IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2024-12-26 00:41:25 -06:00
Code Issues Packages Projects Releases Wiki Activity
b0a61ab953
freeipa/ipatests/test_pkcs10/test_pkcs10.py
Jan Cholasta d5e35f92a5 Update pkcs10 module functions to always load CSRs and allow selecting format. 
This change makes the pkcs10 module more consistent with the x509 module.

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
2014-03-25 16:54:55 +01:00

124 lines
4.0 KiB
Python
Raw Blame History

# Authors:
# Rob Crittenden <rcritten@redhat.com>
#
# Copyright (C) 2009 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
"""
Test the `pkcs10.py` module.
"""
import os
import sys
import nose
from ipatests.util import raises, PluginTester
from ipalib import pkcs10
from ipapython import ipautil
import nss.nss as nss
from nss.error import NSPRError
class test_update(object):
"""
Test the PKCS#10 Parser.
"""
def setUp(self):
nss.nss_init_nodb()
if ipautil.file_exists("test0.csr"):
self.testdir="./"
elif ipautil.file_exists("ipatests/test_pkcs10/test0.csr"):
self.testdir= "./ipatests/test_pkcs10/"
else:
raise nose.SkipTest("Unable to find test update files")
def read_file(self, filename):
fp = open(self.testdir + filename, "r")
data = fp.read()
fp.close()
return data
def test_0(self):
"""
Test simple CSR with no attributes
"""
csr = self.read_file("test0.csr")
subject = pkcs10.get_subject(csr)
assert(subject.common_name == 'test.example.com')
assert(subject.state_name == 'California')
assert(subject.country_name == 'US')
def test_1(self):
"""
Test CSR with subject alt name
"""
csr = self.read_file("test1.csr")
request = pkcs10.load_certificate_request(csr)
subject = request.subject
assert(subject.common_name == 'test.example.com')
assert(subject.state_name == 'California')
assert(subject.country_name == 'US')
for extension in request.extensions:
if extension.oid_tag == nss.SEC_OID_X509_SUBJECT_ALT_NAME:
assert nss.x509_alt_name(extension.value)[0] == 'testlow.example.com'
def test_2(self):
"""
Test CSR with subject alt name and a list of CRL distribution points
"""
csr = self.read_file("test2.csr")
request = pkcs10.load_certificate_request(csr)
subject = request.subject
assert(subject.common_name == 'test.example.com')
assert(subject.state_name == 'California')
assert(subject.country_name == 'US')
for extension in request.extensions:
if extension.oid_tag == nss.SEC_OID_X509_SUBJECT_ALT_NAME:
assert nss.x509_alt_name(extension.value)[0] == 'testlow.example.com'
if extension.oid_tag == nss.SEC_OID_X509_CRL_DIST_POINTS:
pts = nss.CRLDistributionPts(extension.value)
urls = pts[0].get_general_names()
assert('http://ca.example.com/my.crl' in urls)
assert('http://other.example.com/my.crl' in urls)
def test_3(self):
"""
Test CSR with base64-encoded bogus data
"""
csr = self.read_file("test3.csr")
try:
request = pkcs10.load_certificate_request(csr)
except NSPRError, nsprerr:
# (SEC_ERROR_BAD_DER) security library: improperly formatted DER-encoded message.
assert(nsprerr. errno== -8183)
def test_4(self):
"""
Test CSR with badly formatted base64-encoded data
"""
csr = self.read_file("test4.csr")
try:
request = pkcs10.load_certificate_request(csr)
except TypeError, typeerr:
assert(str(typeerr) == 'Incorrect padding')
Reference in New Issue View Git Blame Copy Permalink