Merge "Use only one test request"
This commit is contained in:
commit
a66bb3b404
|
@ -26,24 +26,10 @@ from anchor.X509 import extension
|
|||
from anchor.X509 import name as x509_name
|
||||
from anchor.X509 import signing_request
|
||||
from anchor.X509 import utils
|
||||
import tests
|
||||
|
||||
|
||||
class TestX509Csr(unittest.TestCase):
|
||||
csr_data = textwrap.dedent(u"""
|
||||
-----BEGIN CERTIFICATE REQUEST-----
|
||||
MIIB/jCCAWcCAQAwgZQxCzAJBgNVBAYTAlVLMQ8wDQYDVQQIDAZOYXJuaWExEjAQ
|
||||
BgNVBAcMCUZ1bmt5dG93bjEXMBUGA1UECgwOQW5jaG9yIFRlc3RpbmcxEDAOBgNV
|
||||
BAsMB3Rlc3RpbmcxFDASBgNVBAMMC2FuY2hvci50ZXN0MR8wHQYJKoZIhvcNAQkB
|
||||
FhB0ZXN0QGFuY2hvci50ZXN0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCe
|
||||
eqg1Qeccv8hqj1BP9KEJX5QsFCxR62M8plPb5t4sLo8UYfZd6kFLcOP8xzwwvx/e
|
||||
FY6Sux52enQ197o8aMwyP77hMhZqtd8NCgLJMVlUbRhwLti0SkHFPic0wAg+esfX
|
||||
a6yhd5TxC+bti7MgV/ljA80XQxHH8xOjdOoGN0DHfQIDAQABoCkwJwYJKoZIhvcN
|
||||
AQkOMRowGDAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DANBgkqhkiG9w0BAQsFAAOB
|
||||
gQA+6qIFRsgkGFgeLvl+Jt3/mfAkkUTes0r4Kh+vPpuzzthEEafaVFRqA0UI+opN
|
||||
QwNMvjwkS4hTZZFlvQJLCUOzKIOkTcvCu1WIUvkA9vfnvz6orw2dU9A6Rj6hU/Bd
|
||||
vXaHXDbliCzG9yPHrLk5VQpy3HODjyfQMdhday2n1Q4P3Q==
|
||||
-----END CERTIFICATE REQUEST-----""")
|
||||
|
||||
class TestX509Csr(tests.DefaultRequestMixin, unittest.TestCase):
|
||||
key_rsa_data = textwrap.dedent("""
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIICXAIBAAKBgQCeeqg1Qeccv8hqj1BP9KEJX5QsFCxR62M8plPb5t4sLo8UYfZd
|
||||
|
@ -63,7 +49,7 @@ class TestX509Csr(unittest.TestCase):
|
|||
|
||||
def setUp(self):
|
||||
super(TestX509Csr, self).setUp()
|
||||
self.csr = signing_request.X509Csr.from_buffer(TestX509Csr.csr_data)
|
||||
self.csr = signing_request.X509Csr.from_buffer(TestX509Csr.csr_sample)
|
||||
|
||||
def tearDown(self):
|
||||
pass
|
||||
|
@ -76,12 +62,12 @@ class TestX509Csr(unittest.TestCase):
|
|||
def test_get_extensions(self):
|
||||
exts = self.csr.get_extensions()
|
||||
self.assertEqual(len(exts), 2)
|
||||
self.assertFalse(exts[0].get_ca())
|
||||
self.assertIsNone(exts[0].get_path_len_constraint())
|
||||
self.assertTrue(exts[1].get_usage('digitalSignature'))
|
||||
self.assertTrue(exts[1].get_usage('nonRepudiation'))
|
||||
self.assertTrue(exts[1].get_usage('keyEncipherment'))
|
||||
self.assertFalse(exts[1].get_usage('cRLSign'))
|
||||
self.assertFalse(exts[1].get_ca())
|
||||
self.assertIsNone(exts[1].get_path_len_constraint())
|
||||
self.assertTrue(exts[0].get_usage('digitalSignature'))
|
||||
self.assertTrue(exts[0].get_usage('nonRepudiation'))
|
||||
self.assertTrue(exts[0].get_usage('keyEncipherment'))
|
||||
self.assertFalse(exts[0].get_usage('cRLSign'))
|
||||
|
||||
def test_add_extension(self):
|
||||
csr = signing_request.X509Csr()
|
||||
|
@ -101,7 +87,7 @@ class TestX509Csr(unittest.TestCase):
|
|||
|
||||
def test_read_from_file(self):
|
||||
open_name = 'anchor.X509.signing_request.open'
|
||||
f = io.StringIO(TestX509Csr.csr_data)
|
||||
f = io.StringIO(self.csr_sample)
|
||||
with mock.patch(open_name, create=True) as mock_open:
|
||||
mock_open.return_value = f
|
||||
csr = signing_request.X509Csr.from_file("some_path")
|
||||
|
@ -160,20 +146,20 @@ class TestX509Csr(unittest.TestCase):
|
|||
entries = name.get_entries_by_oid(x509_name.OID_commonName)
|
||||
self.assertEqual(len(entries), 1)
|
||||
self.assertEqual(entries[0].get_name(), "commonName")
|
||||
self.assertEqual(entries[0].get_value(), "anchor.test")
|
||||
self.assertEqual(entries[0].get_value(), self.csr_sample_cn)
|
||||
|
||||
def test_get_subject_emailAddress(self):
|
||||
name = self.csr.get_subject()
|
||||
entries = name.get_entries_by_oid(x509_name.OID_pkcs9_emailAddress)
|
||||
self.assertEqual(len(entries), 1)
|
||||
self.assertEqual(entries[0].get_name(), "emailAddress")
|
||||
self.assertEqual(entries[0].get_value(), "test@anchor.test")
|
||||
self.assertEqual(entries[0].get_value(), "test@example.com")
|
||||
|
||||
def test_sign(self):
|
||||
key = utils.get_private_key_from_pem(self.key_rsa_data)
|
||||
self.csr.sign(key)
|
||||
# 10 bytes is definitely enough for non malicious case, right?
|
||||
self.assertEqual(b'>\xea\xa2\x05F\xc8$\x18X\x1e',
|
||||
self.assertEqual(b'\x16\xbd!\x9b\xfb\xfd\x10\xa1\xaf\x92',
|
||||
self.csr._get_signature()[:10])
|
||||
|
||||
def test_verify(self):
|
||||
|
|
|
@ -16,6 +16,7 @@
|
|||
|
||||
|
||||
import logging
|
||||
import textwrap
|
||||
|
||||
# NOTE(tkelsey): by default Python 2.7 has no default logging handler
|
||||
# this fixes the "No handler for logger ..." message spam
|
||||
|
@ -52,7 +53,7 @@ class DefaultConfigMixin(object):
|
|||
}
|
||||
self.sample_conf_validators = {
|
||||
"common_name": {
|
||||
"allowed_domains": [".test.com"]
|
||||
"allowed_domains": [".example.com"]
|
||||
}
|
||||
}
|
||||
self.sample_conf_fixups = {
|
||||
|
@ -72,3 +73,29 @@ class DefaultConfigMixin(object):
|
|||
}
|
||||
|
||||
super(DefaultConfigMixin, self).setUp()
|
||||
|
||||
|
||||
class DefaultRequestMixin(object):
|
||||
# CN=server1.example.com
|
||||
# 2048 RSA, basicConstraints, keyUsage exts
|
||||
csr_sample_cn = 'server1.example.com'
|
||||
csr_sample = textwrap.dedent(u"""
|
||||
-----BEGIN CERTIFICATE REQUEST-----
|
||||
MIIDDjCCAfYCAQAwgZwxCzAJBgNVBAYTAlVLMQ8wDQYDVQQIEwZOYXJuaWExEjAQ
|
||||
BgNVBAcTCUZ1bmt5dG93bjEXMBUGA1UEChMOQW5jaG9yIFRlc3RpbmcxEDAOBgNV
|
||||
BAsTB3Rlc3RpbmcxHDAaBgNVBAMTE3NlcnZlcjEuZXhhbXBsZS5jb20xHzAdBgkq
|
||||
hkiG9w0BCQEWEHRlc3RAZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IB
|
||||
DwAwggEKAoIBAQDhQloUTMZwBFgbseH5vk4S+mgqwyZDytu9S6x7YPv4aav/FTQd
|
||||
W/RJB07YvUIZSJ50YScNSzXrtjqqifjdvnyiVYpS+vP8/yZIclJt8BNLwA3ESvHO
|
||||
75leRhSahxMkIMW7WfaV4ys8jkGDx3fISCn/jo5zelaLXaiHAzGRRMKefWmy54lX
|
||||
W6jh1caoadRsnFQbAmAljW0JNQ53Sr2KOwVu6I8/IJ9PcT16D0WembvuOsNZZ8V9
|
||||
y2FYiJ4FYesN9JGoKvBC8U1pr+FXpNfEdaniNbfRsz5gCsap3mxMMLKlFS7AB2ar
|
||||
zw5awegV9M7gMYkg4e6HWl33fS+kt/zSC53rAgMBAAGgLDAqBgkqhkiG9w0BCQ4x
|
||||
HTAbMAsGA1UdDwQEAwIF4DAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4IB
|
||||
AQArTSUNFZHqUnCL+TLVgDSq9oaSutO3vu1g+EKfFxN2rG5HrxbAc2eC8TaMfUVd
|
||||
D2JaEkhi9X7wPpVKIVwMo4nYVO8ke1MdXRLecNzLRT4sC40ZuOoDxOFEzm5BibGv
|
||||
OLty0xKx3fylL0qa+wMXQNDWVcbq3OcJNo4v41fl4jlab4Fx5mWaCnKja+LnJT45
|
||||
4wJQQN+UFPwvEt3Ay2UqvzVVUlJ3tO30f5WZitlpYy9txLaV9v6xdc2N/YMgQ7Tz
|
||||
DxpZNBHlkA6LWaRqAtWws3uvom7IjHGgSr7UITrOR5iO5Hrm85X7K0AT6Bu75RZL
|
||||
+uYLLfj9Nb/iznREl9E3a/fN
|
||||
-----END CERTIFICATE REQUEST-----""")
|
||||
|
|
|
@ -14,7 +14,6 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
import textwrap
|
||||
import unittest
|
||||
|
||||
import mock
|
||||
|
@ -26,38 +25,14 @@ from anchor.X509 import signing_request
|
|||
import tests
|
||||
|
||||
|
||||
class TestFixupFunctionality(tests.DefaultConfigMixin, unittest.TestCase):
|
||||
csr_data_with_cn = textwrap.dedent(u"""
|
||||
-----BEGIN CERTIFICATE REQUEST-----
|
||||
MIIDBTCCAe0CAQAwgb8xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh
|
||||
MRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMSEwHwYDVQQKExhPcGVuU3RhY2sgU2Vj
|
||||
dXJpdHkgR3JvdXAxETAPBgNVBAsTCFNlY3VyaXR5MRYwFAYDVQQDEw1vc3NnLnRl
|
||||
c3QuY29tMTUwMwYJKoZIhvcNAQkBFiZvcGVuc3RhY2stc2VjdXJpdHlAbGlzdHMu
|
||||
b3BlbnN0YWNrLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJCw
|
||||
hIh3kwHGrGff7bHpY0x7ebXS8CfnwDx/wFSqlBeARL9f4riN172P4hkk7F+QQ2R9
|
||||
88osQX4dmbQZDX18y85TTQv9jmtzvTZtJM2UQ80XMIVLZjpK5966cmJKqn/s+IaL
|
||||
zh+kqyb7S6xV0590VarEFZ6JsXdxU9TtVHOWCfn/P8swr5DCTzsE/LUIuVdqgkGh
|
||||
g63E9iLYtAOUcQv6lpmrI8NHOMK2F7XnP64IEshpZ4POzc7m8nTEHHb0+xxxiive
|
||||
mwLTp6pyZ5wBx/Dvk2Dc7SF6x51wOxAxdWc3vxwA5Q2nbFK2RlBHCiIi+ZK3i5S/
|
||||
tOkcQydQ0Cl9escDrv0CAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQA1dpxxTGFF
|
||||
TGFenVJlT2uecvXK4UePeaslRx2P1k3xwJK9ZEvKY297cqhK5Y8kWyzNUjGFLHPr
|
||||
RlgjFMYlUICNgCdcWD2b0avZ9q648+F3b9CWKg0kNMhxyQpXdSeLZOzpDVUyr6TN
|
||||
GcCZqcQQclixruXsIGQoZFIXazGju2UTtxwK/J87u2S0yR2bR48dPlNXAWKV+e4o
|
||||
Ua0RaDUUBypZNMMbY6KSB6C7oXGzA/WOnvNz9PzhXlqgWhOv5M6iG3sYDtKllXJT
|
||||
7lcLhUzNVdWaPveTqX/V8QX//53IkyNa+IBm+H84UE5M0GFunqFBYqrWw8S46tMQ
|
||||
JQxgjf65ujnn
|
||||
-----END CERTIFICATE REQUEST-----""")
|
||||
"""
|
||||
Subject:
|
||||
C=US, ST=California, L=San Francisco,
|
||||
O=OpenStack Security Group, OU=Security,
|
||||
CN=ossg.test.com/emailAddress=openstack-security@lists.openstack.org
|
||||
"""
|
||||
class TestFixupFunctionality(tests.DefaultConfigMixin,
|
||||
tests.DefaultRequestMixin,
|
||||
unittest.TestCase):
|
||||
def setUp(self):
|
||||
super(TestFixupFunctionality, self).setUp()
|
||||
jsonloader.conf.load_extensions()
|
||||
self.csr = signing_request.X509Csr.from_buffer(
|
||||
TestFixupFunctionality.csr_data_with_cn)
|
||||
TestFixupFunctionality.csr_sample)
|
||||
|
||||
def test_with_noop(self):
|
||||
"""Ensure single fixup is processed."""
|
||||
|
|
|
@ -14,7 +14,6 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
import textwrap
|
||||
import unittest
|
||||
|
||||
import mock
|
||||
|
@ -26,40 +25,10 @@ from anchor.X509 import name as x509_name
|
|||
import tests
|
||||
|
||||
|
||||
class CertificateOpsTests(tests.DefaultConfigMixin, unittest.TestCase):
|
||||
class CertificateOpsTests(tests.DefaultConfigMixin, tests.DefaultRequestMixin,
|
||||
unittest.TestCase):
|
||||
|
||||
def setUp(self):
|
||||
# This is a CSR with CN=anchor-test.example.com
|
||||
self.expected_cn = "anchor-test.example.com"
|
||||
self.csr = textwrap.dedent(u"""
|
||||
-----BEGIN CERTIFICATE REQUEST-----
|
||||
MIIEsDCCApgCAQAwazELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWEx
|
||||
FjAUBgNVBAcTDU1vdW50YWluIFZpZXcxDTALBgNVBAoTBEFjbWUxIDAeBgNVBAMT
|
||||
F2FuY2hvci10ZXN0LmV4YW1wbGUuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
|
||||
MIICCgKCAgEAvRri1XL/BIR882HdRisntITkEwDmBUmNcVKioOOc6wfLDzhrDFZc
|
||||
fo34CvSPm4q4qlnGd4mmJt6rmDwZFhp4PPWHvZ4XWNygI0hZK3P+R6YZWOe2EwCU
|
||||
M2+yCLLDAVucQZmqFtKLv3fedjM3udgEHrf6rf8eyE9X0eyXGJ7jNLEQvJktpr6v
|
||||
JrKnMVssyzUXek4ZiWUoMY864MYeG+ZbdeHzSCMC9iCdfQIdTGUJ0SclOPoRPSUu
|
||||
zyTE4FfDFLCZof6gcYudpdSK4Iy84G89kIb1Yfdvg5ak71uMtPRxSncsbfg4TK8r
|
||||
WuyXs4alIA5bunhf89b6zt3BKufTzs6jBi9oLertafPW9Xgl2PbIeyN9JH1207/L
|
||||
EnXpTS5XK/SDRnzkKCe9aSHy+mS77bRQjV+U67V+TVc9OrbZYQ5krHb3mlWf31wU
|
||||
owS0d7DQLhGrPtBs/C85u4DUTHJcZys7RX4Q7fArDkN1sszhtoxNb2WTgYLKYQYF
|
||||
IHdYRF8Bqq7ZrNJ+2MOQS1kowXTluJKuCQbgL+UwJl+wtrRdxt64CKSCmtH7h4H+
|
||||
yhDD2J6CP3jz4SUQY/CxCmHzI1SVDmHwtr7J02V468Bz+zwT9YbLyvwPKAKJAW5h
|
||||
MUpYN+Yg6Ch7TEa/qw+tbkJbSQeXiAIpzRVAzffo8+djG+UnMdLSMBcCAwEAAaAA
|
||||
MA0GCSqGSIb3DQEBBQUAA4ICAQAr3YwkjT9Lft7DQP328BfudnAQR+tdodAtZGRU
|
||||
y3ZUVupQwgtYdCCRnneCdVcAQUnj6tZHkzBhHBflVz24vXZZHiQilaajzeCoJpj5
|
||||
jXy1ZjPK/efTKw8H325N8hHqGgiXEp86K06LZ4a6m3K+lBZbhb2hSt2MJx8DDn1Y
|
||||
YE1Ssvo0rxDrhnPbAeAdmVNT4zCazYTAaYk2IwAAY9BsoRQouYsSHbVxG+KFGp2A
|
||||
Rw9ryCqBXUAbj0b7whOFEj7pqg3F8nNbPuFdaUoCGaN8TWQFy4diwFsujGONDl4w
|
||||
Df82BlAj/ty9z5WUCs01+z9X4SDm+vchSMqBKgAYZSKEAEmlQf++3tlJpEG7jM1l
|
||||
SqYkeSVWrkHSBXkNQQ2iNmzMBvCA40Qont8OXP/gqS0+rS37f2LtuUueCgV8Gtay
|
||||
RWgH7/JcdLEMm/XohRyD2yVz/JhKNWkYyEjtpr4wFTgFX48v6H4fE7o0HcUHy4nK
|
||||
vN4vwXoa71x65lL1HcZdqYr/ff9KHcwxaOnflTgXzBMvm++F7EwEOK61TDuNkZ8h
|
||||
gaf8Ejt1XNtA1jPNnRES7gqafOJAwYyshr5XoLzHUgbXBTVlEp5t2buxf76n+nzz
|
||||
Zz6BD8nuXQMGPy60ql12MQvLmdX7mFFHthucExhA/9R7wSPtdS8OBPljumgUuhRR
|
||||
BcW7kw==
|
||||
-----END CERTIFICATE REQUEST-----""")
|
||||
jsonloader.conf.load_extensions()
|
||||
super(CertificateOpsTests, self).setUp()
|
||||
|
||||
|
@ -68,29 +37,29 @@ class CertificateOpsTests(tests.DefaultConfigMixin, unittest.TestCase):
|
|||
|
||||
def test_parse_csr_success1(self):
|
||||
"""Test basic success path for parse_csr."""
|
||||
result = certificate_ops.parse_csr(self.csr, 'pem')
|
||||
result = certificate_ops.parse_csr(self.csr_sample, 'pem')
|
||||
subject = result.get_subject()
|
||||
actual_cn = subject.get_entries_by_oid(
|
||||
x509_name.OID_commonName)[0].get_value()
|
||||
self.assertEqual(actual_cn, self.expected_cn)
|
||||
self.assertEqual(actual_cn, self.csr_sample_cn)
|
||||
|
||||
def test_parse_csr_success2(self):
|
||||
"""Test basic success path for parse_csr."""
|
||||
result = certificate_ops.parse_csr(self.csr, 'PEM')
|
||||
result = certificate_ops.parse_csr(self.csr_sample, 'PEM')
|
||||
subject = result.get_subject()
|
||||
actual_cn = subject.get_entries_by_oid(
|
||||
x509_name.OID_commonName)[0].get_value()
|
||||
self.assertEqual(actual_cn, self.expected_cn)
|
||||
self.assertEqual(actual_cn, self.csr_sample_cn)
|
||||
|
||||
def test_parse_csr_fail1(self):
|
||||
"""Test invalid CSR format (wrong value) for parse_csr."""
|
||||
with self.assertRaises(http_status.HTTPClientError):
|
||||
certificate_ops.parse_csr(self.csr, 'blah')
|
||||
certificate_ops.parse_csr(self.csr_sample, 'blah')
|
||||
|
||||
def test_parse_csr_fail2(self):
|
||||
"""Test invalid CSR format (wrong type) for parse_csr."""
|
||||
with self.assertRaises(http_status.HTTPClientError):
|
||||
certificate_ops.parse_csr(self.csr, True)
|
||||
certificate_ops.parse_csr(self.csr_sample, True)
|
||||
|
||||
def test_parse_csr_fail3(self):
|
||||
"""Test invalid CSR (None) format for parse_csr."""
|
||||
|
@ -104,10 +73,10 @@ class CertificateOpsTests(tests.DefaultConfigMixin, unittest.TestCase):
|
|||
|
||||
def test_validate_csr_success(self):
|
||||
"""Test basic success path for validate_csr."""
|
||||
csr_obj = certificate_ops.parse_csr(self.csr, 'pem')
|
||||
csr_obj = certificate_ops.parse_csr(self.csr_sample, 'pem')
|
||||
config = "anchor.jsonloader.conf._config"
|
||||
self.sample_conf_ra['default_ra']['validators'] = {'extensions': {
|
||||
'allowed_extensions': []}}
|
||||
'allowed_extensions': ['basicConstraints', 'keyUsage']}}
|
||||
data = self.sample_conf
|
||||
|
||||
with mock.patch.dict(config, data):
|
||||
|
@ -115,7 +84,7 @@ class CertificateOpsTests(tests.DefaultConfigMixin, unittest.TestCase):
|
|||
|
||||
def test_validate_csr_bypass(self):
|
||||
"""Test empty validator set for validate_csr."""
|
||||
csr_obj = certificate_ops.parse_csr(self.csr, 'pem')
|
||||
csr_obj = certificate_ops.parse_csr(self.csr_sample, 'pem')
|
||||
config = "anchor.jsonloader.conf._config"
|
||||
self.sample_conf_ra['default_ra']['validators'] = {}
|
||||
data = self.sample_conf
|
||||
|
@ -126,7 +95,7 @@ class CertificateOpsTests(tests.DefaultConfigMixin, unittest.TestCase):
|
|||
|
||||
def test_validate_csr_fail(self):
|
||||
"""Test failure path for validate_csr."""
|
||||
csr_obj = certificate_ops.parse_csr(self.csr, 'pem')
|
||||
csr_obj = certificate_ops.parse_csr(self.csr_sample, 'pem')
|
||||
config = "anchor.jsonloader.conf._config"
|
||||
self.sample_conf_ra['default_ra']['validators'] = {
|
||||
'common_name': {
|
||||
|
@ -142,7 +111,7 @@ class CertificateOpsTests(tests.DefaultConfigMixin, unittest.TestCase):
|
|||
|
||||
def test_ca_cert_read_failure(self):
|
||||
"""Test CA certificate read failure."""
|
||||
csr_obj = certificate_ops.parse_csr(self.csr, 'pem')
|
||||
csr_obj = certificate_ops.parse_csr(self.csr_sample, 'pem')
|
||||
config = "anchor.jsonloader.conf._config"
|
||||
ca_conf = self.sample_conf_ca['default_ca']
|
||||
ca_conf['cert_path'] = '/xxx/not/a/valid/path'
|
||||
|
@ -156,7 +125,7 @@ class CertificateOpsTests(tests.DefaultConfigMixin, unittest.TestCase):
|
|||
|
||||
def test_ca_key_read_failure(self):
|
||||
"""Test CA key read failure."""
|
||||
csr_obj = certificate_ops.parse_csr(self.csr, 'pem')
|
||||
csr_obj = certificate_ops.parse_csr(self.csr_sample, 'pem')
|
||||
config = "anchor.jsonloader.conf._config"
|
||||
self.sample_conf_ca['default_ca']['cert_path'] = 'tests/CA/root-ca.crt'
|
||||
self.sample_conf_ca['default_ca']['key_path'] = '/xxx/not/a/valid/path'
|
||||
|
|
|
@ -19,7 +19,6 @@ import json
|
|||
import os
|
||||
import stat
|
||||
import tempfile
|
||||
import textwrap
|
||||
import unittest
|
||||
|
||||
import mock
|
||||
|
@ -33,45 +32,8 @@ import config
|
|||
import tests
|
||||
|
||||
|
||||
class TestFunctional(tests.DefaultConfigMixin, unittest.TestCase):
|
||||
csr_good = textwrap.dedent(u"""
|
||||
-----BEGIN CERTIFICATE REQUEST-----
|
||||
MIIEDzCCAncCAQAwcjELMAkGA1UEBhMCR0IxEzARBgNVBAgTCkNhbGlmb3JuaWEx
|
||||
FjAUBgNVBAcTDVNhbiBGcmFuY3NpY28xDTALBgNVBAoTBE9TU0cxDTALBgNVBAsT
|
||||
BE9TU0cxGDAWBgNVBAMTD21hc3Rlci50ZXN0LmNvbTCCAaIwDQYJKoZIhvcNAQEB
|
||||
BQADggGPADCCAYoCggGBALnhCRvwMoaZa4car663lwcwn86PO3BS90X8b2wIZjkf
|
||||
rq/eePz2J3Ox8/BbsYiYICHn8oSd/VVXUnqHMFU9xTeJwsDLbyc+0P4S9Fj+RkbM
|
||||
W+YQZsG8Wy9M8aKi9hNtIGiqknyzcOfCQcGPpcKqXRXAW1afqLmifBcFqN1qcpT8
|
||||
OooGNtgo4Ix/fA7omZaKkIXSi5FovC8mFPUm2VqDyvctxBGq0EngIOB9rczloun0
|
||||
nO8PpWBsX2rg3uIs6GIejVrx1ZkcHxJbrze/Nt9vt4C11hJAiAUlHDl0cf50/Pck
|
||||
g0T3ehEqr0zdzCx+wXr3AzStcoOow+REb8CbTt2QaUbZ5izrZFX0JC73mRtqDhuc
|
||||
UxUaguLK9ufhUfA0I1j++w/pQkBEu5PGNX7YpRLImEp636lD8RJ9Ced7oii+gjY0
|
||||
OXlVPRv9MMPvkCWnjNjLapz8kzypJr94BQz1AffHxVfmGGQh60vq4KINm+etuI0Q
|
||||
kfI9NRa/ficRhsuh7yxQRwIDAQABoFgwVgYJKoZIhvcNAQkOMUkwRzAJBgNVHRME
|
||||
AjAAMAsGA1UdDwQEAwIF4DAtBgNVHREEJjAkghBzZXJ2ZXIxLnRlc3QuY29tghBz
|
||||
ZXJ2ZXIyLnRlc3QuY29tMA0GCSqGSIb3DQEBCwUAA4IBgQBdyATuNnfVIeQL2odc
|
||||
zV7f9c/tvN5/Mn4AmGt5S457FGO/s3J7hWX9L02VYPWwORbtkBvZZKtQWLjHbMzU
|
||||
oGsfxeo6vUv+dSP6bjqKibFyMArdaRIobFMvM/5N6g9zcP4sQEnpUyIeV2g6b0Os
|
||||
FoKGsLPIMiS69mAVdfKrgXnmXApXu5zjAoPnSzcc+wKTCbzVIRLZIopEtet84atN
|
||||
7Tf9xokgrDZppJE76w3zXYWPkUDbVuWTuO4afQxujHbJYiZblxJz/gRbMgugAt4V
|
||||
ftlI3EGnGaBQHcZfmyZz1F8ti1jteWMMQZHtWr32cF9Lw/jd2adYFYVTez3BXtQW
|
||||
pULCxdq8G2CFdrV/atIL8Vadf2dOzn2tZIFFihzuilWbcmTP7+8UI8MOKkrqfWN+
|
||||
Q6yV3I896rSprU7WAmWSq+jXkOOwNGDEbmaWsxu4AjvfGty5v2lZqdYJRkbjerXD
|
||||
tR7XqQGqJKca/vRTfJ+zIAxMEeH1N9Lx7YBO6VdVja+yG1E=
|
||||
-----END CERTIFICATE REQUEST-----""")
|
||||
|
||||
csr_bad = textwrap.dedent(u"""
|
||||
-----BEGIN CERTIFICATE REQUEST-----
|
||||
MIIBWTCCARMCAQAwgZQxCzAJBgNVBAYTAlVLMQ8wDQYDVQQIEwZOYXJuaWExEjAQ
|
||||
BgNVBAcTCUZ1bmt5dG93bjEXMBUGA1UEChMOQW5jaG9yIFRlc3RpbmcxEDAOBgNV
|
||||
BAsTB3Rlc3RpbmcxFDASBgNVBAMTC2FuY2hvci50ZXN0MR8wHQYJKoZIhvcNAQkB
|
||||
FhB0ZXN0QGFuY2hvci50ZXN0MEwwDQYJKoZIhvcNAQEBBQADOwAwOAIxAOpvxkCx
|
||||
NNTc86GVnP4rWvaniOnHaemXbhBOoFxhMwaghiq7u5V9ZKkUZfbu+L+ZSQIDAQAB
|
||||
oCkwJwYJKoZIhvcNAQkOMRowGDAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DANBgkq
|
||||
hkiG9w0BAQUFAAMxALaK8/HR73ZSvHiWo7Mduin0S519aJBm+gO8d9iliUkK00gQ
|
||||
VMs9DuTAxljX7t7Eug==
|
||||
-----END CERTIFICATE REQUEST-----""")
|
||||
|
||||
class TestFunctional(tests.DefaultConfigMixin, tests.DefaultRequestMixin,
|
||||
unittest.TestCase):
|
||||
def setUp(self):
|
||||
super(TestFunctional, self).setUp()
|
||||
|
||||
|
@ -115,7 +77,7 @@ class TestFunctional(tests.DefaultConfigMixin, unittest.TestCase):
|
|||
data = {'user': 'myusername',
|
||||
'secret': 'simplepassword',
|
||||
'encoding': 'pem',
|
||||
'csr': TestFunctional.csr_good}
|
||||
'csr': self.csr_sample}
|
||||
|
||||
resp = self.app.post('/v1/sign/unknown', data, expect_errors=True)
|
||||
self.assertEqual(404, resp.status_int)
|
||||
|
@ -123,8 +85,8 @@ class TestFunctional(tests.DefaultConfigMixin, unittest.TestCase):
|
|||
def test_check_bad_csr(self):
|
||||
data = {'user': 'myusername',
|
||||
'secret': 'simplepassword',
|
||||
'encoding': 'pem',
|
||||
'csr': TestFunctional.csr_bad}
|
||||
'encoding': 'unknown',
|
||||
'csr': self.csr_sample}
|
||||
|
||||
resp = self.app.post('/v1/sign/default_ra', data, expect_errors=True)
|
||||
self.assertEqual(400, resp.status_int)
|
||||
|
@ -133,7 +95,7 @@ class TestFunctional(tests.DefaultConfigMixin, unittest.TestCase):
|
|||
data = {'user': 'myusername',
|
||||
'secret': 'simplepassword',
|
||||
'encoding': 'pem',
|
||||
'csr': TestFunctional.csr_good}
|
||||
'csr': self.csr_sample}
|
||||
|
||||
resp = self.app.post('/v1/sign/default_ra', data, expect_errors=False)
|
||||
self.assertEqual(200, resp.status_int)
|
||||
|
@ -141,8 +103,9 @@ class TestFunctional(tests.DefaultConfigMixin, unittest.TestCase):
|
|||
cert = X509_cert.X509Certificate.from_buffer(resp.text)
|
||||
|
||||
# make sure the cert is what we asked for
|
||||
self.assertEqual(("/C=GB/ST=California/L=San Francsico/O=OSSG"
|
||||
"/OU=OSSG/CN=master.test.com"),
|
||||
self.assertEqual(("/C=UK/ST=Narnia/L=Funkytown/O=Anchor Testing"
|
||||
"/OU=testing/CN=server1.example.com"
|
||||
"/emailAddress=test@example.com"),
|
||||
str(cert.get_subject()))
|
||||
|
||||
# make sure the cert was issued by anchor
|
||||
|
@ -154,7 +117,7 @@ class TestFunctional(tests.DefaultConfigMixin, unittest.TestCase):
|
|||
data = {'user': 'myusername',
|
||||
'secret': 'simplepassword',
|
||||
'encoding': 'pem',
|
||||
'csr': TestFunctional.csr_good}
|
||||
'csr': self.csr_sample}
|
||||
|
||||
derp = mock.MagicMock()
|
||||
derp.side_effect = Exception("BOOM")
|
||||
|
|
|
@ -14,7 +14,6 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
import textwrap
|
||||
import unittest
|
||||
|
||||
from pyasn1.type import univ as asn1_univ
|
||||
|
@ -31,40 +30,10 @@ class UnknownExtension(extension.X509Extension):
|
|||
spec = asn1_univ.Null
|
||||
|
||||
|
||||
class SigningBackendExtensions(tests.DefaultConfigMixin, unittest.TestCase):
|
||||
csr_data = textwrap.dedent(u"""
|
||||
-----BEGIN CERTIFICATE REQUEST-----
|
||||
MIIEsDCCApgCAQAwazELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWEx
|
||||
FjAUBgNVBAcTDU1vdW50YWluIFZpZXcxDTALBgNVBAoTBEFjbWUxIDAeBgNVBAMT
|
||||
F2FuY2hvci10ZXN0LmV4YW1wbGUuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
|
||||
MIICCgKCAgEAvRri1XL/BIR882HdRisntITkEwDmBUmNcVKioOOc6wfLDzhrDFZc
|
||||
fo34CvSPm4q4qlnGd4mmJt6rmDwZFhp4PPWHvZ4XWNygI0hZK3P+R6YZWOe2EwCU
|
||||
M2+yCLLDAVucQZmqFtKLv3fedjM3udgEHrf6rf8eyE9X0eyXGJ7jNLEQvJktpr6v
|
||||
JrKnMVssyzUXek4ZiWUoMY864MYeG+ZbdeHzSCMC9iCdfQIdTGUJ0SclOPoRPSUu
|
||||
zyTE4FfDFLCZof6gcYudpdSK4Iy84G89kIb1Yfdvg5ak71uMtPRxSncsbfg4TK8r
|
||||
WuyXs4alIA5bunhf89b6zt3BKufTzs6jBi9oLertafPW9Xgl2PbIeyN9JH1207/L
|
||||
EnXpTS5XK/SDRnzkKCe9aSHy+mS77bRQjV+U67V+TVc9OrbZYQ5krHb3mlWf31wU
|
||||
owS0d7DQLhGrPtBs/C85u4DUTHJcZys7RX4Q7fArDkN1sszhtoxNb2WTgYLKYQYF
|
||||
IHdYRF8Bqq7ZrNJ+2MOQS1kowXTluJKuCQbgL+UwJl+wtrRdxt64CKSCmtH7h4H+
|
||||
yhDD2J6CP3jz4SUQY/CxCmHzI1SVDmHwtr7J02V468Bz+zwT9YbLyvwPKAKJAW5h
|
||||
MUpYN+Yg6Ch7TEa/qw+tbkJbSQeXiAIpzRVAzffo8+djG+UnMdLSMBcCAwEAAaAA
|
||||
MA0GCSqGSIb3DQEBBQUAA4ICAQAr3YwkjT9Lft7DQP328BfudnAQR+tdodAtZGRU
|
||||
y3ZUVupQwgtYdCCRnneCdVcAQUnj6tZHkzBhHBflVz24vXZZHiQilaajzeCoJpj5
|
||||
jXy1ZjPK/efTKw8H325N8hHqGgiXEp86K06LZ4a6m3K+lBZbhb2hSt2MJx8DDn1Y
|
||||
YE1Ssvo0rxDrhnPbAeAdmVNT4zCazYTAaYk2IwAAY9BsoRQouYsSHbVxG+KFGp2A
|
||||
Rw9ryCqBXUAbj0b7whOFEj7pqg3F8nNbPuFdaUoCGaN8TWQFy4diwFsujGONDl4w
|
||||
Df82BlAj/ty9z5WUCs01+z9X4SDm+vchSMqBKgAYZSKEAEmlQf++3tlJpEG7jM1l
|
||||
SqYkeSVWrkHSBXkNQQ2iNmzMBvCA40Qont8OXP/gqS0+rS37f2LtuUueCgV8Gtay
|
||||
RWgH7/JcdLEMm/XohRyD2yVz/JhKNWkYyEjtpr4wFTgFX48v6H4fE7o0HcUHy4nK
|
||||
vN4vwXoa71x65lL1HcZdqYr/ff9KHcwxaOnflTgXzBMvm++F7EwEOK61TDuNkZ8h
|
||||
gaf8Ejt1XNtA1jPNnRES7gqafOJAwYyshr5XoLzHUgbXBTVlEp5t2buxf76n+nzz
|
||||
Zz6BD8nuXQMGPy60ql12MQvLmdX7mFFHthucExhA/9R7wSPtdS8OBPljumgUuhRR
|
||||
BcW7kw==
|
||||
-----END CERTIFICATE REQUEST-----
|
||||
""")
|
||||
|
||||
class SigningBackendExtensions(tests.DefaultConfigMixin,
|
||||
tests.DefaultRequestMixin, unittest.TestCase):
|
||||
def test_copy_good_extensions(self):
|
||||
csr = signing_request.X509Csr.from_buffer(self.csr_data)
|
||||
csr = signing_request.X509Csr.from_buffer(self.csr_sample)
|
||||
ext = extension.X509ExtensionSubjectAltName()
|
||||
ext.add_dns_id("example.com")
|
||||
csr.add_extension(ext)
|
||||
|
@ -75,16 +44,16 @@ class SigningBackendExtensions(tests.DefaultConfigMixin, unittest.TestCase):
|
|||
extension.X509ExtensionSubjectAltName)))
|
||||
|
||||
def test_ignore_unknown_extensions(self):
|
||||
csr = signing_request.X509Csr.from_buffer(self.csr_data)
|
||||
csr = signing_request.X509Csr.from_buffer(self.csr_sample)
|
||||
ext = UnknownExtension()
|
||||
csr.add_extension(ext)
|
||||
|
||||
pem = certificate_ops.sign(csr, self.sample_conf_ca['default_ca'])
|
||||
cert = certificate.X509Certificate.from_buffer(pem)
|
||||
self.assertEqual(0, len(cert.get_extensions()))
|
||||
self.assertEqual(2, len(cert.get_extensions()))
|
||||
|
||||
def test_fail_critical_unknown_extensions(self):
|
||||
csr = signing_request.X509Csr.from_buffer(self.csr_data)
|
||||
csr = signing_request.X509Csr.from_buffer(self.csr_sample)
|
||||
ext = UnknownExtension()
|
||||
ext.set_critical(True)
|
||||
csr.add_extension(ext)
|
||||
|
|
|
@ -14,84 +14,31 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
import textwrap
|
||||
import unittest
|
||||
|
||||
import netaddr
|
||||
|
||||
from anchor.validators import errors
|
||||
from anchor.validators import utils
|
||||
from anchor.X509 import name
|
||||
from anchor.X509 import signing_request
|
||||
import tests
|
||||
|
||||
|
||||
class TestBaseValidators(unittest.TestCase):
|
||||
csr_data_with_cn = textwrap.dedent(u"""
|
||||
-----BEGIN CERTIFICATE REQUEST-----
|
||||
MIIDBTCCAe0CAQAwgb8xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh
|
||||
MRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMSEwHwYDVQQKExhPcGVuU3RhY2sgU2Vj
|
||||
dXJpdHkgR3JvdXAxETAPBgNVBAsTCFNlY3VyaXR5MRYwFAYDVQQDEw1vc3NnLnRl
|
||||
c3QuY29tMTUwMwYJKoZIhvcNAQkBFiZvcGVuc3RhY2stc2VjdXJpdHlAbGlzdHMu
|
||||
b3BlbnN0YWNrLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJCw
|
||||
hIh3kwHGrGff7bHpY0x7ebXS8CfnwDx/wFSqlBeARL9f4riN172P4hkk7F+QQ2R9
|
||||
88osQX4dmbQZDX18y85TTQv9jmtzvTZtJM2UQ80XMIVLZjpK5966cmJKqn/s+IaL
|
||||
zh+kqyb7S6xV0590VarEFZ6JsXdxU9TtVHOWCfn/P8swr5DCTzsE/LUIuVdqgkGh
|
||||
g63E9iLYtAOUcQv6lpmrI8NHOMK2F7XnP64IEshpZ4POzc7m8nTEHHb0+xxxiive
|
||||
mwLTp6pyZ5wBx/Dvk2Dc7SF6x51wOxAxdWc3vxwA5Q2nbFK2RlBHCiIi+ZK3i5S/
|
||||
tOkcQydQ0Cl9escDrv0CAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQA1dpxxTGFF
|
||||
TGFenVJlT2uecvXK4UePeaslRx2P1k3xwJK9ZEvKY297cqhK5Y8kWyzNUjGFLHPr
|
||||
RlgjFMYlUICNgCdcWD2b0avZ9q648+F3b9CWKg0kNMhxyQpXdSeLZOzpDVUyr6TN
|
||||
GcCZqcQQclixruXsIGQoZFIXazGju2UTtxwK/J87u2S0yR2bR48dPlNXAWKV+e4o
|
||||
Ua0RaDUUBypZNMMbY6KSB6C7oXGzA/WOnvNz9PzhXlqgWhOv5M6iG3sYDtKllXJT
|
||||
7lcLhUzNVdWaPveTqX/V8QX//53IkyNa+IBm+H84UE5M0GFunqFBYqrWw8S46tMQ
|
||||
JQxgjf65ujnn
|
||||
-----END CERTIFICATE REQUEST-----""")
|
||||
"""
|
||||
Subject:
|
||||
C=US, ST=California, L=San Francisco,
|
||||
O=OpenStack Security Group, OU=Security,
|
||||
CN=ossg.test.com/emailAddress=openstack-security@lists.openstack.org
|
||||
"""
|
||||
|
||||
csr_data_without_cn = textwrap.dedent(u"""
|
||||
-----BEGIN CERTIFICATE REQUEST-----
|
||||
MIIC7TCCAdUCAQAwgacxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlh
|
||||
MRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMSEwHwYDVQQKDBhPcGVuU3RhY2sgU2Vj
|
||||
dXJpdHkgR3JvdXAxETAPBgNVBAsMCFNlY3VyaXR5MTUwMwYJKoZIhvcNAQkBFiZv
|
||||
cGVuc3RhY2stc2VjdXJpdHlAbGlzdHMub3BlbnN0YWNrLm9yZzCCASIwDQYJKoZI
|
||||
hvcNAQEBBQADggEPADCCAQoCggEBAMy2NIPIkpUt3bIFWINacX1piE1aqnQwy0MW
|
||||
dpEJYnZKECJI9UTdIXWXKuKX2+c4igSvPThf/9RBPjXWflYEh67CEcgFwrb4B3mr
|
||||
GtwAz/os19Tp7uiCZ2WHwh1ed8HuFGs4Iwtka4f18s03SYe+r7p0KwFsJYT9wgMK
|
||||
7TvM/ZRZwHMnhDinlT7II6AKyLoU8y7EAe7Z75RMHKVaUiMwqD7vJJ6WEwS9GcGL
|
||||
9CVWNBuyaVAchwqN4ejpMBPwAiSo3O7n3XM0oufhrtI6gz1V3l3PiIbDX+eb+Rit
|
||||
Fc3RvmlQ0DApweREUBEfTA1NVls4qvuRdg5ps6+uwI6WqQlEvwsCAwEAAaAAMA0G
|
||||
CSqGSIb3DQEBCwUAA4IBAQBfasOCSFjEHVazOeiJuaQnfRtwmEK0rDQsUL5oy21h
|
||||
YbX5RyKLavDlU2er2N3NIEoZ+xBODEmXpKg0QXR3rGLvR/utPvjAU03a56ryw+mY
|
||||
DlyBvC15oqnhdjlq9UvdhKXu9kpaQksNbn63PKoVSIPHj2wEs1qnneYTEWQngGP1
|
||||
bcoRVE4esRNDBwo1SVC1y5QMjd/Ta4b9jeRU/3jOSuJHVUA+xaWhdRj9VX6EgvxY
|
||||
x2LlF2bajZ8HdOb0MS+zvTQjyySXd1qg1D9APJRfNOxlIxOZdPTjH5+HT8fRfXGC
|
||||
QxrcV4H0CsWt61dgiLe6w7CERmR7liD+yFoZYiTTXcbT
|
||||
-----END CERTIFICATE REQUEST-----""")
|
||||
|
||||
"""
|
||||
Subject:
|
||||
C=US, ST=California, L=San Francisco, O=OpenStack Security Group,
|
||||
OU=Security/emailAddress=openstack-security@lists.openstack.org
|
||||
"""
|
||||
|
||||
class TestBaseValidators(tests.DefaultRequestMixin, unittest.TestCase):
|
||||
def setUp(self):
|
||||
super(TestBaseValidators, self).setUp()
|
||||
self.csr = signing_request.X509Csr.from_buffer(
|
||||
TestBaseValidators.csr_data_with_cn)
|
||||
self.csr_sample)
|
||||
|
||||
def tearDown(self):
|
||||
super(TestBaseValidators, self).tearDown()
|
||||
|
||||
def test_csr_require_cn(self):
|
||||
name = utils.csr_require_cn(self.csr)
|
||||
self.assertEqual(name, "ossg.test.com")
|
||||
common_name = utils.csr_require_cn(self.csr)
|
||||
self.assertEqual(common_name, self.csr_sample_cn)
|
||||
|
||||
self.csr = signing_request.X509Csr.from_buffer(
|
||||
TestBaseValidators.csr_data_without_cn)
|
||||
self.csr.set_subject(name.X509Name())
|
||||
with self.assertRaises(errors.ValidationError):
|
||||
utils.csr_require_cn(self.csr)
|
||||
|
||||
|
|
|
@ -14,7 +14,6 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
import textwrap
|
||||
import unittest
|
||||
|
||||
import mock
|
||||
|
@ -28,23 +27,10 @@ from anchor.validators import utils
|
|||
from anchor.X509 import extension as x509_ext
|
||||
from anchor.X509 import name as x509_name
|
||||
from anchor.X509 import signing_request as x509_csr
|
||||
import tests
|
||||
|
||||
|
||||
class TestValidators(unittest.TestCase):
|
||||
csr_data = textwrap.dedent(u"""
|
||||
-----BEGIN CERTIFICATE REQUEST-----
|
||||
MIIB1TCCAT4CAQAwgZQxCzAJBgNVBAYTAlVLMQ8wDQYDVQQIDAZOYXJuaWExEjAQ
|
||||
BgNVBAcMCUZ1bmt5dG93bjEXMBUGA1UECgwOQW5jaG9yIFRlc3RpbmcxEDAOBgNV
|
||||
BAsMB3Rlc3RpbmcxFDASBgNVBAMMC2FuY2hvci50ZXN0MR8wHQYJKoZIhvcNAQkB
|
||||
FhB0ZXN0QGFuY2hvci50ZXN0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCe
|
||||
eqg1Qeccv8hqj1BP9KEJX5QsFCxR62M8plPb5t4sLo8UYfZd6kFLcOP8xzwwvx/e
|
||||
FY6Sux52enQ197o8aMwyP77hMhZqtd8NCgLJMVlUbRhwLti0SkHFPic0wAg+esfX
|
||||
a6yhd5TxC+bti7MgV/ljA80XQxHH8xOjdOoGN0DHfQIDAQABoAAwDQYJKoZIhvcN
|
||||
AQELBQADgYEAI4eMihRKSeNLt1DLg6l+WYU4ssRTEHpxwBRo0lh5IGEBjtL+NrPY
|
||||
/A9AKfbkyW7BnKd9IT5wvenZajl5UzCveTCkqVDbSEOwLpUY3GeHf0jujml8gKFb
|
||||
AFrlaOkOuDai+an0EdbeLef1kYh8CWd573MPvKTwOsiaGP/EACrlIEM=
|
||||
-----END CERTIFICATE REQUEST-----""")
|
||||
|
||||
class TestValidators(tests.DefaultRequestMixin, unittest.TestCase):
|
||||
def setUp(self):
|
||||
super(TestValidators, self).setUp()
|
||||
|
||||
|
@ -553,11 +539,11 @@ class TestValidators(unittest.TestCase):
|
|||
)
|
||||
|
||||
def test_csr_signature(self):
|
||||
csr = x509_csr.X509Csr.from_buffer(self.csr_data)
|
||||
csr = x509_csr.X509Csr.from_buffer(self.csr_sample)
|
||||
self.assertEqual(None, custom.csr_signature(csr=csr))
|
||||
|
||||
def test_csr_signature_bad_sig(self):
|
||||
csr = x509_csr.X509Csr.from_buffer(self.csr_data)
|
||||
csr = x509_csr.X509Csr.from_buffer(self.csr_sample)
|
||||
with mock.patch.object(x509_csr.X509Csr, '_get_signature',
|
||||
return_value=(b'A'*49)):
|
||||
with self.assertRaisesRegexp(errors.ValidationError,
|
||||
|
@ -565,7 +551,7 @@ class TestValidators(unittest.TestCase):
|
|||
custom.csr_signature(csr=csr)
|
||||
|
||||
def test_csr_signature_bad_algo(self):
|
||||
csr = x509_csr.X509Csr.from_buffer(self.csr_data)
|
||||
csr = x509_csr.X509Csr.from_buffer(self.csr_sample)
|
||||
with mock.patch.object(x509_csr.X509Csr, '_get_signing_algorithm',
|
||||
return_value=rfc2459.id_dsa_with_sha1):
|
||||
with self.assertRaisesRegexp(errors.ValidationError,
|
||||
|
|
|
@ -14,7 +14,6 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
import textwrap
|
||||
import unittest
|
||||
|
||||
from pyasn1.codec.der import encoder
|
||||
|
@ -25,25 +24,12 @@ from anchor.validators import standards
|
|||
from anchor.X509 import extension
|
||||
from anchor.X509 import name
|
||||
from anchor.X509 import signing_request
|
||||
import tests
|
||||
|
||||
|
||||
class TestStandardsValidator(unittest.TestCase):
|
||||
csr_data = textwrap.dedent(u"""
|
||||
-----BEGIN CERTIFICATE REQUEST-----
|
||||
MIIB1TCCAT4CAQAwgZQxCzAJBgNVBAYTAlVLMQ8wDQYDVQQIDAZOYXJuaWExEjAQ
|
||||
BgNVBAcMCUZ1bmt5dG93bjEXMBUGA1UECgwOQW5jaG9yIFRlc3RpbmcxEDAOBgNV
|
||||
BAsMB3Rlc3RpbmcxFDASBgNVBAMMC2FuY2hvci50ZXN0MR8wHQYJKoZIhvcNAQkB
|
||||
FhB0ZXN0QGFuY2hvci50ZXN0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCe
|
||||
eqg1Qeccv8hqj1BP9KEJX5QsFCxR62M8plPb5t4sLo8UYfZd6kFLcOP8xzwwvx/e
|
||||
FY6Sux52enQ197o8aMwyP77hMhZqtd8NCgLJMVlUbRhwLti0SkHFPic0wAg+esfX
|
||||
a6yhd5TxC+bti7MgV/ljA80XQxHH8xOjdOoGN0DHfQIDAQABoAAwDQYJKoZIhvcN
|
||||
AQELBQADgYEAI4eMihRKSeNLt1DLg6l+WYU4ssRTEHpxwBRo0lh5IGEBjtL+NrPY
|
||||
/A9AKfbkyW7BnKd9IT5wvenZajl5UzCveTCkqVDbSEOwLpUY3GeHf0jujml8gKFb
|
||||
AFrlaOkOuDai+an0EdbeLef1kYh8CWd573MPvKTwOsiaGP/EACrlIEM=
|
||||
-----END CERTIFICATE REQUEST-----""")
|
||||
|
||||
class TestStandardsValidator(tests.DefaultRequestMixin, unittest.TestCase):
|
||||
def test_passing(self):
|
||||
csr = signing_request.X509Csr.from_buffer(self.csr_data)
|
||||
csr = signing_request.X509Csr.from_buffer(self.csr_sample)
|
||||
standards.standards_compliance(csr=csr)
|
||||
|
||||
|
||||
|
|
Loading…
Reference in New Issue