| 
									
										
										
										
											2021-09-17 02:44:40 -07:00
										 |  |  | from moto.acm.models import AWS_ROOT_CA | 
					
						
							| 
									
										
										
										
											2017-09-22 00:20:26 +01:00
										 |  |  | 
 | 
					
						
							|  |  |  | import os | 
					
						
							| 
									
										
										
										
											2017-10-28 17:07:34 +01:00
										 |  |  | import uuid | 
					
						
							| 
									
										
										
										
											2017-09-22 00:20:26 +01:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-11-10 18:14:50 +01:00
										 |  |  | import boto3 | 
					
						
							|  |  |  | import pytest | 
					
						
							| 
									
										
										
										
											2017-09-22 00:20:26 +01:00
										 |  |  | from botocore.exceptions import ClientError | 
					
						
							| 
									
										
										
										
											2021-09-17 02:44:40 -07:00
										 |  |  | from cryptography.hazmat.backends import default_backend | 
					
						
							| 
									
										
										
										
											2021-10-18 19:44:29 +00:00
										 |  |  | from cryptography.hazmat.primitives import serialization | 
					
						
							| 
									
										
										
										
											2020-11-10 18:14:50 +01:00
										 |  |  | from freezegun import freeze_time | 
					
						
							| 
									
										
										
										
											2021-10-14 21:43:10 +00:00
										 |  |  | from moto import mock_acm, mock_elb, settings | 
					
						
							| 
									
										
										
										
											2022-08-13 09:49:43 +00:00
										 |  |  | from moto.core import DEFAULT_ACCOUNT_ID as ACCOUNT_ID | 
					
						
							| 
									
										
										
										
											2021-07-29 06:38:16 +01:00
										 |  |  | from unittest import SkipTest, mock | 
					
						
							| 
									
										
										
										
											2017-09-22 00:20:26 +01:00
										 |  |  | 
 | 
					
						
							|  |  |  | RESOURCE_FOLDER = os.path.join(os.path.dirname(__file__), "resources") | 
					
						
							| 
									
										
										
										
											2022-03-11 20:28:45 -01:00
										 |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | def get_resource(filename): | 
					
						
							|  |  |  |     return open(os.path.join(RESOURCE_FOLDER, filename), "rb").read() | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | CA_CRT = get_resource("ca.pem") | 
					
						
							|  |  |  | CA_KEY = get_resource("ca.key") | 
					
						
							|  |  |  | SERVER_CRT = get_resource("star_moto_com.pem") | 
					
						
							| 
									
										
										
										
											2017-09-22 11:21:36 +01:00
										 |  |  | SERVER_COMMON_NAME = "*.moto.com" | 
					
						
							| 
									
										
										
										
											2022-03-11 20:28:45 -01:00
										 |  |  | SERVER_CRT_BAD = get_resource("star_moto_com-bad.pem") | 
					
						
							|  |  |  | SERVER_KEY = get_resource("star_moto_com.key") | 
					
						
							| 
									
										
										
										
											2020-11-11 15:55:37 +00:00
										 |  |  | BAD_ARN = f"arn:aws:acm:us-east-2:{ACCOUNT_ID}:certificate/_0000000-0000-0000-0000-000000000000" | 
					
						
							| 
									
										
										
										
											2017-09-22 00:20:26 +01:00
										 |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-09-22 11:21:36 +01:00
										 |  |  | def _import_cert(client): | 
					
						
							|  |  |  |     response = client.import_certificate( | 
					
						
							|  |  |  |         Certificate=SERVER_CRT, PrivateKey=SERVER_KEY, CertificateChain=CA_CRT | 
					
						
							|  |  |  |     ) | 
					
						
							|  |  |  |     return response["CertificateArn"] | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | # Also tests GetCertificate | 
					
						
							| 
									
										
										
										
											2017-09-22 00:20:26 +01:00
										 |  |  | @mock_acm | 
					
						
							|  |  |  | def test_import_certificate(): | 
					
						
							|  |  |  |     client = boto3.client("acm", region_name="eu-central-1") | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     resp = client.import_certificate( | 
					
						
							|  |  |  |         Certificate=SERVER_CRT, PrivateKey=SERVER_KEY, CertificateChain=CA_CRT | 
					
						
							|  |  |  |     ) | 
					
						
							|  |  |  |     resp = client.get_certificate(CertificateArn=resp["CertificateArn"]) | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-06-03 15:34:52 +00:00
										 |  |  |     assert resp["Certificate"] == SERVER_CRT.decode() | 
					
						
							|  |  |  |     assert "CertificateChain" in resp | 
					
						
							| 
									
										
										
										
											2017-09-22 11:21:36 +01:00
										 |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-10-12 12:25:14 +05:30
										 |  |  | @mock_acm | 
					
						
							|  |  |  | def test_import_certificate_with_tags(): | 
					
						
							|  |  |  |     client = boto3.client("acm", region_name="eu-central-1") | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     resp = client.import_certificate( | 
					
						
							|  |  |  |         Certificate=SERVER_CRT, | 
					
						
							|  |  |  |         PrivateKey=SERVER_KEY, | 
					
						
							|  |  |  |         CertificateChain=CA_CRT, | 
					
						
							| 
									
										
										
										
											2020-11-11 15:55:37 +00:00
										 |  |  |         Tags=[{"Key": "Environment", "Value": "QA"}, {"Key": "KeyOnly"}], | 
					
						
							| 
									
										
										
										
											2020-10-12 12:25:14 +05:30
										 |  |  |     ) | 
					
						
							|  |  |  |     arn = resp["CertificateArn"] | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     resp = client.get_certificate(CertificateArn=arn) | 
					
						
							| 
									
										
										
										
											2023-06-03 15:34:52 +00:00
										 |  |  |     assert resp["Certificate"] == SERVER_CRT.decode() | 
					
						
							|  |  |  |     assert "CertificateChain" in resp | 
					
						
							| 
									
										
										
										
											2020-10-12 12:25:14 +05:30
										 |  |  | 
 | 
					
						
							|  |  |  |     resp = client.list_tags_for_certificate(CertificateArn=arn) | 
					
						
							|  |  |  |     tags = {item["Key"]: item.get("Value", "__NONE__") for item in resp["Tags"]} | 
					
						
							| 
									
										
										
										
											2023-06-03 15:34:52 +00:00
										 |  |  |     assert "Environment" in tags | 
					
						
							|  |  |  |     assert "KeyOnly" in tags | 
					
						
							|  |  |  |     assert tags["Environment"] == "QA" | 
					
						
							|  |  |  |     assert tags["KeyOnly"] == "__NONE__" | 
					
						
							| 
									
										
										
										
											2020-10-12 12:25:14 +05:30
										 |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-09-22 11:21:36 +01:00
										 |  |  | @mock_acm | 
					
						
							|  |  |  | def test_import_bad_certificate(): | 
					
						
							|  |  |  |     client = boto3.client("acm", region_name="eu-central-1") | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     try: | 
					
						
							|  |  |  |         client.import_certificate(Certificate=SERVER_CRT_BAD, PrivateKey=SERVER_KEY) | 
					
						
							|  |  |  |     except ClientError as err: | 
					
						
							| 
									
										
										
										
											2023-06-03 15:34:52 +00:00
										 |  |  |         assert err.response["Error"]["Code"] == "ValidationException" | 
					
						
							| 
									
										
										
										
											2017-09-22 11:21:36 +01:00
										 |  |  |     else: | 
					
						
							| 
									
										
										
										
											2023-02-26 18:44:04 -01:00
										 |  |  |         raise RuntimeError("Should have raised ValidationException") | 
					
						
							| 
									
										
										
										
											2017-09-22 11:21:36 +01:00
										 |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | @mock_acm | 
					
						
							|  |  |  | def test_list_certificates(): | 
					
						
							| 
									
										
										
										
											2019-08-19 17:29:14 -07:00
										 |  |  |     client = boto3.client("acm", region_name="eu-central-1") | 
					
						
							|  |  |  |     issued_arn = _import_cert(client) | 
					
						
							|  |  |  |     pending_arn = client.request_certificate(DomainName="google.com")["CertificateArn"] | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-02-08 21:56:51 -01:00
										 |  |  |     certs = client.list_certificates()["CertificateSummaryList"] | 
					
						
							| 
									
										
										
										
											2023-06-03 15:34:52 +00:00
										 |  |  |     assert issued_arn in [c["CertificateArn"] for c in certs] | 
					
						
							|  |  |  |     assert pending_arn in [c["CertificateArn"] for c in certs] | 
					
						
							| 
									
										
										
										
											2023-02-26 21:45:54 +01:00
										 |  |  |     for cert in certs: | 
					
						
							| 
									
										
										
										
											2023-06-03 15:34:52 +00:00
										 |  |  |         assert "CertificateArn" in cert | 
					
						
							|  |  |  |         assert "DomainName" in cert | 
					
						
							|  |  |  |         assert "Status" in cert | 
					
						
							|  |  |  |         assert "Type" in cert | 
					
						
							|  |  |  |         assert "KeyAlgorithm" in cert | 
					
						
							|  |  |  |         assert "RenewalEligibility" in cert | 
					
						
							|  |  |  |         assert "NotBefore" in cert | 
					
						
							|  |  |  |         assert "NotAfter" in cert | 
					
						
							| 
									
										
										
										
											2023-02-08 21:56:51 -01:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-08-19 17:29:14 -07:00
										 |  |  |     resp = client.list_certificates(CertificateStatuses=["EXPIRED", "INACTIVE"]) | 
					
						
							| 
									
										
										
										
											2023-06-03 15:34:52 +00:00
										 |  |  |     assert len(resp["CertificateSummaryList"]) == 0 | 
					
						
							| 
									
										
										
										
											2023-02-08 21:56:51 -01:00
										 |  |  | 
 | 
					
						
							|  |  |  |     certs = client.list_certificates(CertificateStatuses=["PENDING_VALIDATION"])[ | 
					
						
							|  |  |  |         "CertificateSummaryList" | 
					
						
							|  |  |  |     ] | 
					
						
							| 
									
										
										
										
											2023-06-03 15:34:52 +00:00
										 |  |  |     assert issued_arn not in [c["CertificateArn"] for c in certs] | 
					
						
							|  |  |  |     assert pending_arn in [c["CertificateArn"] for c in certs] | 
					
						
							| 
									
										
										
										
											2023-02-08 21:56:51 -01:00
										 |  |  | 
 | 
					
						
							|  |  |  |     certs = client.list_certificates(CertificateStatuses=["ISSUED"])[ | 
					
						
							|  |  |  |         "CertificateSummaryList" | 
					
						
							|  |  |  |     ] | 
					
						
							| 
									
										
										
										
											2023-06-03 15:34:52 +00:00
										 |  |  |     assert issued_arn in [c["CertificateArn"] for c in certs] | 
					
						
							|  |  |  |     assert pending_arn not in [c["CertificateArn"] for c in certs] | 
					
						
							| 
									
										
										
										
											2023-02-08 21:56:51 -01:00
										 |  |  | 
 | 
					
						
							|  |  |  |     certs = client.list_certificates( | 
					
						
							| 
									
										
										
										
											2019-08-19 17:29:14 -07:00
										 |  |  |         CertificateStatuses=["ISSUED", "PENDING_VALIDATION"] | 
					
						
							| 
									
										
										
										
											2023-02-08 21:56:51 -01:00
										 |  |  |     )["CertificateSummaryList"] | 
					
						
							| 
									
										
										
										
											2023-06-03 15:34:52 +00:00
										 |  |  |     assert issued_arn in [c["CertificateArn"] for c in certs] | 
					
						
							|  |  |  |     assert pending_arn in [c["CertificateArn"] for c in certs] | 
					
						
							| 
									
										
										
										
											2019-08-19 17:29:14 -07:00
										 |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-09-22 11:21:36 +01:00
										 |  |  | @mock_acm | 
					
						
							|  |  |  | def test_get_invalid_certificate(): | 
					
						
							|  |  |  |     client = boto3.client("acm", region_name="eu-central-1") | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     try: | 
					
						
							|  |  |  |         client.get_certificate(CertificateArn=BAD_ARN) | 
					
						
							|  |  |  |     except ClientError as err: | 
					
						
							| 
									
										
										
										
											2023-06-03 15:34:52 +00:00
										 |  |  |         assert err.response["Error"]["Code"] == "ResourceNotFoundException" | 
					
						
							| 
									
										
										
										
											2017-09-22 11:21:36 +01:00
										 |  |  |     else: | 
					
						
							| 
									
										
										
										
											2023-02-26 18:44:04 -01:00
										 |  |  |         raise RuntimeError("Should have raised ResourceNotFoundException") | 
					
						
							| 
									
										
										
										
											2017-09-22 11:21:36 +01:00
										 |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | # Also tests deleting invalid certificate | 
					
						
							|  |  |  | @mock_acm | 
					
						
							|  |  |  | def test_delete_certificate(): | 
					
						
							|  |  |  |     client = boto3.client("acm", region_name="eu-central-1") | 
					
						
							|  |  |  |     arn = _import_cert(client) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     # If it does not raise an error and the next call does, all is fine | 
					
						
							|  |  |  |     client.delete_certificate(CertificateArn=arn) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     try: | 
					
						
							|  |  |  |         client.delete_certificate(CertificateArn=arn) | 
					
						
							|  |  |  |     except ClientError as err: | 
					
						
							| 
									
										
										
										
											2023-06-03 15:34:52 +00:00
										 |  |  |         assert err.response["Error"]["Code"] == "ResourceNotFoundException" | 
					
						
							| 
									
										
										
										
											2017-09-22 11:21:36 +01:00
										 |  |  |     else: | 
					
						
							| 
									
										
										
										
											2023-02-26 18:44:04 -01:00
										 |  |  |         raise RuntimeError("Should have raised ResourceNotFoundException") | 
					
						
							| 
									
										
										
										
											2017-09-22 11:21:36 +01:00
										 |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | @mock_acm | 
					
						
							|  |  |  | def test_describe_certificate(): | 
					
						
							|  |  |  |     client = boto3.client("acm", region_name="eu-central-1") | 
					
						
							|  |  |  |     arn = _import_cert(client) | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-03-20 17:22:15 +01:00
										 |  |  |     try: | 
					
						
							|  |  |  |         resp = client.describe_certificate(CertificateArn=arn) | 
					
						
							|  |  |  |     except OverflowError: | 
					
						
							|  |  |  |         pytest.skip("This test requires 64-bit time_t") | 
					
						
							| 
									
										
										
										
											2023-06-03 15:34:52 +00:00
										 |  |  |     assert resp["Certificate"]["CertificateArn"] == arn | 
					
						
							|  |  |  |     assert resp["Certificate"]["DomainName"] == SERVER_COMMON_NAME | 
					
						
							|  |  |  |     assert resp["Certificate"]["Issuer"] == "Moto" | 
					
						
							|  |  |  |     assert resp["Certificate"]["KeyAlgorithm"] == "RSA_2048" | 
					
						
							|  |  |  |     assert resp["Certificate"]["Status"] == "ISSUED" | 
					
						
							|  |  |  |     assert resp["Certificate"]["Type"] == "IMPORTED" | 
					
						
							|  |  |  |     assert resp["Certificate"]["RenewalEligibility"] == "INELIGIBLE" | 
					
						
							|  |  |  |     assert "Options" in resp["Certificate"] | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     assert len(resp["Certificate"]["DomainValidationOptions"]) == 1 | 
					
						
							| 
									
										
										
										
											2022-02-09 21:38:09 -01:00
										 |  |  |     validation_option = resp["Certificate"]["DomainValidationOptions"][0] | 
					
						
							| 
									
										
										
										
											2023-06-03 15:34:52 +00:00
										 |  |  |     assert validation_option["DomainName"] == SERVER_COMMON_NAME | 
					
						
							|  |  |  |     assert "ValidationDomain" not in validation_option | 
					
						
							| 
									
										
										
										
											2017-09-22 11:21:36 +01:00
										 |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | @mock_acm | 
					
						
							| 
									
										
										
										
											2020-10-11 03:02:42 +05:30
										 |  |  | def test_describe_certificate_with_bad_arn(): | 
					
						
							| 
									
										
										
										
											2017-09-22 11:21:36 +01:00
										 |  |  |     client = boto3.client("acm", region_name="eu-central-1") | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-09-17 02:44:40 -07:00
										 |  |  |     with pytest.raises(ClientError) as err: | 
					
						
							| 
									
										
										
										
											2017-09-22 11:21:36 +01:00
										 |  |  |         client.describe_certificate(CertificateArn=BAD_ARN) | 
					
						
							| 
									
										
										
										
											2021-09-17 02:44:40 -07:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-06-03 15:34:52 +00:00
										 |  |  |     assert err.value.response["Error"]["Code"] == "ResourceNotFoundException" | 
					
						
							| 
									
										
										
										
											2021-09-17 02:44:40 -07:00
										 |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | @mock_acm | 
					
						
							|  |  |  | def test_export_certificate(): | 
					
						
							|  |  |  |     client = boto3.client("acm", region_name="eu-central-1") | 
					
						
							|  |  |  |     arn = _import_cert(client) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     resp = client.export_certificate(CertificateArn=arn, Passphrase="pass") | 
					
						
							| 
									
										
										
										
											2023-06-03 15:34:52 +00:00
										 |  |  |     assert resp["Certificate"] == SERVER_CRT.decode() | 
					
						
							|  |  |  |     assert resp["CertificateChain"] == CA_CRT.decode() + "\n" + AWS_ROOT_CA.decode() | 
					
						
							|  |  |  |     assert "PrivateKey" in resp | 
					
						
							| 
									
										
										
										
											2021-09-17 02:44:40 -07:00
										 |  |  | 
 | 
					
						
							|  |  |  |     key = serialization.load_pem_private_key( | 
					
						
							|  |  |  |         bytes(resp["PrivateKey"], "utf-8"), password=b"pass", backend=default_backend() | 
					
						
							|  |  |  |     ) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     private_key = key.private_bytes( | 
					
						
							|  |  |  |         encoding=serialization.Encoding.PEM, | 
					
						
							|  |  |  |         format=serialization.PrivateFormat.TraditionalOpenSSL, | 
					
						
							|  |  |  |         encryption_algorithm=serialization.NoEncryption(), | 
					
						
							|  |  |  |     ) | 
					
						
							| 
									
										
										
										
											2023-06-03 15:34:52 +00:00
										 |  |  |     assert private_key == SERVER_KEY | 
					
						
							| 
									
										
										
										
											2021-09-17 02:44:40 -07:00
										 |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | @mock_acm | 
					
						
							|  |  |  | def test_export_certificate_with_bad_arn(): | 
					
						
							|  |  |  |     client = boto3.client("acm", region_name="eu-central-1") | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     with pytest.raises(ClientError) as err: | 
					
						
							|  |  |  |         client.export_certificate(CertificateArn=BAD_ARN, Passphrase="pass") | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-06-03 15:34:52 +00:00
										 |  |  |     assert err.value.response["Error"]["Code"] == "ResourceNotFoundException" | 
					
						
							| 
									
										
										
										
											2017-09-22 11:21:36 +01:00
										 |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | # Also tests ListTagsForCertificate | 
					
						
							|  |  |  | @mock_acm | 
					
						
							|  |  |  | def test_add_tags_to_certificate(): | 
					
						
							|  |  |  |     client = boto3.client("acm", region_name="eu-central-1") | 
					
						
							|  |  |  |     arn = _import_cert(client) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     client.add_tags_to_certificate( | 
					
						
							|  |  |  |         CertificateArn=arn, Tags=[{"Key": "key1", "Value": "value1"}, {"Key": "key2"}] | 
					
						
							|  |  |  |     ) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     resp = client.list_tags_for_certificate(CertificateArn=arn) | 
					
						
							|  |  |  |     tags = {item["Key"]: item.get("Value", "__NONE__") for item in resp["Tags"]} | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-06-03 15:34:52 +00:00
										 |  |  |     assert "key1" in tags | 
					
						
							|  |  |  |     assert "key2" in tags | 
					
						
							|  |  |  |     assert tags["key1"] == "value1" | 
					
						
							| 
									
										
										
										
											2017-09-22 11:21:36 +01:00
										 |  |  | 
 | 
					
						
							|  |  |  |     # This way, it ensures that we can detect if None is passed back when it shouldnt, | 
					
						
							|  |  |  |     # as we store keys without values with a value of None, but it shouldnt be passed back | 
					
						
							| 
									
										
										
										
											2023-06-03 15:34:52 +00:00
										 |  |  |     assert tags["key2"] == "__NONE__" | 
					
						
							| 
									
										
										
										
											2017-09-22 11:21:36 +01:00
										 |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | @mock_acm | 
					
						
							|  |  |  | def test_add_tags_to_invalid_certificate(): | 
					
						
							|  |  |  |     client = boto3.client("acm", region_name="eu-central-1") | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     try: | 
					
						
							|  |  |  |         client.add_tags_to_certificate( | 
					
						
							|  |  |  |             CertificateArn=BAD_ARN, | 
					
						
							|  |  |  |             Tags=[{"Key": "key1", "Value": "value1"}, {"Key": "key2"}], | 
					
						
							|  |  |  |         ) | 
					
						
							|  |  |  |     except ClientError as err: | 
					
						
							| 
									
										
										
										
											2023-06-03 15:34:52 +00:00
										 |  |  |         assert err.response["Error"]["Code"] == "ResourceNotFoundException" | 
					
						
							| 
									
										
										
										
											2017-09-22 11:21:36 +01:00
										 |  |  |     else: | 
					
						
							| 
									
										
										
										
											2023-02-26 18:44:04 -01:00
										 |  |  |         raise RuntimeError("Should have raised ResourceNotFoundException") | 
					
						
							| 
									
										
										
										
											2017-09-22 11:21:36 +01:00
										 |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | @mock_acm | 
					
						
							|  |  |  | def test_list_tags_for_invalid_certificate(): | 
					
						
							|  |  |  |     client = boto3.client("acm", region_name="eu-central-1") | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     try: | 
					
						
							|  |  |  |         client.list_tags_for_certificate(CertificateArn=BAD_ARN) | 
					
						
							|  |  |  |     except ClientError as err: | 
					
						
							| 
									
										
										
										
											2023-06-03 15:34:52 +00:00
										 |  |  |         assert err.response["Error"]["Code"] == "ResourceNotFoundException" | 
					
						
							| 
									
										
										
										
											2017-09-22 11:21:36 +01:00
										 |  |  |     else: | 
					
						
							| 
									
										
										
										
											2023-02-26 18:44:04 -01:00
										 |  |  |         raise RuntimeError("Should have raised ResourceNotFoundException") | 
					
						
							| 
									
										
										
										
											2017-09-22 11:21:36 +01:00
										 |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | @mock_acm | 
					
						
							|  |  |  | def test_remove_tags_from_certificate(): | 
					
						
							|  |  |  |     client = boto3.client("acm", region_name="eu-central-1") | 
					
						
							|  |  |  |     arn = _import_cert(client) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     client.add_tags_to_certificate( | 
					
						
							|  |  |  |         CertificateArn=arn, | 
					
						
							|  |  |  |         Tags=[ | 
					
						
							|  |  |  |             {"Key": "key1", "Value": "value1"}, | 
					
						
							|  |  |  |             {"Key": "key2"}, | 
					
						
							|  |  |  |             {"Key": "key3", "Value": "value3"}, | 
					
						
							|  |  |  |             {"Key": "key4", "Value": "value4"}, | 
					
						
							|  |  |  |         ], | 
					
						
							|  |  |  |     ) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     client.remove_tags_from_certificate( | 
					
						
							|  |  |  |         CertificateArn=arn, | 
					
						
							|  |  |  |         Tags=[ | 
					
						
							|  |  |  |             {"Key": "key1", "Value": "value2"},  # Should not remove as doesnt match | 
					
						
							|  |  |  |             {"Key": "key2"},  # Single key removal | 
					
						
							|  |  |  |             {"Key": "key3", "Value": "value3"},  # Exact match removal | 
					
						
							|  |  |  |             {"Key": "key4"},  # Partial match removal | 
					
						
							|  |  |  |         ], | 
					
						
							|  |  |  |     ) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     resp = client.list_tags_for_certificate(CertificateArn=arn) | 
					
						
							|  |  |  |     tags = {item["Key"]: item.get("Value", "__NONE__") for item in resp["Tags"]} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     for key in ("key2", "key3", "key4"): | 
					
						
							| 
									
										
										
										
											2023-06-03 15:34:52 +00:00
										 |  |  |         assert key not in tags | 
					
						
							| 
									
										
										
										
											2017-09-22 11:21:36 +01:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-06-03 15:34:52 +00:00
										 |  |  |     assert "key1" in tags | 
					
						
							| 
									
										
										
										
											2017-09-22 11:21:36 +01:00
										 |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | @mock_acm | 
					
						
							|  |  |  | def test_remove_tags_from_invalid_certificate(): | 
					
						
							|  |  |  |     client = boto3.client("acm", region_name="eu-central-1") | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     try: | 
					
						
							|  |  |  |         client.remove_tags_from_certificate( | 
					
						
							|  |  |  |             CertificateArn=BAD_ARN, | 
					
						
							|  |  |  |             Tags=[{"Key": "key1", "Value": "value1"}, {"Key": "key2"}], | 
					
						
							|  |  |  |         ) | 
					
						
							|  |  |  |     except ClientError as err: | 
					
						
							| 
									
										
										
										
											2023-06-03 15:34:52 +00:00
										 |  |  |         assert err.response["Error"]["Code"] == "ResourceNotFoundException" | 
					
						
							| 
									
										
										
										
											2017-09-22 11:21:36 +01:00
										 |  |  |     else: | 
					
						
							| 
									
										
										
										
											2023-02-26 18:44:04 -01:00
										 |  |  |         raise RuntimeError("Should have raised ResourceNotFoundException") | 
					
						
							| 
									
										
										
										
											2017-09-22 11:21:36 +01:00
										 |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-09-22 14:26:05 +01:00
										 |  |  | @mock_acm | 
					
						
							|  |  |  | def test_resend_validation_email(): | 
					
						
							|  |  |  |     client = boto3.client("acm", region_name="eu-central-1") | 
					
						
							|  |  |  |     arn = _import_cert(client) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     client.resend_validation_email( | 
					
						
							|  |  |  |         CertificateArn=arn, Domain="*.moto.com", ValidationDomain="NOTUSEDYET" | 
					
						
							|  |  |  |     ) | 
					
						
							|  |  |  |     # Returns nothing, boto would raise Exceptions otherwise | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | @mock_acm | 
					
						
							|  |  |  | def test_resend_validation_email_invalid(): | 
					
						
							|  |  |  |     client = boto3.client("acm", region_name="eu-central-1") | 
					
						
							|  |  |  |     arn = _import_cert(client) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     try: | 
					
						
							|  |  |  |         client.resend_validation_email( | 
					
						
							|  |  |  |             CertificateArn=arn, | 
					
						
							|  |  |  |             Domain="no-match.moto.com", | 
					
						
							|  |  |  |             ValidationDomain="NOTUSEDYET", | 
					
						
							|  |  |  |         ) | 
					
						
							|  |  |  |     except ClientError as err: | 
					
						
							| 
									
										
										
										
											2023-06-03 15:34:52 +00:00
										 |  |  |         assert ( | 
					
						
							|  |  |  |             err.response["Error"]["Code"] == "InvalidDomainValidationOptionsException" | 
					
						
							| 
									
										
										
										
											2017-09-22 14:26:05 +01:00
										 |  |  |         ) | 
					
						
							|  |  |  |     else: | 
					
						
							| 
									
										
										
										
											2023-02-26 18:44:04 -01:00
										 |  |  |         raise RuntimeError("Should have raised InvalidDomainValidationOptionsException") | 
					
						
							| 
									
										
										
										
											2017-09-22 11:21:36 +01:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-09-22 14:26:05 +01:00
										 |  |  |     try: | 
					
						
							|  |  |  |         client.resend_validation_email( | 
					
						
							|  |  |  |             CertificateArn=BAD_ARN, | 
					
						
							|  |  |  |             Domain="no-match.moto.com", | 
					
						
							|  |  |  |             ValidationDomain="NOTUSEDYET", | 
					
						
							|  |  |  |         ) | 
					
						
							|  |  |  |     except ClientError as err: | 
					
						
							| 
									
										
										
										
											2023-06-03 15:34:52 +00:00
										 |  |  |         assert err.response["Error"]["Code"] == "ResourceNotFoundException" | 
					
						
							| 
									
										
										
										
											2017-09-22 14:26:05 +01:00
										 |  |  |     else: | 
					
						
							| 
									
										
										
										
											2023-02-26 18:44:04 -01:00
										 |  |  |         raise RuntimeError("Should have raised ResourceNotFoundException") | 
					
						
							| 
									
										
										
										
											2017-09-22 11:21:36 +01:00
										 |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-09-22 14:26:05 +01:00
										 |  |  | @mock_acm | 
					
						
							|  |  |  | def test_request_certificate(): | 
					
						
							|  |  |  |     client = boto3.client("acm", region_name="eu-central-1") | 
					
						
							| 
									
										
										
										
											2017-09-22 11:21:36 +01:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-10-28 17:07:34 +01:00
										 |  |  |     token = str(uuid.uuid4()) | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-09-22 14:26:05 +01:00
										 |  |  |     resp = client.request_certificate( | 
					
						
							|  |  |  |         DomainName="google.com", | 
					
						
							| 
									
										
										
										
											2017-10-28 17:07:34 +01:00
										 |  |  |         IdempotencyToken=token, | 
					
						
							| 
									
										
										
										
											2017-09-22 14:26:05 +01:00
										 |  |  |         SubjectAlternativeNames=["google.com", "www.google.com", "mail.google.com"], | 
					
						
							|  |  |  |     ) | 
					
						
							| 
									
										
										
										
											2023-06-03 15:34:52 +00:00
										 |  |  |     assert "CertificateArn" in resp | 
					
						
							| 
									
										
										
										
											2017-10-28 17:07:34 +01:00
										 |  |  |     arn = resp["CertificateArn"] | 
					
						
							| 
									
										
										
										
											2023-06-03 15:34:52 +00:00
										 |  |  |     assert f"arn:aws:acm:eu-central-1:{ACCOUNT_ID}:certificate/" in arn | 
					
						
							| 
									
										
										
										
											2017-10-28 17:07:34 +01:00
										 |  |  | 
 | 
					
						
							|  |  |  |     resp = client.request_certificate( | 
					
						
							|  |  |  |         DomainName="google.com", | 
					
						
							|  |  |  |         IdempotencyToken=token, | 
					
						
							|  |  |  |         SubjectAlternativeNames=["google.com", "www.google.com", "mail.google.com"], | 
					
						
							|  |  |  |     ) | 
					
						
							| 
									
										
										
										
											2023-06-03 15:34:52 +00:00
										 |  |  |     assert resp["CertificateArn"] == arn | 
					
						
							| 
									
										
										
										
											2017-10-28 17:07:34 +01:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-09-22 14:26:05 +01:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-10-12 12:25:14 +05:30
										 |  |  | @mock_acm | 
					
						
							|  |  |  | def test_request_certificate_with_tags(): | 
					
						
							|  |  |  |     client = boto3.client("acm", region_name="eu-central-1") | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     token = str(uuid.uuid4()) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     resp = client.request_certificate( | 
					
						
							|  |  |  |         DomainName="google.com", | 
					
						
							|  |  |  |         IdempotencyToken=token, | 
					
						
							|  |  |  |         SubjectAlternativeNames=["google.com", "www.google.com", "mail.google.com"], | 
					
						
							|  |  |  |         Tags=[ | 
					
						
							|  |  |  |             {"Key": "Environment", "Value": "QA"}, | 
					
						
							|  |  |  |             {"Key": "WithEmptyStr", "Value": ""}, | 
					
						
							|  |  |  |         ], | 
					
						
							|  |  |  |     ) | 
					
						
							| 
									
										
										
										
											2023-06-03 15:34:52 +00:00
										 |  |  |     assert "CertificateArn" in resp | 
					
						
							| 
									
										
										
										
											2020-10-12 12:25:14 +05:30
										 |  |  |     arn_1 = resp["CertificateArn"] | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     resp = client.list_tags_for_certificate(CertificateArn=arn_1) | 
					
						
							|  |  |  |     tags = {item["Key"]: item.get("Value", "__NONE__") for item in resp["Tags"]} | 
					
						
							| 
									
										
										
										
											2023-06-03 15:34:52 +00:00
										 |  |  |     assert len(tags) == 2 | 
					
						
							|  |  |  |     assert tags["Environment"] == "QA" | 
					
						
							|  |  |  |     assert tags["WithEmptyStr"] == "" | 
					
						
							| 
									
										
										
										
											2020-10-12 12:25:14 +05:30
										 |  |  | 
 | 
					
						
							|  |  |  |     # Request certificate for "google.com" with same IdempotencyToken but with different Tags | 
					
						
							|  |  |  |     resp = client.request_certificate( | 
					
						
							|  |  |  |         DomainName="google.com", | 
					
						
							|  |  |  |         IdempotencyToken=token, | 
					
						
							|  |  |  |         SubjectAlternativeNames=["google.com", "www.google.com", "mail.google.com"], | 
					
						
							| 
									
										
										
										
											2020-11-11 15:55:37 +00:00
										 |  |  |         Tags=[{"Key": "Environment", "Value": "Prod"}, {"Key": "KeyOnly"}], | 
					
						
							| 
									
										
										
										
											2020-10-12 12:25:14 +05:30
										 |  |  |     ) | 
					
						
							|  |  |  |     arn_2 = resp["CertificateArn"] | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     assert arn_1 != arn_2  # if tags are matched, ACM would have returned same arn | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     resp = client.list_tags_for_certificate(CertificateArn=arn_2) | 
					
						
							|  |  |  |     tags = {item["Key"]: item.get("Value", "__NONE__") for item in resp["Tags"]} | 
					
						
							| 
									
										
										
										
											2023-06-03 15:34:52 +00:00
										 |  |  |     assert len(tags) == 2 | 
					
						
							|  |  |  |     assert tags["Environment"] == "Prod" | 
					
						
							|  |  |  |     assert tags["KeyOnly"] == "__NONE__" | 
					
						
							| 
									
										
										
										
											2020-10-12 12:25:14 +05:30
										 |  |  | 
 | 
					
						
							|  |  |  |     resp = client.request_certificate( | 
					
						
							|  |  |  |         DomainName="google.com", | 
					
						
							|  |  |  |         IdempotencyToken=token, | 
					
						
							|  |  |  |         SubjectAlternativeNames=["google.com", "www.google.com", "mail.google.com"], | 
					
						
							|  |  |  |         Tags=[ | 
					
						
							|  |  |  |             {"Key": "Environment", "Value": "QA"}, | 
					
						
							|  |  |  |             {"Key": "WithEmptyStr", "Value": ""}, | 
					
						
							|  |  |  |         ], | 
					
						
							|  |  |  |     ) | 
					
						
							| 
									
										
										
										
											2022-10-07 14:41:31 +00:00
										 |  |  |     arn_3 = resp["CertificateArn"] | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     assert arn_1 != arn_3  # if tags are matched, ACM would have returned same arn | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     resp = client.request_certificate( | 
					
						
							|  |  |  |         DomainName="google.com", | 
					
						
							|  |  |  |         IdempotencyToken=token, | 
					
						
							|  |  |  |         SubjectAlternativeNames=["google.com", "www.google.com", "mail.google.com"], | 
					
						
							|  |  |  |     ) | 
					
						
							|  |  |  |     arn_4 = resp["CertificateArn"] | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     assert arn_1 != arn_4  # if tags are matched, ACM would have returned same arn | 
					
						
							| 
									
										
										
										
											2020-10-12 12:25:14 +05:30
										 |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | @mock_acm | 
					
						
							|  |  |  | def test_operations_with_invalid_tags(): | 
					
						
							|  |  |  |     client = boto3.client("acm", region_name="eu-central-1") | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     # request certificate with invalid tags | 
					
						
							| 
									
										
										
										
											2020-11-10 18:14:50 +01:00
										 |  |  |     with pytest.raises(ClientError) as ex: | 
					
						
							| 
									
										
										
										
											2020-10-12 12:25:14 +05:30
										 |  |  |         client.request_certificate( | 
					
						
							| 
									
										
										
										
											2020-11-11 15:55:37 +00:00
										 |  |  |             DomainName="example.com", Tags=[{"Key": "X" * 200, "Value": "Valid"}] | 
					
						
							| 
									
										
										
										
											2020-10-12 12:25:14 +05:30
										 |  |  |         ) | 
					
						
							| 
									
										
										
										
											2023-06-03 15:34:52 +00:00
										 |  |  |     err = ex.value.response["Error"] | 
					
						
							|  |  |  |     assert err["Code"] == "ValidationException" | 
					
						
							|  |  |  |     assert "Member must have length less than or equal to 128" in err["Message"] | 
					
						
							| 
									
										
										
										
											2020-10-12 12:25:14 +05:30
										 |  |  | 
 | 
					
						
							|  |  |  |     # import certificate with invalid tags | 
					
						
							| 
									
										
										
										
											2020-11-10 18:14:50 +01:00
										 |  |  |     with pytest.raises(ClientError) as ex: | 
					
						
							| 
									
										
										
										
											2020-10-12 12:25:14 +05:30
										 |  |  |         client.import_certificate( | 
					
						
							|  |  |  |             Certificate=SERVER_CRT, | 
					
						
							|  |  |  |             PrivateKey=SERVER_KEY, | 
					
						
							|  |  |  |             CertificateChain=CA_CRT, | 
					
						
							|  |  |  |             Tags=[ | 
					
						
							|  |  |  |                 {"Key": "Valid", "Value": "X" * 300}, | 
					
						
							|  |  |  |                 {"Key": "aws:xx", "Value": "Valid"}, | 
					
						
							|  |  |  |             ], | 
					
						
							|  |  |  |         ) | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-06-03 15:34:52 +00:00
										 |  |  |     err = ex.value.response["Error"] | 
					
						
							|  |  |  |     assert err["Code"] == "ValidationException" | 
					
						
							|  |  |  |     assert "Member must have length less than or equal to 256" in err["Message"] | 
					
						
							| 
									
										
										
										
											2020-10-12 12:25:14 +05:30
										 |  |  | 
 | 
					
						
							|  |  |  |     arn = _import_cert(client) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     # add invalid tags to existing certificate | 
					
						
							| 
									
										
										
										
											2020-11-10 18:14:50 +01:00
										 |  |  |     with pytest.raises(ClientError) as ex: | 
					
						
							| 
									
										
										
										
											2020-10-12 12:25:14 +05:30
										 |  |  |         client.add_tags_to_certificate( | 
					
						
							|  |  |  |             CertificateArn=arn, | 
					
						
							|  |  |  |             Tags=[{"Key": "aws:xxx", "Value": "Valid"}, {"Key": "key2"}], | 
					
						
							|  |  |  |         ) | 
					
						
							| 
									
										
										
										
											2023-06-03 15:34:52 +00:00
										 |  |  |     err = ex.value.response["Error"] | 
					
						
							|  |  |  |     assert err["Code"] == "ValidationException" | 
					
						
							|  |  |  |     assert "AWS internal tags cannot be changed with this API" in err["Message"] | 
					
						
							| 
									
										
										
										
											2020-10-12 12:25:14 +05:30
										 |  |  | 
 | 
					
						
							|  |  |  |     # try removing invalid tags from existing certificate | 
					
						
							| 
									
										
										
										
											2020-11-10 18:14:50 +01:00
										 |  |  |     with pytest.raises(ClientError) as ex: | 
					
						
							| 
									
										
										
										
											2020-10-12 12:25:14 +05:30
										 |  |  |         client.remove_tags_from_certificate( | 
					
						
							|  |  |  |             CertificateArn=arn, Tags=[{"Key": "aws:xxx", "Value": "Valid"}] | 
					
						
							|  |  |  |         ) | 
					
						
							| 
									
										
										
										
											2023-06-03 15:34:52 +00:00
										 |  |  |     err = ex.value.response["Error"] | 
					
						
							|  |  |  |     assert err["Code"] == "ValidationException" | 
					
						
							|  |  |  |     assert "AWS internal tags cannot be changed with this API" in err["Message"] | 
					
						
							| 
									
										
										
										
											2020-10-12 12:25:14 +05:30
										 |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | @mock_acm | 
					
						
							|  |  |  | def test_add_too_many_tags(): | 
					
						
							|  |  |  |     client = boto3.client("acm", region_name="eu-central-1") | 
					
						
							|  |  |  |     arn = _import_cert(client) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     # Add 51 tags | 
					
						
							| 
									
										
										
										
											2020-11-10 18:14:50 +01:00
										 |  |  |     with pytest.raises(ClientError) as ex: | 
					
						
							| 
									
										
										
										
											2020-10-12 12:25:14 +05:30
										 |  |  |         client.add_tags_to_certificate( | 
					
						
							|  |  |  |             CertificateArn=arn, | 
					
						
							| 
									
										
										
										
											2022-11-17 21:41:08 -01:00
										 |  |  |             Tags=[{"Key": f"a-{i}", "Value": "abcd"} for i in range(1, 52)], | 
					
						
							| 
									
										
										
										
											2020-10-12 12:25:14 +05:30
										 |  |  |         ) | 
					
						
							| 
									
										
										
										
											2023-06-03 15:34:52 +00:00
										 |  |  |     assert ex.value.response["Error"]["Code"] == "TooManyTagsException" | 
					
						
							|  |  |  |     assert "contains too many Tags" in ex.value.response["Error"]["Message"] | 
					
						
							|  |  |  |     assert client.list_tags_for_certificate(CertificateArn=arn)["Tags"] == [] | 
					
						
							| 
									
										
										
										
											2020-10-12 12:25:14 +05:30
										 |  |  | 
 | 
					
						
							|  |  |  |     # Add 49 tags first, then try to add 2 more. | 
					
						
							|  |  |  |     client.add_tags_to_certificate( | 
					
						
							|  |  |  |         CertificateArn=arn, | 
					
						
							| 
									
										
										
										
											2022-11-17 21:41:08 -01:00
										 |  |  |         Tags=[{"Key": f"p-{i}", "Value": "pqrs"} for i in range(1, 50)], | 
					
						
							| 
									
										
										
										
											2020-10-12 12:25:14 +05:30
										 |  |  |     ) | 
					
						
							| 
									
										
										
										
											2023-06-03 15:34:52 +00:00
										 |  |  |     assert len(client.list_tags_for_certificate(CertificateArn=arn)["Tags"]) == 49 | 
					
						
							| 
									
										
										
										
											2020-11-10 18:14:50 +01:00
										 |  |  |     with pytest.raises(ClientError) as ex: | 
					
						
							| 
									
										
										
										
											2020-10-12 12:25:14 +05:30
										 |  |  |         client.add_tags_to_certificate( | 
					
						
							|  |  |  |             CertificateArn=arn, | 
					
						
							|  |  |  |             Tags=[{"Key": "x-1", "Value": "xyz"}, {"Key": "x-2", "Value": "xyz"}], | 
					
						
							|  |  |  |         ) | 
					
						
							| 
									
										
										
										
											2023-06-03 15:34:52 +00:00
										 |  |  |     assert ex.value.response["Error"]["Code"] == "TooManyTagsException" | 
					
						
							|  |  |  |     assert "contains too many Tags" in ex.value.response["Error"]["Message"] | 
					
						
							|  |  |  |     assert ex.value.response["Error"]["Message"].count("pqrs") == 49 | 
					
						
							|  |  |  |     assert ex.value.response["Error"]["Message"].count("xyz") == 2 | 
					
						
							|  |  |  |     assert len(client.list_tags_for_certificate(CertificateArn=arn)["Tags"]) == 49 | 
					
						
							| 
									
										
										
										
											2020-10-12 12:25:14 +05:30
										 |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-10-19 17:47:21 -07:00
										 |  |  | @mock_acm | 
					
						
							|  |  |  | def test_request_certificate_no_san(): | 
					
						
							|  |  |  |     client = boto3.client("acm", region_name="eu-central-1") | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     resp = client.request_certificate(DomainName="google.com") | 
					
						
							| 
									
										
										
										
											2023-06-03 15:34:52 +00:00
										 |  |  |     assert "CertificateArn" in resp | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-04-13 10:37:06 -04:00
										 |  |  |     resp2 = client.describe_certificate(CertificateArn=resp["CertificateArn"]) | 
					
						
							| 
									
										
										
										
											2023-06-03 15:34:52 +00:00
										 |  |  |     assert "Certificate" in resp2 | 
					
						
							| 
									
										
										
										
											2017-10-19 17:47:21 -07:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-06-03 15:34:52 +00:00
										 |  |  |     assert resp2["Certificate"]["RenewalEligibility"] == "INELIGIBLE" | 
					
						
							|  |  |  |     assert "Options" in resp2["Certificate"] | 
					
						
							|  |  |  |     assert len(resp2["Certificate"]["DomainValidationOptions"]) == 1 | 
					
						
							| 
									
										
										
										
											2022-02-09 21:38:09 -01:00
										 |  |  | 
 | 
					
						
							|  |  |  |     validation_option = resp2["Certificate"]["DomainValidationOptions"][0] | 
					
						
							| 
									
										
										
										
											2023-06-03 15:34:52 +00:00
										 |  |  |     assert validation_option["DomainName"] == "google.com" | 
					
						
							|  |  |  |     assert validation_option["ValidationDomain"] == "google.com" | 
					
						
							| 
									
										
										
										
											2022-02-09 21:38:09 -01:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-09-22 14:26:05 +01:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-10-12 19:13:36 +05:30
										 |  |  | # Also tests the SAN code | 
					
						
							|  |  |  | @mock_acm | 
					
						
							| 
									
										
										
										
											2020-11-11 15:54:01 +00:00
										 |  |  | def test_request_certificate_issued_status(): | 
					
						
							| 
									
										
										
										
											2020-10-12 19:13:36 +05:30
										 |  |  |     # After requesting a certificate, it should then auto-validate after 1 minute | 
					
						
							|  |  |  |     # Some sneaky programming for that ;-) | 
					
						
							|  |  |  |     client = boto3.client("acm", region_name="eu-central-1") | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-11-11 15:54:01 +00:00
										 |  |  |     with freeze_time("2012-01-01 12:00:00"): | 
					
						
							|  |  |  |         resp = client.request_certificate( | 
					
						
							|  |  |  |             DomainName="google.com", | 
					
						
							|  |  |  |             SubjectAlternativeNames=["google.com", "www.google.com", "mail.google.com"], | 
					
						
							|  |  |  |         ) | 
					
						
							| 
									
										
										
										
											2020-10-12 19:13:36 +05:30
										 |  |  |     arn = resp["CertificateArn"] | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-11-11 15:54:01 +00:00
										 |  |  |     with freeze_time("2012-01-01 12:00:00"): | 
					
						
							|  |  |  |         resp = client.describe_certificate(CertificateArn=arn) | 
					
						
							| 
									
										
										
										
											2023-06-03 15:34:52 +00:00
										 |  |  |     assert resp["Certificate"]["CertificateArn"] == arn | 
					
						
							|  |  |  |     assert resp["Certificate"]["DomainName"] == "google.com" | 
					
						
							|  |  |  |     assert resp["Certificate"]["Issuer"] == "Amazon" | 
					
						
							|  |  |  |     assert resp["Certificate"]["KeyAlgorithm"] == "RSA_2048" | 
					
						
							|  |  |  |     assert resp["Certificate"]["Status"] == "PENDING_VALIDATION" | 
					
						
							|  |  |  |     assert resp["Certificate"]["Type"] == "AMAZON_ISSUED" | 
					
						
							|  |  |  |     assert len(resp["Certificate"]["SubjectAlternativeNames"]) == 3 | 
					
						
							| 
									
										
										
										
											2020-10-12 19:13:36 +05:30
										 |  |  | 
 | 
					
						
							|  |  |  |     # validation will be pending for 1 minute. | 
					
						
							| 
									
										
										
										
											2020-11-11 15:54:01 +00:00
										 |  |  |     with freeze_time("2012-01-01 12:00:00"): | 
					
						
							|  |  |  |         resp = client.describe_certificate(CertificateArn=arn) | 
					
						
							| 
									
										
										
										
											2023-06-03 15:34:52 +00:00
										 |  |  |     assert resp["Certificate"]["CertificateArn"] == arn | 
					
						
							|  |  |  |     assert resp["Certificate"]["Status"] == "PENDING_VALIDATION" | 
					
						
							| 
									
										
										
										
											2020-10-12 19:13:36 +05:30
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-09-27 18:34:30 +00:00
										 |  |  |     if settings.TEST_DECORATOR_MODE: | 
					
						
							| 
									
										
										
										
											2020-10-12 19:13:36 +05:30
										 |  |  |         # Move time to get it issued. | 
					
						
							| 
									
										
										
										
											2020-11-11 15:54:01 +00:00
										 |  |  |         with freeze_time("2012-01-01 12:02:00"): | 
					
						
							|  |  |  |             resp = client.describe_certificate(CertificateArn=arn) | 
					
						
							| 
									
										
										
										
											2023-06-03 15:34:52 +00:00
										 |  |  |         assert resp["Certificate"]["CertificateArn"] == arn | 
					
						
							|  |  |  |         assert resp["Certificate"]["Status"] == "ISSUED" | 
					
						
							| 
									
										
										
										
											2020-10-12 19:13:36 +05:30
										 |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-04-10 17:13:20 +10:00
										 |  |  | @mock.patch("moto.settings.ACM_VALIDATION_WAIT", 3) | 
					
						
							|  |  |  | @mock_acm | 
					
						
							|  |  |  | def test_request_certificate_issued_status_with_wait_in_envvar(): | 
					
						
							|  |  |  |     # After requesting a certificate, it should then auto-validate after 3 seconds | 
					
						
							| 
									
										
										
										
											2023-09-27 18:34:30 +00:00
										 |  |  |     if not settings.TEST_DECORATOR_MODE: | 
					
						
							| 
									
										
										
										
											2021-04-10 17:13:20 +10:00
										 |  |  |         raise SkipTest("Cant manipulate time in server mode") | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     client = boto3.client("acm", region_name="eu-central-1") | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     with freeze_time("2012-01-01 12:00:00"): | 
					
						
							|  |  |  |         resp = client.request_certificate(DomainName="google.com") | 
					
						
							|  |  |  |     arn = resp["CertificateArn"] | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     with freeze_time("2012-01-01 12:00:00"): | 
					
						
							|  |  |  |         resp = client.describe_certificate(CertificateArn=arn) | 
					
						
							| 
									
										
										
										
											2023-06-03 15:34:52 +00:00
										 |  |  |     assert resp["Certificate"]["CertificateArn"] == arn | 
					
						
							|  |  |  |     assert resp["Certificate"]["Status"] == "PENDING_VALIDATION" | 
					
						
							| 
									
										
										
										
											2021-04-10 17:13:20 +10:00
										 |  |  | 
 | 
					
						
							|  |  |  |     # validation will be pending for 3 seconds. | 
					
						
							|  |  |  |     with freeze_time("2012-01-01 12:00:02"): | 
					
						
							|  |  |  |         resp = client.describe_certificate(CertificateArn=arn) | 
					
						
							| 
									
										
										
										
											2023-06-03 15:34:52 +00:00
										 |  |  |     assert resp["Certificate"]["CertificateArn"] == arn | 
					
						
							|  |  |  |     assert resp["Certificate"]["Status"] == "PENDING_VALIDATION" | 
					
						
							| 
									
										
										
										
											2021-04-10 17:13:20 +10:00
										 |  |  | 
 | 
					
						
							|  |  |  |     with freeze_time("2012-01-01 12:00:04"): | 
					
						
							|  |  |  |         resp = client.describe_certificate(CertificateArn=arn) | 
					
						
							| 
									
										
										
										
											2023-06-03 15:34:52 +00:00
										 |  |  |     assert resp["Certificate"]["CertificateArn"] == arn | 
					
						
							|  |  |  |     assert resp["Certificate"]["Status"] == "ISSUED" | 
					
						
							| 
									
										
										
										
											2021-04-10 17:13:20 +10:00
										 |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-10-12 19:13:36 +05:30
										 |  |  | @mock_acm | 
					
						
							| 
									
										
										
										
											2020-11-11 15:54:01 +00:00
										 |  |  | def test_request_certificate_with_mutiple_times(): | 
					
						
							| 
									
										
										
										
											2023-09-27 18:34:30 +00:00
										 |  |  |     if not settings.TEST_DECORATOR_MODE: | 
					
						
							| 
									
										
										
										
											2020-10-12 19:13:36 +05:30
										 |  |  |         raise SkipTest("Cant manipulate time in server mode") | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     # After requesting a certificate, it should then auto-validate after 1 minute | 
					
						
							|  |  |  |     # Some sneaky programming for that ;-) | 
					
						
							|  |  |  |     client = boto3.client("acm", region_name="eu-central-1") | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-11-11 15:54:01 +00:00
										 |  |  |     with freeze_time("2012-01-01 12:00:00"): | 
					
						
							|  |  |  |         resp = client.request_certificate( | 
					
						
							|  |  |  |             IdempotencyToken="test_token", | 
					
						
							|  |  |  |             DomainName="google.com", | 
					
						
							|  |  |  |             SubjectAlternativeNames=["google.com", "www.google.com", "mail.google.com"], | 
					
						
							|  |  |  |         ) | 
					
						
							| 
									
										
										
										
											2020-10-12 19:13:36 +05:30
										 |  |  |     original_arn = resp["CertificateArn"] | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     # Should be able to request a certificate multiple times in an hour | 
					
						
							|  |  |  |     # after that it makes a new one | 
					
						
							|  |  |  |     for time_intervals in ( | 
					
						
							|  |  |  |         "2012-01-01 12:15:00", | 
					
						
							|  |  |  |         "2012-01-01 12:30:00", | 
					
						
							|  |  |  |         "2012-01-01 12:45:00", | 
					
						
							|  |  |  |     ): | 
					
						
							| 
									
										
										
										
											2020-11-11 15:54:01 +00:00
										 |  |  |         with freeze_time(time_intervals): | 
					
						
							|  |  |  |             resp = client.request_certificate( | 
					
						
							|  |  |  |                 IdempotencyToken="test_token", | 
					
						
							|  |  |  |                 DomainName="google.com", | 
					
						
							| 
									
										
										
										
											2020-11-11 15:55:37 +00:00
										 |  |  |                 SubjectAlternativeNames=[ | 
					
						
							|  |  |  |                     "google.com", | 
					
						
							|  |  |  |                     "www.google.com", | 
					
						
							|  |  |  |                     "mail.google.com", | 
					
						
							|  |  |  |                 ], | 
					
						
							| 
									
										
										
										
											2020-11-11 15:54:01 +00:00
										 |  |  |             ) | 
					
						
							|  |  |  |         arn = resp["CertificateArn"] | 
					
						
							| 
									
										
										
										
											2023-06-03 15:34:52 +00:00
										 |  |  |         assert arn == original_arn | 
					
						
							| 
									
										
										
										
											2020-11-11 15:54:01 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |     # Move time | 
					
						
							|  |  |  |     with freeze_time("2012-01-01 13:01:00"): | 
					
						
							| 
									
										
										
										
											2020-10-12 19:13:36 +05:30
										 |  |  |         resp = client.request_certificate( | 
					
						
							|  |  |  |             IdempotencyToken="test_token", | 
					
						
							|  |  |  |             DomainName="google.com", | 
					
						
							|  |  |  |             SubjectAlternativeNames=["google.com", "www.google.com", "mail.google.com"], | 
					
						
							|  |  |  |         ) | 
					
						
							|  |  |  |     arn = resp["CertificateArn"] | 
					
						
							| 
									
										
										
										
											2023-06-03 15:34:52 +00:00
										 |  |  |     assert arn != original_arn | 
					
						
							| 
									
										
										
										
											2021-10-14 21:43:10 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | @mock_acm | 
					
						
							|  |  |  | @mock_elb | 
					
						
							|  |  |  | def test_elb_acm_in_use_by(): | 
					
						
							|  |  |  |     acm_client = boto3.client("acm", region_name="us-west-2") | 
					
						
							|  |  |  |     elb_client = boto3.client("elb", region_name="us-west-2") | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     acm_request_response = acm_client.request_certificate( | 
					
						
							|  |  |  |         DomainName="fake.domain.com", | 
					
						
							|  |  |  |         DomainValidationOptions=[ | 
					
						
							|  |  |  |             {"DomainName": "fake.domain.com", "ValidationDomain": "domain.com"} | 
					
						
							|  |  |  |         ], | 
					
						
							|  |  |  |     ) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     certificate_arn = acm_request_response["CertificateArn"] | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     create_load_balancer_request = elb_client.create_load_balancer( | 
					
						
							| 
									
										
										
										
											2023-02-08 21:56:51 -01:00
										 |  |  |         LoadBalancerName=str(uuid.uuid4()), | 
					
						
							| 
									
										
										
										
											2021-10-14 21:43:10 +00:00
										 |  |  |         Listeners=[ | 
					
						
							|  |  |  |             { | 
					
						
							|  |  |  |                 "Protocol": "https", | 
					
						
							|  |  |  |                 "LoadBalancerPort": 443, | 
					
						
							|  |  |  |                 "InstanceProtocol": "http", | 
					
						
							|  |  |  |                 "InstancePort": 80, | 
					
						
							|  |  |  |                 "SSLCertificateId": certificate_arn, | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  |         ], | 
					
						
							|  |  |  |     ) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     response = acm_client.describe_certificate(CertificateArn=certificate_arn) | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-06-03 15:34:52 +00:00
										 |  |  |     assert response["Certificate"]["InUseBy"] == [ | 
					
						
							|  |  |  |         create_load_balancer_request["DNSName"] | 
					
						
							|  |  |  |     ] |