Fixes cert_parser intermediate validation

Updates cert_parser to only validate the intermediate and not compare to private key Update tests Change-Id: I27dedfc9f8ff80c39c4e1452eb6c8560b5fc9a5b Closes-Bug: #1439770
2015-04-02 11:36:55 -05:00 · 2015-04-02 11:36:55 -05:00 · be5dea1c69
parent 1013dbd768
commit be5dea1c69
2 changed files with 7 additions and 1 deletions
--- a/neutron_lbaas/common/tls_utils/cert_parser.py
+++ b/neutron_lbaas/common/tls_utils/cert_parser.py
@ -42,7 +42,7 @@ def validate_cert(certificate, private_key=None,
    x509 = _get_x509_from_pem_bytes(certificate)
    if intermediates:
        for x509Pem in _split_x509s(intermediates):
-            x509 = _get_x509_from_pem_bytes(x509Pem)
+            _get_x509_from_pem_bytes(x509Pem)
    if private_key:
        pkey = _read_privatekey(private_key,
            passphrase=private_key_passphrase)
--- a/neutron_lbaas/tests/unit/common/tls_utils/test_cert_parser.py
+++ b/neutron_lbaas/tests/unit/common/tls_utils/test_cert_parser.py
@ -226,6 +226,12 @@ class TestTLSParseUtils(base.BaseTestCase):
        self.assertTrue(cert_parser.validate_cert(ALT_EXT_CRT,
                        private_key=UNENCRYPTED_PKCS8_CRT_KEY))

+    def test_x509_parses_intermediates(self):
+        # Should not throw error when parsing with intermediates
+        cert_parser.validate_cert(ALT_EXT_CRT,
+                                  UNENCRYPTED_PKCS8_CRT_KEY,
+                                  intermediates=X509_IMDS)
+
    def test_read_private_key(self):
        self.assertRaises(exceptions.NeedsPassphrase,
                          cert_parser._read_privatekey,