Handle missing CA better

Change-Id: I6fdbf15141d0bc2b3d56ac8a368769f8f492b995
2016-02-19 13:58:18 +11:00 · 2016-02-19 13:58:18 +11:00 · bc7d311806
commit bc7d311806
parent 8dad1687a5
2 changed files with 16 additions and 2 deletions
--- a/anchor/certificate_ops.py
+++ b/anchor/certificate_ops.py
@ -113,8 +113,11 @@ def get_ca(ra_name):
    if not ca_path:
        pecan.abort(404, "CA certificate not available")

-    with open(ca_path) as f:
-        return f.read()
+    try:
+        with open(ca_path) as f:
+            return f.read()
+    except IOError:
+        pecan.abort(500, "CA certificate not available")


 def dispatch_sign(ra_name, csr):
--- a/tests/test_certificate_ops.py
+++ b/tests/test_certificate_ops.py
@ -135,3 +135,14 @@ class CertificateOpsTests(tests.DefaultConfigMixin, tests.DefaultRequestMixin,
            with self.assertRaises(http_status.HTTPException) as cm:
                certificate_ops.dispatch_sign('default_ra', csr_obj)
        self.assertEqual(cm.exception.code, 500)
+
+    def test_ca_cert_not_configured(self):
+        """Test CA cert read failure."""
+        config = "anchor.jsonloader.conf._config"
+        self.sample_conf_ca['default_ca']['cert_path'] = None
+        data = self.sample_conf
+
+        with mock.patch.dict(config, data):
+            with self.assertRaises(http_status.HTTPException) as cm:
+                certificate_ops.get_ca('default_ra')
+        self.assertEqual(cm.exception.code, 404)