pki.tests.test_cert_profiles¶

Tests for the JSON template verification module.

Functions¶

`test_valid_profile_instance`()	Test that a valid profile instance can be created.
`test_invalid_profile_instance`()	Test that an invalid profile instance raises an error.
`test_incomplete_profile_instance`()	Test that an incomplete profile instance raises an error.
`test_prohibited_cn_present`()	Test that a request with a prohibited CN fails verification.
`test_prohibited_cn_present_no_reject`()	Test that a request with a prohibited CN is removed when reject_mods is False.
`test_allowed_cn_present`()	Test that a request with an allowed CN passes verification.
`test_allowed_cn_alias_present`()	Test that a request with an allowed CN passes verification (alias 'cn' for 'common_name').
`test_unspecified_cn_present_no_reject`()	Test that a not explicitly allowed CN without implicit allow is removed from the request.
`test_unspecified_cn_present_reject`()	Test that a not explicitly allowed CN with reject_mods=True fails verification.
`test_default_cn_present_in_request`()	Test that the request CN takes precedence over the profile's default CN.
`test_default_cn_absent_in_request`()	Test that the profile's default CN is applied when the request CN is absent.
`test_implicit_allow_subject`()	Test that a request with implicit allow for all fields passes verification.
`test_implicit_allow_unknown_field`()	Test that a request with an unknown field passes verification with implicit allow.
`test_required_cn_absent`()	Test that a request missing a required CN fails verification.
`test_incompatible_request_cn`()	Test that a request with a CN incompatible with the profile and reject_mods fails verification.
`test_incompatible_request_cn_no_reject_mods`()	Test that a request with a CN incompatible with the profile and no reject_mods uses the CN from the profile.
`test_required_ext_absent`()	Test that a request missing a required extension fails verification.
`test_default_ext_present_in_req`()	Test that the request extension takes precedence over the profile's default extension.
`test_default_ext_absent_in_req`()	Test that the profile's default extension is applied when the request extension is absent.
`test_incompatible_ext`()	Test that a request with an extension incompatible with the profile and reject_mods fails verification.
`test_incompatible_ext_extra_field`()	Test that a request with an extension incompatible with the profile (extra field in req) and reject_mods fails verification.
`test_incompatible_ext_no_reject`()	Test that a request with an incompatible extension and no reject_mods uses the extension from the profile.
`test_ext_value_mutable`()	Test that a request with a mutable extension value passes verification.
`test_prohibited_ext_present`()	Test that a request with a prohibited extension fails verification.
`test_not_allowed_ext_present`()	Test that a request with an extension not explicitely allowed by the profile fails verification.
`test_allowed_ext_present`()	Test that a request with an allowed extension passes verification.
`test_allowed_ext_allow_any`()	Test that a request with any extension passes verification when allow='*'.
`test_allowed_ext_allow_any_explicit_profile`()	Test that a request with a SAN extension passes verification when allow='*' and SAN specified in profile.
`test_sample_request_contains_ext_defaults`()	Test that a sample request generated from a profile includes default extension values.
`test_sample_request_contains_ext_defaults_allow_any`()	Regression test that a sample req. from a profile includes default ext values when allow='*'.
`test_request_normalization`()	Test that a request is normalized correctly.
`test_csr_to_json_adapter`()	Test that the CSR to JSON adapter works correctly.
`test_json_to_cb_adapter`()	Test that the JSON to Certificate Builder adapter works correctly.
`test_json_to_cb_adapter_no_validity`()	Test that the JSON to Certificate Builder adapter raises an error when validity is missing.

Module Contents¶

pki.tests.test_cert_profiles.test_valid_profile_instance()[source]¶

Test that a valid profile instance can be created.

Return type:: None

pki.tests.test_cert_profiles.test_invalid_profile_instance()[source]¶

Test that an invalid profile instance raises an error.

Return type:: None

pki.tests.test_cert_profiles.test_incomplete_profile_instance()[source]¶

Test that an incomplete profile instance raises an error.

Behavior (subject to change) when ‘subj’ field is missing: - Effectively prohibits subject, which is not valid in X.509 certs.

Return type:: None

pki.tests.test_cert_profiles.test_prohibited_cn_present()[source]¶

Test that a request with a prohibited CN fails verification.

Return type:: None

pki.tests.test_cert_profiles.test_prohibited_cn_present_no_reject()[source]¶

Test that a request with a prohibited CN is removed when reject_mods is False.

Return type:: None

pki.tests.test_cert_profiles.test_allowed_cn_present()[source]¶

Test that a request with an allowed CN passes verification.

Return type:: None

pki.tests.test_cert_profiles.test_allowed_cn_alias_present()[source]¶

Test that a request with an allowed CN passes verification (alias ‘cn’ for ‘common_name’).

Return type:: None

pki.tests.test_cert_profiles.test_unspecified_cn_present_no_reject()[source]¶

Test that a not explicitly allowed CN without implicit allow is removed from the request.

Return type:: None

pki.tests.test_cert_profiles.test_unspecified_cn_present_reject()[source]¶

Test that a not explicitly allowed CN with reject_mods=True fails verification.

Return type:: None

pki.tests.test_cert_profiles.test_default_cn_present_in_request()[source]¶

Test that the request CN takes precedence over the profile’s default CN.

Return type:: None

pki.tests.test_cert_profiles.test_default_cn_absent_in_request()[source]¶

Test that the profile’s default CN is applied when the request CN is absent.

Return type:: None

pki.tests.test_cert_profiles.test_implicit_allow_subject()[source]¶

Test that a request with implicit allow for all fields passes verification.

Return type:: None

pki.tests.test_cert_profiles.test_implicit_allow_unknown_field()[source]¶

Test that a request with an unknown field passes verification with implicit allow.

Return type:: None

pki.tests.test_cert_profiles.test_required_cn_absent()[source]¶

Test that a request missing a required CN fails verification.

Return type:: None

pki.tests.test_cert_profiles.test_incompatible_request_cn()[source]¶

Test that a request with a CN incompatible with the profile and reject_mods fails verification.

Return type:: None

pki.tests.test_cert_profiles.test_incompatible_request_cn_no_reject_mods()[source]¶

Test that a request with a CN incompatible with the profile and no reject_mods uses the CN from the profile.

Return type:: None

pki.tests.test_cert_profiles.test_required_ext_absent()[source]¶

Test that a request missing a required extension fails verification.

Return type:: None

pki.tests.test_cert_profiles.test_default_ext_present_in_req()[source]¶

Test that the request extension takes precedence over the profile’s default extension.

Return type:: None

pki.tests.test_cert_profiles.test_default_ext_absent_in_req()[source]¶

Test that the profile’s default extension is applied when the request extension is absent.

Return type:: None

pki.tests.test_cert_profiles.test_incompatible_ext()[source]¶

Test that a request with an extension incompatible with the profile and reject_mods fails verification.

Return type:: None

pki.tests.test_cert_profiles.test_incompatible_ext_extra_field()[source]¶

Test that a request with an extension incompatible with the profile (extra field in req) and reject_mods fails verification.

Return type:: None

pki.tests.test_cert_profiles.test_incompatible_ext_no_reject()[source]¶

Test that a request with an incompatible extension and no reject_mods uses the extension from the profile.

Return type:: None

pki.tests.test_cert_profiles.test_ext_value_mutable()[source]¶

Test that a request with a mutable extension value passes verification.

Return type:: None

pki.tests.test_cert_profiles.test_prohibited_ext_present()[source]¶

Test that a request with a prohibited extension fails verification.

Return type:: None

pki.tests.test_cert_profiles.test_not_allowed_ext_present()[source]¶

Test that a request with an extension not explicitely allowed by the profile fails verification.

Return type:: None

pki.tests.test_cert_profiles.test_allowed_ext_present()[source]¶

Test that a request with an allowed extension passes verification.

Return type:: None

pki.tests.test_cert_profiles.test_allowed_ext_allow_any()[source]¶

Test that a request with any extension passes verification when allow=’*’.

Return type:: None

pki.tests.test_cert_profiles.test_allowed_ext_allow_any_explicit_profile()[source]¶

Test that a request with a SAN extension passes verification when allow=’*’ and SAN specified in profile.

Return type:: None

pki.tests.test_cert_profiles.test_sample_request_contains_ext_defaults()[source]¶

Test that a sample request generated from a profile includes default extension values.

Return type:: None

pki.tests.test_cert_profiles.test_sample_request_contains_ext_defaults_allow_any()[source]¶

Regression test that a sample req. from a profile includes default ext values when allow=’*’.

Return type:: None

pki.tests.test_cert_profiles.test_request_normalization()[source]¶

Test that a request is normalized correctly.

Return type:: None

pki.tests.test_cert_profiles.test_csr_to_json_adapter()[source]¶

Test that the CSR to JSON adapter works correctly.

Return type:: None

pki.tests.test_cert_profiles.test_json_to_cb_adapter()[source]¶

Test that the JSON to Certificate Builder adapter works correctly.

Return type:: None

pki.tests.test_cert_profiles.test_json_to_cb_adapter_no_validity()[source]¶

Test that the JSON to Certificate Builder adapter raises an error when validity is missing.

Return type:: None