Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / asn1crypto / 08c60fa10e6b604c1be9ab4227d338897cedbf68 / . / tests / test_x509.py
blob: a1868b866d38ccd8f6124e35c71c76b91886bcab [file] [log] [blame]
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]1# coding: utf-8
2from __future__ import unicode_literals
3
4import unittest
5import sys
6import os
7from collections import OrderedDict
8from datetime import datetime
9
10from asn1crypto import x509, core
11
12if sys.version_info < (3,):
13 byte_cls = str
14else:
15 byte_cls = bytes
16
17
18tests_root = os.path.dirname(__file__)
19fixtures_dir = os.path.join(tests_root, 'fixtures')
20
21
22
23class X509Tests(unittest.TestCase):
24
wbond8bb77d02015-07-13 17:44:29 -0400[diff] [blame]25 def test_extensions(self):
26 with open(os.path.join(fixtures_dir, 'keys/test-der.crt'), 'rb') as f:
27 cert = x509.Certificate.load(f.read())
28
29 self.assertEqual([], cert.critical_extensions)
30 self.assertEqual(b'\xbeB\x85=\xcc\xff\xe3\xf9(\x02\x8f~XV\xb4\xfd\x03\\\xeaK', cert.key_identifier_value.native)
31 self.assertEqual(None, cert.key_usage_value)
32 self.assertEqual(None, cert.subject_alt_name_value)
33 self.assertEqual(True, cert.basic_constraints_value['ca'].native)
34 self.assertEqual(None, cert.basic_constraints_value['path_len_constraint'].native)
35 self.assertEqual(None, cert.name_constraints_value)
36 self.assertEqual(None, cert.crl_distribution_points_value)
37 self.assertEqual(None, cert.certificate_policies_value)
38 self.assertEqual(None, cert.policy_mappings_value)
39 self.assertEqual(b'\xbeB\x85=\xcc\xff\xe3\xf9(\x02\x8f~XV\xb4\xfd\x03\\\xeaK', cert.authority_key_identifier_value['key_identifier'].native)
40 self.assertEqual(None, cert.policy_constraints_value)
41 self.assertEqual(None, cert.extended_key_usage_value)
wbond08c60fa2015-07-13 23:02:13 -0400[diff] [blame^]42 self.assertEqual(None, cert.authority_information_access_value)
wbond8bb77d02015-07-13 17:44:29 -0400[diff] [blame]43 self.assertEqual(None, cert.ocsp_no_check_value)
44
45 def test_extensions2(self):
46 with open(os.path.join(fixtures_dir, 'keys/test-inter-der.crt'), 'rb') as f:
47 cert = x509.Certificate.load(f.read())
48
49 self.assertEqual([], cert.critical_extensions)
50 self.assertEqual(b'\xd2\n\xfd.%\xd1\xb7!\xd7P~\xbb\xa4}\xbf4\xefR^\x02', cert.key_identifier_value.native)
51 self.assertEqual(None, cert.key_usage_value)
52 self.assertEqual(None, cert.subject_alt_name_value)
53 self.assertEqual(True, cert.basic_constraints_value['ca'].native)
54 self.assertEqual(None, cert.basic_constraints_value['path_len_constraint'].native)
55 self.assertEqual(None, cert.name_constraints_value)
56 self.assertEqual(None, cert.crl_distribution_points_value)
57 self.assertEqual(None, cert.certificate_policies_value)
58 self.assertEqual(None, cert.policy_mappings_value)
59 self.assertEqual(b'\xbeB\x85=\xcc\xff\xe3\xf9(\x02\x8f~XV\xb4\xfd\x03\\\xeaK', cert.authority_key_identifier_value['key_identifier'].native)
60 self.assertEqual(None, cert.policy_constraints_value)
61 self.assertEqual(None, cert.extended_key_usage_value)
wbond08c60fa2015-07-13 23:02:13 -0400[diff] [blame^]62 self.assertEqual(None, cert.authority_information_access_value)
wbond8bb77d02015-07-13 17:44:29 -0400[diff] [blame]63 self.assertEqual(None, cert.ocsp_no_check_value)
64
65 def test_extensions3(self):
66 with open(os.path.join(fixtures_dir, 'keys/test-third-der.crt'), 'rb') as f:
67 cert = x509.Certificate.load(f.read())
68
69 self.assertEqual([], cert.critical_extensions)
70 self.assertEqual(b'D8\xe0\xe0&\x85\xbf\x98\x86\xdc\x1b\xe1\x1d\xf520\xbe\xab\xac\r', cert.key_identifier_value.native)
71 self.assertEqual(None, cert.key_usage_value)
72 self.assertEqual(None, cert.subject_alt_name_value)
73 self.assertEqual(None, cert.basic_constraints_value)
74 self.assertEqual(None, cert.name_constraints_value)
75 self.assertEqual(None, cert.crl_distribution_points_value)
76 self.assertEqual(None, cert.certificate_policies_value)
77 self.assertEqual(None, cert.policy_mappings_value)
78 self.assertEqual(b'\xd2\n\xfd.%\xd1\xb7!\xd7P~\xbb\xa4}\xbf4\xefR^\x02', cert.authority_key_identifier_value['key_identifier'].native)
79 self.assertEqual(None, cert.policy_constraints_value)
80 self.assertEqual(None, cert.extended_key_usage_value)
wbond08c60fa2015-07-13 23:02:13 -0400[diff] [blame^]81 self.assertEqual(None, cert.authority_information_access_value)
wbond8bb77d02015-07-13 17:44:29 -0400[diff] [blame]82 self.assertEqual(None, cert.ocsp_no_check_value)
83
84 def test_extensions4(self):
85 with open(os.path.join(fixtures_dir, 'geotrust_certs/GeoTrust_Universal_CA.crt'), 'rb') as f:
86 cert = x509.Certificate.load(f.read())
87
88 self.assertEqual(['basic_constraints', 'key_usage'], cert.critical_extensions)
89 self.assertEqual(b'\xda\xbb.\xaa\xb0\x0c\xb8\x88&Qt\\m\x03\xd3\xc0\xd8\x8fz\xd6', cert.key_identifier_value.native)
90 self.assertEqual(
91 OrderedDict([
92 ('digital_signature', True),
93 ('non_repudiation', False),
94 ('key_encipherment', False),
95 ('data_encipherment', False),
96 ('key_agreement', False),
97 ('key_cert_sign', True),
98 ('crl_sign', True),
99 ('encipher_only', False),
100 ('decipher_only', False),
101 ]),
102 cert.key_usage_value.native
103 )
104 self.assertEqual(None, cert.subject_alt_name_value)
105 self.assertEqual(
106 OrderedDict([
107 ('ca', True),
108 ('path_len_constraint', None),
109 ]),
110 cert.basic_constraints_value.native
111 )
112 self.assertEqual(None, cert.name_constraints_value)
113 self.assertEqual(None, cert.crl_distribution_points_value)
114 self.assertEqual(None, cert.certificate_policies_value)
115 self.assertEqual(None, cert.policy_mappings_value)
116 self.assertEqual(b'\xda\xbb.\xaa\xb0\x0c\xb8\x88&Qt\\m\x03\xd3\xc0\xd8\x8fz\xd6', cert.authority_key_identifier_value['key_identifier'].native)
117 self.assertEqual(None, cert.policy_constraints_value)
118 self.assertEqual(None, cert.extended_key_usage_value)
wbond08c60fa2015-07-13 23:02:13 -0400[diff] [blame^]119 self.assertEqual(None, cert.authority_information_access_value)
wbond8bb77d02015-07-13 17:44:29 -0400[diff] [blame]120 self.assertEqual(None, cert.ocsp_no_check_value)
121
122 def test_extensions5(self):
123 with open(os.path.join(fixtures_dir, 'geotrust_certs/GeoTrust_Primary_CA.crt'), 'rb') as f:
124 cert = x509.Certificate.load(f.read())
125
126 self.assertEqual(['basic_constraints', 'key_usage'], cert.critical_extensions)
127 self.assertEqual(b',\xd5PA\x97\x15\x8b\xf0\x8f6a[J\xfbk\xd9\x99\xc93\x92', cert.key_identifier_value.native)
128 self.assertEqual(
129 OrderedDict([
130 ('digital_signature', True),
131 ('non_repudiation', True),
132 ('key_encipherment', False),
133 ('data_encipherment', False),
134 ('key_agreement', False),
135 ('key_cert_sign', False),
136 ('crl_sign', False),
137 ('encipher_only', False),
138 ('decipher_only', False),
139 ]),
140 cert.key_usage_value.native
141 )
142 self.assertEqual(None, cert.subject_alt_name_value)
143 self.assertEqual(True, cert.basic_constraints_value['ca'].native)
144 self.assertEqual(None, cert.basic_constraints_value['path_len_constraint'].native)
145 self.assertEqual(None, cert.name_constraints_value)
146 self.assertEqual(None, cert.crl_distribution_points_value)
147 self.assertEqual(None, cert.certificate_policies_value)
148 self.assertEqual(None, cert.policy_mappings_value)
149 self.assertEqual(None, cert.authority_key_identifier_value)
150 self.assertEqual(None, cert.policy_constraints_value)
151 self.assertEqual(None, cert.extended_key_usage_value)
wbond08c60fa2015-07-13 23:02:13 -0400[diff] [blame^]152 self.assertEqual(None, cert.authority_information_access_value)
wbond8bb77d02015-07-13 17:44:29 -0400[diff] [blame]153 self.assertEqual(None, cert.ocsp_no_check_value)
154
155 def test_extensions6(self):
156 with open(os.path.join(fixtures_dir, 'geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt'), 'rb') as f:
157 cert = x509.Certificate.load(f.read())
158
159 self.assertEqual(['basic_constraints', 'key_usage'], cert.critical_extensions)
160 self.assertEqual(b'\xde\xcf\\P\xb7\xae\x02\x1f\x15\x17\xaa\x16\xe8\r\xb5(\x9djZ\xf3', cert.key_identifier_value.native)
161 self.assertEqual(
162 OrderedDict([
163 ('digital_signature', True),
164 ('non_repudiation', True),
165 ('key_encipherment', False),
166 ('data_encipherment', False),
167 ('key_agreement', False),
168 ('key_cert_sign', False),
169 ('crl_sign', False),
170 ('encipher_only', False),
171 ('decipher_only', False),
172 ]),
173 cert.key_usage_value.native
174 )
175 self.assertEqual(
176 [
177 OrderedDict([
178 ('common_name', 'SymantecPKI-1-538')
179 ])
180 ],
181 cert.subject_alt_name_value.native
182 )
183 self.assertEqual(True, cert.basic_constraints_value['ca'].native)
184 self.assertEqual(0, cert.basic_constraints_value['path_len_constraint'].native)
185 self.assertEqual(None, cert.name_constraints_value)
186 self.assertEqual(
187 [
188 OrderedDict([
189 ('distribution_point', ['http://g1.symcb.com/GeoTrustPCA.crl']),
190 ('reasons', None),
191 ('crl_issuer', None)
192 ])
193 ],
194 cert.crl_distribution_points_value.native
195 )
196 self.assertEqual(
197 [
198 OrderedDict([
199 ('policy_identifier', 'any_policy'),
200 (
201 'policy_qualifiers',
202 [
203 OrderedDict([
204 ('policy_qualifier_id', 'certification_practice_statement'),
205 ('qualifier', 'https://www.geotrust.com/resources/cps')
206 ])
207 ]
208 )
209 ])
210 ],
211 cert.certificate_policies_value.native
212 )
213 self.assertEqual(None, cert.policy_mappings_value)
214 self.assertEqual(b',\xd5PA\x97\x15\x8b\xf0\x8f6a[J\xfbk\xd9\x99\xc93\x92', cert.authority_key_identifier_value['key_identifier'].native)
215 self.assertEqual(None, cert.policy_constraints_value)
216 self.assertEqual(None, cert.extended_key_usage_value)
wbond08c60fa2015-07-13 23:02:13 -0400[diff] [blame^]217 self.assertEqual(
218 [
219 OrderedDict([
220 ('access_method', 'ocsp'),
221 ('access_location', 'http://g2.symcb.com')
222 ])
223 ],
224 cert.authority_information_access_value.native
225 )
wbond8bb77d02015-07-13 17:44:29 -0400[diff] [blame]226 self.assertEqual(None, cert.ocsp_no_check_value)
227
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]228 def test_parse_certificate(self):
229 with open(os.path.join(fixtures_dir, 'keys/test-der.crt'), 'rb') as f:
230 cert = x509.Certificate.load(f.read())
231
232 tbs_certificate = cert['tbs_certificate']
233 signature = tbs_certificate['signature']
234 issuer = tbs_certificate['issuer']
235 validity = tbs_certificate['validity']
236 subject = tbs_certificate['subject']
237 subject_public_key_info = tbs_certificate['subject_public_key_info']
238 subject_public_key_algorithm = subject_public_key_info['algorithm']
239 subject_public_key = subject_public_key_info['public_key'].parsed
240 extensions = tbs_certificate['extensions']
241
242 self.assertEqual(
243 'v3',
244 tbs_certificate['version'].native
245 )
246 self.assertEqual(
247 13683582341504654466,
248 tbs_certificate['serial_number'].native
249 )
250 self.assertEqual(
251 'sha256_rsa',
252 signature['algorithm'].native
253 )
254 self.assertEqual(
255 None,
256 signature['parameters'].native
257 )
258 self.assertEqual(
259 OrderedDict([
260 ('country_name', 'US'),
261 ('state_or_province_name', 'Massachusetts'),
262 ('locality_name', 'Newbury'),
263 ('organization_name', 'Codex Non Sufficit LC'),
264 ('organizational_unit_name', 'Testing'),
265 ('common_name', 'Will Bond'),
266 ('email_address', 'will@codexns.io'),
267 ]),
268 issuer.native
269 )
270 self.assertEqual(
271 datetime(2015, 5, 6, 14, 37, 16, tzinfo=core.timezone.utc),
272 validity['not_before'].native
273 )
274 self.assertEqual(
275 datetime(2025, 5, 3, 14, 37, 16, tzinfo=core.timezone.utc),
276 validity['not_after'].native
277 )
278 self.assertEqual(
279 OrderedDict([
280 ('country_name', 'US'),
281 ('state_or_province_name', 'Massachusetts'),
282 ('locality_name', 'Newbury'),
283 ('organization_name', 'Codex Non Sufficit LC'),
284 ('organizational_unit_name', 'Testing'),
285 ('common_name', 'Will Bond'),
286 ('email_address', 'will@codexns.io'),
287 ]),
288 subject.native
289 )
290 self.assertEqual(
291 'rsa',
292 subject_public_key_algorithm['algorithm'].native
293 )
294 self.assertEqual(
295 None,
296 subject_public_key_algorithm['parameters'].native
297 )
298 self.assertEqual(
299 23903990516906431865559598284199534387004799030432486061102966678620221767754702651554142956492614440585611990224871381291841413369032752409360196079700921141819811294444393525264295297988924243231844876926173670633422654261873814968313363171188082579071492839040415373948505938897419917635370450127498164824808630475648771544810334682447182123219422360569466851807131368135806769502898151721274383486320505905826683946456552230958810028663378886363555981449715929872558073101554364803925363048965464124465016494920967179276744892632783712377912841537032383450409486298694116013299423220523450956288827030007092359007,
300 subject_public_key['modulus'].native
301 )
302 self.assertEqual(
303 65537,
304 subject_public_key['public_exponent'].native
305 )
306 self.assertEqual(
307 None,
308 tbs_certificate['issuer_unique_id'].native
309 )
310 self.assertIsInstance(
311 tbs_certificate['issuer_unique_id'],
312 core.NoValue
313 )
314 self.assertEqual(
315 None,
316 tbs_certificate['subject_unique_id'].native
317 )
318 self.assertIsInstance(
319 tbs_certificate['subject_unique_id'],
320 core.NoValue
321 )
322
323 self.maxDiff = None
324 for extension in extensions:
325 self.assertIsInstance(
326 extension,
327 x509.Extension
328 )
329 self.assertEqual(
330 [
331 OrderedDict([
332 ('extn_id', 'key_identifier'),
333 ('critical', False),
334 ('extn_value', b'\xBE\x42\x85\x3D\xCC\xFF\xE3\xF9\x28\x02\x8F\x7E\x58\x56\xB4\xFD\x03\x5C\xEA\x4B'),
335 ]),
336 OrderedDict([
337 ('extn_id', 'authority_key_identifier'),
338 ('critical', False),
339 (
340 'extn_value',
341 OrderedDict([
342 ('key_identifier', b'\xBE\x42\x85\x3D\xCC\xFF\xE3\xF9\x28\x02\x8F\x7E\x58\x56\xB4\xFD\x03\x5C\xEA\x4B'),
343 (
344 'authority_cert_issuer',
345 [
346 OrderedDict([
347 ('country_name', 'US'),
348 ('state_or_province_name', 'Massachusetts'),
349 ('locality_name', 'Newbury'),
350 ('organization_name', 'Codex Non Sufficit LC'),
351 ('organizational_unit_name', 'Testing'),
352 ('common_name', 'Will Bond'),
353 ('email_address', 'will@codexns.io'),
354 ])
355 ]
356 ),
357 ('authority_cert_serial_number', 13683582341504654466),
358 ])
359 ),
360 ]),
361 OrderedDict([
362 ('extn_id', 'basic_constraints'),
363 ('critical', False),
364 (
365 'extn_value',
366 OrderedDict([
367 ('ca', True),
368 ('path_len_constraint', None)
369 ])
370 ),
371 ]),
372 ],
373 extensions.native
374 )
375
376 def test_parse_dsa_certificate(self):
377 with open(os.path.join(fixtures_dir, 'keys/test-dsa-der.crt'), 'rb') as f:
378 cert = x509.Certificate.load(f.read())
379
380 tbs_certificate = cert['tbs_certificate']
381 signature = tbs_certificate['signature']
382 issuer = tbs_certificate['issuer']
383 validity = tbs_certificate['validity']
384 subject = tbs_certificate['subject']
385 subject_public_key_info = tbs_certificate['subject_public_key_info']
386 subject_public_key_algorithm = subject_public_key_info['algorithm']
387 subject_public_key = subject_public_key_info['public_key'].parsed
388 extensions = tbs_certificate['extensions']
389
390 self.assertEqual(
391 'v3',
392 tbs_certificate['version'].native
393 )
394 self.assertEqual(
395 14308214745771946523,
396 tbs_certificate['serial_number'].native
397 )
398 self.assertEqual(
399 'sha256_dsa',
400 signature['algorithm'].native
401 )
402 self.assertEqual(
403 None,
404 signature['parameters'].native
405 )
406 self.assertEqual(
407 OrderedDict([
408 ('country_name', 'US'),
409 ('state_or_province_name', 'Massachusetts'),
410 ('locality_name', 'Newbury'),
411 ('organization_name', 'Codex Non Sufficit LC'),
412 ('organizational_unit_name', 'Testing'),
413 ('common_name', 'Will Bond'),
414 ('email_address', 'will@codexns.io'),
415 ]),
416 issuer.native
417 )
418 self.assertEqual(
419 datetime(2015, 5, 20, 13, 9, 2, tzinfo=core.timezone.utc),
420 validity['not_before'].native
421 )
422 self.assertEqual(
423 datetime(2025, 5, 17, 13, 9, 2, tzinfo=core.timezone.utc),
424 validity['not_after'].native
425 )
426 self.assertEqual(
427 OrderedDict([
428 ('country_name', 'US'),
429 ('state_or_province_name', 'Massachusetts'),
430 ('locality_name', 'Newbury'),
431 ('organization_name', 'Codex Non Sufficit LC'),
432 ('organizational_unit_name', 'Testing'),
433 ('common_name', 'Will Bond'),
434 ('email_address', 'will@codexns.io'),
435 ]),
436 subject.native
437 )
438 self.assertEqual(
439 'dsa',
440 subject_public_key_algorithm['algorithm'].native
441 )
442 self.assertEqual(
443 OrderedDict([
444 ('p', 4511743893397705393934377497936985478231822206263141826261443300639402520800626925517264115785551703273809312112372693877437137848393530691841757974971843334497076835630893064661599193178307024379015589119302113551197423138934242435710226975119594589912289060014025377813473273600967729027125618396732574594753039493158066887433778053086408525146692226448554390096911703556213619406958876388642882534250747780313634767409586007581976273681005928967585750017105562145167146445061803488570714706090280814293902464230717946651489964409785146803791743658888866280873858000476717727810363942159874283767926511678640730707887895260274767195555813448140889391762755466967436731106514029224490921857229134393798015954890071206959203407845438863870686180087606429828973298318856683615900474921310376145478859687052812749087809700610549251964102790514588562086548577933609968589710807989944739877028770343142449461177732058649962678857),
445 ('q', 71587850165936478337655415373676526523562874562337607790945426056266440596923),
446 ('g', 761437146067908309288345767887973163494473925243194806582679580640442238588269326525839153095505341738937595419375068472941615006110237832663093084973431440436421580371384720052414080562019831325744042316268714195397974084616335082272743706567701546951285088540646372701485690904535540223121118329044403681933304838754517522024738251994717369464179515923093116622352823578284891812676662979104509631349201801577889230316128523885862472086364717411346341249139971907827526291913249445756671582283459372536334490171231311487207683108274785825764378203622999309355578169139646003751751448501475767709869676880946562283552431757983801739671783678927397420797147373441051876558068212062253171347849380506793433921881336652424898488378657239798694995315456959568806256079056461448199493507273882763491729787817044805150879660784158902456811649964987582162907020243296662602990514615480712948126671999033658064244112238138589732202),
447 ]),
448 subject_public_key_algorithm['parameters'].native
449 )
450 self.assertEqual(
451 934231235067929794039535952071098031636053793876274937162425423023735221571983693370780054696865229184537343792766496068557051933738826401423094028670222490622041397241325320965905259541032379046252395145258594355589801644789631904099105867133976990593761395721476198083091062806327384261369876465927159169400428623265291958463077792777155465482611741502621885386691681062128487785344975981628995609792181581218570320181053055516069553767918513262908069925035292416868414952256645902605335068760774106734518308281769128146479819566784704033671969858507248124850451414380441279385481154336362988505436125981975735568289420374790767927084033441728922597082155884801013899630856890463962357814273014111039522903328923758417820349377075487103441305806369234738881875734407495707878637895190993370257589211331043479113328811265005530361001980539377903738453549980082795009589559114091215518866106998956304437954236070776810740036,
452 subject_public_key.native
453 )
454 self.assertEqual(
455 None,
456 tbs_certificate['issuer_unique_id'].native
457 )
458 self.assertIsInstance(
459 tbs_certificate['issuer_unique_id'],
460 core.NoValue
461 )
462 self.assertEqual(
463 None,
464 tbs_certificate['subject_unique_id'].native
465 )
466 self.assertIsInstance(
467 tbs_certificate['subject_unique_id'],
468 core.NoValue
469 )
470
471 self.maxDiff = None
472 for extension in extensions:
473 self.assertIsInstance(
474 extension,
475 x509.Extension
476 )
477 self.assertEqual(
478 [
479 OrderedDict([
480 ('extn_id', 'key_identifier'),
481 ('critical', False),
482 ('extn_value', b'\x81\xA3\x37\x86\xF9\x99\x28\xF2\x74\x70\x60\x87\xF2\xD3\x7E\x8D\x19\x61\xA8\xBE'),
483 ]),
484 OrderedDict([
485 ('extn_id', 'authority_key_identifier'),
486 ('critical', False),
487 (
488 'extn_value',
489 OrderedDict([
490 ('key_identifier', b'\x81\xA3\x37\x86\xF9\x99\x28\xF2\x74\x70\x60\x87\xF2\xD3\x7E\x8D\x19\x61\xA8\xBE'),
491 ('authority_cert_issuer', None),
492 ('authority_cert_serial_number', None),
493 ])
494 ),
495 ]),
496 OrderedDict([
497 ('extn_id', 'basic_constraints'),
498 ('critical', False),
499 (
500 'extn_value',
501 OrderedDict([
502 ('ca', True),
503 ('path_len_constraint', None)
504 ])
505 ),
506 ]),
507 ],
508 extensions.native
509 )
510
511 def test_parse_ec_certificate(self):
512 with open(os.path.join(fixtures_dir, 'keys/test-ec-der.crt'), 'rb') as f:
513 cert = x509.Certificate.load(f.read())
514
515 tbs_certificate = cert['tbs_certificate']
516 signature = tbs_certificate['signature']
517 issuer = tbs_certificate['issuer']
518 validity = tbs_certificate['validity']
519 subject = tbs_certificate['subject']
520 subject_public_key_info = tbs_certificate['subject_public_key_info']
521 subject_public_key_algorithm = subject_public_key_info['algorithm']
522 public_key_params = subject_public_key_info['algorithm']['parameters'].chosen
523 field_id = public_key_params['field_id']
524 curve = public_key_params['curve']
525 subject_public_key = subject_public_key_info['public_key'].parsed
526 extensions = tbs_certificate['extensions']
527
528 self.assertEqual(
529 'v3',
530 tbs_certificate['version'].native
531 )
532 self.assertEqual(
533 15854128451240978884,
534 tbs_certificate['serial_number'].native
535 )
536 self.assertEqual(
537 'sha256_ecdsa',
538 signature['algorithm'].native
539 )
540 self.assertEqual(
541 None,
542 signature['parameters'].native
543 )
544 self.assertEqual(
545 OrderedDict([
546 ('country_name', 'US'),
547 ('state_or_province_name', 'Massachusetts'),
548 ('locality_name', 'Newbury'),
549 ('organization_name', 'Codex Non Sufficit LC'),
550 ('organizational_unit_name', 'Testing'),
551 ('common_name', 'Will Bond'),
552 ('email_address', 'will@codexns.io'),
553 ]),
554 issuer.native
555 )
556 self.assertEqual(
557 datetime(2015, 5, 20, 12, 56, 46, tzinfo=core.timezone.utc),
558 validity['not_before'].native
559 )
560 self.assertEqual(
561 datetime(2025, 5, 17, 12, 56, 46, tzinfo=core.timezone.utc),
562 validity['not_after'].native
563 )
564 self.assertEqual(
565 OrderedDict([
566 ('country_name', 'US'),
567 ('state_or_province_name', 'Massachusetts'),
568 ('locality_name', 'Newbury'),
569 ('organization_name', 'Codex Non Sufficit LC'),
570 ('organizational_unit_name', 'Testing'),
571 ('common_name', 'Will Bond'),
572 ('email_address', 'will@codexns.io'),
573 ]),
574 subject.native
575 )
576 self.assertEqual(
wbond680cba12015-07-01 23:53:54 -0400[diff] [blame]577 'ec',
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]578 subject_public_key_algorithm['algorithm'].native
579 )
580 self.assertEqual(
581 'ecdpVer1',
582 public_key_params['version'].native
583 )
584 self.assertEqual(
585 'prime_field',
586 field_id['field_type'].native
587 )
588 self.assertEqual(
589 115792089210356248762697446949407573530086143415290314195533631308867097853951,
590 field_id['parameters'].native
591 )
592 self.assertEqual(
593 b'\xFF\xFF\xFF\xFF\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFC',
594 curve['a'].native
595 )
596 self.assertEqual(
597 b'\x5A\xC6\x35\xD8\xAA\x3A\x93\xE7\xB3\xEB\xBD\x55\x76\x98\x86\xBC\x65\x1D\x06\xB0\xCC\x53\xB0\xF6\x3B\xCE\x3C\x3E\x27\xD2\x60\x4B',
598 curve['b'].native
599 )
600 self.assertEqual(
601 b'\xC4\x9D\x36\x08\x86\xE7\x04\x93\x6A\x66\x78\xE1\x13\x9D\x26\xB7\x81\x9F\x7E\x90',
602 curve['seed'].native
603 )
604 self.assertEqual(
605 b'\x04\x6B\x17\xD1\xF2\xE1\x2C\x42\x47\xF8\xBC\xE6\xE5\x63\xA4\x40\xF2\x77\x03\x7D\x81\x2D\xEB\x33\xA0\xF4\xA1\x39\x45\xD8\x98\xC2\x96\x4F\xE3\x42\xE2\xFE\x1A\x7F\x9B\x8E\xE7\xEB\x4A\x7C\x0F\x9E\x16\x2B\xCE\x33\x57\x6B\x31\x5E\xCE\xCB\xB6\x40\x68\x37\xBF\x51\xF5',
606 public_key_params['base'].native
607 )
608 self.assertEqual(
609 115792089210356248762697446949407573529996955224135760342422259061068512044369,
610 public_key_params['order'].native
611 )
612 self.assertEqual(
613 1,
614 public_key_params['cofactor'].native
615 )
616 self.assertEqual(
617 None,
618 public_key_params['hash'].native
619 )
620 self.assertEqual(
621 b'G\x9f\xcbs$\x1d\xc9\xdd\xd1-\xf1:\x9f\xb7\x04\xde \xd0X\x00\x93T\xf6\x89\xc7/\x87+\xf7\xf9=;4\xed\x9e{\x0e=WB\xdfx\x03\x0b\xcc1\xc6\x03\xd7\x9f`\x01',
622 subject_public_key.native
623 )
624 self.assertEqual(
625 None,
626 tbs_certificate['issuer_unique_id'].native
627 )
628 self.assertIsInstance(
629 tbs_certificate['issuer_unique_id'],
630 core.NoValue
631 )
632 self.assertEqual(
633 None,
634 tbs_certificate['subject_unique_id'].native
635 )
636 self.assertIsInstance(
637 tbs_certificate['subject_unique_id'],
638 core.NoValue
639 )
640
641 self.maxDiff = None
642 for extension in extensions:
643 self.assertIsInstance(
644 extension,
645 x509.Extension
646 )
647 self.assertEqual(
648 [
649 OrderedDict([
650 ('extn_id', 'key_identifier'),
651 ('critical', False),
652 ('extn_value', b'\x54\xAA\x54\x70\x6C\x34\x1A\x6D\xEB\x5D\x97\xD7\x1E\xFC\xD5\x24\x3C\x8A\x0E\xD7'),
653 ]),
654 OrderedDict([
655 ('extn_id', 'authority_key_identifier'),
656 ('critical', False),
657 (
658 'extn_value',
659 OrderedDict([
660 ('key_identifier', b'\x54\xAA\x54\x70\x6C\x34\x1A\x6D\xEB\x5D\x97\xD7\x1E\xFC\xD5\x24\x3C\x8A\x0E\xD7'),
661 ('authority_cert_issuer', None),
662 ('authority_cert_serial_number', None),
663 ])
664 ),
665 ]),
666 OrderedDict([
667 ('extn_id', 'basic_constraints'),
668 ('critical', False),
669 (
670 'extn_value',
671 OrderedDict([
672 ('ca', True),
673 ('path_len_constraint', None)
674 ])
675 ),
676 ]),
677 ],
678 extensions.native
679 )