lemur/lemur/tests/test_defaults.py

151 lines
4.4 KiB
Python
Raw Normal View History

from cryptography import x509
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes
from .vectors import SAN_CERT, WILDCARD_CERT, INTERMEDIATE_CERT
def test_cert_get_cn(client):
from lemur.common.defaults import common_name
2019-05-16 16:57:02 +02:00
assert common_name(SAN_CERT) == "san.example.org"
def test_cert_sub_alt_domains(client):
from lemur.common.defaults import domains
assert domains(INTERMEDIATE_CERT) == []
2019-05-16 16:57:02 +02:00
assert domains(SAN_CERT) == [
"san.example.org",
"san2.example.org",
"daniel-san.example.org",
]
def test_cert_is_san(client):
from lemur.common.defaults import san
assert san(SAN_CERT)
# Wildcard cert has just one SAN record that matches the common name
assert not san(WILDCARD_CERT)
def test_cert_is_wildcard(client):
from lemur.common.defaults import is_wildcard
2019-05-16 16:57:02 +02:00
assert is_wildcard(WILDCARD_CERT)
assert not is_wildcard(INTERMEDIATE_CERT)
def test_cert_bitstrength(client):
from lemur.common.defaults import bitstrength
2019-05-16 16:57:02 +02:00
assert bitstrength(INTERMEDIATE_CERT) == 2048
def test_cert_issuer(client):
from lemur.common.defaults import issuer
2019-05-16 16:57:02 +02:00
assert issuer(INTERMEDIATE_CERT) == "LemurTrustUnittestsRootCA2018"
def test_text_to_slug(client):
from lemur.common.defaults import text_to_slug
2019-05-16 16:57:02 +02:00
assert text_to_slug("test - string") == "test-string"
assert text_to_slug("test - string", "") == "teststring"
# Accented characters are decomposed
2019-05-16 16:57:02 +02:00
assert text_to_slug("föö bär") == "foo-bar"
# Melt away the Unicode Snowman
2019-05-16 16:57:02 +02:00
assert text_to_slug("\u2603") == ""
assert text_to_slug("\u2603test\u2603") == "test"
assert text_to_slug("snow\u2603man") == "snow-man"
assert text_to_slug("snow\u2603man", "") == "snowman"
# IDNA-encoded domain names should be kept as-is
2019-05-16 16:57:02 +02:00
assert (
text_to_slug("xn--i1b6eqas.xn--xmpl-loa9b3671b.com")
== "xn--i1b6eqas.xn--xmpl-loa9b3671b.com"
)
def test_create_name(client):
from lemur.common.defaults import certificate_name
from datetime import datetime
2019-05-16 16:57:02 +02:00
assert (
certificate_name(
"example.com",
"Example Inc,",
datetime(2015, 5, 7, 0, 0, 0),
datetime(2015, 5, 12, 0, 0, 0),
False,
)
== "example.com-ExampleInc-20150507-20150512"
)
assert (
certificate_name(
"example.com",
"Example Inc,",
datetime(2015, 5, 7, 0, 0, 0),
datetime(2015, 5, 12, 0, 0, 0),
True,
)
== "SAN-example.com-ExampleInc-20150507-20150512"
)
assert (
certificate_name(
"xn--mnchen-3ya.de",
"Vertrauenswürdig Autorität",
datetime(2015, 5, 7, 0, 0, 0),
datetime(2015, 5, 12, 0, 0, 0),
False,
)
== "xn--mnchen-3ya.de-VertrauenswurdigAutoritat-20150507-20150512"
)
assert (
certificate_name(
"selfie.example.org",
"<selfsigned>",
datetime(2015, 5, 7, 0, 0, 0),
datetime(2025, 5, 12, 13, 37, 0),
False,
)
== "selfie.example.org-selfsigned-20150507-20250512"
)
def test_issuer(client, cert_builder, issuer_private_key):
from lemur.common.defaults import issuer
2019-05-16 16:57:02 +02:00
assert issuer(INTERMEDIATE_CERT) == "LemurTrustUnittestsRootCA2018"
# We need to override builder's issuer name
cert_builder._issuer_name = None
# Unicode issuer name
2019-05-16 16:57:02 +02:00
cert = cert_builder.issuer_name(
x509.Name(
[x509.NameAttribute(x509.NameOID.COMMON_NAME, "Vertrauenswürdig Autorität")]
)
).sign(issuer_private_key, hashes.SHA256(), default_backend())
assert issuer(cert) == "VertrauenswurdigAutoritat"
# Fallback to 'Organization' field when issuer CN is missing
2019-05-16 16:57:02 +02:00
cert = cert_builder.issuer_name(
x509.Name(
[x509.NameAttribute(x509.NameOID.ORGANIZATION_NAME, "No Such Organization")]
)
).sign(issuer_private_key, hashes.SHA256(), default_backend())
assert issuer(cert) == "NoSuchOrganization"
# Missing issuer name
2019-05-16 16:57:02 +02:00
cert = cert_builder.issuer_name(x509.Name([])).sign(
issuer_private_key, hashes.SHA256(), default_backend()
)
assert issuer(cert) == "<unknown>"
def test_issuer_selfsigned(selfsigned_cert):
from lemur.common.defaults import issuer
2019-05-16 16:57:02 +02:00
assert issuer(selfsigned_cert) == "<selfsigned>"