trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add tests to prevent empty SAN 

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Jens Langhammer 2023-01-18 18:59:10 +01:00
parent fdc445e6a1
commit 60189ce9ca
No known key found for this signature in database
1 changed files with 36 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
authentik/crypto/tests.py
View File

@ -4,6 +4,8 @@ from json import loads
from os import makedirs from os import makedirs
from tempfile import TemporaryDirectory from tempfile import TemporaryDirectory
from cryptography.x509.extensions import SubjectAlternativeName
from cryptography.x509.general_name import DNSName
from django.urls import reverse from django.urls import reverse
from rest_framework.test import APITestCase from rest_framework.test import APITestCase
@ -70,11 +72,43 @@ class TestCrypto(APITestCase):
def test_builder_api(self): def test_builder_api(self):
"""Test Builder (via API)""" """Test Builder (via API)"""
self.client.force_login(create_test_admin_user()) self.client.force_login(create_test_admin_user())
name = generate_id()
self.client.post( self.client.post(
reverse("authentik_api:certificatekeypair-generate"), reverse("authentik_api:certificatekeypair-generate"),
data={"common_name": "foo", "subject_alt_name": "bar,baz", "validity_days": 3}, data={"common_name": name, "subject_alt_name": "bar,baz", "validity_days": 3},
) )
self.assertTrue(CertificateKeyPair.objects.filter(name="foo").exists()) key = CertificateKeyPair.objects.filter(name=name).first()
self.assertIsNotNone(key)
ext: SubjectAlternativeName = key.certificate.extensions[0].value
self.assertIsInstance(ext, SubjectAlternativeName)
self.assertIsInstance(ext[0], DNSName)
self.assertEqual(ext[0].value, "bar")
self.assertIsInstance(ext[1], DNSName)
self.assertEqual(ext[1].value, "baz")
def test_builder_api_empty_san(self):
"""Test Builder (via API)"""
self.client.force_login(create_test_admin_user())
name = generate_id()
self.client.post(
reverse("authentik_api:certificatekeypair-generate"),
data={"common_name": name, "subject_alt_name": "", "validity_days": 3},
)
key = CertificateKeyPair.objects.filter(name=name).first()
self.assertIsNotNone(key)
self.assertEqual(len(key.certificate.extensions), 0)
def test_builder_api_empty_san_multiple(self):
"""Test Builder (via API)"""
self.client.force_login(create_test_admin_user())
name = generate_id()
self.client.post(
reverse("authentik_api:certificatekeypair-generate"),
data={"common_name": name, "subject_alt_name": ", ", "validity_days": 3},
)
key = CertificateKeyPair.objects.filter(name=name).first()
self.assertIsNotNone(key)
self.assertEqual(len(key.certificate.extensions), 0)
def test_builder_api_invalid(self): def test_builder_api_invalid(self):
"""Test Builder (via API) (invalid)""" """Test Builder (via API) (invalid)"""