def test_ca_status_key_usage_good2(self):
csr = x509_csr.X509Csr()
ext = x509_ext.X509ExtensionKeyUsage()
ext.set_usage('cRLSign', True)
csr.add_extension(ext)
self.assertEqual(None, validators.ca_status(csr=csr,
ca_requested=True))
def test_extensions_good(self):
csr = x509_csr.X509Csr()
ext = x509_ext.X509ExtensionKeyUsage()
ext.set_usage('keyCertSign', True)
csr.add_extension(ext)
self.assertEqual(
None,
validators.extensions(
csr=csr, allowed_extensions=['basicConstraints', 'keyUsage']))
def test_ca_status_key_usage_bad2(self):
csr = x509_csr.X509Csr()
ext = x509_ext.X509ExtensionKeyUsage()
ext.set_usage('cRLSign', True)
csr.add_extension(ext)
with self.assertRaises(errors.ValidationError) as e:
internal.ca_status(csr=csr)
self.assertEqual("Request contains CRL signing usage flag",
str(e.exception))
def test_ca_status_key_usage_bad2(self):
csr = x509_csr.X509Csr()
ext = x509_ext.X509ExtensionKeyUsage()
ext.set_usage('cRLSign', True)
csr.add_extension(ext)
with self.assertRaises(validators.ValidationError) as e:
validators.ca_status(csr=csr, ca_requested=False)
self.assertEqual(
"Key usage doesn't match requested CA status "
"(keyCertSign/cRLSign: False/True)", str(e.exception))
def test_extensions_bad(self):
csr = x509_csr.X509Csr()
ext = x509_ext.X509ExtensionKeyUsage()
ext.set_usage('keyCertSign', True)
csr.add_extension(ext)
with self.assertRaises(validators.ValidationError) as e:
validators.extensions(
csr=csr,
allowed_extensions=['basicConstraints', 'nameConstraints'])
self.assertEqual("Extension 'keyUsage' not allowed", str(e.exception))
def test_key_usage_good(self):
allowed_usage = [
'Digital Signature', 'Non Repudiation', 'Key Encipherment'
]
csr = x509_csr.X509Csr()
ext = x509_ext.X509ExtensionKeyUsage()
ext.set_usage('keyEncipherment', True)
ext.set_usage('digitalSignature', True)
csr.add_extension(ext)
self.assertEqual(
None, validators.key_usage(csr=csr, allowed_usage=allowed_usage))
def test_key_usage_bad(self):
allowed_usage = [
'Digital Signature', 'Non Repudiation', 'Key Encipherment'
]
csr = x509_csr.X509Csr()
ext = x509_ext.X509ExtensionKeyUsage()
ext.set_usage('keyCertSign', True)
csr.add_extension(ext)
with self.assertRaises(validators.ValidationError) as e:
validators.key_usage(csr=csr, allowed_usage=allowed_usage)
self.assertEqual("Found some not allowed key usages: "
"keyCertSign", str(e.exception))
def setUp(self):
self.ext = extension.X509ExtensionKeyUsage()
