def test_check_denied(self):
csr = CSR_DENIED
csrinfo = oca.parse_csr(csr)
ok, msg = oca.check_approve_csr(csr, csrinfo, self.spec)
self.assertRegex(msg, '.*Already processed.*Denied.*')
self.assertFalse(ok)
def test_check_wrong_usages(self):
csr = CSR_WRONG_USAGES
csrinfo = oca.parse_csr(csr)
ok, msg = oca.check_approve_csr(csr, csrinfo, self.spec)
self.assertRegex(msg, '.*required usage (.*) absent.*')
self.assertFalse(ok)
def test_check_wrong_cn(self):
csr = CSR_WRONG_CN
csrinfo = oca.parse_csr(csr)
ok, msg = oca.check_approve_csr(csr, csrinfo, self.spec)
self.assertRegex(msg, '.*subject CN (.*) does not match.*')
self.assertFalse(ok)
def test_check_wrong_san(self):
csr = CSR_WRONG_SAN
csrinfo = oca.parse_csr(csr)
ok, msg = oca.check_approve_csr(csr, csrinfo, self.spec)
self.assertRegex(msg, '.*SAN (.*) not allowed for node.*')
self.assertFalse(ok)
def test_check_valid_csr(self):
csr = CSR_VALID
csrinfo = oca.parse_csr(csr)
ok, msg = oca.check_approve_csr(csr, csrinfo, self.spec)
self.assertTrue(ok)