Merge pull request #3494 from open-formulieren/chore/move-certificate…

…-factory

Move certificate and zgw_consumers.Service factory

src/openforms/appointments/contrib/qmatic/tests/factories.py

@@ -1,7 +1,7 @@
 import factory
 from zgw_consumers.constants import APITypes
 
-from zgw_consumers_ext.factories import ServiceFactory as _ServiceFactory
+from zgw_consumers_ext.tests.factories import ServiceFactory as _ServiceFactory
 
 from ..models import QmaticConfig
 

src/openforms/appointments/contrib/qmatic/tests/test_client.py

@@ -1,24 +1,15 @@
-from pathlib import Path
-
-from django.conf import settings
-from django.core.files import File
 from django.test import TestCase, tag
 
 import requests_mock
 from privates.test import temp_private_root
 from simple_certmanager.constants import CertificateTypes
-from simple_certmanager.models import Certificate
 
 from openforms.utils.tests.logging import disable_logging
+from simple_certmanager_ext.tests.factories import CertificateFactory
 
 from ..client import QmaticClient
 from .utils import MockConfigMixin
 
-TEST_CERTS = Path(settings.BASE_DIR) / "src" / "zgw_consumers_ext" / "tests" / "data"
-
-CLIENT_CERTIFICATE = TEST_CERTS / "test.certificate"
-CLIENT_KEY = TEST_CERTS / "test.key"
-
 
 @temp_private_root()
 @tag("gh-3328")
@@ -31,20 +22,17 @@ class ClientMutualTLSTests(MockConfigMixin, TestCase):
     def setUpTestData(cls):
         super().setUpTestData()  # type: ignore
 
-        with CLIENT_CERTIFICATE.open("rb") as cert_file, CLIENT_KEY.open(
-            "rb"
-        ) as key_file:
-            cls.client_cert = Certificate.objects.create(
-                label="Gateway client certificate",
-                type=CertificateTypes.key_pair,
-                public_certificate=File(cert_file, "client.pem"),
-                private_key=File(key_file, "client_key.pem"),
-            )
-            cls.server_cert = Certificate.objects.create(
-                label="Gateway server certificate",
-                type=CertificateTypes.cert_only,
-                public_certificate=File(cert_file, "server.pem"),
-            )
+        cls.client_cert = CertificateFactory.create(
+            label="Gateway client certificate",
+            public_certificate__filename="client.pem",
+            with_private_key=True,
+            private_key__filename="client_key.pem",
+        )
+        cls.server_cert = CertificateFactory.create(
+            label="Gateway server certificate",
+            type=CertificateTypes.cert_only,
+            public_certificate__filename="server.pem",
+        )
 
         cls.service.client_certificate = cls.client_cert
         cls.service.server_certificate = cls.server_cert

src/openforms/authentication/contrib/digid/tests/data/Readme.md → src/openforms/authentication/contrib/digid/tests/data/README.md

@@ -10,8 +10,7 @@ openssl req -newkey rsa:4096 -x509 -sha256 -days 365 -nodes -out test.certificat
 
 The tests making use of these certificates are:
 
-- `src/openforms/authentication/contrib/digid/tests/test_auth_procedure.py`
-- `src/openforms/authentication/contrib/eherkenning/tests/test_auth.py`
+- `src/openforms/authentication/contrib/digid/tests/test_migrations.py`
 
 These tests will potentially start failing once the test certificate expires.
 
@@ -20,7 +19,8 @@ These tests will potentially start failing once the test certificate expires.
 The `our_certificate.pem` and `our_keys.pem` files are used by:
 
 - `src/openforms/authentication/contrib/digid/tests/test_signicat_integration.py`
-- `src/openforms/authentication/contrib/eherkenning/tests/test_signicat_integration.py`
 
-`signicate_metadata.xml` is used by
+These must be uploaded with Signicat for live (non-VCR) network communication.
+
+`signicat_metadata.xml` is used by
 `src/openforms/authentication/contrib/digid/tests/test_signicat_integration.py`.

src/openforms/authentication/contrib/digid/tests/test_auth_procedure.py

@@ -23,10 +23,11 @@
 from openforms.submissions.tests.factories import SubmissionFactory
 from openforms.submissions.tests.mixins import SubmissionsMixin
 from openforms.utils.tests.cache import clear_caches
+from simple_certmanager_ext.tests.factories import CertificateFactory
 
 from ....constants import CO_SIGN_PARAMETER, FORM_AUTH_SESSION_KEY, AuthAttribute
 from ....contrib.tests.saml_utils import create_test_artifact, get_artifact_response
-from .utils import TEST_FILES, make_certificate
+from .utils import TEST_FILES
 
 
 def _create_test_artifact() -> str:
@@ -48,13 +49,12 @@ class DigiDConfigMixin:
     def setUpTestData(cls):
         super().setUpTestData()
 
-        KEY = TEST_FILES / "test.key"
-        CERT = TEST_FILES / "test.certificate"
-        METADATA = TEST_FILES / "metadata.xml"
+        cert = CertificateFactory.create(label="DigiD", with_private_key=True)
 
-        cert = make_certificate(KEY, CERT)
+        METADATA = TEST_FILES / "metadata.xml"
 
         config = DigidConfiguration.get_solo()
+        assert isinstance(config, DigidConfiguration)
         config.certificate = cert
         config.base_url = "https://test-sp.nl"
         config.entity_id = "https://test-sp.nl"

src/openforms/authentication/contrib/digid/tests/test_signicat_integration.py

@@ -19,10 +19,11 @@
 from openforms.submissions.tokens import submission_resume_token_generator
 from openforms.utils.tests.cache import clear_caches
 from openforms.utils.tests.vcr import OFVCRMixin
+from simple_certmanager_ext.tests.factories import CertificateFactory
 
 from ....constants import FORM_AUTH_SESSION_KEY
 from ..constants import PLUGIN_ID
-from .utils import TEST_FILES, make_certificate
+from .utils import TEST_FILES
 
 KEY = TEST_FILES / "our_key.pem"
 CERT = TEST_FILES / "our_certificate.pem"
@@ -68,9 +69,16 @@ class SignicatDigiDIntegrationTests(OFVCRMixin, TestCase):
     @classmethod
     def setUpTestData(cls):
         super().setUpTestData()
-        cert = make_certificate(KEY, CERT)
+
+        cert = CertificateFactory.create(
+            label="DigiD",
+            with_private_key=True,
+            public_certificate__from_path=CERT,
+            private_key__from_path=KEY,
+        )
 
         config = DigidConfiguration.get_solo()
+        assert isinstance(config, DigidConfiguration)
         config.certificate = cert
         # broker insists using https
         config.base_url = config.entity_id = "https://localhost:8000"

src/openforms/authentication/contrib/digid/tests/utils.py

@@ -1,20 +1,3 @@
 from pathlib import Path
 
-from django.core.files import File
-
-from simple_certmanager.constants import CertificateTypes
-from simple_certmanager.models import Certificate
-
 TEST_FILES = Path(__file__).parent.resolve() / "data"
-
-
-def make_certificate(key_pem: Path, certificate_pem: Path, label="DigiD"):
-    with key_pem.open("rb") as key_file, certificate_pem.open("rb") as cert_file:
-        cert = Certificate(
-            label=label,
-            type=CertificateTypes.key_pair,
-            private_key=File(key_file, key_pem.name),
-            public_certificate=File(cert_file, certificate_pem.name),
-        )
-        cert.save()
-    return cert

src/openforms/authentication/contrib/eherkenning/tests/data/README.md

@@ -0,0 +1,26 @@
+# Test files for EHerkenning
+
+## Certificate and key
+
+The test.certificate and the test.key were generated using the following command:
+
+```bash
+openssl req -newkey rsa:4096 -x509 -sha256 -days 365 -nodes -out test.certificate -keyout test.key
+```
+
+The tests making use of these certificates are:
+
+- `src/openforms/authentication/contrib/eherkenning/tests/test_migrations.py`
+
+These tests will potentially start failing once the test certificate expires.
+
+## Signicat integration tests
+
+The `our_certificate.pem` and `our_keys.pem` files are used by:
+
+- `src/openforms/authentication/contrib/eherkenning/tests/test_signicat_integration.py`
+
+These must be uploaded with Signicat for live (non-VCR) network communication.
+
+`signicat_metadata.xml` is used by
+`src/openforms/authentication/contrib/eherkenning/tests/test_signicat_integration.py`.

src/openforms/authentication/contrib/eherkenning/tests/test_eherkenning_auth.py

@@ -16,14 +16,13 @@
 from furl import furl
 from lxml import etree
 from privates.test import temp_private_root
-from simple_certmanager.constants import CertificateTypes
-from simple_certmanager.models import Certificate
 
 from openforms.forms.tests.factories import FormFactory
 from openforms.submissions.tests.factories import SubmissionFactory
 from openforms.submissions.tests.mixins import SubmissionsMixin
 from openforms.tests.utils import supress_output
 from openforms.utils.tests.cache import clear_caches
+from simple_certmanager_ext.tests.factories import CertificateFactory
 
 from ....constants import CO_SIGN_PARAMETER, FORM_AUTH_SESSION_KEY, AuthAttribute
 from ....contrib.tests.saml_utils import (
@@ -43,20 +42,12 @@ class EHerkenningConfigMixin:
     def setUpTestData(cls):
         super().setUpTestData()
 
-        KEY = TEST_FILES / "test.key"
-        CERT = TEST_FILES / "test.certificate"
-        METADATA = TEST_FILES / "eherkenning-metadata.xml"
+        cert = CertificateFactory.create(label="eHerkenning", with_private_key=True)
 
-        with KEY.open("rb") as key_file, CERT.open("rb") as cert_file:
-            cert = Certificate(
-                label="eHerkenning",
-                type=CertificateTypes.key_pair,
-                private_key=File(key_file, KEY.name),
-                public_certificate=File(cert_file, CERT.name),
-            )
-            cert.save()
+        METADATA = TEST_FILES / "eherkenning-metadata.xml"
 
         config = EherkenningConfiguration.get_solo()
+        assert isinstance(config, EherkenningConfiguration)
         config.certificate = cert
         config.base_url = "https://test-sp.nl"
         config.entity_id = "urn:etoegang:DV:00000001111111111000:entities:9000"

src/openforms/authentication/contrib/eherkenning/tests/test_eidas_auth.py

@@ -15,14 +15,13 @@
 from furl import furl
 from lxml import etree
 from privates.test import temp_private_root
-from simple_certmanager.constants import CertificateTypes
-from simple_certmanager.models import Certificate
 
 from openforms.forms.tests.factories import FormFactory
 from openforms.submissions.tests.factories import SubmissionFactory
 from openforms.submissions.tests.mixins import SubmissionsMixin
 from openforms.tests.utils import supress_output
 from openforms.utils.tests.cache import clear_caches
+from simple_certmanager_ext.tests.factories import CertificateFactory
 
 from ....constants import CO_SIGN_PARAMETER, FORM_AUTH_SESSION_KEY, AuthAttribute
 from ....contrib.tests.saml_utils import (
@@ -42,20 +41,12 @@ class EIDASConfigMixin:
     def setUpTestData(cls):
         super().setUpTestData()
 
-        KEY = TEST_FILES / "test.key"
-        CERT = TEST_FILES / "test.certificate"
-        METADATA = TEST_FILES / "eherkenning-metadata.xml"
+        cert = CertificateFactory.create(label="eHerkenning", with_private_key=True)
 
-        with KEY.open("rb") as key_file, CERT.open("rb") as cert_file:
-            cert = Certificate(
-                label="eHerkenning",
-                type=CertificateTypes.key_pair,
-                private_key=File(key_file, KEY.name),
-                public_certificate=File(cert_file, CERT.name),
-            )
-            cert.save()
+        METADATA = TEST_FILES / "eherkenning-metadata.xml"
 
         config = EherkenningConfiguration.get_solo()
+        assert isinstance(config, EherkenningConfiguration)
         config.certificate = cert
         config.base_url = "https://test-sp.nl"
         config.entity_id = "urn:etoegang:DV:00000001111111111000:entities:9000"

src/openforms/authentication/contrib/eherkenning/tests/test_signicat_integration.py

@@ -19,9 +19,10 @@
 from openforms.submissions.tokens import submission_resume_token_generator
 from openforms.utils.tests.cache import clear_caches
 from openforms.utils.tests.vcr import OFVCRMixin
+from simple_certmanager_ext.tests.factories import CertificateFactory
 
 from ....constants import FORM_AUTH_SESSION_KEY
-from .utils import TEST_FILES, make_certificate
+from .utils import TEST_FILES
 
 PLUGIN_ID = "eherkenning"
 KEY = TEST_FILES / "our_key.pem"
@@ -69,9 +70,16 @@ class SignicatEHerkenningIntegrationTests(OFVCRMixin, TestCase):
     @classmethod
     def setUpTestData(cls):
         super().setUpTestData()
-        cert = make_certificate(KEY, CERT)
+
+        cert = CertificateFactory.create(
+            label="EHerkenning",
+            with_private_key=True,
+            public_certificate__from_path=CERT,
+            private_key__from_path=KEY,
+        )
 
         config = EherkenningConfiguration.get_solo()
+        assert isinstance(config, EherkenningConfiguration)
         config.certificate = cert
         config.idp_service_entity_id = SIGNICAT_BROKER_BASE / "sp/saml"
         # broker insists using https

src/openforms/authentication/contrib/eherkenning/tests/utils.py

@@ -1,20 +1,3 @@
 from pathlib import Path
 
-from django.core.files import File
-
-from simple_certmanager.constants import CertificateTypes
-from simple_certmanager.models import Certificate
-
 TEST_FILES = Path(__file__).parent.resolve() / "data"
-
-
-def make_certificate(key_pem: Path, certificate_pem: Path, label="EHerkenning"):
-    with key_pem.open("rb") as key_file, certificate_pem.open("rb") as cert_file:
-        cert = Certificate(
-            label=label,
-            type=CertificateTypes.key_pair,
-            private_key=File(key_file, key_pem.name),
-            public_certificate=File(cert_file, certificate_pem.name),
-        )
-        cert.save()
-    return cert

src/openforms/contrib/bag/tests/base.py

@@ -2,7 +2,7 @@
 import os
 
 from openforms.contrib.bag.models import BAGConfig
-from zgw_consumers_ext.factories import ServiceFactory
+from zgw_consumers_ext.tests.factories import ServiceFactory
 
 
 class BagTestMixin:

src/openforms/contrib/kvk/tests/base.py

@@ -2,7 +2,7 @@
 import os
 
 from openforms.contrib.kvk.models import KVKConfig
-from zgw_consumers_ext.factories import ServiceFactory
+from zgw_consumers_ext.tests.factories import ServiceFactory
 
 
 class KVKTestMixin:

src/openforms/formio/components/np_family_members/tests/test_family_members.py

@@ -18,7 +18,7 @@
 from soap.constants import EndpointType
 from stuf.stuf_bg.models import StufBGConfig
 from stuf.tests.factories import StufServiceFactory
-from zgw_consumers_ext.factories import ServiceFactory
+from zgw_consumers_ext.tests.factories import ServiceFactory
 
 from ..constants import FamilyMembersDataAPIChoices
 from ..haal_centraal import get_np_children_haal_centraal

src/openforms/forms/tests/variables/test_viewset.py

@@ -29,7 +29,7 @@
 )
 from openforms.variables.models import ServiceFetchConfiguration
 from openforms.variables.tests.factories import ServiceFetchConfigurationFactory
-from zgw_consumers_ext.factories import ServiceFactory
+from zgw_consumers_ext.tests.factories import ServiceFactory
 
 
 @override_settings(LANGUAGE_CODE="en")

src/openforms/pre_requests/tests/test_clients.py

@@ -6,7 +6,7 @@
 
 from openforms.prefill.contrib.haalcentraal.tests.utils import load_binary_mock
 from openforms.submissions.tests.factories import SubmissionFactory
-from zgw_consumers_ext.factories import ServiceFactory
+from zgw_consumers_ext.tests.factories import ServiceFactory
 
 from ..base import PreRequestHookBase
 from ..clients import PreRequestClientContext

src/openforms/prefill/contrib/haalcentraal/tests/test_client.py

@@ -9,7 +9,7 @@
 from zgw_consumers.models import Service
 from zgw_consumers.test import mock_service_oas_get
 
-from zgw_consumers_ext.factories import ServiceFactory
+from zgw_consumers_ext.tests.factories import ServiceFactory
 
 from ..constants import HaalCentraalVersion
 from ..models import HaalCentraalConfig

src/openforms/prefill/contrib/haalcentraal/tests/test_co_sign.py

@@ -9,7 +9,7 @@
 
 from openforms.prefill.contrib.haalcentraal.constants import HaalCentraalVersion
 from openforms.submissions.tests.factories import SubmissionFactory
-from zgw_consumers_ext.factories import ServiceFactory
+from zgw_consumers_ext.tests.factories import ServiceFactory
 
 from ....co_sign import add_co_sign_representation
 from ....models import PrefillConfig

src/openforms/prefill/contrib/haalcentraal/tests/test_config_check.py

@@ -10,7 +10,7 @@
 from zgw_consumers.test import mock_service_oas_get
 
 from openforms.plugins.exceptions import InvalidPluginConfiguration
-from zgw_consumers_ext.factories import ServiceFactory
+from zgw_consumers_ext.tests.factories import ServiceFactory
 
 from ....registry import register
 from ..constants import HaalCentraalVersion