# Authors: # Rob Crittenden # # Copyright (C) 2009 Red Hat # see file 'COPYING' for use and warranty information # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . """ Test the `pkcs10.py` module. """ import os import sys import nose from tests.util import raises, PluginTester from ipalib import pkcs10 from ipapython import ipautil import nss.nss as nss from nss.error import NSPRError class test_update(object): """ Test the PKCS#10 Parser. """ def setUp(self): nss.nss_init_nodb() if ipautil.file_exists("test0.csr"): self.testdir="./" elif ipautil.file_exists("tests/test_pkcs10/test0.csr"): self.testdir= "./tests/test_pkcs10/" else: raise nose.SkipTest("Unable to find test update files") def read_file(self, filename): fp = open(self.testdir + filename, "r") data = fp.read() fp.close() return data def test_0(self): """ Test simple CSR with no attributes """ csr = self.read_file("test0.csr") request = pkcs10.load_certificate_request(csr) subject = pkcs10.get_subject(request) assert(subject.common_name == 'test.example.com') assert(subject.state_name == 'California') assert(subject.country_name == 'US') def test_1(self): """ Test CSR with subject alt name """ csr = self.read_file("test1.csr") request = pkcs10.load_certificate_request(csr) subject = pkcs10.get_subject(request) assert(subject.common_name == 'test.example.com') assert(subject.state_name == 'California') assert(subject.country_name == 'US') for extension in request.extensions: if extension.oid_tag == nss.SEC_OID_X509_SUBJECT_ALT_NAME: assert nss.x509_alt_name(extension.value)[0] == 'testlow.example.com' def test_2(self): """ Test CSR with subject alt name and a list of CRL distribution points """ csr = self.read_file("test2.csr") request = pkcs10.load_certificate_request(csr) subject = pkcs10.get_subject(request) assert(subject.common_name == 'test.example.com') assert(subject.state_name == 'California') assert(subject.country_name == 'US') for extension in request.extensions: if extension.oid_tag == nss.SEC_OID_X509_SUBJECT_ALT_NAME: assert nss.x509_alt_name(extension.value)[0] == 'testlow.example.com' if extension.oid_tag == nss.SEC_OID_X509_CRL_DIST_POINTS: pts = nss.CRLDistributionPts(extension.value) urls = pts[0].get_general_names() assert('http://ca.example.com/my.crl' in urls) assert('http://other.example.com/my.crl' in urls) def test_3(self): """ Test CSR with base64-encoded bogus data """ csr = self.read_file("test3.csr") try: request = pkcs10.load_certificate_request(csr) except NSPRError, nsprerr: # (SEC_ERROR_BAD_DER) security library: improperly formatted DER-encoded message. assert(nsprerr. errno== -8183) def test_4(self): """ Test CSR with badly formatted base64-encoded data """ csr = self.read_file("test4.csr") try: request = pkcs10.load_certificate_request(csr) except TypeError, typeerr: assert(str(typeerr) == 'Incorrect padding')