From c9940c47998be6cd404c77891bb211761972ff7e Mon Sep 17 00:00:00 2001 From: Tim Kelsey Date: Mon, 12 Jan 2015 17:58:48 +0000 Subject: [PATCH] Adding the first tests against X509 CSRs - Also fixing some minor X509Name issues that showed up Change-Id: Ia722e6c9aad69f8700d8fefd7d5e04e88d3101ef --- anchor/X509/name.py | 13 +-- anchor/app.py | 1 - tests/X509/__init__.py | 0 tests/X509/test_x509_csr.py | 170 ++++++++++++++++++++++++++++++++++++ 4 files changed, 173 insertions(+), 11 deletions(-) create mode 100644 tests/X509/__init__.py create mode 100644 tests/X509/test_x509_csr.py diff --git a/anchor/X509/name.py b/anchor/X509/name.py index f6b5bbe..227031c 100644 --- a/anchor/X509/name.py +++ b/anchor/X509/name.py @@ -21,6 +21,7 @@ class X509Name(object): # NOTE(tkelsey): this is not exhaustive nid = {'C': backend._lib.NID_countryName, + 'countryName': backend._lib.NID_countryName, 'SP': backend._lib.NID_stateOrProvinceName, 'ST': backend._lib.NID_stateOrProvinceName, 'stateOrProvinceName': backend._lib.NID_stateOrProvinceName, @@ -29,7 +30,7 @@ class X509Name(object): 'O': backend._lib.NID_organizationName, 'organizationName': backend._lib.NID_organizationName, 'OU': backend._lib.NID_organizationalUnitName, - 'organizationUnitName': backend._lib.NID_organizationalUnitName, + 'organizationalUnitName': backend._lib.NID_organizationalUnitName, 'CN': backend._lib.NID_commonName, 'commonName': backend._lib.NID_commonName, 'Email': backend._lib.NID_pkcs9_emailAddress, @@ -52,15 +53,7 @@ class X509Name(object): return "%s %s" % (self.get_name(), self.get_value()) def __cmp__(self, other): - data = str(other) - asn1_str_1 = self._lib.ASN1_STRING_new() - asn1_str_1 = self._ffi.gc(asn1_str_1, self._lib.ASN1_STRING_free) - ret = self._lib.ASN1_STRING_set(asn1_str_1, data, len(data)) - if ret != 0: - asn1_str_2 = self._lib.X509_NAME_ENTRY_get_string(self._entry) - ret = self._lib.ASN1_STRING_cmp(asn1_str_1, asn1_str_2) - return (ret == 1) - raise errors.X509Error("Could not setup ASN1 string data.") + return (str(self) == str(other)) def get_name(self): """Get the name of this entry. diff --git a/anchor/app.py b/anchor/app.py index 72057af..8f323b0 100644 --- a/anchor/app.py +++ b/anchor/app.py @@ -12,7 +12,6 @@ # under the License. import paste -from paste import translogger from pecan import make_app import validators diff --git a/tests/X509/__init__.py b/tests/X509/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/tests/X509/test_x509_csr.py b/tests/X509/test_x509_csr.py new file mode 100644 index 0000000..d5f16e1 --- /dev/null +++ b/tests/X509/test_x509_csr.py @@ -0,0 +1,170 @@ +# -*- coding:utf-8 -*- +# +# Copyright 2014 Hewlett-Packard Development Company, L.P. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +import os + +import unittest + +from anchor.X509 import errors as x509_errors +from anchor.X509 import signing_request + + +class TestX509Csr(unittest.TestCase): + csr_data = ( + "-----BEGIN CERTIFICATE REQUEST-----\n""" + "MIIBWTCCARMCAQAwgZQxCzAJBgNVBAYTAlVLMQ8wDQYDVQQIEwZOYXJuaWExEjAQ\n" + "BgNVBAcTCUZ1bmt5dG93bjEXMBUGA1UEChMOQW5jaG9yIFRlc3RpbmcxEDAOBgNV\n" + "BAsTB3Rlc3RpbmcxFDASBgNVBAMTC2FuY2hvci50ZXN0MR8wHQYJKoZIhvcNAQkB\n" + "FhB0ZXN0QGFuY2hvci50ZXN0MEwwDQYJKoZIhvcNAQEBBQADOwAwOAIxAOpvxkCx\n" + "NNTc86GVnP4rWvaniOnHaemXbhBOoFxhMwaghiq7u5V9ZKkUZfbu+L+ZSQIDAQAB\n" + "oCkwJwYJKoZIhvcNAQkOMRowGDAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DANBgkq\n" + "hkiG9w0BAQUFAAMxALaK8/HR73ZSvHiWo7Mduin0S519aJBm+gO8d9iliUkK00gQ\n" + "VMs9DuTAxljX7t7Eug==\n" + "-----END CERTIFICATE REQUEST-----\n" + ) + + def setUp(self): + super(TestX509Csr, self).setUp() + self.csr = signing_request.X509Csr() + self.csr.from_buffer(TestX509Csr.csr_data) + + def tearDown(self): + pass + + def test_get_bad_elem(self): + name = self.csr.get_subject() + self.assertRaises(x509_errors.X509Error, + name.get_entries_by_nid_name, + 'BAD') + + def test_get_subject_c(self): + name = self.csr.get_subject() + entries = name.get_entries_by_nid_name('C') + self.assertEqual(len(entries), 1) + self.assertEqual(entries[0].get_name(), "countryName") + self.assertEqual(entries[0].get_value(), "UK") + + def test_get_subject_countryName(self): + name = self.csr.get_subject() + entries = name.get_entries_by_nid_name('countryName') + self.assertEqual(len(entries), 1) + self.assertEqual(entries[0].get_name(), "countryName") + self.assertEqual(entries[0].get_value(), "UK") + + def test_get_subject_st(self): + name = self.csr.get_subject() + entries = name.get_entries_by_nid_name('ST') + self.assertEqual(len(entries), 1) + self.assertEqual(entries[0].get_name(), "stateOrProvinceName") + self.assertEqual(entries[0].get_value(), "Narnia") + + def test_get_subject_sp(self): + name = self.csr.get_subject() + entries = name.get_entries_by_nid_name('SP') + self.assertEqual(len(entries), 1) + self.assertEqual(entries[0].get_name(), "stateOrProvinceName") + self.assertEqual(entries[0].get_value(), "Narnia") + + def test_get_subject_stateOrProvinceName(self): + name = self.csr.get_subject() + entries = name.get_entries_by_nid_name('stateOrProvinceName') + self.assertEqual(len(entries), 1) + self.assertEqual(entries[0].get_name(), "stateOrProvinceName") + self.assertEqual(entries[0].get_value(), "Narnia") + + def test_get_subject_l(self): + name = self.csr.get_subject() + entries = name.get_entries_by_nid_name('L') + self.assertEqual(len(entries), 1) + self.assertEqual(entries[0].get_name(), "localityName") + self.assertEqual(entries[0].get_value(), "Funkytown") + + def test_get_subject_localityName(self): + name = self.csr.get_subject() + entries = name.get_entries_by_nid_name('localityName') + self.assertEqual(len(entries), 1) + self.assertEqual(entries[0].get_name(), "localityName") + self.assertEqual(entries[0].get_value(), "Funkytown") + + def test_get_subject_l(self): + name = self.csr.get_subject() + entries = name.get_entries_by_nid_name('L') + self.assertEqual(len(entries), 1) + self.assertEqual(entries[0].get_name(), "localityName") + self.assertEqual(entries[0].get_value(), "Funkytown") + + def test_get_subject_localityName(self): + name = self.csr.get_subject() + entries = name.get_entries_by_nid_name('localityName') + self.assertEqual(len(entries), 1) + self.assertEqual(entries[0].get_name(), "localityName") + self.assertEqual(entries[0].get_value(), "Funkytown") + + def test_get_subject_o(self): + name = self.csr.get_subject() + entries = name.get_entries_by_nid_name('O') + self.assertEqual(len(entries), 1) + self.assertEqual(entries[0].get_name(), "organizationName") + self.assertEqual(entries[0].get_value(), "Anchor Testing") + + def test_get_subject_organizationName(self): + name = self.csr.get_subject() + entries = name.get_entries_by_nid_name('organizationName') + self.assertEqual(len(entries), 1) + self.assertEqual(entries[0].get_name(), "organizationName") + self.assertEqual(entries[0].get_value(), "Anchor Testing") + + def test_get_subject_ou(self): + name = self.csr.get_subject() + entries = name.get_entries_by_nid_name('OU') + self.assertEqual(len(entries), 1) + self.assertEqual(entries[0].get_name(), "organizationalUnitName") + self.assertEqual(entries[0].get_value(), "testing") + + def test_get_subject_organizationUnitName(self): + name = self.csr.get_subject() + entries = name.get_entries_by_nid_name('organizationalUnitName') + self.assertEqual(len(entries), 1) + self.assertEqual(entries[0].get_name(), "organizationalUnitName") + self.assertEqual(entries[0].get_value(), "testing") + + def test_get_subject_cn(self): + name = self.csr.get_subject() + entries = name.get_entries_by_nid_name('CN') + self.assertEqual(len(entries), 1) + self.assertEqual(entries[0].get_name(), "commonName") + self.assertEqual(entries[0].get_value(), "anchor.test") + + def test_get_subject_commonName(self): + name = self.csr.get_subject() + entries = name.get_entries_by_nid_name('commonName') + self.assertEqual(len(entries), 1) + self.assertEqual(entries[0].get_name(), "commonName") + self.assertEqual(entries[0].get_value(), "anchor.test") + + def test_get_subject_email(self): + name = self.csr.get_subject() + entries = name.get_entries_by_nid_name('Email') + self.assertEqual(len(entries), 1) + self.assertEqual(entries[0].get_name(), "emailAddress") + self.assertEqual(entries[0].get_value(), "test@anchor.test") + + def test_get_subject_emailAddress(self): + name = self.csr.get_subject() + entries = name.get_entries_by_nid_name('Email') + self.assertEqual(len(entries), 1) + self.assertEqual(entries[0].get_name(), "emailAddress") + self.assertEqual(entries[0].get_value(), "test@anchor.test")