def test_ca_not_set(self): certificate = mock.MagicMock() certificate.basic_constraint_ca = mock.Mock(return_value=mock.Mock()) certificate.basic_constraint_ca.return_value.value = False check = ca_field.CheckCATrue() result = check.check(certificate) self.assertIsNone(result)
def test_ca_true_with_san(self): certificate = mock.MagicMock() certificate.basic_constraint_ca = mock.Mock(return_value=mock.Mock()) certificate.basic_constraint_ca.return_value.value = True certificate.subject_alternative_names = mock.Mock(return_value=[None]) check = ca_field.CheckCATrue() result = check.check(certificate) self.assertObservationIn(ca_field.CaTrue(), result)
def test_ca_true_without_san_and_cn(self): certificate = mock.MagicMock() certificate.basic_constraint_ca = mock.Mock(return_value=mock.Mock()) certificate.basic_constraint_ca.return_value.value = True certificate.subject_alternative_names = mock.Mock(return_value=[]) certificate.subject_common_names = mock.Mock(return_value=[]) check = ca_field.CheckCATrue() result = check.check(certificate) self.assertIsNone(result)
from ct.cert_analysis import common_name from ct.cert_analysis import crl_pointers from ct.cert_analysis import dnsnames from ct.cert_analysis import extensions from ct.cert_analysis import ip_addresses from ct.cert_analysis import ocsp_pointers from ct.cert_analysis import serial_number from ct.cert_analysis import validity ALL_CHECKS = [serial_number.CheckNegativeSerialNumber(), validity.CheckValidityNotBeforeFuture(), validity.CheckValidityCorrupt(), validity.CheckIsExpirationDateWellDefined(), dnsnames.CheckValidityOfDnsnames(), dnsnames.CheckCorruptSANExtension(), dnsnames.CheckTldMatches(), common_name.CheckSCNTldMatches(), common_name.CheckLackOfSubjectCommonName(), common_name.CheckCorruptSubjectCommonName(), extensions.CheckCorrectExtensions(), ip_addresses.CheckPrivateIpAddresses(), ip_addresses.CheckCorruptIpAddresses(), algorithm.CheckSignatureAlgorithmsMismatch(), algorithm.CheckCertificateAlgorithmSHA1After2017(), algorithm.CheckTbsCertificateAlgorithmSHA1Ater2017(), ca_field.CheckCATrue(), ocsp_pointers.CheckOcspExistence(), ocsp_pointers.CheckCorruptOrMultipleAiaExtension(), crl_pointers.CheckCrlExistence(), crl_pointers.CheckCorruptOrMultipleCrlExtension(),]