commit 423768361e3b5ea6a39819d512ca72ce176d151d
author Paul Kehrer <paul.l.kehrer@gmail.com> Wed Jul 01 18:10:32 2015 -0500
committer Paul Kehrer <paul.l.kehrer@gmail.com> Wed Jul 01 20:17:17 2015 -0500
tree f616a48bd600d4b44e1180b81c1641a24c2693e3
parent 246fc85526af4d5e48ca827ecb6baa3e8331f77d

name constraints - support leading periods

tests/test_x509_ext.py

diff --git a/tests/test_x509_ext.py b/tests/test_x509_ext.py
index 15ee118..0ef84e7 100644
--- a/tests/test_x509_ext.py
+++ b/tests/test_x509_ext.py
@@ -2076,6 +2076,44 @@
             excluded_subtrees=None
         )
 
+    def test_permitted_with_leading_period(self, backend):
+        cert = _load_cert(
+            os.path.join(
+                "x509", "custom", "nc_permitted.pem"
+            ),
+            x509.load_pem_x509_certificate,
+            backend
+        )
+        nc = cert.extensions.get_extension_for_oid(
+            x509.OID_NAME_CONSTRAINTS
+        ).value
+        assert nc == x509.NameConstraints(
+            permitted_subtrees=[
+                x509.DNSName(u".cryptography.io"),
+                x509.UniformResourceIdentifier(u"ftp://cryptography.test")
+            ],
+            excluded_subtrees=None
+        )
+
+    def test_excluded_with_leading_period(self, backend):
+        cert = _load_cert(
+            os.path.join(
+                "x509", "custom", "nc_excluded.pem"
+            ),
+            x509.load_pem_x509_certificate,
+            backend
+        )
+        nc = cert.extensions.get_extension_for_oid(
+            x509.OID_NAME_CONSTRAINTS
+        ).value
+        assert nc == x509.NameConstraints(
+            permitted_subtrees=None,
+            excluded_subtrees=[
+                x509.DNSName(u".cryptography.io"),
+                x509.UniformResourceIdentifier(u"gopher://cryptography.test")
+            ]
+        )
+
 
 class TestDistributionPoint(object):
     def test_distribution_point_full_name_not_general_names(self):