Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / asn1crypto / 6888bc66020caa3259b4e88c77e4f63d58e69d79 / . / tests / test_x509.py
blob: 13b3d2a1c7ed4cadcce638779cbf3f5657500a70 [file] [log] [blame]
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]1# coding: utf-8
2from __future__ import unicode_literals
3
4import unittest
5import sys
6import os
7from collections import OrderedDict
8from datetime import datetime
9
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]10from asn1crypto import x509, core, pem
11
12from .unittest_data import DataDecorator, data
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]13
14if sys.version_info < (3,):
15 byte_cls = str
16else:
17 byte_cls = bytes
18
19
20tests_root = os.path.dirname(__file__)
21fixtures_dir = os.path.join(tests_root, 'fixtures')
22
23
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]24@DataDecorator
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]25class X509Tests(unittest.TestCase):
26
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]27 def _load_cert(self, relative_path):
28 with open(os.path.join(fixtures_dir, relative_path), 'rb') as f:
29 cert_bytes = f.read()
30 if pem.detect(cert_bytes):
31 _, _, cert_bytes = pem.unarmor(cert_bytes)
32 return x509.Certificate.load(cert_bytes)
wbond8bb77d02015-07-13 17:44:29 -0400[diff] [blame]33
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]34 #pylint: disable=C0326
35 @staticmethod
wbond1cfca232015-07-20 08:51:58 -0400[diff] [blame]36 def signature_algo_info():
37 return (
38 ('keys/test-der.crt', 'rsassa_pkcs1v15', 'sha256'),
39 ('keys/test-inter-der.crt', 'rsassa_pkcs1v15', 'sha256'),
40 ('keys/test-dsa-der.crt', 'dsa', 'sha256'),
41 ('keys/test-third-der.crt', 'rsassa_pkcs1v15', 'sha256'),
42 ('keys/test-ec-der.crt', 'ecdsa', 'sha256'),
43 )
44
45 @data('signature_algo_info')
46 def signature_algo(self, relative_path, signature_algo, hash_algo):
47 cert = self._load_cert(relative_path)
48 self.assertEqual(signature_algo, cert['signature_algorithm'].signature_algo)
49 self.assertEqual(hash_algo, cert['signature_algorithm'].hash_algo)
50
51 #pylint: disable=C0326
52 @staticmethod
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]53 def critical_extensions_info():
54 return (
55 ('keys/test-der.crt', []),
56 ('keys/test-inter-der.crt', []),
57 ('keys/test-third-der.crt', []),
58 ('geotrust_certs/GeoTrust_Universal_CA.crt', ['basic_constraints', 'key_usage']),
59 ('geotrust_certs/GeoTrust_Primary_CA.crt', ['basic_constraints', 'key_usage']),
60 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', ['basic_constraints', 'key_usage']),
61 ('geotrust_certs/codex.crt', ['key_usage']),
62 ('lets_encrypt/isrgrootx1.pem', ['key_usage', 'basic_constraints']),
63 ('lets_encrypt/letsencryptauthorityx1.pem', ['key_usage', 'basic_constraints']),
64 ('lets_encrypt/letsencryptauthorityx2.pem', ['key_usage', 'basic_constraints']),
65 ('globalsign_example_keys/IssuingCA-der.cer', ['basic_constraints', 'key_usage']),
66 ('globalsign_example_keys/rootCA.cer', ['basic_constraints', 'key_usage']),
67 ('globalsign_example_keys/SSL1.cer', ['key_usage', 'extended_key_usage', 'basic_constraints']),
68 ('globalsign_example_keys/SSL2.cer', ['key_usage', 'extended_key_usage', 'basic_constraints']),
69 ('globalsign_example_keys/SSL3.cer', ['key_usage', 'extended_key_usage', 'basic_constraints']),
wbond8bb77d02015-07-13 17:44:29 -0400[diff] [blame]70 )
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]71
72 @data('critical_extensions_info')
73 def critical_extensions(self, relative_path, critical_extensions):
74 cert = self._load_cert(relative_path)
75 self.assertEqual(critical_extensions, cert.critical_extensions)
76
77 #pylint: disable=C0326
78 @staticmethod
79 def key_identifier_value_info():
80 return (
81 ('keys/test-der.crt', b'\xbeB\x85=\xcc\xff\xe3\xf9(\x02\x8f~XV\xb4\xfd\x03\\\xeaK'),
82 ('keys/test-inter-der.crt', b'\xd2\n\xfd.%\xd1\xb7!\xd7P~\xbb\xa4}\xbf4\xefR^\x02'),
83 ('keys/test-third-der.crt', b'D8\xe0\xe0&\x85\xbf\x98\x86\xdc\x1b\xe1\x1d\xf520\xbe\xab\xac\r'),
84 ('geotrust_certs/GeoTrust_Universal_CA.crt', b'\xda\xbb.\xaa\xb0\x0c\xb8\x88&Qt\\m\x03\xd3\xc0\xd8\x8fz\xd6'),
85 ('geotrust_certs/GeoTrust_Primary_CA.crt', b',\xd5PA\x97\x15\x8b\xf0\x8f6a[J\xfbk\xd9\x99\xc93\x92'),
86 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', b'\xde\xcf\\P\xb7\xae\x02\x1f\x15\x17\xaa\x16\xe8\r\xb5(\x9djZ\xf3'),
87 ('geotrust_certs/codex.crt', None),
88 ('lets_encrypt/isrgrootx1.pem', b'y\xb4Y\xe6{\xb6\xe5\xe4\x01s\x80\x08\x88\xc8\x1aX\xf6\xe9\x9bn'),
89 ('lets_encrypt/letsencryptauthorityx1.pem', b'\xa8Jjc\x04}\xdd\xba\xe6\xd19\xb7\xa6Ee\xef\xf3\xa8\xec\xa1'),
90 ('lets_encrypt/letsencryptauthorityx2.pem', b'\xc5\xb1\xabNL\xb1\xcdd0\x93~\xc1\x84\x99\x05\xab\xe6\x03\xe2%'),
91 ('globalsign_example_keys/IssuingCA-der.cer', b"'\xf8/\xe9]\xd7\r\xf4\xa8\xea\x87\x99=\xfd\x8e\xb3\x9e@\xd0\x91"),
92 ('globalsign_example_keys/rootCA.cer', b'd|\\\xe1\xe0`8NH\x9f\x05\xbcUc~?\xaeM\xf7\x1e'),
93 ('globalsign_example_keys/SSL1.cer', b'\x94a\x04\x92\x04L\xe6\xffh\xa8\x96\xafy\xd2\xf32\x84\xae[\xcf'),
94 ('globalsign_example_keys/SSL2.cer', b'\xd2\xb7\x15\x7fd0\x07(p\x83\xca(\xfa\x88\x96\xde\x9e\xfc\x8a='),
95 ('globalsign_example_keys/SSL3.cer', b'G\xde\xa4\xe7\xea`\xe7\xee6\xc8\xf1\xd5\xb0F\x07\x07\x9eBh\xce'),
wbond8bb77d02015-07-13 17:44:29 -0400[diff] [blame]96 )
wbond8bb77d02015-07-13 17:44:29 -0400[diff] [blame]97
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]98 @data('key_identifier_value_info')
99 def key_identifier_value(self, relative_path, key_identifier_value):
100 cert = self._load_cert(relative_path)
101 value = cert.key_identifier_value
102 self.assertEqual(key_identifier_value, value.native if value else None)
wbond8bb77d02015-07-13 17:44:29 -0400[diff] [blame]103
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]104 #pylint: disable=C0326
105 @staticmethod
106 def key_usage_value_info():
107 return (
108 ('keys/test-der.crt', None),
109 ('keys/test-inter-der.crt', None),
110 ('keys/test-third-der.crt', None),
111 (
112 'geotrust_certs/GeoTrust_Universal_CA.crt',
wbond8bb77d02015-07-13 17:44:29 -0400[diff] [blame]113 OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]114 ('digital_signature', True),
115 ('non_repudiation', False),
116 ('key_encipherment', False),
117 ('data_encipherment', False),
118 ('key_agreement', False),
119 ('key_cert_sign', True),
120 ('crl_sign', True),
121 ('encipher_only', False),
122 ('decipher_only', False),
wbond8bb77d02015-07-13 17:44:29 -0400[diff] [blame]123 ])
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]124 ),
125 (
126 'geotrust_certs/GeoTrust_Primary_CA.crt',
wbond8bb77d02015-07-13 17:44:29 -0400[diff] [blame]127 OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]128 ('digital_signature', True),
129 ('non_repudiation', True),
130 ('key_encipherment', False),
131 ('data_encipherment', False),
132 ('key_agreement', False),
133 ('key_cert_sign', False),
134 ('crl_sign', False),
135 ('encipher_only', False),
136 ('decipher_only', False),
wbond8bb77d02015-07-13 17:44:29 -0400[diff] [blame]137 ])
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]138 ),
139 (
140 'geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt',
wbond8bb77d02015-07-13 17:44:29 -0400[diff] [blame]141 OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]142 ('digital_signature', True),
143 ('non_repudiation', True),
144 ('key_encipherment', False),
145 ('data_encipherment', False),
146 ('key_agreement', False),
147 ('key_cert_sign', False),
148 ('crl_sign', False),
149 ('encipher_only', False),
150 ('decipher_only', False),
151 ])
152 ),
153 (
154 'geotrust_certs/codex.crt',
155 OrderedDict([
156 ('digital_signature', True),
157 ('non_repudiation', False),
158 ('key_encipherment', True),
159 ('data_encipherment', False),
160 ('key_agreement', False),
161 ('key_cert_sign', False),
162 ('crl_sign', False),
163 ('encipher_only', False),
164 ('decipher_only', False),
165 ])
166 ),
167 (
168 'lets_encrypt/isrgrootx1.pem',
169 OrderedDict([
170 ('digital_signature', True),
171 ('non_repudiation', True),
172 ('key_encipherment', False),
173 ('data_encipherment', False),
174 ('key_agreement', False),
175 ('key_cert_sign', False),
176 ('crl_sign', False),
177 ('encipher_only', False),
178 ('decipher_only', False),
179 ])
180 ),
181 (
182 'lets_encrypt/letsencryptauthorityx1.pem',
183 OrderedDict([
184 ('digital_signature', True),
185 ('non_repudiation', False),
186 ('key_encipherment', False),
187 ('data_encipherment', False),
188 ('key_agreement', False),
189 ('key_cert_sign', True),
190 ('crl_sign', True),
191 ('encipher_only', False),
192 ('decipher_only', False),
193 ])
194 ),
195 (
196 'lets_encrypt/letsencryptauthorityx2.pem',
197 OrderedDict([
198 ('digital_signature', True),
199 ('non_repudiation', False),
200 ('key_encipherment', False),
201 ('data_encipherment', False),
202 ('key_agreement', False),
203 ('key_cert_sign', True),
204 ('crl_sign', True),
205 ('encipher_only', False),
206 ('decipher_only', False),
207 ])
208 ),
209 (
210 'globalsign_example_keys/IssuingCA-der.cer',
211 OrderedDict([
212 ('digital_signature', True),
213 ('non_repudiation', True),
214 ('key_encipherment', False),
215 ('data_encipherment', False),
216 ('key_agreement', False),
217 ('key_cert_sign', False),
218 ('crl_sign', False),
219 ('encipher_only', False),
220 ('decipher_only', False),
221 ])
222 ),
223 (
224 'globalsign_example_keys/rootCA.cer',
225 OrderedDict([
226 ('digital_signature', True),
227 ('non_repudiation', True),
228 ('key_encipherment', False),
229 ('data_encipherment', False),
230 ('key_agreement', False),
231 ('key_cert_sign', False),
232 ('crl_sign', False),
233 ('encipher_only', False),
234 ('decipher_only', False),
235 ])
236 ),
237 (
238 'globalsign_example_keys/SSL1.cer',
239 OrderedDict([
240 ('digital_signature', True),
241 ('non_repudiation', False),
242 ('key_encipherment', True),
243 ('data_encipherment', False),
244 ('key_agreement', False),
245 ('key_cert_sign', False),
246 ('crl_sign', False),
247 ('encipher_only', False),
248 ('decipher_only', False),
249 ])
250 ),
251 (
252 'globalsign_example_keys/SSL2.cer',
253 OrderedDict([
254 ('digital_signature', True),
255 ('non_repudiation', False),
256 ('key_encipherment', True),
257 ('data_encipherment', False),
258 ('key_agreement', False),
259 ('key_cert_sign', False),
260 ('crl_sign', False),
261 ('encipher_only', False),
262 ('decipher_only', False),
263 ])
264 ),
265 (
266 'globalsign_example_keys/SSL3.cer',
267 OrderedDict([
268 ('digital_signature', True),
269 ('non_repudiation', False),
270 ('key_encipherment', True),
271 ('data_encipherment', False),
272 ('key_agreement', False),
273 ('key_cert_sign', False),
274 ('crl_sign', False),
275 ('encipher_only', False),
276 ('decipher_only', False),
277 ])
278 ),
279 )
280
281 @data('key_usage_value_info')
282 def key_usage_value(self, relative_path, key_usage_value):
283 cert = self._load_cert(relative_path)
284 value = cert.key_usage_value
285 self.assertEqual(key_usage_value, value.native if value else None)
286
287 #pylint: disable=C0326
288 @staticmethod
289 def subject_alt_name_value_info():
290 return (
291 ('keys/test-der.crt', None),
292 ('keys/test-inter-der.crt', None),
293 ('keys/test-third-der.crt', None),
294 ('geotrust_certs/GeoTrust_Universal_CA.crt', None),
295 ('geotrust_certs/GeoTrust_Primary_CA.crt', None),
296 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', [OrderedDict([('common_name', 'SymantecPKI-1-538')])]),
297 ('geotrust_certs/codex.crt', ['dev.codexns.io', 'rc.codexns.io', 'packagecontrol.io', 'wbond.net', 'codexns.io']),
298 ('lets_encrypt/isrgrootx1.pem', None),
299 ('lets_encrypt/letsencryptauthorityx1.pem', None),
300 ('lets_encrypt/letsencryptauthorityx2.pem', None),
301 ('globalsign_example_keys/IssuingCA-der.cer', None),
302 ('globalsign_example_keys/rootCA.cer', None),
303 ('globalsign_example_keys/SSL1.cer', ['anything.example.com']),
304 ('globalsign_example_keys/SSL2.cer', ['anything.example.com']),
305 ('globalsign_example_keys/SSL3.cer', None),
306 )
307
308 @data('subject_alt_name_value_info')
309 def subject_alt_name_value(self, relative_path, subject_alt_name_value):
310 cert = self._load_cert(relative_path)
311 value = cert.subject_alt_name_value
312 self.assertEqual(subject_alt_name_value, value.native if value else None)
313
314 #pylint: disable=C0326
315 @staticmethod
316 def basic_constraints_value_info():
317 return (
318 ('keys/test-der.crt', {'ca': True, 'path_len_constraint': None}),
319 ('keys/test-inter-der.crt', {'ca': True, 'path_len_constraint': None}),
320 ('keys/test-third-der.crt', None),
321 ('geotrust_certs/GeoTrust_Universal_CA.crt', {'ca': True, 'path_len_constraint': None}),
322 ('geotrust_certs/GeoTrust_Primary_CA.crt', {'ca': True, 'path_len_constraint': None}),
323 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', {'ca': True, 'path_len_constraint': 0}),
324 ('geotrust_certs/codex.crt', {'ca': False, 'path_len_constraint': None}),
325 ('lets_encrypt/isrgrootx1.pem', {'ca': True, 'path_len_constraint': None}),
326 ('lets_encrypt/letsencryptauthorityx1.pem', {'ca': True, 'path_len_constraint': 0}),
327 ('lets_encrypt/letsencryptauthorityx2.pem', {'ca': True, 'path_len_constraint': 0}),
328 ('globalsign_example_keys/IssuingCA-der.cer', {'ca': True, 'path_len_constraint': None}),
329 ('globalsign_example_keys/rootCA.cer', {'ca': True, 'path_len_constraint': None}),
330 ('globalsign_example_keys/SSL1.cer', {'ca': False, 'path_len_constraint': None}),
331 ('globalsign_example_keys/SSL2.cer', {'ca': False, 'path_len_constraint': None}),
332 ('globalsign_example_keys/SSL3.cer', {'ca': False, 'path_len_constraint': None}),
333 )
334
335 @data('basic_constraints_value_info')
336 def basic_constraints_value(self, relative_path, basic_constraints_value):
337 cert = self._load_cert(relative_path)
338 value = cert.basic_constraints_value
339 self.assertEqual(basic_constraints_value, value.native if value else None)
340
341 #pylint: disable=C0326
342 @staticmethod
343 def name_constraints_value_info():
344 return (
345 ('keys/test-der.crt', None),
346 ('keys/test-inter-der.crt', None),
347 ('keys/test-third-der.crt', None),
348 ('geotrust_certs/GeoTrust_Universal_CA.crt', None),
349 ('geotrust_certs/GeoTrust_Primary_CA.crt', None),
350 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', None),
351 ('geotrust_certs/codex.crt', None),
352 ('lets_encrypt/isrgrootx1.pem', None),
353 ('lets_encrypt/letsencryptauthorityx1.pem', None),
354 ('lets_encrypt/letsencryptauthorityx2.pem', None),
355 (
356 'globalsign_example_keys/IssuingCA-der.cer',
357 OrderedDict([
wbond8bb77d02015-07-13 17:44:29 -0400[diff] [blame]358 (
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]359 'permitted_subtrees',
wbond8bb77d02015-07-13 17:44:29 -0400[diff] [blame]360 [
361 OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]362 ('base', 'onlythis.com'),
363 ('minimum', 0),
364 ('maximum', None)
365 ]),
366 OrderedDict([
367 (
368 'base',
369 OrderedDict([
370 ('country_name', 'US'),
371 ('state_or_province_name', 'MA'),
372 ('locality_name', 'Boston'),
373 ('organization_name', 'Example LLC')
374 ])
375 ),
376 ('minimum', 0),
377 ('maximum', None)
wbond8bb77d02015-07-13 17:44:29 -0400[diff] [blame]378 ])
379 ]
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]380 ),
381 (
382 'excluded_subtrees',
383 [
384 OrderedDict([
385 ('base', b'\x00\x00\x00\x00\x00\x00\x00\x00'),
386 ('minimum', 0),
387 ('maximum', None)
388 ]),
389 OrderedDict([
390 ('base', b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'),
391 ('minimum', 0),
392 ('maximum', None)
393 ])
394 ]
395 ),
wbond8bb77d02015-07-13 17:44:29 -0400[diff] [blame]396 ])
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]397 ),
398 ('globalsign_example_keys/rootCA.cer', None),
399 ('globalsign_example_keys/SSL1.cer', None),
400 ('globalsign_example_keys/SSL2.cer', None),
401 ('globalsign_example_keys/SSL3.cer', None),
wbond8bb77d02015-07-13 17:44:29 -0400[diff] [blame]402 )
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]403
404 @data('name_constraints_value_info')
405 def name_constraints_value(self, relative_path, name_constraints_value):
406 cert = self._load_cert(relative_path)
407 value = cert.name_constraints_value
408 self.assertEqual(name_constraints_value, value.native if value else None)
409
410 #pylint: disable=C0326
411 @staticmethod
412 def crl_distribution_points_value_info():
413 return (
414 ('keys/test-der.crt', None),
415 ('keys/test-inter-der.crt', None),
416 ('keys/test-third-der.crt', None),
417 ('geotrust_certs/GeoTrust_Universal_CA.crt', None),
418 ('geotrust_certs/GeoTrust_Primary_CA.crt', None),
419 (
420 'geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt',
421 [
422 OrderedDict([
423 ('distribution_point', ['http://g1.symcb.com/GeoTrustPCA.crl']),
424 ('reasons', None),
425 ('crl_issuer', None)
426 ])
427 ]
428 ),
429 (
430 'geotrust_certs/codex.crt',
431 [
432 OrderedDict([
433 ('distribution_point', ['http://gm.symcb.com/gm.crl']),
434 ('reasons', None),
435 ('crl_issuer', None)
436 ])
437 ]
438 ),
439 ('lets_encrypt/isrgrootx1.pem', None),
440 (
441 'lets_encrypt/letsencryptauthorityx1.pem',
442 [
443 OrderedDict([
444 ('distribution_point', ['http://crl.root-x1.letsencrypt.org']),
445 ('reasons', None),
446 ('crl_issuer', None)
447 ])
448 ]
449 ),
450 (
451 'lets_encrypt/letsencryptauthorityx2.pem',
452 [
453 OrderedDict([
454 ('distribution_point', ['http://crl.root-x1.letsencrypt.org']),
455 ('reasons', None),
456 ('crl_issuer', None)
457 ])
458 ]
459 ),
460 (
461 'globalsign_example_keys/IssuingCA-der.cer',
462 [
463 OrderedDict([
464 ('distribution_point', ['http://crl.globalsign.com/gs/trustrootcatg2.crl']),
465 ('reasons', None),
466 ('crl_issuer', None)
467 ])
468 ]),
469 (
470 'globalsign_example_keys/rootCA.cer',
471 [
472 OrderedDict([
473 ('distribution_point', ['http://crl.globalsign.com/gs/trustrootcatg2.crl']),
474 ('reasons', None),
475 ('crl_issuer', None)
476 ])
477 ]),
478 ('globalsign_example_keys/SSL1.cer', None),
479 ('globalsign_example_keys/SSL2.cer', None),
480 ('globalsign_example_keys/SSL3.cer', None),
481 )
482
483 @data('crl_distribution_points_value_info')
484 def crl_distribution_points_value(self, relative_path, crl_distribution_points_value):
485 cert = self._load_cert(relative_path)
486 value = cert.crl_distribution_points_value
487 self.assertEqual(crl_distribution_points_value, value.native if value else None)
488
489 #pylint: disable=C0326
490 @staticmethod
491 def certificate_policies_value_info():
492 return (
493 ('keys/test-der.crt', None),
494 ('keys/test-inter-der.crt', None),
495 ('keys/test-third-der.crt', None),
496 ('geotrust_certs/GeoTrust_Universal_CA.crt', None),
497 ('geotrust_certs/GeoTrust_Primary_CA.crt', None),
498 (
499 'geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt',
500 [
501 OrderedDict([
502 ('policy_identifier', 'any_policy'),
503 (
504 'policy_qualifiers',
505 [
506 OrderedDict([
507 ('policy_qualifier_id', 'certification_practice_statement'),
508 ('qualifier', 'https://www.geotrust.com/resources/cps')
509 ])
510 ]
511 )
512 ])
513 ]
514 ),
515 (
516 'geotrust_certs/codex.crt',
517 [
518 OrderedDict([
519 ('policy_identifier', '1.3.6.1.4.1.14370.1.6'),
520 (
521 'policy_qualifiers',
522 [
523 OrderedDict([
524 ('policy_qualifier_id', 'certification_practice_statement'),
525 ('qualifier', 'https://www.geotrust.com/resources/repository/legal')
526 ]),
527 OrderedDict([
528 ('policy_qualifier_id', 'user_notice'),
529 (
530 'qualifier',
531 OrderedDict([
532 ('notice_ref', None),
533 ('explicit_text', 'https://www.geotrust.com/resources/repository/legal')
534 ])
535 )
536 ])
537 ]
538 )
539 ])
540 ]
541 ),
542 ('lets_encrypt/isrgrootx1.pem', None),
543 (
544 'lets_encrypt/letsencryptauthorityx1.pem',
545 [
546 OrderedDict([
547 ('policy_identifier', '2.23.140.1.2.1'),
548 ('policy_qualifiers', None)
549 ]),
550 OrderedDict([
551 ('policy_identifier', '1.3.6.1.4.1.44947.1.1.1'),
552 (
553 'policy_qualifiers',
554 [
555 OrderedDict([
556 ('policy_qualifier_id', 'certification_practice_statement'),
557 ('qualifier', 'http://cps.root-x1.letsencrypt.org')
558 ])
559 ]
560 )
561 ])
562 ]
563 ),
564 (
565 'lets_encrypt/letsencryptauthorityx2.pem',
566 [
567 OrderedDict([
568 ('policy_identifier', '2.23.140.1.2.1'),
569 ('policy_qualifiers', None)
570 ]),
571 OrderedDict([
572 ('policy_identifier', '1.3.6.1.4.1.44947.1.1.1'),
573 (
574 'policy_qualifiers',
575 [
576 OrderedDict([
577 ('policy_qualifier_id', 'certification_practice_statement'),
578 ('qualifier', 'http://cps.root-x1.letsencrypt.org')
579 ])
580 ]
581 )
582 ])
583 ]
584 ),
585 (
586 'globalsign_example_keys/IssuingCA-der.cer',
587 [
588 OrderedDict([
589 ('policy_identifier', '1.3.6.1.4.1.4146.1.60'),
590 (
591 'policy_qualifiers',
592 [
593 OrderedDict([
594 ('policy_qualifier_id', 'certification_practice_statement'),
595 ('qualifier', 'https://www.globalsign.com/repository/')
596 ])
597 ]
598 )
599 ])
600 ]
601 ),
602 ('globalsign_example_keys/rootCA.cer', None),
603 (
604 'globalsign_example_keys/SSL1.cer',
605 [
606 OrderedDict([
607 ('policy_identifier', '1.3.6.1.4.1.4146.1.60'),
608 (
609 'policy_qualifiers',
610 [
611 OrderedDict([
612 ('policy_qualifier_id', 'certification_practice_statement'),
613 ('qualifier', 'https://www.globalsign.com/repository/')
614 ])
615 ]
616 )
617 ])
618 ]
619 ),
620 (
621 'globalsign_example_keys/SSL2.cer',
622 [
623 OrderedDict([
624 ('policy_identifier', '1.3.6.1.4.1.4146.1.60'),
625 (
626 'policy_qualifiers',
627 [
628 OrderedDict([
629 ('policy_qualifier_id', 'certification_practice_statement'),
630 ('qualifier', 'https://www.globalsign.com/repository/')
631 ])
632 ]
633 )
634 ])
635 ]
636 ),
637 (
638 'globalsign_example_keys/SSL3.cer',
639 [
640 OrderedDict([
641 ('policy_identifier', '1.3.6.1.4.1.4146.1.60'),
642 (
643 'policy_qualifiers',
644 [
645 OrderedDict([
646 ('policy_qualifier_id', 'certification_practice_statement'),
647 ('qualifier', 'https://www.globalsign.com/repository/')
648 ])
649 ]
650 )
651 ])
652 ]
653 ),
654 )
655
656 @data('certificate_policies_value_info')
657 def certificate_policies_value(self, relative_path, certificate_policies_value):
658 cert = self._load_cert(relative_path)
659 value = cert.certificate_policies_value
660 self.assertEqual(certificate_policies_value, value.native if value else None)
661
662 #pylint: disable=C0326
663 @staticmethod
664 def policy_mappings_value_info():
665 return (
666 ('keys/test-der.crt', None),
667 ('keys/test-inter-der.crt', None),
668 ('keys/test-third-der.crt', None),
669 ('geotrust_certs/GeoTrust_Universal_CA.crt', None),
670 ('geotrust_certs/GeoTrust_Primary_CA.crt', None),
671 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', None),
672 ('geotrust_certs/codex.crt', None),
673 ('lets_encrypt/isrgrootx1.pem', None),
674 ('lets_encrypt/letsencryptauthorityx1.pem', None),
675 ('lets_encrypt/letsencryptauthorityx2.pem', None),
676 ('globalsign_example_keys/IssuingCA-der.cer', None),
677 ('globalsign_example_keys/rootCA.cer', None),
678 ('globalsign_example_keys/SSL1.cer', None),
679 ('globalsign_example_keys/SSL2.cer', None),
680 ('globalsign_example_keys/SSL3.cer', None),
681 )
682
683 @data('policy_mappings_value_info')
684 def policy_mappings_value(self, relative_path, policy_mappings_value):
685 cert = self._load_cert(relative_path)
686 value = cert.policy_mappings_value
687 self.assertEqual(policy_mappings_value, value.native if value else None)
688
689 #pylint: disable=C0326
690 @staticmethod
691 def authority_key_identifier_value_info():
692 return (
693 (
694 'keys/test-der.crt',
wbond08c60fa2015-07-13 23:02:13 -0400[diff] [blame]695 OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]696 ('key_identifier', b'\xbeB\x85=\xcc\xff\xe3\xf9(\x02\x8f~XV\xb4\xfd\x03\\\xeaK'),
697 (
698 'authority_cert_issuer',
699 [
700 OrderedDict([
701 ('country_name', 'US'),
702 ('state_or_province_name', 'Massachusetts'),
703 ('locality_name', 'Newbury'),
704 ('organization_name', 'Codex Non Sufficit LC'),
705 ('organizational_unit_name', 'Testing'),
706 ('common_name', 'Will Bond'),
707 ('email_address', 'will@codexns.io')
708 ])
709 ]
710 ),
711 ('authority_cert_serial_number', 13683582341504654466)
wbond08c60fa2015-07-13 23:02:13 -0400[diff] [blame]712 ])
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]713 ),
714 (
715 'keys/test-inter-der.crt',
716 OrderedDict([
717 ('key_identifier', b'\xbeB\x85=\xcc\xff\xe3\xf9(\x02\x8f~XV\xb4\xfd\x03\\\xeaK'),
718 ('authority_cert_issuer', None),
719 ('authority_cert_serial_number', None)
720 ])
721 ),
722 (
723 'keys/test-third-der.crt',
724 OrderedDict([
725 ('key_identifier', b'\xd2\n\xfd.%\xd1\xb7!\xd7P~\xbb\xa4}\xbf4\xefR^\x02'),
726 ('authority_cert_issuer', None),
727 ('authority_cert_serial_number', None)
728 ])
729 ),
730 (
731 'geotrust_certs/GeoTrust_Universal_CA.crt',
732 OrderedDict([
733 ('key_identifier', b'\xda\xbb.\xaa\xb0\x0c\xb8\x88&Qt\\m\x03\xd3\xc0\xd8\x8fz\xd6'),
734 ('authority_cert_issuer', None),
735 ('authority_cert_serial_number', None)
736 ])
737 ),
738 (
739 'geotrust_certs/GeoTrust_Primary_CA.crt',
740 None
741 ),
742 (
743 'geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt',
744 OrderedDict([
745 ('key_identifier', b',\xd5PA\x97\x15\x8b\xf0\x8f6a[J\xfbk\xd9\x99\xc93\x92'),
746 ('authority_cert_issuer', None),
747 ('authority_cert_serial_number', None)
748 ])
749 ),
750 (
751 'geotrust_certs/codex.crt',
752 OrderedDict([
753 ('key_identifier', b'\xde\xcf\\P\xb7\xae\x02\x1f\x15\x17\xaa\x16\xe8\r\xb5(\x9djZ\xf3'),
754 ('authority_cert_issuer', None),
755 ('authority_cert_serial_number', None)
756 ])
757 ),
758 (
759 'lets_encrypt/isrgrootx1.pem',
760 None
761 ),
762 (
763 'lets_encrypt/letsencryptauthorityx1.pem',
764 OrderedDict([
765 ('key_identifier', b'y\xb4Y\xe6{\xb6\xe5\xe4\x01s\x80\x08\x88\xc8\x1aX\xf6\xe9\x9bn'),
766 ('authority_cert_issuer', None),
767 ('authority_cert_serial_number', None)
768 ])
769 ),
770 (
771 'lets_encrypt/letsencryptauthorityx2.pem',
772 OrderedDict([
773 ('key_identifier', b'y\xb4Y\xe6{\xb6\xe5\xe4\x01s\x80\x08\x88\xc8\x1aX\xf6\xe9\x9bn'),
774 ('authority_cert_issuer', None),
775 ('authority_cert_serial_number', None)
776 ])
777 ),
778 (
779 'globalsign_example_keys/IssuingCA-der.cer',
780 OrderedDict([
781 ('key_identifier', b'd|\\\xe1\xe0`8NH\x9f\x05\xbcUc~?\xaeM\xf7\x1e'),
782 ('authority_cert_issuer', None),
783 ('authority_cert_serial_number', None)
784 ])
785 ),
786 (
787 'globalsign_example_keys/rootCA.cer',
788 None
789 ),
790 (
791 'globalsign_example_keys/SSL1.cer',
792 OrderedDict([
793 ('key_identifier', b"'\xf8/\xe9]\xd7\r\xf4\xa8\xea\x87\x99=\xfd\x8e\xb3\x9e@\xd0\x91"),
794 ('authority_cert_issuer', None),
795 ('authority_cert_serial_number', None)
796 ])
797 ),
798 (
799 'globalsign_example_keys/SSL2.cer',
800 OrderedDict([
801 ('key_identifier', b"'\xf8/\xe9]\xd7\r\xf4\xa8\xea\x87\x99=\xfd\x8e\xb3\x9e@\xd0\x91"),
802 ('authority_cert_issuer', None),
803 ('authority_cert_serial_number', None)
804 ])
805 ),
806 (
807 'globalsign_example_keys/SSL3.cer',
808 OrderedDict([
809 ('key_identifier', b"'\xf8/\xe9]\xd7\r\xf4\xa8\xea\x87\x99=\xfd\x8e\xb3\x9e@\xd0\x91"),
810 ('authority_cert_issuer', None),
811 ('authority_cert_serial_number', None)
812 ])
813 ),
wbond08c60fa2015-07-13 23:02:13 -0400[diff] [blame]814 )
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]815
816 @data('authority_key_identifier_value_info')
817 def authority_key_identifier_value(self, relative_path, authority_key_identifier_value):
818 cert = self._load_cert(relative_path)
819 value = cert.authority_key_identifier_value
820 self.assertEqual(authority_key_identifier_value, value.native if value else None)
821
822 #pylint: disable=C0326
823 @staticmethod
824 def policy_constraints_value_info():
825 return (
826 ('keys/test-der.crt', None),
827 ('keys/test-inter-der.crt', None),
828 ('keys/test-third-der.crt', None),
829 ('geotrust_certs/GeoTrust_Universal_CA.crt', None),
830 ('geotrust_certs/GeoTrust_Primary_CA.crt', None),
831 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', None),
832 ('geotrust_certs/codex.crt', None),
833 ('lets_encrypt/isrgrootx1.pem', None),
834 ('lets_encrypt/letsencryptauthorityx1.pem', None),
835 ('lets_encrypt/letsencryptauthorityx2.pem', None),
836 ('globalsign_example_keys/IssuingCA-der.cer', None),
837 ('globalsign_example_keys/rootCA.cer', None),
838 ('globalsign_example_keys/SSL1.cer', None),
839 ('globalsign_example_keys/SSL2.cer', None),
840 ('globalsign_example_keys/SSL3.cer', None),
841 )
842
843 @data('policy_constraints_value_info')
844 def policy_constraints_value(self, relative_path, policy_constraints_value):
845 cert = self._load_cert(relative_path)
846 value = cert.policy_constraints_value
847 self.assertEqual(policy_constraints_value, value.native if value else None)
848
849 #pylint: disable=C0326
850 @staticmethod
851 def extended_key_usage_value_info():
852 return (
853 ('keys/test-der.crt', None),
854 ('keys/test-inter-der.crt', None),
855 ('keys/test-third-der.crt', None),
856 ('geotrust_certs/GeoTrust_Universal_CA.crt', None),
857 ('geotrust_certs/GeoTrust_Primary_CA.crt', None),
858 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', None),
859 ('geotrust_certs/codex.crt', ['server_auth', 'client_auth']),
860 ('lets_encrypt/isrgrootx1.pem', None),
861 ('lets_encrypt/letsencryptauthorityx1.pem', None),
862 ('lets_encrypt/letsencryptauthorityx2.pem', None),
863 ('globalsign_example_keys/IssuingCA-der.cer', None),
864 ('globalsign_example_keys/rootCA.cer', None),
865 ('globalsign_example_keys/SSL1.cer', ['server_auth', 'client_auth']),
866 ('globalsign_example_keys/SSL2.cer', ['server_auth', 'client_auth']),
867 ('globalsign_example_keys/SSL3.cer', ['server_auth', 'client_auth']),
868 )
869
870 @data('extended_key_usage_value_info')
871 def extended_key_usage_value(self, relative_path, extended_key_usage_value):
872 cert = self._load_cert(relative_path)
873 value = cert.extended_key_usage_value
874 self.assertEqual(extended_key_usage_value, value.native if value else None)
875
876 #pylint: disable=C0326
877 @staticmethod
878 def authority_information_access_value_info():
879 return (
880 ('keys/test-der.crt', None),
881 ('keys/test-inter-der.crt', None),
882 ('keys/test-third-der.crt', None),
883 ('geotrust_certs/GeoTrust_Universal_CA.crt', None),
884 ('geotrust_certs/GeoTrust_Primary_CA.crt', None),
885 (
886 'geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt',
887 [
888 OrderedDict([
889 ('access_method', 'ocsp'),
890 ('access_location', 'http://g2.symcb.com')
891 ])
892 ]
893 ),
894 (
895 'geotrust_certs/codex.crt',
896 [
897 OrderedDict([
898 ('access_method', 'ocsp'),
899 ('access_location', 'http://gm.symcd.com')
900 ]),
901 OrderedDict([
902 ('access_method', 'ca_issuers'),
903 ('access_location', 'http://gm.symcb.com/gm.crt')
904 ]),
905 ]
906 ),
907 ('lets_encrypt/isrgrootx1.pem', None),
908 (
909 'lets_encrypt/letsencryptauthorityx1.pem',
910 [
911 OrderedDict([
912 ('access_method', 'ocsp'),
913 ('access_location', 'http://ocsp.root-x1.letsencrypt.org/')
914 ]),
915 OrderedDict([
916 ('access_method', 'ca_issuers'),
917 ('access_location', 'http://cert.root-x1.letsencrypt.org/')
918 ])
919 ]
920 ),
921 (
922 'lets_encrypt/letsencryptauthorityx2.pem',
923 [
924 OrderedDict([
925 ('access_method', 'ocsp'),
926 ('access_location', 'http://ocsp.root-x1.letsencrypt.org/')
927 ]),
928 OrderedDict([
929 ('access_method', 'ca_issuers'),
930 ('access_location', 'http://cert.root-x1.letsencrypt.org/')
931 ])
932 ]
933 ),
934 ('globalsign_example_keys/IssuingCA-der.cer', None),
935 ('globalsign_example_keys/rootCA.cer', None),
936 (
937 'globalsign_example_keys/SSL1.cer',
938 [
939 OrderedDict([
940 ('access_method', 'ocsp'),
941 ('access_location', 'http://ocsp.exampleovca.com/')
942 ]),
943 OrderedDict([
944 ('access_method', 'ca_issuers'),
945 ('access_location', 'http://secure.globalsign.com/cacert/trustrootcatg2.crt')
946 ])
947 ]
948 ),
949 (
950 'globalsign_example_keys/SSL2.cer',
951 [
952 OrderedDict([
953 ('access_method', 'ocsp'),
954 ('access_location', 'http://ocsp.exampleovca.com/')
955 ]),
956 OrderedDict([
957 ('access_method', 'ca_issuers'),
958 ('access_location', 'http://secure.globalsign.com/cacert/trustrootcatg2.crt')
959 ])
960 ]
961 ),
962 (
963 'globalsign_example_keys/SSL3.cer',
964 [
965 OrderedDict([
966 ('access_method', 'ocsp'),
967 ('access_location', 'http://ocsp.exampleovca.com/')
968 ]),
969 OrderedDict([
970 ('access_method', 'ca_issuers'),
971 ('access_location', 'http://secure.globalsign.com/cacert/trustrootcatg2.crt')
972 ])
973 ]
974 ),
975 )
976
977 @data('authority_information_access_value_info')
978 def authority_information_access_value(self, relative_path, authority_information_access_value):
979 cert = self._load_cert(relative_path)
980 value = cert.authority_information_access_value
981 self.assertEqual(authority_information_access_value, value.native if value else None)
982
983 #pylint: disable=C0326
984 @staticmethod
985 def ocsp_no_check_value_info():
986 return (
987 ('keys/test-der.crt', None),
988 ('keys/test-inter-der.crt', None),
989 ('keys/test-third-der.crt', None),
990 ('geotrust_certs/GeoTrust_Universal_CA.crt', None),
991 ('geotrust_certs/GeoTrust_Primary_CA.crt', None),
992 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', None),
993 ('geotrust_certs/codex.crt', None),
994 ('lets_encrypt/isrgrootx1.pem', None),
995 ('lets_encrypt/letsencryptauthorityx1.pem', None),
996 ('lets_encrypt/letsencryptauthorityx2.pem', None),
997 ('globalsign_example_keys/IssuingCA-der.cer', None),
998 ('globalsign_example_keys/rootCA.cer', None),
999 ('globalsign_example_keys/SSL1.cer', None),
1000 ('globalsign_example_keys/SSL2.cer', None),
1001 ('globalsign_example_keys/SSL3.cer', None),
1002 )
1003
1004 @data('ocsp_no_check_value_info')
1005 def ocsp_no_check_value(self, relative_path, ocsp_no_check_value):
1006 cert = self._load_cert(relative_path)
1007 value = cert.ocsp_no_check_value
1008 self.assertEqual(ocsp_no_check_value, value.native if value else None)
1009
1010 #pylint: disable=C0326
1011 @staticmethod
1012 def serial_number_info():
1013 return (
1014 ('keys/test-der.crt', 13683582341504654466),
1015 ('keys/test-inter-der.crt', 1590137),
1016 ('keys/test-third-der.crt', 2474902313),
1017 ('geotrust_certs/GeoTrust_Universal_CA.crt', 1),
1018 ('geotrust_certs/GeoTrust_Primary_CA.crt', 32798226551256963324313806436981982369),
1019 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', 146934555852773531829332059263122711876),
1020 ('geotrust_certs/codex.crt', 130338219198307073574879940486642352162),
1021 ('lets_encrypt/isrgrootx1.pem', 172886928669790476064670243504169061120),
1022 ('lets_encrypt/letsencryptauthorityx1.pem', 307817870430047279283060309415759825539),
1023 ('lets_encrypt/letsencryptauthorityx2.pem', 199666138109676817050168330923544141416),
1024 ('globalsign_example_keys/IssuingCA-der.cer', 43543335419752),
1025 ('globalsign_example_keys/rootCA.cer', 342514332211132),
1026 ('globalsign_example_keys/SSL1.cer', 425155524522),
1027 ('globalsign_example_keys/SSL2.cer', 425155524522),
1028 ('globalsign_example_keys/SSL3.cer', 425155524522),
1029 )
1030
1031 @data('serial_number_info')
1032 def serial_number(self, relative_path, serial_number):
1033 cert = self._load_cert(relative_path)
1034 self.assertEqual(serial_number, cert.serial_number)
1035
1036 #pylint: disable=C0326
1037 @staticmethod
1038 def key_identifier_info():
1039 return (
1040 ('keys/test-der.crt', b'\xbeB\x85=\xcc\xff\xe3\xf9(\x02\x8f~XV\xb4\xfd\x03\\\xeaK'),
1041 ('keys/test-inter-der.crt', b'\xd2\n\xfd.%\xd1\xb7!\xd7P~\xbb\xa4}\xbf4\xefR^\x02'),
1042 ('keys/test-third-der.crt', b'D8\xe0\xe0&\x85\xbf\x98\x86\xdc\x1b\xe1\x1d\xf520\xbe\xab\xac\r'),
1043 ('geotrust_certs/GeoTrust_Universal_CA.crt', b'\xda\xbb.\xaa\xb0\x0c\xb8\x88&Qt\\m\x03\xd3\xc0\xd8\x8fz\xd6'),
1044 ('geotrust_certs/GeoTrust_Primary_CA.crt', b',\xd5PA\x97\x15\x8b\xf0\x8f6a[J\xfbk\xd9\x99\xc93\x92'),
1045 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', b'\xde\xcf\\P\xb7\xae\x02\x1f\x15\x17\xaa\x16\xe8\r\xb5(\x9djZ\xf3'),
1046 ('geotrust_certs/codex.crt', None),
1047 ('lets_encrypt/isrgrootx1.pem', b'y\xb4Y\xe6{\xb6\xe5\xe4\x01s\x80\x08\x88\xc8\x1aX\xf6\xe9\x9bn'),
1048 ('lets_encrypt/letsencryptauthorityx1.pem', b'\xa8Jjc\x04}\xdd\xba\xe6\xd19\xb7\xa6Ee\xef\xf3\xa8\xec\xa1'),
1049 ('lets_encrypt/letsencryptauthorityx2.pem', b'\xc5\xb1\xabNL\xb1\xcdd0\x93~\xc1\x84\x99\x05\xab\xe6\x03\xe2%'),
1050 ('globalsign_example_keys/IssuingCA-der.cer', b"'\xf8/\xe9]\xd7\r\xf4\xa8\xea\x87\x99=\xfd\x8e\xb3\x9e@\xd0\x91"),
1051 ('globalsign_example_keys/rootCA.cer', b'd|\\\xe1\xe0`8NH\x9f\x05\xbcUc~?\xaeM\xf7\x1e'),
1052 ('globalsign_example_keys/SSL1.cer', b'\x94a\x04\x92\x04L\xe6\xffh\xa8\x96\xafy\xd2\xf32\x84\xae[\xcf'),
1053 ('globalsign_example_keys/SSL2.cer', b'\xd2\xb7\x15\x7fd0\x07(p\x83\xca(\xfa\x88\x96\xde\x9e\xfc\x8a='),
1054 ('globalsign_example_keys/SSL3.cer', b'G\xde\xa4\xe7\xea`\xe7\xee6\xc8\xf1\xd5\xb0F\x07\x07\x9eBh\xce'),
1055 )
1056
1057 @data('key_identifier_info')
1058 def key_identifier(self, relative_path, key_identifier):
1059 cert = self._load_cert(relative_path)
1060 self.assertEqual(key_identifier, cert.key_identifier)
1061
1062 #pylint: disable=C0326
1063 @staticmethod
1064 def issuer_serial_info():
1065 return (
1066 ('keys/test-der.crt', b'\xdd\x8a\x19x\xae`\x19=\xa7\xf8\x00\xb9\xfbx\xf8\xedu\xb8!\xf8\x8c\xdb\x1f\x99\'7w\x93\xb4\xa4\'\xa0:13683582341504654466'),
1067 ('keys/test-inter-der.crt', b'\xdd\x8a\x19x\xae`\x19=\xa7\xf8\x00\xb9\xfbx\xf8\xedu\xb8!\xf8\x8c\xdb\x1f\x99\'7w\x93\xb4\xa4\'\xa0:1590137'),
1068 ('keys/test-third-der.crt', b'\xed{\x9b\xbf\x9b\xdbd\xa4\xea\xf2#+H\x96\xcd\x80\x99\xf6\xecCM\x94\x07\x02\xe2\x18\xf3\x83\x8c8%\x01:2474902313'),
1069 ('geotrust_certs/GeoTrust_Universal_CA.crt', b'\xa1\x848\xf2\xe5w\xee\xec\xce\xfefJC+\xdf\x97\x7f\xd2Y\xe3\xdc\xa0D7~\x07\xd9\x9dzL@g:1'),
1070 ('geotrust_certs/GeoTrust_Primary_CA.crt', b'\xdcg\x0c\x80\x03\xb3D\xa0v\xe2\xee\xec\x8b\xd6\x82\x01\xf0\x13\x0cwT\xb4\x8f\x80\x0eT\x9d\xbf\xbf\xa4\x11\x80:32798226551256963324313806436981982369'),
1071 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', b'\xdcg\x0c\x80\x03\xb3D\xa0v\xe2\xee\xec\x8b\xd6\x82\x01\xf0\x13\x0cwT\xb4\x8f\x80\x0eT\x9d\xbf\xbf\xa4\x11\x80:146934555852773531829332059263122711876'),
1072 ('geotrust_certs/codex.crt', b'x\x12\xe0\x15\x00d;\xc3\xb9/\xf6\x13\n\xd8\xe2\xddY\xf7\xaf*=C\x01<\x86\xf5\x9f_\xab;e\xd1:130338219198307073574879940486642352162'),
1073 ('lets_encrypt/isrgrootx1.pem', b'\xf6\xdb/\xbd\x9d\xd8]\x92Y\xdd\xb3\xc6\xde}{/\xec?>\x0c\xef\x17a\xbc\xbf3 W\x1e-0\xf8:172886928669790476064670243504169061120'),
1074 ('lets_encrypt/letsencryptauthorityx1.pem', b'\xf6\xdb/\xbd\x9d\xd8]\x92Y\xdd\xb3\xc6\xde}{/\xec?>\x0c\xef\x17a\xbc\xbf3 W\x1e-0\xf8:307817870430047279283060309415759825539'),
1075 ('lets_encrypt/letsencryptauthorityx2.pem', b'\xf6\xdb/\xbd\x9d\xd8]\x92Y\xdd\xb3\xc6\xde}{/\xec?>\x0c\xef\x17a\xbc\xbf3 W\x1e-0\xf8:199666138109676817050168330923544141416'),
1076 ('globalsign_example_keys/IssuingCA-der.cer', b'\xd2\xe7\xca\x10\xc1\x91\x92Y^A\x11\xd3Rz\xd5\x93\x19wk\x11\xef\xaa\x9c\xad\x10\x8ak\x8a\x08-\x0c\xff:43543335419752'),
1077 ('globalsign_example_keys/rootCA.cer', b'\xd2\xe7\xca\x10\xc1\x91\x92Y^A\x11\xd3Rz\xd5\x93\x19wk\x11\xef\xaa\x9c\xad\x10\x8ak\x8a\x08-\x0c\xff:342514332211132'),
1078 ('globalsign_example_keys/SSL1.cer', b'_\xc0S\xb1\xeb}\xe3\x8e\xe4{\xdb\xd7\xe2\xd9}=3\x97|\x0c\x1e\xecz\xcc\x92u\x1f\xf0\x1d\xbc\x9f\xe4:425155524522'),
1079 ('globalsign_example_keys/SSL2.cer', b'_\xc0S\xb1\xeb}\xe3\x8e\xe4{\xdb\xd7\xe2\xd9}=3\x97|\x0c\x1e\xecz\xcc\x92u\x1f\xf0\x1d\xbc\x9f\xe4:425155524522'),
1080 ('globalsign_example_keys/SSL3.cer', b'_\xc0S\xb1\xeb}\xe3\x8e\xe4{\xdb\xd7\xe2\xd9}=3\x97|\x0c\x1e\xecz\xcc\x92u\x1f\xf0\x1d\xbc\x9f\xe4:425155524522'),
1081 )
1082
1083 @data('issuer_serial_info')
1084 def issuer_serial(self, relative_path, issuer_serial):
1085 cert = self._load_cert(relative_path)
1086 self.assertEqual(issuer_serial, cert.issuer_serial)
1087
1088 #pylint: disable=C0326
1089 @staticmethod
1090 def authority_key_identifier_info():
1091 return (
1092 ('keys/test-der.crt', b'\xbeB\x85=\xcc\xff\xe3\xf9(\x02\x8f~XV\xb4\xfd\x03\\\xeaK'),
1093 ('keys/test-inter-der.crt', b'\xbeB\x85=\xcc\xff\xe3\xf9(\x02\x8f~XV\xb4\xfd\x03\\\xeaK'),
1094 ('keys/test-third-der.crt', b'\xd2\n\xfd.%\xd1\xb7!\xd7P~\xbb\xa4}\xbf4\xefR^\x02'),
1095 ('geotrust_certs/GeoTrust_Universal_CA.crt', b'\xda\xbb.\xaa\xb0\x0c\xb8\x88&Qt\\m\x03\xd3\xc0\xd8\x8fz\xd6'),
1096 ('geotrust_certs/GeoTrust_Primary_CA.crt', None),
1097 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', b',\xd5PA\x97\x15\x8b\xf0\x8f6a[J\xfbk\xd9\x99\xc93\x92'),
1098 ('geotrust_certs/codex.crt', b'\xde\xcf\\P\xb7\xae\x02\x1f\x15\x17\xaa\x16\xe8\r\xb5(\x9djZ\xf3'),
1099 ('lets_encrypt/isrgrootx1.pem', None),
1100 ('lets_encrypt/letsencryptauthorityx1.pem', b'y\xb4Y\xe6{\xb6\xe5\xe4\x01s\x80\x08\x88\xc8\x1aX\xf6\xe9\x9bn'),
1101 ('lets_encrypt/letsencryptauthorityx2.pem', b'y\xb4Y\xe6{\xb6\xe5\xe4\x01s\x80\x08\x88\xc8\x1aX\xf6\xe9\x9bn'),
1102 ('globalsign_example_keys/IssuingCA-der.cer', b'd|\\\xe1\xe0`8NH\x9f\x05\xbcUc~?\xaeM\xf7\x1e'),
1103 ('globalsign_example_keys/rootCA.cer', None),
1104 ('globalsign_example_keys/SSL1.cer', b"'\xf8/\xe9]\xd7\r\xf4\xa8\xea\x87\x99=\xfd\x8e\xb3\x9e@\xd0\x91"),
1105 ('globalsign_example_keys/SSL2.cer', b"'\xf8/\xe9]\xd7\r\xf4\xa8\xea\x87\x99=\xfd\x8e\xb3\x9e@\xd0\x91"),
1106 ('globalsign_example_keys/SSL3.cer', b"'\xf8/\xe9]\xd7\r\xf4\xa8\xea\x87\x99=\xfd\x8e\xb3\x9e@\xd0\x91"),
1107 )
1108
1109 @data('authority_key_identifier_info')
1110 def authority_key_identifier(self, relative_path, authority_key_identifier):
1111 cert = self._load_cert(relative_path)
1112 self.assertEqual(authority_key_identifier, cert.authority_key_identifier)
1113
1114 #pylint: disable=C0326
1115 @staticmethod
1116 def authority_issuer_serial_info():
1117 return (
1118 ('keys/test-der.crt', b'\xdd\x8a\x19x\xae`\x19=\xa7\xf8\x00\xb9\xfbx\xf8\xedu\xb8!\xf8\x8c\xdb\x1f\x99\'7w\x93\xb4\xa4\'\xa0:13683582341504654466'),
1119 ('keys/test-inter-der.crt', None),
1120 ('keys/test-third-der.crt', None),
1121 ('geotrust_certs/GeoTrust_Universal_CA.crt', None),
1122 ('geotrust_certs/GeoTrust_Primary_CA.crt', None),
1123 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', None),
1124 ('geotrust_certs/codex.crt', None),
1125 ('lets_encrypt/isrgrootx1.pem', None),
1126 ('lets_encrypt/letsencryptauthorityx1.pem', None),
1127 ('lets_encrypt/letsencryptauthorityx2.pem', None),
1128 ('globalsign_example_keys/IssuingCA-der.cer', None),
1129 ('globalsign_example_keys/rootCA.cer', None),
1130 ('globalsign_example_keys/SSL1.cer', None),
1131 ('globalsign_example_keys/SSL2.cer', None),
1132 ('globalsign_example_keys/SSL3.cer', None),
1133 )
1134
1135 @data('authority_issuer_serial_info')
1136 def authority_issuer_serial(self, relative_path, authority_issuer_serial):
1137 cert = self._load_cert(relative_path)
1138 self.assertEqual(authority_issuer_serial, cert.authority_issuer_serial)
1139
1140 #pylint: disable=C0326
1141 @staticmethod
1142 def ocsp_urls_info():
1143 return (
1144 ('keys/test-der.crt', []),
1145 ('keys/test-inter-der.crt', []),
1146 ('keys/test-third-der.crt', []),
1147 ('geotrust_certs/GeoTrust_Universal_CA.crt', []),
1148 ('geotrust_certs/GeoTrust_Primary_CA.crt', []),
1149 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', ['http://g2.symcb.com']),
1150 ('geotrust_certs/codex.crt', ['http://gm.symcd.com']),
1151 ('lets_encrypt/isrgrootx1.pem', []),
1152 ('lets_encrypt/letsencryptauthorityx1.pem', ['http://ocsp.root-x1.letsencrypt.org/']),
1153 ('lets_encrypt/letsencryptauthorityx2.pem', ['http://ocsp.root-x1.letsencrypt.org/']),
1154 ('globalsign_example_keys/IssuingCA-der.cer', []),
1155 ('globalsign_example_keys/rootCA.cer', []),
1156 ('globalsign_example_keys/SSL1.cer', ['http://ocsp.exampleovca.com/']),
1157 ('globalsign_example_keys/SSL2.cer', ['http://ocsp.exampleovca.com/']),
1158 ('globalsign_example_keys/SSL3.cer', ['http://ocsp.exampleovca.com/']),
1159 )
1160
1161 @data('ocsp_urls_info')
1162 def ocsp_urls(self, relative_path, ocsp_url):
1163 cert = self._load_cert(relative_path)
1164 self.assertEqual(ocsp_url, cert.ocsp_urls)
1165
1166 #pylint: disable=C0326
1167 @staticmethod
wbond6888bc62015-07-21 15:05:59 -0400[diff] [blame^]1168 def crl_distribution_points_info():
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1169 return (
1170 ('keys/test-der.crt', []),
1171 ('keys/test-inter-der.crt', []),
1172 ('keys/test-third-der.crt', []),
1173 ('geotrust_certs/GeoTrust_Universal_CA.crt', []),
1174 ('geotrust_certs/GeoTrust_Primary_CA.crt', []),
wbond6888bc62015-07-21 15:05:59 -0400[diff] [blame^]1175 (
1176 'geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt',
1177 [
1178 OrderedDict([
1179 ('distribution_point', ['http://g1.symcb.com/GeoTrustPCA.crl']),
1180 ('reasons', None),
1181 ('crl_issuer', None)
1182 ])
1183 ]
1184 ),
1185 (
1186 'geotrust_certs/codex.crt',
1187 [
1188 OrderedDict([
1189 ('distribution_point', ['http://gm.symcb.com/gm.crl']),
1190 ('reasons', None),
1191 ('crl_issuer', None)
1192 ])
1193 ]
1194 ),
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1195 ('lets_encrypt/isrgrootx1.pem', []),
wbond6888bc62015-07-21 15:05:59 -0400[diff] [blame^]1196 (
1197 'lets_encrypt/letsencryptauthorityx1.pem',
1198 [
1199 OrderedDict([
1200 ('distribution_point', ['http://crl.root-x1.letsencrypt.org']),
1201 ('reasons', None),
1202 ('crl_issuer', None)
1203 ])
1204 ]
1205 ),
1206 (
1207 'lets_encrypt/letsencryptauthorityx2.pem',
1208 [
1209 OrderedDict([
1210 ('distribution_point', ['http://crl.root-x1.letsencrypt.org']),
1211 ('reasons', None),
1212 ('crl_issuer', None)
1213 ])
1214 ]
1215 ),
1216 (
1217 'globalsign_example_keys/IssuingCA-der.cer',
1218 [
1219 OrderedDict([
1220 ('distribution_point', ['http://crl.globalsign.com/gs/trustrootcatg2.crl']),
1221 ('reasons', None),
1222 ('crl_issuer', None)
1223 ])
1224 ]
1225 ),
1226 (
1227 'globalsign_example_keys/rootCA.cer',
1228 [
1229 OrderedDict([
1230 ('distribution_point', ['http://crl.globalsign.com/gs/trustrootcatg2.crl']),
1231 ('reasons', None),
1232 ('crl_issuer', None)
1233 ])
1234 ]
1235 ),
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1236 ('globalsign_example_keys/SSL1.cer', []),
1237 ('globalsign_example_keys/SSL2.cer', []),
1238 ('globalsign_example_keys/SSL3.cer', []),
1239 )
1240
wbond6888bc62015-07-21 15:05:59 -0400[diff] [blame^]1241 @data('crl_distribution_points_info')
1242 def crl_distribution_points(self, relative_path, crl_distribution_point):
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1243 cert = self._load_cert(relative_path)
wbond6888bc62015-07-21 15:05:59 -0400[diff] [blame^]1244 points = [point.native for point in cert.crl_distribution_points]
1245 self.assertEqual(crl_distribution_point, points)
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1246
1247 #pylint: disable=C0326
1248 @staticmethod
1249 def valid_domains_info():
1250 return (
1251 ('keys/test-der.crt', []),
1252 ('keys/test-inter-der.crt', []),
1253 ('keys/test-third-der.crt', []),
1254 ('geotrust_certs/GeoTrust_Universal_CA.crt', []),
1255 ('geotrust_certs/GeoTrust_Primary_CA.crt', []),
1256 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', []),
1257 ('geotrust_certs/codex.crt', ['codexns.io', 'dev.codexns.io', 'rc.codexns.io', 'packagecontrol.io', 'wbond.net']),
1258 ('lets_encrypt/isrgrootx1.pem', []),
1259 ('lets_encrypt/letsencryptauthorityx1.pem', []),
1260 ('lets_encrypt/letsencryptauthorityx2.pem', []),
1261 ('globalsign_example_keys/IssuingCA-der.cer', []),
1262 ('globalsign_example_keys/rootCA.cer', []),
1263 ('globalsign_example_keys/SSL1.cer', ['anything.example.com']),
1264 ('globalsign_example_keys/SSL2.cer', ['*.google.com', 'anything.example.com']),
1265 ('globalsign_example_keys/SSL3.cer', ['*.google.com']),
1266 )
1267
1268 @data('valid_domains_info')
1269 def valid_domains(self, relative_path, valid_domains):
1270 cert = self._load_cert(relative_path)
1271 self.assertEqual(valid_domains, cert.valid_domains)
1272
1273 #pylint: disable=C0326
1274 @staticmethod
1275 def valid_ips_info():
1276 return (
1277 ('keys/test-der.crt', []),
1278 ('keys/test-inter-der.crt', []),
1279 ('keys/test-third-der.crt', []),
1280 ('geotrust_certs/GeoTrust_Universal_CA.crt', []),
1281 ('geotrust_certs/GeoTrust_Primary_CA.crt', []),
1282 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', []),
1283 ('geotrust_certs/codex.crt', []),
1284 ('lets_encrypt/isrgrootx1.pem', []),
1285 ('lets_encrypt/letsencryptauthorityx1.pem', []),
1286 ('lets_encrypt/letsencryptauthorityx2.pem', []),
1287 ('globalsign_example_keys/IssuingCA-der.cer', []),
1288 ('globalsign_example_keys/rootCA.cer', []),
1289 ('globalsign_example_keys/SSL1.cer', []),
1290 ('globalsign_example_keys/SSL2.cer', []),
1291 ('globalsign_example_keys/SSL3.cer', []),
1292 )
1293
1294 @data('valid_ips_info')
1295 def valid_ips(self, relative_path, crl_url):
1296 cert = self._load_cert(relative_path)
1297 self.assertEqual(crl_url, cert.valid_ips)
wbond8bb77d02015-07-13 17:44:29 -0400[diff] [blame]1298
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]1299 def test_parse_certificate(self):
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1300 cert = self._load_cert('keys/test-der.crt')
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]1301
1302 tbs_certificate = cert['tbs_certificate']
1303 signature = tbs_certificate['signature']
1304 issuer = tbs_certificate['issuer']
1305 validity = tbs_certificate['validity']
1306 subject = tbs_certificate['subject']
1307 subject_public_key_info = tbs_certificate['subject_public_key_info']
1308 subject_public_key_algorithm = subject_public_key_info['algorithm']
1309 subject_public_key = subject_public_key_info['public_key'].parsed
1310 extensions = tbs_certificate['extensions']
1311
1312 self.assertEqual(
1313 'v3',
1314 tbs_certificate['version'].native
1315 )
1316 self.assertEqual(
1317 13683582341504654466,
1318 tbs_certificate['serial_number'].native
1319 )
1320 self.assertEqual(
1321 'sha256_rsa',
1322 signature['algorithm'].native
1323 )
1324 self.assertEqual(
1325 None,
1326 signature['parameters'].native
1327 )
1328 self.assertEqual(
1329 OrderedDict([
1330 ('country_name', 'US'),
1331 ('state_or_province_name', 'Massachusetts'),
1332 ('locality_name', 'Newbury'),
1333 ('organization_name', 'Codex Non Sufficit LC'),
1334 ('organizational_unit_name', 'Testing'),
1335 ('common_name', 'Will Bond'),
1336 ('email_address', 'will@codexns.io'),
1337 ]),
1338 issuer.native
1339 )
1340 self.assertEqual(
1341 datetime(2015, 5, 6, 14, 37, 16, tzinfo=core.timezone.utc),
1342 validity['not_before'].native
1343 )
1344 self.assertEqual(
1345 datetime(2025, 5, 3, 14, 37, 16, tzinfo=core.timezone.utc),
1346 validity['not_after'].native
1347 )
1348 self.assertEqual(
1349 OrderedDict([
1350 ('country_name', 'US'),
1351 ('state_or_province_name', 'Massachusetts'),
1352 ('locality_name', 'Newbury'),
1353 ('organization_name', 'Codex Non Sufficit LC'),
1354 ('organizational_unit_name', 'Testing'),
1355 ('common_name', 'Will Bond'),
1356 ('email_address', 'will@codexns.io'),
1357 ]),
1358 subject.native
1359 )
1360 self.assertEqual(
1361 'rsa',
1362 subject_public_key_algorithm['algorithm'].native
1363 )
1364 self.assertEqual(
1365 None,
1366 subject_public_key_algorithm['parameters'].native
1367 )
1368 self.assertEqual(
1369 23903990516906431865559598284199534387004799030432486061102966678620221767754702651554142956492614440585611990224871381291841413369032752409360196079700921141819811294444393525264295297988924243231844876926173670633422654261873814968313363171188082579071492839040415373948505938897419917635370450127498164824808630475648771544810334682447182123219422360569466851807131368135806769502898151721274383486320505905826683946456552230958810028663378886363555981449715929872558073101554364803925363048965464124465016494920967179276744892632783712377912841537032383450409486298694116013299423220523450956288827030007092359007,
1370 subject_public_key['modulus'].native
1371 )
1372 self.assertEqual(
1373 65537,
1374 subject_public_key['public_exponent'].native
1375 )
1376 self.assertEqual(
1377 None,
1378 tbs_certificate['issuer_unique_id'].native
1379 )
1380 self.assertIsInstance(
1381 tbs_certificate['issuer_unique_id'],
1382 core.NoValue
1383 )
1384 self.assertEqual(
1385 None,
1386 tbs_certificate['subject_unique_id'].native
1387 )
1388 self.assertIsInstance(
1389 tbs_certificate['subject_unique_id'],
1390 core.NoValue
1391 )
1392
1393 self.maxDiff = None
1394 for extension in extensions:
1395 self.assertIsInstance(
1396 extension,
1397 x509.Extension
1398 )
1399 self.assertEqual(
1400 [
1401 OrderedDict([
1402 ('extn_id', 'key_identifier'),
1403 ('critical', False),
1404 ('extn_value', b'\xBE\x42\x85\x3D\xCC\xFF\xE3\xF9\x28\x02\x8F\x7E\x58\x56\xB4\xFD\x03\x5C\xEA\x4B'),
1405 ]),
1406 OrderedDict([
1407 ('extn_id', 'authority_key_identifier'),
1408 ('critical', False),
1409 (
1410 'extn_value',
1411 OrderedDict([
1412 ('key_identifier', b'\xBE\x42\x85\x3D\xCC\xFF\xE3\xF9\x28\x02\x8F\x7E\x58\x56\xB4\xFD\x03\x5C\xEA\x4B'),
1413 (
1414 'authority_cert_issuer',
1415 [
1416 OrderedDict([
1417 ('country_name', 'US'),
1418 ('state_or_province_name', 'Massachusetts'),
1419 ('locality_name', 'Newbury'),
1420 ('organization_name', 'Codex Non Sufficit LC'),
1421 ('organizational_unit_name', 'Testing'),
1422 ('common_name', 'Will Bond'),
1423 ('email_address', 'will@codexns.io'),
1424 ])
1425 ]
1426 ),
1427 ('authority_cert_serial_number', 13683582341504654466),
1428 ])
1429 ),
1430 ]),
1431 OrderedDict([
1432 ('extn_id', 'basic_constraints'),
1433 ('critical', False),
1434 (
1435 'extn_value',
1436 OrderedDict([
1437 ('ca', True),
1438 ('path_len_constraint', None)
1439 ])
1440 ),
1441 ]),
1442 ],
1443 extensions.native
1444 )
1445
1446 def test_parse_dsa_certificate(self):
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1447 cert = self._load_cert('keys/test-dsa-der.crt')
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]1448
1449 tbs_certificate = cert['tbs_certificate']
1450 signature = tbs_certificate['signature']
1451 issuer = tbs_certificate['issuer']
1452 validity = tbs_certificate['validity']
1453 subject = tbs_certificate['subject']
1454 subject_public_key_info = tbs_certificate['subject_public_key_info']
1455 subject_public_key_algorithm = subject_public_key_info['algorithm']
1456 subject_public_key = subject_public_key_info['public_key'].parsed
1457 extensions = tbs_certificate['extensions']
1458
1459 self.assertEqual(
1460 'v3',
1461 tbs_certificate['version'].native
1462 )
1463 self.assertEqual(
1464 14308214745771946523,
1465 tbs_certificate['serial_number'].native
1466 )
1467 self.assertEqual(
1468 'sha256_dsa',
1469 signature['algorithm'].native
1470 )
1471 self.assertEqual(
1472 None,
1473 signature['parameters'].native
1474 )
1475 self.assertEqual(
1476 OrderedDict([
1477 ('country_name', 'US'),
1478 ('state_or_province_name', 'Massachusetts'),
1479 ('locality_name', 'Newbury'),
1480 ('organization_name', 'Codex Non Sufficit LC'),
1481 ('organizational_unit_name', 'Testing'),
1482 ('common_name', 'Will Bond'),
1483 ('email_address', 'will@codexns.io'),
1484 ]),
1485 issuer.native
1486 )
1487 self.assertEqual(
1488 datetime(2015, 5, 20, 13, 9, 2, tzinfo=core.timezone.utc),
1489 validity['not_before'].native
1490 )
1491 self.assertEqual(
1492 datetime(2025, 5, 17, 13, 9, 2, tzinfo=core.timezone.utc),
1493 validity['not_after'].native
1494 )
1495 self.assertEqual(
1496 OrderedDict([
1497 ('country_name', 'US'),
1498 ('state_or_province_name', 'Massachusetts'),
1499 ('locality_name', 'Newbury'),
1500 ('organization_name', 'Codex Non Sufficit LC'),
1501 ('organizational_unit_name', 'Testing'),
1502 ('common_name', 'Will Bond'),
1503 ('email_address', 'will@codexns.io'),
1504 ]),
1505 subject.native
1506 )
1507 self.assertEqual(
1508 'dsa',
1509 subject_public_key_algorithm['algorithm'].native
1510 )
1511 self.assertEqual(
1512 OrderedDict([
1513 ('p', 4511743893397705393934377497936985478231822206263141826261443300639402520800626925517264115785551703273809312112372693877437137848393530691841757974971843334497076835630893064661599193178307024379015589119302113551197423138934242435710226975119594589912289060014025377813473273600967729027125618396732574594753039493158066887433778053086408525146692226448554390096911703556213619406958876388642882534250747780313634767409586007581976273681005928967585750017105562145167146445061803488570714706090280814293902464230717946651489964409785146803791743658888866280873858000476717727810363942159874283767926511678640730707887895260274767195555813448140889391762755466967436731106514029224490921857229134393798015954890071206959203407845438863870686180087606429828973298318856683615900474921310376145478859687052812749087809700610549251964102790514588562086548577933609968589710807989944739877028770343142449461177732058649962678857),
1514 ('q', 71587850165936478337655415373676526523562874562337607790945426056266440596923),
1515 ('g', 761437146067908309288345767887973163494473925243194806582679580640442238588269326525839153095505341738937595419375068472941615006110237832663093084973431440436421580371384720052414080562019831325744042316268714195397974084616335082272743706567701546951285088540646372701485690904535540223121118329044403681933304838754517522024738251994717369464179515923093116622352823578284891812676662979104509631349201801577889230316128523885862472086364717411346341249139971907827526291913249445756671582283459372536334490171231311487207683108274785825764378203622999309355578169139646003751751448501475767709869676880946562283552431757983801739671783678927397420797147373441051876558068212062253171347849380506793433921881336652424898488378657239798694995315456959568806256079056461448199493507273882763491729787817044805150879660784158902456811649964987582162907020243296662602990514615480712948126671999033658064244112238138589732202),
1516 ]),
1517 subject_public_key_algorithm['parameters'].native
1518 )
1519 self.assertEqual(
1520 934231235067929794039535952071098031636053793876274937162425423023735221571983693370780054696865229184537343792766496068557051933738826401423094028670222490622041397241325320965905259541032379046252395145258594355589801644789631904099105867133976990593761395721476198083091062806327384261369876465927159169400428623265291958463077792777155465482611741502621885386691681062128487785344975981628995609792181581218570320181053055516069553767918513262908069925035292416868414952256645902605335068760774106734518308281769128146479819566784704033671969858507248124850451414380441279385481154336362988505436125981975735568289420374790767927084033441728922597082155884801013899630856890463962357814273014111039522903328923758417820349377075487103441305806369234738881875734407495707878637895190993370257589211331043479113328811265005530361001980539377903738453549980082795009589559114091215518866106998956304437954236070776810740036,
1521 subject_public_key.native
1522 )
1523 self.assertEqual(
1524 None,
1525 tbs_certificate['issuer_unique_id'].native
1526 )
1527 self.assertIsInstance(
1528 tbs_certificate['issuer_unique_id'],
1529 core.NoValue
1530 )
1531 self.assertEqual(
1532 None,
1533 tbs_certificate['subject_unique_id'].native
1534 )
1535 self.assertIsInstance(
1536 tbs_certificate['subject_unique_id'],
1537 core.NoValue
1538 )
1539
1540 self.maxDiff = None
1541 for extension in extensions:
1542 self.assertIsInstance(
1543 extension,
1544 x509.Extension
1545 )
1546 self.assertEqual(
1547 [
1548 OrderedDict([
1549 ('extn_id', 'key_identifier'),
1550 ('critical', False),
1551 ('extn_value', b'\x81\xA3\x37\x86\xF9\x99\x28\xF2\x74\x70\x60\x87\xF2\xD3\x7E\x8D\x19\x61\xA8\xBE'),
1552 ]),
1553 OrderedDict([
1554 ('extn_id', 'authority_key_identifier'),
1555 ('critical', False),
1556 (
1557 'extn_value',
1558 OrderedDict([
1559 ('key_identifier', b'\x81\xA3\x37\x86\xF9\x99\x28\xF2\x74\x70\x60\x87\xF2\xD3\x7E\x8D\x19\x61\xA8\xBE'),
1560 ('authority_cert_issuer', None),
1561 ('authority_cert_serial_number', None),
1562 ])
1563 ),
1564 ]),
1565 OrderedDict([
1566 ('extn_id', 'basic_constraints'),
1567 ('critical', False),
1568 (
1569 'extn_value',
1570 OrderedDict([
1571 ('ca', True),
1572 ('path_len_constraint', None)
1573 ])
1574 ),
1575 ]),
1576 ],
1577 extensions.native
1578 )
1579
1580 def test_parse_ec_certificate(self):
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1581 cert = self._load_cert('keys/test-ec-der.crt')
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]1582
1583 tbs_certificate = cert['tbs_certificate']
1584 signature = tbs_certificate['signature']
1585 issuer = tbs_certificate['issuer']
1586 validity = tbs_certificate['validity']
1587 subject = tbs_certificate['subject']
1588 subject_public_key_info = tbs_certificate['subject_public_key_info']
1589 subject_public_key_algorithm = subject_public_key_info['algorithm']
1590 public_key_params = subject_public_key_info['algorithm']['parameters'].chosen
1591 field_id = public_key_params['field_id']
1592 curve = public_key_params['curve']
1593 subject_public_key = subject_public_key_info['public_key'].parsed
1594 extensions = tbs_certificate['extensions']
1595
1596 self.assertEqual(
1597 'v3',
1598 tbs_certificate['version'].native
1599 )
1600 self.assertEqual(
1601 15854128451240978884,
1602 tbs_certificate['serial_number'].native
1603 )
1604 self.assertEqual(
1605 'sha256_ecdsa',
1606 signature['algorithm'].native
1607 )
1608 self.assertEqual(
1609 None,
1610 signature['parameters'].native
1611 )
1612 self.assertEqual(
1613 OrderedDict([
1614 ('country_name', 'US'),
1615 ('state_or_province_name', 'Massachusetts'),
1616 ('locality_name', 'Newbury'),
1617 ('organization_name', 'Codex Non Sufficit LC'),
1618 ('organizational_unit_name', 'Testing'),
1619 ('common_name', 'Will Bond'),
1620 ('email_address', 'will@codexns.io'),
1621 ]),
1622 issuer.native
1623 )
1624 self.assertEqual(
1625 datetime(2015, 5, 20, 12, 56, 46, tzinfo=core.timezone.utc),
1626 validity['not_before'].native
1627 )
1628 self.assertEqual(
1629 datetime(2025, 5, 17, 12, 56, 46, tzinfo=core.timezone.utc),
1630 validity['not_after'].native
1631 )
1632 self.assertEqual(
1633 OrderedDict([
1634 ('country_name', 'US'),
1635 ('state_or_province_name', 'Massachusetts'),
1636 ('locality_name', 'Newbury'),
1637 ('organization_name', 'Codex Non Sufficit LC'),
1638 ('organizational_unit_name', 'Testing'),
1639 ('common_name', 'Will Bond'),
1640 ('email_address', 'will@codexns.io'),
1641 ]),
1642 subject.native
1643 )
1644 self.assertEqual(
wbond680cba12015-07-01 23:53:54 -0400[diff] [blame]1645 'ec',
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]1646 subject_public_key_algorithm['algorithm'].native
1647 )
1648 self.assertEqual(
1649 'ecdpVer1',
1650 public_key_params['version'].native
1651 )
1652 self.assertEqual(
1653 'prime_field',
1654 field_id['field_type'].native
1655 )
1656 self.assertEqual(
1657 115792089210356248762697446949407573530086143415290314195533631308867097853951,
1658 field_id['parameters'].native
1659 )
1660 self.assertEqual(
1661 b'\xFF\xFF\xFF\xFF\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFC',
1662 curve['a'].native
1663 )
1664 self.assertEqual(
1665 b'\x5A\xC6\x35\xD8\xAA\x3A\x93\xE7\xB3\xEB\xBD\x55\x76\x98\x86\xBC\x65\x1D\x06\xB0\xCC\x53\xB0\xF6\x3B\xCE\x3C\x3E\x27\xD2\x60\x4B',
1666 curve['b'].native
1667 )
1668 self.assertEqual(
1669 b'\xC4\x9D\x36\x08\x86\xE7\x04\x93\x6A\x66\x78\xE1\x13\x9D\x26\xB7\x81\x9F\x7E\x90',
1670 curve['seed'].native
1671 )
1672 self.assertEqual(
1673 b'\x04\x6B\x17\xD1\xF2\xE1\x2C\x42\x47\xF8\xBC\xE6\xE5\x63\xA4\x40\xF2\x77\x03\x7D\x81\x2D\xEB\x33\xA0\xF4\xA1\x39\x45\xD8\x98\xC2\x96\x4F\xE3\x42\xE2\xFE\x1A\x7F\x9B\x8E\xE7\xEB\x4A\x7C\x0F\x9E\x16\x2B\xCE\x33\x57\x6B\x31\x5E\xCE\xCB\xB6\x40\x68\x37\xBF\x51\xF5',
1674 public_key_params['base'].native
1675 )
1676 self.assertEqual(
1677 115792089210356248762697446949407573529996955224135760342422259061068512044369,
1678 public_key_params['order'].native
1679 )
1680 self.assertEqual(
1681 1,
1682 public_key_params['cofactor'].native
1683 )
1684 self.assertEqual(
1685 None,
1686 public_key_params['hash'].native
1687 )
1688 self.assertEqual(
1689 b'G\x9f\xcbs$\x1d\xc9\xdd\xd1-\xf1:\x9f\xb7\x04\xde \xd0X\x00\x93T\xf6\x89\xc7/\x87+\xf7\xf9=;4\xed\x9e{\x0e=WB\xdfx\x03\x0b\xcc1\xc6\x03\xd7\x9f`\x01',
1690 subject_public_key.native
1691 )
1692 self.assertEqual(
1693 None,
1694 tbs_certificate['issuer_unique_id'].native
1695 )
1696 self.assertIsInstance(
1697 tbs_certificate['issuer_unique_id'],
1698 core.NoValue
1699 )
1700 self.assertEqual(
1701 None,
1702 tbs_certificate['subject_unique_id'].native
1703 )
1704 self.assertIsInstance(
1705 tbs_certificate['subject_unique_id'],
1706 core.NoValue
1707 )
1708
1709 self.maxDiff = None
1710 for extension in extensions:
1711 self.assertIsInstance(
1712 extension,
1713 x509.Extension
1714 )
1715 self.assertEqual(
1716 [
1717 OrderedDict([
1718 ('extn_id', 'key_identifier'),
1719 ('critical', False),
1720 ('extn_value', b'\x54\xAA\x54\x70\x6C\x34\x1A\x6D\xEB\x5D\x97\xD7\x1E\xFC\xD5\x24\x3C\x8A\x0E\xD7'),
1721 ]),
1722 OrderedDict([
1723 ('extn_id', 'authority_key_identifier'),
1724 ('critical', False),
1725 (
1726 'extn_value',
1727 OrderedDict([
1728 ('key_identifier', b'\x54\xAA\x54\x70\x6C\x34\x1A\x6D\xEB\x5D\x97\xD7\x1E\xFC\xD5\x24\x3C\x8A\x0E\xD7'),
1729 ('authority_cert_issuer', None),
1730 ('authority_cert_serial_number', None),
1731 ])
1732 ),
1733 ]),
1734 OrderedDict([
1735 ('extn_id', 'basic_constraints'),
1736 ('critical', False),
1737 (
1738 'extn_value',
1739 OrderedDict([
1740 ('ca', True),
1741 ('path_len_constraint', None)
1742 ])
1743 ),
1744 ]),
1745 ],
1746 extensions.native
1747 )