Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / asn1crypto / 76ee263891eb723ff44856f1fcc774af0e0f8179 / . / tests / test_x509.py
blob: a6036a7dd1bead224fdee008e1ad5b6c4478d200 [file] [log] [blame]
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]1# coding: utf-8
wbond284814a2015-08-24 09:36:27 -0400[diff] [blame]2from __future__ import unicode_literals, division, absolute_import, print_function
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]3
4import unittest
5import sys
6import os
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]7from datetime import datetime
8
wbonde9142152015-07-30 09:05:19 -0400[diff] [blame]9from asn1crypto import x509, core, pem, util
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]10
wbonda26664f2015-10-07 11:57:35 -0400[diff] [blame]11from .unittest_data import data_decorator, data
wbond9d65e682015-08-24 09:38:56 -0400[diff] [blame]12from ._unittest_compat import patch
13
14patch()
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]15
16if sys.version_info < (3,):
17 byte_cls = str
18else:
19 byte_cls = bytes
20
21
22tests_root = os.path.dirname(__file__)
23fixtures_dir = os.path.join(tests_root, 'fixtures')
24
25
wbonda26664f2015-10-07 11:57:35 -0400[diff] [blame]26@data_decorator
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]27class X509Tests(unittest.TestCase):
28
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]29 def _load_cert(self, relative_path):
30 with open(os.path.join(fixtures_dir, relative_path), 'rb') as f:
31 cert_bytes = f.read()
32 if pem.detect(cert_bytes):
33 _, _, cert_bytes = pem.unarmor(cert_bytes)
34 return x509.Certificate.load(cert_bytes)
wbond8bb77d02015-07-13 17:44:29 -0400[diff] [blame]35
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]36 @staticmethod
wbondd4fc7ea2015-08-31 11:44:11 -0400[diff] [blame]37 def is_valid_domain_ip_info():
38 return (
wbonda26664f2015-10-07 11:57:35 -0400[diff] [blame]39 (
40 'geotrust_certs/codex.crt',
41 'codexns.io',
42 True
43 ),
44 (
45 'geotrust_certs/codex.crt',
46 'dev.codexns.io',
47 True
48 ),
49 (
50 'geotrust_certs/codex.crt',
51 'rc.codexns.io',
52 True
53 ),
54 (
55 'geotrust_certs/codex.crt',
56 'foo.codexns.io',
57 False
58 ),
59 (
60 'geotrust_certs/codex.crt',
61 '1.2.3.4',
62 False
63 ),
64 (
65 'geotrust_certs/codex.crt',
66 '1::1',
67 False
68 ),
wbondd4fc7ea2015-08-31 11:44:11 -0400[diff] [blame]69 )
70
71 @data('is_valid_domain_ip_info')
72 def is_valid_domain_ip(self, cert, domain_ip, result):
73 cert = self._load_cert(cert)
74 self.assertEqual(result, cert.is_valid_domain_ip(domain_ip))
75
wbondd4fc7ea2015-08-31 11:44:11 -0400[diff] [blame]76 @staticmethod
wbondf4645722015-07-22 12:36:37 -0400[diff] [blame]77 def ip_address_info():
78 return (
wbonda26664f2015-10-07 11:57:35 -0400[diff] [blame]79 (
80 '127.0.0.1',
81 b'\x04\x04\x7F\x00\x00\x01'
82 ),
83 (
84 '255.255.255.255',
85 b'\x04\x04\xFF\xFF\xFF\xFF'
86 ),
87 (
88 '127.0.0.1/28',
89 b'\x04\x08\x7F\x00\x00\x01\xFF\xFF\xFF\xF0'
90 ),
91 (
92 '255.255.255.255/0',
93 b'\x04\x08\xFF\xFF\xFF\xFF\x00\x00\x00\x00'
94 ),
95 (
96 'af::ed',
97 b'\x04\x10\x00\xAF\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xED'
98 ),
99 (
100 'af::ed/128',
101 b'\x04\x20\x00\xAF\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
102 b'\xED\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF'
103 ),
104 (
105 'af::ed/0',
106 b'\x04\x20\x00\xAF\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
107 b'\xED\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
108 ),
wbondf4645722015-07-22 12:36:37 -0400[diff] [blame]109 )
110
111 @data('ip_address_info')
112 def ip_address(self, unicode_string, der_bytes):
113 self.assertEqual(der_bytes, x509.IPAddress(unicode_string).dump())
114 self.assertEqual(unicode_string, x509.IPAddress.load(der_bytes).native)
115
wbondf4645722015-07-22 12:36:37 -0400[diff] [blame]116 @staticmethod
wbond35701c92015-08-07 13:45:21 -0400[diff] [blame]117 def compare_dnsname_info():
118 return (
wbonda26664f2015-10-07 11:57:35 -0400[diff] [blame]119 (
120 'google.com',
121 'google.com',
122 True
123 ),
124 (
125 'google.com',
126 'Google.com',
127 True
128 ),
129 (
130 'Bücher.ch',
131 b'\x16\x10xn--bcher-kva.ch',
132 True
133 ),
134 (
135 'google.com',
136 b'\x16\x0AGoogle.com',
137 True
138 ),
139 (
140 'google.com',
141 b'\x16\x09Google.co',
142 False
143 ),
wbond35701c92015-08-07 13:45:21 -0400[diff] [blame]144 )
145
146 @data('compare_dnsname_info')
147 def compare_dnsname(self, domain_one, domain_two, equal):
148 one = x509.DNSName(domain_one)
149 if isinstance(domain_two, byte_cls):
150 two = x509.DNSName.load(domain_two)
151 else:
152 two = x509.DNSName(domain_two)
153 if equal:
154 self.assertEqual(one, two)
155 else:
156 self.assertNotEqual(one, two)
157
wbond35701c92015-08-07 13:45:21 -0400[diff] [blame]158 @staticmethod
159 def compare_uri_info():
160 return (
wbonda26664f2015-10-07 11:57:35 -0400[diff] [blame]161 (
162 'http://google.com',
163 'http://google.com',
164 True
165 ),
166 (
167 'http://google.com/',
168 'http://Google.com',
169 True
170 ),
171 (
172 'http://google.com:80',
173 'http://google.com',
174 True
175 ),
176 (
177 'https://google.com',
178 'https://google.com:443/',
179 True
180 ),
181 (
182 'http://google.com/%41%42%43',
183 'http://google.com/ABC',
184 True
185 ),
186 (
187 'http://google.com/%41%42%43',
188 'http://google.com/abc',
189 False
190 ),
191 (
192 'http://google.com/%41%42%43/',
193 'http://google.com/ABC%2F',
194 False
195 ),
wbond35701c92015-08-07 13:45:21 -0400[diff] [blame]196 )
197
198 @data('compare_uri_info')
199 def compare_uri(self, uri_one, uri_two, equal):
200 one = x509.URI(uri_one)
201 if isinstance(uri_two, byte_cls):
202 two = x509.URI.load(uri_two)
203 else:
204 two = x509.URI(uri_two)
205 if equal:
206 self.assertEqual(one, two)
207 else:
208 self.assertNotEqual(one, two)
209
wbond35701c92015-08-07 13:45:21 -0400[diff] [blame]210 @staticmethod
211 def compare_email_address_info():
212 return (
wbonda26664f2015-10-07 11:57:35 -0400[diff] [blame]213 (
214 'john@google.com',
215 'john@google.com',
216 True
217 ),
218 (
219 'john@google.com',
220 'john@Google.com',
221 True
222 ),
223 (
224 'john@google.com',
225 'John@google.com',
226 False
227 ),
228 (
229 'john@Bücher.ch',
230 b'\x16\x15john@xn--bcher-kva.ch',
231 True
232 ),
233 (
234 'John@Bücher.ch',
235 b'\x16\x15john@xn--bcher-kva.ch',
236 False
237 ),
238 (
239 'john@google.com',
240 b'\x16\x0Fjohn@Google.com',
241 True
242 ),
243 (
244 'john@google.com',
245 b'\x16\x0FJohn@google.com',
246 False
247 ),
248 (
249 'john@google.com',
250 b'\x16\x0Ejohn@Google.co',
251 False
252 ),
wbond35701c92015-08-07 13:45:21 -0400[diff] [blame]253 )
254
255 @data('compare_email_address_info')
256 def compare_email_address(self, email_one, email_two, equal):
257 one = x509.EmailAddress(email_one)
258 if isinstance(email_two, byte_cls):
259 two = x509.EmailAddress.load(email_two)
260 else:
261 two = x509.EmailAddress(email_two)
262 if equal:
263 self.assertEqual(one, two)
264 else:
265 self.assertNotEqual(one, two)
266
wbond35701c92015-08-07 13:45:21 -0400[diff] [blame]267 @staticmethod
268 def compare_ip_address_info():
269 return (
wbonda26664f2015-10-07 11:57:35 -0400[diff] [blame]270 (
271 '127.0.0.1',
272 '127.0.0.1',
273 True
274 ),
275 (
276 '127.0.0.1',
277 '127.0.0.2',
278 False
279 ),
280 (
281 '127.0.0.1',
282 '127.0.0.1/32',
283 False
284 ),
285 (
286 '127.0.0.1/32',
287 b'\x04\x08\x7F\x00\x00\x01\xFF\xFF\xFF\xFF',
288 True
289 ),
290 (
291 '127.0.0.1',
292 b'\x04\x08\x7F\x00\x00\x01\xFF\xFF\xFF\xFF',
293 False
294 ),
wbond35701c92015-08-07 13:45:21 -0400[diff] [blame]295 )
296
297 @data('compare_ip_address_info')
298 def compare_ip_address(self, email_one, email_two, equal):
299 one = x509.IPAddress(email_one)
300 if isinstance(email_two, byte_cls):
301 two = x509.IPAddress.load(email_two)
302 else:
303 two = x509.IPAddress(email_two)
304 if equal:
305 self.assertEqual(one, two)
306 else:
307 self.assertNotEqual(one, two)
308
wbond35701c92015-08-07 13:45:21 -0400[diff] [blame]309 @staticmethod
wbondfd65d602015-07-23 07:16:44 -0400[diff] [blame]310 def compare_name_info():
311 return (
312 (
313 True,
314 x509.Name.build({
315 'common_name': 'Will Bond'
316 }),
317 x509.Name.build({
318 'common_name': 'will bond'
319 })
320 ),
321 (
322 True,
323 x509.Name.build({
324 'common_name': 'Will Bond'
325 }),
326 x509.Name.build({
327 'common_name': 'will\tbond'
328 })
329 ),
330 (
wbond3ce3aec2015-07-27 10:23:19 -0400[diff] [blame]331 True,
332 x509.Name.build({
333 'common_name': 'Will Bond'
334 }),
335 x509.Name.build({
336 'common_name': 'Will Bond \U0001D173\U000E007F'
337 })
338 ),
339 (
wbondfd65d602015-07-23 07:16:44 -0400[diff] [blame]340 False,
341 x509.Name.build({
342 'country_name': 'US',
343 'common_name': 'Will Bond'
344 }),
345 x509.Name.build({
346 'country_name': 'US',
347 'state_or_province_name': 'Massachusetts',
348 'common_name': 'Will Bond'
349 })
350 ),
351 )
352
353 @data('compare_name_info')
354 def compare_name(self, are_equal, general_name_1, general_name_2):
355 if are_equal:
356 self.assertEqual(general_name_1, general_name_2)
357 else:
358 self.assertNotEqual(general_name_1, general_name_2)
359
wbonddb495792015-10-23 11:19:08 -0400[diff] [blame]360 def test_v1_cert(self):
361 cert = self._load_cert('chromium/ndn.ca.crt')
362 tbs_cert = cert['tbs_certificate']
363 self.assertEqual('v1', tbs_cert['version'].native)
364 self.assertEqual(15832340745319036834, tbs_cert['serial_number'].native)
365 self.assertEqual(
366 'Email Address: support@dreamhost.com; Common Name: New Dream Network Certificate Authority; '
367 'Organizational Unit: Security; Organization: New Dream Network, LLC; Locality: Los Angeles; '
368 'State/Province: California; Country: US',
369 tbs_cert['issuer'].human_friendly
370 )
371 self.assertEqual(
372 'Email Address: support@dreamhost.com; Common Name: New Dream Network Certificate Authority; '
373 'Organizational Unit: Security; Organization: New Dream Network, LLC; Locality: Los Angeles; '
374 'State/Province: California; Country: US',
375 tbs_cert['subject'].human_friendly
376 )
377
378 def test_subject_alt_name_variations(self):
379 cert = self._load_cert('chromium/subjectAltName_sanity_check.pem')
380 alt_names = cert.subject_alt_name_value
381 for general_name in alt_names:
382 self.assertIsInstance(general_name, x509.GeneralName)
383 self.assertIsInstance(alt_names[0].chosen, x509.IPAddress)
384 self.assertEqual(alt_names[0].chosen.native, '127.0.0.2')
385 self.assertIsInstance(alt_names[1].chosen, x509.IPAddress)
386 self.assertEqual(alt_names[1].chosen.native, 'fe80::1')
387 self.assertIsInstance(alt_names[2].chosen, x509.DNSName)
388 self.assertEqual(alt_names[2].chosen.native, 'test.example')
389 self.assertIsInstance(alt_names[3].chosen, x509.EmailAddress)
390 self.assertEqual(alt_names[3].chosen.native, 'test@test.example')
391 self.assertIsInstance(alt_names[4].chosen, x509.AnotherName)
392 self.assertEqual(alt_names[4].chosen.native, util.OrderedDict([('type_id', '1.2.3.4'), ('value', 'ignore me')]))
393 self.assertIsInstance(alt_names[5].chosen, x509.Name)
394 self.assertEqual(alt_names[5].chosen.native, util.OrderedDict([('common_name', '127.0.0.3')]))
395
396 def test_punycode_common_name(self):
397 cert = self._load_cert('chromium/punycodetest.pem')
398 self.assertEqual('xn--wgv71a119e.com', cert['tbs_certificate']['subject'].native['common_name'])
399
wbondfd65d602015-07-23 07:16:44 -0400[diff] [blame]400 @staticmethod
wbond1cfca232015-07-20 08:51:58 -0400[diff] [blame]401 def signature_algo_info():
402 return (
wbonda26664f2015-10-07 11:57:35 -0400[diff] [blame]403 (
404 'keys/test-der.crt',
405 'rsassa_pkcs1v15',
406 'sha256'
407 ),
408 (
409 'keys/test-inter-der.crt',
410 'rsassa_pkcs1v15',
411 'sha256'
412 ),
413 (
414 'keys/test-dsa-der.crt',
415 'dsa',
416 'sha256'
417 ),
418 (
419 'keys/test-third-der.crt',
420 'rsassa_pkcs1v15',
421 'sha256'
422 ),
423 (
424 'keys/test-ec-der.crt',
425 'ecdsa',
426 'sha256'
427 ),
wbond1cfca232015-07-20 08:51:58 -0400[diff] [blame]428 )
429
430 @data('signature_algo_info')
431 def signature_algo(self, relative_path, signature_algo, hash_algo):
432 cert = self._load_cert(relative_path)
433 self.assertEqual(signature_algo, cert['signature_algorithm'].signature_algo)
434 self.assertEqual(hash_algo, cert['signature_algorithm'].hash_algo)
435
wbond1cfca232015-07-20 08:51:58 -0400[diff] [blame]436 @staticmethod
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]437 def critical_extensions_info():
438 return (
wbonda26664f2015-10-07 11:57:35 -0400[diff] [blame]439 (
440 'keys/test-der.crt',
441 set()
442 ),
443 (
444 'keys/test-inter-der.crt',
445 set()
446 ),
447 (
448 'keys/test-third-der.crt',
449 set()
450 ),
451 (
452 'geotrust_certs/GeoTrust_Universal_CA.crt',
453 set(['basic_constraints', 'key_usage'])
454 ),
455 (
456 'geotrust_certs/GeoTrust_Primary_CA.crt',
457 set(['basic_constraints', 'key_usage'])
458 ),
459 (
460 'geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt',
461 set(['basic_constraints', 'key_usage'])
462 ),
463 (
464 'geotrust_certs/codex.crt',
465 set(['key_usage'])
466 ),
467 (
468 'lets_encrypt/isrgrootx1.pem',
469 set(['key_usage', 'basic_constraints'])
470 ),
471 (
472 'lets_encrypt/letsencryptauthorityx1.pem',
473 set(['key_usage', 'basic_constraints'])
474 ),
475 (
476 'lets_encrypt/letsencryptauthorityx2.pem',
477 set(['key_usage', 'basic_constraints'])
478 ),
479 (
480 'globalsign_example_keys/IssuingCA-der.cer',
481 set(['basic_constraints', 'key_usage'])
482 ),
483 (
484 'globalsign_example_keys/rootCA.cer',
485 set(['basic_constraints', 'key_usage'])
486 ),
487 (
488 'globalsign_example_keys/SSL1.cer',
489 set(['key_usage', 'extended_key_usage', 'basic_constraints'])
490 ),
491 (
492 'globalsign_example_keys/SSL2.cer',
493 set(['key_usage', 'extended_key_usage', 'basic_constraints'])
494 ),
495 (
496 'globalsign_example_keys/SSL3.cer',
497 set(['key_usage', 'extended_key_usage', 'basic_constraints'])
498 ),
wbond8bb77d02015-07-13 17:44:29 -0400[diff] [blame]499 )
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]500
501 @data('critical_extensions_info')
502 def critical_extensions(self, relative_path, critical_extensions):
503 cert = self._load_cert(relative_path)
504 self.assertEqual(critical_extensions, cert.critical_extensions)
505
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]506 @staticmethod
507 def key_identifier_value_info():
508 return (
wbonda26664f2015-10-07 11:57:35 -0400[diff] [blame]509 (
510 'keys/test-der.crt',
511 b'\xbeB\x85=\xcc\xff\xe3\xf9(\x02\x8f~XV\xb4\xfd\x03\\\xeaK'
512 ),
513 (
514 'keys/test-inter-der.crt',
515 b'\xd2\n\xfd.%\xd1\xb7!\xd7P~\xbb\xa4}\xbf4\xefR^\x02'
516 ),
517 (
518 'keys/test-third-der.crt',
519 b'D8\xe0\xe0&\x85\xbf\x98\x86\xdc\x1b\xe1\x1d\xf520\xbe\xab\xac\r'
520 ),
521 (
522 'geotrust_certs/GeoTrust_Universal_CA.crt',
523 b'\xda\xbb.\xaa\xb0\x0c\xb8\x88&Qt\\m\x03\xd3\xc0\xd8\x8fz\xd6'
524 ),
525 (
526 'geotrust_certs/GeoTrust_Primary_CA.crt',
527 b',\xd5PA\x97\x15\x8b\xf0\x8f6a[J\xfbk\xd9\x99\xc93\x92'
528 ),
529 (
530 'geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt',
531 b'\xde\xcf\\P\xb7\xae\x02\x1f\x15\x17\xaa\x16\xe8\r\xb5(\x9djZ\xf3'
532 ),
533 (
534 'geotrust_certs/codex.crt',
535 None
536 ),
537 (
538 'lets_encrypt/isrgrootx1.pem',
539 b'y\xb4Y\xe6{\xb6\xe5\xe4\x01s\x80\x08\x88\xc8\x1aX\xf6\xe9\x9bn'
540 ),
541 (
542 'lets_encrypt/letsencryptauthorityx1.pem',
543 b'\xa8Jjc\x04}\xdd\xba\xe6\xd19\xb7\xa6Ee\xef\xf3\xa8\xec\xa1'
544 ),
545 (
546 'lets_encrypt/letsencryptauthorityx2.pem',
547 b'\xc5\xb1\xabNL\xb1\xcdd0\x93~\xc1\x84\x99\x05\xab\xe6\x03\xe2%'
548 ),
549 (
550 'globalsign_example_keys/IssuingCA-der.cer',
551 b"'\xf8/\xe9]\xd7\r\xf4\xa8\xea\x87\x99=\xfd\x8e\xb3\x9e@\xd0\x91"
552 ),
553 (
554 'globalsign_example_keys/rootCA.cer',
555 b'd|\\\xe1\xe0`8NH\x9f\x05\xbcUc~?\xaeM\xf7\x1e'
556 ),
557 (
558 'globalsign_example_keys/SSL1.cer',
559 b'\x94a\x04\x92\x04L\xe6\xffh\xa8\x96\xafy\xd2\xf32\x84\xae[\xcf'
560 ),
561 (
562 'globalsign_example_keys/SSL2.cer',
563 b'\xd2\xb7\x15\x7fd0\x07(p\x83\xca(\xfa\x88\x96\xde\x9e\xfc\x8a='
564 ),
565 (
566 'globalsign_example_keys/SSL3.cer',
567 b'G\xde\xa4\xe7\xea`\xe7\xee6\xc8\xf1\xd5\xb0F\x07\x07\x9eBh\xce'
568 ),
wbond8bb77d02015-07-13 17:44:29 -0400[diff] [blame]569 )
wbond8bb77d02015-07-13 17:44:29 -0400[diff] [blame]570
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]571 @data('key_identifier_value_info')
572 def key_identifier_value(self, relative_path, key_identifier_value):
573 cert = self._load_cert(relative_path)
574 value = cert.key_identifier_value
575 self.assertEqual(key_identifier_value, value.native if value else None)
wbond8bb77d02015-07-13 17:44:29 -0400[diff] [blame]576
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]577 @staticmethod
578 def key_usage_value_info():
579 return (
wbonda26664f2015-10-07 11:57:35 -0400[diff] [blame]580 (
581 'keys/test-der.crt',
582 None
583 ),
584 (
585 'keys/test-inter-der.crt',
586 None
587 ),
588 (
589 'keys/test-third-der.crt',
590 None
591 ),
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]592 (
593 'geotrust_certs/GeoTrust_Universal_CA.crt',
wbond407e9e32015-08-24 09:35:28 -0400[diff] [blame]594 set(['digital_signature', 'key_cert_sign', 'crl_sign'])
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]595 ),
596 (
597 'geotrust_certs/GeoTrust_Primary_CA.crt',
wbond407e9e32015-08-24 09:35:28 -0400[diff] [blame]598 set(['key_cert_sign', 'crl_sign'])
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]599 ),
600 (
601 'geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt',
wbond407e9e32015-08-24 09:35:28 -0400[diff] [blame]602 set(['key_cert_sign', 'crl_sign'])
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]603 ),
604 (
605 'geotrust_certs/codex.crt',
wbond407e9e32015-08-24 09:35:28 -0400[diff] [blame]606 set(['digital_signature', 'key_encipherment'])
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]607 ),
608 (
609 'lets_encrypt/isrgrootx1.pem',
wbond407e9e32015-08-24 09:35:28 -0400[diff] [blame]610 set(['key_cert_sign', 'crl_sign'])
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]611 ),
612 (
613 'lets_encrypt/letsencryptauthorityx1.pem',
wbond407e9e32015-08-24 09:35:28 -0400[diff] [blame]614 set(['digital_signature', 'key_cert_sign', 'crl_sign'])
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]615 ),
616 (
617 'lets_encrypt/letsencryptauthorityx2.pem',
wbond407e9e32015-08-24 09:35:28 -0400[diff] [blame]618 set(['digital_signature', 'key_cert_sign', 'crl_sign'])
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]619 ),
620 (
621 'globalsign_example_keys/IssuingCA-der.cer',
wbond407e9e32015-08-24 09:35:28 -0400[diff] [blame]622 set(['key_cert_sign', 'crl_sign'])
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]623 ),
624 (
625 'globalsign_example_keys/rootCA.cer',
wbond407e9e32015-08-24 09:35:28 -0400[diff] [blame]626 set(['key_cert_sign', 'crl_sign'])
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]627 ),
628 (
629 'globalsign_example_keys/SSL1.cer',
wbond407e9e32015-08-24 09:35:28 -0400[diff] [blame]630 set(['digital_signature', 'key_encipherment'])
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]631 ),
632 (
633 'globalsign_example_keys/SSL2.cer',
wbond407e9e32015-08-24 09:35:28 -0400[diff] [blame]634 set(['digital_signature', 'key_encipherment'])
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]635 ),
636 (
637 'globalsign_example_keys/SSL3.cer',
wbond407e9e32015-08-24 09:35:28 -0400[diff] [blame]638 set(['digital_signature', 'key_encipherment'])
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]639 ),
640 )
641
642 @data('key_usage_value_info')
643 def key_usage_value(self, relative_path, key_usage_value):
644 cert = self._load_cert(relative_path)
645 value = cert.key_usage_value
646 self.assertEqual(key_usage_value, value.native if value else None)
647
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]648 @staticmethod
649 def subject_alt_name_value_info():
650 return (
wbonda26664f2015-10-07 11:57:35 -0400[diff] [blame]651 (
652 'keys/test-der.crt',
653 None
654 ),
655 (
656 'keys/test-inter-der.crt',
657 None
658 ),
659 (
660 'keys/test-third-der.crt',
661 None
662 ),
663 (
664 'geotrust_certs/GeoTrust_Universal_CA.crt',
665 None
666 ),
667 (
668 'geotrust_certs/GeoTrust_Primary_CA.crt',
669 None
670 ),
671 (
672 'geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt',
673 [
674 util.OrderedDict([
675 ('common_name', 'SymantecPKI-1-538')
676 ])
677 ]
678 ),
679 (
680 'geotrust_certs/codex.crt',
681 ['dev.codexns.io', 'rc.codexns.io', 'packagecontrol.io', 'wbond.net', 'codexns.io']
682 ),
683 (
684 'lets_encrypt/isrgrootx1.pem',
685 None
686 ),
687 (
688 'lets_encrypt/letsencryptauthorityx1.pem',
689 None
690 ),
691 (
692 'lets_encrypt/letsencryptauthorityx2.pem',
693 None
694 ),
695 (
696 'globalsign_example_keys/IssuingCA-der.cer',
697 None
698 ),
699 (
700 'globalsign_example_keys/rootCA.cer',
701 None
702 ),
703 (
704 'globalsign_example_keys/SSL1.cer',
705 ['anything.example.com']
706 ),
707 (
708 'globalsign_example_keys/SSL2.cer',
709 ['anything.example.com']
710 ),
711 (
712 'globalsign_example_keys/SSL3.cer',
713 None
714 ),
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]715 )
716
717 @data('subject_alt_name_value_info')
718 def subject_alt_name_value(self, relative_path, subject_alt_name_value):
719 cert = self._load_cert(relative_path)
720 value = cert.subject_alt_name_value
721 self.assertEqual(subject_alt_name_value, value.native if value else None)
722
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]723 @staticmethod
724 def basic_constraints_value_info():
725 return (
wbonda26664f2015-10-07 11:57:35 -0400[diff] [blame]726 (
727 'keys/test-der.crt',
728 {'ca': True, 'path_len_constraint': None}
729 ),
730 (
731 'keys/test-inter-der.crt',
732 {'ca': True, 'path_len_constraint': None}
733 ),
734 (
735 'keys/test-third-der.crt',
736 None
737 ),
738 (
739 'geotrust_certs/GeoTrust_Universal_CA.crt',
740 {'ca': True, 'path_len_constraint': None}
741 ),
742 (
743 'geotrust_certs/GeoTrust_Primary_CA.crt',
744 {'ca': True, 'path_len_constraint': None}
745 ),
746 (
747 'geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt',
748 {'ca': True, 'path_len_constraint': 0}
749 ),
750 (
751 'geotrust_certs/codex.crt',
752 {'ca': False, 'path_len_constraint': None}
753 ),
754 (
755 'lets_encrypt/isrgrootx1.pem',
756 {'ca': True, 'path_len_constraint': None}
757 ),
758 (
759 'lets_encrypt/letsencryptauthorityx1.pem',
760 {'ca': True, 'path_len_constraint': 0}
761 ),
762 (
763 'lets_encrypt/letsencryptauthorityx2.pem',
764 {'ca': True, 'path_len_constraint': 0}
765 ),
766 (
767 'globalsign_example_keys/IssuingCA-der.cer',
768 {'ca': True, 'path_len_constraint': None}
769 ),
770 (
771 'globalsign_example_keys/rootCA.cer',
772 {'ca': True, 'path_len_constraint': None}
773 ),
774 (
775 'globalsign_example_keys/SSL1.cer',
776 {'ca': False, 'path_len_constraint': None}
777 ),
778 (
779 'globalsign_example_keys/SSL2.cer',
780 {'ca': False, 'path_len_constraint': None}
781 ),
782 (
783 'globalsign_example_keys/SSL3.cer',
784 {'ca': False, 'path_len_constraint': None}
785 ),
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]786 )
787
788 @data('basic_constraints_value_info')
789 def basic_constraints_value(self, relative_path, basic_constraints_value):
790 cert = self._load_cert(relative_path)
791 value = cert.basic_constraints_value
792 self.assertEqual(basic_constraints_value, value.native if value else None)
793
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]794 @staticmethod
795 def name_constraints_value_info():
796 return (
wbonda26664f2015-10-07 11:57:35 -0400[diff] [blame]797 (
798 'keys/test-der.crt',
799 None
800 ),
801 (
802 'keys/test-inter-der.crt',
803 None
804 ),
805 (
806 'keys/test-third-der.crt',
807 None
808 ),
809 (
810 'geotrust_certs/GeoTrust_Universal_CA.crt',
811 None
812 ),
813 (
814 'geotrust_certs/GeoTrust_Primary_CA.crt',
815 None
816 ),
817 (
818 'geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt',
819 None
820 ),
821 (
822 'geotrust_certs/codex.crt',
823 None
824 ),
825 (
826 'lets_encrypt/isrgrootx1.pem',
827 None
828 ),
829 (
830 'lets_encrypt/letsencryptauthorityx1.pem',
831 None
832 ),
833 (
834 'lets_encrypt/letsencryptauthorityx2.pem',
835 None
836 ),
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]837 (
838 'globalsign_example_keys/IssuingCA-der.cer',
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]839 util.OrderedDict([
wbond8bb77d02015-07-13 17:44:29 -0400[diff] [blame]840 (
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]841 'permitted_subtrees',
wbond8bb77d02015-07-13 17:44:29 -0400[diff] [blame]842 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]843 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]844 ('base', 'onlythis.com'),
845 ('minimum', 0),
846 ('maximum', None)
847 ]),
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]848 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]849 (
850 'base',
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]851 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]852 ('country_name', 'US'),
853 ('state_or_province_name', 'MA'),
854 ('locality_name', 'Boston'),
855 ('organization_name', 'Example LLC')
856 ])
857 ),
858 ('minimum', 0),
859 ('maximum', None)
wbond8bb77d02015-07-13 17:44:29 -0400[diff] [blame]860 ])
861 ]
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]862 ),
863 (
864 'excluded_subtrees',
865 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]866 util.OrderedDict([
wbondf4645722015-07-22 12:36:37 -0400[diff] [blame]867 ('base', '0.0.0.0/0'),
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]868 ('minimum', 0),
869 ('maximum', None)
870 ]),
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]871 util.OrderedDict([
wbondf4645722015-07-22 12:36:37 -0400[diff] [blame]872 ('base', '::/0'),
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]873 ('minimum', 0),
874 ('maximum', None)
875 ])
876 ]
877 ),
wbond8bb77d02015-07-13 17:44:29 -0400[diff] [blame]878 ])
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]879 ),
wbonda26664f2015-10-07 11:57:35 -0400[diff] [blame]880 (
881 'globalsign_example_keys/rootCA.cer',
882 None
883 ),
884 (
885 'globalsign_example_keys/SSL1.cer',
886 None
887 ),
888 (
889 'globalsign_example_keys/SSL2.cer',
890 None
891 ),
892 (
893 'globalsign_example_keys/SSL3.cer',
894 None
895 ),
wbond8bb77d02015-07-13 17:44:29 -0400[diff] [blame]896 )
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]897
898 @data('name_constraints_value_info')
899 def name_constraints_value(self, relative_path, name_constraints_value):
900 cert = self._load_cert(relative_path)
901 value = cert.name_constraints_value
902 self.assertEqual(name_constraints_value, value.native if value else None)
903
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]904 @staticmethod
905 def crl_distribution_points_value_info():
906 return (
wbonda26664f2015-10-07 11:57:35 -0400[diff] [blame]907 (
908 'keys/test-der.crt',
909 None
910 ),
911 (
912 'keys/test-inter-der.crt',
913 None
914 ),
915 (
916 'keys/test-third-der.crt',
917 None
918 ),
919 (
920 'geotrust_certs/GeoTrust_Universal_CA.crt',
921 None
922 ),
923 (
924 'geotrust_certs/GeoTrust_Primary_CA.crt',
925 None
926 ),
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]927 (
928 'geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt',
929 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]930 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]931 ('distribution_point', ['http://g1.symcb.com/GeoTrustPCA.crl']),
932 ('reasons', None),
933 ('crl_issuer', None)
934 ])
935 ]
936 ),
937 (
938 'geotrust_certs/codex.crt',
939 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]940 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]941 ('distribution_point', ['http://gm.symcb.com/gm.crl']),
942 ('reasons', None),
943 ('crl_issuer', None)
944 ])
945 ]
946 ),
wbonda26664f2015-10-07 11:57:35 -0400[diff] [blame]947 (
948 'lets_encrypt/isrgrootx1.pem',
949 None
950 ),
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]951 (
952 'lets_encrypt/letsencryptauthorityx1.pem',
953 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]954 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]955 ('distribution_point', ['http://crl.root-x1.letsencrypt.org']),
956 ('reasons', None),
957 ('crl_issuer', None)
958 ])
959 ]
960 ),
961 (
962 'lets_encrypt/letsencryptauthorityx2.pem',
963 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]964 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]965 ('distribution_point', ['http://crl.root-x1.letsencrypt.org']),
966 ('reasons', None),
967 ('crl_issuer', None)
968 ])
969 ]
970 ),
971 (
972 'globalsign_example_keys/IssuingCA-der.cer',
973 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]974 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]975 ('distribution_point', ['http://crl.globalsign.com/gs/trustrootcatg2.crl']),
976 ('reasons', None),
977 ('crl_issuer', None)
978 ])
979 ]),
980 (
981 'globalsign_example_keys/rootCA.cer',
982 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]983 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]984 ('distribution_point', ['http://crl.globalsign.com/gs/trustrootcatg2.crl']),
985 ('reasons', None),
986 ('crl_issuer', None)
987 ])
988 ]),
wbonda26664f2015-10-07 11:57:35 -0400[diff] [blame]989 (
990 'globalsign_example_keys/SSL1.cer',
991 None
992 ),
993 (
994 'globalsign_example_keys/SSL2.cer',
995 None
996 ),
997 (
998 'globalsign_example_keys/SSL3.cer',
999 None
1000 ),
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1001 )
1002
1003 @data('crl_distribution_points_value_info')
1004 def crl_distribution_points_value(self, relative_path, crl_distribution_points_value):
1005 cert = self._load_cert(relative_path)
1006 value = cert.crl_distribution_points_value
1007 self.assertEqual(crl_distribution_points_value, value.native if value else None)
1008
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1009 @staticmethod
1010 def certificate_policies_value_info():
1011 return (
wbonda26664f2015-10-07 11:57:35 -0400[diff] [blame]1012 (
1013 'keys/test-der.crt',
1014 None
1015 ),
1016 (
1017 'keys/test-inter-der.crt',
1018 None
1019 ),
1020 (
1021 'keys/test-third-der.crt',
1022 None
1023 ),
1024 (
1025 'geotrust_certs/GeoTrust_Universal_CA.crt',
1026 None
1027 ),
1028 (
1029 'geotrust_certs/GeoTrust_Primary_CA.crt',
1030 None
1031 ),
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1032 (
1033 'geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt',
1034 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1035 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1036 ('policy_identifier', 'any_policy'),
1037 (
1038 'policy_qualifiers',
1039 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1040 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1041 ('policy_qualifier_id', 'certification_practice_statement'),
1042 ('qualifier', 'https://www.geotrust.com/resources/cps')
1043 ])
1044 ]
1045 )
1046 ])
1047 ]
1048 ),
1049 (
1050 'geotrust_certs/codex.crt',
1051 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1052 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1053 ('policy_identifier', '1.3.6.1.4.1.14370.1.6'),
1054 (
1055 'policy_qualifiers',
1056 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1057 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1058 ('policy_qualifier_id', 'certification_practice_statement'),
1059 ('qualifier', 'https://www.geotrust.com/resources/repository/legal')
1060 ]),
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1061 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1062 ('policy_qualifier_id', 'user_notice'),
1063 (
1064 'qualifier',
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1065 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1066 ('notice_ref', None),
1067 ('explicit_text', 'https://www.geotrust.com/resources/repository/legal')
1068 ])
1069 )
1070 ])
1071 ]
1072 )
1073 ])
1074 ]
1075 ),
wbonda26664f2015-10-07 11:57:35 -0400[diff] [blame]1076 (
1077 'lets_encrypt/isrgrootx1.pem',
1078 None
1079 ),
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1080 (
1081 'lets_encrypt/letsencryptauthorityx1.pem',
1082 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1083 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1084 ('policy_identifier', '2.23.140.1.2.1'),
1085 ('policy_qualifiers', None)
1086 ]),
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1087 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1088 ('policy_identifier', '1.3.6.1.4.1.44947.1.1.1'),
1089 (
1090 'policy_qualifiers',
1091 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1092 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1093 ('policy_qualifier_id', 'certification_practice_statement'),
1094 ('qualifier', 'http://cps.root-x1.letsencrypt.org')
1095 ])
1096 ]
1097 )
1098 ])
1099 ]
1100 ),
1101 (
1102 'lets_encrypt/letsencryptauthorityx2.pem',
1103 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1104 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1105 ('policy_identifier', '2.23.140.1.2.1'),
1106 ('policy_qualifiers', None)
1107 ]),
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1108 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1109 ('policy_identifier', '1.3.6.1.4.1.44947.1.1.1'),
1110 (
1111 'policy_qualifiers',
1112 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1113 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1114 ('policy_qualifier_id', 'certification_practice_statement'),
1115 ('qualifier', 'http://cps.root-x1.letsencrypt.org')
1116 ])
1117 ]
1118 )
1119 ])
1120 ]
1121 ),
1122 (
1123 'globalsign_example_keys/IssuingCA-der.cer',
1124 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1125 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1126 ('policy_identifier', '1.3.6.1.4.1.4146.1.60'),
1127 (
1128 'policy_qualifiers',
1129 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1130 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1131 ('policy_qualifier_id', 'certification_practice_statement'),
1132 ('qualifier', 'https://www.globalsign.com/repository/')
1133 ])
1134 ]
1135 )
1136 ])
1137 ]
1138 ),
wbonda26664f2015-10-07 11:57:35 -0400[diff] [blame]1139 (
1140 'globalsign_example_keys/rootCA.cer',
1141 None
1142 ),
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1143 (
1144 'globalsign_example_keys/SSL1.cer',
1145 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1146 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1147 ('policy_identifier', '1.3.6.1.4.1.4146.1.60'),
1148 (
1149 'policy_qualifiers',
1150 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1151 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1152 ('policy_qualifier_id', 'certification_practice_statement'),
1153 ('qualifier', 'https://www.globalsign.com/repository/')
1154 ])
1155 ]
1156 )
1157 ])
1158 ]
1159 ),
1160 (
1161 'globalsign_example_keys/SSL2.cer',
1162 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1163 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1164 ('policy_identifier', '1.3.6.1.4.1.4146.1.60'),
1165 (
1166 'policy_qualifiers',
1167 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1168 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1169 ('policy_qualifier_id', 'certification_practice_statement'),
1170 ('qualifier', 'https://www.globalsign.com/repository/')
1171 ])
1172 ]
1173 )
1174 ])
1175 ]
1176 ),
1177 (
1178 'globalsign_example_keys/SSL3.cer',
1179 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1180 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1181 ('policy_identifier', '1.3.6.1.4.1.4146.1.60'),
1182 (
1183 'policy_qualifiers',
1184 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1185 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1186 ('policy_qualifier_id', 'certification_practice_statement'),
1187 ('qualifier', 'https://www.globalsign.com/repository/')
1188 ])
1189 ]
1190 )
1191 ])
1192 ]
1193 ),
1194 )
1195
1196 @data('certificate_policies_value_info')
1197 def certificate_policies_value(self, relative_path, certificate_policies_value):
1198 cert = self._load_cert(relative_path)
1199 value = cert.certificate_policies_value
1200 self.assertEqual(certificate_policies_value, value.native if value else None)
1201
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1202 @staticmethod
1203 def policy_mappings_value_info():
1204 return (
wbonda26664f2015-10-07 11:57:35 -0400[diff] [blame]1205 (
1206 'keys/test-der.crt',
1207 None
1208 ),
1209 (
1210 'keys/test-inter-der.crt',
1211 None
1212 ),
1213 (
1214 'keys/test-third-der.crt',
1215 None
1216 ),
1217 (
1218 'geotrust_certs/GeoTrust_Universal_CA.crt',
1219 None
1220 ),
1221 (
1222 'geotrust_certs/GeoTrust_Primary_CA.crt',
1223 None
1224 ),
1225 (
1226 'geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt',
1227 None
1228 ),
1229 (
1230 'geotrust_certs/codex.crt',
1231 None
1232 ),
1233 (
1234 'lets_encrypt/isrgrootx1.pem',
1235 None
1236 ),
1237 (
1238 'lets_encrypt/letsencryptauthorityx1.pem',
1239 None
1240 ),
1241 (
1242 'lets_encrypt/letsencryptauthorityx2.pem',
1243 None
1244 ),
1245 (
1246 'globalsign_example_keys/IssuingCA-der.cer',
1247 None
1248 ),
1249 (
1250 'globalsign_example_keys/rootCA.cer',
1251 None
1252 ),
1253 (
1254 'globalsign_example_keys/SSL1.cer',
1255 None
1256 ),
1257 (
1258 'globalsign_example_keys/SSL2.cer',
1259 None
1260 ),
1261 (
1262 'globalsign_example_keys/SSL3.cer',
1263 None
1264 ),
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1265 )
1266
1267 @data('policy_mappings_value_info')
1268 def policy_mappings_value(self, relative_path, policy_mappings_value):
1269 cert = self._load_cert(relative_path)
1270 value = cert.policy_mappings_value
1271 self.assertEqual(policy_mappings_value, value.native if value else None)
1272
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1273 @staticmethod
1274 def authority_key_identifier_value_info():
1275 return (
1276 (
1277 'keys/test-der.crt',
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1278 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1279 ('key_identifier', b'\xbeB\x85=\xcc\xff\xe3\xf9(\x02\x8f~XV\xb4\xfd\x03\\\xeaK'),
1280 (
1281 'authority_cert_issuer',
1282 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1283 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1284 ('country_name', 'US'),
1285 ('state_or_province_name', 'Massachusetts'),
1286 ('locality_name', 'Newbury'),
1287 ('organization_name', 'Codex Non Sufficit LC'),
1288 ('organizational_unit_name', 'Testing'),
1289 ('common_name', 'Will Bond'),
1290 ('email_address', 'will@codexns.io')
1291 ])
1292 ]
1293 ),
1294 ('authority_cert_serial_number', 13683582341504654466)
wbond08c60fa2015-07-13 23:02:13 -0400[diff] [blame]1295 ])
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1296 ),
1297 (
1298 'keys/test-inter-der.crt',
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1299 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1300 ('key_identifier', b'\xbeB\x85=\xcc\xff\xe3\xf9(\x02\x8f~XV\xb4\xfd\x03\\\xeaK'),
1301 ('authority_cert_issuer', None),
1302 ('authority_cert_serial_number', None)
1303 ])
1304 ),
1305 (
1306 'keys/test-third-der.crt',
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1307 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1308 ('key_identifier', b'\xd2\n\xfd.%\xd1\xb7!\xd7P~\xbb\xa4}\xbf4\xefR^\x02'),
1309 ('authority_cert_issuer', None),
1310 ('authority_cert_serial_number', None)
1311 ])
1312 ),
1313 (
1314 'geotrust_certs/GeoTrust_Universal_CA.crt',
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1315 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1316 ('key_identifier', b'\xda\xbb.\xaa\xb0\x0c\xb8\x88&Qt\\m\x03\xd3\xc0\xd8\x8fz\xd6'),
1317 ('authority_cert_issuer', None),
1318 ('authority_cert_serial_number', None)
1319 ])
1320 ),
1321 (
1322 'geotrust_certs/GeoTrust_Primary_CA.crt',
1323 None
1324 ),
1325 (
1326 'geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt',
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1327 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1328 ('key_identifier', b',\xd5PA\x97\x15\x8b\xf0\x8f6a[J\xfbk\xd9\x99\xc93\x92'),
1329 ('authority_cert_issuer', None),
1330 ('authority_cert_serial_number', None)
1331 ])
1332 ),
1333 (
1334 'geotrust_certs/codex.crt',
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1335 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1336 ('key_identifier', b'\xde\xcf\\P\xb7\xae\x02\x1f\x15\x17\xaa\x16\xe8\r\xb5(\x9djZ\xf3'),
1337 ('authority_cert_issuer', None),
1338 ('authority_cert_serial_number', None)
1339 ])
1340 ),
1341 (
1342 'lets_encrypt/isrgrootx1.pem',
1343 None
1344 ),
1345 (
1346 'lets_encrypt/letsencryptauthorityx1.pem',
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1347 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1348 ('key_identifier', b'y\xb4Y\xe6{\xb6\xe5\xe4\x01s\x80\x08\x88\xc8\x1aX\xf6\xe9\x9bn'),
1349 ('authority_cert_issuer', None),
1350 ('authority_cert_serial_number', None)
1351 ])
1352 ),
1353 (
1354 'lets_encrypt/letsencryptauthorityx2.pem',
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1355 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1356 ('key_identifier', b'y\xb4Y\xe6{\xb6\xe5\xe4\x01s\x80\x08\x88\xc8\x1aX\xf6\xe9\x9bn'),
1357 ('authority_cert_issuer', None),
1358 ('authority_cert_serial_number', None)
1359 ])
1360 ),
1361 (
1362 'globalsign_example_keys/IssuingCA-der.cer',
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1363 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1364 ('key_identifier', b'd|\\\xe1\xe0`8NH\x9f\x05\xbcUc~?\xaeM\xf7\x1e'),
1365 ('authority_cert_issuer', None),
1366 ('authority_cert_serial_number', None)
1367 ])
1368 ),
1369 (
1370 'globalsign_example_keys/rootCA.cer',
1371 None
1372 ),
1373 (
1374 'globalsign_example_keys/SSL1.cer',
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1375 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1376 ('key_identifier', b"'\xf8/\xe9]\xd7\r\xf4\xa8\xea\x87\x99=\xfd\x8e\xb3\x9e@\xd0\x91"),
1377 ('authority_cert_issuer', None),
1378 ('authority_cert_serial_number', None)
1379 ])
1380 ),
1381 (
1382 'globalsign_example_keys/SSL2.cer',
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1383 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1384 ('key_identifier', b"'\xf8/\xe9]\xd7\r\xf4\xa8\xea\x87\x99=\xfd\x8e\xb3\x9e@\xd0\x91"),
1385 ('authority_cert_issuer', None),
1386 ('authority_cert_serial_number', None)
1387 ])
1388 ),
1389 (
1390 'globalsign_example_keys/SSL3.cer',
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1391 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1392 ('key_identifier', b"'\xf8/\xe9]\xd7\r\xf4\xa8\xea\x87\x99=\xfd\x8e\xb3\x9e@\xd0\x91"),
1393 ('authority_cert_issuer', None),
1394 ('authority_cert_serial_number', None)
1395 ])
1396 ),
wbond08c60fa2015-07-13 23:02:13 -0400[diff] [blame]1397 )
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1398
1399 @data('authority_key_identifier_value_info')
1400 def authority_key_identifier_value(self, relative_path, authority_key_identifier_value):
1401 cert = self._load_cert(relative_path)
1402 value = cert.authority_key_identifier_value
1403 self.assertEqual(authority_key_identifier_value, value.native if value else None)
1404
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1405 @staticmethod
1406 def policy_constraints_value_info():
1407 return (
wbonda26664f2015-10-07 11:57:35 -0400[diff] [blame]1408 (
1409 'keys/test-der.crt',
1410 None
1411 ),
1412 (
1413 'keys/test-inter-der.crt',
1414 None
1415 ),
1416 (
1417 'keys/test-third-der.crt',
1418 None
1419 ),
1420 (
1421 'geotrust_certs/GeoTrust_Universal_CA.crt',
1422 None
1423 ),
1424 (
1425 'geotrust_certs/GeoTrust_Primary_CA.crt',
1426 None
1427 ),
1428 (
1429 'geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt',
1430 None
1431 ),
1432 (
1433 'geotrust_certs/codex.crt',
1434 None
1435 ),
1436 (
1437 'lets_encrypt/isrgrootx1.pem',
1438 None
1439 ),
1440 (
1441 'lets_encrypt/letsencryptauthorityx1.pem',
1442 None
1443 ),
1444 (
1445 'lets_encrypt/letsencryptauthorityx2.pem',
1446 None
1447 ),
1448 (
1449 'globalsign_example_keys/IssuingCA-der.cer',
1450 None
1451 ),
1452 (
1453 'globalsign_example_keys/rootCA.cer',
1454 None
1455 ),
1456 (
1457 'globalsign_example_keys/SSL1.cer',
1458 None
1459 ),
1460 (
1461 'globalsign_example_keys/SSL2.cer',
1462 None
1463 ),
1464 (
1465 'globalsign_example_keys/SSL3.cer',
1466 None
1467 ),
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1468 )
1469
1470 @data('policy_constraints_value_info')
1471 def policy_constraints_value(self, relative_path, policy_constraints_value):
1472 cert = self._load_cert(relative_path)
1473 value = cert.policy_constraints_value
1474 self.assertEqual(policy_constraints_value, value.native if value else None)
1475
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1476 @staticmethod
1477 def extended_key_usage_value_info():
1478 return (
wbonda26664f2015-10-07 11:57:35 -0400[diff] [blame]1479 (
1480 'keys/test-der.crt',
1481 None
1482 ),
1483 (
1484 'keys/test-inter-der.crt',
1485 None
1486 ),
1487 (
1488 'keys/test-third-der.crt',
1489 None
1490 ),
1491 (
1492 'geotrust_certs/GeoTrust_Universal_CA.crt',
1493 None
1494 ),
1495 (
1496 'geotrust_certs/GeoTrust_Primary_CA.crt',
1497 None
1498 ),
1499 (
1500 'geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt',
1501 None
1502 ),
1503 (
1504 'geotrust_certs/codex.crt',
1505 ['server_auth', 'client_auth']),
1506 (
1507 'lets_encrypt/isrgrootx1.pem',
1508 None
1509 ),
1510 (
1511 'lets_encrypt/letsencryptauthorityx1.pem',
1512 None
1513 ),
1514 (
1515 'lets_encrypt/letsencryptauthorityx2.pem',
1516 None
1517 ),
1518 (
1519 'globalsign_example_keys/IssuingCA-der.cer',
1520 None
1521 ),
1522 (
1523 'globalsign_example_keys/rootCA.cer',
1524 None
1525 ),
1526 (
1527 'globalsign_example_keys/SSL1.cer',
1528 ['server_auth', 'client_auth']
1529 ),
1530 (
1531 'globalsign_example_keys/SSL2.cer',
1532 ['server_auth', 'client_auth']
1533 ),
1534 (
1535 'globalsign_example_keys/SSL3.cer',
1536 ['server_auth', 'client_auth']
1537 ),
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1538 )
1539
1540 @data('extended_key_usage_value_info')
1541 def extended_key_usage_value(self, relative_path, extended_key_usage_value):
1542 cert = self._load_cert(relative_path)
1543 value = cert.extended_key_usage_value
1544 self.assertEqual(extended_key_usage_value, value.native if value else None)
1545
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1546 @staticmethod
1547 def authority_information_access_value_info():
1548 return (
wbonda26664f2015-10-07 11:57:35 -0400[diff] [blame]1549 (
1550 'keys/test-der.crt',
1551 None
1552 ),
1553 (
1554 'keys/test-inter-der.crt',
1555 None
1556 ),
1557 (
1558 'keys/test-third-der.crt',
1559 None
1560 ),
1561 (
1562 'geotrust_certs/GeoTrust_Universal_CA.crt',
1563 None
1564 ),
1565 (
1566 'geotrust_certs/GeoTrust_Primary_CA.crt',
1567 None
1568 ),
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1569 (
1570 'geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt',
1571 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1572 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1573 ('access_method', 'ocsp'),
1574 ('access_location', 'http://g2.symcb.com')
1575 ])
1576 ]
1577 ),
1578 (
1579 'geotrust_certs/codex.crt',
1580 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1581 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1582 ('access_method', 'ocsp'),
1583 ('access_location', 'http://gm.symcd.com')
1584 ]),
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1585 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1586 ('access_method', 'ca_issuers'),
1587 ('access_location', 'http://gm.symcb.com/gm.crt')
1588 ]),
1589 ]
1590 ),
wbonda26664f2015-10-07 11:57:35 -0400[diff] [blame]1591 (
1592 'lets_encrypt/isrgrootx1.pem',
1593 None
1594 ),
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1595 (
1596 'lets_encrypt/letsencryptauthorityx1.pem',
1597 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1598 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1599 ('access_method', 'ocsp'),
1600 ('access_location', 'http://ocsp.root-x1.letsencrypt.org/')
1601 ]),
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1602 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1603 ('access_method', 'ca_issuers'),
1604 ('access_location', 'http://cert.root-x1.letsencrypt.org/')
1605 ])
1606 ]
1607 ),
1608 (
1609 'lets_encrypt/letsencryptauthorityx2.pem',
1610 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1611 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1612 ('access_method', 'ocsp'),
1613 ('access_location', 'http://ocsp.root-x1.letsencrypt.org/')
1614 ]),
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1615 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1616 ('access_method', 'ca_issuers'),
1617 ('access_location', 'http://cert.root-x1.letsencrypt.org/')
1618 ])
1619 ]
1620 ),
wbonda26664f2015-10-07 11:57:35 -0400[diff] [blame]1621 (
1622 'globalsign_example_keys/IssuingCA-der.cer',
1623 None
1624 ),
1625 (
1626 'globalsign_example_keys/rootCA.cer',
1627 None
1628 ),
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1629 (
1630 'globalsign_example_keys/SSL1.cer',
1631 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1632 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1633 ('access_method', 'ocsp'),
1634 ('access_location', 'http://ocsp.exampleovca.com/')
1635 ]),
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1636 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1637 ('access_method', 'ca_issuers'),
1638 ('access_location', 'http://secure.globalsign.com/cacert/trustrootcatg2.crt')
1639 ])
1640 ]
1641 ),
1642 (
1643 'globalsign_example_keys/SSL2.cer',
1644 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1645 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1646 ('access_method', 'ocsp'),
1647 ('access_location', 'http://ocsp.exampleovca.com/')
1648 ]),
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1649 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1650 ('access_method', 'ca_issuers'),
1651 ('access_location', 'http://secure.globalsign.com/cacert/trustrootcatg2.crt')
1652 ])
1653 ]
1654 ),
1655 (
1656 'globalsign_example_keys/SSL3.cer',
1657 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1658 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1659 ('access_method', 'ocsp'),
1660 ('access_location', 'http://ocsp.exampleovca.com/')
1661 ]),
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]1662 util.OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1663 ('access_method', 'ca_issuers'),
1664 ('access_location', 'http://secure.globalsign.com/cacert/trustrootcatg2.crt')
1665 ])
1666 ]
1667 ),
1668 )
1669
1670 @data('authority_information_access_value_info')
1671 def authority_information_access_value(self, relative_path, authority_information_access_value):
1672 cert = self._load_cert(relative_path)
1673 value = cert.authority_information_access_value
1674 self.assertEqual(authority_information_access_value, value.native if value else None)
1675
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1676 @staticmethod
1677 def ocsp_no_check_value_info():
1678 return (
wbonda26664f2015-10-07 11:57:35 -0400[diff] [blame]1679 (
1680 'keys/test-der.crt',
1681 None
1682 ),
1683 (
1684 'keys/test-inter-der.crt',
1685 None
1686 ),
1687 (
1688 'keys/test-third-der.crt',
1689 None
1690 ),
1691 (
1692 'geotrust_certs/GeoTrust_Universal_CA.crt',
1693 None
1694 ),
1695 (
1696 'geotrust_certs/GeoTrust_Primary_CA.crt',
1697 None
1698 ),
1699 (
1700 'geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt',
1701 None
1702 ),
1703 (
1704 'geotrust_certs/codex.crt',
1705 None
1706 ),
1707 (
1708 'lets_encrypt/isrgrootx1.pem',
1709 None
1710 ),
1711 (
1712 'lets_encrypt/letsencryptauthorityx1.pem',
1713 None
1714 ),
1715 (
1716 'lets_encrypt/letsencryptauthorityx2.pem',
1717 None
1718 ),
1719 (
1720 'globalsign_example_keys/IssuingCA-der.cer',
1721 None
1722 ),
1723 (
1724 'globalsign_example_keys/rootCA.cer',
1725 None
1726 ),
1727 (
1728 'globalsign_example_keys/SSL1.cer',
1729 None
1730 ),
1731 (
1732 'globalsign_example_keys/SSL2.cer',
1733 None
1734 ),
1735 (
1736 'globalsign_example_keys/SSL3.cer',
1737 None
1738 ),
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1739 )
1740
1741 @data('ocsp_no_check_value_info')
1742 def ocsp_no_check_value(self, relative_path, ocsp_no_check_value):
1743 cert = self._load_cert(relative_path)
1744 value = cert.ocsp_no_check_value
1745 self.assertEqual(ocsp_no_check_value, value.native if value else None)
1746
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1747 @staticmethod
1748 def serial_number_info():
1749 return (
wbonda26664f2015-10-07 11:57:35 -0400[diff] [blame]1750 (
1751 'keys/test-der.crt',
1752 13683582341504654466
1753 ),
1754 (
1755 'keys/test-inter-der.crt',
1756 1590137
1757 ),
1758 (
1759 'keys/test-third-der.crt',
1760 2474902313
1761 ),
1762 (
1763 'geotrust_certs/GeoTrust_Universal_CA.crt',
1764 1
1765 ),
1766 (
1767 'geotrust_certs/GeoTrust_Primary_CA.crt',
1768 32798226551256963324313806436981982369
1769 ),
1770 (
1771 'geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt',
1772 146934555852773531829332059263122711876
1773 ),
1774 (
1775 'geotrust_certs/codex.crt',
1776 130338219198307073574879940486642352162
1777 ),
1778 (
1779 'lets_encrypt/isrgrootx1.pem',
1780 172886928669790476064670243504169061120
1781 ),
1782 (
1783 'lets_encrypt/letsencryptauthorityx1.pem',
1784 307817870430047279283060309415759825539
1785 ),
1786 (
1787 'lets_encrypt/letsencryptauthorityx2.pem',
1788 199666138109676817050168330923544141416
1789 ),
1790 (
1791 'globalsign_example_keys/IssuingCA-der.cer',
1792 43543335419752
1793 ),
1794 (
1795 'globalsign_example_keys/rootCA.cer',
1796 342514332211132
1797 ),
1798 (
1799 'globalsign_example_keys/SSL1.cer',
1800 425155524522
1801 ),
1802 (
1803 'globalsign_example_keys/SSL2.cer',
1804 425155524522
1805 ),
1806 (
1807 'globalsign_example_keys/SSL3.cer',
1808 425155524522
1809 ),
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1810 )
1811
1812 @data('serial_number_info')
1813 def serial_number(self, relative_path, serial_number):
1814 cert = self._load_cert(relative_path)
1815 self.assertEqual(serial_number, cert.serial_number)
1816
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1817 @staticmethod
1818 def key_identifier_info():
1819 return (
wbonda26664f2015-10-07 11:57:35 -0400[diff] [blame]1820 (
1821 'keys/test-der.crt',
1822 b'\xbeB\x85=\xcc\xff\xe3\xf9(\x02\x8f~XV\xb4\xfd\x03\\\xeaK'
1823 ),
1824 (
1825 'keys/test-inter-der.crt',
1826 b'\xd2\n\xfd.%\xd1\xb7!\xd7P~\xbb\xa4}\xbf4\xefR^\x02'
1827 ),
1828 (
1829 'keys/test-third-der.crt',
1830 b'D8\xe0\xe0&\x85\xbf\x98\x86\xdc\x1b\xe1\x1d\xf520\xbe\xab\xac\r'
1831 ),
1832 (
1833 'geotrust_certs/GeoTrust_Universal_CA.crt',
1834 b'\xda\xbb.\xaa\xb0\x0c\xb8\x88&Qt\\m\x03\xd3\xc0\xd8\x8fz\xd6'
1835 ),
1836 (
1837 'geotrust_certs/GeoTrust_Primary_CA.crt',
1838 b',\xd5PA\x97\x15\x8b\xf0\x8f6a[J\xfbk\xd9\x99\xc93\x92'
1839 ),
1840 (
1841 'geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt',
1842 b'\xde\xcf\\P\xb7\xae\x02\x1f\x15\x17\xaa\x16\xe8\r\xb5(\x9djZ\xf3'
1843 ),
1844 (
1845 'geotrust_certs/codex.crt',
1846 None
1847 ),
1848 (
1849 'lets_encrypt/isrgrootx1.pem',
1850 b'y\xb4Y\xe6{\xb6\xe5\xe4\x01s\x80\x08\x88\xc8\x1aX\xf6\xe9\x9bn'
1851 ),
1852 (
1853 'lets_encrypt/letsencryptauthorityx1.pem',
1854 b'\xa8Jjc\x04}\xdd\xba\xe6\xd19\xb7\xa6Ee\xef\xf3\xa8\xec\xa1'
1855 ),
1856 (
1857 'lets_encrypt/letsencryptauthorityx2.pem',
1858 b'\xc5\xb1\xabNL\xb1\xcdd0\x93~\xc1\x84\x99\x05\xab\xe6\x03\xe2%'
1859 ),
1860 (
1861 'globalsign_example_keys/IssuingCA-der.cer',
1862 b"'\xf8/\xe9]\xd7\r\xf4\xa8\xea\x87\x99=\xfd\x8e\xb3\x9e@\xd0\x91"
1863 ),
1864 (
1865 'globalsign_example_keys/rootCA.cer',
1866 b'd|\\\xe1\xe0`8NH\x9f\x05\xbcUc~?\xaeM\xf7\x1e'
1867 ),
1868 (
1869 'globalsign_example_keys/SSL1.cer',
1870 b'\x94a\x04\x92\x04L\xe6\xffh\xa8\x96\xafy\xd2\xf32\x84\xae[\xcf'
1871 ),
1872 (
1873 'globalsign_example_keys/SSL2.cer',
1874 b'\xd2\xb7\x15\x7fd0\x07(p\x83\xca(\xfa\x88\x96\xde\x9e\xfc\x8a='
1875 ),
1876 (
1877 'globalsign_example_keys/SSL3.cer',
1878 b'G\xde\xa4\xe7\xea`\xe7\xee6\xc8\xf1\xd5\xb0F\x07\x07\x9eBh\xce'
1879 ),
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1880 )
1881
1882 @data('key_identifier_info')
1883 def key_identifier(self, relative_path, key_identifier):
1884 cert = self._load_cert(relative_path)
1885 self.assertEqual(key_identifier, cert.key_identifier)
1886
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1887 @staticmethod
1888 def issuer_serial_info():
1889 return (
wbonda26664f2015-10-07 11:57:35 -0400[diff] [blame]1890 (
1891 'keys/test-der.crt',
1892 b'\xdd\x8a\x19x\xae`\x19=\xa7\xf8\x00\xb9\xfbx\xf8\xedu\xb8!\xf8\x8c'
1893 b'\xdb\x1f\x99\'7w\x93\xb4\xa4\'\xa0:13683582341504654466'
1894 ),
1895 (
1896 'keys/test-inter-der.crt',
1897 b'\xdd\x8a\x19x\xae`\x19=\xa7\xf8\x00\xb9\xfbx\xf8\xedu\xb8!\xf8\x8c'
1898 b'\xdb\x1f\x99\'7w\x93\xb4\xa4\'\xa0:1590137'
1899 ),
1900 (
1901 'keys/test-third-der.crt',
1902 b'\xed{\x9b\xbf\x9b\xdbd\xa4\xea\xf2#+H\x96\xcd\x80\x99\xf6\xecCM\x94'
1903 b'\x07\x02\xe2\x18\xf3\x83\x8c8%\x01:2474902313'
1904 ),
1905 (
1906 'geotrust_certs/GeoTrust_Universal_CA.crt',
1907 b'\xa1\x848\xf2\xe5w\xee\xec\xce\xfefJC+\xdf\x97\x7f\xd2Y\xe3\xdc\xa0D7~\x07\xd9\x9dzL@g:1'
1908 ),
1909 (
1910 'geotrust_certs/GeoTrust_Primary_CA.crt',
1911 b'\xdcg\x0c\x80\x03\xb3D\xa0v\xe2\xee\xec\x8b\xd6\x82\x01\xf0\x13\x0cwT'
1912 b'\xb4\x8f\x80\x0eT\x9d\xbf\xbf\xa4\x11\x80:32798226551256963324313806436981982369'
1913 ),
1914 (
1915 'geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt',
1916 b'\xdcg\x0c\x80\x03\xb3D\xa0v\xe2\xee\xec\x8b\xd6\x82\x01\xf0\x13\x0cwT'
1917 b'\xb4\x8f\x80\x0eT\x9d\xbf\xbf\xa4\x11\x80:146934555852773531829332059263122711876'
1918 ),
1919 (
1920 'geotrust_certs/codex.crt',
1921 b'x\x12\xe0\x15\x00d;\xc3\xb9/\xf6\x13\n\xd8\xe2\xddY\xf7\xaf*=C\x01<\x86\xf5\x9f'
1922 b'_\xab;e\xd1:130338219198307073574879940486642352162'
1923 ),
1924 (
1925 'lets_encrypt/isrgrootx1.pem',
1926 b'\xf6\xdb/\xbd\x9d\xd8]\x92Y\xdd\xb3\xc6\xde}{/\xec?>\x0c\xef\x17a\xbc\xbf3 W\x1e'
1927 b'-0\xf8:172886928669790476064670243504169061120'
1928 ),
1929 (
1930 'lets_encrypt/letsencryptauthorityx1.pem',
1931 b'\xf6\xdb/\xbd\x9d\xd8]\x92Y\xdd\xb3\xc6\xde}{/\xec?>\x0c\xef\x17a\xbc\xbf3 W\x1e-'
1932 b'0\xf8:307817870430047279283060309415759825539'
1933 ),
1934 (
1935 'lets_encrypt/letsencryptauthorityx2.pem',
1936 b'\xf6\xdb/\xbd\x9d\xd8]\x92Y\xdd\xb3\xc6\xde}{/\xec?>\x0c\xef\x17a\xbc\xbf3 W\x1e-'
1937 b'0\xf8:199666138109676817050168330923544141416'
1938 ),
1939 (
1940 'globalsign_example_keys/IssuingCA-der.cer',
1941 b'\xd2\xe7\xca\x10\xc1\x91\x92Y^A\x11\xd3Rz\xd5\x93\x19wk\x11\xef\xaa\x9c\xad\x10'
1942 b'\x8ak\x8a\x08-\x0c\xff:43543335419752'
1943 ),
1944 (
1945 'globalsign_example_keys/rootCA.cer',
1946 b'\xd2\xe7\xca\x10\xc1\x91\x92Y^A\x11\xd3Rz\xd5\x93\x19wk\x11\xef\xaa\x9c\xad\x10'
1947 b'\x8ak\x8a\x08-\x0c\xff:342514332211132'
1948 ),
1949 (
1950 'globalsign_example_keys/SSL1.cer',
1951 b'_\xc0S\xb1\xeb}\xe3\x8e\xe4{\xdb\xd7\xe2\xd9}=3\x97|\x0c\x1e\xecz\xcc\x92u\x1f'
1952 b'\xf0\x1d\xbc\x9f\xe4:425155524522'
1953 ),
1954 (
1955 'globalsign_example_keys/SSL2.cer',
1956 b'_\xc0S\xb1\xeb}\xe3\x8e\xe4{\xdb\xd7\xe2\xd9}=3\x97|\x0c\x1e\xecz\xcc\x92u\x1f'
1957 b'\xf0\x1d\xbc\x9f\xe4:425155524522'
1958 ),
1959 (
1960 'globalsign_example_keys/SSL3.cer',
1961 b'_\xc0S\xb1\xeb}\xe3\x8e\xe4{\xdb\xd7\xe2\xd9}=3\x97|\x0c\x1e\xecz\xcc\x92u\x1f'
1962 b'\xf0\x1d\xbc\x9f\xe4:425155524522'
1963 ),
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1964 )
1965
1966 @data('issuer_serial_info')
1967 def issuer_serial(self, relative_path, issuer_serial):
1968 cert = self._load_cert(relative_path)
1969 self.assertEqual(issuer_serial, cert.issuer_serial)
1970
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1971 @staticmethod
1972 def authority_key_identifier_info():
1973 return (
wbonda26664f2015-10-07 11:57:35 -0400[diff] [blame]1974 (
1975 'keys/test-der.crt',
1976 b'\xbeB\x85=\xcc\xff\xe3\xf9(\x02\x8f~XV\xb4\xfd\x03\\\xeaK'
1977 ),
1978 (
1979 'keys/test-inter-der.crt',
1980 b'\xbeB\x85=\xcc\xff\xe3\xf9(\x02\x8f~XV\xb4\xfd\x03\\\xeaK'
1981 ),
1982 (
1983 'keys/test-third-der.crt',
1984 b'\xd2\n\xfd.%\xd1\xb7!\xd7P~\xbb\xa4}\xbf4\xefR^\x02'
1985 ),
1986 (
1987 'geotrust_certs/GeoTrust_Universal_CA.crt',
1988 b'\xda\xbb.\xaa\xb0\x0c\xb8\x88&Qt\\m\x03\xd3\xc0\xd8\x8fz\xd6'
1989 ),
1990 (
1991 'geotrust_certs/GeoTrust_Primary_CA.crt',
1992 None
1993 ),
1994 (
1995 'geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt',
1996 b',\xd5PA\x97\x15\x8b\xf0\x8f6a[J\xfbk\xd9\x99\xc93\x92'
1997 ),
1998 (
1999 'geotrust_certs/codex.crt',
2000 b'\xde\xcf\\P\xb7\xae\x02\x1f\x15\x17\xaa\x16\xe8\r\xb5(\x9djZ\xf3'
2001 ),
2002 (
2003 'lets_encrypt/isrgrootx1.pem',
2004 None
2005 ),
2006 (
2007 'lets_encrypt/letsencryptauthorityx1.pem',
2008 b'y\xb4Y\xe6{\xb6\xe5\xe4\x01s\x80\x08\x88\xc8\x1aX\xf6\xe9\x9bn'
2009 ),
2010 (
2011 'lets_encrypt/letsencryptauthorityx2.pem',
2012 b'y\xb4Y\xe6{\xb6\xe5\xe4\x01s\x80\x08\x88\xc8\x1aX\xf6\xe9\x9bn'
2013 ),
2014 (
2015 'globalsign_example_keys/IssuingCA-der.cer',
2016 b'd|\\\xe1\xe0`8NH\x9f\x05\xbcUc~?\xaeM\xf7\x1e'
2017 ),
2018 (
2019 'globalsign_example_keys/rootCA.cer',
2020 None
2021 ),
2022 (
2023 'globalsign_example_keys/SSL1.cer',
2024 b"'\xf8/\xe9]\xd7\r\xf4\xa8\xea\x87\x99=\xfd\x8e\xb3\x9e@\xd0\x91"
2025 ),
2026 (
2027 'globalsign_example_keys/SSL2.cer',
2028 b"'\xf8/\xe9]\xd7\r\xf4\xa8\xea\x87\x99=\xfd\x8e\xb3\x9e@\xd0\x91"
2029 ),
2030 (
2031 'globalsign_example_keys/SSL3.cer',
2032 b"'\xf8/\xe9]\xd7\r\xf4\xa8\xea\x87\x99=\xfd\x8e\xb3\x9e@\xd0\x91"
2033 ),
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]2034 )
2035
2036 @data('authority_key_identifier_info')
2037 def authority_key_identifier(self, relative_path, authority_key_identifier):
2038 cert = self._load_cert(relative_path)
2039 self.assertEqual(authority_key_identifier, cert.authority_key_identifier)
2040
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]2041 @staticmethod
2042 def authority_issuer_serial_info():
2043 return (
wbonda26664f2015-10-07 11:57:35 -0400[diff] [blame]2044 (
2045 'keys/test-der.crt',
2046 b'\xdd\x8a\x19x\xae`\x19=\xa7\xf8\x00\xb9\xfbx\xf8\xedu\xb8!\xf8\x8c'
2047 b'\xdb\x1f\x99\'7w\x93\xb4\xa4\'\xa0:13683582341504654466'
2048 ),
2049 (
2050 'keys/test-inter-der.crt',
2051 None
2052 ),
2053 (
2054 'keys/test-third-der.crt',
2055 None
2056 ),
2057 (
2058 'geotrust_certs/GeoTrust_Universal_CA.crt',
2059 None
2060 ),
2061 (
2062 'geotrust_certs/GeoTrust_Primary_CA.crt',
2063 None
2064 ),
2065 (
2066 'geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt',
2067 None
2068 ),
2069 (
2070 'geotrust_certs/codex.crt',
2071 None
2072 ),
2073 (
2074 'lets_encrypt/isrgrootx1.pem',
2075 None
2076 ),
2077 (
2078 'lets_encrypt/letsencryptauthorityx1.pem',
2079 None
2080 ),
2081 (
2082 'lets_encrypt/letsencryptauthorityx2.pem',
2083 None
2084 ),
2085 (
2086 'globalsign_example_keys/IssuingCA-der.cer',
2087 None
2088 ),
2089 (
2090 'globalsign_example_keys/rootCA.cer',
2091 None
2092 ),
2093 (
2094 'globalsign_example_keys/SSL1.cer',
2095 None
2096 ),
2097 (
2098 'globalsign_example_keys/SSL2.cer',
2099 None
2100 ),
2101 (
2102 'globalsign_example_keys/SSL3.cer',
2103 None
2104 ),
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]2105 )
2106
2107 @data('authority_issuer_serial_info')
2108 def authority_issuer_serial(self, relative_path, authority_issuer_serial):
2109 cert = self._load_cert(relative_path)
2110 self.assertEqual(authority_issuer_serial, cert.authority_issuer_serial)
2111
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]2112 @staticmethod
2113 def ocsp_urls_info():
2114 return (
wbonda26664f2015-10-07 11:57:35 -0400[diff] [blame]2115 (
2116 'keys/test-der.crt',
2117 []
2118 ),
2119 (
2120 'keys/test-inter-der.crt',
2121 []
2122 ),
2123 (
2124 'keys/test-third-der.crt',
2125 []
2126 ),
2127 (
2128 'geotrust_certs/GeoTrust_Universal_CA.crt',
2129 []
2130 ),
2131 (
2132 'geotrust_certs/GeoTrust_Primary_CA.crt',
2133 []
2134 ),
2135 (
2136 'geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt',
2137 ['http://g2.symcb.com']
2138 ),
2139 (
2140 'geotrust_certs/codex.crt',
2141 ['http://gm.symcd.com']
2142 ),
2143 (
2144 'lets_encrypt/isrgrootx1.pem',
2145 []
2146 ),
2147 (
2148 'lets_encrypt/letsencryptauthorityx1.pem',
2149 ['http://ocsp.root-x1.letsencrypt.org/']
2150 ),
2151 (
2152 'lets_encrypt/letsencryptauthorityx2.pem',
2153 ['http://ocsp.root-x1.letsencrypt.org/']
2154 ),
2155 (
2156 'globalsign_example_keys/IssuingCA-der.cer',
2157 []
2158 ),
2159 (
2160 'globalsign_example_keys/rootCA.cer',
2161 []
2162 ),
2163 (
2164 'globalsign_example_keys/SSL1.cer',
2165 ['http://ocsp.exampleovca.com/']
2166 ),
2167 (
2168 'globalsign_example_keys/SSL2.cer',
2169 ['http://ocsp.exampleovca.com/']
2170 ),
2171 (
2172 'globalsign_example_keys/SSL3.cer',
2173 ['http://ocsp.exampleovca.com/']
2174 ),
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]2175 )
2176
2177 @data('ocsp_urls_info')
2178 def ocsp_urls(self, relative_path, ocsp_url):
2179 cert = self._load_cert(relative_path)
2180 self.assertEqual(ocsp_url, cert.ocsp_urls)
2181
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]2182 @staticmethod
wbond6888bc62015-07-21 15:05:59 -0400[diff] [blame]2183 def crl_distribution_points_info():
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]2184 return (
wbonda26664f2015-10-07 11:57:35 -0400[diff] [blame]2185 (
2186 'keys/test-der.crt',
2187 []
2188 ),
2189 (
2190 'keys/test-inter-der.crt',
2191 []
2192 ),
2193 (
2194 'keys/test-third-der.crt',
2195 []
2196 ),
2197 (
2198 'geotrust_certs/GeoTrust_Universal_CA.crt',
2199 []
2200 ),
2201 (
2202 'geotrust_certs/GeoTrust_Primary_CA.crt',
2203 []
2204 ),
wbond6888bc62015-07-21 15:05:59 -0400[diff] [blame]2205 (
2206 'geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt',
2207 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]2208 util.OrderedDict([
wbond6888bc62015-07-21 15:05:59 -0400[diff] [blame]2209 ('distribution_point', ['http://g1.symcb.com/GeoTrustPCA.crl']),
2210 ('reasons', None),
2211 ('crl_issuer', None)
2212 ])
2213 ]
2214 ),
2215 (
2216 'geotrust_certs/codex.crt',
2217 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]2218 util.OrderedDict([
wbond6888bc62015-07-21 15:05:59 -0400[diff] [blame]2219 ('distribution_point', ['http://gm.symcb.com/gm.crl']),
2220 ('reasons', None),
2221 ('crl_issuer', None)
2222 ])
2223 ]
2224 ),
wbonda26664f2015-10-07 11:57:35 -0400[diff] [blame]2225 (
2226 'lets_encrypt/isrgrootx1.pem',
2227 []
2228 ),
wbond6888bc62015-07-21 15:05:59 -0400[diff] [blame]2229 (
2230 'lets_encrypt/letsencryptauthorityx1.pem',
2231 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]2232 util.OrderedDict([
wbond6888bc62015-07-21 15:05:59 -0400[diff] [blame]2233 ('distribution_point', ['http://crl.root-x1.letsencrypt.org']),
2234 ('reasons', None),
2235 ('crl_issuer', None)
2236 ])
2237 ]
2238 ),
2239 (
2240 'lets_encrypt/letsencryptauthorityx2.pem',
2241 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]2242 util.OrderedDict([
wbond6888bc62015-07-21 15:05:59 -0400[diff] [blame]2243 ('distribution_point', ['http://crl.root-x1.letsencrypt.org']),
2244 ('reasons', None),
2245 ('crl_issuer', None)
2246 ])
2247 ]
2248 ),
2249 (
2250 'globalsign_example_keys/IssuingCA-der.cer',
2251 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]2252 util.OrderedDict([
wbond6888bc62015-07-21 15:05:59 -0400[diff] [blame]2253 ('distribution_point', ['http://crl.globalsign.com/gs/trustrootcatg2.crl']),
2254 ('reasons', None),
2255 ('crl_issuer', None)
2256 ])
2257 ]
2258 ),
2259 (
2260 'globalsign_example_keys/rootCA.cer',
2261 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]2262 util.OrderedDict([
wbond6888bc62015-07-21 15:05:59 -0400[diff] [blame]2263 ('distribution_point', ['http://crl.globalsign.com/gs/trustrootcatg2.crl']),
2264 ('reasons', None),
2265 ('crl_issuer', None)
2266 ])
2267 ]
2268 ),
wbonda26664f2015-10-07 11:57:35 -0400[diff] [blame]2269 (
2270 'globalsign_example_keys/SSL1.cer',
2271 []
2272 ),
2273 (
2274 'globalsign_example_keys/SSL2.cer',
2275 []
2276 ),
2277 (
2278 'globalsign_example_keys/SSL3.cer',
2279 []
2280 ),
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]2281 )
2282
wbond6888bc62015-07-21 15:05:59 -0400[diff] [blame]2283 @data('crl_distribution_points_info')
2284 def crl_distribution_points(self, relative_path, crl_distribution_point):
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]2285 cert = self._load_cert(relative_path)
wbond6888bc62015-07-21 15:05:59 -0400[diff] [blame]2286 points = [point.native for point in cert.crl_distribution_points]
2287 self.assertEqual(crl_distribution_point, points)
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]2288
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]2289 @staticmethod
2290 def valid_domains_info():
2291 return (
wbonda26664f2015-10-07 11:57:35 -0400[diff] [blame]2292 (
2293 'keys/test-der.crt',
2294 []
2295 ),
2296 (
2297 'keys/test-inter-der.crt',
2298 []
2299 ),
2300 (
2301 'keys/test-third-der.crt',
2302 []
2303 ),
2304 (
2305 'geotrust_certs/GeoTrust_Universal_CA.crt',
2306 []
2307 ),
2308 (
2309 'geotrust_certs/GeoTrust_Primary_CA.crt',
2310 []
2311 ),
2312 (
2313 'geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt',
2314 []
2315 ),
2316 (
2317 'geotrust_certs/codex.crt',
2318 ['dev.codexns.io', 'rc.codexns.io', 'packagecontrol.io', 'wbond.net', 'codexns.io']
2319 ),
2320 (
2321 'lets_encrypt/isrgrootx1.pem',
2322 []
2323 ),
2324 (
2325 'lets_encrypt/letsencryptauthorityx1.pem',
2326 []
2327 ),
2328 (
2329 'lets_encrypt/letsencryptauthorityx2.pem',
2330 []
2331 ),
2332 (
2333 'globalsign_example_keys/IssuingCA-der.cer',
2334 []
2335 ),
2336 (
2337 'globalsign_example_keys/rootCA.cer',
2338 []
2339 ),
2340 (
2341 'globalsign_example_keys/SSL1.cer',
2342 ['anything.example.com']
2343 ),
2344 (
2345 'globalsign_example_keys/SSL2.cer',
2346 ['anything.example.com']
2347 ),
2348 (
2349 'globalsign_example_keys/SSL3.cer',
2350 ['*.google.com']
2351 ),
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]2352 )
2353
2354 @data('valid_domains_info')
2355 def valid_domains(self, relative_path, valid_domains):
2356 cert = self._load_cert(relative_path)
2357 self.assertEqual(valid_domains, cert.valid_domains)
2358
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]2359 @staticmethod
2360 def valid_ips_info():
2361 return (
wbonda26664f2015-10-07 11:57:35 -0400[diff] [blame]2362 (
2363 'keys/test-der.crt',
2364 []
2365 ),
2366 (
2367 'keys/test-inter-der.crt',
2368 []
2369 ),
2370 (
2371 'keys/test-third-der.crt',
2372 []
2373 ),
2374 (
2375 'geotrust_certs/GeoTrust_Universal_CA.crt',
2376 []
2377 ),
2378 (
2379 'geotrust_certs/GeoTrust_Primary_CA.crt',
2380 []
2381 ),
2382 (
2383 'geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt',
2384 []
2385 ),
2386 (
2387 'geotrust_certs/codex.crt',
2388 []
2389 ),
2390 (
2391 'lets_encrypt/isrgrootx1.pem',
2392 []
2393 ),
2394 (
2395 'lets_encrypt/letsencryptauthorityx1.pem',
2396 []
2397 ),
2398 (
2399 'lets_encrypt/letsencryptauthorityx2.pem',
2400 []
2401 ),
2402 (
2403 'globalsign_example_keys/IssuingCA-der.cer',
2404 []
2405 ),
2406 (
2407 'globalsign_example_keys/rootCA.cer',
2408 []
2409 ),
2410 (
2411 'globalsign_example_keys/SSL1.cer',
2412 []
2413 ),
2414 (
2415 'globalsign_example_keys/SSL2.cer',
2416 []
2417 ),
2418 (
2419 'globalsign_example_keys/SSL3.cer',
2420 []
2421 ),
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]2422 )
2423
2424 @data('valid_ips_info')
2425 def valid_ips(self, relative_path, crl_url):
2426 cert = self._load_cert(relative_path)
2427 self.assertEqual(crl_url, cert.valid_ips)
wbond8bb77d02015-07-13 17:44:29 -0400[diff] [blame]2428
wbond9a7a0992015-07-23 09:59:06 -0400[diff] [blame]2429 @staticmethod
2430 def self_issued_info():
2431 return (
wbonda26664f2015-10-07 11:57:35 -0400[diff] [blame]2432 (
2433 'keys/test-der.crt',
2434 True
2435 ),
2436 (
2437 'keys/test-inter-der.crt',
2438 False
2439 ),
2440 (
2441 'keys/test-third-der.crt',
2442 False
2443 ),
2444 (
2445 'geotrust_certs/GeoTrust_Universal_CA.crt',
2446 True
2447 ),
2448 (
2449 'geotrust_certs/GeoTrust_Primary_CA.crt',
2450 True
2451 ),
2452 (
2453 'geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt',
2454 False
2455 ),
2456 (
2457 'geotrust_certs/codex.crt',
2458 False
2459 ),
2460 (
2461 'lets_encrypt/isrgrootx1.pem',
2462 True
2463 ),
2464 (
2465 'lets_encrypt/letsencryptauthorityx1.pem',
2466 False
2467 ),
2468 (
2469 'lets_encrypt/letsencryptauthorityx2.pem',
2470 False
2471 ),
2472 (
2473 'globalsign_example_keys/IssuingCA-der.cer',
2474 False
2475 ),
2476 (
2477 'globalsign_example_keys/rootCA.cer',
2478 True
2479 ),
2480 (
2481 'globalsign_example_keys/SSL1.cer',
2482 False
2483 ),
2484 (
2485 'globalsign_example_keys/SSL2.cer',
2486 False
2487 ),
2488 (
2489 'globalsign_example_keys/SSL3.cer',
2490 False
2491 ),
wbond9a7a0992015-07-23 09:59:06 -0400[diff] [blame]2492 )
2493
2494 @data('self_issued_info')
2495 def self_issued(self, relative_path, self_issued):
2496 cert = self._load_cert(relative_path)
2497 self.assertEqual(self_issued, cert.self_issued)
2498
wbond9a7a0992015-07-23 09:59:06 -0400[diff] [blame]2499 @staticmethod
2500 def self_signed_info():
2501 return (
wbonda26664f2015-10-07 11:57:35 -0400[diff] [blame]2502 (
2503 'keys/test-der.crt',
2504 'yes'
2505 ),
2506 (
2507 'keys/test-inter-der.crt',
2508 'no'
2509 ),
2510 (
2511 'keys/test-third-der.crt',
2512 'no'
2513 ),
2514 (
2515 'geotrust_certs/GeoTrust_Universal_CA.crt',
2516 'yes'
2517 ),
2518 (
2519 'geotrust_certs/GeoTrust_Primary_CA.crt',
2520 'yes'
2521 ),
2522 (
2523 'geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt',
2524 'no'
2525 ),
2526 (
2527 'geotrust_certs/codex.crt',
2528 'no'
2529 ),
2530 (
2531 'lets_encrypt/isrgrootx1.pem',
2532 'yes'
2533 ),
2534 (
2535 'lets_encrypt/letsencryptauthorityx1.pem',
2536 'no'
2537 ),
2538 (
2539 'lets_encrypt/letsencryptauthorityx2.pem',
2540 'no'
2541 ),
2542 (
2543 'globalsign_example_keys/IssuingCA-der.cer',
2544 'no'
2545 ),
2546 (
2547 'globalsign_example_keys/rootCA.cer',
2548 'yes'
2549 ),
2550 (
2551 'globalsign_example_keys/SSL1.cer',
2552 'no'
2553 ),
2554 (
2555 'globalsign_example_keys/SSL2.cer',
2556 'no'
2557 ),
2558 (
2559 'globalsign_example_keys/SSL3.cer',
2560 'no'
2561 ),
wbond9a7a0992015-07-23 09:59:06 -0400[diff] [blame]2562 )
2563
2564 @data('self_signed_info')
2565 def self_signed(self, relative_path, self_signed):
2566 cert = self._load_cert(relative_path)
2567 self.assertEqual(self_signed, cert.self_signed)
2568
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]2569 def test_parse_certificate(self):
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]2570 cert = self._load_cert('keys/test-der.crt')
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]2571
2572 tbs_certificate = cert['tbs_certificate']
2573 signature = tbs_certificate['signature']
2574 issuer = tbs_certificate['issuer']
2575 validity = tbs_certificate['validity']
2576 subject = tbs_certificate['subject']
2577 subject_public_key_info = tbs_certificate['subject_public_key_info']
2578 subject_public_key_algorithm = subject_public_key_info['algorithm']
2579 subject_public_key = subject_public_key_info['public_key'].parsed
2580 extensions = tbs_certificate['extensions']
2581
2582 self.assertEqual(
2583 'v3',
2584 tbs_certificate['version'].native
2585 )
2586 self.assertEqual(
2587 13683582341504654466,
2588 tbs_certificate['serial_number'].native
2589 )
2590 self.assertEqual(
2591 'sha256_rsa',
2592 signature['algorithm'].native
2593 )
2594 self.assertEqual(
2595 None,
2596 signature['parameters'].native
2597 )
2598 self.assertEqual(
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]2599 util.OrderedDict([
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]2600 ('country_name', 'US'),
2601 ('state_or_province_name', 'Massachusetts'),
2602 ('locality_name', 'Newbury'),
2603 ('organization_name', 'Codex Non Sufficit LC'),
2604 ('organizational_unit_name', 'Testing'),
2605 ('common_name', 'Will Bond'),
2606 ('email_address', 'will@codexns.io'),
2607 ]),
2608 issuer.native
2609 )
2610 self.assertEqual(
wbonde9142152015-07-30 09:05:19 -0400[diff] [blame]2611 datetime(2015, 5, 6, 14, 37, 16, tzinfo=util.timezone.utc),
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]2612 validity['not_before'].native
2613 )
2614 self.assertEqual(
wbonde9142152015-07-30 09:05:19 -0400[diff] [blame]2615 datetime(2025, 5, 3, 14, 37, 16, tzinfo=util.timezone.utc),
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]2616 validity['not_after'].native
2617 )
2618 self.assertEqual(
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]2619 util.OrderedDict([
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]2620 ('country_name', 'US'),
2621 ('state_or_province_name', 'Massachusetts'),
2622 ('locality_name', 'Newbury'),
2623 ('organization_name', 'Codex Non Sufficit LC'),
2624 ('organizational_unit_name', 'Testing'),
2625 ('common_name', 'Will Bond'),
2626 ('email_address', 'will@codexns.io'),
2627 ]),
2628 subject.native
2629 )
2630 self.assertEqual(
2631 'rsa',
2632 subject_public_key_algorithm['algorithm'].native
2633 )
2634 self.assertEqual(
2635 None,
2636 subject_public_key_algorithm['parameters'].native
2637 )
2638 self.assertEqual(
wbonda26664f2015-10-07 11:57:35 -0400[diff] [blame]2639 23903990516906431865559598284199534387004799030432486061102966678620221767754702651554142956492614440585611990224871381291841413369032752409360196079700921141819811294444393525264295297988924243231844876926173670633422654261873814968313363171188082579071492839040415373948505938897419917635370450127498164824808630475648771544810334682447182123219422360569466851807131368135806769502898151721274383486320505905826683946456552230958810028663378886363555981449715929872558073101554364803925363048965464124465016494920967179276744892632783712377912841537032383450409486298694116013299423220523450956288827030007092359007, # noqa
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]2640 subject_public_key['modulus'].native
2641 )
2642 self.assertEqual(
2643 65537,
2644 subject_public_key['public_exponent'].native
2645 )
2646 self.assertEqual(
2647 None,
2648 tbs_certificate['issuer_unique_id'].native
2649 )
2650 self.assertIsInstance(
2651 tbs_certificate['issuer_unique_id'],
wbond093f9862015-10-22 11:54:37 -0400[diff] [blame]2652 core.Void
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]2653 )
2654 self.assertEqual(
2655 None,
2656 tbs_certificate['subject_unique_id'].native
2657 )
2658 self.assertIsInstance(
2659 tbs_certificate['subject_unique_id'],
wbond093f9862015-10-22 11:54:37 -0400[diff] [blame]2660 core.Void
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]2661 )
2662
2663 self.maxDiff = None
2664 for extension in extensions:
2665 self.assertIsInstance(
2666 extension,
2667 x509.Extension
2668 )
2669 self.assertEqual(
2670 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]2671 util.OrderedDict([
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]2672 ('extn_id', 'key_identifier'),
2673 ('critical', False),
2674 ('extn_value', b'\xBE\x42\x85\x3D\xCC\xFF\xE3\xF9\x28\x02\x8F\x7E\x58\x56\xB4\xFD\x03\x5C\xEA\x4B'),
2675 ]),
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]2676 util.OrderedDict([
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]2677 ('extn_id', 'authority_key_identifier'),
2678 ('critical', False),
2679 (
2680 'extn_value',
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]2681 util.OrderedDict([
wbonda26664f2015-10-07 11:57:35 -0400[diff] [blame]2682 (
2683 'key_identifier',
2684 b'\xBE\x42\x85\x3D\xCC\xFF\xE3\xF9\x28\x02\x8F\x7E\x58\x56\xB4\xFD\x03\x5C\xEA\x4B'
2685 ),
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]2686 (
2687 'authority_cert_issuer',
2688 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]2689 util.OrderedDict([
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]2690 ('country_name', 'US'),
2691 ('state_or_province_name', 'Massachusetts'),
2692 ('locality_name', 'Newbury'),
2693 ('organization_name', 'Codex Non Sufficit LC'),
2694 ('organizational_unit_name', 'Testing'),
2695 ('common_name', 'Will Bond'),
2696 ('email_address', 'will@codexns.io'),
2697 ])
2698 ]
2699 ),
2700 ('authority_cert_serial_number', 13683582341504654466),
2701 ])
2702 ),
2703 ]),
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]2704 util.OrderedDict([
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]2705 ('extn_id', 'basic_constraints'),
2706 ('critical', False),
2707 (
2708 'extn_value',
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]2709 util.OrderedDict([
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]2710 ('ca', True),
2711 ('path_len_constraint', None)
2712 ])
2713 ),
2714 ]),
2715 ],
2716 extensions.native
2717 )
2718
2719 def test_parse_dsa_certificate(self):
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]2720 cert = self._load_cert('keys/test-dsa-der.crt')
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]2721
2722 tbs_certificate = cert['tbs_certificate']
2723 signature = tbs_certificate['signature']
2724 issuer = tbs_certificate['issuer']
2725 validity = tbs_certificate['validity']
2726 subject = tbs_certificate['subject']
2727 subject_public_key_info = tbs_certificate['subject_public_key_info']
2728 subject_public_key_algorithm = subject_public_key_info['algorithm']
2729 subject_public_key = subject_public_key_info['public_key'].parsed
2730 extensions = tbs_certificate['extensions']
2731
2732 self.assertEqual(
2733 'v3',
2734 tbs_certificate['version'].native
2735 )
2736 self.assertEqual(
2737 14308214745771946523,
2738 tbs_certificate['serial_number'].native
2739 )
2740 self.assertEqual(
2741 'sha256_dsa',
2742 signature['algorithm'].native
2743 )
2744 self.assertEqual(
2745 None,
2746 signature['parameters'].native
2747 )
2748 self.assertEqual(
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]2749 util.OrderedDict([
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]2750 ('country_name', 'US'),
2751 ('state_or_province_name', 'Massachusetts'),
2752 ('locality_name', 'Newbury'),
2753 ('organization_name', 'Codex Non Sufficit LC'),
2754 ('organizational_unit_name', 'Testing'),
2755 ('common_name', 'Will Bond'),
2756 ('email_address', 'will@codexns.io'),
2757 ]),
2758 issuer.native
2759 )
2760 self.assertEqual(
wbonde9142152015-07-30 09:05:19 -0400[diff] [blame]2761 datetime(2015, 5, 20, 13, 9, 2, tzinfo=util.timezone.utc),
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]2762 validity['not_before'].native
2763 )
2764 self.assertEqual(
wbonde9142152015-07-30 09:05:19 -0400[diff] [blame]2765 datetime(2025, 5, 17, 13, 9, 2, tzinfo=util.timezone.utc),
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]2766 validity['not_after'].native
2767 )
2768 self.assertEqual(
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]2769 util.OrderedDict([
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]2770 ('country_name', 'US'),
2771 ('state_or_province_name', 'Massachusetts'),
2772 ('locality_name', 'Newbury'),
2773 ('organization_name', 'Codex Non Sufficit LC'),
2774 ('organizational_unit_name', 'Testing'),
2775 ('common_name', 'Will Bond'),
2776 ('email_address', 'will@codexns.io'),
2777 ]),
2778 subject.native
2779 )
2780 self.assertEqual(
2781 'dsa',
2782 subject_public_key_algorithm['algorithm'].native
2783 )
2784 self.assertEqual(
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]2785 util.OrderedDict([
wbonda26664f2015-10-07 11:57:35 -0400[diff] [blame]2786 ('p', 4511743893397705393934377497936985478231822206263141826261443300639402520800626925517264115785551703273809312112372693877437137848393530691841757974971843334497076835630893064661599193178307024379015589119302113551197423138934242435710226975119594589912289060014025377813473273600967729027125618396732574594753039493158066887433778053086408525146692226448554390096911703556213619406958876388642882534250747780313634767409586007581976273681005928967585750017105562145167146445061803488570714706090280814293902464230717946651489964409785146803791743658888866280873858000476717727810363942159874283767926511678640730707887895260274767195555813448140889391762755466967436731106514029224490921857229134393798015954890071206959203407845438863870686180087606429828973298318856683615900474921310376145478859687052812749087809700610549251964102790514588562086548577933609968589710807989944739877028770343142449461177732058649962678857), # noqa
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]2787 ('q', 71587850165936478337655415373676526523562874562337607790945426056266440596923),
wbonda26664f2015-10-07 11:57:35 -0400[diff] [blame]2788 ('g', 761437146067908309288345767887973163494473925243194806582679580640442238588269326525839153095505341738937595419375068472941615006110237832663093084973431440436421580371384720052414080562019831325744042316268714195397974084616335082272743706567701546951285088540646372701485690904535540223121118329044403681933304838754517522024738251994717369464179515923093116622352823578284891812676662979104509631349201801577889230316128523885862472086364717411346341249139971907827526291913249445756671582283459372536334490171231311487207683108274785825764378203622999309355578169139646003751751448501475767709869676880946562283552431757983801739671783678927397420797147373441051876558068212062253171347849380506793433921881336652424898488378657239798694995315456959568806256079056461448199493507273882763491729787817044805150879660784158902456811649964987582162907020243296662602990514615480712948126671999033658064244112238138589732202), # noqa
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]2789 ]),
2790 subject_public_key_algorithm['parameters'].native
2791 )
2792 self.assertEqual(
wbonda26664f2015-10-07 11:57:35 -0400[diff] [blame]2793 934231235067929794039535952071098031636053793876274937162425423023735221571983693370780054696865229184537343792766496068557051933738826401423094028670222490622041397241325320965905259541032379046252395145258594355589801644789631904099105867133976990593761395721476198083091062806327384261369876465927159169400428623265291958463077792777155465482611741502621885386691681062128487785344975981628995609792181581218570320181053055516069553767918513262908069925035292416868414952256645902605335068760774106734518308281769128146479819566784704033671969858507248124850451414380441279385481154336362988505436125981975735568289420374790767927084033441728922597082155884801013899630856890463962357814273014111039522903328923758417820349377075487103441305806369234738881875734407495707878637895190993370257589211331043479113328811265005530361001980539377903738453549980082795009589559114091215518866106998956304437954236070776810740036, # noqa
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]2794 subject_public_key.native
2795 )
2796 self.assertEqual(
2797 None,
2798 tbs_certificate['issuer_unique_id'].native
2799 )
2800 self.assertIsInstance(
2801 tbs_certificate['issuer_unique_id'],
wbond093f9862015-10-22 11:54:37 -0400[diff] [blame]2802 core.Void
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]2803 )
2804 self.assertEqual(
2805 None,
2806 tbs_certificate['subject_unique_id'].native
2807 )
2808 self.assertIsInstance(
2809 tbs_certificate['subject_unique_id'],
wbond093f9862015-10-22 11:54:37 -0400[diff] [blame]2810 core.Void
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]2811 )
2812
2813 self.maxDiff = None
2814 for extension in extensions:
2815 self.assertIsInstance(
2816 extension,
2817 x509.Extension
2818 )
2819 self.assertEqual(
2820 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]2821 util.OrderedDict([
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]2822 ('extn_id', 'key_identifier'),
2823 ('critical', False),
2824 ('extn_value', b'\x81\xA3\x37\x86\xF9\x99\x28\xF2\x74\x70\x60\x87\xF2\xD3\x7E\x8D\x19\x61\xA8\xBE'),
2825 ]),
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]2826 util.OrderedDict([
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]2827 ('extn_id', 'authority_key_identifier'),
2828 ('critical', False),
2829 (
2830 'extn_value',
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]2831 util.OrderedDict([
wbonda26664f2015-10-07 11:57:35 -0400[diff] [blame]2832 (
2833 'key_identifier',
2834 b'\x81\xA3\x37\x86\xF9\x99\x28\xF2\x74\x70\x60\x87\xF2\xD3\x7E\x8D\x19\x61\xA8\xBE'
2835 ),
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]2836 ('authority_cert_issuer', None),
2837 ('authority_cert_serial_number', None),
2838 ])
2839 ),
2840 ]),
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]2841 util.OrderedDict([
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]2842 ('extn_id', 'basic_constraints'),
2843 ('critical', False),
2844 (
2845 'extn_value',
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]2846 util.OrderedDict([
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]2847 ('ca', True),
2848 ('path_len_constraint', None)
2849 ])
2850 ),
2851 ]),
2852 ],
2853 extensions.native
2854 )
2855
wbond0d9d8332015-10-08 11:55:40 -0400[diff] [blame]2856 def test_parse_dsa_certificate_inheritance(self):
2857 cert = self._load_cert('DSAParametersInheritedCACert.crt')
2858
2859 tbs_certificate = cert['tbs_certificate']
2860 signature = tbs_certificate['signature']
2861 issuer = tbs_certificate['issuer']
2862 validity = tbs_certificate['validity']
2863 subject = tbs_certificate['subject']
2864 subject_public_key_info = tbs_certificate['subject_public_key_info']
2865 subject_public_key_algorithm = subject_public_key_info['algorithm']
2866
2867 self.assertEqual(
2868 'v3',
2869 tbs_certificate['version'].native
2870 )
2871 self.assertEqual(
2872 2,
2873 tbs_certificate['serial_number'].native
2874 )
2875 self.assertEqual(
2876 'sha1_dsa',
2877 signature['algorithm'].native
2878 )
2879 self.assertEqual(
2880 None,
2881 signature['parameters'].native
2882 )
2883 self.assertEqual(
2884 util.OrderedDict([
2885 ('country_name', 'US'),
2886 ('organization_name', 'Test Certificates 2011'),
2887 ('common_name', 'DSA CA'),
2888 ]),
2889 issuer.native
2890 )
2891 self.assertEqual(
2892 datetime(2010, 1, 1, 8, 30, tzinfo=util.timezone.utc),
2893 validity['not_before'].native
2894 )
2895 self.assertEqual(
2896 datetime(2030, 12, 31, 8, 30, tzinfo=util.timezone.utc),
2897 validity['not_after'].native
2898 )
2899 self.assertEqual(
2900 util.OrderedDict([
2901 ('country_name', 'US'),
2902 ('organization_name', 'Test Certificates 2011'),
2903 ('common_name', 'DSA Parameters Inherited CA'),
2904 ]),
2905 subject.native
2906 )
2907 self.assertEqual(
2908 'dsa',
2909 subject_public_key_algorithm['algorithm'].native
2910 )
2911 self.assertEqual(
2912 None,
2913 subject_public_key_algorithm['parameters'].native
2914 )
2915 self.assertEqual(
2916 'dsa',
2917 subject_public_key_info.algorithm
2918 )
2919 self.assertEqual(
2920 None,
2921 subject_public_key_info.hash_algo
2922 )
2923
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]2924 def test_parse_ec_certificate(self):
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]2925 cert = self._load_cert('keys/test-ec-der.crt')
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]2926
2927 tbs_certificate = cert['tbs_certificate']
2928 signature = tbs_certificate['signature']
2929 issuer = tbs_certificate['issuer']
2930 validity = tbs_certificate['validity']
2931 subject = tbs_certificate['subject']
2932 subject_public_key_info = tbs_certificate['subject_public_key_info']
2933 subject_public_key_algorithm = subject_public_key_info['algorithm']
2934 public_key_params = subject_public_key_info['algorithm']['parameters'].chosen
2935 field_id = public_key_params['field_id']
2936 curve = public_key_params['curve']
wbonde5a1c6e2015-08-03 07:42:28 -0400[diff] [blame]2937 subject_public_key = subject_public_key_info['public_key']
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]2938 extensions = tbs_certificate['extensions']
2939
2940 self.assertEqual(
2941 'v3',
2942 tbs_certificate['version'].native
2943 )
2944 self.assertEqual(
2945 15854128451240978884,
2946 tbs_certificate['serial_number'].native
2947 )
2948 self.assertEqual(
2949 'sha256_ecdsa',
2950 signature['algorithm'].native
2951 )
2952 self.assertEqual(
2953 None,
2954 signature['parameters'].native
2955 )
2956 self.assertEqual(
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]2957 util.OrderedDict([
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]2958 ('country_name', 'US'),
2959 ('state_or_province_name', 'Massachusetts'),
2960 ('locality_name', 'Newbury'),
2961 ('organization_name', 'Codex Non Sufficit LC'),
2962 ('organizational_unit_name', 'Testing'),
2963 ('common_name', 'Will Bond'),
2964 ('email_address', 'will@codexns.io'),
2965 ]),
2966 issuer.native
2967 )
2968 self.assertEqual(
wbonde9142152015-07-30 09:05:19 -0400[diff] [blame]2969 datetime(2015, 5, 20, 12, 56, 46, tzinfo=util.timezone.utc),
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]2970 validity['not_before'].native
2971 )
2972 self.assertEqual(
wbonde9142152015-07-30 09:05:19 -0400[diff] [blame]2973 datetime(2025, 5, 17, 12, 56, 46, tzinfo=util.timezone.utc),
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]2974 validity['not_after'].native
2975 )
2976 self.assertEqual(
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]2977 util.OrderedDict([
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]2978 ('country_name', 'US'),
2979 ('state_or_province_name', 'Massachusetts'),
2980 ('locality_name', 'Newbury'),
2981 ('organization_name', 'Codex Non Sufficit LC'),
2982 ('organizational_unit_name', 'Testing'),
2983 ('common_name', 'Will Bond'),
2984 ('email_address', 'will@codexns.io'),
2985 ]),
2986 subject.native
2987 )
2988 self.assertEqual(
wbond680cba12015-07-01 23:53:54 -0400[diff] [blame]2989 'ec',
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]2990 subject_public_key_algorithm['algorithm'].native
2991 )
2992 self.assertEqual(
2993 'ecdpVer1',
2994 public_key_params['version'].native
2995 )
2996 self.assertEqual(
2997 'prime_field',
2998 field_id['field_type'].native
2999 )
3000 self.assertEqual(
3001 115792089210356248762697446949407573530086143415290314195533631308867097853951,
3002 field_id['parameters'].native
3003 )
3004 self.assertEqual(
wbonda26664f2015-10-07 11:57:35 -0400[diff] [blame]3005 b'\xFF\xFF\xFF\xFF\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00'
3006 b'\x00\x00\x00\x00\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFC',
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]3007 curve['a'].native
3008 )
3009 self.assertEqual(
wbonda26664f2015-10-07 11:57:35 -0400[diff] [blame]3010 b'\x5A\xC6\x35\xD8\xAA\x3A\x93\xE7\xB3\xEB\xBD\x55\x76\x98\x86\xBC'
3011 b'\x65\x1D\x06\xB0\xCC\x53\xB0\xF6\x3B\xCE\x3C\x3E\x27\xD2\x60\x4B',
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]3012 curve['b'].native
3013 )
3014 self.assertEqual(
3015 b'\xC4\x9D\x36\x08\x86\xE7\x04\x93\x6A\x66\x78\xE1\x13\x9D\x26\xB7\x81\x9F\x7E\x90',
3016 curve['seed'].native
3017 )
3018 self.assertEqual(
wbonda26664f2015-10-07 11:57:35 -0400[diff] [blame]3019 b'\x04\x6B\x17\xD1\xF2\xE1\x2C\x42\x47\xF8\xBC\xE6\xE5\x63\xA4\x40'
3020 b'\xF2\x77\x03\x7D\x81\x2D\xEB\x33\xA0\xF4\xA1\x39\x45\xD8\x98\xC2'
3021 b'\x96\x4F\xE3\x42\xE2\xFE\x1A\x7F\x9B\x8E\xE7\xEB\x4A\x7C\x0F\x9E'
3022 b'\x16\x2B\xCE\x33\x57\x6B\x31\x5E\xCE\xCB\xB6\x40\x68\x37\xBF\x51\xF5',
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]3023 public_key_params['base'].native
3024 )
3025 self.assertEqual(
3026 115792089210356248762697446949407573529996955224135760342422259061068512044369,
3027 public_key_params['order'].native
3028 )
3029 self.assertEqual(
3030 1,
3031 public_key_params['cofactor'].native
3032 )
3033 self.assertEqual(
3034 None,
3035 public_key_params['hash'].native
3036 )
3037 self.assertEqual(
wbonda26664f2015-10-07 11:57:35 -0400[diff] [blame]3038 b'\x04\x8b]Lq\xf7\xd6\xc6\xa3IcB\\G\x9f\xcbs$\x1d\xc9\xdd\xd1-\xf1:\x9f'
3039 b'\xb7\x04\xde \xd0X\x00\x93T\xf6\x89\xc7/\x87+\xf7\xf9=;4\xed\x9e{\x0e'
3040 b'=WB\xdfx\x03\x0b\xcc1\xc6\x03\xd7\x9f`\x01',
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]3041 subject_public_key.native
3042 )
3043 self.assertEqual(
3044 None,
3045 tbs_certificate['issuer_unique_id'].native
3046 )
3047 self.assertIsInstance(
3048 tbs_certificate['issuer_unique_id'],
wbond093f9862015-10-22 11:54:37 -0400[diff] [blame]3049 core.Void
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]3050 )
3051 self.assertEqual(
3052 None,
3053 tbs_certificate['subject_unique_id'].native
3054 )
3055 self.assertIsInstance(
3056 tbs_certificate['subject_unique_id'],
wbond093f9862015-10-22 11:54:37 -0400[diff] [blame]3057 core.Void
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]3058 )
3059
3060 self.maxDiff = None
3061 for extension in extensions:
3062 self.assertIsInstance(
3063 extension,
3064 x509.Extension
3065 )
3066 self.assertEqual(
3067 [
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]3068 util.OrderedDict([
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]3069 ('extn_id', 'key_identifier'),
3070 ('critical', False),
3071 ('extn_value', b'\x54\xAA\x54\x70\x6C\x34\x1A\x6D\xEB\x5D\x97\xD7\x1E\xFC\xD5\x24\x3C\x8A\x0E\xD7'),
3072 ]),
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]3073 util.OrderedDict([
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]3074 ('extn_id', 'authority_key_identifier'),
3075 ('critical', False),
3076 (
3077 'extn_value',
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]3078 util.OrderedDict([
wbonda26664f2015-10-07 11:57:35 -0400[diff] [blame]3079 (
3080 'key_identifier',
3081 b'\x54\xAA\x54\x70\x6C\x34\x1A\x6D\xEB\x5D\x97\xD7\x1E\xFC\xD5\x24\x3C\x8A\x0E\xD7'
3082 ),
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]3083 ('authority_cert_issuer', None),
3084 ('authority_cert_serial_number', None),
3085 ])
3086 ),
3087 ]),
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]3088 util.OrderedDict([
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]3089 ('extn_id', 'basic_constraints'),
3090 ('critical', False),
3091 (
3092 'extn_value',
wbond44b89192015-08-24 09:34:01 -0400[diff] [blame]3093 util.OrderedDict([
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]3094 ('ca', True),
3095 ('path_len_constraint', None)
3096 ])
3097 ),
3098 ]),
3099 ],
3100 extensions.native
3101 )