def test_deep_clone(self):
orig = x509_name.X509Name()
orig.add_name_entry(x509_name.OID_countryName, "UK")
clone = x509_name.X509Name(orig._name_obj)
self.assertEqual(str(orig), str(clone))
clone.add_name_entry(x509_name.OID_stateOrProvinceName, "test_ST")
self.assertNotEqual(str(orig), str(clone))
def get_issuer(self):
"""Get the issuer name field value.
:return: An X509Name object instance
"""
val = self._cert['tbsCertificate']['issuer'][0]
return name.X509Name(val)
def get_subject(self):
"""Get the subject name field value.
:return: An X509Name object instance
"""
val = self._cert['tbsCertificate']['subject'][0]
return name.X509Name(val)
def test_csr_require_cn(self):
common_name = utils.csr_require_cn(self.csr)
self.assertEqual(common_name, self.csr_sample_cn)
self.csr.set_subject(name.X509Name())
with self.assertRaises(errors.ValidationError):
utils.csr_require_cn(self.csr)
def test_no_cn(self):
csr = signing_request.X509Csr()
subject = name.X509Name()
subject.add_name_entry(name.OID_localityName, "somewhere")
csr.set_subject(subject)
new_csr = fixups.enforce_alternative_names_present(csr=csr)
self.assertEqual(0, len(new_csr.get_extensions()))
def test_with_subject_san_not_critical(self):
csr = signing_request.X509Csr()
subject = name.X509Name()
subject.add_name_entry(name.OID_commonName, "example.com")
csr.set_subject(subject)
ext = extension.X509ExtensionSubjectAltName()
ext.set_critical(False)
ext.add_dns_id('example.com')
csr.add_extension(ext)
standards._critical_flags(csr)
def test_set_issuer(self):
name = x509_name.X509Name()
name.add_name_entry(x509_name.OID_countryName, 'UK')
self.cert.set_issuer(name)
name = self.cert.get_issuer()
entries = name.get_entries_by_oid(x509_name.OID_countryName)
self.assertEqual(len(entries), 1)
self.assertEqual(entries[0].get_name(), "countryName")
self.assertEqual(entries[0].get_value(), "UK")
def get_issuer(self):
"""Get the issuer name field value.
:return: An X509Name object instance
"""
val = self._lib.X509_get_issuer_name(self._certObj)
if val == self._ffi.NULL:
raise X509CertificateError("Could not get subject from X509 "
"certificate.") # pragma: no cover
return name.X509Name(val)
def get_subject(self):
"""Get the subject name field from the CSR
:return: an X509Name object
"""
subs = self._lib.X509_REQ_get_subject_name(self._csrObj)
if subs == self._ffi.NULL:
raise X509CsrError(
"Could not get subject from X509 CSR.") # pragma: no cover
return name.X509Name(subs)
def get_subject(self):
"""Get the subject name field from the CSR
:return: an X509Name object
"""
ri = self.get_request_info()
if ri['subject'] is None:
ri['subject'] = None
# setup first RDN sequence
ri['subject'][0] = None
subject = ri['subject'][0]
return name.X509Name(subject)
def test_common_name_bad_ip_CN(self):
name = x509_name.X509Name()
name.add_name_entry(x509_name.NID_commonName, '12.0.0.1')
csr_mock = mock.MagicMock()
csr_mock.get_subject.return_value = name
with self.assertRaises(validators.ValidationError) as e:
validators.common_name(
csr=csr_mock,
allowed_domains=[],
allowed_networks=['10/8'])
self.assertEqual("Network '12.0.0.1' not allowed (does not match "
"known networks)", str(e.exception))
def setUp(self):
super(TestX509Name, self).setUp()
self.name = x509_name.X509Name()
self.name.add_name_entry(x509_name.NID_countryName,
"UK") # must be 2 chars
self.name.add_name_entry(x509_name.NID_stateOrProvinceName, "test_ST")
self.name.add_name_entry(x509_name.NID_localityName, "test_L")
self.name.add_name_entry(x509_name.NID_organizationName, "test_O")
self.name.add_name_entry(x509_name.NID_organizationalUnitName,
"test_OU")
self.name.add_name_entry(x509_name.NID_commonName, "test_CN")
self.name.add_name_entry(x509_name.NID_pkcs9_emailAddress,
"test_Email")
self.name.add_name_entry(x509_name.NID_surname, "test_SN")
self.name.add_name_entry(x509_name.NID_givenName, "test_GN")
def test_common_name_bad_CN(self, gethostbyname_ex):
gethostbyname_ex.return_value = ('master.test.com', [], ['10.0.0.1'])
name = x509_name.X509Name()
name.add_name_entry(x509_name.NID_commonName, 'test.baddomain.com')
csr_mock = mock.MagicMock()
csr_mock.get_subject.return_value = name
with self.assertRaises(validators.ValidationError) as e:
validators.common_name(
csr=csr_mock,
allowed_domains=['.test.com'],
allowed_networks=['10/8'])
self.assertEqual("Domain 'test.baddomain.com' not allowed (does not "
"match known domains)", str(e.exception))
def _csr_with_cn(self, cn):
csr = signing_request.X509Csr()
subject = name.X509Name()
subject.add_name_entry(name.OID_commonName, cn)
csr.set_subject(subject)
return csr
