openstack
/
anchor
Code Issues Proposed changes

Add mising extensions tests 

Fixes broken nameconstraints methods found in the process.

Change-Id: Iacc43b0a42416b0b9b5dac3c0c738c0a817261b1
This commit is contained in:
Stanisław Pitucha 2015-10-15 11:27:00 +11:00
parent 0aa96a9f59
commit 8b9d55f2b2
2 changed files with 35 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
anchor/X509/extension.py
View File

@ -367,8 +367,8 @@ class X509ExtensionNameConstraints(X509Extension):
@uses_ext_value
def get_permitted_name(self, n, ext_value=None):
return [(x.getName(), x.getComponent()) for x
in self._get_permitted(ext_value)[n]['base']]
name = self._get_permitted(ext_value)[n]['base']
return (name.getName(), name.getComponent())
@uses_ext_value
def get_permitted_range(self, n, ext_value=None):
@ -381,8 +381,8 @@ class X509ExtensionNameConstraints(X509Extension):
@uses_ext_value
def get_excluded_name(self, n, ext_value=None):
return [(x.getName(), x.getComponent()) for x
in self._get_excluded(ext_value)[n]['base']]
name = self._get_excluded(ext_value)[n]['base']
return (name.getName(), name.getComponent())
@uses_ext_value
def get_excluded_range(self, n, ext_value=None):
@ -425,13 +425,13 @@ class X509ExtensionExtendedKeyUsage(X509Extension):
@uses_ext_value
def get_usage(self, usage, ext_value=None):
if usage not in self._valid:
raise TypeError("usage not valid")
raise ValueError("usage not valid")
return (usage in ext_value)
@modifies_ext_value
def set_usage(self, usage, state, ext_value=None):
if usage not in self._valid:
raise TypeError("usage not valid")
raise ValueError("usage not valid")
if state:
if usage not in ext_value:

29
tests/X509/test_extension.py
View File

@ -17,6 +17,7 @@
import unittest
import netaddr
from pyasn1.codec.der import encoder
from pyasn1_modules import rfc2459 # X509v3
from anchor.X509 import errors
@ -62,6 +63,14 @@ class TestExtensionBase(unittest.TestCase):
ext.set_critical(True)
self.assertTrue(ext.get_critical())
def test_serialise(self):
asn1 = rfc2459.Extension()
asn1['extnID'] = rfc2459.univ.ObjectIdentifier('1.2.3.4')
asn1['critical'] = False
asn1['extnValue'] = "foobar"
ext = extension.construct_extension(asn1)
self.assertEqual(ext.as_der(), encoder.encode(asn1))
class TestBasicConstraints(unittest.TestCase):
def setUp(self):
@ -169,6 +178,18 @@ class TestNameConstraints(unittest.TestCase):
self.assertEqual(1, self.ext.get_permitted_length())
self.assertEqual(1, self.ext.get_excluded_length())
def test_excluded(self):
self.ext.add_excluded('dNSName', 'example.com')
self.assertEqual(self.ext.get_excluded_range(0), (0, None))
self.assertEqual(self.ext.get_excluded_name(0),
('dNSName', b'example.com'))
def test_permitted(self):
self.ext.add_permitted('dNSName', 'example.com')
self.assertEqual(self.ext.get_permitted_range(0), (0, None))
self.assertEqual(self.ext.get_permitted_name(0),
('dNSName', b'example.com'))
class TestExtendedKeyUsage(unittest.TestCase):
def setUp(self):
@ -192,6 +213,8 @@ class TestExtendedKeyUsage(unittest.TestCase):
self.assertEqual(1, len(self.ext.get_all_usages()))
self.ext.set_usage(rfc2459.id_kp_clientAuth, True)
self.assertEqual(1, len(self.ext.get_all_usages()))
self.ext.set_usage(rfc2459.id_kp_codeSigning, True)
self.assertEqual(2, len(self.ext.get_all_usages()))
def test_unset(self):
self.ext.set_usage(rfc2459.id_kp_clientAuth, True)
@ -206,3 +229,9 @@ class TestExtendedKeyUsage(unittest.TestCase):
self.assertEqual(
"extKeyUsage: TLS Web Client Authentication, Code Signing",
str(self.ext))
def test_invalid_usage(self):
self.assertRaises(ValueError, self.ext.get_usage,
rfc2459.univ.ObjectIdentifier('1.2.3.4'))
self.assertRaises(ValueError, self.ext.set_usage, True,
rfc2459.univ.ObjectIdentifier('1.2.3.4'))