From db55fc96f62258598cfdf98ee806151aa0fb2d6d Mon Sep 17 00:00:00 2001 From: Mike Milner Date: Sun, 15 Jan 2012 22:17:25 -0400 Subject: Added function for deleting default trusted CA certs. --- cloudinit/CloudConfig/cc_ca_certs.py | 33 ++++++++++++++++++++++---- tests/unittests/test_handler_ca_certs.py | 40 ++++++++++++++++++-------------- 2 files changed, 52 insertions(+), 21 deletions(-) diff --git a/cloudinit/CloudConfig/cc_ca_certs.py b/cloudinit/CloudConfig/cc_ca_certs.py index a51dbe9f..b2ac7d60 100644 --- a/cloudinit/CloudConfig/cc_ca_certs.py +++ b/cloudinit/CloudConfig/cc_ca_certs.py @@ -23,7 +23,10 @@ import ConfigParser import cloudinit.CloudConfig as cc import cloudinit.util as util -CERT_FILENAME = "/usr/share/ca-certificates/cloud-init-provided.crt" +CA_CERT_PATH = "/usr/share/ca-certificates/" +CA_CERT_FILENAME = "cloud-init-ca-certs.crt" +CA_CERT_CONFIG = "/etc/ca-certificates.conf" +CA_CERT_SYSTEM_PATH = "/etc/ssl/certs/" def write_file(filename, contents, owner, group, mode): """ @@ -38,11 +41,29 @@ def write_file(filename, contents, owner, group, mode): """ raise NotImplementedError() +def append_to_file(filename, contents): + """ + Append C{contents} to an existing file on the filesystem. If the file + doesn't exist it will be created with the default owner and permissions. + + @param filename: Full path to the new file. + @param contents: The contents to append to the file. + """ + raise NotImplementedError() + +def delete_dir_contents(dirname): + """ + Delete all the contents of the directory specified by C{dirname} without + deleting the directory itself. + + @param dirname: The directory whose contents should be deleted. + """ + raise NotImplementedError() + def update_ca_certs(): """ Updates the CA certificate cache on the current machine. """ - check_call(["dpkg-reconfigure", "ca-certificates"]) check_call(["update-ca-certificates"]) def add_ca_certs(certs): @@ -54,13 +75,17 @@ def add_ca_certs(certs): """ if certs: cert_file_contents = "\n".join(certs) - write_file(CERT_FILENAME, cert_file_contents, "root", "root", "644") + cert_file_fullpath = os.path.join(CA_CERT_PATH, CA_CERT_FILENAME) + write_file(cert_file_fullpath, cert_file_contents, "root", "root", "644") + append_to_file(CA_CERT_CONFIG, CA_CERT_FILENAME) def remove_default_ca_certs(): """ Removes all default trusted CA certificates from the system. """ - raise NotImplementedError() + delete_dir_contents(CA_CERT_PATH) + delete_dir_contents(CA_CERT_SYSTEM_PATH) + write_file(CA_CERT_CONFIG, "", "root", "root", "644") def handle(name, cfg, cloud, log, args): """ diff --git a/tests/unittests/test_handler_ca_certs.py b/tests/unittests/test_handler_ca_certs.py index 08126d19..7c6dc873 100644 --- a/tests/unittests/test_handler_ca_certs.py +++ b/tests/unittests/test_handler_ca_certs.py @@ -1,7 +1,7 @@ from unittest import TestCase from mocker import MockerTestCase -from cloudinit.CloudConfig.cc_ca_certs import handle, write_file, update_ca_certs, add_ca_certs, remove_default_ca_certs +from cloudinit.CloudConfig.cc_ca_certs import handle, write_file, update_ca_certs, add_ca_certs, remove_default_ca_certs, append_to_file, delete_dir_contents class TestNoConfig(MockerTestCase): @@ -126,9 +126,11 @@ class TestAddCaCerts(MockerTestCase): """Test adding a single certificate to the trusted CAs""" cert = "CERT1\nLINE2\nLINE3" - mock = self.mocker.replace(write_file, passthrough=False) - mock("/usr/share/ca-certificates/cloud-init-provided.crt", - cert, "root", "root", "644") + mock_write = self.mocker.replace(write_file, passthrough=False) + mock_append = self.mocker.replace(append_to_file, passthrough=False) + mock_write("/usr/share/ca-certificates/cloud-init-ca-certs.crt", + cert, "root", "root", "644") + mock_append("/etc/ca-certificates.conf", "cloud-init-ca-certs.crt") self.mocker.replay() add_ca_certs([cert]) @@ -138,9 +140,11 @@ class TestAddCaCerts(MockerTestCase): certs = ["CERT1\nLINE2\nLINE3", "CERT2\nLINE2\nLINE3"] expected_cert_file = "\n".join(certs) - mock = self.mocker.replace(write_file, passthrough=False) - mock("/usr/share/ca-certificates/cloud-init-provided.crt", - expected_cert_file, "root", "root", "644") + mock_write = self.mocker.replace(write_file, passthrough=False) + mock_append = self.mocker.replace(append_to_file, passthrough=False) + mock_write("/usr/share/ca-certificates/cloud-init-ca-certs.crt", + expected_cert_file, "root", "root", "644") + mock_append("/etc/ca-certificates.conf", "cloud-init-ca-certs.crt") self.mocker.replay() add_ca_certs(certs) @@ -150,19 +154,21 @@ class TestUpdateCaCerts(MockerTestCase): def test_commands(self): mock_check_call = self.mocker.replace("subprocess.check_call", passthrough=False) - mock_check_call(["dpkg-reconfigure", "ca-certificates"]) mock_check_call(["update-ca-certificates"]) self.mocker.replay() update_ca_certs() -#class TestRemoveDefaultCaCerts(MockerTestCase): -# def test_commands(self): -# mock_check_call = self.mocker.replace("subprocess.check_call", -# passthrough=False) -# mock_check_call(["dpkg-reconfigure", "ca-certificates"]) -# mock_check_call(["update-ca-certificates"]) -# self.mocker.replay() -# -# update_ca_certs() +class TestRemoveDefaultCaCerts(MockerTestCase): + def test_commands(self): + mock_delete_dir_contents = self.mocker.replace(delete_dir_contents, passthrough=False) + mock_write = self.mocker.replace(write_file, passthrough=False) + + mock_delete_dir_contents("/usr/share/ca-certificates/") + mock_delete_dir_contents("/etc/ssl/certs/") + mock_write("/etc/ca-certificates.conf", "", "root", "root", "644") + + self.mocker.replay() + + remove_default_ca_certs() -- cgit v1.2.3