diff options
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/test_ipalib/test_x509.py | 12 | ||||
| -rw-r--r-- | tests/test_pkcs10/test3.csr | 3 | ||||
| -rw-r--r-- | tests/test_pkcs10/test4.csr | 4 | ||||
| -rw-r--r-- | tests/test_pkcs10/test5.csr | 20 | ||||
| -rw-r--r-- | tests/test_pkcs10/test_pkcs10.py | 95 |
5 files changed, 83 insertions, 51 deletions
diff --git a/tests/test_ipalib/test_x509.py b/tests/test_ipalib/test_x509.py index 50e827caf..ca21e28cb 100644 --- a/tests/test_ipalib/test_x509.py +++ b/tests/test_ipalib/test_x509.py @@ -92,18 +92,18 @@ class test_x509(object): Test retrieving the subject """ subject = x509.get_subject(goodcert) - assert subject == 'CN=ipa.example.com,O=IPA' + assert str(subject) == 'CN=ipa.example.com,O=IPA' der = base64.b64decode(goodcert) subject = x509.get_subject(der, x509.DER) - assert subject == 'CN=ipa.example.com,O=IPA' + assert str(subject) == 'CN=ipa.example.com,O=IPA' # We should be able to pass in a tuple/list of certs too subject = x509.get_subject((goodcert)) - assert subject == 'CN=ipa.example.com,O=IPA' + assert str(subject) == 'CN=ipa.example.com,O=IPA' subject = x509.get_subject([goodcert]) - assert subject == 'CN=ipa.example.com,O=IPA' + assert str(subject) == 'CN=ipa.example.com,O=IPA' def test_2_get_serial_number(self): """ @@ -132,8 +132,8 @@ class test_x509(object): cert = x509.load_certificate(goodcert) - assert cert.subject == 'CN=ipa.example.com,O=IPA' - assert cert.issuer == 'CN=IPA Test Certificate Authority' + assert str(cert.subject) == 'CN=ipa.example.com,O=IPA' + assert str(cert.issuer) == 'CN=IPA Test Certificate Authority' assert cert.serial_number == 1093 assert cert.valid_not_before_str == 'Fri Jun 25 13:00:42 2010 UTC' assert cert.valid_not_after_str == 'Thu Jun 25 13:00:42 2015 UTC' diff --git a/tests/test_pkcs10/test3.csr b/tests/test_pkcs10/test3.csr new file mode 100644 index 000000000..82c84d154 --- /dev/null +++ b/tests/test_pkcs10/test3.csr @@ -0,0 +1,3 @@ +-----BEGIN NEW CERTIFICATE REQUEST----- +VGhpcyBpcyBhbiBpbnZhbGlkIENTUg== +-----END NEW CERTIFICATE REQUEST----- diff --git a/tests/test_pkcs10/test4.csr b/tests/test_pkcs10/test4.csr new file mode 100644 index 000000000..9f08b802b --- /dev/null +++ b/tests/test_pkcs10/test4.csr @@ -0,0 +1,4 @@ +-----BEGIN NEW CERTIFICATE REQUEST----- +Invalidate data +-----END NEW CERTIFICATE REQUEST----- + diff --git a/tests/test_pkcs10/test5.csr b/tests/test_pkcs10/test5.csr new file mode 100644 index 000000000..41c3c1f3d --- /dev/null +++ b/tests/test_pkcs10/test5.csr @@ -0,0 +1,20 @@ + +Certificate request generated by Netscape certutil +Phone: (not specified) + +Common Name: test.example.com +Email: (not specified) +Organization: IPA +State: (not specified) +Country: (not specified) + +-----BEGIN NEW CERTIFICATE REQUEST----- +MIIBaDCB0gIBADApMQwwCgYDVQQKEwNJUEExGTAXBgNVBAMTEHRlc3QuZXhhbXBs
+ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPnSCLwl7IytP2HC7+zv
+nI2fe6oRCE/J8K1jIoiqS9engx3Yfe4kaXWWzcwmuUV57VhUmWDEQIbSREPdrVSi
+tWC55ilGmPOAEw+mP4qg6Ctb+d8Egmy1JVrpIYCLNXvEd3dAaimB0J+K3hKFRyHI
+2MzrIuFqqohRijkDLwB8oVVdAgMBAAGgADANBgkqhkiG9w0BAQUFAAOBgQACt37K
+j+RMEbqG8s0Uxs3FhcfiAx8Do99CDizY/b7hZEgMyG4dLmm+vSCBbxBrG5oMlxJD
+dxnpk0PQSknNkJVrCS/J1OTpOPRTi4VKATT3tHJAfDbWZTwcSelUCLQ4lREiuT3D
+WP4vKrLIxDJDb+/mwuV7WWo34E6MD9iTB1xINg== +-----END NEW CERTIFICATE REQUEST----- diff --git a/tests/test_pkcs10/test_pkcs10.py b/tests/test_pkcs10/test_pkcs10.py index 66d205b96..4c8ba1366 100644 --- a/tests/test_pkcs10/test_pkcs10.py +++ b/tests/test_pkcs10/test_pkcs10.py @@ -26,6 +26,8 @@ import nose from tests.util import raises, PluginTester from ipalib import pkcs10 from ipapython import ipautil +import nss.nss as nss +from nss.error import NSPRError class test_update(object): """ @@ -33,6 +35,7 @@ class test_update(object): """ def setUp(self): + nss.nss_init_nodb() if ipautil.file_exists("test0.csr"): self.testdir="./" elif ipautil.file_exists("tests/test_pkcs10/test0.csr"): @@ -53,15 +56,11 @@ class test_update(object): csr = self.read_file("test0.csr") request = pkcs10.load_certificate_request(csr) - attributes = request.get_attributes() - subject = request.get_subject() - components = subject.get_components() - compdict = dict(components) + subject = pkcs10.get_subject(request) - assert(attributes == ()) - assert(compdict['CN'] == u'test.example.com') - assert(compdict['ST'] == u'California') - assert(compdict['C'] == u'US') + assert(subject.common_name == 'test.example.com') + assert(subject.state_name == 'California') + assert(subject.country_name == 'US') def test_1(self): """ @@ -70,23 +69,15 @@ class test_update(object): csr = self.read_file("test1.csr") request = pkcs10.load_certificate_request(csr) - attributes = request.get_attributes() - subject = request.get_subject() - components = subject.get_components() - compdict = dict(components) - attrdict = dict(attributes) + subject = pkcs10.get_subject(request) - assert(compdict['CN'] == u'test.example.com') - assert(compdict['ST'] == u'California') - assert(compdict['C'] == u'US') + assert(subject.common_name == 'test.example.com') + assert(subject.state_name == 'California') + assert(subject.country_name == 'US') - extensions = attrdict['1.2.840.113549.1.9.14'] - - for ext in range(len(extensions)): - if extensions[ext][0] == '2.5.29.17': - names = extensions[ext][2] - # check the dNSName field - assert(names[2] == [u'testlow.example.com']) + for extension in request.extensions: + if extension.oid_tag == nss.SEC_OID_X509_SUBJECT_ALT_NAME: + assert nss.x509_alt_name(extension.value)[0] == 'testlow.example.com' def test_2(self): """ @@ -95,25 +86,39 @@ class test_update(object): csr = self.read_file("test2.csr") request = pkcs10.load_certificate_request(csr) - attributes = request.get_attributes() - subject = request.get_subject() - components = subject.get_components() - compdict = dict(components) - attrdict = dict(attributes) - - assert(compdict['CN'] == u'test.example.com') - assert(compdict['ST'] == u'California') - assert(compdict['C'] == u'US') - - extensions = attrdict['1.2.840.113549.1.9.14'] - - for ext in range(len(extensions)): - if extensions[ext][0] == '2.5.29.17': - names = extensions[ext][2] - # check the dNSName field - assert(names[2] == [u'testlow.example.com']) - if extensions[ext][0] == '2.5.29.31': - urls = extensions[ext][2] - assert(len(urls) == 2) - assert(urls[0] == u'http://ca.example.com/my.crl') - assert(urls[1] == u'http://other.example.com/my.crl') + subject = pkcs10.get_subject(request) + + assert(subject.common_name == 'test.example.com') + assert(subject.state_name == 'California') + assert(subject.country_name == 'US') + + for extension in request.extensions: + if extension.oid_tag == nss.SEC_OID_X509_SUBJECT_ALT_NAME: + assert nss.x509_alt_name(extension.value)[0] == 'testlow.example.com' + if extension.oid_tag == nss.SEC_OID_X509_CRL_DIST_POINTS: + pts = nss.CRLDistributionPts(extension.value) + urls = pts[0].get_general_names() + assert('http://ca.example.com/my.crl' in urls) + assert('http://other.example.com/my.crl' in urls) + + def test_3(self): + """ + Test CSR with base64-encoded bogus data + """ + csr = self.read_file("test3.csr") + + try: + request = pkcs10.load_certificate_request(csr) + except NSPRError, nsprerr: + # (SEC_ERROR_BAD_DER) security library: improperly formatted DER-encoded message. + assert(nsprerr. errno== -8183) + + def test_4(self): + """ + Test CSR with badly formatted base64-encoded data + """ + csr = self.read_file("test4.csr") + try: + request = pkcs10.load_certificate_request(csr) + except TypeError, typeerr: + assert(str(typeerr) == 'Incorrect padding') |