Skip to content

Commit 8933faa

Browse files
glassercglasserc
committed
Extract mock_cert_extension
1 parent c7279e5 commit 8933faa

1 file changed

Lines changed: 22 additions & 26 deletions

File tree

tests/test_autograph_utils.py

Lines changed: 22 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -120,6 +120,21 @@ def mock_cert(real_cert):
120120
return mock_cert
121121

122122

123+
def mock_cert_extension(cert, extension_cls, value):
124+
old_extensions = cert.extensions
125+
126+
def get_extension_for_class_mock(query_cls):
127+
if query_cls == extension_cls:
128+
m = mock.Mock()
129+
m.value = value
130+
return m
131+
132+
return old_extensions.get_extension_for_class(query_cls)
133+
134+
cert.extensions = mock.Mock()
135+
cert.extensions.get_extension_for_class = get_extension_for_class_mock
136+
137+
123138
def test_decode_mozilla_hash():
124139
assert decode_mozilla_hash("4C:35:B1:C3") == b"\x4c\x35\xb1\xc3"
125140

@@ -355,21 +370,12 @@ async def test_verify_name_constraints_excludes(
355370
).value
356371

357372
# Reverse meaning of constraints.
358-
def get_extension_mock(x509_cls):
359-
if x509_cls == cryptography.x509.NameConstraints:
360-
reversed = mock.Mock()
361-
reversed.permitted_subtrees = real_constraints.excluded_subtrees
362-
reversed.excluded_subtrees = real_constraints.permitted_subtrees
363-
364-
m = mock.Mock()
365-
m.value = reversed
366-
return m
367-
368-
return real_intermediate.get_extension_for_class(x509_cls)
373+
reversed = mock.Mock()
374+
reversed.permitted_subtrees = real_constraints.excluded_subtrees
375+
reversed.excluded_subtrees = real_constraints.permitted_subtrees
369376

370377
intermediate = mock_cert(real_intermediate)
371-
intermediate.extensions = mock.Mock()
372-
intermediate.extensions.get_extension_for_class.side_effect = get_extension_mock
378+
mock_cert_extension(intermediate, cryptography.x509.NameConstraints, reversed)
373379
certs[1] = intermediate
374380

375381
leaf = certs[0]
@@ -396,21 +402,11 @@ async def test_verify_leaf_code_signing(
396402
# Change extended_key_usage for leaf cert
397403
real_leaf = certs[0]
398404
mock_leaf = mock_cert(real_leaf)
399-
400-
fake_uses = mock.Mock()
401-
fake_uses.value = [
405+
fake_uses = [
402406
cryptography.x509.oid.ExtendedKeyUsageOID.CODE_SIGNING,
403407
cryptography.x509.oid.ExtendedKeyUsageOID.TIME_STAMPING,
404408
]
405-
406-
def get_extensions(x509_cls):
407-
if x509_cls == cryptography.x509.ExtendedKeyUsage:
408-
return fake_uses
409-
410-
return real_leaf.extensions.get_extension_for_class(x509_cls)
411-
412-
mock_leaf.extensions = mock.Mock()
413-
mock_leaf.extensions.get_extension_for_class.side_effect = get_extensions
409+
mock_cert_extension(mock_leaf, cryptography.x509.ExtendedKeyUsage, fake_uses)
414410
certs[0] = mock_leaf
415411

416412
with mock.patch("cryptography.x509.load_pem_x509_certificate") as load_cert_mock:
@@ -424,7 +420,7 @@ def get_extensions(x509_cls):
424420
"Code Signing. "
425421
)
426422
assert excinfo.value.cert == mock_leaf
427-
assert excinfo.value.key_usage == fake_uses.value
423+
assert excinfo.value.key_usage == fake_uses
428424

429425

430426
def test_command_line_interface():

0 commit comments

Comments
 (0)