Use pyasn1-based PKCS#10 and X509v3 parsers instead of pyOpenSSL.

The pyOpenSSL PKCS#10 parser doesn't support attributes so we can't identify requests with subject alt names. Subject alt names are only allowed if: - the host for the alt name exists in IPA - if binding as host principal, the host is in the services managedBy attr
author: Rob Crittenden <rcritten@redhat.com> 2009-11-24 16:07:44 -0500
committer: Jason Gerard DeRose <jderose@redhat.com> 2009-11-30 18:10:09 -0700
commit: ab1667f3c1607a22c6df49ceba58274347bc5826 (patch)
tree: bc2e6102d3d9cd103d2418ad5372e164e0e7533d /tests/test_pkcs10/test_pkcs10.py
parent: 7c2c2d6130648fb6dd7c0e52d802cc6eff39ef95 (diff)
download: freeipa-ab1667f3c1607a22c6df49ceba58274347bc5826.tar.gz
freeipa-ab1667f3c1607a22c6df49ceba58274347bc5826.tar.xz
freeipa-ab1667f3c1607a22c6df49ceba58274347bc5826.zip
1 files changed, 119 insertions, 0 deletions
diff --git a/tests/test_pkcs10/test_pkcs10.py b/tests/test_pkcs10/test_pkcs10.py
new file mode 100644
index 000000000..66d205b96
--- /dev/null
+++ b/tests/test_pkcs10/test_pkcs10.py
@@ -0,0 +1,119 @@
+# Authors:
+#   Rob Crittenden <rcritten@redhat.com>
+#
+# Copyright (C) 2009  Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; version 2 only
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+"""
+Test the `pkcs10.py` module.
+"""
+
+import os
+import sys
+import nose
+from tests.util import raises, PluginTester
+from ipalib import pkcs10
+from ipapython import ipautil
+
+class test_update(object):
+    """
+    Test the PKCS#10 Parser.
+    """
+
+    def setUp(self):
+        if ipautil.file_exists("test0.csr"):
+            self.testdir="./"
+        elif ipautil.file_exists("tests/test_pkcs10/test0.csr"):
+            self.testdir= "./tests/test_pkcs10/"
+        else:
+            raise nose.SkipTest("Unable to find test update files")
+
+    def read_file(self, filename):
+        fp = open(self.testdir + filename, "r")
+        data = fp.read()
+        fp.close()
+        return data
+
+    def test_0(self):
+        """
+        Test simple CSR with no attributes
+        """
+        csr = self.read_file("test0.csr")
+        request = pkcs10.load_certificate_request(csr)
+
+        attributes = request.get_attributes()
+        subject = request.get_subject()
+        components = subject.get_components()
+        compdict = dict(components)
+
+        assert(attributes == ())
+        assert(compdict['CN'] == u'test.example.com')
+        assert(compdict['ST'] == u'California')
+        assert(compdict['C'] == u'US')
+
+    def test_1(self):
+        """
+        Test CSR with subject alt name
+        """
+        csr = self.read_file("test1.csr")
+        request = pkcs10.load_certificate_request(csr)
+
+        attributes = request.get_attributes()
+        subject = request.get_subject()
+        components = subject.get_components()
+        compdict = dict(components)
+        attrdict = dict(attributes)
+
+        assert(compdict['CN'] == u'test.example.com')
+        assert(compdict['ST'] == u'California')
+        assert(compdict['C'] == u'US')
+
+        extensions = attrdict['1.2.840.113549.1.9.14']
+
+        for ext in range(len(extensions)):
+            if extensions[ext][0] == '2.5.29.17':
+                names = extensions[ext][2]
+                # check the dNSName field
+                assert(names[2] == [u'testlow.example.com'])
+
+    def test_2(self):
+        """
+        Test CSR with subject alt name and a list of CRL distribution points
+        """
+        csr = self.read_file("test2.csr")
+        request = pkcs10.load_certificate_request(csr)
+
+        attributes = request.get_attributes()
+        subject = request.get_subject()
+        components = subject.get_components()
+        compdict = dict(components)
+        attrdict = dict(attributes)
+
+        assert(compdict['CN'] == u'test.example.com')
+        assert(compdict['ST'] == u'California')
+        assert(compdict['C'] == u'US')
+
+        extensions = attrdict['1.2.840.113549.1.9.14']
+
+        for ext in range(len(extensions)):
+            if extensions[ext][0] == '2.5.29.17':
+                names = extensions[ext][2]
+                # check the dNSName field
+                assert(names[2] == [u'testlow.example.com'])
+            if extensions[ext][0] == '2.5.29.31':
+                urls = extensions[ext][2]
+                assert(len(urls) == 2)
+                assert(urls[0] == u'http://ca.example.com/my.crl')
+                assert(urls[1] == u'http://other.example.com/my.crl')
author	Rob Crittenden <rcritten@redhat.com>	2009-11-24 16:07:44 -0500
committer	Jason Gerard DeRose <jderose@redhat.com>	2009-11-30 18:10:09 -0700
commit	ab1667f3c1607a22c6df49ceba58274347bc5826 (patch)
tree	bc2e6102d3d9cd103d2418ad5372e164e0e7533d /tests/test_pkcs10/test_pkcs10.py
parent	7c2c2d6130648fb6dd7c0e52d802cc6eff39ef95 (diff)
download	freeipa-ab1667f3c1607a22c6df49ceba58274347bc5826.tar.gz freeipa-ab1667f3c1607a22c6df49ceba58274347bc5826.tar.xz freeipa-ab1667f3c1607a22c6df49ceba58274347bc5826.zip