diff options
author | Rob Crittenden <rcritten@redhat.com> | 2009-11-24 16:07:44 -0500 |
---|---|---|
committer | Jason Gerard DeRose <jderose@redhat.com> | 2009-11-30 18:10:09 -0700 |
commit | ab1667f3c1607a22c6df49ceba58274347bc5826 (patch) | |
tree | bc2e6102d3d9cd103d2418ad5372e164e0e7533d /tests/test_pkcs10/test_pkcs10.py | |
parent | 7c2c2d6130648fb6dd7c0e52d802cc6eff39ef95 (diff) | |
download | freeipa-ab1667f3c1607a22c6df49ceba58274347bc5826.tar.gz freeipa-ab1667f3c1607a22c6df49ceba58274347bc5826.tar.xz freeipa-ab1667f3c1607a22c6df49ceba58274347bc5826.zip |
Use pyasn1-based PKCS#10 and X509v3 parsers instead of pyOpenSSL.
The pyOpenSSL PKCS#10 parser doesn't support attributes so we can't identify
requests with subject alt names.
Subject alt names are only allowed if:
- the host for the alt name exists in IPA
- if binding as host principal, the host is in the services managedBy attr
Diffstat (limited to 'tests/test_pkcs10/test_pkcs10.py')
-rw-r--r-- | tests/test_pkcs10/test_pkcs10.py | 119 |
1 files changed, 119 insertions, 0 deletions
diff --git a/tests/test_pkcs10/test_pkcs10.py b/tests/test_pkcs10/test_pkcs10.py new file mode 100644 index 000000000..66d205b96 --- /dev/null +++ b/tests/test_pkcs10/test_pkcs10.py @@ -0,0 +1,119 @@ +# Authors: +# Rob Crittenden <rcritten@redhat.com> +# +# Copyright (C) 2009 Red Hat +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation; version 2 only +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +""" +Test the `pkcs10.py` module. +""" + +import os +import sys +import nose +from tests.util import raises, PluginTester +from ipalib import pkcs10 +from ipapython import ipautil + +class test_update(object): + """ + Test the PKCS#10 Parser. + """ + + def setUp(self): + if ipautil.file_exists("test0.csr"): + self.testdir="./" + elif ipautil.file_exists("tests/test_pkcs10/test0.csr"): + self.testdir= "./tests/test_pkcs10/" + else: + raise nose.SkipTest("Unable to find test update files") + + def read_file(self, filename): + fp = open(self.testdir + filename, "r") + data = fp.read() + fp.close() + return data + + def test_0(self): + """ + Test simple CSR with no attributes + """ + csr = self.read_file("test0.csr") + request = pkcs10.load_certificate_request(csr) + + attributes = request.get_attributes() + subject = request.get_subject() + components = subject.get_components() + compdict = dict(components) + + assert(attributes == ()) + assert(compdict['CN'] == u'test.example.com') + assert(compdict['ST'] == u'California') + assert(compdict['C'] == u'US') + + def test_1(self): + """ + Test CSR with subject alt name + """ + csr = self.read_file("test1.csr") + request = pkcs10.load_certificate_request(csr) + + attributes = request.get_attributes() + subject = request.get_subject() + components = subject.get_components() + compdict = dict(components) + attrdict = dict(attributes) + + assert(compdict['CN'] == u'test.example.com') + assert(compdict['ST'] == u'California') + assert(compdict['C'] == u'US') + + extensions = attrdict['1.2.840.113549.1.9.14'] + + for ext in range(len(extensions)): + if extensions[ext][0] == '2.5.29.17': + names = extensions[ext][2] + # check the dNSName field + assert(names[2] == [u'testlow.example.com']) + + def test_2(self): + """ + Test CSR with subject alt name and a list of CRL distribution points + """ + csr = self.read_file("test2.csr") + request = pkcs10.load_certificate_request(csr) + + attributes = request.get_attributes() + subject = request.get_subject() + components = subject.get_components() + compdict = dict(components) + attrdict = dict(attributes) + + assert(compdict['CN'] == u'test.example.com') + assert(compdict['ST'] == u'California') + assert(compdict['C'] == u'US') + + extensions = attrdict['1.2.840.113549.1.9.14'] + + for ext in range(len(extensions)): + if extensions[ext][0] == '2.5.29.17': + names = extensions[ext][2] + # check the dNSName field + assert(names[2] == [u'testlow.example.com']) + if extensions[ext][0] == '2.5.29.31': + urls = extensions[ext][2] + assert(len(urls) == 2) + assert(urls[0] == u'http://ca.example.com/my.crl') + assert(urls[1] == u'http://other.example.com/my.crl') |