Skip to content

Commit

Permalink
address review comments
Browse files Browse the repository at this point in the history
  • Loading branch information
jschlyter committed Dec 2, 2024
1 parent 4bba521 commit 8ba9317
Show file tree
Hide file tree
Showing 3 changed files with 20 additions and 14 deletions.
6 changes: 3 additions & 3 deletions nodeman/nodes.py
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ def process_csr(csr: x509.CertificateSigningRequest, name: str, request: Request
try:
ca_response = request.app.ca_client.sign_csr(csr, name)
except Exception as exc:
logger.error("Failed to processes CSR for %s", name)
logger.error("Failed to process CSR for %s", name)
raise HTTPException(status.HTTP_500_INTERNAL_SERVER_ERROR, detail="Error issuing certificate") from exc

x509_certificate = "".join(
Expand All @@ -70,7 +70,7 @@ def process_csr(csr: x509.CertificateSigningRequest, name: str, request: Request
x509_certificate_serial_number = ca_response.cert_chain[0].serial_number

logger.info(
"Issuer certificate for name=%s serial=%d",
"Issued certificate for name=%s serial=%d",
name,
x509_certificate_serial_number,
extra={"nodename": name, "x509_certificate_serial_number": x509_certificate_serial_number},
Expand Down Expand Up @@ -284,7 +284,7 @@ async def enroll_node(
@router.post(
"/api/v1/node/{name}/renew",
responses={
200: {"model": NodeConfiguration},
200: {"model": NodeCertificate},
},
tags=["client"],
)
Expand Down
13 changes: 2 additions & 11 deletions tests/test_api.py
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@
from nodeman.server import NodemanServer
from nodeman.settings import Settings
from nodeman.x509 import generate_x509_csr
from tests.utils import CaTestClient
from tests.utils import CaTestClient, rekey

ADMIN_TEST_NODE_COUNT = 100
BACKEND_CREDENTIALS = ("username", "password")
Expand All @@ -39,15 +39,6 @@ def get_test_client() -> TestClient:
return TestClient(app)


def regenerate(key: JWK) -> JWK:
"""Generate similar key"""
params = {}
for param in ["kty", "crv", "size"]:
if param in key:
params[param] = key.get(param)
return JWK.generate(**params)


class FailedToCreateNode(RuntimeError):
pass

Expand Down Expand Up @@ -153,7 +144,7 @@ def _test_enroll(data_key: JWK, x509_key: PrivateKey, requested_name: str | None
payload = {"x509_csr": x509_csr}

jws = JWS(payload=json.dumps(payload))
jws.add_signature(key=regenerate(data_key), alg=data_alg, protected={"alg": data_alg})
jws.add_signature(key=rekey(data_key), alg=data_alg, protected={"alg": data_alg})
renew_request = jws.serialize()

response = client.post(f"{node_url}/renew", json=renew_request)
Expand Down
15 changes: 15 additions & 0 deletions tests/utils.py
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,25 @@
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import ec
from cryptography.x509.oid import NameOID
from jwcrypto.common import base64url_decode
from jwcrypto.jwk import JWK

from nodeman.x509 import CertificateAuthorityClient, CertificateInformation


def rekey(key: JWK) -> JWK:
"""Generate similar key"""
params = {param: key.get(param) for param in ["kty", "crv"] if param in key}
match key.get("kty"):
case "RSA":
params["size"] = key._get_public_key().key_size
case "oct":
params["size"] = len(base64url_decode(key.k)) * 8
case _:
pass
return JWK.generate(**params)


class CaTestClient(CertificateAuthorityClient):
def __init__(self):
self.ca_name = "ca.example.com"
Expand Down

0 comments on commit 8ba9317

Please sign in to comment.