Improve test routines for modules that use certificate extensions (#80)

Improve test routines for modules that use certificate extensions

10 files changed, 44 insertions, 1 deletions

diff --git a/CHANGES.txt b/CHANGES.txt
index 1b4c178..d542559 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -2,6 +2,7 @@
 Revision 0.2.8, released XX-XX-2019
 -----------------------------------
 
+- Improve test routines for modules that use certificate extensions
 - Added RFC7633 providing TLS Features Certificate Extension
 
 Revision 0.2.7, released 09-10-2019
diff --git a/tests/test_rfc3709.py b/tests/test_rfc3709.py
index 56753cc..e115391 100644
--- a/tests/test_rfc3709.py
+++ b/tests/test_rfc3709.py
@@ -52,7 +52,9 @@ Pj22pmfmQi5w21UljqoTj/+lQLkU3wfy5BdVKBwI0GfEA+YL3ctSzPNqAA==
         assert asn1Object.prettyPrint()
         assert der_encoder.encode(asn1Object) == substrate
 
+        extn_list = [ ]
         for extn in asn1Object['tbsCertificate']['extensions']:
+            extn_list.append(extn['extnID'])
 
             if extn['extnID'] == rfc3709.id_pe_logotype:
                 s = extn['extnValue']
@@ -64,6 +66,8 @@ Pj22pmfmQi5w21UljqoTj/+lQLkU3wfy5BdVKBwI0GfEA+YL3ctSzPNqAA==
                 assert ids['mediaType'] == "image/png"
                 assert ids['logotypeURI'][0] == "http://www.vigilsec.com/vigilsec_logo.png"
 
+        assert rfc3709.id_pe_logotype in extn_list
+
     def testExtensionsMap(self):
         substrate = pem.readBase64fromText(self.pem_text)
         asn1Object, rest = der_decoder.decode(substrate, asn1Spec=self.asn1Spec)
diff --git a/tests/test_rfc3770.py b/tests/test_rfc3770.py
index 775dc75..df6e0dc 100644
--- a/tests/test_rfc3770.py
+++ b/tests/test_rfc3770.py
@@ -69,7 +69,9 @@ DAlVlhox680Jxy5J8Pkx
         assert spki_alg['algorithm'] == rfc5480.id_ecPublicKey
         assert spki_alg['parameters']['namedCurve'] == rfc5480.secp384r1
 
+        extn_list = [ ]
         for extn in asn1Object['tbsCertificate']['extensions']:
+            extn_list.append(extn['extnID'])
             if extn['extnID'] in rfc5280.certificateExtensionsMap.keys():
                 extnValue, rest = der_decode(extn['extnValue'],
                     asn1Spec=rfc5280.certificateExtensionsMap[extn['extnID']])
@@ -82,6 +84,9 @@ DAlVlhox680Jxy5J8Pkx
                      assert rfc3770.id_kp_eapOverLAN in extnValue
                      assert rfc3770.id_kp_eapOverPPP in extnValue
 
+        assert rfc3770.id_pe_wlanSSID in extn_list
+        assert rfc5280.id_ce_extKeyUsage in extn_list
+
 
 suite = unittest.TestLoader().loadTestsFromModule(sys.modules[__name__])
 
diff --git a/tests/test_rfc3779.py b/tests/test_rfc3779.py
index 32f0ca3..af90376 100644
--- a/tests/test_rfc3779.py
+++ b/tests/test_rfc3779.py
@@ -58,7 +58,9 @@ V+vo2L72yerdbsP9xjqvhZrLKfsLZjYK4SdYYthi
         assert asn1Object.prettyPrint()
         assert der_encoder.encode(asn1Object) == substrate
 
+        extn_list = [ ]
         for extn in asn1Object['tbsCertificate']['extensions']:
+            extn_list.append(extn['extnID'])
 
             if extn['extnID'] == rfc3779.id_pe_ipAddrBlocks:
                 s = extn['extnValue']
@@ -74,6 +76,10 @@ V+vo2L72yerdbsP9xjqvhZrLKfsLZjYK4SdYYthi
                 assert as_ids.prettyPrint()
                 assert der_encoder.encode(as_ids) == s
 
+        assert rfc3779.id_pe_ipAddrBlocks in extn_list
+        assert rfc3779.id_pe_autonomousSysIds in extn_list
+
+
     def testExtensionsMap(self):
         substrate = pem.readBase64fromText(self.pem_text)
         asn1Object, rest = der_decoder.decode(substrate, asn1Spec=self.asn1Spec)
diff --git a/tests/test_rfc5280.py b/tests/test_rfc5280.py
index ce9ec8d..9802ef9 100644
--- a/tests/test_rfc5280.py
+++ b/tests/test_rfc5280.py
@@ -182,6 +182,7 @@ vjnIhxTFoCb5vA==
                 else:
                     assert len(atv['value']['printableString']) > 9
 
+        crl_extn_count = 0
         for extn in asn1Object['tbsCertList']['crlExtensions']:
             if extn['extnID'] in rfc5280.certificateExtensionsMap.keys():
                 ev, rest = der_decode(extn['extnValue'],
@@ -189,6 +190,8 @@ vjnIhxTFoCb5vA==
                 assert not rest
                 assert ev.prettyPrint()
                 assert der_encode(ev) == extn['extnValue']
+                crl_extn_count += 1
+        assert crl_extn_count == 1
 
     def testExtensionsMap(self):
         substrate = pem.readBase64fromText(self.pem_text)
@@ -197,12 +200,14 @@ vjnIhxTFoCb5vA==
         assert asn1Object.prettyPrint()
         assert der_encode(asn1Object) == substrate
 
+        cert_extn_count = 0
         for extn in asn1Object['tbsCertList']['crlExtensions']:
             if extn['extnID'] in rfc5280.certificateExtensionsMap.keys():
                 extnValue, rest = der_decode(extn['extnValue'],
                     asn1Spec=rfc5280.certificateExtensionsMap[extn['extnID']])
                 assert der_encode(extnValue) == extn['extnValue']
-
+                cert_extn_count += 1
+        assert cert_extn_count == 1
 
 class ORAddressOpenTypeTestCase(unittest.TestCase):
     oraddress_pem_text = """\
diff --git a/tests/test_rfc7633.py b/tests/test_rfc7633.py
index aca90c2..de17cda 100644
--- a/tests/test_rfc7633.py
+++ b/tests/test_rfc7633.py
@@ -60,7 +60,9 @@ AOQSxhs011emVxyBIXT0ZGbmBY8LFRh6eGIOCAJbkM5T
         assert asn1Object.prettyPrint()
         assert der_encode(asn1Object) == substrate
 
+        extn_list = [ ]
         for extn in asn1Object['tbsCertificate']['extensions']:
+            extn_list.append(extn['extnID'])
             if extn['extnID'] == rfc7633.id_pe_tlsfeature:
                 s = extn['extnValue']
                 features, rest = der_decode(s,
@@ -72,6 +74,8 @@ AOQSxhs011emVxyBIXT0ZGbmBY8LFRh6eGIOCAJbkM5T
                 assert len(features) == 1
                 assert features[0] == 5
 
+        assert rfc7633.id_pe_tlsfeature in extn_list
+
 
 suite = unittest.TestLoader().loadTestsFromModule(sys.modules[__name__])
 
diff --git a/tests/test_rfc7773.py b/tests/test_rfc7773.py
index 393187f..37765f0 100644
--- a/tests/test_rfc7773.py
+++ b/tests/test_rfc7773.py
@@ -92,7 +92,10 @@ tAGXsYdcuQpglUngmo/FV4Z9qjIDkYQ=
         assert asn1Object.prettyPrint()
         assert der_encode(asn1Object) == substrate
 
+        extn_list = [ ]
         for extn in asn1Object['tbsCertificate']['extensions']:
+            extn_list.append(extn['extnID'])
+
             if extn['extnID'] == rfc7773.id_ce_authContext:
                 s = extn['extnValue']
                 acs, rest = der_decode(s,
@@ -104,6 +107,8 @@ tAGXsYdcuQpglUngmo/FV4Z9qjIDkYQ=
                 assert u'id.elegnamnden.se' in acs[0]['contextType']
                 assert u'AuthContextInfo IdentityProvider' in acs[0]['contextInfo']
 
+        assert rfc7773.id_ce_authContext in extn_list
+
 
 suite = unittest.TestLoader().loadTestsFromModule(sys.modules[__name__])
 
diff --git a/tests/test_rfc8209.py b/tests/test_rfc8209.py
index 1eb2efd..4c72f76 100644
--- a/tests/test_rfc8209.py
+++ b/tests/test_rfc8209.py
@@ -43,7 +43,9 @@ OCRdZCk1KI3uDDgp
         assert asn1Object.prettyPrint()
         assert der_encode(asn1Object) == substrate
 
+        extn_list = [ ]
         for extn in asn1Object['tbsCertificate']['extensions']:
+            extn_list.append(extn['extnID'])
             if extn['extnID'] in rfc5280.certificateExtensionsMap.keys():
                 extnValue, rest = der_decode(extn['extnValue'],
                     asn1Spec=rfc5280.certificateExtensionsMap[extn['extnID']])
@@ -52,6 +54,8 @@ OCRdZCk1KI3uDDgp
                 if extn['extnID'] == rfc5280.id_ce_extKeyUsage:
                      assert rfc8209.id_kp_bgpsec_router in extnValue
 
+        assert rfc5280.id_ce_extKeyUsage in extn_list
+
 
 suite = unittest.TestLoader().loadTestsFromModule(sys.modules[__name__])
 
diff --git a/tests/test_rfc8226.py b/tests/test_rfc8226.py
index 69fd438..8993ae1 100644
--- a/tests/test_rfc8226.py
+++ b/tests/test_rfc8226.py
@@ -77,7 +77,9 @@ yEFWA6G95b/HbtPMTjLpPKtrOjhofc4LyVCDYhFhKzpvHh1qeA==
         assert asn1Object.prettyPrint()
         assert der_encoder.encode(asn1Object) == substrate
 
+        extn_list = [ ]
         for extn in asn1Object['tbsCertificate']['extensions']:
+            extn_list.append(extn['extnID'])
             if extn['extnID'] in rfc5280.certificateExtensionsMap.keys():
                 extnValue, rest = der_decoder.decode(extn['extnValue'],
                     asn1Spec=rfc5280.certificateExtensionsMap[extn['extnID']])
@@ -86,6 +88,7 @@ yEFWA6G95b/HbtPMTjLpPKtrOjhofc4LyVCDYhFhKzpvHh1qeA==
                 if extn['extnID'] == rfc8226.id_pe_TNAuthList:
                     assert extnValue[0]['spc'] == 'fake'
 
+        assert rfc8226.id_pe_TNAuthList in extn_list
 
 suite = unittest.TestLoader().loadTestsFromModule(sys.modules[__name__])
 
diff --git a/tests/test_rfc8520.py b/tests/test_rfc8520.py
index 4612f3a..884ef09 100644
--- a/tests/test_rfc8520.py
+++ b/tests/test_rfc8520.py
@@ -63,7 +63,10 @@ izaUuU1EEwgOMELjeFL62Ssvq8X+x6hZFCLygI7GNeitlblNhCXhFFurqMs=
         assert asn1Object.prettyPrint()
         assert der_encode(asn1Object) == substrate
 
+        extn_list = [ ]
         for extn in asn1Object['tbsCertificate']['extensions']:
+            extn_list.append(extn['extnID'])
+
             if extn['extnID'] == rfc8520.id_pe_mudsigner:
                 mudsigner, rest = der_decode(extn['extnValue'], rfc8520.MUDsignerSyntax())
                 assert der_encode(mudsigner) == extn['extnValue']
@@ -82,6 +85,9 @@ izaUuU1EEwgOMELjeFL62Ssvq8X+x6hZFCLygI7GNeitlblNhCXhFFurqMs=
 
                 assert mudurl[-5:] == ".json"
 
+        assert rfc8520.id_pe_mudsigner in extn_list
+        assert rfc8520.id_pe_mud_url in extn_list
+
     def testExtensionsMap(self):
         substrate = pem.readBase64fromText(self.mud_cert_pem_text)
         asn1Object, rest = der_decode(substrate, asn1Spec=self.asn1Spec)