Skip to content
Permalink
Browse files

[auth] Add tests for the certificate chain validation routine

  • Loading branch information
elpaso committed Oct 25, 2017
1 parent 368b0df commit 006260b95d0c7496dd1dd7ce70699f97003ff4e7
Showing with 32 additions and 0 deletions.
  1. +32 −0 tests/src/python/test_qgsauthsystem.py
@@ -618,6 +618,38 @@ def test_140_cas_remove_self_signed(self):
for c in filtered:
self.assertFalse(c.isSelfSigned())

def test_150_verify_keychain(self):
"""Test the verify keychain function"""

def testChain(path):

# Test that a chain with an untrusted CA is not valid
self.assertTrue(len(QgsAuthCertUtils.validateCertChain(QgsAuthCertUtils.certsFromFile(path))) > 0)

# Test that a chain with an untrusted CA is valid when the addRootCa argumentis true
self.assertTrue(len(QgsAuthCertUtils.validateCertChain(QgsAuthCertUtils.certsFromFile(path), None, True)) == 0)

# Test that a chain with an untrusted CA is not valid when the addRootCa argumentis true
# and a wrong domainis true
self.assertTrue(len(QgsAuthCertUtils.validateCertChain(QgsAuthCertUtils.certsFromFile(path), 'my.wrong.domain', True)) > 0)

testChain(PKIDATA + '/chain_subissuer-issuer-root.pem')
testChain(PKIDATA + '/localhost_ssl_w-chain.pem')

path = PKIDATA + '/localhost_ssl_w-chain.pem'

# Test that a chain with an untrusted CA is not valid when the addRootCa argumentis true
# and a wrong domain is set
self.assertTrue(len(QgsAuthCertUtils.validateCertChain(QgsAuthCertUtils.certsFromFile(path), 'my.wrong.domain', True)) > 0)

# Test that a chain with an untrusted CA is not valid when the addRootCa argumentis true
# and a right domain is set
self.assertTrue(len(QgsAuthCertUtils.validateCertChain(QgsAuthCertUtils.certsFromFile(path), 'localhost', True)) == 0)

# Test that a chain with an untrusted CA is not valid when the addRootCa argument is false
# and a right domain is set
self.assertTrue(len(QgsAuthCertUtils.validateCertChain(QgsAuthCertUtils.certsFromFile(path), 'localhost', False)) > 0)


if __name__ == '__main__':
unittest.main()

0 comments on commit 006260b

Please sign in to comment.
You can’t perform that action at this time.