From 4e8dacd02ec4c4b8238e5ebdfcd5ab26348ec658 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Sat, 9 May 2015 10:38:23 -0500
Subject: separate full_name/relative_name and change reasons to an enumeration

---
 tests/test_x509_ext.py | 207 ++++++++++++++++++++++++-------------------------
 1 file changed, 100 insertions(+), 107 deletions(-)

(limited to 'tests/test_x509_ext.py')

diff --git a/tests/test_x509_ext.py b/tests/test_x509_ext.py
index 1ccb361b..e0858c76 100644
--- a/tests/test_x509_ext.py
+++ b/tests/test_x509_ext.py
@@ -1320,69 +1320,46 @@ class TestAuthorityKeyIdentifierExtension(object):
         assert ext.value.authority_cert_serial_number == 3
 
 
-class TestReasonFlags(object):
-    def test_flags(self):
-        flags = x509.ReasonFlags(
-            True, True, False, False, True, True, False, False
-        )
-        assert flags.key_compromise is True
-        assert flags.ca_compromise is True
-        assert flags.affiliation_changed is False
-        assert flags.superseded is False
-        assert flags.cessation_of_operation is True
-        assert flags.certificate_hold is True
-        assert flags.privilege_withdrawn is False
-        assert flags.aa_compromise is False
-
-    def test_eq(self):
-        flags = x509.ReasonFlags(
-            True, True, False, False, True, True, False, False
-        )
-        flags2 = x509.ReasonFlags(
-            True, True, False, False, True, True, False, False
-        )
-        assert flags == flags2
-
-    def test_ne(self):
-        flags = x509.ReasonFlags(
-            True, True, False, False, True, True, False, False
-        )
-        flags2 = x509.ReasonFlags(
-            True, True, False, False, True, True, False, True
-        )
-        assert flags != flags2
-        assert flags != object()
-
-    def test_repr(self):
-        flags = x509.ReasonFlags(
-            True, True, False, False, True, True, False, False
-        )
-        assert repr(flags) == (
-            "<ReasonFlags(key_compromise=True, ca_compromise=True, affiliatio"
-            "n_changed=False,superseded=False, cessation_of_operation=True, c"
-            "ertificate_hold=True, privilege_withdrawn=False, aa_compromise=F"
-            "alse)>"
-        )
-
-
 class TestDistributionPoint(object):
-    def test_distribution_point_list_not_general_names(self):
+    def test_distribution_point_full_name_not_general_names(self):
         with pytest.raises(TypeError):
-            x509.DistributionPoint(["notgn"], None, None)
+            x509.DistributionPoint(["notgn"], None, None, None)
 
-    def test_distribution_point_not_name(self):
+    def test_distribution_point_relative_name_not_name(self):
         with pytest.raises(TypeError):
-            x509.DistributionPoint("notname", None, None)
+            x509.DistributionPoint(None, "notname", None, None)
+
+    def test_distribution_point_full_and_relative_not_none(self):
+        with pytest.raises(ValueError):
+            x509.DistributionPoint("data", "notname", None, None)
 
     def test_crl_issuer_not_general_names(self):
         with pytest.raises(TypeError):
-            x509.DistributionPoint(None, None, ["notgn"])
+            x509.DistributionPoint(None, None, None, ["notgn"])
 
     def test_reason_not_reasonflags(self):
         with pytest.raises(TypeError):
             x509.DistributionPoint(
                 [x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
-                "notreasonflags",
+                None,
+                ["notreasonflags"],
+                None
+            )
+
+    def test_disallowed_reasons(self):
+        with pytest.raises(ValueError):
+            x509.DistributionPoint(
+                [x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
+                None,
+                [x509.ReasonFlags.unspecified],
+                None
+            )
+
+        with pytest.raises(ValueError):
+            x509.DistributionPoint(
+                [x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
+                None,
+                [x509.ReasonFlags.remove_from_crl],
                 None
             )
 
@@ -1390,18 +1367,16 @@ class TestDistributionPoint(object):
         with pytest.raises(ValueError):
             x509.DistributionPoint(
                 None,
-                x509.ReasonFlags(
-                    True, True, False, False, True, True, False, False
-                ),
+                None,
+                [x509.ReasonFlags.aa_compromise],
                 None
             )
 
     def test_eq(self):
         dp = x509.DistributionPoint(
             [x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
-            x509.ReasonFlags(
-                False, False, False, False, False, True, False, False
-            ),
+            None,
+            [x509.ReasonFlags.superseded],
             [
                 x509.DirectoryName(
                     x509.Name([
@@ -1414,9 +1389,8 @@ class TestDistributionPoint(object):
         )
         dp2 = x509.DistributionPoint(
             [x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
-            x509.ReasonFlags(
-                False, False, False, False, False, True, False, False
-            ),
+            None,
+            [x509.ReasonFlags.superseded],
             [
                 x509.DirectoryName(
                     x509.Name([
@@ -1432,9 +1406,10 @@ class TestDistributionPoint(object):
     def test_ne(self):
         dp = x509.DistributionPoint(
             [x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
-            x509.ReasonFlags(
-                False, False, False, False, False, True, False, False
-            ),
+            None,
+            [
+                x509.ReasonFlags.superseded,
+            ],
             [
                 x509.DirectoryName(
                     x509.Name([
@@ -1448,6 +1423,7 @@ class TestDistributionPoint(object):
         dp2 = x509.DistributionPoint(
             [x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
             None,
+            None,
             None
         )
         assert dp != dp2
@@ -1455,12 +1431,14 @@ class TestDistributionPoint(object):
 
     def test_repr(self):
         dp = x509.DistributionPoint(
+            None,
             x509.Name([
                 x509.NameAttribute(x509.OID_COMMON_NAME, "myCN")
             ]),
-            x509.ReasonFlags(
-                False, False, False, False, False, True, False, False
-            ),
+            [
+                x509.ReasonFlags.key_compromise,
+                x509.ReasonFlags.ca_compromise,
+            ],
             [
                 x509.DirectoryName(
                     x509.Name([
@@ -1472,14 +1450,12 @@ class TestDistributionPoint(object):
             ],
         )
         assert repr(dp) == (
-            "<DistributionPoint(distribution_point=<Name([<NameAttribute(oid="
-            "<ObjectIdentifier(oid=2.5.4.3, name=commonName)>, value='myCN')>"
-            "])>, reasons=<ReasonFlags(key_compromise=False, ca_compromise=Fa"
-            "lse, affiliation_changed=False,superseded=False, cessation_of_op"
-            "eration=False, certificate_hold=True, privilege_withdrawn=False,"
-            " aa_compromise=False)>, crl_issuer=[<DirectoryName(value=<Name(["
-            "<NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.3, name=commonNam"
-            "e)>, value='Important CA')>])>)>])>"
+            "<DistributionPoint(full_name=None, relative_name=<Name([<NameAtt"
+            "ribute(oid=<ObjectIdentifier(oid=2.5.4.3, name=commonName)>, val"
+            "ue='myCN')>])>, reasons=[<ReasonFlags.key_compromise: 'keyCompro"
+            "mise'>, <ReasonFlags.ca_compromise: 'cACompromise'>], crl_issuer"
+            "=[<DirectoryName(value=<Name([<NameAttribute(oid=<ObjectIdentifi"
+            "er(oid=2.5.4.3, name=commonName)>, value='Important CA')>])>)>])>"
         )
 
 
@@ -1493,13 +1469,16 @@ class TestCRLDistributionPoints(object):
             x509.DistributionPoint(
                 [x509.UniformResourceIdentifier(u"http://domain")],
                 None,
+                None,
                 None
             ),
             x509.DistributionPoint(
                 [x509.UniformResourceIdentifier(u"ftp://domain")],
-                x509.ReasonFlags(
-                    True, True, True, True, True, True, True, True
-                ),
+                None,
+                [
+                    x509.ReasonFlags.key_compromise,
+                    x509.ReasonFlags.ca_compromise,
+                ],
                 None
             ),
         ])
@@ -1508,13 +1487,16 @@ class TestCRLDistributionPoints(object):
             x509.DistributionPoint(
                 [x509.UniformResourceIdentifier(u"http://domain")],
                 None,
+                None,
                 None
             ),
             x509.DistributionPoint(
                 [x509.UniformResourceIdentifier(u"ftp://domain")],
-                x509.ReasonFlags(
-                    True, True, True, True, True, True, True, True
-                ),
+                None,
+                [
+                    x509.ReasonFlags.key_compromise,
+                    x509.ReasonFlags.ca_compromise,
+                ],
                 None
             ),
         ]
@@ -1523,37 +1505,41 @@ class TestCRLDistributionPoints(object):
         cdp = x509.CRLDistributionPoints([
             x509.DistributionPoint(
                 [x509.UniformResourceIdentifier(u"ftp://domain")],
-                x509.ReasonFlags(
-                    True, True, True, True, True, True, True, True
-                ),
+                None,
+                [
+                    x509.ReasonFlags.key_compromise,
+                    x509.ReasonFlags.ca_compromise,
+                ],
                 None
             ),
         ])
         assert repr(cdp) == (
-            "<CRLDistributionPoints([<DistributionPoint(distribution_point=[<"
-            "UniformResourceIdentifier(value=ftp://domain)>], reasons=<Reason"
-            "Flags(key_compromise=True, ca_compromise=True, affiliation_chang"
-            "ed=True,superseded=True, cessation_of_operation=True, certificat"
-            "e_hold=True, privilege_withdrawn=True, aa_compromise=True)>, crl"
-            "_issuer=None)>])>"
+            "<CRLDistributionPoints([<DistributionPoint(full_name=[<UniformRes"
+            "ourceIdentifier(value=ftp://domain)>], relative_name=None, reason"
+            "s=[<ReasonFlags.key_compromise: 'keyCompromise'>, <ReasonFlags.ca"
+            "_compromise: 'cACompromise'>], crl_issuer=None)>])>"
         )
 
     def test_eq(self):
         cdp = x509.CRLDistributionPoints([
             x509.DistributionPoint(
                 [x509.UniformResourceIdentifier(u"ftp://domain")],
-                x509.ReasonFlags(
-                    True, True, True, True, True, True, True, True
-                ),
+                None,
+                [
+                    x509.ReasonFlags.key_compromise,
+                    x509.ReasonFlags.ca_compromise,
+                ],
                 [x509.UniformResourceIdentifier(u"uri://thing")],
             ),
         ])
         cdp2 = x509.CRLDistributionPoints([
             x509.DistributionPoint(
                 [x509.UniformResourceIdentifier(u"ftp://domain")],
-                x509.ReasonFlags(
-                    True, True, True, True, True, True, True, True
-                ),
+                None,
+                [
+                    x509.ReasonFlags.key_compromise,
+                    x509.ReasonFlags.ca_compromise,
+                ],
                 [x509.UniformResourceIdentifier(u"uri://thing")],
             ),
         ])
@@ -1563,36 +1549,43 @@ class TestCRLDistributionPoints(object):
         cdp = x509.CRLDistributionPoints([
             x509.DistributionPoint(
                 [x509.UniformResourceIdentifier(u"ftp://domain")],
-                x509.ReasonFlags(
-                    True, True, True, True, True, True, True, True
-                ),
+                None,
+                [
+                    x509.ReasonFlags.key_compromise,
+                    x509.ReasonFlags.ca_compromise,
+                ],
                 [x509.UniformResourceIdentifier(u"uri://thing")],
             ),
         ])
         cdp2 = x509.CRLDistributionPoints([
             x509.DistributionPoint(
                 [x509.UniformResourceIdentifier(u"ftp://domain2")],
-                x509.ReasonFlags(
-                    True, True, True, True, True, True, True, True
-                ),
+                None,
+                [
+                    x509.ReasonFlags.key_compromise,
+                    x509.ReasonFlags.ca_compromise,
+                ],
                 [x509.UniformResourceIdentifier(u"uri://thing")],
             ),
         ])
         cdp3 = x509.CRLDistributionPoints([
             x509.DistributionPoint(
                 [x509.UniformResourceIdentifier(u"ftp://domain")],
-                x509.ReasonFlags(
-                    True, True, True, True, True, True, True, False
-                ),
+                None,
+                [
+                    x509.ReasonFlags.key_compromise,
+                ],
                 [x509.UniformResourceIdentifier(u"uri://thing")],
             ),
         ])
         cdp4 = x509.CRLDistributionPoints([
             x509.DistributionPoint(
                 [x509.UniformResourceIdentifier(u"ftp://domain")],
-                x509.ReasonFlags(
-                    True, True, True, True, True, True, True, True
-                ),
+                None,
+                [
+                    x509.ReasonFlags.key_compromise,
+                    x509.ReasonFlags.ca_compromise,
+                ],
                 [x509.UniformResourceIdentifier(u"uri://thing2")],
             ),
         ])
-- 
cgit v1.2.3