commit 32ee70e89ef10dec03df2c34652e2dbaed814689
author chojoyce <chojoyce@google.com> Fri Feb 11 12:39:53 2022 +0800
committer JOYCE CHO <chojoyce@google.com> Fri Feb 11 08:43:04 2022 +0000
tree 7c0f45a25c97d65dab91ebccca2a00847e09e57f
parent 3db482482e586ffa5094bcf9bf19020823631825

Removes existing certificates when run mkcert install.

To avoid generating a wrong certificate chain (once previous mkcert generated certificates exist).

Bug: 214337220
Test: acloud create
Change-Id: I0e058c3612fe77c36d6a3faec9b2fbfbd5facb08

setup/host_setup_runner_test.py

diff --git a/setup/host_setup_runner_test.py b/setup/host_setup_runner_test.py
index c233094..d98466b 100644
--- a/setup/host_setup_runner_test.py
+++ b/setup/host_setup_runner_test.py
@@ -205,6 +205,7 @@
         self.Patch(mkcert, "Install")
         self.LocalCAHostSetup.Run()
         mkcert.Install.assert_called_once()
+        mkcert.Install.reset_mock()
 
         self.Patch(LocalCAHostSetup, "ShouldRun", return_value=False)
         self.LocalCAHostSetup.Run()
@@ -213,7 +214,7 @@
         self.Patch(utils, "GetUserAnswerYes", return_value=False)
         self.Patch(sys, "exit")
         self.LocalCAHostSetup.Run()
-        sys.exit.assert_called_once()
+        mkcert.Install.assert_not_called()
 
 
 if __name__ == "__main__":

setup/mkcert.py

diff --git a/setup/mkcert.py b/setup/mkcert.py
index 49a8fe3..42636b4 100644
--- a/setup/mkcert.py
+++ b/setup/mkcert.py
@@ -21,6 +21,7 @@
 import logging
 import os
 import platform
+import shutil
 
 from acloud.internal import constants
 from acloud.internal.lib import utils
@@ -81,18 +82,17 @@
     Returns:
         True when the Root SSL Certificates are generated and setup.
     """
-    if not os.path.isdir(_CERT_DIR):
-        os.mkdir(_CERT_DIR)
+    if os.path.isdir(_CERT_DIR):
+        shutil.rmtree(_CERT_DIR)
+    os.mkdir(_CERT_DIR)
 
     if os.path.exists(_TRUST_CA_PATH):
         UnInstall()
 
-    if not os.path.exists(_CA_KEY_PATH) or not os.path.exists(_CA_CRT_PATH):
-        utils.Popen(_CA_CMD, shell=True)
-    if not os.path.exists(_TRUST_CA_PATH):
-        utils.Popen(_TRUST_CA_COPY_CMD, shell=True)
-        utils.Popen(_UPDATE_TRUST_CA_CMD, shell=True)
-        utils.Popen(_TRUST_CHROME_CMD, shell=True)
+    utils.Popen(_CA_CMD, shell=True)
+    utils.Popen(_TRUST_CA_COPY_CMD, shell=True)
+    utils.Popen(_UPDATE_TRUST_CA_CMD, shell=True)
+    utils.Popen(_TRUST_CHROME_CMD, shell=True)
 
     return IsRootCAReady()
 

setup/mkcert_test.py

diff --git a/setup/mkcert_test.py b/setup/mkcert_test.py
index 6a88178..98872cf 100644
--- a/setup/mkcert_test.py
+++ b/setup/mkcert_test.py
@@ -14,6 +14,7 @@
 """Tests for mkcert."""
 import filecmp
 import os
+import shutil
 import unittest
 
 from acloud.internal.lib import driver_test_lib
@@ -33,16 +34,19 @@
         self.Patch(mkcert, "IsRootCAReady")
         self.Patch(mkcert, "UnInstall")
         self.Patch(utils, "Popen")
+        self.Patch(shutil, "rmtree")
         mkcert.Install()
-        os.mkdir.assert_called_once()
+        shutil.rmtree.assert_not_called()
+        mkcert.UnInstall.assert_not_called()
         self.assertEqual(4, utils.Popen.call_count)
         utils.Popen.reset_mock()
 
         self.Patch(os.path, "isdir", return_value=True)
         self.Patch(os.path, "exists", return_value=True)
         mkcert.Install()
+        shutil.rmtree.assert_called_once()
         mkcert.UnInstall.assert_called_once()
-        self.assertEqual(0, utils.Popen.call_count)
+        self.assertEqual(4, utils.Popen.call_count)
 
 
     def testAllocateLocalHostCert(self):