def test_ca_status_bad(self):
csr = x509_csr.X509Csr()
ext = x509_ext.X509ExtensionBasicConstraints()
ext.set_ca(False)
csr.add_extension(ext)
with self.assertRaises(validators.ValidationError) as e:
validators.ca_status(csr=csr, ca_requested=True)
self.assertEqual("CA flags required", str(e.exception))
def test_ca_status_forbidden(self):
csr = x509_csr.X509Csr()
ext = x509_ext.X509ExtensionBasicConstraints()
ext.set_ca(True)
csr.add_extension(ext)
with self.assertRaises(validators.ValidationError) as e:
validators.ca_status(csr=csr, ca_requested=False)
self.assertEqual("CA status requested, but not allowed",
str(e.exception))
def test_ca_status_key_usage_bad2(self):
csr = x509_csr.X509Csr()
ext = x509_ext.X509ExtensionKeyUsage()
ext.set_usage('cRLSign', True)
csr.add_extension(ext)
with self.assertRaises(validators.ValidationError) as e:
validators.ca_status(csr=csr, ca_requested=False)
self.assertEqual(
"Key usage doesn't match requested CA status "
"(keyCertSign/cRLSign: False/True)", str(e.exception))
def test_ca_status_key_usage_bad2(self):
csr = x509_csr.X509Csr()
ext = x509_ext.X509ExtensionKeyUsage()
ext.set_usage('cRLSign', True)
csr.add_extension(ext)
with self.assertRaises(validators.ValidationError) as e:
validators.ca_status(
csr=csr,
ca_requested=False)
self.assertEqual("Key usage doesn't match requested CA status "
"(keyCertSign/cRLSign: False/True)", str(e.exception))
def test_ca_status_forbidden(self):
csr = x509_csr.X509Csr()
ext = x509_ext.X509ExtensionBasicConstraints()
ext.set_ca(True)
csr.add_extension(ext)
with self.assertRaises(validators.ValidationError) as e:
validators.ca_status(
csr=csr,
ca_requested=False)
self.assertEqual("CA status requested, but not allowed",
str(e.exception))
def test_ca_status_bad(self):
csr = x509_csr.X509Csr()
ext = x509_ext.X509ExtensionBasicConstraints()
ext.set_ca(False)
csr.add_extension(ext)
with self.assertRaises(validators.ValidationError) as e:
validators.ca_status(
csr=csr,
ca_requested=True)
self.assertEqual("CA flags required",
str(e.exception))
def test_ca_status_bad_value(self):
ext_mock = mock.MagicMock()
ext_mock.get_name.return_value = 'basicConstraints'
ext_mock.get_value.return_value = 'BAD:VALUE'
csr_mock = mock.MagicMock()
csr_mock.get_extensions.return_value = [ext_mock]
with self.assertRaises(validators.ValidationError) as e:
validators.ca_status(
csr=csr_mock,
ca_requested=False)
self.assertEqual("Invalid basic constraints option", str(e.exception))
def test_ca_status_key_usage_good2(self):
ext_mock = mock.MagicMock()
ext_mock.get_name.return_value = 'keyUsage'
ext_mock.get_value.return_value = 'CRL Sign'
csr_mock = mock.MagicMock()
csr_mock.get_extensions.return_value = [ext_mock]
with self.assertRaises(validators.ValidationError) as e:
validators.ca_status(
csr=csr_mock,
ca_requested=True)
self.assertEqual("Key usage doesn't match requested CA status "
"(keyCertSign/cRLSign: False/True)", str(e.exception))
def test_ca_status_bad(self):
ext_mock = mock.MagicMock()
ext_mock.get_name.return_value = 'basicConstraints'
ext_mock.get_value.return_value = 'CA:FALSE'
csr_mock = mock.MagicMock()
csr_mock.get_extensions.return_value = [ext_mock]
with self.assertRaises(validators.ValidationError) as e:
validators.ca_status(
csr=csr_mock,
ca_requested=True)
self.assertEqual("Invalid CA status, 'CA:FALSE' requested",
str(e.exception))
def test_ca_status_good1(self):
csr = x509_csr.X509Csr()
ext = x509_ext.X509ExtensionBasicConstraints()
ext.set_ca(True)
csr.add_extension(ext)
self.assertEqual(None, validators.ca_status(csr=csr,
ca_requested=True))
def test_ca_status_pathlen(self):
csr = x509_csr.X509Csr()
ext = x509_ext.X509ExtensionBasicConstraints()
ext.set_path_len_constraint(1)
csr.add_extension(ext)
self.assertEqual(None, validators.ca_status(csr=csr,
ca_requested=False))
def test_ca_status_key_usage_good2(self):
csr = x509_csr.X509Csr()
ext = x509_ext.X509ExtensionKeyUsage()
ext.set_usage('cRLSign', True)
csr.add_extension(ext)
self.assertEqual(None, validators.ca_status(csr=csr,
ca_requested=True))
def test_ca_status_key_usage_good2(self):
csr = x509_csr.X509Csr()
ext = x509_ext.X509ExtensionKeyUsage()
ext.set_usage('cRLSign', True)
csr.add_extension(ext)
self.assertEqual(
None,
validators.ca_status(
csr=csr,
ca_requested=True
)
)
def test_ca_status_pathlen(self):
csr = x509_csr.X509Csr()
ext = x509_ext.X509ExtensionBasicConstraints()
ext.set_path_len_constraint(1)
csr.add_extension(ext)
self.assertEqual(
None,
validators.ca_status(
csr=csr,
ca_requested=False
)
)
def test_ca_status_good1(self):
csr = x509_csr.X509Csr()
ext = x509_ext.X509ExtensionBasicConstraints()
ext.set_ca(True)
csr.add_extension(ext)
self.assertEqual(
None,
validators.ca_status(
csr=csr,
ca_requested=True
)
)
def test_ca_status_pathlen(self):
ext_mock = mock.MagicMock()
ext_mock.get_name.return_value = 'basicConstraints'
ext_mock.get_value.return_value = 'pathlen:somthing'
csr_mock = mock.MagicMock()
csr_mock.get_extensions.return_value = [ext_mock]
self.assertEqual(
None,
validators.ca_status(
csr=csr_mock,
ca_requested=False
)
)
def test_ca_status_good1(self):
ext_mock = mock.MagicMock()
ext_mock.get_name.return_value = 'basicConstraints'
ext_mock.get_value.return_value = 'CA:TRUE'
csr_mock = mock.MagicMock()
csr_mock.get_extensions.return_value = [ext_mock]
self.assertEqual(
None,
validators.ca_status(
csr=csr_mock,
ca_requested=True
)
)
