summaryrefslogtreecommitdiffstats
path: root/tests
diff options
context:
space:
mode:
Diffstat (limited to 'tests')
-rw-r--r--tests/test_ipalib/test_x509.py12
-rw-r--r--tests/test_pkcs10/test3.csr3
-rw-r--r--tests/test_pkcs10/test4.csr4
-rw-r--r--tests/test_pkcs10/test5.csr20
-rw-r--r--tests/test_pkcs10/test_pkcs10.py95
5 files changed, 83 insertions, 51 deletions
diff --git a/tests/test_ipalib/test_x509.py b/tests/test_ipalib/test_x509.py
index 50e827caf..ca21e28cb 100644
--- a/tests/test_ipalib/test_x509.py
+++ b/tests/test_ipalib/test_x509.py
@@ -92,18 +92,18 @@ class test_x509(object):
Test retrieving the subject
"""
subject = x509.get_subject(goodcert)
- assert subject == 'CN=ipa.example.com,O=IPA'
+ assert str(subject) == 'CN=ipa.example.com,O=IPA'
der = base64.b64decode(goodcert)
subject = x509.get_subject(der, x509.DER)
- assert subject == 'CN=ipa.example.com,O=IPA'
+ assert str(subject) == 'CN=ipa.example.com,O=IPA'
# We should be able to pass in a tuple/list of certs too
subject = x509.get_subject((goodcert))
- assert subject == 'CN=ipa.example.com,O=IPA'
+ assert str(subject) == 'CN=ipa.example.com,O=IPA'
subject = x509.get_subject([goodcert])
- assert subject == 'CN=ipa.example.com,O=IPA'
+ assert str(subject) == 'CN=ipa.example.com,O=IPA'
def test_2_get_serial_number(self):
"""
@@ -132,8 +132,8 @@ class test_x509(object):
cert = x509.load_certificate(goodcert)
- assert cert.subject == 'CN=ipa.example.com,O=IPA'
- assert cert.issuer == 'CN=IPA Test Certificate Authority'
+ assert str(cert.subject) == 'CN=ipa.example.com,O=IPA'
+ assert str(cert.issuer) == 'CN=IPA Test Certificate Authority'
assert cert.serial_number == 1093
assert cert.valid_not_before_str == 'Fri Jun 25 13:00:42 2010 UTC'
assert cert.valid_not_after_str == 'Thu Jun 25 13:00:42 2015 UTC'
diff --git a/tests/test_pkcs10/test3.csr b/tests/test_pkcs10/test3.csr
new file mode 100644
index 000000000..82c84d154
--- /dev/null
+++ b/tests/test_pkcs10/test3.csr
@@ -0,0 +1,3 @@
+-----BEGIN NEW CERTIFICATE REQUEST-----
+VGhpcyBpcyBhbiBpbnZhbGlkIENTUg==
+-----END NEW CERTIFICATE REQUEST-----
diff --git a/tests/test_pkcs10/test4.csr b/tests/test_pkcs10/test4.csr
new file mode 100644
index 000000000..9f08b802b
--- /dev/null
+++ b/tests/test_pkcs10/test4.csr
@@ -0,0 +1,4 @@
+-----BEGIN NEW CERTIFICATE REQUEST-----
+Invalidate data
+-----END NEW CERTIFICATE REQUEST-----
+
diff --git a/tests/test_pkcs10/test5.csr b/tests/test_pkcs10/test5.csr
new file mode 100644
index 000000000..41c3c1f3d
--- /dev/null
+++ b/tests/test_pkcs10/test5.csr
@@ -0,0 +1,20 @@
+
+Certificate request generated by Netscape certutil
+Phone: (not specified)
+
+Common Name: test.example.com
+Email: (not specified)
+Organization: IPA
+State: (not specified)
+Country: (not specified)
+
+-----BEGIN NEW CERTIFICATE REQUEST-----
+MIIBaDCB0gIBADApMQwwCgYDVQQKEwNJUEExGTAXBgNVBAMTEHRlc3QuZXhhbXBs
+ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPnSCLwl7IytP2HC7+zv
+nI2fe6oRCE/J8K1jIoiqS9engx3Yfe4kaXWWzcwmuUV57VhUmWDEQIbSREPdrVSi
+tWC55ilGmPOAEw+mP4qg6Ctb+d8Egmy1JVrpIYCLNXvEd3dAaimB0J+K3hKFRyHI
+2MzrIuFqqohRijkDLwB8oVVdAgMBAAGgADANBgkqhkiG9w0BAQUFAAOBgQACt37K
+j+RMEbqG8s0Uxs3FhcfiAx8Do99CDizY/b7hZEgMyG4dLmm+vSCBbxBrG5oMlxJD
+dxnpk0PQSknNkJVrCS/J1OTpOPRTi4VKATT3tHJAfDbWZTwcSelUCLQ4lREiuT3D
+WP4vKrLIxDJDb+/mwuV7WWo34E6MD9iTB1xINg==
+-----END NEW CERTIFICATE REQUEST-----
diff --git a/tests/test_pkcs10/test_pkcs10.py b/tests/test_pkcs10/test_pkcs10.py
index 66d205b96..4c8ba1366 100644
--- a/tests/test_pkcs10/test_pkcs10.py
+++ b/tests/test_pkcs10/test_pkcs10.py
@@ -26,6 +26,8 @@ import nose
from tests.util import raises, PluginTester
from ipalib import pkcs10
from ipapython import ipautil
+import nss.nss as nss
+from nss.error import NSPRError
class test_update(object):
"""
@@ -33,6 +35,7 @@ class test_update(object):
"""
def setUp(self):
+ nss.nss_init_nodb()
if ipautil.file_exists("test0.csr"):
self.testdir="./"
elif ipautil.file_exists("tests/test_pkcs10/test0.csr"):
@@ -53,15 +56,11 @@ class test_update(object):
csr = self.read_file("test0.csr")
request = pkcs10.load_certificate_request(csr)
- attributes = request.get_attributes()
- subject = request.get_subject()
- components = subject.get_components()
- compdict = dict(components)
+ subject = pkcs10.get_subject(request)
- assert(attributes == ())
- assert(compdict['CN'] == u'test.example.com')
- assert(compdict['ST'] == u'California')
- assert(compdict['C'] == u'US')
+ assert(subject.common_name == 'test.example.com')
+ assert(subject.state_name == 'California')
+ assert(subject.country_name == 'US')
def test_1(self):
"""
@@ -70,23 +69,15 @@ class test_update(object):
csr = self.read_file("test1.csr")
request = pkcs10.load_certificate_request(csr)
- attributes = request.get_attributes()
- subject = request.get_subject()
- components = subject.get_components()
- compdict = dict(components)
- attrdict = dict(attributes)
+ subject = pkcs10.get_subject(request)
- assert(compdict['CN'] == u'test.example.com')
- assert(compdict['ST'] == u'California')
- assert(compdict['C'] == u'US')
+ assert(subject.common_name == 'test.example.com')
+ assert(subject.state_name == 'California')
+ assert(subject.country_name == 'US')
- extensions = attrdict['1.2.840.113549.1.9.14']
-
- for ext in range(len(extensions)):
- if extensions[ext][0] == '2.5.29.17':
- names = extensions[ext][2]
- # check the dNSName field
- assert(names[2] == [u'testlow.example.com'])
+ for extension in request.extensions:
+ if extension.oid_tag == nss.SEC_OID_X509_SUBJECT_ALT_NAME:
+ assert nss.x509_alt_name(extension.value)[0] == 'testlow.example.com'
def test_2(self):
"""
@@ -95,25 +86,39 @@ class test_update(object):
csr = self.read_file("test2.csr")
request = pkcs10.load_certificate_request(csr)
- attributes = request.get_attributes()
- subject = request.get_subject()
- components = subject.get_components()
- compdict = dict(components)
- attrdict = dict(attributes)
-
- assert(compdict['CN'] == u'test.example.com')
- assert(compdict['ST'] == u'California')
- assert(compdict['C'] == u'US')
-
- extensions = attrdict['1.2.840.113549.1.9.14']
-
- for ext in range(len(extensions)):
- if extensions[ext][0] == '2.5.29.17':
- names = extensions[ext][2]
- # check the dNSName field
- assert(names[2] == [u'testlow.example.com'])
- if extensions[ext][0] == '2.5.29.31':
- urls = extensions[ext][2]
- assert(len(urls) == 2)
- assert(urls[0] == u'http://ca.example.com/my.crl')
- assert(urls[1] == u'http://other.example.com/my.crl')
+ subject = pkcs10.get_subject(request)
+
+ assert(subject.common_name == 'test.example.com')
+ assert(subject.state_name == 'California')
+ assert(subject.country_name == 'US')
+
+ for extension in request.extensions:
+ if extension.oid_tag == nss.SEC_OID_X509_SUBJECT_ALT_NAME:
+ assert nss.x509_alt_name(extension.value)[0] == 'testlow.example.com'
+ if extension.oid_tag == nss.SEC_OID_X509_CRL_DIST_POINTS:
+ pts = nss.CRLDistributionPts(extension.value)
+ urls = pts[0].get_general_names()
+ assert('http://ca.example.com/my.crl' in urls)
+ assert('http://other.example.com/my.crl' in urls)
+
+ def test_3(self):
+ """
+ Test CSR with base64-encoded bogus data
+ """
+ csr = self.read_file("test3.csr")
+
+ try:
+ request = pkcs10.load_certificate_request(csr)
+ except NSPRError, nsprerr:
+ # (SEC_ERROR_BAD_DER) security library: improperly formatted DER-encoded message.
+ assert(nsprerr. errno== -8183)
+
+ def test_4(self):
+ """
+ Test CSR with badly formatted base64-encoded data
+ """
+ csr = self.read_file("test4.csr")
+ try:
+ request = pkcs10.load_certificate_request(csr)
+ except TypeError, typeerr:
+ assert(str(typeerr) == 'Incorrect padding')