def test_blacklist_names_bad_cn(self):
csr = x509_csr.X509Csr()
name = csr.get_subject()
name.add_name_entry(x509_name.OID_commonName, "blah.bad")
with self.assertRaises(validators.ValidationError):
validators.blacklist_names(
csr=csr,
domains=['.bad'],
)
def test_blacklist_names_bad_cn(self):
csr = x509_csr.X509Csr()
name = csr.get_subject()
name.add_name_entry(x509_name.OID_commonName, "blah.bad")
with self.assertRaises(validators.ValidationError):
validators.blacklist_names(
csr=csr,
domains=['.bad'],
)
def test_blacklist_names_bad(self):
csr = x509_csr.X509Csr()
ext = x509_ext.X509ExtensionSubjectAltName()
ext.add_dns_id('blah.bad')
csr.add_extension(ext)
with self.assertRaises(validators.ValidationError):
validators.blacklist_names(
csr=csr,
domains=['.bad'],
)
def test_blacklist_names_bad(self):
csr = x509_csr.X509Csr()
ext = x509_ext.X509ExtensionSubjectAltName()
ext.add_dns_id('blah.bad')
csr.add_extension(ext)
with self.assertRaises(validators.ValidationError):
validators.blacklist_names(
csr=csr,
domains=['.bad'],
)
def test_blacklist_names_bad(self):
ext_mock = mock.MagicMock()
ext_mock.get_value.return_value = 'DNS:blah.bad'
ext_mock.get_name.return_value = 'subjectAltName'
csr_mock = mock.MagicMock()
csr_mock.get_extensions.return_value = [ext_mock]
with self.assertRaises(validators.ValidationError):
validators.blacklist_names(
csr=csr_mock,
domains=['.bad'],
)
def test_blacklist_names_bad_cn(self):
cn_mock = mock.MagicMock()
cn_mock.get_value.return_value = 'blah.bad'
csr_config = {
'get_subject.return_value.get_entries_by_nid.return_value':
[cn_mock],
}
csr_mock = mock.MagicMock(**csr_config)
with self.assertRaises(validators.ValidationError):
validators.blacklist_names(
csr=csr_mock,
domains=['.bad'],
)
def test_blacklist_names_empty_list(self):
# empty blacklist should pass everything through
csr = x509_csr.X509Csr()
ext = x509_ext.X509ExtensionSubjectAltName()
ext.add_dns_id('blah.good')
csr.add_extension(ext)
self.assertEqual(None, validators.blacklist_names(csr=csr, ))
def test_blacklist_names_good(self):
csr = x509_csr.X509Csr()
ext = x509_ext.X509ExtensionSubjectAltName()
ext.add_dns_id('blah.good')
csr.add_extension(ext)
self.assertEqual(
None, validators.blacklist_names(
csr=csr,
domains=['.bad'],
))
def test_blacklist_names_empty_list(self):
# empty blacklist should pass everything through
csr = x509_csr.X509Csr()
ext = x509_ext.X509ExtensionSubjectAltName()
ext.add_dns_id('blah.good')
csr.add_extension(ext)
self.assertEqual(
None,
validators.blacklist_names(
csr=csr,
)
)
def test_blacklist_names_good(self):
csr = x509_csr.X509Csr()
ext = x509_ext.X509ExtensionSubjectAltName()
ext.add_dns_id('blah.good')
csr.add_extension(ext)
self.assertEqual(
None,
validators.blacklist_names(
csr=csr,
domains=['.bad'],
)
)
def test_blacklist_names_empty_list(self):
# empty blacklist should pass everything through
ext_mock = mock.MagicMock()
ext_mock.get_value.return_value = 'DNS:some.name'
ext_mock.get_name.return_value = 'subjectAltName'
csr_mock = mock.MagicMock()
csr_mock.get_extensions.return_value = [ext_mock]
self.assertEqual(
None,
validators.blacklist_names(
csr=csr_mock,
)
)
def test_blacklist_names_good(self):
ext_mock = mock.MagicMock()
ext_mock.get_value.return_value = 'DNS:blah.good'
ext_mock.get_name.return_value = 'subjectAltName'
csr_mock = mock.MagicMock()
csr_mock.get_extensions.return_value = [ext_mock]
self.assertEqual(
None,
validators.blacklist_names(
csr=csr_mock,
domains=['.bad'],
)
)
def test_blacklist_names_ignore_unknown(self):
# only validate the DNS type - other types may look like domains
# by accident
ext_mock = mock.MagicMock()
ext_mock.get_value.return_value = 'RANDOM_TYPE:random.bad'
ext_mock.get_name.return_value = 'subjectAltName'
csr_mock = mock.MagicMock()
csr_mock.get_extensions.return_value = [ext_mock]
self.assertEqual(
None,
validators.blacklist_names(
csr=csr_mock,
domains=['.bad'],
)
)
