def test_common_name_bad_CN(self): csr = x509_csr.X509Csr() name = csr.get_subject() name.add_name_entry(x509_name.OID_commonName, 'test.baddomain.com') with self.assertRaises(validators.ValidationError) as e: validators.common_name(csr=csr, allowed_domains=['.test.com']) self.assertEqual( "Domain 'test.baddomain.com' not allowed (does not " "match known domains)", str(e.exception))
def test_common_name_no_CN(self): csr = x509_csr.X509Csr() with self.assertRaises(validators.ValidationError) as e: validators.common_name(csr=csr, allowed_domains=[], allowed_networks=[]) self.assertEqual( "Alt subjects have to exist if the main subject" " doesn't", str(e.exception))
def test_common_name_no_CN(self): csr = x509_csr.X509Csr() with self.assertRaises(validators.ValidationError) as e: validators.common_name( csr=csr, allowed_domains=[], allowed_networks=[]) self.assertEqual("Alt subjects have to exist if the main subject" " doesn't", str(e.exception))
def test_common_name_bad_CN(self): csr = x509_csr.X509Csr() name = csr.get_subject() name.add_name_entry(x509_name.OID_commonName, 'test.baddomain.com') with self.assertRaises(validators.ValidationError) as e: validators.common_name( csr=csr, allowed_domains=['.test.com']) self.assertEqual("Domain 'test.baddomain.com' not allowed (does not " "match known domains)", str(e.exception))
def test_common_name_with_two_CN(self): csr = x509_csr.X509Csr() name = csr.get_subject() name.add_name_entry(x509_name.OID_commonName, "dummy_value") name.add_name_entry(x509_name.OID_commonName, "dummy_value") with self.assertRaises(validators.ValidationError) as e: validators.common_name(csr=csr, allowed_domains=[], allowed_networks=[]) self.assertEqual("Too many CNs in the request", str(e.exception))
def test_common_name_with_two_CN(self): csr = x509_csr.X509Csr() name = csr.get_subject() name.add_name_entry(x509_name.OID_commonName, "dummy_value") name.add_name_entry(x509_name.OID_commonName, "dummy_value") with self.assertRaises(validators.ValidationError) as e: validators.common_name( csr=csr, allowed_domains=[], allowed_networks=[]) self.assertEqual("Too many CNs in the request", str(e.exception))
def test_common_name_ip_bad(self): csr = x509_csr.X509Csr() name = csr.get_subject() name.add_name_entry(x509_name.OID_commonName, '15.1.1.1') with self.assertRaises(validators.ValidationError) as e: validators.common_name( csr=csr, allowed_domains=['.test.com'], allowed_networks=['10/8']) self.assertEqual("Address '15.1.1.1' not allowed (does not " "match known networks)", str(e.exception))
def test_common_name_ip_bad(self): csr = x509_csr.X509Csr() name = csr.get_subject() name.add_name_entry(x509_name.OID_commonName, '15.1.1.1') with self.assertRaises(validators.ValidationError) as e: validators.common_name(csr=csr, allowed_domains=['.test.com'], allowed_networks=['10/8']) self.assertEqual( "Address '15.1.1.1' not allowed (does not " "match known networks)", str(e.exception))
def test_common_name_bad_ip_CN(self): name = x509_name.X509Name() name.add_name_entry(x509_name.NID_commonName, '12.0.0.1') csr_mock = mock.MagicMock() csr_mock.get_subject.return_value = name with self.assertRaises(validators.ValidationError) as e: validators.common_name( csr=csr_mock, allowed_domains=[], allowed_networks=['10/8']) self.assertEqual("Network '12.0.0.1' not allowed (does not match " "known networks)", str(e.exception))
def test_common_name_no_CN(self): csr_config = { 'get_subject.return_value.__len__.return_value': 0, 'get_subject.return_value.get_entries_by_nid.return_value': [] } csr_mock = mock.MagicMock(**csr_config) with self.assertRaises(validators.ValidationError) as e: validators.common_name( csr=csr_mock, allowed_domains=[], allowed_networks=[]) self.assertEqual("Alt subjects have to exist if the main subject" " doesn't", str(e.exception))
def test_common_name_bad_CN(self, gethostbyname_ex): gethostbyname_ex.return_value = ('master.test.com', [], ['10.0.0.1']) name = x509_name.X509Name() name.add_name_entry(x509_name.NID_commonName, 'test.baddomain.com') csr_mock = mock.MagicMock() csr_mock.get_subject.return_value = name with self.assertRaises(validators.ValidationError) as e: validators.common_name( csr=csr_mock, allowed_domains=['.test.com'], allowed_networks=['10/8']) self.assertEqual("Domain 'test.baddomain.com' not allowed (does not " "match known domains)", str(e.exception))
def test_common_name_with_two_CN(self): ext_mock = mock.MagicMock() ext_mock.get_name.return_value = "subjectAltName" csr_config = { 'get_extensions.return_value': [ext_mock], 'get_subject.return_value.get_entries_by_nid.return_value': ['dummy_value', 'dummy_value'], } csr_mock = mock.MagicMock(**csr_config) with self.assertRaises(validators.ValidationError) as e: validators.common_name( csr=csr_mock, allowed_domains=[], allowed_networks=[]) self.assertEqual("Too many CNs in the request", str(e.exception))
def test_common_name_ip_good(self): csr = x509_csr.X509Csr() name = csr.get_subject() name.add_name_entry(x509_name.OID_commonName, '10.1.1.1') self.assertEqual( None, validators.common_name(csr=csr, allowed_domains=['.test.com'], allowed_networks=['10/8']))
def test_common_name_good_CN(self): csr = x509_csr.X509Csr() name = csr.get_subject() name.add_name_entry(x509_name.OID_commonName, "master.test.com") self.assertEqual( None, validators.common_name( csr=csr, allowed_domains=['.test.com'], ))
def test_common_name_good_CN(self): csr = x509_csr.X509Csr() name = csr.get_subject() name.add_name_entry(x509_name.OID_commonName, "master.test.com") self.assertEqual( None, validators.common_name( csr=csr, allowed_domains=['.test.com'], ) )
def test_common_name_ip_good(self): csr = x509_csr.X509Csr() name = csr.get_subject() name.add_name_entry(x509_name.OID_commonName, '10.1.1.1') self.assertEqual( None, validators.common_name( csr=csr, allowed_domains=['.test.com'], allowed_networks=['10/8'] ) )
def test_common_name_good_ip_CN(self): cn_mock = mock.MagicMock() cn_mock.get_value.return_value = '10.0.0.1' csr_config = { 'get_subject.return_value.__len__.return_value': 1, 'get_subject.return_value.get_entries_by_nid.return_value': [cn_mock], } csr_mock = mock.MagicMock(**csr_config) self.assertEqual( None, validators.common_name( csr=csr_mock, allowed_domains=[], allowed_networks=['10/8'] ) )
def test_common_name_good_CN(self, gethostbyname_ex): gethostbyname_ex.return_value = ('master.test.com', [], ['10.0.0.1']) cn_mock = mock.MagicMock() cn_mock.get_value.return_value = 'master.test.com' csr_config = { 'get_subject.return_value.__len__.return_value': 1, 'get_subject.return_value.get_entries_by_nid.return_value': [cn_mock], } csr_mock = mock.MagicMock(**csr_config) self.assertEqual( None, validators.common_name( csr=csr_mock, allowed_domains=['.test.com'], allowed_networks=['10/8'] ) )