Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / asn1crypto / 35701c95aab3323e9a0de337e1f44649c3144851 / . / tests / test_x509.py
blob: c04c36f12f54f732c9c8fa1acc9e99ee2b426a09 [file] [log] [blame]
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]1# coding: utf-8
2from __future__ import unicode_literals
3
4import unittest
5import sys
6import os
7from collections import OrderedDict
8from datetime import datetime
9
wbonde9142152015-07-30 09:05:19 -0400[diff] [blame]10from asn1crypto import x509, core, pem, util
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]11
12from .unittest_data import DataDecorator, data
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]13
14if sys.version_info < (3,):
15 byte_cls = str
16else:
17 byte_cls = bytes
18
19
20tests_root = os.path.dirname(__file__)
21fixtures_dir = os.path.join(tests_root, 'fixtures')
22
23
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]24@DataDecorator
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]25class X509Tests(unittest.TestCase):
26
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]27 def _load_cert(self, relative_path):
28 with open(os.path.join(fixtures_dir, relative_path), 'rb') as f:
29 cert_bytes = f.read()
30 if pem.detect(cert_bytes):
31 _, _, cert_bytes = pem.unarmor(cert_bytes)
32 return x509.Certificate.load(cert_bytes)
wbond8bb77d02015-07-13 17:44:29 -0400[diff] [blame]33
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]34 #pylint: disable=C0326
35 @staticmethod
wbondf4645722015-07-22 12:36:37 -0400[diff] [blame]36 def ip_address_info():
37 return (
38 ('127.0.0.1', b'\x04\x04\x7F\x00\x00\x01'),
39 ('255.255.255.255', b'\x04\x04\xFF\xFF\xFF\xFF'),
40 ('127.0.0.1/28', b'\x04\x08\x7F\x00\x00\x01\xFF\xFF\xFF\xF0'),
41 ('255.255.255.255/0', b'\x04\x08\xFF\xFF\xFF\xFF\x00\x00\x00\x00'),
42 ('af::ed', b'\x04\x10\x00\xAF\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xED'),
43 ('af::ed/128', b'\x04\x20\x00\xAF\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xED\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF'),
44 ('af::ed/0', b'\x04\x20\x00\xAF\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xED\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'),
45 )
46
47 @data('ip_address_info')
48 def ip_address(self, unicode_string, der_bytes):
49 self.assertEqual(der_bytes, x509.IPAddress(unicode_string).dump())
50 self.assertEqual(unicode_string, x509.IPAddress.load(der_bytes).native)
51
52 #pylint: disable=C0326
53 @staticmethod
wbond35701c92015-08-07 13:45:21 -0400[diff] [blame^]54 def compare_dnsname_info():
55 return (
56 ('google.com', 'google.com', True),
57 ('google.com', 'Google.com', True),
58 ('Bücher.ch', b'\x16\x10xn--bcher-kva.ch', True),
59 ('google.com', b'\x16\x0AGoogle.com', True),
60 ('google.com', b'\x16\x09Google.co', False),
61 )
62
63 @data('compare_dnsname_info')
64 def compare_dnsname(self, domain_one, domain_two, equal):
65 one = x509.DNSName(domain_one)
66 if isinstance(domain_two, byte_cls):
67 two = x509.DNSName.load(domain_two)
68 else:
69 two = x509.DNSName(domain_two)
70 if equal:
71 self.assertEqual(one, two)
72 else:
73 self.assertNotEqual(one, two)
74
75 #pylint: disable=C0326
76 @staticmethod
77 def compare_uri_info():
78 return (
79 ('http://google.com', 'http://google.com', True),
80 ('http://google.com/', 'http://Google.com', True),
81 ('http://google.com:80', 'http://google.com', True),
82 ('https://google.com', 'https://google.com:443/', True),
83 ('http://google.com/%41%42%43', 'http://google.com/ABC', True),
84 ('http://google.com/%41%42%43', 'http://google.com/abc', False),
85 ('http://google.com/%41%42%43/', 'http://google.com/ABC%2F', False),
86 )
87
88 @data('compare_uri_info')
89 def compare_uri(self, uri_one, uri_two, equal):
90 one = x509.URI(uri_one)
91 if isinstance(uri_two, byte_cls):
92 two = x509.URI.load(uri_two)
93 else:
94 two = x509.URI(uri_two)
95 if equal:
96 self.assertEqual(one, two)
97 else:
98 self.assertNotEqual(one, two)
99
100 #pylint: disable=C0326
101 @staticmethod
102 def compare_email_address_info():
103 return (
104 ('john@google.com', 'john@google.com', True),
105 ('john@google.com', 'john@Google.com', True),
106 ('john@google.com', 'John@google.com', False),
107 ('john@Bücher.ch', b'\x16\x15john@xn--bcher-kva.ch', True),
108 ('John@Bücher.ch', b'\x16\x15john@xn--bcher-kva.ch', False),
109 ('john@google.com', b'\x16\x0Fjohn@Google.com', True),
110 ('john@google.com', b'\x16\x0FJohn@google.com', False),
111 ('john@google.com', b'\x16\x0Ejohn@Google.co', False),
112 )
113
114 @data('compare_email_address_info')
115 def compare_email_address(self, email_one, email_two, equal):
116 one = x509.EmailAddress(email_one)
117 if isinstance(email_two, byte_cls):
118 two = x509.EmailAddress.load(email_two)
119 else:
120 two = x509.EmailAddress(email_two)
121 if equal:
122 self.assertEqual(one, two)
123 else:
124 self.assertNotEqual(one, two)
125
126 #pylint: disable=C0326
127 @staticmethod
128 def compare_ip_address_info():
129 return (
130 ('127.0.0.1', '127.0.0.1', True),
131 ('127.0.0.1', '127.0.0.2', False),
132 ('127.0.0.1', '127.0.0.1/32', False),
133 ('127.0.0.1/32', b'\x04\x08\x7F\x00\x00\x01\xFF\xFF\xFF\xFF', True),
134 ('127.0.0.1', b'\x04\x08\x7F\x00\x00\x01\xFF\xFF\xFF\xFF', False),
135 )
136
137 @data('compare_ip_address_info')
138 def compare_ip_address(self, email_one, email_two, equal):
139 one = x509.IPAddress(email_one)
140 if isinstance(email_two, byte_cls):
141 two = x509.IPAddress.load(email_two)
142 else:
143 two = x509.IPAddress(email_two)
144 if equal:
145 self.assertEqual(one, two)
146 else:
147 self.assertNotEqual(one, two)
148
149 #pylint: disable=C0326
150 @staticmethod
wbondfd65d602015-07-23 07:16:44 -0400[diff] [blame]151 def compare_name_info():
152 return (
153 (
154 True,
155 x509.Name.build({
156 'common_name': 'Will Bond'
157 }),
158 x509.Name.build({
159 'common_name': 'will bond'
160 })
161 ),
162 (
163 True,
164 x509.Name.build({
165 'common_name': 'Will Bond'
166 }),
167 x509.Name.build({
168 'common_name': 'will\tbond'
169 })
170 ),
171 (
wbond3ce3aec2015-07-27 10:23:19 -0400[diff] [blame]172 True,
173 x509.Name.build({
174 'common_name': 'Will Bond'
175 }),
176 x509.Name.build({
177 'common_name': 'Will Bond \U0001D173\U000E007F'
178 })
179 ),
180 (
wbondfd65d602015-07-23 07:16:44 -0400[diff] [blame]181 False,
182 x509.Name.build({
183 'country_name': 'US',
184 'common_name': 'Will Bond'
185 }),
186 x509.Name.build({
187 'country_name': 'US',
188 'state_or_province_name': 'Massachusetts',
189 'common_name': 'Will Bond'
190 })
191 ),
192 )
193
194 @data('compare_name_info')
195 def compare_name(self, are_equal, general_name_1, general_name_2):
196 if are_equal:
197 self.assertEqual(general_name_1, general_name_2)
198 else:
199 self.assertNotEqual(general_name_1, general_name_2)
200
201 #pylint: disable=C0326
202 @staticmethod
wbond1cfca232015-07-20 08:51:58 -0400[diff] [blame]203 def signature_algo_info():
204 return (
205 ('keys/test-der.crt', 'rsassa_pkcs1v15', 'sha256'),
206 ('keys/test-inter-der.crt', 'rsassa_pkcs1v15', 'sha256'),
207 ('keys/test-dsa-der.crt', 'dsa', 'sha256'),
208 ('keys/test-third-der.crt', 'rsassa_pkcs1v15', 'sha256'),
209 ('keys/test-ec-der.crt', 'ecdsa', 'sha256'),
210 )
211
212 @data('signature_algo_info')
213 def signature_algo(self, relative_path, signature_algo, hash_algo):
214 cert = self._load_cert(relative_path)
215 self.assertEqual(signature_algo, cert['signature_algorithm'].signature_algo)
216 self.assertEqual(hash_algo, cert['signature_algorithm'].hash_algo)
217
218 #pylint: disable=C0326
219 @staticmethod
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]220 def critical_extensions_info():
221 return (
wbond2fde6452015-07-23 10:54:13 -0400[diff] [blame]222 ('keys/test-der.crt', set()),
223 ('keys/test-inter-der.crt', set()),
224 ('keys/test-third-der.crt', set()),
225 ('geotrust_certs/GeoTrust_Universal_CA.crt', {'basic_constraints', 'key_usage'}),
226 ('geotrust_certs/GeoTrust_Primary_CA.crt', {'basic_constraints', 'key_usage'}),
227 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', {'basic_constraints', 'key_usage'}),
228 ('geotrust_certs/codex.crt', {'key_usage'}),
229 ('lets_encrypt/isrgrootx1.pem', {'key_usage', 'basic_constraints'}),
230 ('lets_encrypt/letsencryptauthorityx1.pem', {'key_usage', 'basic_constraints'}),
231 ('lets_encrypt/letsencryptauthorityx2.pem', {'key_usage', 'basic_constraints'}),
232 ('globalsign_example_keys/IssuingCA-der.cer', {'basic_constraints', 'key_usage'}),
233 ('globalsign_example_keys/rootCA.cer', {'basic_constraints', 'key_usage'}),
234 ('globalsign_example_keys/SSL1.cer', {'key_usage', 'extended_key_usage', 'basic_constraints'}),
235 ('globalsign_example_keys/SSL2.cer', {'key_usage', 'extended_key_usage', 'basic_constraints'}),
236 ('globalsign_example_keys/SSL3.cer', {'key_usage', 'extended_key_usage', 'basic_constraints'}),
wbond8bb77d02015-07-13 17:44:29 -0400[diff] [blame]237 )
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]238
239 @data('critical_extensions_info')
240 def critical_extensions(self, relative_path, critical_extensions):
241 cert = self._load_cert(relative_path)
242 self.assertEqual(critical_extensions, cert.critical_extensions)
243
244 #pylint: disable=C0326
245 @staticmethod
246 def key_identifier_value_info():
247 return (
248 ('keys/test-der.crt', b'\xbeB\x85=\xcc\xff\xe3\xf9(\x02\x8f~XV\xb4\xfd\x03\\\xeaK'),
249 ('keys/test-inter-der.crt', b'\xd2\n\xfd.%\xd1\xb7!\xd7P~\xbb\xa4}\xbf4\xefR^\x02'),
250 ('keys/test-third-der.crt', b'D8\xe0\xe0&\x85\xbf\x98\x86\xdc\x1b\xe1\x1d\xf520\xbe\xab\xac\r'),
251 ('geotrust_certs/GeoTrust_Universal_CA.crt', b'\xda\xbb.\xaa\xb0\x0c\xb8\x88&Qt\\m\x03\xd3\xc0\xd8\x8fz\xd6'),
252 ('geotrust_certs/GeoTrust_Primary_CA.crt', b',\xd5PA\x97\x15\x8b\xf0\x8f6a[J\xfbk\xd9\x99\xc93\x92'),
253 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', b'\xde\xcf\\P\xb7\xae\x02\x1f\x15\x17\xaa\x16\xe8\r\xb5(\x9djZ\xf3'),
254 ('geotrust_certs/codex.crt', None),
255 ('lets_encrypt/isrgrootx1.pem', b'y\xb4Y\xe6{\xb6\xe5\xe4\x01s\x80\x08\x88\xc8\x1aX\xf6\xe9\x9bn'),
256 ('lets_encrypt/letsencryptauthorityx1.pem', b'\xa8Jjc\x04}\xdd\xba\xe6\xd19\xb7\xa6Ee\xef\xf3\xa8\xec\xa1'),
257 ('lets_encrypt/letsencryptauthorityx2.pem', b'\xc5\xb1\xabNL\xb1\xcdd0\x93~\xc1\x84\x99\x05\xab\xe6\x03\xe2%'),
258 ('globalsign_example_keys/IssuingCA-der.cer', b"'\xf8/\xe9]\xd7\r\xf4\xa8\xea\x87\x99=\xfd\x8e\xb3\x9e@\xd0\x91"),
259 ('globalsign_example_keys/rootCA.cer', b'd|\\\xe1\xe0`8NH\x9f\x05\xbcUc~?\xaeM\xf7\x1e'),
260 ('globalsign_example_keys/SSL1.cer', b'\x94a\x04\x92\x04L\xe6\xffh\xa8\x96\xafy\xd2\xf32\x84\xae[\xcf'),
261 ('globalsign_example_keys/SSL2.cer', b'\xd2\xb7\x15\x7fd0\x07(p\x83\xca(\xfa\x88\x96\xde\x9e\xfc\x8a='),
262 ('globalsign_example_keys/SSL3.cer', b'G\xde\xa4\xe7\xea`\xe7\xee6\xc8\xf1\xd5\xb0F\x07\x07\x9eBh\xce'),
wbond8bb77d02015-07-13 17:44:29 -0400[diff] [blame]263 )
wbond8bb77d02015-07-13 17:44:29 -0400[diff] [blame]264
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]265 @data('key_identifier_value_info')
266 def key_identifier_value(self, relative_path, key_identifier_value):
267 cert = self._load_cert(relative_path)
268 value = cert.key_identifier_value
269 self.assertEqual(key_identifier_value, value.native if value else None)
wbond8bb77d02015-07-13 17:44:29 -0400[diff] [blame]270
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]271 #pylint: disable=C0326
272 @staticmethod
273 def key_usage_value_info():
274 return (
275 ('keys/test-der.crt', None),
276 ('keys/test-inter-der.crt', None),
277 ('keys/test-third-der.crt', None),
278 (
279 'geotrust_certs/GeoTrust_Universal_CA.crt',
wbond7d7cccb2015-07-24 14:33:53 -0400[diff] [blame]280 {'digital_signature', 'key_cert_sign', 'crl_sign'}
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]281 ),
282 (
283 'geotrust_certs/GeoTrust_Primary_CA.crt',
wbond7d7cccb2015-07-24 14:33:53 -0400[diff] [blame]284 {'key_cert_sign', 'crl_sign'}
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]285 ),
286 (
287 'geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt',
wbond7d7cccb2015-07-24 14:33:53 -0400[diff] [blame]288 {'key_cert_sign', 'crl_sign'}
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]289 ),
290 (
291 'geotrust_certs/codex.crt',
wbond7d7cccb2015-07-24 14:33:53 -0400[diff] [blame]292 {'digital_signature', 'key_encipherment'}
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]293 ),
294 (
295 'lets_encrypt/isrgrootx1.pem',
wbond7d7cccb2015-07-24 14:33:53 -0400[diff] [blame]296 {'key_cert_sign', 'crl_sign'}
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]297 ),
298 (
299 'lets_encrypt/letsencryptauthorityx1.pem',
wbond7d7cccb2015-07-24 14:33:53 -0400[diff] [blame]300 {'digital_signature', 'key_cert_sign', 'crl_sign'}
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]301 ),
302 (
303 'lets_encrypt/letsencryptauthorityx2.pem',
wbond7d7cccb2015-07-24 14:33:53 -0400[diff] [blame]304 {'digital_signature', 'key_cert_sign', 'crl_sign'}
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]305 ),
306 (
307 'globalsign_example_keys/IssuingCA-der.cer',
wbond7d7cccb2015-07-24 14:33:53 -0400[diff] [blame]308 {'key_cert_sign', 'crl_sign'}
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]309 ),
310 (
311 'globalsign_example_keys/rootCA.cer',
wbond7d7cccb2015-07-24 14:33:53 -0400[diff] [blame]312 {'key_cert_sign', 'crl_sign'}
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]313 ),
314 (
315 'globalsign_example_keys/SSL1.cer',
wbond7d7cccb2015-07-24 14:33:53 -0400[diff] [blame]316 {'digital_signature', 'key_encipherment'}
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]317 ),
318 (
319 'globalsign_example_keys/SSL2.cer',
wbond7d7cccb2015-07-24 14:33:53 -0400[diff] [blame]320 {'digital_signature', 'key_encipherment'}
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]321 ),
322 (
323 'globalsign_example_keys/SSL3.cer',
wbond7d7cccb2015-07-24 14:33:53 -0400[diff] [blame]324 {'digital_signature', 'key_encipherment'}
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]325 ),
326 )
327
328 @data('key_usage_value_info')
329 def key_usage_value(self, relative_path, key_usage_value):
330 cert = self._load_cert(relative_path)
331 value = cert.key_usage_value
332 self.assertEqual(key_usage_value, value.native if value else None)
333
334 #pylint: disable=C0326
335 @staticmethod
336 def subject_alt_name_value_info():
337 return (
338 ('keys/test-der.crt', None),
339 ('keys/test-inter-der.crt', None),
340 ('keys/test-third-der.crt', None),
341 ('geotrust_certs/GeoTrust_Universal_CA.crt', None),
342 ('geotrust_certs/GeoTrust_Primary_CA.crt', None),
343 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', [OrderedDict([('common_name', 'SymantecPKI-1-538')])]),
344 ('geotrust_certs/codex.crt', ['dev.codexns.io', 'rc.codexns.io', 'packagecontrol.io', 'wbond.net', 'codexns.io']),
345 ('lets_encrypt/isrgrootx1.pem', None),
346 ('lets_encrypt/letsencryptauthorityx1.pem', None),
347 ('lets_encrypt/letsencryptauthorityx2.pem', None),
348 ('globalsign_example_keys/IssuingCA-der.cer', None),
349 ('globalsign_example_keys/rootCA.cer', None),
350 ('globalsign_example_keys/SSL1.cer', ['anything.example.com']),
351 ('globalsign_example_keys/SSL2.cer', ['anything.example.com']),
352 ('globalsign_example_keys/SSL3.cer', None),
353 )
354
355 @data('subject_alt_name_value_info')
356 def subject_alt_name_value(self, relative_path, subject_alt_name_value):
357 cert = self._load_cert(relative_path)
358 value = cert.subject_alt_name_value
359 self.assertEqual(subject_alt_name_value, value.native if value else None)
360
361 #pylint: disable=C0326
362 @staticmethod
363 def basic_constraints_value_info():
364 return (
365 ('keys/test-der.crt', {'ca': True, 'path_len_constraint': None}),
366 ('keys/test-inter-der.crt', {'ca': True, 'path_len_constraint': None}),
367 ('keys/test-third-der.crt', None),
368 ('geotrust_certs/GeoTrust_Universal_CA.crt', {'ca': True, 'path_len_constraint': None}),
369 ('geotrust_certs/GeoTrust_Primary_CA.crt', {'ca': True, 'path_len_constraint': None}),
370 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', {'ca': True, 'path_len_constraint': 0}),
371 ('geotrust_certs/codex.crt', {'ca': False, 'path_len_constraint': None}),
372 ('lets_encrypt/isrgrootx1.pem', {'ca': True, 'path_len_constraint': None}),
373 ('lets_encrypt/letsencryptauthorityx1.pem', {'ca': True, 'path_len_constraint': 0}),
374 ('lets_encrypt/letsencryptauthorityx2.pem', {'ca': True, 'path_len_constraint': 0}),
375 ('globalsign_example_keys/IssuingCA-der.cer', {'ca': True, 'path_len_constraint': None}),
376 ('globalsign_example_keys/rootCA.cer', {'ca': True, 'path_len_constraint': None}),
377 ('globalsign_example_keys/SSL1.cer', {'ca': False, 'path_len_constraint': None}),
378 ('globalsign_example_keys/SSL2.cer', {'ca': False, 'path_len_constraint': None}),
379 ('globalsign_example_keys/SSL3.cer', {'ca': False, 'path_len_constraint': None}),
380 )
381
382 @data('basic_constraints_value_info')
383 def basic_constraints_value(self, relative_path, basic_constraints_value):
384 cert = self._load_cert(relative_path)
385 value = cert.basic_constraints_value
386 self.assertEqual(basic_constraints_value, value.native if value else None)
387
388 #pylint: disable=C0326
389 @staticmethod
390 def name_constraints_value_info():
391 return (
392 ('keys/test-der.crt', None),
393 ('keys/test-inter-der.crt', None),
394 ('keys/test-third-der.crt', None),
395 ('geotrust_certs/GeoTrust_Universal_CA.crt', None),
396 ('geotrust_certs/GeoTrust_Primary_CA.crt', None),
397 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', None),
398 ('geotrust_certs/codex.crt', None),
399 ('lets_encrypt/isrgrootx1.pem', None),
400 ('lets_encrypt/letsencryptauthorityx1.pem', None),
401 ('lets_encrypt/letsencryptauthorityx2.pem', None),
402 (
403 'globalsign_example_keys/IssuingCA-der.cer',
404 OrderedDict([
wbond8bb77d02015-07-13 17:44:29 -0400[diff] [blame]405 (
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]406 'permitted_subtrees',
wbond8bb77d02015-07-13 17:44:29 -0400[diff] [blame]407 [
408 OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]409 ('base', 'onlythis.com'),
410 ('minimum', 0),
411 ('maximum', None)
412 ]),
413 OrderedDict([
414 (
415 'base',
416 OrderedDict([
417 ('country_name', 'US'),
418 ('state_or_province_name', 'MA'),
419 ('locality_name', 'Boston'),
420 ('organization_name', 'Example LLC')
421 ])
422 ),
423 ('minimum', 0),
424 ('maximum', None)
wbond8bb77d02015-07-13 17:44:29 -0400[diff] [blame]425 ])
426 ]
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]427 ),
428 (
429 'excluded_subtrees',
430 [
431 OrderedDict([
wbondf4645722015-07-22 12:36:37 -0400[diff] [blame]432 ('base', '0.0.0.0/0'),
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]433 ('minimum', 0),
434 ('maximum', None)
435 ]),
436 OrderedDict([
wbondf4645722015-07-22 12:36:37 -0400[diff] [blame]437 ('base', '::/0'),
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]438 ('minimum', 0),
439 ('maximum', None)
440 ])
441 ]
442 ),
wbond8bb77d02015-07-13 17:44:29 -0400[diff] [blame]443 ])
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]444 ),
445 ('globalsign_example_keys/rootCA.cer', None),
446 ('globalsign_example_keys/SSL1.cer', None),
447 ('globalsign_example_keys/SSL2.cer', None),
448 ('globalsign_example_keys/SSL3.cer', None),
wbond8bb77d02015-07-13 17:44:29 -0400[diff] [blame]449 )
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]450
451 @data('name_constraints_value_info')
452 def name_constraints_value(self, relative_path, name_constraints_value):
453 cert = self._load_cert(relative_path)
454 value = cert.name_constraints_value
455 self.assertEqual(name_constraints_value, value.native if value else None)
456
457 #pylint: disable=C0326
458 @staticmethod
459 def crl_distribution_points_value_info():
460 return (
461 ('keys/test-der.crt', None),
462 ('keys/test-inter-der.crt', None),
463 ('keys/test-third-der.crt', None),
464 ('geotrust_certs/GeoTrust_Universal_CA.crt', None),
465 ('geotrust_certs/GeoTrust_Primary_CA.crt', None),
466 (
467 'geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt',
468 [
469 OrderedDict([
470 ('distribution_point', ['http://g1.symcb.com/GeoTrustPCA.crl']),
471 ('reasons', None),
472 ('crl_issuer', None)
473 ])
474 ]
475 ),
476 (
477 'geotrust_certs/codex.crt',
478 [
479 OrderedDict([
480 ('distribution_point', ['http://gm.symcb.com/gm.crl']),
481 ('reasons', None),
482 ('crl_issuer', None)
483 ])
484 ]
485 ),
486 ('lets_encrypt/isrgrootx1.pem', None),
487 (
488 'lets_encrypt/letsencryptauthorityx1.pem',
489 [
490 OrderedDict([
491 ('distribution_point', ['http://crl.root-x1.letsencrypt.org']),
492 ('reasons', None),
493 ('crl_issuer', None)
494 ])
495 ]
496 ),
497 (
498 'lets_encrypt/letsencryptauthorityx2.pem',
499 [
500 OrderedDict([
501 ('distribution_point', ['http://crl.root-x1.letsencrypt.org']),
502 ('reasons', None),
503 ('crl_issuer', None)
504 ])
505 ]
506 ),
507 (
508 'globalsign_example_keys/IssuingCA-der.cer',
509 [
510 OrderedDict([
511 ('distribution_point', ['http://crl.globalsign.com/gs/trustrootcatg2.crl']),
512 ('reasons', None),
513 ('crl_issuer', None)
514 ])
515 ]),
516 (
517 'globalsign_example_keys/rootCA.cer',
518 [
519 OrderedDict([
520 ('distribution_point', ['http://crl.globalsign.com/gs/trustrootcatg2.crl']),
521 ('reasons', None),
522 ('crl_issuer', None)
523 ])
524 ]),
525 ('globalsign_example_keys/SSL1.cer', None),
526 ('globalsign_example_keys/SSL2.cer', None),
527 ('globalsign_example_keys/SSL3.cer', None),
528 )
529
530 @data('crl_distribution_points_value_info')
531 def crl_distribution_points_value(self, relative_path, crl_distribution_points_value):
532 cert = self._load_cert(relative_path)
533 value = cert.crl_distribution_points_value
534 self.assertEqual(crl_distribution_points_value, value.native if value else None)
535
536 #pylint: disable=C0326
537 @staticmethod
538 def certificate_policies_value_info():
539 return (
540 ('keys/test-der.crt', None),
541 ('keys/test-inter-der.crt', None),
542 ('keys/test-third-der.crt', None),
543 ('geotrust_certs/GeoTrust_Universal_CA.crt', None),
544 ('geotrust_certs/GeoTrust_Primary_CA.crt', None),
545 (
546 'geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt',
547 [
548 OrderedDict([
549 ('policy_identifier', 'any_policy'),
550 (
551 'policy_qualifiers',
552 [
553 OrderedDict([
554 ('policy_qualifier_id', 'certification_practice_statement'),
555 ('qualifier', 'https://www.geotrust.com/resources/cps')
556 ])
557 ]
558 )
559 ])
560 ]
561 ),
562 (
563 'geotrust_certs/codex.crt',
564 [
565 OrderedDict([
566 ('policy_identifier', '1.3.6.1.4.1.14370.1.6'),
567 (
568 'policy_qualifiers',
569 [
570 OrderedDict([
571 ('policy_qualifier_id', 'certification_practice_statement'),
572 ('qualifier', 'https://www.geotrust.com/resources/repository/legal')
573 ]),
574 OrderedDict([
575 ('policy_qualifier_id', 'user_notice'),
576 (
577 'qualifier',
578 OrderedDict([
579 ('notice_ref', None),
580 ('explicit_text', 'https://www.geotrust.com/resources/repository/legal')
581 ])
582 )
583 ])
584 ]
585 )
586 ])
587 ]
588 ),
589 ('lets_encrypt/isrgrootx1.pem', None),
590 (
591 'lets_encrypt/letsencryptauthorityx1.pem',
592 [
593 OrderedDict([
594 ('policy_identifier', '2.23.140.1.2.1'),
595 ('policy_qualifiers', None)
596 ]),
597 OrderedDict([
598 ('policy_identifier', '1.3.6.1.4.1.44947.1.1.1'),
599 (
600 'policy_qualifiers',
601 [
602 OrderedDict([
603 ('policy_qualifier_id', 'certification_practice_statement'),
604 ('qualifier', 'http://cps.root-x1.letsencrypt.org')
605 ])
606 ]
607 )
608 ])
609 ]
610 ),
611 (
612 'lets_encrypt/letsencryptauthorityx2.pem',
613 [
614 OrderedDict([
615 ('policy_identifier', '2.23.140.1.2.1'),
616 ('policy_qualifiers', None)
617 ]),
618 OrderedDict([
619 ('policy_identifier', '1.3.6.1.4.1.44947.1.1.1'),
620 (
621 'policy_qualifiers',
622 [
623 OrderedDict([
624 ('policy_qualifier_id', 'certification_practice_statement'),
625 ('qualifier', 'http://cps.root-x1.letsencrypt.org')
626 ])
627 ]
628 )
629 ])
630 ]
631 ),
632 (
633 'globalsign_example_keys/IssuingCA-der.cer',
634 [
635 OrderedDict([
636 ('policy_identifier', '1.3.6.1.4.1.4146.1.60'),
637 (
638 'policy_qualifiers',
639 [
640 OrderedDict([
641 ('policy_qualifier_id', 'certification_practice_statement'),
642 ('qualifier', 'https://www.globalsign.com/repository/')
643 ])
644 ]
645 )
646 ])
647 ]
648 ),
649 ('globalsign_example_keys/rootCA.cer', None),
650 (
651 'globalsign_example_keys/SSL1.cer',
652 [
653 OrderedDict([
654 ('policy_identifier', '1.3.6.1.4.1.4146.1.60'),
655 (
656 'policy_qualifiers',
657 [
658 OrderedDict([
659 ('policy_qualifier_id', 'certification_practice_statement'),
660 ('qualifier', 'https://www.globalsign.com/repository/')
661 ])
662 ]
663 )
664 ])
665 ]
666 ),
667 (
668 'globalsign_example_keys/SSL2.cer',
669 [
670 OrderedDict([
671 ('policy_identifier', '1.3.6.1.4.1.4146.1.60'),
672 (
673 'policy_qualifiers',
674 [
675 OrderedDict([
676 ('policy_qualifier_id', 'certification_practice_statement'),
677 ('qualifier', 'https://www.globalsign.com/repository/')
678 ])
679 ]
680 )
681 ])
682 ]
683 ),
684 (
685 'globalsign_example_keys/SSL3.cer',
686 [
687 OrderedDict([
688 ('policy_identifier', '1.3.6.1.4.1.4146.1.60'),
689 (
690 'policy_qualifiers',
691 [
692 OrderedDict([
693 ('policy_qualifier_id', 'certification_practice_statement'),
694 ('qualifier', 'https://www.globalsign.com/repository/')
695 ])
696 ]
697 )
698 ])
699 ]
700 ),
701 )
702
703 @data('certificate_policies_value_info')
704 def certificate_policies_value(self, relative_path, certificate_policies_value):
705 cert = self._load_cert(relative_path)
706 value = cert.certificate_policies_value
707 self.assertEqual(certificate_policies_value, value.native if value else None)
708
709 #pylint: disable=C0326
710 @staticmethod
711 def policy_mappings_value_info():
712 return (
713 ('keys/test-der.crt', None),
714 ('keys/test-inter-der.crt', None),
715 ('keys/test-third-der.crt', None),
716 ('geotrust_certs/GeoTrust_Universal_CA.crt', None),
717 ('geotrust_certs/GeoTrust_Primary_CA.crt', None),
718 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', None),
719 ('geotrust_certs/codex.crt', None),
720 ('lets_encrypt/isrgrootx1.pem', None),
721 ('lets_encrypt/letsencryptauthorityx1.pem', None),
722 ('lets_encrypt/letsencryptauthorityx2.pem', None),
723 ('globalsign_example_keys/IssuingCA-der.cer', None),
724 ('globalsign_example_keys/rootCA.cer', None),
725 ('globalsign_example_keys/SSL1.cer', None),
726 ('globalsign_example_keys/SSL2.cer', None),
727 ('globalsign_example_keys/SSL3.cer', None),
728 )
729
730 @data('policy_mappings_value_info')
731 def policy_mappings_value(self, relative_path, policy_mappings_value):
732 cert = self._load_cert(relative_path)
733 value = cert.policy_mappings_value
734 self.assertEqual(policy_mappings_value, value.native if value else None)
735
736 #pylint: disable=C0326
737 @staticmethod
738 def authority_key_identifier_value_info():
739 return (
740 (
741 'keys/test-der.crt',
wbond08c60fa2015-07-13 23:02:13 -0400[diff] [blame]742 OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]743 ('key_identifier', b'\xbeB\x85=\xcc\xff\xe3\xf9(\x02\x8f~XV\xb4\xfd\x03\\\xeaK'),
744 (
745 'authority_cert_issuer',
746 [
747 OrderedDict([
748 ('country_name', 'US'),
749 ('state_or_province_name', 'Massachusetts'),
750 ('locality_name', 'Newbury'),
751 ('organization_name', 'Codex Non Sufficit LC'),
752 ('organizational_unit_name', 'Testing'),
753 ('common_name', 'Will Bond'),
754 ('email_address', 'will@codexns.io')
755 ])
756 ]
757 ),
758 ('authority_cert_serial_number', 13683582341504654466)
wbond08c60fa2015-07-13 23:02:13 -0400[diff] [blame]759 ])
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]760 ),
761 (
762 'keys/test-inter-der.crt',
763 OrderedDict([
764 ('key_identifier', b'\xbeB\x85=\xcc\xff\xe3\xf9(\x02\x8f~XV\xb4\xfd\x03\\\xeaK'),
765 ('authority_cert_issuer', None),
766 ('authority_cert_serial_number', None)
767 ])
768 ),
769 (
770 'keys/test-third-der.crt',
771 OrderedDict([
772 ('key_identifier', b'\xd2\n\xfd.%\xd1\xb7!\xd7P~\xbb\xa4}\xbf4\xefR^\x02'),
773 ('authority_cert_issuer', None),
774 ('authority_cert_serial_number', None)
775 ])
776 ),
777 (
778 'geotrust_certs/GeoTrust_Universal_CA.crt',
779 OrderedDict([
780 ('key_identifier', b'\xda\xbb.\xaa\xb0\x0c\xb8\x88&Qt\\m\x03\xd3\xc0\xd8\x8fz\xd6'),
781 ('authority_cert_issuer', None),
782 ('authority_cert_serial_number', None)
783 ])
784 ),
785 (
786 'geotrust_certs/GeoTrust_Primary_CA.crt',
787 None
788 ),
789 (
790 'geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt',
791 OrderedDict([
792 ('key_identifier', b',\xd5PA\x97\x15\x8b\xf0\x8f6a[J\xfbk\xd9\x99\xc93\x92'),
793 ('authority_cert_issuer', None),
794 ('authority_cert_serial_number', None)
795 ])
796 ),
797 (
798 'geotrust_certs/codex.crt',
799 OrderedDict([
800 ('key_identifier', b'\xde\xcf\\P\xb7\xae\x02\x1f\x15\x17\xaa\x16\xe8\r\xb5(\x9djZ\xf3'),
801 ('authority_cert_issuer', None),
802 ('authority_cert_serial_number', None)
803 ])
804 ),
805 (
806 'lets_encrypt/isrgrootx1.pem',
807 None
808 ),
809 (
810 'lets_encrypt/letsencryptauthorityx1.pem',
811 OrderedDict([
812 ('key_identifier', b'y\xb4Y\xe6{\xb6\xe5\xe4\x01s\x80\x08\x88\xc8\x1aX\xf6\xe9\x9bn'),
813 ('authority_cert_issuer', None),
814 ('authority_cert_serial_number', None)
815 ])
816 ),
817 (
818 'lets_encrypt/letsencryptauthorityx2.pem',
819 OrderedDict([
820 ('key_identifier', b'y\xb4Y\xe6{\xb6\xe5\xe4\x01s\x80\x08\x88\xc8\x1aX\xf6\xe9\x9bn'),
821 ('authority_cert_issuer', None),
822 ('authority_cert_serial_number', None)
823 ])
824 ),
825 (
826 'globalsign_example_keys/IssuingCA-der.cer',
827 OrderedDict([
828 ('key_identifier', b'd|\\\xe1\xe0`8NH\x9f\x05\xbcUc~?\xaeM\xf7\x1e'),
829 ('authority_cert_issuer', None),
830 ('authority_cert_serial_number', None)
831 ])
832 ),
833 (
834 'globalsign_example_keys/rootCA.cer',
835 None
836 ),
837 (
838 'globalsign_example_keys/SSL1.cer',
839 OrderedDict([
840 ('key_identifier', b"'\xf8/\xe9]\xd7\r\xf4\xa8\xea\x87\x99=\xfd\x8e\xb3\x9e@\xd0\x91"),
841 ('authority_cert_issuer', None),
842 ('authority_cert_serial_number', None)
843 ])
844 ),
845 (
846 'globalsign_example_keys/SSL2.cer',
847 OrderedDict([
848 ('key_identifier', b"'\xf8/\xe9]\xd7\r\xf4\xa8\xea\x87\x99=\xfd\x8e\xb3\x9e@\xd0\x91"),
849 ('authority_cert_issuer', None),
850 ('authority_cert_serial_number', None)
851 ])
852 ),
853 (
854 'globalsign_example_keys/SSL3.cer',
855 OrderedDict([
856 ('key_identifier', b"'\xf8/\xe9]\xd7\r\xf4\xa8\xea\x87\x99=\xfd\x8e\xb3\x9e@\xd0\x91"),
857 ('authority_cert_issuer', None),
858 ('authority_cert_serial_number', None)
859 ])
860 ),
wbond08c60fa2015-07-13 23:02:13 -0400[diff] [blame]861 )
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]862
863 @data('authority_key_identifier_value_info')
864 def authority_key_identifier_value(self, relative_path, authority_key_identifier_value):
865 cert = self._load_cert(relative_path)
866 value = cert.authority_key_identifier_value
867 self.assertEqual(authority_key_identifier_value, value.native if value else None)
868
869 #pylint: disable=C0326
870 @staticmethod
871 def policy_constraints_value_info():
872 return (
873 ('keys/test-der.crt', None),
874 ('keys/test-inter-der.crt', None),
875 ('keys/test-third-der.crt', None),
876 ('geotrust_certs/GeoTrust_Universal_CA.crt', None),
877 ('geotrust_certs/GeoTrust_Primary_CA.crt', None),
878 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', None),
879 ('geotrust_certs/codex.crt', None),
880 ('lets_encrypt/isrgrootx1.pem', None),
881 ('lets_encrypt/letsencryptauthorityx1.pem', None),
882 ('lets_encrypt/letsencryptauthorityx2.pem', None),
883 ('globalsign_example_keys/IssuingCA-der.cer', None),
884 ('globalsign_example_keys/rootCA.cer', None),
885 ('globalsign_example_keys/SSL1.cer', None),
886 ('globalsign_example_keys/SSL2.cer', None),
887 ('globalsign_example_keys/SSL3.cer', None),
888 )
889
890 @data('policy_constraints_value_info')
891 def policy_constraints_value(self, relative_path, policy_constraints_value):
892 cert = self._load_cert(relative_path)
893 value = cert.policy_constraints_value
894 self.assertEqual(policy_constraints_value, value.native if value else None)
895
896 #pylint: disable=C0326
897 @staticmethod
898 def extended_key_usage_value_info():
899 return (
900 ('keys/test-der.crt', None),
901 ('keys/test-inter-der.crt', None),
902 ('keys/test-third-der.crt', None),
903 ('geotrust_certs/GeoTrust_Universal_CA.crt', None),
904 ('geotrust_certs/GeoTrust_Primary_CA.crt', None),
905 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', None),
906 ('geotrust_certs/codex.crt', ['server_auth', 'client_auth']),
907 ('lets_encrypt/isrgrootx1.pem', None),
908 ('lets_encrypt/letsencryptauthorityx1.pem', None),
909 ('lets_encrypt/letsencryptauthorityx2.pem', None),
910 ('globalsign_example_keys/IssuingCA-der.cer', None),
911 ('globalsign_example_keys/rootCA.cer', None),
912 ('globalsign_example_keys/SSL1.cer', ['server_auth', 'client_auth']),
913 ('globalsign_example_keys/SSL2.cer', ['server_auth', 'client_auth']),
914 ('globalsign_example_keys/SSL3.cer', ['server_auth', 'client_auth']),
915 )
916
917 @data('extended_key_usage_value_info')
918 def extended_key_usage_value(self, relative_path, extended_key_usage_value):
919 cert = self._load_cert(relative_path)
920 value = cert.extended_key_usage_value
921 self.assertEqual(extended_key_usage_value, value.native if value else None)
922
923 #pylint: disable=C0326
924 @staticmethod
925 def authority_information_access_value_info():
926 return (
927 ('keys/test-der.crt', None),
928 ('keys/test-inter-der.crt', None),
929 ('keys/test-third-der.crt', None),
930 ('geotrust_certs/GeoTrust_Universal_CA.crt', None),
931 ('geotrust_certs/GeoTrust_Primary_CA.crt', None),
932 (
933 'geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt',
934 [
935 OrderedDict([
936 ('access_method', 'ocsp'),
937 ('access_location', 'http://g2.symcb.com')
938 ])
939 ]
940 ),
941 (
942 'geotrust_certs/codex.crt',
943 [
944 OrderedDict([
945 ('access_method', 'ocsp'),
946 ('access_location', 'http://gm.symcd.com')
947 ]),
948 OrderedDict([
949 ('access_method', 'ca_issuers'),
950 ('access_location', 'http://gm.symcb.com/gm.crt')
951 ]),
952 ]
953 ),
954 ('lets_encrypt/isrgrootx1.pem', None),
955 (
956 'lets_encrypt/letsencryptauthorityx1.pem',
957 [
958 OrderedDict([
959 ('access_method', 'ocsp'),
960 ('access_location', 'http://ocsp.root-x1.letsencrypt.org/')
961 ]),
962 OrderedDict([
963 ('access_method', 'ca_issuers'),
964 ('access_location', 'http://cert.root-x1.letsencrypt.org/')
965 ])
966 ]
967 ),
968 (
969 'lets_encrypt/letsencryptauthorityx2.pem',
970 [
971 OrderedDict([
972 ('access_method', 'ocsp'),
973 ('access_location', 'http://ocsp.root-x1.letsencrypt.org/')
974 ]),
975 OrderedDict([
976 ('access_method', 'ca_issuers'),
977 ('access_location', 'http://cert.root-x1.letsencrypt.org/')
978 ])
979 ]
980 ),
981 ('globalsign_example_keys/IssuingCA-der.cer', None),
982 ('globalsign_example_keys/rootCA.cer', None),
983 (
984 'globalsign_example_keys/SSL1.cer',
985 [
986 OrderedDict([
987 ('access_method', 'ocsp'),
988 ('access_location', 'http://ocsp.exampleovca.com/')
989 ]),
990 OrderedDict([
991 ('access_method', 'ca_issuers'),
992 ('access_location', 'http://secure.globalsign.com/cacert/trustrootcatg2.crt')
993 ])
994 ]
995 ),
996 (
997 'globalsign_example_keys/SSL2.cer',
998 [
999 OrderedDict([
1000 ('access_method', 'ocsp'),
1001 ('access_location', 'http://ocsp.exampleovca.com/')
1002 ]),
1003 OrderedDict([
1004 ('access_method', 'ca_issuers'),
1005 ('access_location', 'http://secure.globalsign.com/cacert/trustrootcatg2.crt')
1006 ])
1007 ]
1008 ),
1009 (
1010 'globalsign_example_keys/SSL3.cer',
1011 [
1012 OrderedDict([
1013 ('access_method', 'ocsp'),
1014 ('access_location', 'http://ocsp.exampleovca.com/')
1015 ]),
1016 OrderedDict([
1017 ('access_method', 'ca_issuers'),
1018 ('access_location', 'http://secure.globalsign.com/cacert/trustrootcatg2.crt')
1019 ])
1020 ]
1021 ),
1022 )
1023
1024 @data('authority_information_access_value_info')
1025 def authority_information_access_value(self, relative_path, authority_information_access_value):
1026 cert = self._load_cert(relative_path)
1027 value = cert.authority_information_access_value
1028 self.assertEqual(authority_information_access_value, value.native if value else None)
1029
1030 #pylint: disable=C0326
1031 @staticmethod
1032 def ocsp_no_check_value_info():
1033 return (
1034 ('keys/test-der.crt', None),
1035 ('keys/test-inter-der.crt', None),
1036 ('keys/test-third-der.crt', None),
1037 ('geotrust_certs/GeoTrust_Universal_CA.crt', None),
1038 ('geotrust_certs/GeoTrust_Primary_CA.crt', None),
1039 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', None),
1040 ('geotrust_certs/codex.crt', None),
1041 ('lets_encrypt/isrgrootx1.pem', None),
1042 ('lets_encrypt/letsencryptauthorityx1.pem', None),
1043 ('lets_encrypt/letsencryptauthorityx2.pem', None),
1044 ('globalsign_example_keys/IssuingCA-der.cer', None),
1045 ('globalsign_example_keys/rootCA.cer', None),
1046 ('globalsign_example_keys/SSL1.cer', None),
1047 ('globalsign_example_keys/SSL2.cer', None),
1048 ('globalsign_example_keys/SSL3.cer', None),
1049 )
1050
1051 @data('ocsp_no_check_value_info')
1052 def ocsp_no_check_value(self, relative_path, ocsp_no_check_value):
1053 cert = self._load_cert(relative_path)
1054 value = cert.ocsp_no_check_value
1055 self.assertEqual(ocsp_no_check_value, value.native if value else None)
1056
1057 #pylint: disable=C0326
1058 @staticmethod
1059 def serial_number_info():
1060 return (
1061 ('keys/test-der.crt', 13683582341504654466),
1062 ('keys/test-inter-der.crt', 1590137),
1063 ('keys/test-third-der.crt', 2474902313),
1064 ('geotrust_certs/GeoTrust_Universal_CA.crt', 1),
1065 ('geotrust_certs/GeoTrust_Primary_CA.crt', 32798226551256963324313806436981982369),
1066 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', 146934555852773531829332059263122711876),
1067 ('geotrust_certs/codex.crt', 130338219198307073574879940486642352162),
1068 ('lets_encrypt/isrgrootx1.pem', 172886928669790476064670243504169061120),
1069 ('lets_encrypt/letsencryptauthorityx1.pem', 307817870430047279283060309415759825539),
1070 ('lets_encrypt/letsencryptauthorityx2.pem', 199666138109676817050168330923544141416),
1071 ('globalsign_example_keys/IssuingCA-der.cer', 43543335419752),
1072 ('globalsign_example_keys/rootCA.cer', 342514332211132),
1073 ('globalsign_example_keys/SSL1.cer', 425155524522),
1074 ('globalsign_example_keys/SSL2.cer', 425155524522),
1075 ('globalsign_example_keys/SSL3.cer', 425155524522),
1076 )
1077
1078 @data('serial_number_info')
1079 def serial_number(self, relative_path, serial_number):
1080 cert = self._load_cert(relative_path)
1081 self.assertEqual(serial_number, cert.serial_number)
1082
1083 #pylint: disable=C0326
1084 @staticmethod
1085 def key_identifier_info():
1086 return (
1087 ('keys/test-der.crt', b'\xbeB\x85=\xcc\xff\xe3\xf9(\x02\x8f~XV\xb4\xfd\x03\\\xeaK'),
1088 ('keys/test-inter-der.crt', b'\xd2\n\xfd.%\xd1\xb7!\xd7P~\xbb\xa4}\xbf4\xefR^\x02'),
1089 ('keys/test-third-der.crt', b'D8\xe0\xe0&\x85\xbf\x98\x86\xdc\x1b\xe1\x1d\xf520\xbe\xab\xac\r'),
1090 ('geotrust_certs/GeoTrust_Universal_CA.crt', b'\xda\xbb.\xaa\xb0\x0c\xb8\x88&Qt\\m\x03\xd3\xc0\xd8\x8fz\xd6'),
1091 ('geotrust_certs/GeoTrust_Primary_CA.crt', b',\xd5PA\x97\x15\x8b\xf0\x8f6a[J\xfbk\xd9\x99\xc93\x92'),
1092 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', b'\xde\xcf\\P\xb7\xae\x02\x1f\x15\x17\xaa\x16\xe8\r\xb5(\x9djZ\xf3'),
1093 ('geotrust_certs/codex.crt', None),
1094 ('lets_encrypt/isrgrootx1.pem', b'y\xb4Y\xe6{\xb6\xe5\xe4\x01s\x80\x08\x88\xc8\x1aX\xf6\xe9\x9bn'),
1095 ('lets_encrypt/letsencryptauthorityx1.pem', b'\xa8Jjc\x04}\xdd\xba\xe6\xd19\xb7\xa6Ee\xef\xf3\xa8\xec\xa1'),
1096 ('lets_encrypt/letsencryptauthorityx2.pem', b'\xc5\xb1\xabNL\xb1\xcdd0\x93~\xc1\x84\x99\x05\xab\xe6\x03\xe2%'),
1097 ('globalsign_example_keys/IssuingCA-der.cer', b"'\xf8/\xe9]\xd7\r\xf4\xa8\xea\x87\x99=\xfd\x8e\xb3\x9e@\xd0\x91"),
1098 ('globalsign_example_keys/rootCA.cer', b'd|\\\xe1\xe0`8NH\x9f\x05\xbcUc~?\xaeM\xf7\x1e'),
1099 ('globalsign_example_keys/SSL1.cer', b'\x94a\x04\x92\x04L\xe6\xffh\xa8\x96\xafy\xd2\xf32\x84\xae[\xcf'),
1100 ('globalsign_example_keys/SSL2.cer', b'\xd2\xb7\x15\x7fd0\x07(p\x83\xca(\xfa\x88\x96\xde\x9e\xfc\x8a='),
1101 ('globalsign_example_keys/SSL3.cer', b'G\xde\xa4\xe7\xea`\xe7\xee6\xc8\xf1\xd5\xb0F\x07\x07\x9eBh\xce'),
1102 )
1103
1104 @data('key_identifier_info')
1105 def key_identifier(self, relative_path, key_identifier):
1106 cert = self._load_cert(relative_path)
1107 self.assertEqual(key_identifier, cert.key_identifier)
1108
1109 #pylint: disable=C0326
1110 @staticmethod
1111 def issuer_serial_info():
1112 return (
1113 ('keys/test-der.crt', b'\xdd\x8a\x19x\xae`\x19=\xa7\xf8\x00\xb9\xfbx\xf8\xedu\xb8!\xf8\x8c\xdb\x1f\x99\'7w\x93\xb4\xa4\'\xa0:13683582341504654466'),
1114 ('keys/test-inter-der.crt', b'\xdd\x8a\x19x\xae`\x19=\xa7\xf8\x00\xb9\xfbx\xf8\xedu\xb8!\xf8\x8c\xdb\x1f\x99\'7w\x93\xb4\xa4\'\xa0:1590137'),
1115 ('keys/test-third-der.crt', b'\xed{\x9b\xbf\x9b\xdbd\xa4\xea\xf2#+H\x96\xcd\x80\x99\xf6\xecCM\x94\x07\x02\xe2\x18\xf3\x83\x8c8%\x01:2474902313'),
1116 ('geotrust_certs/GeoTrust_Universal_CA.crt', b'\xa1\x848\xf2\xe5w\xee\xec\xce\xfefJC+\xdf\x97\x7f\xd2Y\xe3\xdc\xa0D7~\x07\xd9\x9dzL@g:1'),
1117 ('geotrust_certs/GeoTrust_Primary_CA.crt', b'\xdcg\x0c\x80\x03\xb3D\xa0v\xe2\xee\xec\x8b\xd6\x82\x01\xf0\x13\x0cwT\xb4\x8f\x80\x0eT\x9d\xbf\xbf\xa4\x11\x80:32798226551256963324313806436981982369'),
1118 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', b'\xdcg\x0c\x80\x03\xb3D\xa0v\xe2\xee\xec\x8b\xd6\x82\x01\xf0\x13\x0cwT\xb4\x8f\x80\x0eT\x9d\xbf\xbf\xa4\x11\x80:146934555852773531829332059263122711876'),
1119 ('geotrust_certs/codex.crt', b'x\x12\xe0\x15\x00d;\xc3\xb9/\xf6\x13\n\xd8\xe2\xddY\xf7\xaf*=C\x01<\x86\xf5\x9f_\xab;e\xd1:130338219198307073574879940486642352162'),
1120 ('lets_encrypt/isrgrootx1.pem', b'\xf6\xdb/\xbd\x9d\xd8]\x92Y\xdd\xb3\xc6\xde}{/\xec?>\x0c\xef\x17a\xbc\xbf3 W\x1e-0\xf8:172886928669790476064670243504169061120'),
1121 ('lets_encrypt/letsencryptauthorityx1.pem', b'\xf6\xdb/\xbd\x9d\xd8]\x92Y\xdd\xb3\xc6\xde}{/\xec?>\x0c\xef\x17a\xbc\xbf3 W\x1e-0\xf8:307817870430047279283060309415759825539'),
1122 ('lets_encrypt/letsencryptauthorityx2.pem', b'\xf6\xdb/\xbd\x9d\xd8]\x92Y\xdd\xb3\xc6\xde}{/\xec?>\x0c\xef\x17a\xbc\xbf3 W\x1e-0\xf8:199666138109676817050168330923544141416'),
1123 ('globalsign_example_keys/IssuingCA-der.cer', b'\xd2\xe7\xca\x10\xc1\x91\x92Y^A\x11\xd3Rz\xd5\x93\x19wk\x11\xef\xaa\x9c\xad\x10\x8ak\x8a\x08-\x0c\xff:43543335419752'),
1124 ('globalsign_example_keys/rootCA.cer', b'\xd2\xe7\xca\x10\xc1\x91\x92Y^A\x11\xd3Rz\xd5\x93\x19wk\x11\xef\xaa\x9c\xad\x10\x8ak\x8a\x08-\x0c\xff:342514332211132'),
1125 ('globalsign_example_keys/SSL1.cer', b'_\xc0S\xb1\xeb}\xe3\x8e\xe4{\xdb\xd7\xe2\xd9}=3\x97|\x0c\x1e\xecz\xcc\x92u\x1f\xf0\x1d\xbc\x9f\xe4:425155524522'),
1126 ('globalsign_example_keys/SSL2.cer', b'_\xc0S\xb1\xeb}\xe3\x8e\xe4{\xdb\xd7\xe2\xd9}=3\x97|\x0c\x1e\xecz\xcc\x92u\x1f\xf0\x1d\xbc\x9f\xe4:425155524522'),
1127 ('globalsign_example_keys/SSL3.cer', b'_\xc0S\xb1\xeb}\xe3\x8e\xe4{\xdb\xd7\xe2\xd9}=3\x97|\x0c\x1e\xecz\xcc\x92u\x1f\xf0\x1d\xbc\x9f\xe4:425155524522'),
1128 )
1129
1130 @data('issuer_serial_info')
1131 def issuer_serial(self, relative_path, issuer_serial):
1132 cert = self._load_cert(relative_path)
1133 self.assertEqual(issuer_serial, cert.issuer_serial)
1134
1135 #pylint: disable=C0326
1136 @staticmethod
1137 def authority_key_identifier_info():
1138 return (
1139 ('keys/test-der.crt', b'\xbeB\x85=\xcc\xff\xe3\xf9(\x02\x8f~XV\xb4\xfd\x03\\\xeaK'),
1140 ('keys/test-inter-der.crt', b'\xbeB\x85=\xcc\xff\xe3\xf9(\x02\x8f~XV\xb4\xfd\x03\\\xeaK'),
1141 ('keys/test-third-der.crt', b'\xd2\n\xfd.%\xd1\xb7!\xd7P~\xbb\xa4}\xbf4\xefR^\x02'),
1142 ('geotrust_certs/GeoTrust_Universal_CA.crt', b'\xda\xbb.\xaa\xb0\x0c\xb8\x88&Qt\\m\x03\xd3\xc0\xd8\x8fz\xd6'),
1143 ('geotrust_certs/GeoTrust_Primary_CA.crt', None),
1144 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', b',\xd5PA\x97\x15\x8b\xf0\x8f6a[J\xfbk\xd9\x99\xc93\x92'),
1145 ('geotrust_certs/codex.crt', b'\xde\xcf\\P\xb7\xae\x02\x1f\x15\x17\xaa\x16\xe8\r\xb5(\x9djZ\xf3'),
1146 ('lets_encrypt/isrgrootx1.pem', None),
1147 ('lets_encrypt/letsencryptauthorityx1.pem', b'y\xb4Y\xe6{\xb6\xe5\xe4\x01s\x80\x08\x88\xc8\x1aX\xf6\xe9\x9bn'),
1148 ('lets_encrypt/letsencryptauthorityx2.pem', b'y\xb4Y\xe6{\xb6\xe5\xe4\x01s\x80\x08\x88\xc8\x1aX\xf6\xe9\x9bn'),
1149 ('globalsign_example_keys/IssuingCA-der.cer', b'd|\\\xe1\xe0`8NH\x9f\x05\xbcUc~?\xaeM\xf7\x1e'),
1150 ('globalsign_example_keys/rootCA.cer', None),
1151 ('globalsign_example_keys/SSL1.cer', b"'\xf8/\xe9]\xd7\r\xf4\xa8\xea\x87\x99=\xfd\x8e\xb3\x9e@\xd0\x91"),
1152 ('globalsign_example_keys/SSL2.cer', b"'\xf8/\xe9]\xd7\r\xf4\xa8\xea\x87\x99=\xfd\x8e\xb3\x9e@\xd0\x91"),
1153 ('globalsign_example_keys/SSL3.cer', b"'\xf8/\xe9]\xd7\r\xf4\xa8\xea\x87\x99=\xfd\x8e\xb3\x9e@\xd0\x91"),
1154 )
1155
1156 @data('authority_key_identifier_info')
1157 def authority_key_identifier(self, relative_path, authority_key_identifier):
1158 cert = self._load_cert(relative_path)
1159 self.assertEqual(authority_key_identifier, cert.authority_key_identifier)
1160
1161 #pylint: disable=C0326
1162 @staticmethod
1163 def authority_issuer_serial_info():
1164 return (
1165 ('keys/test-der.crt', b'\xdd\x8a\x19x\xae`\x19=\xa7\xf8\x00\xb9\xfbx\xf8\xedu\xb8!\xf8\x8c\xdb\x1f\x99\'7w\x93\xb4\xa4\'\xa0:13683582341504654466'),
1166 ('keys/test-inter-der.crt', None),
1167 ('keys/test-third-der.crt', None),
1168 ('geotrust_certs/GeoTrust_Universal_CA.crt', None),
1169 ('geotrust_certs/GeoTrust_Primary_CA.crt', None),
1170 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', None),
1171 ('geotrust_certs/codex.crt', None),
1172 ('lets_encrypt/isrgrootx1.pem', None),
1173 ('lets_encrypt/letsencryptauthorityx1.pem', None),
1174 ('lets_encrypt/letsencryptauthorityx2.pem', None),
1175 ('globalsign_example_keys/IssuingCA-der.cer', None),
1176 ('globalsign_example_keys/rootCA.cer', None),
1177 ('globalsign_example_keys/SSL1.cer', None),
1178 ('globalsign_example_keys/SSL2.cer', None),
1179 ('globalsign_example_keys/SSL3.cer', None),
1180 )
1181
1182 @data('authority_issuer_serial_info')
1183 def authority_issuer_serial(self, relative_path, authority_issuer_serial):
1184 cert = self._load_cert(relative_path)
1185 self.assertEqual(authority_issuer_serial, cert.authority_issuer_serial)
1186
1187 #pylint: disable=C0326
1188 @staticmethod
1189 def ocsp_urls_info():
1190 return (
1191 ('keys/test-der.crt', []),
1192 ('keys/test-inter-der.crt', []),
1193 ('keys/test-third-der.crt', []),
1194 ('geotrust_certs/GeoTrust_Universal_CA.crt', []),
1195 ('geotrust_certs/GeoTrust_Primary_CA.crt', []),
1196 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', ['http://g2.symcb.com']),
1197 ('geotrust_certs/codex.crt', ['http://gm.symcd.com']),
1198 ('lets_encrypt/isrgrootx1.pem', []),
1199 ('lets_encrypt/letsencryptauthorityx1.pem', ['http://ocsp.root-x1.letsencrypt.org/']),
1200 ('lets_encrypt/letsencryptauthorityx2.pem', ['http://ocsp.root-x1.letsencrypt.org/']),
1201 ('globalsign_example_keys/IssuingCA-der.cer', []),
1202 ('globalsign_example_keys/rootCA.cer', []),
1203 ('globalsign_example_keys/SSL1.cer', ['http://ocsp.exampleovca.com/']),
1204 ('globalsign_example_keys/SSL2.cer', ['http://ocsp.exampleovca.com/']),
1205 ('globalsign_example_keys/SSL3.cer', ['http://ocsp.exampleovca.com/']),
1206 )
1207
1208 @data('ocsp_urls_info')
1209 def ocsp_urls(self, relative_path, ocsp_url):
1210 cert = self._load_cert(relative_path)
1211 self.assertEqual(ocsp_url, cert.ocsp_urls)
1212
1213 #pylint: disable=C0326
1214 @staticmethod
wbond6888bc62015-07-21 15:05:59 -0400[diff] [blame]1215 def crl_distribution_points_info():
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1216 return (
1217 ('keys/test-der.crt', []),
1218 ('keys/test-inter-der.crt', []),
1219 ('keys/test-third-der.crt', []),
1220 ('geotrust_certs/GeoTrust_Universal_CA.crt', []),
1221 ('geotrust_certs/GeoTrust_Primary_CA.crt', []),
wbond6888bc62015-07-21 15:05:59 -0400[diff] [blame]1222 (
1223 'geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt',
1224 [
1225 OrderedDict([
1226 ('distribution_point', ['http://g1.symcb.com/GeoTrustPCA.crl']),
1227 ('reasons', None),
1228 ('crl_issuer', None)
1229 ])
1230 ]
1231 ),
1232 (
1233 'geotrust_certs/codex.crt',
1234 [
1235 OrderedDict([
1236 ('distribution_point', ['http://gm.symcb.com/gm.crl']),
1237 ('reasons', None),
1238 ('crl_issuer', None)
1239 ])
1240 ]
1241 ),
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1242 ('lets_encrypt/isrgrootx1.pem', []),
wbond6888bc62015-07-21 15:05:59 -0400[diff] [blame]1243 (
1244 'lets_encrypt/letsencryptauthorityx1.pem',
1245 [
1246 OrderedDict([
1247 ('distribution_point', ['http://crl.root-x1.letsencrypt.org']),
1248 ('reasons', None),
1249 ('crl_issuer', None)
1250 ])
1251 ]
1252 ),
1253 (
1254 'lets_encrypt/letsencryptauthorityx2.pem',
1255 [
1256 OrderedDict([
1257 ('distribution_point', ['http://crl.root-x1.letsencrypt.org']),
1258 ('reasons', None),
1259 ('crl_issuer', None)
1260 ])
1261 ]
1262 ),
1263 (
1264 'globalsign_example_keys/IssuingCA-der.cer',
1265 [
1266 OrderedDict([
1267 ('distribution_point', ['http://crl.globalsign.com/gs/trustrootcatg2.crl']),
1268 ('reasons', None),
1269 ('crl_issuer', None)
1270 ])
1271 ]
1272 ),
1273 (
1274 'globalsign_example_keys/rootCA.cer',
1275 [
1276 OrderedDict([
1277 ('distribution_point', ['http://crl.globalsign.com/gs/trustrootcatg2.crl']),
1278 ('reasons', None),
1279 ('crl_issuer', None)
1280 ])
1281 ]
1282 ),
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1283 ('globalsign_example_keys/SSL1.cer', []),
1284 ('globalsign_example_keys/SSL2.cer', []),
1285 ('globalsign_example_keys/SSL3.cer', []),
1286 )
1287
wbond6888bc62015-07-21 15:05:59 -0400[diff] [blame]1288 @data('crl_distribution_points_info')
1289 def crl_distribution_points(self, relative_path, crl_distribution_point):
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1290 cert = self._load_cert(relative_path)
wbond6888bc62015-07-21 15:05:59 -0400[diff] [blame]1291 points = [point.native for point in cert.crl_distribution_points]
1292 self.assertEqual(crl_distribution_point, points)
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1293
1294 #pylint: disable=C0326
1295 @staticmethod
1296 def valid_domains_info():
1297 return (
1298 ('keys/test-der.crt', []),
1299 ('keys/test-inter-der.crt', []),
1300 ('keys/test-third-der.crt', []),
1301 ('geotrust_certs/GeoTrust_Universal_CA.crt', []),
1302 ('geotrust_certs/GeoTrust_Primary_CA.crt', []),
1303 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', []),
1304 ('geotrust_certs/codex.crt', ['codexns.io', 'dev.codexns.io', 'rc.codexns.io', 'packagecontrol.io', 'wbond.net']),
1305 ('lets_encrypt/isrgrootx1.pem', []),
1306 ('lets_encrypt/letsencryptauthorityx1.pem', []),
1307 ('lets_encrypt/letsencryptauthorityx2.pem', []),
1308 ('globalsign_example_keys/IssuingCA-der.cer', []),
1309 ('globalsign_example_keys/rootCA.cer', []),
1310 ('globalsign_example_keys/SSL1.cer', ['anything.example.com']),
1311 ('globalsign_example_keys/SSL2.cer', ['*.google.com', 'anything.example.com']),
1312 ('globalsign_example_keys/SSL3.cer', ['*.google.com']),
1313 )
1314
1315 @data('valid_domains_info')
1316 def valid_domains(self, relative_path, valid_domains):
1317 cert = self._load_cert(relative_path)
1318 self.assertEqual(valid_domains, cert.valid_domains)
1319
1320 #pylint: disable=C0326
1321 @staticmethod
1322 def valid_ips_info():
1323 return (
1324 ('keys/test-der.crt', []),
1325 ('keys/test-inter-der.crt', []),
1326 ('keys/test-third-der.crt', []),
1327 ('geotrust_certs/GeoTrust_Universal_CA.crt', []),
1328 ('geotrust_certs/GeoTrust_Primary_CA.crt', []),
1329 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', []),
1330 ('geotrust_certs/codex.crt', []),
1331 ('lets_encrypt/isrgrootx1.pem', []),
1332 ('lets_encrypt/letsencryptauthorityx1.pem', []),
1333 ('lets_encrypt/letsencryptauthorityx2.pem', []),
1334 ('globalsign_example_keys/IssuingCA-der.cer', []),
1335 ('globalsign_example_keys/rootCA.cer', []),
1336 ('globalsign_example_keys/SSL1.cer', []),
1337 ('globalsign_example_keys/SSL2.cer', []),
1338 ('globalsign_example_keys/SSL3.cer', []),
1339 )
1340
1341 @data('valid_ips_info')
1342 def valid_ips(self, relative_path, crl_url):
1343 cert = self._load_cert(relative_path)
1344 self.assertEqual(crl_url, cert.valid_ips)
wbond8bb77d02015-07-13 17:44:29 -0400[diff] [blame]1345
wbond9a7a0992015-07-23 09:59:06 -0400[diff] [blame]1346 #pylint: disable=C0326
1347 @staticmethod
1348 def self_issued_info():
1349 return (
1350 ('keys/test-der.crt', True),
1351 ('keys/test-inter-der.crt', False),
1352 ('keys/test-third-der.crt', False),
1353 ('geotrust_certs/GeoTrust_Universal_CA.crt', True),
1354 ('geotrust_certs/GeoTrust_Primary_CA.crt', True),
1355 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', False),
1356 ('geotrust_certs/codex.crt', False),
1357 ('lets_encrypt/isrgrootx1.pem', True),
1358 ('lets_encrypt/letsencryptauthorityx1.pem', False),
1359 ('lets_encrypt/letsencryptauthorityx2.pem', False),
1360 ('globalsign_example_keys/IssuingCA-der.cer', False),
1361 ('globalsign_example_keys/rootCA.cer', True),
1362 ('globalsign_example_keys/SSL1.cer', False),
1363 ('globalsign_example_keys/SSL2.cer', False),
1364 ('globalsign_example_keys/SSL3.cer', False),
1365 )
1366
1367 @data('self_issued_info')
1368 def self_issued(self, relative_path, self_issued):
1369 cert = self._load_cert(relative_path)
1370 self.assertEqual(self_issued, cert.self_issued)
1371
1372 #pylint: disable=C0326
1373 @staticmethod
1374 def self_signed_info():
1375 return (
1376 ('keys/test-der.crt', 'yes'),
1377 ('keys/test-inter-der.crt', 'no'),
1378 ('keys/test-third-der.crt', 'no'),
1379 ('geotrust_certs/GeoTrust_Universal_CA.crt', 'yes'),
1380 ('geotrust_certs/GeoTrust_Primary_CA.crt', 'yes'),
1381 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', 'no'),
1382 ('geotrust_certs/codex.crt', 'no'),
1383 ('lets_encrypt/isrgrootx1.pem', 'yes'),
1384 ('lets_encrypt/letsencryptauthorityx1.pem', 'no'),
1385 ('lets_encrypt/letsencryptauthorityx2.pem', 'no'),
1386 ('globalsign_example_keys/IssuingCA-der.cer', 'no'),
1387 ('globalsign_example_keys/rootCA.cer', 'yes'),
1388 ('globalsign_example_keys/SSL1.cer', 'no'),
1389 ('globalsign_example_keys/SSL2.cer', 'no'),
1390 ('globalsign_example_keys/SSL3.cer', 'no'),
1391 )
1392
1393 @data('self_signed_info')
1394 def self_signed(self, relative_path, self_signed):
1395 cert = self._load_cert(relative_path)
1396 self.assertEqual(self_signed, cert.self_signed)
1397
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]1398 def test_parse_certificate(self):
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1399 cert = self._load_cert('keys/test-der.crt')
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]1400
1401 tbs_certificate = cert['tbs_certificate']
1402 signature = tbs_certificate['signature']
1403 issuer = tbs_certificate['issuer']
1404 validity = tbs_certificate['validity']
1405 subject = tbs_certificate['subject']
1406 subject_public_key_info = tbs_certificate['subject_public_key_info']
1407 subject_public_key_algorithm = subject_public_key_info['algorithm']
1408 subject_public_key = subject_public_key_info['public_key'].parsed
1409 extensions = tbs_certificate['extensions']
1410
1411 self.assertEqual(
1412 'v3',
1413 tbs_certificate['version'].native
1414 )
1415 self.assertEqual(
1416 13683582341504654466,
1417 tbs_certificate['serial_number'].native
1418 )
1419 self.assertEqual(
1420 'sha256_rsa',
1421 signature['algorithm'].native
1422 )
1423 self.assertEqual(
1424 None,
1425 signature['parameters'].native
1426 )
1427 self.assertEqual(
1428 OrderedDict([
1429 ('country_name', 'US'),
1430 ('state_or_province_name', 'Massachusetts'),
1431 ('locality_name', 'Newbury'),
1432 ('organization_name', 'Codex Non Sufficit LC'),
1433 ('organizational_unit_name', 'Testing'),
1434 ('common_name', 'Will Bond'),
1435 ('email_address', 'will@codexns.io'),
1436 ]),
1437 issuer.native
1438 )
1439 self.assertEqual(
wbonde9142152015-07-30 09:05:19 -0400[diff] [blame]1440 datetime(2015, 5, 6, 14, 37, 16, tzinfo=util.timezone.utc),
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]1441 validity['not_before'].native
1442 )
1443 self.assertEqual(
wbonde9142152015-07-30 09:05:19 -0400[diff] [blame]1444 datetime(2025, 5, 3, 14, 37, 16, tzinfo=util.timezone.utc),
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]1445 validity['not_after'].native
1446 )
1447 self.assertEqual(
1448 OrderedDict([
1449 ('country_name', 'US'),
1450 ('state_or_province_name', 'Massachusetts'),
1451 ('locality_name', 'Newbury'),
1452 ('organization_name', 'Codex Non Sufficit LC'),
1453 ('organizational_unit_name', 'Testing'),
1454 ('common_name', 'Will Bond'),
1455 ('email_address', 'will@codexns.io'),
1456 ]),
1457 subject.native
1458 )
1459 self.assertEqual(
1460 'rsa',
1461 subject_public_key_algorithm['algorithm'].native
1462 )
1463 self.assertEqual(
1464 None,
1465 subject_public_key_algorithm['parameters'].native
1466 )
1467 self.assertEqual(
1468 23903990516906431865559598284199534387004799030432486061102966678620221767754702651554142956492614440585611990224871381291841413369032752409360196079700921141819811294444393525264295297988924243231844876926173670633422654261873814968313363171188082579071492839040415373948505938897419917635370450127498164824808630475648771544810334682447182123219422360569466851807131368135806769502898151721274383486320505905826683946456552230958810028663378886363555981449715929872558073101554364803925363048965464124465016494920967179276744892632783712377912841537032383450409486298694116013299423220523450956288827030007092359007,
1469 subject_public_key['modulus'].native
1470 )
1471 self.assertEqual(
1472 65537,
1473 subject_public_key['public_exponent'].native
1474 )
1475 self.assertEqual(
1476 None,
1477 tbs_certificate['issuer_unique_id'].native
1478 )
1479 self.assertIsInstance(
1480 tbs_certificate['issuer_unique_id'],
1481 core.NoValue
1482 )
1483 self.assertEqual(
1484 None,
1485 tbs_certificate['subject_unique_id'].native
1486 )
1487 self.assertIsInstance(
1488 tbs_certificate['subject_unique_id'],
1489 core.NoValue
1490 )
1491
1492 self.maxDiff = None
1493 for extension in extensions:
1494 self.assertIsInstance(
1495 extension,
1496 x509.Extension
1497 )
1498 self.assertEqual(
1499 [
1500 OrderedDict([
1501 ('extn_id', 'key_identifier'),
1502 ('critical', False),
1503 ('extn_value', b'\xBE\x42\x85\x3D\xCC\xFF\xE3\xF9\x28\x02\x8F\x7E\x58\x56\xB4\xFD\x03\x5C\xEA\x4B'),
1504 ]),
1505 OrderedDict([
1506 ('extn_id', 'authority_key_identifier'),
1507 ('critical', False),
1508 (
1509 'extn_value',
1510 OrderedDict([
1511 ('key_identifier', b'\xBE\x42\x85\x3D\xCC\xFF\xE3\xF9\x28\x02\x8F\x7E\x58\x56\xB4\xFD\x03\x5C\xEA\x4B'),
1512 (
1513 'authority_cert_issuer',
1514 [
1515 OrderedDict([
1516 ('country_name', 'US'),
1517 ('state_or_province_name', 'Massachusetts'),
1518 ('locality_name', 'Newbury'),
1519 ('organization_name', 'Codex Non Sufficit LC'),
1520 ('organizational_unit_name', 'Testing'),
1521 ('common_name', 'Will Bond'),
1522 ('email_address', 'will@codexns.io'),
1523 ])
1524 ]
1525 ),
1526 ('authority_cert_serial_number', 13683582341504654466),
1527 ])
1528 ),
1529 ]),
1530 OrderedDict([
1531 ('extn_id', 'basic_constraints'),
1532 ('critical', False),
1533 (
1534 'extn_value',
1535 OrderedDict([
1536 ('ca', True),
1537 ('path_len_constraint', None)
1538 ])
1539 ),
1540 ]),
1541 ],
1542 extensions.native
1543 )
1544
1545 def test_parse_dsa_certificate(self):
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1546 cert = self._load_cert('keys/test-dsa-der.crt')
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]1547
1548 tbs_certificate = cert['tbs_certificate']
1549 signature = tbs_certificate['signature']
1550 issuer = tbs_certificate['issuer']
1551 validity = tbs_certificate['validity']
1552 subject = tbs_certificate['subject']
1553 subject_public_key_info = tbs_certificate['subject_public_key_info']
1554 subject_public_key_algorithm = subject_public_key_info['algorithm']
1555 subject_public_key = subject_public_key_info['public_key'].parsed
1556 extensions = tbs_certificate['extensions']
1557
1558 self.assertEqual(
1559 'v3',
1560 tbs_certificate['version'].native
1561 )
1562 self.assertEqual(
1563 14308214745771946523,
1564 tbs_certificate['serial_number'].native
1565 )
1566 self.assertEqual(
1567 'sha256_dsa',
1568 signature['algorithm'].native
1569 )
1570 self.assertEqual(
1571 None,
1572 signature['parameters'].native
1573 )
1574 self.assertEqual(
1575 OrderedDict([
1576 ('country_name', 'US'),
1577 ('state_or_province_name', 'Massachusetts'),
1578 ('locality_name', 'Newbury'),
1579 ('organization_name', 'Codex Non Sufficit LC'),
1580 ('organizational_unit_name', 'Testing'),
1581 ('common_name', 'Will Bond'),
1582 ('email_address', 'will@codexns.io'),
1583 ]),
1584 issuer.native
1585 )
1586 self.assertEqual(
wbonde9142152015-07-30 09:05:19 -0400[diff] [blame]1587 datetime(2015, 5, 20, 13, 9, 2, tzinfo=util.timezone.utc),
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]1588 validity['not_before'].native
1589 )
1590 self.assertEqual(
wbonde9142152015-07-30 09:05:19 -0400[diff] [blame]1591 datetime(2025, 5, 17, 13, 9, 2, tzinfo=util.timezone.utc),
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]1592 validity['not_after'].native
1593 )
1594 self.assertEqual(
1595 OrderedDict([
1596 ('country_name', 'US'),
1597 ('state_or_province_name', 'Massachusetts'),
1598 ('locality_name', 'Newbury'),
1599 ('organization_name', 'Codex Non Sufficit LC'),
1600 ('organizational_unit_name', 'Testing'),
1601 ('common_name', 'Will Bond'),
1602 ('email_address', 'will@codexns.io'),
1603 ]),
1604 subject.native
1605 )
1606 self.assertEqual(
1607 'dsa',
1608 subject_public_key_algorithm['algorithm'].native
1609 )
1610 self.assertEqual(
1611 OrderedDict([
1612 ('p', 4511743893397705393934377497936985478231822206263141826261443300639402520800626925517264115785551703273809312112372693877437137848393530691841757974971843334497076835630893064661599193178307024379015589119302113551197423138934242435710226975119594589912289060014025377813473273600967729027125618396732574594753039493158066887433778053086408525146692226448554390096911703556213619406958876388642882534250747780313634767409586007581976273681005928967585750017105562145167146445061803488570714706090280814293902464230717946651489964409785146803791743658888866280873858000476717727810363942159874283767926511678640730707887895260274767195555813448140889391762755466967436731106514029224490921857229134393798015954890071206959203407845438863870686180087606429828973298318856683615900474921310376145478859687052812749087809700610549251964102790514588562086548577933609968589710807989944739877028770343142449461177732058649962678857),
1613 ('q', 71587850165936478337655415373676526523562874562337607790945426056266440596923),
1614 ('g', 761437146067908309288345767887973163494473925243194806582679580640442238588269326525839153095505341738937595419375068472941615006110237832663093084973431440436421580371384720052414080562019831325744042316268714195397974084616335082272743706567701546951285088540646372701485690904535540223121118329044403681933304838754517522024738251994717369464179515923093116622352823578284891812676662979104509631349201801577889230316128523885862472086364717411346341249139971907827526291913249445756671582283459372536334490171231311487207683108274785825764378203622999309355578169139646003751751448501475767709869676880946562283552431757983801739671783678927397420797147373441051876558068212062253171347849380506793433921881336652424898488378657239798694995315456959568806256079056461448199493507273882763491729787817044805150879660784158902456811649964987582162907020243296662602990514615480712948126671999033658064244112238138589732202),
1615 ]),
1616 subject_public_key_algorithm['parameters'].native
1617 )
1618 self.assertEqual(
1619 934231235067929794039535952071098031636053793876274937162425423023735221571983693370780054696865229184537343792766496068557051933738826401423094028670222490622041397241325320965905259541032379046252395145258594355589801644789631904099105867133976990593761395721476198083091062806327384261369876465927159169400428623265291958463077792777155465482611741502621885386691681062128487785344975981628995609792181581218570320181053055516069553767918513262908069925035292416868414952256645902605335068760774106734518308281769128146479819566784704033671969858507248124850451414380441279385481154336362988505436125981975735568289420374790767927084033441728922597082155884801013899630856890463962357814273014111039522903328923758417820349377075487103441305806369234738881875734407495707878637895190993370257589211331043479113328811265005530361001980539377903738453549980082795009589559114091215518866106998956304437954236070776810740036,
1620 subject_public_key.native
1621 )
1622 self.assertEqual(
1623 None,
1624 tbs_certificate['issuer_unique_id'].native
1625 )
1626 self.assertIsInstance(
1627 tbs_certificate['issuer_unique_id'],
1628 core.NoValue
1629 )
1630 self.assertEqual(
1631 None,
1632 tbs_certificate['subject_unique_id'].native
1633 )
1634 self.assertIsInstance(
1635 tbs_certificate['subject_unique_id'],
1636 core.NoValue
1637 )
1638
1639 self.maxDiff = None
1640 for extension in extensions:
1641 self.assertIsInstance(
1642 extension,
1643 x509.Extension
1644 )
1645 self.assertEqual(
1646 [
1647 OrderedDict([
1648 ('extn_id', 'key_identifier'),
1649 ('critical', False),
1650 ('extn_value', b'\x81\xA3\x37\x86\xF9\x99\x28\xF2\x74\x70\x60\x87\xF2\xD3\x7E\x8D\x19\x61\xA8\xBE'),
1651 ]),
1652 OrderedDict([
1653 ('extn_id', 'authority_key_identifier'),
1654 ('critical', False),
1655 (
1656 'extn_value',
1657 OrderedDict([
1658 ('key_identifier', b'\x81\xA3\x37\x86\xF9\x99\x28\xF2\x74\x70\x60\x87\xF2\xD3\x7E\x8D\x19\x61\xA8\xBE'),
1659 ('authority_cert_issuer', None),
1660 ('authority_cert_serial_number', None),
1661 ])
1662 ),
1663 ]),
1664 OrderedDict([
1665 ('extn_id', 'basic_constraints'),
1666 ('critical', False),
1667 (
1668 'extn_value',
1669 OrderedDict([
1670 ('ca', True),
1671 ('path_len_constraint', None)
1672 ])
1673 ),
1674 ]),
1675 ],
1676 extensions.native
1677 )
1678
1679 def test_parse_ec_certificate(self):
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1680 cert = self._load_cert('keys/test-ec-der.crt')
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]1681
1682 tbs_certificate = cert['tbs_certificate']
1683 signature = tbs_certificate['signature']
1684 issuer = tbs_certificate['issuer']
1685 validity = tbs_certificate['validity']
1686 subject = tbs_certificate['subject']
1687 subject_public_key_info = tbs_certificate['subject_public_key_info']
1688 subject_public_key_algorithm = subject_public_key_info['algorithm']
1689 public_key_params = subject_public_key_info['algorithm']['parameters'].chosen
1690 field_id = public_key_params['field_id']
1691 curve = public_key_params['curve']
wbonde5a1c6e2015-08-03 07:42:28 -0400[diff] [blame]1692 subject_public_key = subject_public_key_info['public_key']
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]1693 extensions = tbs_certificate['extensions']
1694
1695 self.assertEqual(
1696 'v3',
1697 tbs_certificate['version'].native
1698 )
1699 self.assertEqual(
1700 15854128451240978884,
1701 tbs_certificate['serial_number'].native
1702 )
1703 self.assertEqual(
1704 'sha256_ecdsa',
1705 signature['algorithm'].native
1706 )
1707 self.assertEqual(
1708 None,
1709 signature['parameters'].native
1710 )
1711 self.assertEqual(
1712 OrderedDict([
1713 ('country_name', 'US'),
1714 ('state_or_province_name', 'Massachusetts'),
1715 ('locality_name', 'Newbury'),
1716 ('organization_name', 'Codex Non Sufficit LC'),
1717 ('organizational_unit_name', 'Testing'),
1718 ('common_name', 'Will Bond'),
1719 ('email_address', 'will@codexns.io'),
1720 ]),
1721 issuer.native
1722 )
1723 self.assertEqual(
wbonde9142152015-07-30 09:05:19 -0400[diff] [blame]1724 datetime(2015, 5, 20, 12, 56, 46, tzinfo=util.timezone.utc),
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]1725 validity['not_before'].native
1726 )
1727 self.assertEqual(
wbonde9142152015-07-30 09:05:19 -0400[diff] [blame]1728 datetime(2025, 5, 17, 12, 56, 46, tzinfo=util.timezone.utc),
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]1729 validity['not_after'].native
1730 )
1731 self.assertEqual(
1732 OrderedDict([
1733 ('country_name', 'US'),
1734 ('state_or_province_name', 'Massachusetts'),
1735 ('locality_name', 'Newbury'),
1736 ('organization_name', 'Codex Non Sufficit LC'),
1737 ('organizational_unit_name', 'Testing'),
1738 ('common_name', 'Will Bond'),
1739 ('email_address', 'will@codexns.io'),
1740 ]),
1741 subject.native
1742 )
1743 self.assertEqual(
wbond680cba12015-07-01 23:53:54 -0400[diff] [blame]1744 'ec',
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]1745 subject_public_key_algorithm['algorithm'].native
1746 )
1747 self.assertEqual(
1748 'ecdpVer1',
1749 public_key_params['version'].native
1750 )
1751 self.assertEqual(
1752 'prime_field',
1753 field_id['field_type'].native
1754 )
1755 self.assertEqual(
1756 115792089210356248762697446949407573530086143415290314195533631308867097853951,
1757 field_id['parameters'].native
1758 )
1759 self.assertEqual(
1760 b'\xFF\xFF\xFF\xFF\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFC',
1761 curve['a'].native
1762 )
1763 self.assertEqual(
1764 b'\x5A\xC6\x35\xD8\xAA\x3A\x93\xE7\xB3\xEB\xBD\x55\x76\x98\x86\xBC\x65\x1D\x06\xB0\xCC\x53\xB0\xF6\x3B\xCE\x3C\x3E\x27\xD2\x60\x4B',
1765 curve['b'].native
1766 )
1767 self.assertEqual(
1768 b'\xC4\x9D\x36\x08\x86\xE7\x04\x93\x6A\x66\x78\xE1\x13\x9D\x26\xB7\x81\x9F\x7E\x90',
1769 curve['seed'].native
1770 )
1771 self.assertEqual(
1772 b'\x04\x6B\x17\xD1\xF2\xE1\x2C\x42\x47\xF8\xBC\xE6\xE5\x63\xA4\x40\xF2\x77\x03\x7D\x81\x2D\xEB\x33\xA0\xF4\xA1\x39\x45\xD8\x98\xC2\x96\x4F\xE3\x42\xE2\xFE\x1A\x7F\x9B\x8E\xE7\xEB\x4A\x7C\x0F\x9E\x16\x2B\xCE\x33\x57\x6B\x31\x5E\xCE\xCB\xB6\x40\x68\x37\xBF\x51\xF5',
1773 public_key_params['base'].native
1774 )
1775 self.assertEqual(
1776 115792089210356248762697446949407573529996955224135760342422259061068512044369,
1777 public_key_params['order'].native
1778 )
1779 self.assertEqual(
1780 1,
1781 public_key_params['cofactor'].native
1782 )
1783 self.assertEqual(
1784 None,
1785 public_key_params['hash'].native
1786 )
1787 self.assertEqual(
wbonde5a1c6e2015-08-03 07:42:28 -0400[diff] [blame]1788 b'\x04\x8b]Lq\xf7\xd6\xc6\xa3IcB\\G\x9f\xcbs$\x1d\xc9\xdd\xd1-\xf1:\x9f\xb7\x04\xde \xd0X\x00\x93T\xf6\x89\xc7/\x87+\xf7\xf9=;4\xed\x9e{\x0e=WB\xdfx\x03\x0b\xcc1\xc6\x03\xd7\x9f`\x01',
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]1789 subject_public_key.native
1790 )
1791 self.assertEqual(
1792 None,
1793 tbs_certificate['issuer_unique_id'].native
1794 )
1795 self.assertIsInstance(
1796 tbs_certificate['issuer_unique_id'],
1797 core.NoValue
1798 )
1799 self.assertEqual(
1800 None,
1801 tbs_certificate['subject_unique_id'].native
1802 )
1803 self.assertIsInstance(
1804 tbs_certificate['subject_unique_id'],
1805 core.NoValue
1806 )
1807
1808 self.maxDiff = None
1809 for extension in extensions:
1810 self.assertIsInstance(
1811 extension,
1812 x509.Extension
1813 )
1814 self.assertEqual(
1815 [
1816 OrderedDict([
1817 ('extn_id', 'key_identifier'),
1818 ('critical', False),
1819 ('extn_value', b'\x54\xAA\x54\x70\x6C\x34\x1A\x6D\xEB\x5D\x97\xD7\x1E\xFC\xD5\x24\x3C\x8A\x0E\xD7'),
1820 ]),
1821 OrderedDict([
1822 ('extn_id', 'authority_key_identifier'),
1823 ('critical', False),
1824 (
1825 'extn_value',
1826 OrderedDict([
1827 ('key_identifier', b'\x54\xAA\x54\x70\x6C\x34\x1A\x6D\xEB\x5D\x97\xD7\x1E\xFC\xD5\x24\x3C\x8A\x0E\xD7'),
1828 ('authority_cert_issuer', None),
1829 ('authority_cert_serial_number', None),
1830 ])
1831 ),
1832 ]),
1833 OrderedDict([
1834 ('extn_id', 'basic_constraints'),
1835 ('critical', False),
1836 (
1837 'extn_value',
1838 OrderedDict([
1839 ('ca', True),
1840 ('path_len_constraint', None)
1841 ])
1842 ),
1843 ]),
1844 ],
1845 extensions.native
1846 )