Imported Debian patch 4.8.10-2

2020-11-23 20:48:56 +02:00
parent 8bc559c5a1
commit 358acdd85f
917 changed files with 1185414 additions and 1069733 deletions
--- a/ipatests/test_ipalib/test_x509.py
+++ b/ipatests/test_ipalib/test_x509.py
@@ -22,7 +22,11 @@ Test the `ipalib.x509` module.
 """

 import base64
+from binascii import hexlify
+from configparser import RawConfigParser
 import datetime
+from io import StringIO
+import pickle

 import pytest

@@ -160,7 +164,8 @@ QUs1Hx1wL7mL4U8fKCFDKA+ds2B2xWgoZg==
 -----END CERTIFICATE-----
 '''

-class test_x509(object):
+
+class test_x509:
    """
    Test `ipalib.x509`

@@ -258,7 +263,7 @@ class test_x509(object):
        not_after = datetime.datetime(2018, 10, 23, 5, 36, 59)
        assert cert.not_valid_before == not_before
        assert cert.not_valid_after == not_after
-        assert cert.san_general_names == [DNSName(u'ipa.demo1.freeipa.org')]
+        assert cert.san_general_names == [DNSName('ipa.demo1.freeipa.org')]
        assert cert.san_a_label_dns_names == ['ipa.demo1.freeipa.org']
        assert cert.extended_key_usage == {
            '1.3.6.1.5.5.7.3.1', '1.3.6.1.5.5.7.3.2'
@@ -267,3 +272,114 @@ class test_x509(object):
            b'0 \x06\x03U\x1d%\x01\x01\xff\x04\x160\x14\x06\x08+\x06\x01'
            b'\x05\x05\x07\x03\x01\x06\x08+\x06\x01\x05\x05\x07\x03\x02'
        )
+
+
+class test_ExternalCAProfile:
+    def test_MSCSTemplateV1_good(self):
+        o = x509.MSCSTemplateV1("MySubCA")
+        assert hexlify(o.get_ext_data()) == b'1e0e004d007900530075006200430041'
+
+    def test_MSCSTemplateV1_bad(self):
+        with pytest.raises(ValueError):
+            x509.MSCSTemplateV1("MySubCA:1")
+
+    def test_MSCSTemplateV1_pickle_roundtrip(self):
+        o = x509.MSCSTemplateV1("MySubCA")
+        s = pickle.dumps(o)
+        assert o.get_ext_data() == pickle.loads(s).get_ext_data()
+
+    def test_MSCSTemplateV2_too_few_parts(self):
+        with pytest.raises(ValueError):
+            x509.MSCSTemplateV2("1.2.3.4")
+
+    def test_MSCSTemplateV2_too_many_parts(self):
+        with pytest.raises(ValueError):
+            x509.MSCSTemplateV2("1.2.3.4:100:200:300")
+
+    def test_MSCSTemplateV2_bad_oid(self):
+        with pytest.raises(ValueError):
+            x509.MSCSTemplateV2("not_an_oid:1")
+
+    def test_MSCSTemplateV2_non_numeric_major_version(self):
+        with pytest.raises(ValueError):
+            x509.MSCSTemplateV2("1.2.3.4:major:200")
+
+    def test_MSCSTemplateV2_non_numeric_minor_version(self):
+        with pytest.raises(ValueError):
+            x509.MSCSTemplateV2("1.2.3.4:100:minor")
+
+    def test_MSCSTemplateV2_major_version_lt_zero(self):
+        with pytest.raises(ValueError):
+            x509.MSCSTemplateV2("1.2.3.4:-1:200")
+
+    def test_MSCSTemplateV2_minor_version_lt_zero(self):
+        with pytest.raises(ValueError):
+            x509.MSCSTemplateV2("1.2.3.4:100:-1")
+
+    def test_MSCSTemplateV2_major_version_gt_max(self):
+        with pytest.raises(ValueError):
+            x509.MSCSTemplateV2("1.2.3.4:4294967296:200")
+
+    def test_MSCSTemplateV2_minor_version_gt_max(self):
+        with pytest.raises(ValueError):
+            x509.MSCSTemplateV2("1.2.3.4:100:4294967296")
+
+    def test_MSCSTemplateV2_good_major(self):
+        o = x509.MSCSTemplateV2("1.2.3.4:4294967295")
+        assert hexlify(o.get_ext_data()) == b'300c06032a0304020500ffffffff'
+
+    def test_MSCSTemplateV2_good_major_minor(self):
+        o = x509.MSCSTemplateV2("1.2.3.4:4294967295:0")
+        assert hexlify(o.get_ext_data()) \
+            == b'300f06032a0304020500ffffffff020100'
+
+    def test_MSCSTemplateV2_pickle_roundtrip(self):
+        o = x509.MSCSTemplateV2("1.2.3.4:4294967295:0")
+        s = pickle.dumps(o)
+        assert o.get_ext_data() == pickle.loads(s).get_ext_data()
+
+    def test_ExternalCAProfile_dispatch(self):
+        """
+        Test that constructing ExternalCAProfile actually returns an
+        instance of the appropriate subclass.
+        """
+        assert isinstance(
+            x509.ExternalCAProfile("MySubCA"),
+            x509.MSCSTemplateV1)
+        assert isinstance(
+            x509.ExternalCAProfile("1.2.3.4:100"),
+            x509.MSCSTemplateV2)
+
+    def test_write_pkispawn_config_file_MSCSTemplateV1(self):
+        template = x509.MSCSTemplateV1(u"SubCA")
+        expected = (
+            '[CA]\n'
+            'pki_req_ext_oid = 1.3.6.1.4.1.311.20.2\n'
+            'pki_req_ext_data = 1e0a00530075006200430041\n\n'
+        )
+        self._test_write_pkispawn_config_file(template, expected)
+
+    def test_write_pkispawn_config_file_MSCSTemplateV2(self):
+        template = x509.MSCSTemplateV2(u"1.2.3.4:4294967295")
+        expected = (
+            '[CA]\n'
+            'pki_req_ext_oid = 1.3.6.1.4.1.311.21.7\n'
+            'pki_req_ext_data = 300c06032a0304020500ffffffff\n\n'
+        )
+        self._test_write_pkispawn_config_file(template, expected)
+
+    def _test_write_pkispawn_config_file(self, template, expected):
+        """
+        Test that the values we read from an ExternalCAProfile
+        object can be used to produce a reasonable-looking pkispawn
+        configuration.
+        """
+        config = RawConfigParser()
+        config.optionxform = str
+        config.add_section("CA")
+        config.set("CA", "pki_req_ext_oid", template.ext_oid)
+        config.set("CA", "pki_req_ext_data",
+                   hexlify(template.get_ext_data()).decode('ascii'))
+        out = StringIO()
+        config.write(out)
+        assert out.getvalue() == expected