def test_cn_only_ip(self):
csr = self._csr_with_cn("1.2.3.4")
new_csr = fixups.enforce_alternative_names_present(csr=csr)
self.assertEqual(1, len(new_csr.get_extensions()))
ext = new_csr.get_extensions(extension.X509ExtensionSubjectAltName)[0]
self.assertEqual([netaddr.IPAddress("1.2.3.4")], ext.get_ips())
def test_cn_only_dns(self):
csr = self._csr_with_cn("example.com")
new_csr = fixups.enforce_alternative_names_present(csr=csr)
self.assertEqual(1, len(new_csr.get_extensions()))
ext = new_csr.get_extensions(extension.X509ExtensionSubjectAltName)[0]
self.assertEqual(["example.com"], ext.get_dns_ids())
def test_no_cn(self):
csr = signing_request.X509Csr()
subject = name.X509Name()
subject.add_name_entry(name.OID_localityName, "somewhere")
csr.set_subject(subject)
new_csr = fixups.enforce_alternative_names_present(csr=csr)
self.assertEqual(0, len(new_csr.get_extensions()))
def test_cn_extra_dns(self):
csr = self._csr_with_cn("example.com")
san = extension.X509ExtensionSubjectAltName()
san.add_dns_id("other.example.com")
csr.add_extension(san)
new_csr = fixups.enforce_alternative_names_present(csr=csr)
self.assertEqual(1, len(new_csr.get_extensions()))
ext = new_csr.get_extensions(extension.X509ExtensionSubjectAltName)[0]
ids = ext.get_dns_ids()
self.assertIn("example.com", ids)
self.assertIn("other.example.com", ids)
def test_cn_extra_ip(self):
csr = self._csr_with_cn("1.2.3.4")
san = extension.X509ExtensionSubjectAltName()
san.add_ip(netaddr.IPAddress("2.3.4.5"))
csr.add_extension(san)
new_csr = fixups.enforce_alternative_names_present(csr=csr)
self.assertEqual(1, len(new_csr.get_extensions()))
ext = new_csr.get_extensions(extension.X509ExtensionSubjectAltName)[0]
ips = ext.get_ips()
self.assertIn(netaddr.IPAddress("1.2.3.4"), ips)
self.assertIn(netaddr.IPAddress("2.3.4.5"), ips)
