clarify test of missing CRL

This commit is contained in:
dandds 2019-01-18 10:33:43 -05:00
parent 0457b0a508
commit 9d141d1ea4
2 changed files with 9 additions and 2 deletions

View File

@ -8,7 +8,7 @@ from OpenSSL import crypto, SSL
from atst.domain.authnid.crl import CRLCache, CRLRevocationException, NoOpCRLCache
import atst.domain.authnid.crl.util as util
from tests.mocks import FIXTURE_EMAIL_ADDRESS
from tests.mocks import FIXTURE_EMAIL_ADDRESS, DOD_CN
class MockX509Store:
@ -82,11 +82,17 @@ def test_can_dynamically_update_crls(tmpdir):
def test_throws_error_for_missing_issuer():
cache = CRLCache("ssl/server-certs/ca-chain.pem", crl_locations=[])
# this cert is self-signed, and so the application does not have a
# corresponding CRL for it
cert = open("tests/fixtures/{}.crt".format(FIXTURE_EMAIL_ADDRESS), "rb").read()
with pytest.raises(CRLRevocationException) as exc:
assert cache.crl_check(cert)
(message,) = exc.value.args
# objects that the issuer is missing
assert "issuer" in message
# names the issuer we were expecting to find a CRL for; same as the
# certificate subject in this case because the cert is self-signed
assert DOD_CN in message
def test_multistep_certificate_chain():

View File

@ -2,7 +2,8 @@ from tests.factories import RequestFactory, UserFactory
DOD_SDN_INFO = {"first_name": "ART", "last_name": "GARFUNKEL", "dod_id": "5892460358"}
DOD_SDN = f"CN={DOD_SDN_INFO['last_name']}.{DOD_SDN_INFO['first_name']}.G.{DOD_SDN_INFO['dod_id']},OU=OTHER,OU=PKI,OU=DoD,O=U.S. Government,C=US"
DOD_CN = f"{DOD_SDN_INFO['last_name']}.{DOD_SDN_INFO['first_name']}.G.{DOD_SDN_INFO['dod_id']}"
DOD_SDN = f"CN={DOD_CN},OU=OTHER,OU=PKI,OU=DoD,O=U.S. Government,C=US"
MOCK_VALID_PE_ID = "080675309U"