Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / asn1crypto / 407e9e3f38b2900f281bfaeabf23538060927574 / . / tests / test_x509.py
blob: 00c782cd829a403d2dde322416aef2b44ad4ff03 [file] [log] [blame]
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]1# coding: utf-8
2from __future__ import unicode_literals
3
4import unittest
5import sys
6import os
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]7from datetime import datetime
8
wbonde9142152015-07-30 09:05:19 -0400[diff] [blame]9from asn1crypto import x509, core, pem, util
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]10
11from .unittest_data import DataDecorator, data
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]12
13if sys.version_info < (3,):
14 byte_cls = str
15else:
16 byte_cls = bytes
17
18
19tests_root = os.path.dirname(__file__)
20fixtures_dir = os.path.join(tests_root, 'fixtures')
21
22
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]23@DataDecorator
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]24class X509Tests(unittest.TestCase):
25
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]26 def _load_cert(self, relative_path):
27 with open(os.path.join(fixtures_dir, relative_path), 'rb') as f:
28 cert_bytes = f.read()
29 if pem.detect(cert_bytes):
30 _, _, cert_bytes = pem.unarmor(cert_bytes)
31 return x509.Certificate.load(cert_bytes)
wbond8bb77d02015-07-13 17:44:29 -0400[diff] [blame]32
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]33 #pylint: disable=C0326
34 @staticmethod
wbondf4645722015-07-22 12:36:37 -0400[diff] [blame]35 def ip_address_info():
36 return (
37 ('127.0.0.1', b'\x04\x04\x7F\x00\x00\x01'),
38 ('255.255.255.255', b'\x04\x04\xFF\xFF\xFF\xFF'),
39 ('127.0.0.1/28', b'\x04\x08\x7F\x00\x00\x01\xFF\xFF\xFF\xF0'),
40 ('255.255.255.255/0', b'\x04\x08\xFF\xFF\xFF\xFF\x00\x00\x00\x00'),
41 ('af::ed', b'\x04\x10\x00\xAF\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xED'),
42 ('af::ed/128', b'\x04\x20\x00\xAF\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xED\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF'),
43 ('af::ed/0', b'\x04\x20\x00\xAF\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xED\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'),
44 )
45
46 @data('ip_address_info')
47 def ip_address(self, unicode_string, der_bytes):
48 self.assertEqual(der_bytes, x509.IPAddress(unicode_string).dump())
49 self.assertEqual(unicode_string, x509.IPAddress.load(der_bytes).native)
50
51 #pylint: disable=C0326
52 @staticmethod
wbond35701c92015-08-07 13:45:21 -0400[diff] [blame]53 def compare_dnsname_info():
54 return (
55 ('google.com', 'google.com', True),
56 ('google.com', 'Google.com', True),
57 ('Bücher.ch', b'\x16\x10xn--bcher-kva.ch', True),
58 ('google.com', b'\x16\x0AGoogle.com', True),
59 ('google.com', b'\x16\x09Google.co', False),
60 )
61
62 @data('compare_dnsname_info')
63 def compare_dnsname(self, domain_one, domain_two, equal):
64 one = x509.DNSName(domain_one)
65 if isinstance(domain_two, byte_cls):
66 two = x509.DNSName.load(domain_two)
67 else:
68 two = x509.DNSName(domain_two)
69 if equal:
70 self.assertEqual(one, two)
71 else:
72 self.assertNotEqual(one, two)
73
74 #pylint: disable=C0326
75 @staticmethod
76 def compare_uri_info():
77 return (
78 ('http://google.com', 'http://google.com', True),
79 ('http://google.com/', 'http://Google.com', True),
80 ('http://google.com:80', 'http://google.com', True),
81 ('https://google.com', 'https://google.com:443/', True),
82 ('http://google.com/%41%42%43', 'http://google.com/ABC', True),
83 ('http://google.com/%41%42%43', 'http://google.com/abc', False),
84 ('http://google.com/%41%42%43/', 'http://google.com/ABC%2F', False),
85 )
86
87 @data('compare_uri_info')
88 def compare_uri(self, uri_one, uri_two, equal):
89 one = x509.URI(uri_one)
90 if isinstance(uri_two, byte_cls):
91 two = x509.URI.load(uri_two)
92 else:
93 two = x509.URI(uri_two)
94 if equal:
95 self.assertEqual(one, two)
96 else:
97 self.assertNotEqual(one, two)
98
99 #pylint: disable=C0326
100 @staticmethod
101 def compare_email_address_info():
102 return (
103 ('john@google.com', 'john@google.com', True),
104 ('john@google.com', 'john@Google.com', True),
105 ('john@google.com', 'John@google.com', False),
106 ('john@Bücher.ch', b'\x16\x15john@xn--bcher-kva.ch', True),
107 ('John@Bücher.ch', b'\x16\x15john@xn--bcher-kva.ch', False),
108 ('john@google.com', b'\x16\x0Fjohn@Google.com', True),
109 ('john@google.com', b'\x16\x0FJohn@google.com', False),
110 ('john@google.com', b'\x16\x0Ejohn@Google.co', False),
111 )
112
113 @data('compare_email_address_info')
114 def compare_email_address(self, email_one, email_two, equal):
115 one = x509.EmailAddress(email_one)
116 if isinstance(email_two, byte_cls):
117 two = x509.EmailAddress.load(email_two)
118 else:
119 two = x509.EmailAddress(email_two)
120 if equal:
121 self.assertEqual(one, two)
122 else:
123 self.assertNotEqual(one, two)
124
125 #pylint: disable=C0326
126 @staticmethod
127 def compare_ip_address_info():
128 return (
129 ('127.0.0.1', '127.0.0.1', True),
130 ('127.0.0.1', '127.0.0.2', False),
131 ('127.0.0.1', '127.0.0.1/32', False),
132 ('127.0.0.1/32', b'\x04\x08\x7F\x00\x00\x01\xFF\xFF\xFF\xFF', True),
133 ('127.0.0.1', b'\x04\x08\x7F\x00\x00\x01\xFF\xFF\xFF\xFF', False),
134 )
135
136 @data('compare_ip_address_info')
137 def compare_ip_address(self, email_one, email_two, equal):
138 one = x509.IPAddress(email_one)
139 if isinstance(email_two, byte_cls):
140 two = x509.IPAddress.load(email_two)
141 else:
142 two = x509.IPAddress(email_two)
143 if equal:
144 self.assertEqual(one, two)
145 else:
146 self.assertNotEqual(one, two)
147
148 #pylint: disable=C0326
149 @staticmethod
wbondfd65d602015-07-23 07:16:44 -0400[diff] [blame]150 def compare_name_info():
151 return (
152 (
153 True,
154 x509.Name.build({
155 'common_name': 'Will Bond'
156 }),
157 x509.Name.build({
158 'common_name': 'will bond'
159 })
160 ),
161 (
162 True,
163 x509.Name.build({
164 'common_name': 'Will Bond'
165 }),
166 x509.Name.build({
167 'common_name': 'will\tbond'
168 })
169 ),
170 (
wbond3ce3aec2015-07-27 10:23:19 -0400[diff] [blame]171 True,
172 x509.Name.build({
173 'common_name': 'Will Bond'
174 }),
175 x509.Name.build({
176 'common_name': 'Will Bond \U0001D173\U000E007F'
177 })
178 ),
179 (
wbondfd65d602015-07-23 07:16:44 -0400[diff] [blame]180 False,
181 x509.Name.build({
182 'country_name': 'US',
183 'common_name': 'Will Bond'
184 }),
185 x509.Name.build({
186 'country_name': 'US',
187 'state_or_province_name': 'Massachusetts',
188 'common_name': 'Will Bond'
189 })
190 ),
191 )
192
193 @data('compare_name_info')
194 def compare_name(self, are_equal, general_name_1, general_name_2):
195 if are_equal:
196 self.assertEqual(general_name_1, general_name_2)
197 else:
198 self.assertNotEqual(general_name_1, general_name_2)
199
200 #pylint: disable=C0326
201 @staticmethod
wbond1cfca232015-07-20 08:51:58 -0400[diff] [blame]202 def signature_algo_info():
203 return (
204 ('keys/test-der.crt', 'rsassa_pkcs1v15', 'sha256'),
205 ('keys/test-inter-der.crt', 'rsassa_pkcs1v15', 'sha256'),
206 ('keys/test-dsa-der.crt', 'dsa', 'sha256'),
207 ('keys/test-third-der.crt', 'rsassa_pkcs1v15', 'sha256'),
208 ('keys/test-ec-der.crt', 'ecdsa', 'sha256'),
209 )
210
211 @data('signature_algo_info')
212 def signature_algo(self, relative_path, signature_algo, hash_algo):
213 cert = self._load_cert(relative_path)
214 self.assertEqual(signature_algo, cert['signature_algorithm'].signature_algo)
215 self.assertEqual(hash_algo, cert['signature_algorithm'].hash_algo)
216
217 #pylint: disable=C0326
218 @staticmethod
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]219 def critical_extensions_info():
220 return (
wbond2fde6452015-07-23 10:54:13 -0400[diff] [blame]221 ('keys/test-der.crt', set()),
222 ('keys/test-inter-der.crt', set()),
223 ('keys/test-third-der.crt', set()),
wbond407e9e32015-08-24 09:35:28 -0400[diff] [blame^]224 ('geotrust_certs/GeoTrust_Universal_CA.crt', set(['basic_constraints', 'key_usage'])),
225 ('geotrust_certs/GeoTrust_Primary_CA.crt', set(['basic_constraints', 'key_usage'])),
226 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', set(['basic_constraints', 'key_usage'])),
227 ('geotrust_certs/codex.crt', set(['key_usage'])),
228 ('lets_encrypt/isrgrootx1.pem', set(['key_usage', 'basic_constraints'])),
229 ('lets_encrypt/letsencryptauthorityx1.pem', set(['key_usage', 'basic_constraints'])),
230 ('lets_encrypt/letsencryptauthorityx2.pem', set(['key_usage', 'basic_constraints'])),
231 ('globalsign_example_keys/IssuingCA-der.cer', set(['basic_constraints', 'key_usage'])),
232 ('globalsign_example_keys/rootCA.cer', set(['basic_constraints', 'key_usage'])),
233 ('globalsign_example_keys/SSL1.cer', set(['key_usage', 'extended_key_usage', 'basic_constraints'])),
234 ('globalsign_example_keys/SSL2.cer', set(['key_usage', 'extended_key_usage', 'basic_constraints'])),
235 ('globalsign_example_keys/SSL3.cer', set(['key_usage', 'extended_key_usage', 'basic_constraints'])),
wbond8bb77d02015-07-13 17:44:29 -0400[diff] [blame]236 )
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]237
238 @data('critical_extensions_info')
239 def critical_extensions(self, relative_path, critical_extensions):
240 cert = self._load_cert(relative_path)
241 self.assertEqual(critical_extensions, cert.critical_extensions)
242
243 #pylint: disable=C0326
244 @staticmethod
245 def key_identifier_value_info():
246 return (
247 ('keys/test-der.crt', b'\xbeB\x85=\xcc\xff\xe3\xf9(\x02\x8f~XV\xb4\xfd\x03\\\xeaK'),
248 ('keys/test-inter-der.crt', b'\xd2\n\xfd.%\xd1\xb7!\xd7P~\xbb\xa4}\xbf4\xefR^\x02'),
249 ('keys/test-third-der.crt', b'D8\xe0\xe0&\x85\xbf\x98\x86\xdc\x1b\xe1\x1d\xf520\xbe\xab\xac\r'),
250 ('geotrust_certs/GeoTrust_Universal_CA.crt', b'\xda\xbb.\xaa\xb0\x0c\xb8\x88&Qt\\m\x03\xd3\xc0\xd8\x8fz\xd6'),
251 ('geotrust_certs/GeoTrust_Primary_CA.crt', b',\xd5PA\x97\x15\x8b\xf0\x8f6a[J\xfbk\xd9\x99\xc93\x92'),
252 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', b'\xde\xcf\\P\xb7\xae\x02\x1f\x15\x17\xaa\x16\xe8\r\xb5(\x9djZ\xf3'),
253 ('geotrust_certs/codex.crt', None),
254 ('lets_encrypt/isrgrootx1.pem', b'y\xb4Y\xe6{\xb6\xe5\xe4\x01s\x80\x08\x88\xc8\x1aX\xf6\xe9\x9bn'),
255 ('lets_encrypt/letsencryptauthorityx1.pem', b'\xa8Jjc\x04}\xdd\xba\xe6\xd19\xb7\xa6Ee\xef\xf3\xa8\xec\xa1'),
256 ('lets_encrypt/letsencryptauthorityx2.pem', b'\xc5\xb1\xabNL\xb1\xcdd0\x93~\xc1\x84\x99\x05\xab\xe6\x03\xe2%'),
257 ('globalsign_example_keys/IssuingCA-der.cer', b"'\xf8/\xe9]\xd7\r\xf4\xa8\xea\x87\x99=\xfd\x8e\xb3\x9e@\xd0\x91"),
258 ('globalsign_example_keys/rootCA.cer', b'd|\\\xe1\xe0`8NH\x9f\x05\xbcUc~?\xaeM\xf7\x1e'),
259 ('globalsign_example_keys/SSL1.cer', b'\x94a\x04\x92\x04L\xe6\xffh\xa8\x96\xafy\xd2\xf32\x84\xae[\xcf'),
260 ('globalsign_example_keys/SSL2.cer', b'\xd2\xb7\x15\x7fd0\x07(p\x83\xca(\xfa\x88\x96\xde\x9e\xfc\x8a='),
261 ('globalsign_example_keys/SSL3.cer', b'G\xde\xa4\xe7\xea`\xe7\xee6\xc8\xf1\xd5\xb0F\x07\x07\x9eBh\xce'),
wbond8bb77d02015-07-13 17:44:29 -0400[diff] [blame]262 )
wbond8bb77d02015-07-13 17:44:29 -0400[diff] [blame]263
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]264 @data('key_identifier_value_info')
265 def key_identifier_value(self, relative_path, key_identifier_value):
266 cert = self._load_cert(relative_path)
267 value = cert.key_identifier_value
268 self.assertEqual(key_identifier_value, value.native if value else None)
wbond8bb77d02015-07-13 17:44:29 -0400[diff] [blame]269
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]270 #pylint: disable=C0326
271 @staticmethod
272 def key_usage_value_info():
273 return (
274 ('keys/test-der.crt', None),
275 ('keys/test-inter-der.crt', None),
276 ('keys/test-third-der.crt', None),
277 (
278 'geotrust_certs/GeoTrust_Universal_CA.crt',
wbond407e9e32015-08-24 09:35:28 -0400[diff] [blame^]279 set(['digital_signature', 'key_cert_sign', 'crl_sign'])
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]280 ),
281 (
282 'geotrust_certs/GeoTrust_Primary_CA.crt',
wbond407e9e32015-08-24 09:35:28 -0400[diff] [blame^]283 set(['key_cert_sign', 'crl_sign'])
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]284 ),
285 (
286 'geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt',
wbond407e9e32015-08-24 09:35:28 -0400[diff] [blame^]287 set(['key_cert_sign', 'crl_sign'])
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]288 ),
289 (
290 'geotrust_certs/codex.crt',
wbond407e9e32015-08-24 09:35:28 -0400[diff] [blame^]291 set(['digital_signature', 'key_encipherment'])
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]292 ),
293 (
294 'lets_encrypt/isrgrootx1.pem',
wbond407e9e32015-08-24 09:35:28 -0400[diff] [blame^]295 set(['key_cert_sign', 'crl_sign'])
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]296 ),
297 (
298 'lets_encrypt/letsencryptauthorityx1.pem',
wbond407e9e32015-08-24 09:35:28 -0400[diff] [blame^]299 set(['digital_signature', 'key_cert_sign', 'crl_sign'])
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]300 ),
301 (
302 'lets_encrypt/letsencryptauthorityx2.pem',
wbond407e9e32015-08-24 09:35:28 -0400[diff] [blame^]303 set(['digital_signature', 'key_cert_sign', 'crl_sign'])
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]304 ),
305 (
306 'globalsign_example_keys/IssuingCA-der.cer',
wbond407e9e32015-08-24 09:35:28 -0400[diff] [blame^]307 set(['key_cert_sign', 'crl_sign'])
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]308 ),
309 (
310 'globalsign_example_keys/rootCA.cer',
wbond407e9e32015-08-24 09:35:28 -0400[diff] [blame^]311 set(['key_cert_sign', 'crl_sign'])
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]312 ),
313 (
314 'globalsign_example_keys/SSL1.cer',
wbond407e9e32015-08-24 09:35:28 -0400[diff] [blame^]315 set(['digital_signature', 'key_encipherment'])
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]316 ),
317 (
318 'globalsign_example_keys/SSL2.cer',
wbond407e9e32015-08-24 09:35:28 -0400[diff] [blame^]319 set(['digital_signature', 'key_encipherment'])
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]320 ),
321 (
322 'globalsign_example_keys/SSL3.cer',
wbond407e9e32015-08-24 09:35:28 -0400[diff] [blame^]323 set(['digital_signature', 'key_encipherment'])
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]324 ),
325 )
326
327 @data('key_usage_value_info')
328 def key_usage_value(self, relative_path, key_usage_value):
329 cert = self._load_cert(relative_path)
330 value = cert.key_usage_value
331 self.assertEqual(key_usage_value, value.native if value else None)
332
333 #pylint: disable=C0326
334 @staticmethod
335 def subject_alt_name_value_info():
336 return (
337 ('keys/test-der.crt', None),
338 ('keys/test-inter-der.crt', None),
339 ('keys/test-third-der.crt', None),
340 ('geotrust_certs/GeoTrust_Universal_CA.crt', None),
341 ('geotrust_certs/GeoTrust_Primary_CA.crt', None),
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]342 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', [util.OrderedDict([('common_name', 'SymantecPKI-1-538')])]),
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]343 ('geotrust_certs/codex.crt', ['dev.codexns.io', 'rc.codexns.io', 'packagecontrol.io', 'wbond.net', 'codexns.io']),
344 ('lets_encrypt/isrgrootx1.pem', None),
345 ('lets_encrypt/letsencryptauthorityx1.pem', None),
346 ('lets_encrypt/letsencryptauthorityx2.pem', None),
347 ('globalsign_example_keys/IssuingCA-der.cer', None),
348 ('globalsign_example_keys/rootCA.cer', None),
349 ('globalsign_example_keys/SSL1.cer', ['anything.example.com']),
350 ('globalsign_example_keys/SSL2.cer', ['anything.example.com']),
351 ('globalsign_example_keys/SSL3.cer', None),
352 )
353
354 @data('subject_alt_name_value_info')
355 def subject_alt_name_value(self, relative_path, subject_alt_name_value):
356 cert = self._load_cert(relative_path)
357 value = cert.subject_alt_name_value
358 self.assertEqual(subject_alt_name_value, value.native if value else None)
359
360 #pylint: disable=C0326
361 @staticmethod
362 def basic_constraints_value_info():
363 return (
364 ('keys/test-der.crt', {'ca': True, 'path_len_constraint': None}),
365 ('keys/test-inter-der.crt', {'ca': True, 'path_len_constraint': None}),
366 ('keys/test-third-der.crt', None),
367 ('geotrust_certs/GeoTrust_Universal_CA.crt', {'ca': True, 'path_len_constraint': None}),
368 ('geotrust_certs/GeoTrust_Primary_CA.crt', {'ca': True, 'path_len_constraint': None}),
369 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', {'ca': True, 'path_len_constraint': 0}),
370 ('geotrust_certs/codex.crt', {'ca': False, 'path_len_constraint': None}),
371 ('lets_encrypt/isrgrootx1.pem', {'ca': True, 'path_len_constraint': None}),
372 ('lets_encrypt/letsencryptauthorityx1.pem', {'ca': True, 'path_len_constraint': 0}),
373 ('lets_encrypt/letsencryptauthorityx2.pem', {'ca': True, 'path_len_constraint': 0}),
374 ('globalsign_example_keys/IssuingCA-der.cer', {'ca': True, 'path_len_constraint': None}),
375 ('globalsign_example_keys/rootCA.cer', {'ca': True, 'path_len_constraint': None}),
376 ('globalsign_example_keys/SSL1.cer', {'ca': False, 'path_len_constraint': None}),
377 ('globalsign_example_keys/SSL2.cer', {'ca': False, 'path_len_constraint': None}),
378 ('globalsign_example_keys/SSL3.cer', {'ca': False, 'path_len_constraint': None}),
379 )
380
381 @data('basic_constraints_value_info')
382 def basic_constraints_value(self, relative_path, basic_constraints_value):
383 cert = self._load_cert(relative_path)
384 value = cert.basic_constraints_value
385 self.assertEqual(basic_constraints_value, value.native if value else None)
386
387 #pylint: disable=C0326
388 @staticmethod
389 def name_constraints_value_info():
390 return (
391 ('keys/test-der.crt', None),
392 ('keys/test-inter-der.crt', None),
393 ('keys/test-third-der.crt', None),
394 ('geotrust_certs/GeoTrust_Universal_CA.crt', None),
395 ('geotrust_certs/GeoTrust_Primary_CA.crt', None),
396 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', None),
397 ('geotrust_certs/codex.crt', None),
398 ('lets_encrypt/isrgrootx1.pem', None),
399 ('lets_encrypt/letsencryptauthorityx1.pem', None),
400 ('lets_encrypt/letsencryptauthorityx2.pem', None),
401 (
402 'globalsign_example_keys/IssuingCA-der.cer',
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]403 util.OrderedDict([
wbond8bb77d02015-07-13 17:44:29 -0400[diff] [blame]404 (
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]405 'permitted_subtrees',
wbond8bb77d02015-07-13 17:44:29 -0400[diff] [blame]406 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]407 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]408 ('base', 'onlythis.com'),
409 ('minimum', 0),
410 ('maximum', None)
411 ]),
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]412 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]413 (
414 'base',
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]415 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]416 ('country_name', 'US'),
417 ('state_or_province_name', 'MA'),
418 ('locality_name', 'Boston'),
419 ('organization_name', 'Example LLC')
420 ])
421 ),
422 ('minimum', 0),
423 ('maximum', None)
wbond8bb77d02015-07-13 17:44:29 -0400[diff] [blame]424 ])
425 ]
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]426 ),
427 (
428 'excluded_subtrees',
429 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]430 util.OrderedDict([
wbondf4645722015-07-22 12:36:37 -0400[diff] [blame]431 ('base', '0.0.0.0/0'),
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]432 ('minimum', 0),
433 ('maximum', None)
434 ]),
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]435 util.OrderedDict([
wbondf4645722015-07-22 12:36:37 -0400[diff] [blame]436 ('base', '::/0'),
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]437 ('minimum', 0),
438 ('maximum', None)
439 ])
440 ]
441 ),
wbond8bb77d02015-07-13 17:44:29 -0400[diff] [blame]442 ])
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]443 ),
444 ('globalsign_example_keys/rootCA.cer', None),
445 ('globalsign_example_keys/SSL1.cer', None),
446 ('globalsign_example_keys/SSL2.cer', None),
447 ('globalsign_example_keys/SSL3.cer', None),
wbond8bb77d02015-07-13 17:44:29 -0400[diff] [blame]448 )
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]449
450 @data('name_constraints_value_info')
451 def name_constraints_value(self, relative_path, name_constraints_value):
452 cert = self._load_cert(relative_path)
453 value = cert.name_constraints_value
454 self.assertEqual(name_constraints_value, value.native if value else None)
455
456 #pylint: disable=C0326
457 @staticmethod
458 def crl_distribution_points_value_info():
459 return (
460 ('keys/test-der.crt', None),
461 ('keys/test-inter-der.crt', None),
462 ('keys/test-third-der.crt', None),
463 ('geotrust_certs/GeoTrust_Universal_CA.crt', None),
464 ('geotrust_certs/GeoTrust_Primary_CA.crt', None),
465 (
466 'geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt',
467 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]468 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]469 ('distribution_point', ['http://g1.symcb.com/GeoTrustPCA.crl']),
470 ('reasons', None),
471 ('crl_issuer', None)
472 ])
473 ]
474 ),
475 (
476 'geotrust_certs/codex.crt',
477 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]478 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]479 ('distribution_point', ['http://gm.symcb.com/gm.crl']),
480 ('reasons', None),
481 ('crl_issuer', None)
482 ])
483 ]
484 ),
485 ('lets_encrypt/isrgrootx1.pem', None),
486 (
487 'lets_encrypt/letsencryptauthorityx1.pem',
488 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]489 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]490 ('distribution_point', ['http://crl.root-x1.letsencrypt.org']),
491 ('reasons', None),
492 ('crl_issuer', None)
493 ])
494 ]
495 ),
496 (
497 'lets_encrypt/letsencryptauthorityx2.pem',
498 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]499 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]500 ('distribution_point', ['http://crl.root-x1.letsencrypt.org']),
501 ('reasons', None),
502 ('crl_issuer', None)
503 ])
504 ]
505 ),
506 (
507 'globalsign_example_keys/IssuingCA-der.cer',
508 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]509 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]510 ('distribution_point', ['http://crl.globalsign.com/gs/trustrootcatg2.crl']),
511 ('reasons', None),
512 ('crl_issuer', None)
513 ])
514 ]),
515 (
516 'globalsign_example_keys/rootCA.cer',
517 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]518 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]519 ('distribution_point', ['http://crl.globalsign.com/gs/trustrootcatg2.crl']),
520 ('reasons', None),
521 ('crl_issuer', None)
522 ])
523 ]),
524 ('globalsign_example_keys/SSL1.cer', None),
525 ('globalsign_example_keys/SSL2.cer', None),
526 ('globalsign_example_keys/SSL3.cer', None),
527 )
528
529 @data('crl_distribution_points_value_info')
530 def crl_distribution_points_value(self, relative_path, crl_distribution_points_value):
531 cert = self._load_cert(relative_path)
532 value = cert.crl_distribution_points_value
533 self.assertEqual(crl_distribution_points_value, value.native if value else None)
534
535 #pylint: disable=C0326
536 @staticmethod
537 def certificate_policies_value_info():
538 return (
539 ('keys/test-der.crt', None),
540 ('keys/test-inter-der.crt', None),
541 ('keys/test-third-der.crt', None),
542 ('geotrust_certs/GeoTrust_Universal_CA.crt', None),
543 ('geotrust_certs/GeoTrust_Primary_CA.crt', None),
544 (
545 'geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt',
546 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]547 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]548 ('policy_identifier', 'any_policy'),
549 (
550 'policy_qualifiers',
551 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]552 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]553 ('policy_qualifier_id', 'certification_practice_statement'),
554 ('qualifier', 'https://www.geotrust.com/resources/cps')
555 ])
556 ]
557 )
558 ])
559 ]
560 ),
561 (
562 'geotrust_certs/codex.crt',
563 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]564 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]565 ('policy_identifier', '1.3.6.1.4.1.14370.1.6'),
566 (
567 'policy_qualifiers',
568 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]569 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]570 ('policy_qualifier_id', 'certification_practice_statement'),
571 ('qualifier', 'https://www.geotrust.com/resources/repository/legal')
572 ]),
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]573 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]574 ('policy_qualifier_id', 'user_notice'),
575 (
576 'qualifier',
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]577 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]578 ('notice_ref', None),
579 ('explicit_text', 'https://www.geotrust.com/resources/repository/legal')
580 ])
581 )
582 ])
583 ]
584 )
585 ])
586 ]
587 ),
588 ('lets_encrypt/isrgrootx1.pem', None),
589 (
590 'lets_encrypt/letsencryptauthorityx1.pem',
591 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]592 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]593 ('policy_identifier', '2.23.140.1.2.1'),
594 ('policy_qualifiers', None)
595 ]),
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]596 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]597 ('policy_identifier', '1.3.6.1.4.1.44947.1.1.1'),
598 (
599 'policy_qualifiers',
600 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]601 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]602 ('policy_qualifier_id', 'certification_practice_statement'),
603 ('qualifier', 'http://cps.root-x1.letsencrypt.org')
604 ])
605 ]
606 )
607 ])
608 ]
609 ),
610 (
611 'lets_encrypt/letsencryptauthorityx2.pem',
612 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]613 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]614 ('policy_identifier', '2.23.140.1.2.1'),
615 ('policy_qualifiers', None)
616 ]),
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]617 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]618 ('policy_identifier', '1.3.6.1.4.1.44947.1.1.1'),
619 (
620 'policy_qualifiers',
621 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]622 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]623 ('policy_qualifier_id', 'certification_practice_statement'),
624 ('qualifier', 'http://cps.root-x1.letsencrypt.org')
625 ])
626 ]
627 )
628 ])
629 ]
630 ),
631 (
632 'globalsign_example_keys/IssuingCA-der.cer',
633 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]634 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]635 ('policy_identifier', '1.3.6.1.4.1.4146.1.60'),
636 (
637 'policy_qualifiers',
638 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]639 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]640 ('policy_qualifier_id', 'certification_practice_statement'),
641 ('qualifier', 'https://www.globalsign.com/repository/')
642 ])
643 ]
644 )
645 ])
646 ]
647 ),
648 ('globalsign_example_keys/rootCA.cer', None),
649 (
650 'globalsign_example_keys/SSL1.cer',
651 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]652 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]653 ('policy_identifier', '1.3.6.1.4.1.4146.1.60'),
654 (
655 'policy_qualifiers',
656 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]657 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]658 ('policy_qualifier_id', 'certification_practice_statement'),
659 ('qualifier', 'https://www.globalsign.com/repository/')
660 ])
661 ]
662 )
663 ])
664 ]
665 ),
666 (
667 'globalsign_example_keys/SSL2.cer',
668 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]669 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]670 ('policy_identifier', '1.3.6.1.4.1.4146.1.60'),
671 (
672 'policy_qualifiers',
673 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]674 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]675 ('policy_qualifier_id', 'certification_practice_statement'),
676 ('qualifier', 'https://www.globalsign.com/repository/')
677 ])
678 ]
679 )
680 ])
681 ]
682 ),
683 (
684 'globalsign_example_keys/SSL3.cer',
685 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]686 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]687 ('policy_identifier', '1.3.6.1.4.1.4146.1.60'),
688 (
689 'policy_qualifiers',
690 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]691 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]692 ('policy_qualifier_id', 'certification_practice_statement'),
693 ('qualifier', 'https://www.globalsign.com/repository/')
694 ])
695 ]
696 )
697 ])
698 ]
699 ),
700 )
701
702 @data('certificate_policies_value_info')
703 def certificate_policies_value(self, relative_path, certificate_policies_value):
704 cert = self._load_cert(relative_path)
705 value = cert.certificate_policies_value
706 self.assertEqual(certificate_policies_value, value.native if value else None)
707
708 #pylint: disable=C0326
709 @staticmethod
710 def policy_mappings_value_info():
711 return (
712 ('keys/test-der.crt', None),
713 ('keys/test-inter-der.crt', None),
714 ('keys/test-third-der.crt', None),
715 ('geotrust_certs/GeoTrust_Universal_CA.crt', None),
716 ('geotrust_certs/GeoTrust_Primary_CA.crt', None),
717 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', None),
718 ('geotrust_certs/codex.crt', None),
719 ('lets_encrypt/isrgrootx1.pem', None),
720 ('lets_encrypt/letsencryptauthorityx1.pem', None),
721 ('lets_encrypt/letsencryptauthorityx2.pem', None),
722 ('globalsign_example_keys/IssuingCA-der.cer', None),
723 ('globalsign_example_keys/rootCA.cer', None),
724 ('globalsign_example_keys/SSL1.cer', None),
725 ('globalsign_example_keys/SSL2.cer', None),
726 ('globalsign_example_keys/SSL3.cer', None),
727 )
728
729 @data('policy_mappings_value_info')
730 def policy_mappings_value(self, relative_path, policy_mappings_value):
731 cert = self._load_cert(relative_path)
732 value = cert.policy_mappings_value
733 self.assertEqual(policy_mappings_value, value.native if value else None)
734
735 #pylint: disable=C0326
736 @staticmethod
737 def authority_key_identifier_value_info():
738 return (
739 (
740 'keys/test-der.crt',
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]741 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]742 ('key_identifier', b'\xbeB\x85=\xcc\xff\xe3\xf9(\x02\x8f~XV\xb4\xfd\x03\\\xeaK'),
743 (
744 'authority_cert_issuer',
745 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]746 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]747 ('country_name', 'US'),
748 ('state_or_province_name', 'Massachusetts'),
749 ('locality_name', 'Newbury'),
750 ('organization_name', 'Codex Non Sufficit LC'),
751 ('organizational_unit_name', 'Testing'),
752 ('common_name', 'Will Bond'),
753 ('email_address', 'will@codexns.io')
754 ])
755 ]
756 ),
757 ('authority_cert_serial_number', 13683582341504654466)
wbond08c60fa2015-07-13 23:02:13 -0400[diff] [blame]758 ])
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]759 ),
760 (
761 'keys/test-inter-der.crt',
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]762 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]763 ('key_identifier', b'\xbeB\x85=\xcc\xff\xe3\xf9(\x02\x8f~XV\xb4\xfd\x03\\\xeaK'),
764 ('authority_cert_issuer', None),
765 ('authority_cert_serial_number', None)
766 ])
767 ),
768 (
769 'keys/test-third-der.crt',
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]770 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]771 ('key_identifier', b'\xd2\n\xfd.%\xd1\xb7!\xd7P~\xbb\xa4}\xbf4\xefR^\x02'),
772 ('authority_cert_issuer', None),
773 ('authority_cert_serial_number', None)
774 ])
775 ),
776 (
777 'geotrust_certs/GeoTrust_Universal_CA.crt',
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]778 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]779 ('key_identifier', b'\xda\xbb.\xaa\xb0\x0c\xb8\x88&Qt\\m\x03\xd3\xc0\xd8\x8fz\xd6'),
780 ('authority_cert_issuer', None),
781 ('authority_cert_serial_number', None)
782 ])
783 ),
784 (
785 'geotrust_certs/GeoTrust_Primary_CA.crt',
786 None
787 ),
788 (
789 'geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt',
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]790 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]791 ('key_identifier', b',\xd5PA\x97\x15\x8b\xf0\x8f6a[J\xfbk\xd9\x99\xc93\x92'),
792 ('authority_cert_issuer', None),
793 ('authority_cert_serial_number', None)
794 ])
795 ),
796 (
797 'geotrust_certs/codex.crt',
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]798 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]799 ('key_identifier', b'\xde\xcf\\P\xb7\xae\x02\x1f\x15\x17\xaa\x16\xe8\r\xb5(\x9djZ\xf3'),
800 ('authority_cert_issuer', None),
801 ('authority_cert_serial_number', None)
802 ])
803 ),
804 (
805 'lets_encrypt/isrgrootx1.pem',
806 None
807 ),
808 (
809 'lets_encrypt/letsencryptauthorityx1.pem',
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]810 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]811 ('key_identifier', b'y\xb4Y\xe6{\xb6\xe5\xe4\x01s\x80\x08\x88\xc8\x1aX\xf6\xe9\x9bn'),
812 ('authority_cert_issuer', None),
813 ('authority_cert_serial_number', None)
814 ])
815 ),
816 (
817 'lets_encrypt/letsencryptauthorityx2.pem',
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]818 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]819 ('key_identifier', b'y\xb4Y\xe6{\xb6\xe5\xe4\x01s\x80\x08\x88\xc8\x1aX\xf6\xe9\x9bn'),
820 ('authority_cert_issuer', None),
821 ('authority_cert_serial_number', None)
822 ])
823 ),
824 (
825 'globalsign_example_keys/IssuingCA-der.cer',
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]826 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]827 ('key_identifier', b'd|\\\xe1\xe0`8NH\x9f\x05\xbcUc~?\xaeM\xf7\x1e'),
828 ('authority_cert_issuer', None),
829 ('authority_cert_serial_number', None)
830 ])
831 ),
832 (
833 'globalsign_example_keys/rootCA.cer',
834 None
835 ),
836 (
837 'globalsign_example_keys/SSL1.cer',
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]838 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]839 ('key_identifier', b"'\xf8/\xe9]\xd7\r\xf4\xa8\xea\x87\x99=\xfd\x8e\xb3\x9e@\xd0\x91"),
840 ('authority_cert_issuer', None),
841 ('authority_cert_serial_number', None)
842 ])
843 ),
844 (
845 'globalsign_example_keys/SSL2.cer',
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]846 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]847 ('key_identifier', b"'\xf8/\xe9]\xd7\r\xf4\xa8\xea\x87\x99=\xfd\x8e\xb3\x9e@\xd0\x91"),
848 ('authority_cert_issuer', None),
849 ('authority_cert_serial_number', None)
850 ])
851 ),
852 (
853 'globalsign_example_keys/SSL3.cer',
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]854 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]855 ('key_identifier', b"'\xf8/\xe9]\xd7\r\xf4\xa8\xea\x87\x99=\xfd\x8e\xb3\x9e@\xd0\x91"),
856 ('authority_cert_issuer', None),
857 ('authority_cert_serial_number', None)
858 ])
859 ),
wbond08c60fa2015-07-13 23:02:13 -0400[diff] [blame]860 )
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]861
862 @data('authority_key_identifier_value_info')
863 def authority_key_identifier_value(self, relative_path, authority_key_identifier_value):
864 cert = self._load_cert(relative_path)
865 value = cert.authority_key_identifier_value
866 self.assertEqual(authority_key_identifier_value, value.native if value else None)
867
868 #pylint: disable=C0326
869 @staticmethod
870 def policy_constraints_value_info():
871 return (
872 ('keys/test-der.crt', None),
873 ('keys/test-inter-der.crt', None),
874 ('keys/test-third-der.crt', None),
875 ('geotrust_certs/GeoTrust_Universal_CA.crt', None),
876 ('geotrust_certs/GeoTrust_Primary_CA.crt', None),
877 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', None),
878 ('geotrust_certs/codex.crt', None),
879 ('lets_encrypt/isrgrootx1.pem', None),
880 ('lets_encrypt/letsencryptauthorityx1.pem', None),
881 ('lets_encrypt/letsencryptauthorityx2.pem', None),
882 ('globalsign_example_keys/IssuingCA-der.cer', None),
883 ('globalsign_example_keys/rootCA.cer', None),
884 ('globalsign_example_keys/SSL1.cer', None),
885 ('globalsign_example_keys/SSL2.cer', None),
886 ('globalsign_example_keys/SSL3.cer', None),
887 )
888
889 @data('policy_constraints_value_info')
890 def policy_constraints_value(self, relative_path, policy_constraints_value):
891 cert = self._load_cert(relative_path)
892 value = cert.policy_constraints_value
893 self.assertEqual(policy_constraints_value, value.native if value else None)
894
895 #pylint: disable=C0326
896 @staticmethod
897 def extended_key_usage_value_info():
898 return (
899 ('keys/test-der.crt', None),
900 ('keys/test-inter-der.crt', None),
901 ('keys/test-third-der.crt', None),
902 ('geotrust_certs/GeoTrust_Universal_CA.crt', None),
903 ('geotrust_certs/GeoTrust_Primary_CA.crt', None),
904 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', None),
905 ('geotrust_certs/codex.crt', ['server_auth', 'client_auth']),
906 ('lets_encrypt/isrgrootx1.pem', None),
907 ('lets_encrypt/letsencryptauthorityx1.pem', None),
908 ('lets_encrypt/letsencryptauthorityx2.pem', None),
909 ('globalsign_example_keys/IssuingCA-der.cer', None),
910 ('globalsign_example_keys/rootCA.cer', None),
911 ('globalsign_example_keys/SSL1.cer', ['server_auth', 'client_auth']),
912 ('globalsign_example_keys/SSL2.cer', ['server_auth', 'client_auth']),
913 ('globalsign_example_keys/SSL3.cer', ['server_auth', 'client_auth']),
914 )
915
916 @data('extended_key_usage_value_info')
917 def extended_key_usage_value(self, relative_path, extended_key_usage_value):
918 cert = self._load_cert(relative_path)
919 value = cert.extended_key_usage_value
920 self.assertEqual(extended_key_usage_value, value.native if value else None)
921
922 #pylint: disable=C0326
923 @staticmethod
924 def authority_information_access_value_info():
925 return (
926 ('keys/test-der.crt', None),
927 ('keys/test-inter-der.crt', None),
928 ('keys/test-third-der.crt', None),
929 ('geotrust_certs/GeoTrust_Universal_CA.crt', None),
930 ('geotrust_certs/GeoTrust_Primary_CA.crt', None),
931 (
932 'geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt',
933 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]934 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]935 ('access_method', 'ocsp'),
936 ('access_location', 'http://g2.symcb.com')
937 ])
938 ]
939 ),
940 (
941 'geotrust_certs/codex.crt',
942 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]943 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]944 ('access_method', 'ocsp'),
945 ('access_location', 'http://gm.symcd.com')
946 ]),
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]947 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]948 ('access_method', 'ca_issuers'),
949 ('access_location', 'http://gm.symcb.com/gm.crt')
950 ]),
951 ]
952 ),
953 ('lets_encrypt/isrgrootx1.pem', None),
954 (
955 'lets_encrypt/letsencryptauthorityx1.pem',
956 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]957 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]958 ('access_method', 'ocsp'),
959 ('access_location', 'http://ocsp.root-x1.letsencrypt.org/')
960 ]),
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]961 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]962 ('access_method', 'ca_issuers'),
963 ('access_location', 'http://cert.root-x1.letsencrypt.org/')
964 ])
965 ]
966 ),
967 (
968 'lets_encrypt/letsencryptauthorityx2.pem',
969 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]970 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]971 ('access_method', 'ocsp'),
972 ('access_location', 'http://ocsp.root-x1.letsencrypt.org/')
973 ]),
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]974 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]975 ('access_method', 'ca_issuers'),
976 ('access_location', 'http://cert.root-x1.letsencrypt.org/')
977 ])
978 ]
979 ),
980 ('globalsign_example_keys/IssuingCA-der.cer', None),
981 ('globalsign_example_keys/rootCA.cer', None),
982 (
983 'globalsign_example_keys/SSL1.cer',
984 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]985 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]986 ('access_method', 'ocsp'),
987 ('access_location', 'http://ocsp.exampleovca.com/')
988 ]),
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]989 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]990 ('access_method', 'ca_issuers'),
991 ('access_location', 'http://secure.globalsign.com/cacert/trustrootcatg2.crt')
992 ])
993 ]
994 ),
995 (
996 'globalsign_example_keys/SSL2.cer',
997 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]998 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]999 ('access_method', 'ocsp'),
1000 ('access_location', 'http://ocsp.exampleovca.com/')
1001 ]),
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1002 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1003 ('access_method', 'ca_issuers'),
1004 ('access_location', 'http://secure.globalsign.com/cacert/trustrootcatg2.crt')
1005 ])
1006 ]
1007 ),
1008 (
1009 'globalsign_example_keys/SSL3.cer',
1010 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1011 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1012 ('access_method', 'ocsp'),
1013 ('access_location', 'http://ocsp.exampleovca.com/')
1014 ]),
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1015 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1016 ('access_method', 'ca_issuers'),
1017 ('access_location', 'http://secure.globalsign.com/cacert/trustrootcatg2.crt')
1018 ])
1019 ]
1020 ),
1021 )
1022
1023 @data('authority_information_access_value_info')
1024 def authority_information_access_value(self, relative_path, authority_information_access_value):
1025 cert = self._load_cert(relative_path)
1026 value = cert.authority_information_access_value
1027 self.assertEqual(authority_information_access_value, value.native if value else None)
1028
1029 #pylint: disable=C0326
1030 @staticmethod
1031 def ocsp_no_check_value_info():
1032 return (
1033 ('keys/test-der.crt', None),
1034 ('keys/test-inter-der.crt', None),
1035 ('keys/test-third-der.crt', None),
1036 ('geotrust_certs/GeoTrust_Universal_CA.crt', None),
1037 ('geotrust_certs/GeoTrust_Primary_CA.crt', None),
1038 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', None),
1039 ('geotrust_certs/codex.crt', None),
1040 ('lets_encrypt/isrgrootx1.pem', None),
1041 ('lets_encrypt/letsencryptauthorityx1.pem', None),
1042 ('lets_encrypt/letsencryptauthorityx2.pem', None),
1043 ('globalsign_example_keys/IssuingCA-der.cer', None),
1044 ('globalsign_example_keys/rootCA.cer', None),
1045 ('globalsign_example_keys/SSL1.cer', None),
1046 ('globalsign_example_keys/SSL2.cer', None),
1047 ('globalsign_example_keys/SSL3.cer', None),
1048 )
1049
1050 @data('ocsp_no_check_value_info')
1051 def ocsp_no_check_value(self, relative_path, ocsp_no_check_value):
1052 cert = self._load_cert(relative_path)
1053 value = cert.ocsp_no_check_value
1054 self.assertEqual(ocsp_no_check_value, value.native if value else None)
1055
1056 #pylint: disable=C0326
1057 @staticmethod
1058 def serial_number_info():
1059 return (
1060 ('keys/test-der.crt', 13683582341504654466),
1061 ('keys/test-inter-der.crt', 1590137),
1062 ('keys/test-third-der.crt', 2474902313),
1063 ('geotrust_certs/GeoTrust_Universal_CA.crt', 1),
1064 ('geotrust_certs/GeoTrust_Primary_CA.crt', 32798226551256963324313806436981982369),
1065 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', 146934555852773531829332059263122711876),
1066 ('geotrust_certs/codex.crt', 130338219198307073574879940486642352162),
1067 ('lets_encrypt/isrgrootx1.pem', 172886928669790476064670243504169061120),
1068 ('lets_encrypt/letsencryptauthorityx1.pem', 307817870430047279283060309415759825539),
1069 ('lets_encrypt/letsencryptauthorityx2.pem', 199666138109676817050168330923544141416),
1070 ('globalsign_example_keys/IssuingCA-der.cer', 43543335419752),
1071 ('globalsign_example_keys/rootCA.cer', 342514332211132),
1072 ('globalsign_example_keys/SSL1.cer', 425155524522),
1073 ('globalsign_example_keys/SSL2.cer', 425155524522),
1074 ('globalsign_example_keys/SSL3.cer', 425155524522),
1075 )
1076
1077 @data('serial_number_info')
1078 def serial_number(self, relative_path, serial_number):
1079 cert = self._load_cert(relative_path)
1080 self.assertEqual(serial_number, cert.serial_number)
1081
1082 #pylint: disable=C0326
1083 @staticmethod
1084 def key_identifier_info():
1085 return (
1086 ('keys/test-der.crt', b'\xbeB\x85=\xcc\xff\xe3\xf9(\x02\x8f~XV\xb4\xfd\x03\\\xeaK'),
1087 ('keys/test-inter-der.crt', b'\xd2\n\xfd.%\xd1\xb7!\xd7P~\xbb\xa4}\xbf4\xefR^\x02'),
1088 ('keys/test-third-der.crt', b'D8\xe0\xe0&\x85\xbf\x98\x86\xdc\x1b\xe1\x1d\xf520\xbe\xab\xac\r'),
1089 ('geotrust_certs/GeoTrust_Universal_CA.crt', b'\xda\xbb.\xaa\xb0\x0c\xb8\x88&Qt\\m\x03\xd3\xc0\xd8\x8fz\xd6'),
1090 ('geotrust_certs/GeoTrust_Primary_CA.crt', b',\xd5PA\x97\x15\x8b\xf0\x8f6a[J\xfbk\xd9\x99\xc93\x92'),
1091 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', b'\xde\xcf\\P\xb7\xae\x02\x1f\x15\x17\xaa\x16\xe8\r\xb5(\x9djZ\xf3'),
1092 ('geotrust_certs/codex.crt', None),
1093 ('lets_encrypt/isrgrootx1.pem', b'y\xb4Y\xe6{\xb6\xe5\xe4\x01s\x80\x08\x88\xc8\x1aX\xf6\xe9\x9bn'),
1094 ('lets_encrypt/letsencryptauthorityx1.pem', b'\xa8Jjc\x04}\xdd\xba\xe6\xd19\xb7\xa6Ee\xef\xf3\xa8\xec\xa1'),
1095 ('lets_encrypt/letsencryptauthorityx2.pem', b'\xc5\xb1\xabNL\xb1\xcdd0\x93~\xc1\x84\x99\x05\xab\xe6\x03\xe2%'),
1096 ('globalsign_example_keys/IssuingCA-der.cer', b"'\xf8/\xe9]\xd7\r\xf4\xa8\xea\x87\x99=\xfd\x8e\xb3\x9e@\xd0\x91"),
1097 ('globalsign_example_keys/rootCA.cer', b'd|\\\xe1\xe0`8NH\x9f\x05\xbcUc~?\xaeM\xf7\x1e'),
1098 ('globalsign_example_keys/SSL1.cer', b'\x94a\x04\x92\x04L\xe6\xffh\xa8\x96\xafy\xd2\xf32\x84\xae[\xcf'),
1099 ('globalsign_example_keys/SSL2.cer', b'\xd2\xb7\x15\x7fd0\x07(p\x83\xca(\xfa\x88\x96\xde\x9e\xfc\x8a='),
1100 ('globalsign_example_keys/SSL3.cer', b'G\xde\xa4\xe7\xea`\xe7\xee6\xc8\xf1\xd5\xb0F\x07\x07\x9eBh\xce'),
1101 )
1102
1103 @data('key_identifier_info')
1104 def key_identifier(self, relative_path, key_identifier):
1105 cert = self._load_cert(relative_path)
1106 self.assertEqual(key_identifier, cert.key_identifier)
1107
1108 #pylint: disable=C0326
1109 @staticmethod
1110 def issuer_serial_info():
1111 return (
1112 ('keys/test-der.crt', b'\xdd\x8a\x19x\xae`\x19=\xa7\xf8\x00\xb9\xfbx\xf8\xedu\xb8!\xf8\x8c\xdb\x1f\x99\'7w\x93\xb4\xa4\'\xa0:13683582341504654466'),
1113 ('keys/test-inter-der.crt', b'\xdd\x8a\x19x\xae`\x19=\xa7\xf8\x00\xb9\xfbx\xf8\xedu\xb8!\xf8\x8c\xdb\x1f\x99\'7w\x93\xb4\xa4\'\xa0:1590137'),
1114 ('keys/test-third-der.crt', b'\xed{\x9b\xbf\x9b\xdbd\xa4\xea\xf2#+H\x96\xcd\x80\x99\xf6\xecCM\x94\x07\x02\xe2\x18\xf3\x83\x8c8%\x01:2474902313'),
1115 ('geotrust_certs/GeoTrust_Universal_CA.crt', b'\xa1\x848\xf2\xe5w\xee\xec\xce\xfefJC+\xdf\x97\x7f\xd2Y\xe3\xdc\xa0D7~\x07\xd9\x9dzL@g:1'),
1116 ('geotrust_certs/GeoTrust_Primary_CA.crt', b'\xdcg\x0c\x80\x03\xb3D\xa0v\xe2\xee\xec\x8b\xd6\x82\x01\xf0\x13\x0cwT\xb4\x8f\x80\x0eT\x9d\xbf\xbf\xa4\x11\x80:32798226551256963324313806436981982369'),
1117 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', b'\xdcg\x0c\x80\x03\xb3D\xa0v\xe2\xee\xec\x8b\xd6\x82\x01\xf0\x13\x0cwT\xb4\x8f\x80\x0eT\x9d\xbf\xbf\xa4\x11\x80:146934555852773531829332059263122711876'),
1118 ('geotrust_certs/codex.crt', b'x\x12\xe0\x15\x00d;\xc3\xb9/\xf6\x13\n\xd8\xe2\xddY\xf7\xaf*=C\x01<\x86\xf5\x9f_\xab;e\xd1:130338219198307073574879940486642352162'),
1119 ('lets_encrypt/isrgrootx1.pem', b'\xf6\xdb/\xbd\x9d\xd8]\x92Y\xdd\xb3\xc6\xde}{/\xec?>\x0c\xef\x17a\xbc\xbf3 W\x1e-0\xf8:172886928669790476064670243504169061120'),
1120 ('lets_encrypt/letsencryptauthorityx1.pem', b'\xf6\xdb/\xbd\x9d\xd8]\x92Y\xdd\xb3\xc6\xde}{/\xec?>\x0c\xef\x17a\xbc\xbf3 W\x1e-0\xf8:307817870430047279283060309415759825539'),
1121 ('lets_encrypt/letsencryptauthorityx2.pem', b'\xf6\xdb/\xbd\x9d\xd8]\x92Y\xdd\xb3\xc6\xde}{/\xec?>\x0c\xef\x17a\xbc\xbf3 W\x1e-0\xf8:199666138109676817050168330923544141416'),
1122 ('globalsign_example_keys/IssuingCA-der.cer', b'\xd2\xe7\xca\x10\xc1\x91\x92Y^A\x11\xd3Rz\xd5\x93\x19wk\x11\xef\xaa\x9c\xad\x10\x8ak\x8a\x08-\x0c\xff:43543335419752'),
1123 ('globalsign_example_keys/rootCA.cer', b'\xd2\xe7\xca\x10\xc1\x91\x92Y^A\x11\xd3Rz\xd5\x93\x19wk\x11\xef\xaa\x9c\xad\x10\x8ak\x8a\x08-\x0c\xff:342514332211132'),
1124 ('globalsign_example_keys/SSL1.cer', b'_\xc0S\xb1\xeb}\xe3\x8e\xe4{\xdb\xd7\xe2\xd9}=3\x97|\x0c\x1e\xecz\xcc\x92u\x1f\xf0\x1d\xbc\x9f\xe4:425155524522'),
1125 ('globalsign_example_keys/SSL2.cer', b'_\xc0S\xb1\xeb}\xe3\x8e\xe4{\xdb\xd7\xe2\xd9}=3\x97|\x0c\x1e\xecz\xcc\x92u\x1f\xf0\x1d\xbc\x9f\xe4:425155524522'),
1126 ('globalsign_example_keys/SSL3.cer', b'_\xc0S\xb1\xeb}\xe3\x8e\xe4{\xdb\xd7\xe2\xd9}=3\x97|\x0c\x1e\xecz\xcc\x92u\x1f\xf0\x1d\xbc\x9f\xe4:425155524522'),
1127 )
1128
1129 @data('issuer_serial_info')
1130 def issuer_serial(self, relative_path, issuer_serial):
1131 cert = self._load_cert(relative_path)
1132 self.assertEqual(issuer_serial, cert.issuer_serial)
1133
1134 #pylint: disable=C0326
1135 @staticmethod
1136 def authority_key_identifier_info():
1137 return (
1138 ('keys/test-der.crt', b'\xbeB\x85=\xcc\xff\xe3\xf9(\x02\x8f~XV\xb4\xfd\x03\\\xeaK'),
1139 ('keys/test-inter-der.crt', b'\xbeB\x85=\xcc\xff\xe3\xf9(\x02\x8f~XV\xb4\xfd\x03\\\xeaK'),
1140 ('keys/test-third-der.crt', b'\xd2\n\xfd.%\xd1\xb7!\xd7P~\xbb\xa4}\xbf4\xefR^\x02'),
1141 ('geotrust_certs/GeoTrust_Universal_CA.crt', b'\xda\xbb.\xaa\xb0\x0c\xb8\x88&Qt\\m\x03\xd3\xc0\xd8\x8fz\xd6'),
1142 ('geotrust_certs/GeoTrust_Primary_CA.crt', None),
1143 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', b',\xd5PA\x97\x15\x8b\xf0\x8f6a[J\xfbk\xd9\x99\xc93\x92'),
1144 ('geotrust_certs/codex.crt', b'\xde\xcf\\P\xb7\xae\x02\x1f\x15\x17\xaa\x16\xe8\r\xb5(\x9djZ\xf3'),
1145 ('lets_encrypt/isrgrootx1.pem', None),
1146 ('lets_encrypt/letsencryptauthorityx1.pem', b'y\xb4Y\xe6{\xb6\xe5\xe4\x01s\x80\x08\x88\xc8\x1aX\xf6\xe9\x9bn'),
1147 ('lets_encrypt/letsencryptauthorityx2.pem', b'y\xb4Y\xe6{\xb6\xe5\xe4\x01s\x80\x08\x88\xc8\x1aX\xf6\xe9\x9bn'),
1148 ('globalsign_example_keys/IssuingCA-der.cer', b'd|\\\xe1\xe0`8NH\x9f\x05\xbcUc~?\xaeM\xf7\x1e'),
1149 ('globalsign_example_keys/rootCA.cer', None),
1150 ('globalsign_example_keys/SSL1.cer', b"'\xf8/\xe9]\xd7\r\xf4\xa8\xea\x87\x99=\xfd\x8e\xb3\x9e@\xd0\x91"),
1151 ('globalsign_example_keys/SSL2.cer', b"'\xf8/\xe9]\xd7\r\xf4\xa8\xea\x87\x99=\xfd\x8e\xb3\x9e@\xd0\x91"),
1152 ('globalsign_example_keys/SSL3.cer', b"'\xf8/\xe9]\xd7\r\xf4\xa8\xea\x87\x99=\xfd\x8e\xb3\x9e@\xd0\x91"),
1153 )
1154
1155 @data('authority_key_identifier_info')
1156 def authority_key_identifier(self, relative_path, authority_key_identifier):
1157 cert = self._load_cert(relative_path)
1158 self.assertEqual(authority_key_identifier, cert.authority_key_identifier)
1159
1160 #pylint: disable=C0326
1161 @staticmethod
1162 def authority_issuer_serial_info():
1163 return (
1164 ('keys/test-der.crt', b'\xdd\x8a\x19x\xae`\x19=\xa7\xf8\x00\xb9\xfbx\xf8\xedu\xb8!\xf8\x8c\xdb\x1f\x99\'7w\x93\xb4\xa4\'\xa0:13683582341504654466'),
1165 ('keys/test-inter-der.crt', None),
1166 ('keys/test-third-der.crt', None),
1167 ('geotrust_certs/GeoTrust_Universal_CA.crt', None),
1168 ('geotrust_certs/GeoTrust_Primary_CA.crt', None),
1169 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', None),
1170 ('geotrust_certs/codex.crt', None),
1171 ('lets_encrypt/isrgrootx1.pem', None),
1172 ('lets_encrypt/letsencryptauthorityx1.pem', None),
1173 ('lets_encrypt/letsencryptauthorityx2.pem', None),
1174 ('globalsign_example_keys/IssuingCA-der.cer', None),
1175 ('globalsign_example_keys/rootCA.cer', None),
1176 ('globalsign_example_keys/SSL1.cer', None),
1177 ('globalsign_example_keys/SSL2.cer', None),
1178 ('globalsign_example_keys/SSL3.cer', None),
1179 )
1180
1181 @data('authority_issuer_serial_info')
1182 def authority_issuer_serial(self, relative_path, authority_issuer_serial):
1183 cert = self._load_cert(relative_path)
1184 self.assertEqual(authority_issuer_serial, cert.authority_issuer_serial)
1185
1186 #pylint: disable=C0326
1187 @staticmethod
1188 def ocsp_urls_info():
1189 return (
1190 ('keys/test-der.crt', []),
1191 ('keys/test-inter-der.crt', []),
1192 ('keys/test-third-der.crt', []),
1193 ('geotrust_certs/GeoTrust_Universal_CA.crt', []),
1194 ('geotrust_certs/GeoTrust_Primary_CA.crt', []),
1195 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', ['http://g2.symcb.com']),
1196 ('geotrust_certs/codex.crt', ['http://gm.symcd.com']),
1197 ('lets_encrypt/isrgrootx1.pem', []),
1198 ('lets_encrypt/letsencryptauthorityx1.pem', ['http://ocsp.root-x1.letsencrypt.org/']),
1199 ('lets_encrypt/letsencryptauthorityx2.pem', ['http://ocsp.root-x1.letsencrypt.org/']),
1200 ('globalsign_example_keys/IssuingCA-der.cer', []),
1201 ('globalsign_example_keys/rootCA.cer', []),
1202 ('globalsign_example_keys/SSL1.cer', ['http://ocsp.exampleovca.com/']),
1203 ('globalsign_example_keys/SSL2.cer', ['http://ocsp.exampleovca.com/']),
1204 ('globalsign_example_keys/SSL3.cer', ['http://ocsp.exampleovca.com/']),
1205 )
1206
1207 @data('ocsp_urls_info')
1208 def ocsp_urls(self, relative_path, ocsp_url):
1209 cert = self._load_cert(relative_path)
1210 self.assertEqual(ocsp_url, cert.ocsp_urls)
1211
1212 #pylint: disable=C0326
1213 @staticmethod
wbond6888bc62015-07-21 15:05:59 -0400[diff] [blame]1214 def crl_distribution_points_info():
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1215 return (
1216 ('keys/test-der.crt', []),
1217 ('keys/test-inter-der.crt', []),
1218 ('keys/test-third-der.crt', []),
1219 ('geotrust_certs/GeoTrust_Universal_CA.crt', []),
1220 ('geotrust_certs/GeoTrust_Primary_CA.crt', []),
wbond6888bc62015-07-21 15:05:59 -0400[diff] [blame]1221 (
1222 'geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt',
1223 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1224 util.OrderedDict([
wbond6888bc62015-07-21 15:05:59 -0400[diff] [blame]1225 ('distribution_point', ['http://g1.symcb.com/GeoTrustPCA.crl']),
1226 ('reasons', None),
1227 ('crl_issuer', None)
1228 ])
1229 ]
1230 ),
1231 (
1232 'geotrust_certs/codex.crt',
1233 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1234 util.OrderedDict([
wbond6888bc62015-07-21 15:05:59 -0400[diff] [blame]1235 ('distribution_point', ['http://gm.symcb.com/gm.crl']),
1236 ('reasons', None),
1237 ('crl_issuer', None)
1238 ])
1239 ]
1240 ),
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1241 ('lets_encrypt/isrgrootx1.pem', []),
wbond6888bc62015-07-21 15:05:59 -0400[diff] [blame]1242 (
1243 'lets_encrypt/letsencryptauthorityx1.pem',
1244 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1245 util.OrderedDict([
wbond6888bc62015-07-21 15:05:59 -0400[diff] [blame]1246 ('distribution_point', ['http://crl.root-x1.letsencrypt.org']),
1247 ('reasons', None),
1248 ('crl_issuer', None)
1249 ])
1250 ]
1251 ),
1252 (
1253 'lets_encrypt/letsencryptauthorityx2.pem',
1254 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1255 util.OrderedDict([
wbond6888bc62015-07-21 15:05:59 -0400[diff] [blame]1256 ('distribution_point', ['http://crl.root-x1.letsencrypt.org']),
1257 ('reasons', None),
1258 ('crl_issuer', None)
1259 ])
1260 ]
1261 ),
1262 (
1263 'globalsign_example_keys/IssuingCA-der.cer',
1264 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1265 util.OrderedDict([
wbond6888bc62015-07-21 15:05:59 -0400[diff] [blame]1266 ('distribution_point', ['http://crl.globalsign.com/gs/trustrootcatg2.crl']),
1267 ('reasons', None),
1268 ('crl_issuer', None)
1269 ])
1270 ]
1271 ),
1272 (
1273 'globalsign_example_keys/rootCA.cer',
1274 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1275 util.OrderedDict([
wbond6888bc62015-07-21 15:05:59 -0400[diff] [blame]1276 ('distribution_point', ['http://crl.globalsign.com/gs/trustrootcatg2.crl']),
1277 ('reasons', None),
1278 ('crl_issuer', None)
1279 ])
1280 ]
1281 ),
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1282 ('globalsign_example_keys/SSL1.cer', []),
1283 ('globalsign_example_keys/SSL2.cer', []),
1284 ('globalsign_example_keys/SSL3.cer', []),
1285 )
1286
wbond6888bc62015-07-21 15:05:59 -0400[diff] [blame]1287 @data('crl_distribution_points_info')
1288 def crl_distribution_points(self, relative_path, crl_distribution_point):
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1289 cert = self._load_cert(relative_path)
wbond6888bc62015-07-21 15:05:59 -0400[diff] [blame]1290 points = [point.native for point in cert.crl_distribution_points]
1291 self.assertEqual(crl_distribution_point, points)
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1292
1293 #pylint: disable=C0326
1294 @staticmethod
1295 def valid_domains_info():
1296 return (
1297 ('keys/test-der.crt', []),
1298 ('keys/test-inter-der.crt', []),
1299 ('keys/test-third-der.crt', []),
1300 ('geotrust_certs/GeoTrust_Universal_CA.crt', []),
1301 ('geotrust_certs/GeoTrust_Primary_CA.crt', []),
1302 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', []),
1303 ('geotrust_certs/codex.crt', ['codexns.io', 'dev.codexns.io', 'rc.codexns.io', 'packagecontrol.io', 'wbond.net']),
1304 ('lets_encrypt/isrgrootx1.pem', []),
1305 ('lets_encrypt/letsencryptauthorityx1.pem', []),
1306 ('lets_encrypt/letsencryptauthorityx2.pem', []),
1307 ('globalsign_example_keys/IssuingCA-der.cer', []),
1308 ('globalsign_example_keys/rootCA.cer', []),
1309 ('globalsign_example_keys/SSL1.cer', ['anything.example.com']),
1310 ('globalsign_example_keys/SSL2.cer', ['*.google.com', 'anything.example.com']),
1311 ('globalsign_example_keys/SSL3.cer', ['*.google.com']),
1312 )
1313
1314 @data('valid_domains_info')
1315 def valid_domains(self, relative_path, valid_domains):
1316 cert = self._load_cert(relative_path)
1317 self.assertEqual(valid_domains, cert.valid_domains)
1318
1319 #pylint: disable=C0326
1320 @staticmethod
1321 def valid_ips_info():
1322 return (
1323 ('keys/test-der.crt', []),
1324 ('keys/test-inter-der.crt', []),
1325 ('keys/test-third-der.crt', []),
1326 ('geotrust_certs/GeoTrust_Universal_CA.crt', []),
1327 ('geotrust_certs/GeoTrust_Primary_CA.crt', []),
1328 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', []),
1329 ('geotrust_certs/codex.crt', []),
1330 ('lets_encrypt/isrgrootx1.pem', []),
1331 ('lets_encrypt/letsencryptauthorityx1.pem', []),
1332 ('lets_encrypt/letsencryptauthorityx2.pem', []),
1333 ('globalsign_example_keys/IssuingCA-der.cer', []),
1334 ('globalsign_example_keys/rootCA.cer', []),
1335 ('globalsign_example_keys/SSL1.cer', []),
1336 ('globalsign_example_keys/SSL2.cer', []),
1337 ('globalsign_example_keys/SSL3.cer', []),
1338 )
1339
1340 @data('valid_ips_info')
1341 def valid_ips(self, relative_path, crl_url):
1342 cert = self._load_cert(relative_path)
1343 self.assertEqual(crl_url, cert.valid_ips)
wbond8bb77d02015-07-13 17:44:29 -0400[diff] [blame]1344
wbond9a7a0992015-07-23 09:59:06 -0400[diff] [blame]1345 #pylint: disable=C0326
1346 @staticmethod
1347 def self_issued_info():
1348 return (
1349 ('keys/test-der.crt', True),
1350 ('keys/test-inter-der.crt', False),
1351 ('keys/test-third-der.crt', False),
1352 ('geotrust_certs/GeoTrust_Universal_CA.crt', True),
1353 ('geotrust_certs/GeoTrust_Primary_CA.crt', True),
1354 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', False),
1355 ('geotrust_certs/codex.crt', False),
1356 ('lets_encrypt/isrgrootx1.pem', True),
1357 ('lets_encrypt/letsencryptauthorityx1.pem', False),
1358 ('lets_encrypt/letsencryptauthorityx2.pem', False),
1359 ('globalsign_example_keys/IssuingCA-der.cer', False),
1360 ('globalsign_example_keys/rootCA.cer', True),
1361 ('globalsign_example_keys/SSL1.cer', False),
1362 ('globalsign_example_keys/SSL2.cer', False),
1363 ('globalsign_example_keys/SSL3.cer', False),
1364 )
1365
1366 @data('self_issued_info')
1367 def self_issued(self, relative_path, self_issued):
1368 cert = self._load_cert(relative_path)
1369 self.assertEqual(self_issued, cert.self_issued)
1370
1371 #pylint: disable=C0326
1372 @staticmethod
1373 def self_signed_info():
1374 return (
1375 ('keys/test-der.crt', 'yes'),
1376 ('keys/test-inter-der.crt', 'no'),
1377 ('keys/test-third-der.crt', 'no'),
1378 ('geotrust_certs/GeoTrust_Universal_CA.crt', 'yes'),
1379 ('geotrust_certs/GeoTrust_Primary_CA.crt', 'yes'),
1380 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', 'no'),
1381 ('geotrust_certs/codex.crt', 'no'),
1382 ('lets_encrypt/isrgrootx1.pem', 'yes'),
1383 ('lets_encrypt/letsencryptauthorityx1.pem', 'no'),
1384 ('lets_encrypt/letsencryptauthorityx2.pem', 'no'),
1385 ('globalsign_example_keys/IssuingCA-der.cer', 'no'),
1386 ('globalsign_example_keys/rootCA.cer', 'yes'),
1387 ('globalsign_example_keys/SSL1.cer', 'no'),
1388 ('globalsign_example_keys/SSL2.cer', 'no'),
1389 ('globalsign_example_keys/SSL3.cer', 'no'),
1390 )
1391
1392 @data('self_signed_info')
1393 def self_signed(self, relative_path, self_signed):
1394 cert = self._load_cert(relative_path)
1395 self.assertEqual(self_signed, cert.self_signed)
1396
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]1397 def test_parse_certificate(self):
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1398 cert = self._load_cert('keys/test-der.crt')
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]1399
1400 tbs_certificate = cert['tbs_certificate']
1401 signature = tbs_certificate['signature']
1402 issuer = tbs_certificate['issuer']
1403 validity = tbs_certificate['validity']
1404 subject = tbs_certificate['subject']
1405 subject_public_key_info = tbs_certificate['subject_public_key_info']
1406 subject_public_key_algorithm = subject_public_key_info['algorithm']
1407 subject_public_key = subject_public_key_info['public_key'].parsed
1408 extensions = tbs_certificate['extensions']
1409
1410 self.assertEqual(
1411 'v3',
1412 tbs_certificate['version'].native
1413 )
1414 self.assertEqual(
1415 13683582341504654466,
1416 tbs_certificate['serial_number'].native
1417 )
1418 self.assertEqual(
1419 'sha256_rsa',
1420 signature['algorithm'].native
1421 )
1422 self.assertEqual(
1423 None,
1424 signature['parameters'].native
1425 )
1426 self.assertEqual(
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1427 util.OrderedDict([
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]1428 ('country_name', 'US'),
1429 ('state_or_province_name', 'Massachusetts'),
1430 ('locality_name', 'Newbury'),
1431 ('organization_name', 'Codex Non Sufficit LC'),
1432 ('organizational_unit_name', 'Testing'),
1433 ('common_name', 'Will Bond'),
1434 ('email_address', 'will@codexns.io'),
1435 ]),
1436 issuer.native
1437 )
1438 self.assertEqual(
wbonde9142152015-07-30 09:05:19 -0400[diff] [blame]1439 datetime(2015, 5, 6, 14, 37, 16, tzinfo=util.timezone.utc),
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]1440 validity['not_before'].native
1441 )
1442 self.assertEqual(
wbonde9142152015-07-30 09:05:19 -0400[diff] [blame]1443 datetime(2025, 5, 3, 14, 37, 16, tzinfo=util.timezone.utc),
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]1444 validity['not_after'].native
1445 )
1446 self.assertEqual(
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1447 util.OrderedDict([
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]1448 ('country_name', 'US'),
1449 ('state_or_province_name', 'Massachusetts'),
1450 ('locality_name', 'Newbury'),
1451 ('organization_name', 'Codex Non Sufficit LC'),
1452 ('organizational_unit_name', 'Testing'),
1453 ('common_name', 'Will Bond'),
1454 ('email_address', 'will@codexns.io'),
1455 ]),
1456 subject.native
1457 )
1458 self.assertEqual(
1459 'rsa',
1460 subject_public_key_algorithm['algorithm'].native
1461 )
1462 self.assertEqual(
1463 None,
1464 subject_public_key_algorithm['parameters'].native
1465 )
1466 self.assertEqual(
1467 23903990516906431865559598284199534387004799030432486061102966678620221767754702651554142956492614440585611990224871381291841413369032752409360196079700921141819811294444393525264295297988924243231844876926173670633422654261873814968313363171188082579071492839040415373948505938897419917635370450127498164824808630475648771544810334682447182123219422360569466851807131368135806769502898151721274383486320505905826683946456552230958810028663378886363555981449715929872558073101554364803925363048965464124465016494920967179276744892632783712377912841537032383450409486298694116013299423220523450956288827030007092359007,
1468 subject_public_key['modulus'].native
1469 )
1470 self.assertEqual(
1471 65537,
1472 subject_public_key['public_exponent'].native
1473 )
1474 self.assertEqual(
1475 None,
1476 tbs_certificate['issuer_unique_id'].native
1477 )
1478 self.assertIsInstance(
1479 tbs_certificate['issuer_unique_id'],
1480 core.NoValue
1481 )
1482 self.assertEqual(
1483 None,
1484 tbs_certificate['subject_unique_id'].native
1485 )
1486 self.assertIsInstance(
1487 tbs_certificate['subject_unique_id'],
1488 core.NoValue
1489 )
1490
1491 self.maxDiff = None
1492 for extension in extensions:
1493 self.assertIsInstance(
1494 extension,
1495 x509.Extension
1496 )
1497 self.assertEqual(
1498 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1499 util.OrderedDict([
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]1500 ('extn_id', 'key_identifier'),
1501 ('critical', False),
1502 ('extn_value', b'\xBE\x42\x85\x3D\xCC\xFF\xE3\xF9\x28\x02\x8F\x7E\x58\x56\xB4\xFD\x03\x5C\xEA\x4B'),
1503 ]),
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1504 util.OrderedDict([
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]1505 ('extn_id', 'authority_key_identifier'),
1506 ('critical', False),
1507 (
1508 'extn_value',
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1509 util.OrderedDict([
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]1510 ('key_identifier', b'\xBE\x42\x85\x3D\xCC\xFF\xE3\xF9\x28\x02\x8F\x7E\x58\x56\xB4\xFD\x03\x5C\xEA\x4B'),
1511 (
1512 'authority_cert_issuer',
1513 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1514 util.OrderedDict([
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]1515 ('country_name', 'US'),
1516 ('state_or_province_name', 'Massachusetts'),
1517 ('locality_name', 'Newbury'),
1518 ('organization_name', 'Codex Non Sufficit LC'),
1519 ('organizational_unit_name', 'Testing'),
1520 ('common_name', 'Will Bond'),
1521 ('email_address', 'will@codexns.io'),
1522 ])
1523 ]
1524 ),
1525 ('authority_cert_serial_number', 13683582341504654466),
1526 ])
1527 ),
1528 ]),
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1529 util.OrderedDict([
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]1530 ('extn_id', 'basic_constraints'),
1531 ('critical', False),
1532 (
1533 'extn_value',
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1534 util.OrderedDict([
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]1535 ('ca', True),
1536 ('path_len_constraint', None)
1537 ])
1538 ),
1539 ]),
1540 ],
1541 extensions.native
1542 )
1543
1544 def test_parse_dsa_certificate(self):
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1545 cert = self._load_cert('keys/test-dsa-der.crt')
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]1546
1547 tbs_certificate = cert['tbs_certificate']
1548 signature = tbs_certificate['signature']
1549 issuer = tbs_certificate['issuer']
1550 validity = tbs_certificate['validity']
1551 subject = tbs_certificate['subject']
1552 subject_public_key_info = tbs_certificate['subject_public_key_info']
1553 subject_public_key_algorithm = subject_public_key_info['algorithm']
1554 subject_public_key = subject_public_key_info['public_key'].parsed
1555 extensions = tbs_certificate['extensions']
1556
1557 self.assertEqual(
1558 'v3',
1559 tbs_certificate['version'].native
1560 )
1561 self.assertEqual(
1562 14308214745771946523,
1563 tbs_certificate['serial_number'].native
1564 )
1565 self.assertEqual(
1566 'sha256_dsa',
1567 signature['algorithm'].native
1568 )
1569 self.assertEqual(
1570 None,
1571 signature['parameters'].native
1572 )
1573 self.assertEqual(
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1574 util.OrderedDict([
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]1575 ('country_name', 'US'),
1576 ('state_or_province_name', 'Massachusetts'),
1577 ('locality_name', 'Newbury'),
1578 ('organization_name', 'Codex Non Sufficit LC'),
1579 ('organizational_unit_name', 'Testing'),
1580 ('common_name', 'Will Bond'),
1581 ('email_address', 'will@codexns.io'),
1582 ]),
1583 issuer.native
1584 )
1585 self.assertEqual(
wbonde9142152015-07-30 09:05:19 -0400[diff] [blame]1586 datetime(2015, 5, 20, 13, 9, 2, tzinfo=util.timezone.utc),
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]1587 validity['not_before'].native
1588 )
1589 self.assertEqual(
wbonde9142152015-07-30 09:05:19 -0400[diff] [blame]1590 datetime(2025, 5, 17, 13, 9, 2, tzinfo=util.timezone.utc),
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]1591 validity['not_after'].native
1592 )
1593 self.assertEqual(
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1594 util.OrderedDict([
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]1595 ('country_name', 'US'),
1596 ('state_or_province_name', 'Massachusetts'),
1597 ('locality_name', 'Newbury'),
1598 ('organization_name', 'Codex Non Sufficit LC'),
1599 ('organizational_unit_name', 'Testing'),
1600 ('common_name', 'Will Bond'),
1601 ('email_address', 'will@codexns.io'),
1602 ]),
1603 subject.native
1604 )
1605 self.assertEqual(
1606 'dsa',
1607 subject_public_key_algorithm['algorithm'].native
1608 )
1609 self.assertEqual(
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1610 util.OrderedDict([
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]1611 ('p', 4511743893397705393934377497936985478231822206263141826261443300639402520800626925517264115785551703273809312112372693877437137848393530691841757974971843334497076835630893064661599193178307024379015589119302113551197423138934242435710226975119594589912289060014025377813473273600967729027125618396732574594753039493158066887433778053086408525146692226448554390096911703556213619406958876388642882534250747780313634767409586007581976273681005928967585750017105562145167146445061803488570714706090280814293902464230717946651489964409785146803791743658888866280873858000476717727810363942159874283767926511678640730707887895260274767195555813448140889391762755466967436731106514029224490921857229134393798015954890071206959203407845438863870686180087606429828973298318856683615900474921310376145478859687052812749087809700610549251964102790514588562086548577933609968589710807989944739877028770343142449461177732058649962678857),
1612 ('q', 71587850165936478337655415373676526523562874562337607790945426056266440596923),
1613 ('g', 761437146067908309288345767887973163494473925243194806582679580640442238588269326525839153095505341738937595419375068472941615006110237832663093084973431440436421580371384720052414080562019831325744042316268714195397974084616335082272743706567701546951285088540646372701485690904535540223121118329044403681933304838754517522024738251994717369464179515923093116622352823578284891812676662979104509631349201801577889230316128523885862472086364717411346341249139971907827526291913249445756671582283459372536334490171231311487207683108274785825764378203622999309355578169139646003751751448501475767709869676880946562283552431757983801739671783678927397420797147373441051876558068212062253171347849380506793433921881336652424898488378657239798694995315456959568806256079056461448199493507273882763491729787817044805150879660784158902456811649964987582162907020243296662602990514615480712948126671999033658064244112238138589732202),
1614 ]),
1615 subject_public_key_algorithm['parameters'].native
1616 )
1617 self.assertEqual(
1618 934231235067929794039535952071098031636053793876274937162425423023735221571983693370780054696865229184537343792766496068557051933738826401423094028670222490622041397241325320965905259541032379046252395145258594355589801644789631904099105867133976990593761395721476198083091062806327384261369876465927159169400428623265291958463077792777155465482611741502621885386691681062128487785344975981628995609792181581218570320181053055516069553767918513262908069925035292416868414952256645902605335068760774106734518308281769128146479819566784704033671969858507248124850451414380441279385481154336362988505436125981975735568289420374790767927084033441728922597082155884801013899630856890463962357814273014111039522903328923758417820349377075487103441305806369234738881875734407495707878637895190993370257589211331043479113328811265005530361001980539377903738453549980082795009589559114091215518866106998956304437954236070776810740036,
1619 subject_public_key.native
1620 )
1621 self.assertEqual(
1622 None,
1623 tbs_certificate['issuer_unique_id'].native
1624 )
1625 self.assertIsInstance(
1626 tbs_certificate['issuer_unique_id'],
1627 core.NoValue
1628 )
1629 self.assertEqual(
1630 None,
1631 tbs_certificate['subject_unique_id'].native
1632 )
1633 self.assertIsInstance(
1634 tbs_certificate['subject_unique_id'],
1635 core.NoValue
1636 )
1637
1638 self.maxDiff = None
1639 for extension in extensions:
1640 self.assertIsInstance(
1641 extension,
1642 x509.Extension
1643 )
1644 self.assertEqual(
1645 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1646 util.OrderedDict([
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]1647 ('extn_id', 'key_identifier'),
1648 ('critical', False),
1649 ('extn_value', b'\x81\xA3\x37\x86\xF9\x99\x28\xF2\x74\x70\x60\x87\xF2\xD3\x7E\x8D\x19\x61\xA8\xBE'),
1650 ]),
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1651 util.OrderedDict([
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]1652 ('extn_id', 'authority_key_identifier'),
1653 ('critical', False),
1654 (
1655 'extn_value',
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1656 util.OrderedDict([
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]1657 ('key_identifier', b'\x81\xA3\x37\x86\xF9\x99\x28\xF2\x74\x70\x60\x87\xF2\xD3\x7E\x8D\x19\x61\xA8\xBE'),
1658 ('authority_cert_issuer', None),
1659 ('authority_cert_serial_number', None),
1660 ])
1661 ),
1662 ]),
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1663 util.OrderedDict([
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]1664 ('extn_id', 'basic_constraints'),
1665 ('critical', False),
1666 (
1667 'extn_value',
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1668 util.OrderedDict([
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]1669 ('ca', True),
1670 ('path_len_constraint', None)
1671 ])
1672 ),
1673 ]),
1674 ],
1675 extensions.native
1676 )
1677
1678 def test_parse_ec_certificate(self):
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1679 cert = self._load_cert('keys/test-ec-der.crt')
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]1680
1681 tbs_certificate = cert['tbs_certificate']
1682 signature = tbs_certificate['signature']
1683 issuer = tbs_certificate['issuer']
1684 validity = tbs_certificate['validity']
1685 subject = tbs_certificate['subject']
1686 subject_public_key_info = tbs_certificate['subject_public_key_info']
1687 subject_public_key_algorithm = subject_public_key_info['algorithm']
1688 public_key_params = subject_public_key_info['algorithm']['parameters'].chosen
1689 field_id = public_key_params['field_id']
1690 curve = public_key_params['curve']
wbonde5a1c6e2015-08-03 07:42:28 -0400[diff] [blame]1691 subject_public_key = subject_public_key_info['public_key']
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]1692 extensions = tbs_certificate['extensions']
1693
1694 self.assertEqual(
1695 'v3',
1696 tbs_certificate['version'].native
1697 )
1698 self.assertEqual(
1699 15854128451240978884,
1700 tbs_certificate['serial_number'].native
1701 )
1702 self.assertEqual(
1703 'sha256_ecdsa',
1704 signature['algorithm'].native
1705 )
1706 self.assertEqual(
1707 None,
1708 signature['parameters'].native
1709 )
1710 self.assertEqual(
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1711 util.OrderedDict([
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]1712 ('country_name', 'US'),
1713 ('state_or_province_name', 'Massachusetts'),
1714 ('locality_name', 'Newbury'),
1715 ('organization_name', 'Codex Non Sufficit LC'),
1716 ('organizational_unit_name', 'Testing'),
1717 ('common_name', 'Will Bond'),
1718 ('email_address', 'will@codexns.io'),
1719 ]),
1720 issuer.native
1721 )
1722 self.assertEqual(
wbonde9142152015-07-30 09:05:19 -0400[diff] [blame]1723 datetime(2015, 5, 20, 12, 56, 46, tzinfo=util.timezone.utc),
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]1724 validity['not_before'].native
1725 )
1726 self.assertEqual(
wbonde9142152015-07-30 09:05:19 -0400[diff] [blame]1727 datetime(2025, 5, 17, 12, 56, 46, tzinfo=util.timezone.utc),
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]1728 validity['not_after'].native
1729 )
1730 self.assertEqual(
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1731 util.OrderedDict([
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]1732 ('country_name', 'US'),
1733 ('state_or_province_name', 'Massachusetts'),
1734 ('locality_name', 'Newbury'),
1735 ('organization_name', 'Codex Non Sufficit LC'),
1736 ('organizational_unit_name', 'Testing'),
1737 ('common_name', 'Will Bond'),
1738 ('email_address', 'will@codexns.io'),
1739 ]),
1740 subject.native
1741 )
1742 self.assertEqual(
wbond680cba12015-07-01 23:53:54 -0400[diff] [blame]1743 'ec',
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]1744 subject_public_key_algorithm['algorithm'].native
1745 )
1746 self.assertEqual(
1747 'ecdpVer1',
1748 public_key_params['version'].native
1749 )
1750 self.assertEqual(
1751 'prime_field',
1752 field_id['field_type'].native
1753 )
1754 self.assertEqual(
1755 115792089210356248762697446949407573530086143415290314195533631308867097853951,
1756 field_id['parameters'].native
1757 )
1758 self.assertEqual(
1759 b'\xFF\xFF\xFF\xFF\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFC',
1760 curve['a'].native
1761 )
1762 self.assertEqual(
1763 b'\x5A\xC6\x35\xD8\xAA\x3A\x93\xE7\xB3\xEB\xBD\x55\x76\x98\x86\xBC\x65\x1D\x06\xB0\xCC\x53\xB0\xF6\x3B\xCE\x3C\x3E\x27\xD2\x60\x4B',
1764 curve['b'].native
1765 )
1766 self.assertEqual(
1767 b'\xC4\x9D\x36\x08\x86\xE7\x04\x93\x6A\x66\x78\xE1\x13\x9D\x26\xB7\x81\x9F\x7E\x90',
1768 curve['seed'].native
1769 )
1770 self.assertEqual(
1771 b'\x04\x6B\x17\xD1\xF2\xE1\x2C\x42\x47\xF8\xBC\xE6\xE5\x63\xA4\x40\xF2\x77\x03\x7D\x81\x2D\xEB\x33\xA0\xF4\xA1\x39\x45\xD8\x98\xC2\x96\x4F\xE3\x42\xE2\xFE\x1A\x7F\x9B\x8E\xE7\xEB\x4A\x7C\x0F\x9E\x16\x2B\xCE\x33\x57\x6B\x31\x5E\xCE\xCB\xB6\x40\x68\x37\xBF\x51\xF5',
1772 public_key_params['base'].native
1773 )
1774 self.assertEqual(
1775 115792089210356248762697446949407573529996955224135760342422259061068512044369,
1776 public_key_params['order'].native
1777 )
1778 self.assertEqual(
1779 1,
1780 public_key_params['cofactor'].native
1781 )
1782 self.assertEqual(
1783 None,
1784 public_key_params['hash'].native
1785 )
1786 self.assertEqual(
wbonde5a1c6e2015-08-03 07:42:28 -0400[diff] [blame]1787 b'\x04\x8b]Lq\xf7\xd6\xc6\xa3IcB\\G\x9f\xcbs$\x1d\xc9\xdd\xd1-\xf1:\x9f\xb7\x04\xde \xd0X\x00\x93T\xf6\x89\xc7/\x87+\xf7\xf9=;4\xed\x9e{\x0e=WB\xdfx\x03\x0b\xcc1\xc6\x03\xd7\x9f`\x01',
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]1788 subject_public_key.native
1789 )
1790 self.assertEqual(
1791 None,
1792 tbs_certificate['issuer_unique_id'].native
1793 )
1794 self.assertIsInstance(
1795 tbs_certificate['issuer_unique_id'],
1796 core.NoValue
1797 )
1798 self.assertEqual(
1799 None,
1800 tbs_certificate['subject_unique_id'].native
1801 )
1802 self.assertIsInstance(
1803 tbs_certificate['subject_unique_id'],
1804 core.NoValue
1805 )
1806
1807 self.maxDiff = None
1808 for extension in extensions:
1809 self.assertIsInstance(
1810 extension,
1811 x509.Extension
1812 )
1813 self.assertEqual(
1814 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1815 util.OrderedDict([
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]1816 ('extn_id', 'key_identifier'),
1817 ('critical', False),
1818 ('extn_value', b'\x54\xAA\x54\x70\x6C\x34\x1A\x6D\xEB\x5D\x97\xD7\x1E\xFC\xD5\x24\x3C\x8A\x0E\xD7'),
1819 ]),
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1820 util.OrderedDict([
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]1821 ('extn_id', 'authority_key_identifier'),
1822 ('critical', False),
1823 (
1824 'extn_value',
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1825 util.OrderedDict([
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]1826 ('key_identifier', b'\x54\xAA\x54\x70\x6C\x34\x1A\x6D\xEB\x5D\x97\xD7\x1E\xFC\xD5\x24\x3C\x8A\x0E\xD7'),
1827 ('authority_cert_issuer', None),
1828 ('authority_cert_serial_number', None),
1829 ])
1830 ),
1831 ]),
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1832 util.OrderedDict([
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]1833 ('extn_id', 'basic_constraints'),
1834 ('critical', False),
1835 (
1836 'extn_value',
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1837 util.OrderedDict([
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]1838 ('ca', True),
1839 ('path_len_constraint', None)
1840 ])
1841 ),
1842 ]),
1843 ],
1844 extensions.native
1845 )