32 lines
1.0 KiB
Python
32 lines
1.0 KiB
Python
"""Tests for SAN validation and CLI rejection of invalid SANs."""
|
|
import pytest
|
|
from certctl.csr import normalize_and_validate_san
|
|
|
|
|
|
def test_normalize_dns():
|
|
assert normalize_and_validate_san("www.example.com") == "DNS:www.example.com"
|
|
assert normalize_and_validate_san("DNS:www.example.com") == "DNS:www.example.com"
|
|
|
|
|
|
def test_normalize_ip():
|
|
assert normalize_and_validate_san("10.2.3.4") == "IP:10.2.3.4"
|
|
assert normalize_and_validate_san("IP:10.2.3.4") == "IP:10.2.3.4"
|
|
|
|
|
|
def test_invalid_san_raises():
|
|
with pytest.raises(ValueError):
|
|
normalize_and_validate_san("*invalid_hostname*")
|
|
|
|
|
|
def test_cli_rejects_bad_san(tmp_path):
|
|
# Generate a key
|
|
from certctl import keygen, cli
|
|
key_pem = keygen.generate_private_key(kind="rsa", bits=1024)
|
|
key_file = tmp_path / "k.pem"
|
|
key_file.write_text(key_pem)
|
|
|
|
out = tmp_path / "req.csr"
|
|
rc = cli.main(["csr", "create", "--key-file", str(key_file), "--subject", "/C=US/CN=example.com", "--san", "bad@@@", "--out", str(out)])
|
|
assert rc != 0
|
|
assert not out.exists()
|