def test_common_name_bad_CN(self):
csr = x509_csr.X509Csr()
name = csr.get_subject()
name.add_name_entry(x509_name.OID_commonName, 'test.baddomain.com')
with self.assertRaises(validators.ValidationError) as e:
validators.common_name(csr=csr, allowed_domains=['.test.com'])
self.assertEqual(
"Domain 'test.baddomain.com' not allowed (does not "
"match known domains)", str(e.exception))
def test_common_name_no_CN(self):
csr = x509_csr.X509Csr()
with self.assertRaises(validators.ValidationError) as e:
validators.common_name(csr=csr,
allowed_domains=[],
allowed_networks=[])
self.assertEqual(
"Alt subjects have to exist if the main subject"
" doesn't", str(e.exception))
def test_common_name_no_CN(self):
csr = x509_csr.X509Csr()
with self.assertRaises(validators.ValidationError) as e:
validators.common_name(
csr=csr,
allowed_domains=[],
allowed_networks=[])
self.assertEqual("Alt subjects have to exist if the main subject"
" doesn't", str(e.exception))
def test_common_name_bad_CN(self):
csr = x509_csr.X509Csr()
name = csr.get_subject()
name.add_name_entry(x509_name.OID_commonName, 'test.baddomain.com')
with self.assertRaises(validators.ValidationError) as e:
validators.common_name(
csr=csr,
allowed_domains=['.test.com'])
self.assertEqual("Domain 'test.baddomain.com' not allowed (does not "
"match known domains)", str(e.exception))
def test_common_name_with_two_CN(self):
csr = x509_csr.X509Csr()
name = csr.get_subject()
name.add_name_entry(x509_name.OID_commonName, "dummy_value")
name.add_name_entry(x509_name.OID_commonName, "dummy_value")
with self.assertRaises(validators.ValidationError) as e:
validators.common_name(csr=csr,
allowed_domains=[],
allowed_networks=[])
self.assertEqual("Too many CNs in the request", str(e.exception))
def test_common_name_with_two_CN(self):
csr = x509_csr.X509Csr()
name = csr.get_subject()
name.add_name_entry(x509_name.OID_commonName, "dummy_value")
name.add_name_entry(x509_name.OID_commonName, "dummy_value")
with self.assertRaises(validators.ValidationError) as e:
validators.common_name(
csr=csr,
allowed_domains=[],
allowed_networks=[])
self.assertEqual("Too many CNs in the request", str(e.exception))
def test_common_name_ip_bad(self):
csr = x509_csr.X509Csr()
name = csr.get_subject()
name.add_name_entry(x509_name.OID_commonName, '15.1.1.1')
with self.assertRaises(validators.ValidationError) as e:
validators.common_name(
csr=csr,
allowed_domains=['.test.com'],
allowed_networks=['10/8'])
self.assertEqual("Address '15.1.1.1' not allowed (does not "
"match known networks)", str(e.exception))
def test_common_name_ip_bad(self):
csr = x509_csr.X509Csr()
name = csr.get_subject()
name.add_name_entry(x509_name.OID_commonName, '15.1.1.1')
with self.assertRaises(validators.ValidationError) as e:
validators.common_name(csr=csr,
allowed_domains=['.test.com'],
allowed_networks=['10/8'])
self.assertEqual(
"Address '15.1.1.1' not allowed (does not "
"match known networks)", str(e.exception))
def test_common_name_bad_ip_CN(self):
name = x509_name.X509Name()
name.add_name_entry(x509_name.NID_commonName, '12.0.0.1')
csr_mock = mock.MagicMock()
csr_mock.get_subject.return_value = name
with self.assertRaises(validators.ValidationError) as e:
validators.common_name(
csr=csr_mock,
allowed_domains=[],
allowed_networks=['10/8'])
self.assertEqual("Network '12.0.0.1' not allowed (does not match "
"known networks)", str(e.exception))
def test_common_name_no_CN(self):
csr_config = {
'get_subject.return_value.__len__.return_value': 0,
'get_subject.return_value.get_entries_by_nid.return_value':
[]
}
csr_mock = mock.MagicMock(**csr_config)
with self.assertRaises(validators.ValidationError) as e:
validators.common_name(
csr=csr_mock,
allowed_domains=[],
allowed_networks=[])
self.assertEqual("Alt subjects have to exist if the main subject"
" doesn't", str(e.exception))
def test_common_name_bad_CN(self, gethostbyname_ex):
gethostbyname_ex.return_value = ('master.test.com', [], ['10.0.0.1'])
name = x509_name.X509Name()
name.add_name_entry(x509_name.NID_commonName, 'test.baddomain.com')
csr_mock = mock.MagicMock()
csr_mock.get_subject.return_value = name
with self.assertRaises(validators.ValidationError) as e:
validators.common_name(
csr=csr_mock,
allowed_domains=['.test.com'],
allowed_networks=['10/8'])
self.assertEqual("Domain 'test.baddomain.com' not allowed (does not "
"match known domains)", str(e.exception))
def test_common_name_with_two_CN(self):
ext_mock = mock.MagicMock()
ext_mock.get_name.return_value = "subjectAltName"
csr_config = {
'get_extensions.return_value': [ext_mock],
'get_subject.return_value.get_entries_by_nid.return_value':
['dummy_value', 'dummy_value'],
}
csr_mock = mock.MagicMock(**csr_config)
with self.assertRaises(validators.ValidationError) as e:
validators.common_name(
csr=csr_mock,
allowed_domains=[],
allowed_networks=[])
self.assertEqual("Too many CNs in the request", str(e.exception))
def test_common_name_ip_good(self):
csr = x509_csr.X509Csr()
name = csr.get_subject()
name.add_name_entry(x509_name.OID_commonName, '10.1.1.1')
self.assertEqual(
None,
validators.common_name(csr=csr,
allowed_domains=['.test.com'],
allowed_networks=['10/8']))
def test_common_name_good_CN(self):
csr = x509_csr.X509Csr()
name = csr.get_subject()
name.add_name_entry(x509_name.OID_commonName, "master.test.com")
self.assertEqual(
None,
validators.common_name(
csr=csr,
allowed_domains=['.test.com'],
))
def test_common_name_good_CN(self):
csr = x509_csr.X509Csr()
name = csr.get_subject()
name.add_name_entry(x509_name.OID_commonName, "master.test.com")
self.assertEqual(
None,
validators.common_name(
csr=csr,
allowed_domains=['.test.com'],
)
)
def test_common_name_ip_good(self):
csr = x509_csr.X509Csr()
name = csr.get_subject()
name.add_name_entry(x509_name.OID_commonName, '10.1.1.1')
self.assertEqual(
None,
validators.common_name(
csr=csr,
allowed_domains=['.test.com'],
allowed_networks=['10/8']
)
)
def test_common_name_good_ip_CN(self):
cn_mock = mock.MagicMock()
cn_mock.get_value.return_value = '10.0.0.1'
csr_config = {
'get_subject.return_value.__len__.return_value': 1,
'get_subject.return_value.get_entries_by_nid.return_value':
[cn_mock],
}
csr_mock = mock.MagicMock(**csr_config)
self.assertEqual(
None,
validators.common_name(
csr=csr_mock,
allowed_domains=[],
allowed_networks=['10/8']
)
)
def test_common_name_good_CN(self, gethostbyname_ex):
gethostbyname_ex.return_value = ('master.test.com', [], ['10.0.0.1'])
cn_mock = mock.MagicMock()
cn_mock.get_value.return_value = 'master.test.com'
csr_config = {
'get_subject.return_value.__len__.return_value': 1,
'get_subject.return_value.get_entries_by_nid.return_value':
[cn_mock],
}
csr_mock = mock.MagicMock(**csr_config)
self.assertEqual(
None,
validators.common_name(
csr=csr_mock,
allowed_domains=['.test.com'],
allowed_networks=['10/8']
)
)
