contents = self.mocker.replace(delete_dir_contents, passthrough=False)
+        mock_write = self.mocker.replace(write_file, passthrough=False)
+
+        mock_delete_dir_contents("/usr/share/ca-certificates/")
+        mock_delete_dir_contents("/etc/ssl/certs/")
+        mock_write("/etc/ca-certificates.conf", "", "root", "root", "644")
+        
+        self.mocker.replay()
+
+        remove_default_ca_certs()