From 8ba9317c9f2d409dc1c567ea6ec804be2a82e86d Mon Sep 17 00:00:00 2001 From: Jakob Schlyter Date: Mon, 2 Dec 2024 17:10:25 +0100 Subject: [PATCH] address review comments --- nodeman/nodes.py | 6 +++--- tests/test_api.py | 13 ++----------- tests/utils.py | 15 +++++++++++++++ 3 files changed, 20 insertions(+), 14 deletions(-) diff --git a/nodeman/nodes.py b/nodeman/nodes.py index 029e7b0..6db2d65 100644 --- a/nodeman/nodes.py +++ b/nodeman/nodes.py @@ -60,7 +60,7 @@ def process_csr(csr: x509.CertificateSigningRequest, name: str, request: Request try: ca_response = request.app.ca_client.sign_csr(csr, name) except Exception as exc: - logger.error("Failed to processes CSR for %s", name) + logger.error("Failed to process CSR for %s", name) raise HTTPException(status.HTTP_500_INTERNAL_SERVER_ERROR, detail="Error issuing certificate") from exc x509_certificate = "".join( @@ -70,7 +70,7 @@ def process_csr(csr: x509.CertificateSigningRequest, name: str, request: Request x509_certificate_serial_number = ca_response.cert_chain[0].serial_number logger.info( - "Issuer certificate for name=%s serial=%d", + "Issued certificate for name=%s serial=%d", name, x509_certificate_serial_number, extra={"nodename": name, "x509_certificate_serial_number": x509_certificate_serial_number}, @@ -284,7 +284,7 @@ async def enroll_node( @router.post( "/api/v1/node/{name}/renew", responses={ - 200: {"model": NodeConfiguration}, + 200: {"model": NodeCertificate}, }, tags=["client"], ) diff --git a/tests/test_api.py b/tests/test_api.py index bdb4876..6c9ea5c 100644 --- a/tests/test_api.py +++ b/tests/test_api.py @@ -21,7 +21,7 @@ from nodeman.server import NodemanServer from nodeman.settings import Settings from nodeman.x509 import generate_x509_csr -from tests.utils import CaTestClient +from tests.utils import CaTestClient, rekey ADMIN_TEST_NODE_COUNT = 100 BACKEND_CREDENTIALS = ("username", "password") @@ -39,15 +39,6 @@ def get_test_client() -> TestClient: return TestClient(app) -def regenerate(key: JWK) -> JWK: - """Generate similar key""" - params = {} - for param in ["kty", "crv", "size"]: - if param in key: - params[param] = key.get(param) - return JWK.generate(**params) - - class FailedToCreateNode(RuntimeError): pass @@ -153,7 +144,7 @@ def _test_enroll(data_key: JWK, x509_key: PrivateKey, requested_name: str | None payload = {"x509_csr": x509_csr} jws = JWS(payload=json.dumps(payload)) - jws.add_signature(key=regenerate(data_key), alg=data_alg, protected={"alg": data_alg}) + jws.add_signature(key=rekey(data_key), alg=data_alg, protected={"alg": data_alg}) renew_request = jws.serialize() response = client.post(f"{node_url}/renew", json=renew_request) diff --git a/tests/utils.py b/tests/utils.py index 314bec9..dddab5d 100644 --- a/tests/utils.py +++ b/tests/utils.py @@ -4,10 +4,25 @@ from cryptography.hazmat.primitives import hashes from cryptography.hazmat.primitives.asymmetric import ec from cryptography.x509.oid import NameOID +from jwcrypto.common import base64url_decode +from jwcrypto.jwk import JWK from nodeman.x509 import CertificateAuthorityClient, CertificateInformation +def rekey(key: JWK) -> JWK: + """Generate similar key""" + params = {param: key.get(param) for param in ["kty", "crv"] if param in key} + match key.get("kty"): + case "RSA": + params["size"] = key._get_public_key().key_size + case "oct": + params["size"] = len(base64url_decode(key.k)) * 8 + case _: + pass + return JWK.generate(**params) + + class CaTestClient(CertificateAuthorityClient): def __init__(self): self.ca_name = "ca.example.com"