def test_should_reject_invalid_url(self):
search_params = SearchParams(
Environment.PROD,
CertType.ENTERPRISE,
"ldap://localhost/dc=Buypass,dc=no,CN=Buypass%20Class%203?usercertificate;binary?sub?(|(certificateSerialNumber=912052)(certificateSerialNumber=912051))",
None,
)
with pytest.raises(ClientError) as error:
LdapSearchParams.create(search_params)
assert error.value.args[0] == "Unsupported hostname in ldap url"
def test_should_respect_attribute(self):
search_params = SearchParams(
Environment.PROD,
CertType.ENTERPRISE,
"Min superunderenhet",
SearchAttribute.OU,
)
ldap_search_params = LdapSearchParams.create(search_params)
assert ldap_search_params.scope == LDAPSearchScope.SUB
assert len(ldap_search_params.limitations) == 0
assert len(ldap_search_params.ldap_servers) == 2
assert ldap_search_params.ldap_query == "(ou=Min superunderenhet)"
def test_should_fallback_to_cn(self):
search_params = SearchParams(
Environment.PROD,
CertType.PERSONAL,
"Min supertjeneste",
None,
)
ldap_search_params = LdapSearchParams.create(search_params)
assert ldap_search_params.scope == LDAPSearchScope.SUB
assert len(ldap_search_params.limitations) == 0
assert len(ldap_search_params.ldap_servers) == 2
assert ldap_search_params.ldap_query == "(cn=Min supertjeneste)"
def test_should_auto_detect_hex_serial(self):
search_params = SearchParams(
Environment.PROD,
CertType.PERSONAL,
"0e:79:c3:78:6b:2f:0f:af:33:fa:fb",
None,
)
ldap_search_params = LdapSearchParams.create(search_params)
assert ldap_search_params.scope == LDAPSearchScope.SUB
assert len(ldap_search_params.limitations) == 0
assert len(ldap_search_params.ldap_servers) == 2
assert (
ldap_search_params.ldap_query
== "(certificateSerialNumber=17499973611207260349135611)"
)
def test_should_auto_detect_email(self):
search_params = SearchParams(
Environment.PROD,
CertType.PERSONAL,
"*****@*****.**",
None,
)
ldap_search_params = LdapSearchParams.create(search_params)
assert ldap_search_params.scope == LDAPSearchScope.SUB
assert "ERR-006" in ldap_search_params.limitations
assert (
len(ldap_search_params.ldap_servers) == 1
and CertificateAuthority.BUYPASS == ldap_search_params.ldap_servers[0].ca
)
assert ldap_search_params.ldap_query == "([email protected])"
def test_should_auto_detect_org_nr(self):
search_params = SearchParams(
Environment.PROD,
CertType.ENTERPRISE,
"995 546 973",
None,
)
ldap_search_params = LdapSearchParams.create(search_params)
assert ldap_search_params.scope == LDAPSearchScope.SUB
assert len(ldap_search_params.limitations) == 0
assert len(ldap_search_params.ldap_servers) == 2
assert (
ldap_search_params.ldap_query
== "(|(serialNumber=995546973)(organizationIdentifier=NTRNO-995546973))"
)
def test_should_auto_detect_personal_serial_number(self):
search_params = SearchParams(
Environment.PROD,
CertType.PERSONAL,
"9578-4505-00001pdEkL7",
None,
)
ldap_search_params = LdapSearchParams.create(search_params)
assert ldap_search_params.scope == LDAPSearchScope.SUB
assert len(ldap_search_params.limitations) == 0
assert (
len(ldap_search_params.ldap_servers) == 1
and CertificateAuthority.COMMFIDES == ldap_search_params.ldap_servers[0].ca
)
assert (
ldap_search_params.ldap_query
== "(|(serialNumber=9578-4505-00001pdEkL7)(serialNumber=UN:NO-9578-4505-00001pdEkL7))"
)
def test_should_auto_detect_url_commfides(self):
search_params = SearchParams(
Environment.TEST,
CertType.PERSONAL,
"ldap://ldap.test.commfides.com/ou=Natural-Person-G3,dc=commfides,dc=com?usercertificate;binary?sub?(certificateSerialNumber=130F751161B26168)",
None,
)
ldap_search_params = LdapSearchParams.create(search_params)
assert ldap_search_params.scope == LDAPSearchScope.SUB
assert len(ldap_search_params.ldap_servers) == 1
assert ldap_search_params.ldap_servers[0].hostname == "ldap.test.commfides.com"
assert (
ldap_search_params.ldap_servers[0].base
== "ou=Natural-Person-G3,dc=commfides,dc=com"
)
assert ldap_search_params.ldap_servers[0].ca == CertificateAuthority.COMMFIDES
assert (
ldap_search_params.ldap_query
== "(certificateSerialNumber=130F751161B26168)"
)
def test_should_auto_detect_url_buypass(self):
search_params = SearchParams(
Environment.PROD,
CertType.ENTERPRISE,
"ldap://ldap.buypass.no/dc=Buypass,dc=no,CN=Buypass%20Class%203?usercertificate;binary?sub?(|(certificateSerialNumber=912052)(certificateSerialNumber=912051))",
None,
)
ldap_search_params = LdapSearchParams.create(search_params)
assert ldap_search_params.scope == LDAPSearchScope.SUB
assert len(ldap_search_params.ldap_servers) == 1
assert ldap_search_params.ldap_servers[0].hostname == "ldap.buypass.no"
assert (
ldap_search_params.ldap_servers[0].base
== "dc=Buypass,dc=no,CN=Buypass Class 3"
)
assert ldap_search_params.ldap_servers[0].ca == CertificateAuthority.BUYPASS
assert (
ldap_search_params.ldap_query
== "(|(certificateSerialNumber=912052)(certificateSerialNumber=912051))"
)
def test_should_auto_detect_url_and_warn_about_wrong_env(self):
search_params = SearchParams(
Environment.TEST,
CertType.ENTERPRISE,
"ldap://ldap.buypass.no/dc=Buypass,dc=no,CN=Buypass%20Class%203?usercertificate;binary?sub?(|(certificateSerialNumber=912052)(certificateSerialNumber=912051))",
None,
)
ldap_search_params = LdapSearchParams.create(search_params)
assert ldap_search_params.scope == LDAPSearchScope.SUB
# mismatch between env and url
assert "ERR-008" in ldap_search_params.limitations
assert ldap_search_params.ldap_servers[0].hostname == "ldap.buypass.no"
assert (
ldap_search_params.ldap_servers[0].base
== "dc=Buypass,dc=no,CN=Buypass Class 3"
)
assert ldap_search_params.ldap_servers[0].ca == CertificateAuthority.BUYPASS
assert (
ldap_search_params.ldap_query
== "(|(certificateSerialNumber=912052)(certificateSerialNumber=912051))"
)