Add test cases for CertAuth signing with encrypted key

john-odonnell · john-odonnell · commit 67292c25e9bd · 2021-01-15T14:49:13.000-05:00
diff --git a/test/python/test_certificate_authority_api.py b/test/python/test_certificate_authority_api.py
@@ -63,7 +63,7 @@ def setUp(self):
 
         # assign intermediate CA private key and CA chain to Conjur variables
         ca_chain = read_file(CERT_CHAIN_PATH)
-        private_key = read_file(INTERMED_PRIVKEY_PATH)
+        private_key = read_file(UNENCRYPTED_KEY_PATH)
 
         self.secrets_api = openapi_client.SecretsApi(self.client)
         self.configure_ca(ca_chain, private_key, None)
@@ -135,6 +135,46 @@ def test_sign_201_pem(self):
         self.assertEqual(status, 201)
         self.assertIsInstance(response, str)
 
+    def test_sign_with_encrypted_key_201(self):
+        """Test case for 201 response when requesting a signed certificate
+        Uses an encrypted intermediate key and password to sign CSR
+        """
+        key_password = read_file(KEY_PASSWORD_PATH)
+        encrypted_key = read_file(ENCRYPTED_KEY_PATH)
+
+        self.configure_ca(None, encrypted_key, key_password)
+
+        response, status, _ = self.api.sign_with_http_info(
+            self.account,
+            self.CA_SERVICE_ID,
+            self.csr,
+            'P1D'
+        )
+
+        self.assertEqual(status, 201)
+        self.assertIsInstance(response, openapi_client.models.certificate_json.CertificateJson)
+
+        self.assertEqual(response.certificate[:27], '-----BEGIN CERTIFICATE-----')
+
+    def test_sign_with_encrypted_key_500(self):
+        """Test case for 500 response when requesting a signed certificate
+        500 status repsonses can result from a misconfigured CA service
+        In this test, the Conjur variable for the encrypted key's password is incorrect
+        """
+        encrypted_key = read_file(ENCRYPTED_KEY_PATH)
+
+        self.configure_ca(None, encrypted_key, 'wrong_pass')
+
+        with self.assertRaises(openapi_client.ApiException) as context:
+            self.api.sign(
+                self.account,
+                self.CA_SERVICE_ID,
+                self.csr,
+                'P1D'
+            )
+
+        self.assertEqual(context.exception.status, 500)
+
     def test_sign_400(self):
         """Test case for 400 response when requesting a signed certificate
         Error originates from NGINX, occurs when making HTTPS requests to Conjur through NGINX
