add nameconstraints classes

author: Paul Kehrer <paul.l.kehrer@gmail.com> 2015-05-17 20:39:40 -0600
committer: Paul Kehrer <paul.l.kehrer@gmail.com> 2015-06-21 21:09:44 -0500
commit: e0017be396df1a506b92ec1b669086dd02ca25b8 (patch)
tree: 61e093911cc23253cb52b15f066f63c186b231d2 /tests
parent: d845ea04b86568e544106207636aa3a47ab82170 (diff)
download: cryptography-e0017be396df1a506b92ec1b669086dd02ca25b8.tar.gz
cryptography-e0017be396df1a506b92ec1b669086dd02ca25b8.tar.bz2
cryptography-e0017be396df1a506b92ec1b669086dd02ca25b8.zip
1 files changed, 68 insertions, 0 deletions
diff --git a/tests/test_x509_ext.py b/tests/test_x509_ext.py
index 62d9f83d..a5747c37 100644
--- a/tests/test_x509_ext.py
+++ b/tests/test_x509_ext.py
@@ -1905,6 +1905,74 @@ class TestAuthorityKeyIdentifierExtension(object):
         assert ext.value.authority_cert_serial_number == 3
 
 
+class TestNameConstraints(object):
+    def test_ipaddress_wrong_type(self):
+        with pytest.raises(TypeError):
+            x509.NameConstraints(
+                permitted_subtrees=[
+                    x509.IPAddress(ipaddress.IPv4Address(u"127.0.0.1"))
+                ],
+                excluded_subtrees=None
+            )
+
+        with pytest.raises(TypeError):
+            x509.NameConstraints(
+                permitted_subtrees=None,
+                excluded_subtrees=[
+                    x509.IPAddress(ipaddress.IPv4Address(u"127.0.0.1"))
+                ]
+            )
+
+    def test_ipaddress_allowed_type(self):
+        permitted = [x509.IPAddress(ipaddress.IPv4Network(u"192.168.0.0/29"))]
+        excluded = [x509.IPAddress(ipaddress.IPv4Network(u"10.10.0.0/24"))]
+        nc = x509.NameConstraints(
+            permitted_subtrees=permitted,
+            excluded_subtrees=excluded
+        )
+        assert nc.permitted_subtrees == permitted
+        assert nc.excluded_subtrees == excluded
+
+    def test_invalid_permitted_subtrees(self):
+        with pytest.raises(TypeError):
+            x509.NameConstraints("badpermitted", None)
+
+    def test_invalid_excluded_subtrees(self):
+        with pytest.raises(TypeError):
+            x509.NameConstraints(None, "badexcluded")
+
+    def test_no_subtrees(self):
+        with pytest.raises(ValueError):
+            x509.NameConstraints(None, None)
+
+    def test_permitted_none(self):
+        excluded = [x509.DNSName(u"name.local")]
+        nc = x509.NameConstraints(
+            permitted_subtrees=None, excluded_subtrees=excluded
+        )
+        assert nc.permitted_subtrees is None
+        assert nc.excluded_subtrees is not None
+
+    def test_excluded_none(self):
+        permitted = [x509.DNSName(u"name.local")]
+        nc = x509.NameConstraints(
+            permitted_subtrees=permitted, excluded_subtrees=None
+        )
+        assert nc.permitted_subtrees is not None
+        assert nc.excluded_subtrees is None
+
+    def test_repr(self):
+        permitted = [x509.DNSName(u"name.local"), x509.DNSName(u"name2.local")]
+        nc = x509.NameConstraints(
+            permitted_subtrees=permitted,
+            excluded_subtrees=None
+        )
+        assert repr(nc) == (
+            "<NameConstraints(permitted_subtrees=[<DNSName(value=name.local)>"
+            ", <DNSName(value=name2.local)>], excluded_subtrees=None)>"
+        )
+
+
 class TestDistributionPoint(object):
     def test_distribution_point_full_name_not_general_names(self):
         with pytest.raises(TypeError):
author	Paul Kehrer <paul.l.kehrer@gmail.com>	2015-05-17 20:39:40 -0600
committer	Paul Kehrer <paul.l.kehrer@gmail.com>	2015-06-21 21:09:44 -0500
commit	e0017be396df1a506b92ec1b669086dd02ca25b8 (patch)
tree	61e093911cc23253cb52b15f066f63c186b231d2 /tests
parent	d845ea04b86568e544106207636aa3a47ab82170 (diff)
download	cryptography-e0017be396df1a506b92ec1b669086dd02ca25b8.tar.gz cryptography-e0017be396df1a506b92ec1b669086dd02ca25b8.tar.bz2 cryptography-e0017be396df1a506b92ec1b669086dd02ca25b8.zip