def test_parse_valid_csr(self):
csr = CSR_VALID
parsed = oca.parse_csr(csr)
self.assertEqual(parsed.get_subject().O, 'system:nodes')
self.assertEqual(parsed.get_subject().CN, 'system:node:master-01')
ext = str(parsed.get_extensions()[0])
sans = ext.split(', ')
self.assertEqual(len(sans), 4)
self.assertIn('DNS:master-01', sans)
self.assertIn('DNS:master-01.os.example.com', sans)
self.assertIn('IP Address:10.42.0.1', sans)
self.assertIn('IP Address:192.168.42.1', sans)
def test_check_denied(self):
csr = CSR_DENIED
csrinfo = oca.parse_csr(csr)
ok, msg = oca.check_approve_csr(csr, csrinfo, self.spec)
self.assertRegex(msg, '.*Already processed.*Denied.*')
self.assertFalse(ok)
def test_check_wrong_usages(self):
csr = CSR_WRONG_USAGES
csrinfo = oca.parse_csr(csr)
ok, msg = oca.check_approve_csr(csr, csrinfo, self.spec)
self.assertRegex(msg, '.*required usage (.*) absent.*')
self.assertFalse(ok)
def test_check_wrong_san(self):
csr = CSR_WRONG_SAN
csrinfo = oca.parse_csr(csr)
ok, msg = oca.check_approve_csr(csr, csrinfo, self.spec)
self.assertRegex(msg, '.*SAN (.*) not allowed for node.*')
self.assertFalse(ok)
def test_check_wrong_cn(self):
csr = CSR_WRONG_CN
csrinfo = oca.parse_csr(csr)
ok, msg = oca.check_approve_csr(csr, csrinfo, self.spec)
self.assertRegex(msg, '.*subject CN (.*) does not match.*')
self.assertFalse(ok)
def test_check_valid_csr(self):
csr = CSR_VALID
csrinfo = oca.parse_csr(csr)
ok, msg = oca.check_approve_csr(csr, csrinfo, self.spec)
self.assertTrue(ok)
def test_parse_invalid_csr(self):
csr = CSR_INVALID
with self.assertRaises(OpenSSL.crypto.Error):
oca.parse_csr(csr)