def generate_certificate(self, subject='OU=name', issuer=None, serial=None, valid_after=0, valid_before=0xffffffffffffffff, ca=False, ca_path_len=None, purposes=None, user_principals=(), host_principals=(), hash_alg='sha256', comment=None): """Generate and check an X.509 certificate""" cert = generate_x509_certificate(self._privkey, self._pubkey, subject, issuer, serial, valid_after, valid_before, ca, ca_path_len, purposes, user_principals, host_principals, hash_alg, comment) self.assertEqual(cert.data, import_x509_certificate(cert.data).data) self.assertEqual(cert.subject, X509Name(subject)) self.assertEqual(cert.issuer, X509Name(issuer if issuer else subject)) self.assertEqual(cert.key_data, self._pubdata) if isinstance(comment, str): comment = comment.encode('utf-8') self.assertEqual(cert.comment, comment) return cert
def test_invalid_attribute(self): """Test X.509 distinguished name with invalid attributes""" with self.assertRaises(ValueError): X509Name('xxx') with self.assertRaises(ValueError): X509Name('X=xxx')
def test_multiple_attrs_in_rdn(self): """Test multiple attributes in a relative distinguished name""" name1 = X509Name('O=Org,OU=Unit1+OU=Unit2') name2 = X509Name('O=Org,OU=Unit2+OU=Unit1') self.assertEqual(name1, name2) self.assertEqual(len(name1), 3) self.assertEqual(len(name1.rdns), 2)
def test_exact_name_pattern(self): """Test X.509 distinguished name exact match""" pattern1 = X509NamePattern('O=Org,OU=Unit') pattern2 = X509NamePattern('O=Org, OU=Unit') self.assertEqual(pattern1, pattern2) self.assertEqual(hash(pattern1), hash(pattern2)) self.assertTrue(pattern1.matches(X509Name('O=Org,OU=Unit'))) self.assertFalse(pattern1.matches(X509Name('O=Org,OU=Unit2')))
def test_name(self): """Test X.509 distinguished name generation""" name = X509Name('O=Org,OU=Unit') self.assertEqual(name, X509Name('O=Org, OU=Unit')) self.assertEqual(name, X509Name(name)) self.assertEqual(name, X509Name(name.rdns)) self.assertEqual(len(name), 2) self.assertEqual(len(name.rdns), 2) self.assertEqual(str(name), 'O=Org,OU=Unit') self.assertNotEqual(name, X509Name('OU=Unit,O=Org'))
def test_prefix_pattern(self): """Test X.509 distinguished name prefix match""" pattern = X509NamePattern('O=Org,*') self.assertTrue(pattern.matches(X509Name('O=Org,OU=Unit'))) self.assertFalse(pattern.matches(X509Name('O=Org2,OU=Unit')))