Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / asn1crypto / 9a7a09921cbd8760cae3fbc7bdb669aa58ffcfa6 / . / tests / test_x509.py
blob: feefbace579843db827b90be0c9a15d1b5470468 [file] [log] [blame]
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]1# coding: utf-8
2from __future__ import unicode_literals
3
4import unittest
5import sys
6import os
7from collections import OrderedDict
8from datetime import datetime
9
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]10from asn1crypto import x509, core, pem
11
12from .unittest_data import DataDecorator, data
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]13
14if sys.version_info < (3,):
15 byte_cls = str
16else:
17 byte_cls = bytes
18
19
20tests_root = os.path.dirname(__file__)
21fixtures_dir = os.path.join(tests_root, 'fixtures')
22
23
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]24@DataDecorator
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]25class X509Tests(unittest.TestCase):
26
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]27 def _load_cert(self, relative_path):
28 with open(os.path.join(fixtures_dir, relative_path), 'rb') as f:
29 cert_bytes = f.read()
30 if pem.detect(cert_bytes):
31 _, _, cert_bytes = pem.unarmor(cert_bytes)
32 return x509.Certificate.load(cert_bytes)
wbond8bb77d02015-07-13 17:44:29 -0400[diff] [blame]33
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]34 #pylint: disable=C0326
35 @staticmethod
wbondf4645722015-07-22 12:36:37 -0400[diff] [blame]36 def ip_address_info():
37 return (
38 ('127.0.0.1', b'\x04\x04\x7F\x00\x00\x01'),
39 ('255.255.255.255', b'\x04\x04\xFF\xFF\xFF\xFF'),
40 ('127.0.0.1/28', b'\x04\x08\x7F\x00\x00\x01\xFF\xFF\xFF\xF0'),
41 ('255.255.255.255/0', b'\x04\x08\xFF\xFF\xFF\xFF\x00\x00\x00\x00'),
42 ('af::ed', b'\x04\x10\x00\xAF\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xED'),
43 ('af::ed/128', b'\x04\x20\x00\xAF\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xED\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF'),
44 ('af::ed/0', b'\x04\x20\x00\xAF\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xED\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'),
45 )
46
47 @data('ip_address_info')
48 def ip_address(self, unicode_string, der_bytes):
49 self.assertEqual(der_bytes, x509.IPAddress(unicode_string).dump())
50 self.assertEqual(unicode_string, x509.IPAddress.load(der_bytes).native)
51
52 #pylint: disable=C0326
53 @staticmethod
wbondfd65d602015-07-23 07:16:44 -0400[diff] [blame]54 def compare_name_info():
55 return (
56 (
57 True,
58 x509.Name.build({
59 'common_name': 'Will Bond'
60 }),
61 x509.Name.build({
62 'common_name': 'will bond'
63 })
64 ),
65 (
66 True,
67 x509.Name.build({
68 'common_name': 'Will Bond'
69 }),
70 x509.Name.build({
71 'common_name': 'will\tbond'
72 })
73 ),
74 (
75 False,
76 x509.Name.build({
77 'country_name': 'US',
78 'common_name': 'Will Bond'
79 }),
80 x509.Name.build({
81 'country_name': 'US',
82 'state_or_province_name': 'Massachusetts',
83 'common_name': 'Will Bond'
84 })
85 ),
86 )
87
88 @data('compare_name_info')
89 def compare_name(self, are_equal, general_name_1, general_name_2):
90 if are_equal:
91 self.assertEqual(general_name_1, general_name_2)
92 else:
93 self.assertNotEqual(general_name_1, general_name_2)
94
95 #pylint: disable=C0326
96 @staticmethod
wbond1cfca232015-07-20 08:51:58 -0400[diff] [blame]97 def signature_algo_info():
98 return (
99 ('keys/test-der.crt', 'rsassa_pkcs1v15', 'sha256'),
100 ('keys/test-inter-der.crt', 'rsassa_pkcs1v15', 'sha256'),
101 ('keys/test-dsa-der.crt', 'dsa', 'sha256'),
102 ('keys/test-third-der.crt', 'rsassa_pkcs1v15', 'sha256'),
103 ('keys/test-ec-der.crt', 'ecdsa', 'sha256'),
104 )
105
106 @data('signature_algo_info')
107 def signature_algo(self, relative_path, signature_algo, hash_algo):
108 cert = self._load_cert(relative_path)
109 self.assertEqual(signature_algo, cert['signature_algorithm'].signature_algo)
110 self.assertEqual(hash_algo, cert['signature_algorithm'].hash_algo)
111
112 #pylint: disable=C0326
113 @staticmethod
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]114 def critical_extensions_info():
115 return (
116 ('keys/test-der.crt', []),
117 ('keys/test-inter-der.crt', []),
118 ('keys/test-third-der.crt', []),
119 ('geotrust_certs/GeoTrust_Universal_CA.crt', ['basic_constraints', 'key_usage']),
120 ('geotrust_certs/GeoTrust_Primary_CA.crt', ['basic_constraints', 'key_usage']),
121 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', ['basic_constraints', 'key_usage']),
122 ('geotrust_certs/codex.crt', ['key_usage']),
123 ('lets_encrypt/isrgrootx1.pem', ['key_usage', 'basic_constraints']),
124 ('lets_encrypt/letsencryptauthorityx1.pem', ['key_usage', 'basic_constraints']),
125 ('lets_encrypt/letsencryptauthorityx2.pem', ['key_usage', 'basic_constraints']),
126 ('globalsign_example_keys/IssuingCA-der.cer', ['basic_constraints', 'key_usage']),
127 ('globalsign_example_keys/rootCA.cer', ['basic_constraints', 'key_usage']),
128 ('globalsign_example_keys/SSL1.cer', ['key_usage', 'extended_key_usage', 'basic_constraints']),
129 ('globalsign_example_keys/SSL2.cer', ['key_usage', 'extended_key_usage', 'basic_constraints']),
130 ('globalsign_example_keys/SSL3.cer', ['key_usage', 'extended_key_usage', 'basic_constraints']),
wbond8bb77d02015-07-13 17:44:29 -0400[diff] [blame]131 )
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]132
133 @data('critical_extensions_info')
134 def critical_extensions(self, relative_path, critical_extensions):
135 cert = self._load_cert(relative_path)
136 self.assertEqual(critical_extensions, cert.critical_extensions)
137
138 #pylint: disable=C0326
139 @staticmethod
140 def key_identifier_value_info():
141 return (
142 ('keys/test-der.crt', b'\xbeB\x85=\xcc\xff\xe3\xf9(\x02\x8f~XV\xb4\xfd\x03\\\xeaK'),
143 ('keys/test-inter-der.crt', b'\xd2\n\xfd.%\xd1\xb7!\xd7P~\xbb\xa4}\xbf4\xefR^\x02'),
144 ('keys/test-third-der.crt', b'D8\xe0\xe0&\x85\xbf\x98\x86\xdc\x1b\xe1\x1d\xf520\xbe\xab\xac\r'),
145 ('geotrust_certs/GeoTrust_Universal_CA.crt', b'\xda\xbb.\xaa\xb0\x0c\xb8\x88&Qt\\m\x03\xd3\xc0\xd8\x8fz\xd6'),
146 ('geotrust_certs/GeoTrust_Primary_CA.crt', b',\xd5PA\x97\x15\x8b\xf0\x8f6a[J\xfbk\xd9\x99\xc93\x92'),
147 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', b'\xde\xcf\\P\xb7\xae\x02\x1f\x15\x17\xaa\x16\xe8\r\xb5(\x9djZ\xf3'),
148 ('geotrust_certs/codex.crt', None),
149 ('lets_encrypt/isrgrootx1.pem', b'y\xb4Y\xe6{\xb6\xe5\xe4\x01s\x80\x08\x88\xc8\x1aX\xf6\xe9\x9bn'),
150 ('lets_encrypt/letsencryptauthorityx1.pem', b'\xa8Jjc\x04}\xdd\xba\xe6\xd19\xb7\xa6Ee\xef\xf3\xa8\xec\xa1'),
151 ('lets_encrypt/letsencryptauthorityx2.pem', b'\xc5\xb1\xabNL\xb1\xcdd0\x93~\xc1\x84\x99\x05\xab\xe6\x03\xe2%'),
152 ('globalsign_example_keys/IssuingCA-der.cer', b"'\xf8/\xe9]\xd7\r\xf4\xa8\xea\x87\x99=\xfd\x8e\xb3\x9e@\xd0\x91"),
153 ('globalsign_example_keys/rootCA.cer', b'd|\\\xe1\xe0`8NH\x9f\x05\xbcUc~?\xaeM\xf7\x1e'),
154 ('globalsign_example_keys/SSL1.cer', b'\x94a\x04\x92\x04L\xe6\xffh\xa8\x96\xafy\xd2\xf32\x84\xae[\xcf'),
155 ('globalsign_example_keys/SSL2.cer', b'\xd2\xb7\x15\x7fd0\x07(p\x83\xca(\xfa\x88\x96\xde\x9e\xfc\x8a='),
156 ('globalsign_example_keys/SSL3.cer', b'G\xde\xa4\xe7\xea`\xe7\xee6\xc8\xf1\xd5\xb0F\x07\x07\x9eBh\xce'),
wbond8bb77d02015-07-13 17:44:29 -0400[diff] [blame]157 )
wbond8bb77d02015-07-13 17:44:29 -0400[diff] [blame]158
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]159 @data('key_identifier_value_info')
160 def key_identifier_value(self, relative_path, key_identifier_value):
161 cert = self._load_cert(relative_path)
162 value = cert.key_identifier_value
163 self.assertEqual(key_identifier_value, value.native if value else None)
wbond8bb77d02015-07-13 17:44:29 -0400[diff] [blame]164
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]165 #pylint: disable=C0326
166 @staticmethod
167 def key_usage_value_info():
168 return (
169 ('keys/test-der.crt', None),
170 ('keys/test-inter-der.crt', None),
171 ('keys/test-third-der.crt', None),
172 (
173 'geotrust_certs/GeoTrust_Universal_CA.crt',
wbond8bb77d02015-07-13 17:44:29 -0400[diff] [blame]174 OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]175 ('digital_signature', True),
176 ('non_repudiation', False),
177 ('key_encipherment', False),
178 ('data_encipherment', False),
179 ('key_agreement', False),
180 ('key_cert_sign', True),
181 ('crl_sign', True),
182 ('encipher_only', False),
183 ('decipher_only', False),
wbond8bb77d02015-07-13 17:44:29 -0400[diff] [blame]184 ])
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]185 ),
186 (
187 'geotrust_certs/GeoTrust_Primary_CA.crt',
wbond8bb77d02015-07-13 17:44:29 -0400[diff] [blame]188 OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]189 ('digital_signature', True),
190 ('non_repudiation', True),
191 ('key_encipherment', False),
192 ('data_encipherment', False),
193 ('key_agreement', False),
194 ('key_cert_sign', False),
195 ('crl_sign', False),
196 ('encipher_only', False),
197 ('decipher_only', False),
wbond8bb77d02015-07-13 17:44:29 -0400[diff] [blame]198 ])
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]199 ),
200 (
201 'geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt',
wbond8bb77d02015-07-13 17:44:29 -0400[diff] [blame]202 OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]203 ('digital_signature', True),
204 ('non_repudiation', True),
205 ('key_encipherment', False),
206 ('data_encipherment', False),
207 ('key_agreement', False),
208 ('key_cert_sign', False),
209 ('crl_sign', False),
210 ('encipher_only', False),
211 ('decipher_only', False),
212 ])
213 ),
214 (
215 'geotrust_certs/codex.crt',
216 OrderedDict([
217 ('digital_signature', True),
218 ('non_repudiation', False),
219 ('key_encipherment', True),
220 ('data_encipherment', False),
221 ('key_agreement', False),
222 ('key_cert_sign', False),
223 ('crl_sign', False),
224 ('encipher_only', False),
225 ('decipher_only', False),
226 ])
227 ),
228 (
229 'lets_encrypt/isrgrootx1.pem',
230 OrderedDict([
231 ('digital_signature', True),
232 ('non_repudiation', True),
233 ('key_encipherment', False),
234 ('data_encipherment', False),
235 ('key_agreement', False),
236 ('key_cert_sign', False),
237 ('crl_sign', False),
238 ('encipher_only', False),
239 ('decipher_only', False),
240 ])
241 ),
242 (
243 'lets_encrypt/letsencryptauthorityx1.pem',
244 OrderedDict([
245 ('digital_signature', True),
246 ('non_repudiation', False),
247 ('key_encipherment', False),
248 ('data_encipherment', False),
249 ('key_agreement', False),
250 ('key_cert_sign', True),
251 ('crl_sign', True),
252 ('encipher_only', False),
253 ('decipher_only', False),
254 ])
255 ),
256 (
257 'lets_encrypt/letsencryptauthorityx2.pem',
258 OrderedDict([
259 ('digital_signature', True),
260 ('non_repudiation', False),
261 ('key_encipherment', False),
262 ('data_encipherment', False),
263 ('key_agreement', False),
264 ('key_cert_sign', True),
265 ('crl_sign', True),
266 ('encipher_only', False),
267 ('decipher_only', False),
268 ])
269 ),
270 (
271 'globalsign_example_keys/IssuingCA-der.cer',
272 OrderedDict([
273 ('digital_signature', True),
274 ('non_repudiation', True),
275 ('key_encipherment', False),
276 ('data_encipherment', False),
277 ('key_agreement', False),
278 ('key_cert_sign', False),
279 ('crl_sign', False),
280 ('encipher_only', False),
281 ('decipher_only', False),
282 ])
283 ),
284 (
285 'globalsign_example_keys/rootCA.cer',
286 OrderedDict([
287 ('digital_signature', True),
288 ('non_repudiation', True),
289 ('key_encipherment', False),
290 ('data_encipherment', False),
291 ('key_agreement', False),
292 ('key_cert_sign', False),
293 ('crl_sign', False),
294 ('encipher_only', False),
295 ('decipher_only', False),
296 ])
297 ),
298 (
299 'globalsign_example_keys/SSL1.cer',
300 OrderedDict([
301 ('digital_signature', True),
302 ('non_repudiation', False),
303 ('key_encipherment', True),
304 ('data_encipherment', False),
305 ('key_agreement', False),
306 ('key_cert_sign', False),
307 ('crl_sign', False),
308 ('encipher_only', False),
309 ('decipher_only', False),
310 ])
311 ),
312 (
313 'globalsign_example_keys/SSL2.cer',
314 OrderedDict([
315 ('digital_signature', True),
316 ('non_repudiation', False),
317 ('key_encipherment', True),
318 ('data_encipherment', False),
319 ('key_agreement', False),
320 ('key_cert_sign', False),
321 ('crl_sign', False),
322 ('encipher_only', False),
323 ('decipher_only', False),
324 ])
325 ),
326 (
327 'globalsign_example_keys/SSL3.cer',
328 OrderedDict([
329 ('digital_signature', True),
330 ('non_repudiation', False),
331 ('key_encipherment', True),
332 ('data_encipherment', False),
333 ('key_agreement', False),
334 ('key_cert_sign', False),
335 ('crl_sign', False),
336 ('encipher_only', False),
337 ('decipher_only', False),
338 ])
339 ),
340 )
341
342 @data('key_usage_value_info')
343 def key_usage_value(self, relative_path, key_usage_value):
344 cert = self._load_cert(relative_path)
345 value = cert.key_usage_value
346 self.assertEqual(key_usage_value, value.native if value else None)
347
348 #pylint: disable=C0326
349 @staticmethod
350 def subject_alt_name_value_info():
351 return (
352 ('keys/test-der.crt', None),
353 ('keys/test-inter-der.crt', None),
354 ('keys/test-third-der.crt', None),
355 ('geotrust_certs/GeoTrust_Universal_CA.crt', None),
356 ('geotrust_certs/GeoTrust_Primary_CA.crt', None),
357 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', [OrderedDict([('common_name', 'SymantecPKI-1-538')])]),
358 ('geotrust_certs/codex.crt', ['dev.codexns.io', 'rc.codexns.io', 'packagecontrol.io', 'wbond.net', 'codexns.io']),
359 ('lets_encrypt/isrgrootx1.pem', None),
360 ('lets_encrypt/letsencryptauthorityx1.pem', None),
361 ('lets_encrypt/letsencryptauthorityx2.pem', None),
362 ('globalsign_example_keys/IssuingCA-der.cer', None),
363 ('globalsign_example_keys/rootCA.cer', None),
364 ('globalsign_example_keys/SSL1.cer', ['anything.example.com']),
365 ('globalsign_example_keys/SSL2.cer', ['anything.example.com']),
366 ('globalsign_example_keys/SSL3.cer', None),
367 )
368
369 @data('subject_alt_name_value_info')
370 def subject_alt_name_value(self, relative_path, subject_alt_name_value):
371 cert = self._load_cert(relative_path)
372 value = cert.subject_alt_name_value
373 self.assertEqual(subject_alt_name_value, value.native if value else None)
374
375 #pylint: disable=C0326
376 @staticmethod
377 def basic_constraints_value_info():
378 return (
379 ('keys/test-der.crt', {'ca': True, 'path_len_constraint': None}),
380 ('keys/test-inter-der.crt', {'ca': True, 'path_len_constraint': None}),
381 ('keys/test-third-der.crt', None),
382 ('geotrust_certs/GeoTrust_Universal_CA.crt', {'ca': True, 'path_len_constraint': None}),
383 ('geotrust_certs/GeoTrust_Primary_CA.crt', {'ca': True, 'path_len_constraint': None}),
384 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', {'ca': True, 'path_len_constraint': 0}),
385 ('geotrust_certs/codex.crt', {'ca': False, 'path_len_constraint': None}),
386 ('lets_encrypt/isrgrootx1.pem', {'ca': True, 'path_len_constraint': None}),
387 ('lets_encrypt/letsencryptauthorityx1.pem', {'ca': True, 'path_len_constraint': 0}),
388 ('lets_encrypt/letsencryptauthorityx2.pem', {'ca': True, 'path_len_constraint': 0}),
389 ('globalsign_example_keys/IssuingCA-der.cer', {'ca': True, 'path_len_constraint': None}),
390 ('globalsign_example_keys/rootCA.cer', {'ca': True, 'path_len_constraint': None}),
391 ('globalsign_example_keys/SSL1.cer', {'ca': False, 'path_len_constraint': None}),
392 ('globalsign_example_keys/SSL2.cer', {'ca': False, 'path_len_constraint': None}),
393 ('globalsign_example_keys/SSL3.cer', {'ca': False, 'path_len_constraint': None}),
394 )
395
396 @data('basic_constraints_value_info')
397 def basic_constraints_value(self, relative_path, basic_constraints_value):
398 cert = self._load_cert(relative_path)
399 value = cert.basic_constraints_value
400 self.assertEqual(basic_constraints_value, value.native if value else None)
401
402 #pylint: disable=C0326
403 @staticmethod
404 def name_constraints_value_info():
405 return (
406 ('keys/test-der.crt', None),
407 ('keys/test-inter-der.crt', None),
408 ('keys/test-third-der.crt', None),
409 ('geotrust_certs/GeoTrust_Universal_CA.crt', None),
410 ('geotrust_certs/GeoTrust_Primary_CA.crt', None),
411 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', None),
412 ('geotrust_certs/codex.crt', None),
413 ('lets_encrypt/isrgrootx1.pem', None),
414 ('lets_encrypt/letsencryptauthorityx1.pem', None),
415 ('lets_encrypt/letsencryptauthorityx2.pem', None),
416 (
417 'globalsign_example_keys/IssuingCA-der.cer',
418 OrderedDict([
wbond8bb77d02015-07-13 17:44:29 -0400[diff] [blame]419 (
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]420 'permitted_subtrees',
wbond8bb77d02015-07-13 17:44:29 -0400[diff] [blame]421 [
422 OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]423 ('base', 'onlythis.com'),
424 ('minimum', 0),
425 ('maximum', None)
426 ]),
427 OrderedDict([
428 (
429 'base',
430 OrderedDict([
431 ('country_name', 'US'),
432 ('state_or_province_name', 'MA'),
433 ('locality_name', 'Boston'),
434 ('organization_name', 'Example LLC')
435 ])
436 ),
437 ('minimum', 0),
438 ('maximum', None)
wbond8bb77d02015-07-13 17:44:29 -0400[diff] [blame]439 ])
440 ]
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]441 ),
442 (
443 'excluded_subtrees',
444 [
445 OrderedDict([
wbondf4645722015-07-22 12:36:37 -0400[diff] [blame]446 ('base', '0.0.0.0/0'),
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]447 ('minimum', 0),
448 ('maximum', None)
449 ]),
450 OrderedDict([
wbondf4645722015-07-22 12:36:37 -0400[diff] [blame]451 ('base', '::/0'),
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]452 ('minimum', 0),
453 ('maximum', None)
454 ])
455 ]
456 ),
wbond8bb77d02015-07-13 17:44:29 -0400[diff] [blame]457 ])
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]458 ),
459 ('globalsign_example_keys/rootCA.cer', None),
460 ('globalsign_example_keys/SSL1.cer', None),
461 ('globalsign_example_keys/SSL2.cer', None),
462 ('globalsign_example_keys/SSL3.cer', None),
wbond8bb77d02015-07-13 17:44:29 -0400[diff] [blame]463 )
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]464
465 @data('name_constraints_value_info')
466 def name_constraints_value(self, relative_path, name_constraints_value):
467 cert = self._load_cert(relative_path)
468 value = cert.name_constraints_value
469 self.assertEqual(name_constraints_value, value.native if value else None)
470
471 #pylint: disable=C0326
472 @staticmethod
473 def crl_distribution_points_value_info():
474 return (
475 ('keys/test-der.crt', None),
476 ('keys/test-inter-der.crt', None),
477 ('keys/test-third-der.crt', None),
478 ('geotrust_certs/GeoTrust_Universal_CA.crt', None),
479 ('geotrust_certs/GeoTrust_Primary_CA.crt', None),
480 (
481 'geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt',
482 [
483 OrderedDict([
484 ('distribution_point', ['http://g1.symcb.com/GeoTrustPCA.crl']),
485 ('reasons', None),
486 ('crl_issuer', None)
487 ])
488 ]
489 ),
490 (
491 'geotrust_certs/codex.crt',
492 [
493 OrderedDict([
494 ('distribution_point', ['http://gm.symcb.com/gm.crl']),
495 ('reasons', None),
496 ('crl_issuer', None)
497 ])
498 ]
499 ),
500 ('lets_encrypt/isrgrootx1.pem', None),
501 (
502 'lets_encrypt/letsencryptauthorityx1.pem',
503 [
504 OrderedDict([
505 ('distribution_point', ['http://crl.root-x1.letsencrypt.org']),
506 ('reasons', None),
507 ('crl_issuer', None)
508 ])
509 ]
510 ),
511 (
512 'lets_encrypt/letsencryptauthorityx2.pem',
513 [
514 OrderedDict([
515 ('distribution_point', ['http://crl.root-x1.letsencrypt.org']),
516 ('reasons', None),
517 ('crl_issuer', None)
518 ])
519 ]
520 ),
521 (
522 'globalsign_example_keys/IssuingCA-der.cer',
523 [
524 OrderedDict([
525 ('distribution_point', ['http://crl.globalsign.com/gs/trustrootcatg2.crl']),
526 ('reasons', None),
527 ('crl_issuer', None)
528 ])
529 ]),
530 (
531 'globalsign_example_keys/rootCA.cer',
532 [
533 OrderedDict([
534 ('distribution_point', ['http://crl.globalsign.com/gs/trustrootcatg2.crl']),
535 ('reasons', None),
536 ('crl_issuer', None)
537 ])
538 ]),
539 ('globalsign_example_keys/SSL1.cer', None),
540 ('globalsign_example_keys/SSL2.cer', None),
541 ('globalsign_example_keys/SSL3.cer', None),
542 )
543
544 @data('crl_distribution_points_value_info')
545 def crl_distribution_points_value(self, relative_path, crl_distribution_points_value):
546 cert = self._load_cert(relative_path)
547 value = cert.crl_distribution_points_value
548 self.assertEqual(crl_distribution_points_value, value.native if value else None)
549
550 #pylint: disable=C0326
551 @staticmethod
552 def certificate_policies_value_info():
553 return (
554 ('keys/test-der.crt', None),
555 ('keys/test-inter-der.crt', None),
556 ('keys/test-third-der.crt', None),
557 ('geotrust_certs/GeoTrust_Universal_CA.crt', None),
558 ('geotrust_certs/GeoTrust_Primary_CA.crt', None),
559 (
560 'geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt',
561 [
562 OrderedDict([
563 ('policy_identifier', 'any_policy'),
564 (
565 'policy_qualifiers',
566 [
567 OrderedDict([
568 ('policy_qualifier_id', 'certification_practice_statement'),
569 ('qualifier', 'https://www.geotrust.com/resources/cps')
570 ])
571 ]
572 )
573 ])
574 ]
575 ),
576 (
577 'geotrust_certs/codex.crt',
578 [
579 OrderedDict([
580 ('policy_identifier', '1.3.6.1.4.1.14370.1.6'),
581 (
582 'policy_qualifiers',
583 [
584 OrderedDict([
585 ('policy_qualifier_id', 'certification_practice_statement'),
586 ('qualifier', 'https://www.geotrust.com/resources/repository/legal')
587 ]),
588 OrderedDict([
589 ('policy_qualifier_id', 'user_notice'),
590 (
591 'qualifier',
592 OrderedDict([
593 ('notice_ref', None),
594 ('explicit_text', 'https://www.geotrust.com/resources/repository/legal')
595 ])
596 )
597 ])
598 ]
599 )
600 ])
601 ]
602 ),
603 ('lets_encrypt/isrgrootx1.pem', None),
604 (
605 'lets_encrypt/letsencryptauthorityx1.pem',
606 [
607 OrderedDict([
608 ('policy_identifier', '2.23.140.1.2.1'),
609 ('policy_qualifiers', None)
610 ]),
611 OrderedDict([
612 ('policy_identifier', '1.3.6.1.4.1.44947.1.1.1'),
613 (
614 'policy_qualifiers',
615 [
616 OrderedDict([
617 ('policy_qualifier_id', 'certification_practice_statement'),
618 ('qualifier', 'http://cps.root-x1.letsencrypt.org')
619 ])
620 ]
621 )
622 ])
623 ]
624 ),
625 (
626 'lets_encrypt/letsencryptauthorityx2.pem',
627 [
628 OrderedDict([
629 ('policy_identifier', '2.23.140.1.2.1'),
630 ('policy_qualifiers', None)
631 ]),
632 OrderedDict([
633 ('policy_identifier', '1.3.6.1.4.1.44947.1.1.1'),
634 (
635 'policy_qualifiers',
636 [
637 OrderedDict([
638 ('policy_qualifier_id', 'certification_practice_statement'),
639 ('qualifier', 'http://cps.root-x1.letsencrypt.org')
640 ])
641 ]
642 )
643 ])
644 ]
645 ),
646 (
647 'globalsign_example_keys/IssuingCA-der.cer',
648 [
649 OrderedDict([
650 ('policy_identifier', '1.3.6.1.4.1.4146.1.60'),
651 (
652 'policy_qualifiers',
653 [
654 OrderedDict([
655 ('policy_qualifier_id', 'certification_practice_statement'),
656 ('qualifier', 'https://www.globalsign.com/repository/')
657 ])
658 ]
659 )
660 ])
661 ]
662 ),
663 ('globalsign_example_keys/rootCA.cer', None),
664 (
665 'globalsign_example_keys/SSL1.cer',
666 [
667 OrderedDict([
668 ('policy_identifier', '1.3.6.1.4.1.4146.1.60'),
669 (
670 'policy_qualifiers',
671 [
672 OrderedDict([
673 ('policy_qualifier_id', 'certification_practice_statement'),
674 ('qualifier', 'https://www.globalsign.com/repository/')
675 ])
676 ]
677 )
678 ])
679 ]
680 ),
681 (
682 'globalsign_example_keys/SSL2.cer',
683 [
684 OrderedDict([
685 ('policy_identifier', '1.3.6.1.4.1.4146.1.60'),
686 (
687 'policy_qualifiers',
688 [
689 OrderedDict([
690 ('policy_qualifier_id', 'certification_practice_statement'),
691 ('qualifier', 'https://www.globalsign.com/repository/')
692 ])
693 ]
694 )
695 ])
696 ]
697 ),
698 (
699 'globalsign_example_keys/SSL3.cer',
700 [
701 OrderedDict([
702 ('policy_identifier', '1.3.6.1.4.1.4146.1.60'),
703 (
704 'policy_qualifiers',
705 [
706 OrderedDict([
707 ('policy_qualifier_id', 'certification_practice_statement'),
708 ('qualifier', 'https://www.globalsign.com/repository/')
709 ])
710 ]
711 )
712 ])
713 ]
714 ),
715 )
716
717 @data('certificate_policies_value_info')
718 def certificate_policies_value(self, relative_path, certificate_policies_value):
719 cert = self._load_cert(relative_path)
720 value = cert.certificate_policies_value
721 self.assertEqual(certificate_policies_value, value.native if value else None)
722
723 #pylint: disable=C0326
724 @staticmethod
725 def policy_mappings_value_info():
726 return (
727 ('keys/test-der.crt', None),
728 ('keys/test-inter-der.crt', None),
729 ('keys/test-third-der.crt', None),
730 ('geotrust_certs/GeoTrust_Universal_CA.crt', None),
731 ('geotrust_certs/GeoTrust_Primary_CA.crt', None),
732 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', None),
733 ('geotrust_certs/codex.crt', None),
734 ('lets_encrypt/isrgrootx1.pem', None),
735 ('lets_encrypt/letsencryptauthorityx1.pem', None),
736 ('lets_encrypt/letsencryptauthorityx2.pem', None),
737 ('globalsign_example_keys/IssuingCA-der.cer', None),
738 ('globalsign_example_keys/rootCA.cer', None),
739 ('globalsign_example_keys/SSL1.cer', None),
740 ('globalsign_example_keys/SSL2.cer', None),
741 ('globalsign_example_keys/SSL3.cer', None),
742 )
743
744 @data('policy_mappings_value_info')
745 def policy_mappings_value(self, relative_path, policy_mappings_value):
746 cert = self._load_cert(relative_path)
747 value = cert.policy_mappings_value
748 self.assertEqual(policy_mappings_value, value.native if value else None)
749
750 #pylint: disable=C0326
751 @staticmethod
752 def authority_key_identifier_value_info():
753 return (
754 (
755 'keys/test-der.crt',
wbond08c60fa2015-07-13 23:02:13 -0400[diff] [blame]756 OrderedDict([
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]757 ('key_identifier', b'\xbeB\x85=\xcc\xff\xe3\xf9(\x02\x8f~XV\xb4\xfd\x03\\\xeaK'),
758 (
759 'authority_cert_issuer',
760 [
761 OrderedDict([
762 ('country_name', 'US'),
763 ('state_or_province_name', 'Massachusetts'),
764 ('locality_name', 'Newbury'),
765 ('organization_name', 'Codex Non Sufficit LC'),
766 ('organizational_unit_name', 'Testing'),
767 ('common_name', 'Will Bond'),
768 ('email_address', 'will@codexns.io')
769 ])
770 ]
771 ),
772 ('authority_cert_serial_number', 13683582341504654466)
wbond08c60fa2015-07-13 23:02:13 -0400[diff] [blame]773 ])
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]774 ),
775 (
776 'keys/test-inter-der.crt',
777 OrderedDict([
778 ('key_identifier', b'\xbeB\x85=\xcc\xff\xe3\xf9(\x02\x8f~XV\xb4\xfd\x03\\\xeaK'),
779 ('authority_cert_issuer', None),
780 ('authority_cert_serial_number', None)
781 ])
782 ),
783 (
784 'keys/test-third-der.crt',
785 OrderedDict([
786 ('key_identifier', b'\xd2\n\xfd.%\xd1\xb7!\xd7P~\xbb\xa4}\xbf4\xefR^\x02'),
787 ('authority_cert_issuer', None),
788 ('authority_cert_serial_number', None)
789 ])
790 ),
791 (
792 'geotrust_certs/GeoTrust_Universal_CA.crt',
793 OrderedDict([
794 ('key_identifier', b'\xda\xbb.\xaa\xb0\x0c\xb8\x88&Qt\\m\x03\xd3\xc0\xd8\x8fz\xd6'),
795 ('authority_cert_issuer', None),
796 ('authority_cert_serial_number', None)
797 ])
798 ),
799 (
800 'geotrust_certs/GeoTrust_Primary_CA.crt',
801 None
802 ),
803 (
804 'geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt',
805 OrderedDict([
806 ('key_identifier', b',\xd5PA\x97\x15\x8b\xf0\x8f6a[J\xfbk\xd9\x99\xc93\x92'),
807 ('authority_cert_issuer', None),
808 ('authority_cert_serial_number', None)
809 ])
810 ),
811 (
812 'geotrust_certs/codex.crt',
813 OrderedDict([
814 ('key_identifier', b'\xde\xcf\\P\xb7\xae\x02\x1f\x15\x17\xaa\x16\xe8\r\xb5(\x9djZ\xf3'),
815 ('authority_cert_issuer', None),
816 ('authority_cert_serial_number', None)
817 ])
818 ),
819 (
820 'lets_encrypt/isrgrootx1.pem',
821 None
822 ),
823 (
824 'lets_encrypt/letsencryptauthorityx1.pem',
825 OrderedDict([
826 ('key_identifier', b'y\xb4Y\xe6{\xb6\xe5\xe4\x01s\x80\x08\x88\xc8\x1aX\xf6\xe9\x9bn'),
827 ('authority_cert_issuer', None),
828 ('authority_cert_serial_number', None)
829 ])
830 ),
831 (
832 'lets_encrypt/letsencryptauthorityx2.pem',
833 OrderedDict([
834 ('key_identifier', b'y\xb4Y\xe6{\xb6\xe5\xe4\x01s\x80\x08\x88\xc8\x1aX\xf6\xe9\x9bn'),
835 ('authority_cert_issuer', None),
836 ('authority_cert_serial_number', None)
837 ])
838 ),
839 (
840 'globalsign_example_keys/IssuingCA-der.cer',
841 OrderedDict([
842 ('key_identifier', b'd|\\\xe1\xe0`8NH\x9f\x05\xbcUc~?\xaeM\xf7\x1e'),
843 ('authority_cert_issuer', None),
844 ('authority_cert_serial_number', None)
845 ])
846 ),
847 (
848 'globalsign_example_keys/rootCA.cer',
849 None
850 ),
851 (
852 'globalsign_example_keys/SSL1.cer',
853 OrderedDict([
854 ('key_identifier', b"'\xf8/\xe9]\xd7\r\xf4\xa8\xea\x87\x99=\xfd\x8e\xb3\x9e@\xd0\x91"),
855 ('authority_cert_issuer', None),
856 ('authority_cert_serial_number', None)
857 ])
858 ),
859 (
860 'globalsign_example_keys/SSL2.cer',
861 OrderedDict([
862 ('key_identifier', b"'\xf8/\xe9]\xd7\r\xf4\xa8\xea\x87\x99=\xfd\x8e\xb3\x9e@\xd0\x91"),
863 ('authority_cert_issuer', None),
864 ('authority_cert_serial_number', None)
865 ])
866 ),
867 (
868 'globalsign_example_keys/SSL3.cer',
869 OrderedDict([
870 ('key_identifier', b"'\xf8/\xe9]\xd7\r\xf4\xa8\xea\x87\x99=\xfd\x8e\xb3\x9e@\xd0\x91"),
871 ('authority_cert_issuer', None),
872 ('authority_cert_serial_number', None)
873 ])
874 ),
wbond08c60fa2015-07-13 23:02:13 -0400[diff] [blame]875 )
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]876
877 @data('authority_key_identifier_value_info')
878 def authority_key_identifier_value(self, relative_path, authority_key_identifier_value):
879 cert = self._load_cert(relative_path)
880 value = cert.authority_key_identifier_value
881 self.assertEqual(authority_key_identifier_value, value.native if value else None)
882
883 #pylint: disable=C0326
884 @staticmethod
885 def policy_constraints_value_info():
886 return (
887 ('keys/test-der.crt', None),
888 ('keys/test-inter-der.crt', None),
889 ('keys/test-third-der.crt', None),
890 ('geotrust_certs/GeoTrust_Universal_CA.crt', None),
891 ('geotrust_certs/GeoTrust_Primary_CA.crt', None),
892 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', None),
893 ('geotrust_certs/codex.crt', None),
894 ('lets_encrypt/isrgrootx1.pem', None),
895 ('lets_encrypt/letsencryptauthorityx1.pem', None),
896 ('lets_encrypt/letsencryptauthorityx2.pem', None),
897 ('globalsign_example_keys/IssuingCA-der.cer', None),
898 ('globalsign_example_keys/rootCA.cer', None),
899 ('globalsign_example_keys/SSL1.cer', None),
900 ('globalsign_example_keys/SSL2.cer', None),
901 ('globalsign_example_keys/SSL3.cer', None),
902 )
903
904 @data('policy_constraints_value_info')
905 def policy_constraints_value(self, relative_path, policy_constraints_value):
906 cert = self._load_cert(relative_path)
907 value = cert.policy_constraints_value
908 self.assertEqual(policy_constraints_value, value.native if value else None)
909
910 #pylint: disable=C0326
911 @staticmethod
912 def extended_key_usage_value_info():
913 return (
914 ('keys/test-der.crt', None),
915 ('keys/test-inter-der.crt', None),
916 ('keys/test-third-der.crt', None),
917 ('geotrust_certs/GeoTrust_Universal_CA.crt', None),
918 ('geotrust_certs/GeoTrust_Primary_CA.crt', None),
919 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', None),
920 ('geotrust_certs/codex.crt', ['server_auth', 'client_auth']),
921 ('lets_encrypt/isrgrootx1.pem', None),
922 ('lets_encrypt/letsencryptauthorityx1.pem', None),
923 ('lets_encrypt/letsencryptauthorityx2.pem', None),
924 ('globalsign_example_keys/IssuingCA-der.cer', None),
925 ('globalsign_example_keys/rootCA.cer', None),
926 ('globalsign_example_keys/SSL1.cer', ['server_auth', 'client_auth']),
927 ('globalsign_example_keys/SSL2.cer', ['server_auth', 'client_auth']),
928 ('globalsign_example_keys/SSL3.cer', ['server_auth', 'client_auth']),
929 )
930
931 @data('extended_key_usage_value_info')
932 def extended_key_usage_value(self, relative_path, extended_key_usage_value):
933 cert = self._load_cert(relative_path)
934 value = cert.extended_key_usage_value
935 self.assertEqual(extended_key_usage_value, value.native if value else None)
936
937 #pylint: disable=C0326
938 @staticmethod
939 def authority_information_access_value_info():
940 return (
941 ('keys/test-der.crt', None),
942 ('keys/test-inter-der.crt', None),
943 ('keys/test-third-der.crt', None),
944 ('geotrust_certs/GeoTrust_Universal_CA.crt', None),
945 ('geotrust_certs/GeoTrust_Primary_CA.crt', None),
946 (
947 'geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt',
948 [
949 OrderedDict([
950 ('access_method', 'ocsp'),
951 ('access_location', 'http://g2.symcb.com')
952 ])
953 ]
954 ),
955 (
956 'geotrust_certs/codex.crt',
957 [
958 OrderedDict([
959 ('access_method', 'ocsp'),
960 ('access_location', 'http://gm.symcd.com')
961 ]),
962 OrderedDict([
963 ('access_method', 'ca_issuers'),
964 ('access_location', 'http://gm.symcb.com/gm.crt')
965 ]),
966 ]
967 ),
968 ('lets_encrypt/isrgrootx1.pem', None),
969 (
970 'lets_encrypt/letsencryptauthorityx1.pem',
971 [
972 OrderedDict([
973 ('access_method', 'ocsp'),
974 ('access_location', 'http://ocsp.root-x1.letsencrypt.org/')
975 ]),
976 OrderedDict([
977 ('access_method', 'ca_issuers'),
978 ('access_location', 'http://cert.root-x1.letsencrypt.org/')
979 ])
980 ]
981 ),
982 (
983 'lets_encrypt/letsencryptauthorityx2.pem',
984 [
985 OrderedDict([
986 ('access_method', 'ocsp'),
987 ('access_location', 'http://ocsp.root-x1.letsencrypt.org/')
988 ]),
989 OrderedDict([
990 ('access_method', 'ca_issuers'),
991 ('access_location', 'http://cert.root-x1.letsencrypt.org/')
992 ])
993 ]
994 ),
995 ('globalsign_example_keys/IssuingCA-der.cer', None),
996 ('globalsign_example_keys/rootCA.cer', None),
997 (
998 'globalsign_example_keys/SSL1.cer',
999 [
1000 OrderedDict([
1001 ('access_method', 'ocsp'),
1002 ('access_location', 'http://ocsp.exampleovca.com/')
1003 ]),
1004 OrderedDict([
1005 ('access_method', 'ca_issuers'),
1006 ('access_location', 'http://secure.globalsign.com/cacert/trustrootcatg2.crt')
1007 ])
1008 ]
1009 ),
1010 (
1011 'globalsign_example_keys/SSL2.cer',
1012 [
1013 OrderedDict([
1014 ('access_method', 'ocsp'),
1015 ('access_location', 'http://ocsp.exampleovca.com/')
1016 ]),
1017 OrderedDict([
1018 ('access_method', 'ca_issuers'),
1019 ('access_location', 'http://secure.globalsign.com/cacert/trustrootcatg2.crt')
1020 ])
1021 ]
1022 ),
1023 (
1024 'globalsign_example_keys/SSL3.cer',
1025 [
1026 OrderedDict([
1027 ('access_method', 'ocsp'),
1028 ('access_location', 'http://ocsp.exampleovca.com/')
1029 ]),
1030 OrderedDict([
1031 ('access_method', 'ca_issuers'),
1032 ('access_location', 'http://secure.globalsign.com/cacert/trustrootcatg2.crt')
1033 ])
1034 ]
1035 ),
1036 )
1037
1038 @data('authority_information_access_value_info')
1039 def authority_information_access_value(self, relative_path, authority_information_access_value):
1040 cert = self._load_cert(relative_path)
1041 value = cert.authority_information_access_value
1042 self.assertEqual(authority_information_access_value, value.native if value else None)
1043
1044 #pylint: disable=C0326
1045 @staticmethod
1046 def ocsp_no_check_value_info():
1047 return (
1048 ('keys/test-der.crt', None),
1049 ('keys/test-inter-der.crt', None),
1050 ('keys/test-third-der.crt', None),
1051 ('geotrust_certs/GeoTrust_Universal_CA.crt', None),
1052 ('geotrust_certs/GeoTrust_Primary_CA.crt', None),
1053 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', None),
1054 ('geotrust_certs/codex.crt', None),
1055 ('lets_encrypt/isrgrootx1.pem', None),
1056 ('lets_encrypt/letsencryptauthorityx1.pem', None),
1057 ('lets_encrypt/letsencryptauthorityx2.pem', None),
1058 ('globalsign_example_keys/IssuingCA-der.cer', None),
1059 ('globalsign_example_keys/rootCA.cer', None),
1060 ('globalsign_example_keys/SSL1.cer', None),
1061 ('globalsign_example_keys/SSL2.cer', None),
1062 ('globalsign_example_keys/SSL3.cer', None),
1063 )
1064
1065 @data('ocsp_no_check_value_info')
1066 def ocsp_no_check_value(self, relative_path, ocsp_no_check_value):
1067 cert = self._load_cert(relative_path)
1068 value = cert.ocsp_no_check_value
1069 self.assertEqual(ocsp_no_check_value, value.native if value else None)
1070
1071 #pylint: disable=C0326
1072 @staticmethod
1073 def serial_number_info():
1074 return (
1075 ('keys/test-der.crt', 13683582341504654466),
1076 ('keys/test-inter-der.crt', 1590137),
1077 ('keys/test-third-der.crt', 2474902313),
1078 ('geotrust_certs/GeoTrust_Universal_CA.crt', 1),
1079 ('geotrust_certs/GeoTrust_Primary_CA.crt', 32798226551256963324313806436981982369),
1080 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', 146934555852773531829332059263122711876),
1081 ('geotrust_certs/codex.crt', 130338219198307073574879940486642352162),
1082 ('lets_encrypt/isrgrootx1.pem', 172886928669790476064670243504169061120),
1083 ('lets_encrypt/letsencryptauthorityx1.pem', 307817870430047279283060309415759825539),
1084 ('lets_encrypt/letsencryptauthorityx2.pem', 199666138109676817050168330923544141416),
1085 ('globalsign_example_keys/IssuingCA-der.cer', 43543335419752),
1086 ('globalsign_example_keys/rootCA.cer', 342514332211132),
1087 ('globalsign_example_keys/SSL1.cer', 425155524522),
1088 ('globalsign_example_keys/SSL2.cer', 425155524522),
1089 ('globalsign_example_keys/SSL3.cer', 425155524522),
1090 )
1091
1092 @data('serial_number_info')
1093 def serial_number(self, relative_path, serial_number):
1094 cert = self._load_cert(relative_path)
1095 self.assertEqual(serial_number, cert.serial_number)
1096
1097 #pylint: disable=C0326
1098 @staticmethod
1099 def key_identifier_info():
1100 return (
1101 ('keys/test-der.crt', b'\xbeB\x85=\xcc\xff\xe3\xf9(\x02\x8f~XV\xb4\xfd\x03\\\xeaK'),
1102 ('keys/test-inter-der.crt', b'\xd2\n\xfd.%\xd1\xb7!\xd7P~\xbb\xa4}\xbf4\xefR^\x02'),
1103 ('keys/test-third-der.crt', b'D8\xe0\xe0&\x85\xbf\x98\x86\xdc\x1b\xe1\x1d\xf520\xbe\xab\xac\r'),
1104 ('geotrust_certs/GeoTrust_Universal_CA.crt', b'\xda\xbb.\xaa\xb0\x0c\xb8\x88&Qt\\m\x03\xd3\xc0\xd8\x8fz\xd6'),
1105 ('geotrust_certs/GeoTrust_Primary_CA.crt', b',\xd5PA\x97\x15\x8b\xf0\x8f6a[J\xfbk\xd9\x99\xc93\x92'),
1106 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', b'\xde\xcf\\P\xb7\xae\x02\x1f\x15\x17\xaa\x16\xe8\r\xb5(\x9djZ\xf3'),
1107 ('geotrust_certs/codex.crt', None),
1108 ('lets_encrypt/isrgrootx1.pem', b'y\xb4Y\xe6{\xb6\xe5\xe4\x01s\x80\x08\x88\xc8\x1aX\xf6\xe9\x9bn'),
1109 ('lets_encrypt/letsencryptauthorityx1.pem', b'\xa8Jjc\x04}\xdd\xba\xe6\xd19\xb7\xa6Ee\xef\xf3\xa8\xec\xa1'),
1110 ('lets_encrypt/letsencryptauthorityx2.pem', b'\xc5\xb1\xabNL\xb1\xcdd0\x93~\xc1\x84\x99\x05\xab\xe6\x03\xe2%'),
1111 ('globalsign_example_keys/IssuingCA-der.cer', b"'\xf8/\xe9]\xd7\r\xf4\xa8\xea\x87\x99=\xfd\x8e\xb3\x9e@\xd0\x91"),
1112 ('globalsign_example_keys/rootCA.cer', b'd|\\\xe1\xe0`8NH\x9f\x05\xbcUc~?\xaeM\xf7\x1e'),
1113 ('globalsign_example_keys/SSL1.cer', b'\x94a\x04\x92\x04L\xe6\xffh\xa8\x96\xafy\xd2\xf32\x84\xae[\xcf'),
1114 ('globalsign_example_keys/SSL2.cer', b'\xd2\xb7\x15\x7fd0\x07(p\x83\xca(\xfa\x88\x96\xde\x9e\xfc\x8a='),
1115 ('globalsign_example_keys/SSL3.cer', b'G\xde\xa4\xe7\xea`\xe7\xee6\xc8\xf1\xd5\xb0F\x07\x07\x9eBh\xce'),
1116 )
1117
1118 @data('key_identifier_info')
1119 def key_identifier(self, relative_path, key_identifier):
1120 cert = self._load_cert(relative_path)
1121 self.assertEqual(key_identifier, cert.key_identifier)
1122
1123 #pylint: disable=C0326
1124 @staticmethod
1125 def issuer_serial_info():
1126 return (
1127 ('keys/test-der.crt', b'\xdd\x8a\x19x\xae`\x19=\xa7\xf8\x00\xb9\xfbx\xf8\xedu\xb8!\xf8\x8c\xdb\x1f\x99\'7w\x93\xb4\xa4\'\xa0:13683582341504654466'),
1128 ('keys/test-inter-der.crt', b'\xdd\x8a\x19x\xae`\x19=\xa7\xf8\x00\xb9\xfbx\xf8\xedu\xb8!\xf8\x8c\xdb\x1f\x99\'7w\x93\xb4\xa4\'\xa0:1590137'),
1129 ('keys/test-third-der.crt', b'\xed{\x9b\xbf\x9b\xdbd\xa4\xea\xf2#+H\x96\xcd\x80\x99\xf6\xecCM\x94\x07\x02\xe2\x18\xf3\x83\x8c8%\x01:2474902313'),
1130 ('geotrust_certs/GeoTrust_Universal_CA.crt', b'\xa1\x848\xf2\xe5w\xee\xec\xce\xfefJC+\xdf\x97\x7f\xd2Y\xe3\xdc\xa0D7~\x07\xd9\x9dzL@g:1'),
1131 ('geotrust_certs/GeoTrust_Primary_CA.crt', b'\xdcg\x0c\x80\x03\xb3D\xa0v\xe2\xee\xec\x8b\xd6\x82\x01\xf0\x13\x0cwT\xb4\x8f\x80\x0eT\x9d\xbf\xbf\xa4\x11\x80:32798226551256963324313806436981982369'),
1132 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', b'\xdcg\x0c\x80\x03\xb3D\xa0v\xe2\xee\xec\x8b\xd6\x82\x01\xf0\x13\x0cwT\xb4\x8f\x80\x0eT\x9d\xbf\xbf\xa4\x11\x80:146934555852773531829332059263122711876'),
1133 ('geotrust_certs/codex.crt', b'x\x12\xe0\x15\x00d;\xc3\xb9/\xf6\x13\n\xd8\xe2\xddY\xf7\xaf*=C\x01<\x86\xf5\x9f_\xab;e\xd1:130338219198307073574879940486642352162'),
1134 ('lets_encrypt/isrgrootx1.pem', b'\xf6\xdb/\xbd\x9d\xd8]\x92Y\xdd\xb3\xc6\xde}{/\xec?>\x0c\xef\x17a\xbc\xbf3 W\x1e-0\xf8:172886928669790476064670243504169061120'),
1135 ('lets_encrypt/letsencryptauthorityx1.pem', b'\xf6\xdb/\xbd\x9d\xd8]\x92Y\xdd\xb3\xc6\xde}{/\xec?>\x0c\xef\x17a\xbc\xbf3 W\x1e-0\xf8:307817870430047279283060309415759825539'),
1136 ('lets_encrypt/letsencryptauthorityx2.pem', b'\xf6\xdb/\xbd\x9d\xd8]\x92Y\xdd\xb3\xc6\xde}{/\xec?>\x0c\xef\x17a\xbc\xbf3 W\x1e-0\xf8:199666138109676817050168330923544141416'),
1137 ('globalsign_example_keys/IssuingCA-der.cer', b'\xd2\xe7\xca\x10\xc1\x91\x92Y^A\x11\xd3Rz\xd5\x93\x19wk\x11\xef\xaa\x9c\xad\x10\x8ak\x8a\x08-\x0c\xff:43543335419752'),
1138 ('globalsign_example_keys/rootCA.cer', b'\xd2\xe7\xca\x10\xc1\x91\x92Y^A\x11\xd3Rz\xd5\x93\x19wk\x11\xef\xaa\x9c\xad\x10\x8ak\x8a\x08-\x0c\xff:342514332211132'),
1139 ('globalsign_example_keys/SSL1.cer', b'_\xc0S\xb1\xeb}\xe3\x8e\xe4{\xdb\xd7\xe2\xd9}=3\x97|\x0c\x1e\xecz\xcc\x92u\x1f\xf0\x1d\xbc\x9f\xe4:425155524522'),
1140 ('globalsign_example_keys/SSL2.cer', b'_\xc0S\xb1\xeb}\xe3\x8e\xe4{\xdb\xd7\xe2\xd9}=3\x97|\x0c\x1e\xecz\xcc\x92u\x1f\xf0\x1d\xbc\x9f\xe4:425155524522'),
1141 ('globalsign_example_keys/SSL3.cer', b'_\xc0S\xb1\xeb}\xe3\x8e\xe4{\xdb\xd7\xe2\xd9}=3\x97|\x0c\x1e\xecz\xcc\x92u\x1f\xf0\x1d\xbc\x9f\xe4:425155524522'),
1142 )
1143
1144 @data('issuer_serial_info')
1145 def issuer_serial(self, relative_path, issuer_serial):
1146 cert = self._load_cert(relative_path)
1147 self.assertEqual(issuer_serial, cert.issuer_serial)
1148
1149 #pylint: disable=C0326
1150 @staticmethod
1151 def authority_key_identifier_info():
1152 return (
1153 ('keys/test-der.crt', b'\xbeB\x85=\xcc\xff\xe3\xf9(\x02\x8f~XV\xb4\xfd\x03\\\xeaK'),
1154 ('keys/test-inter-der.crt', b'\xbeB\x85=\xcc\xff\xe3\xf9(\x02\x8f~XV\xb4\xfd\x03\\\xeaK'),
1155 ('keys/test-third-der.crt', b'\xd2\n\xfd.%\xd1\xb7!\xd7P~\xbb\xa4}\xbf4\xefR^\x02'),
1156 ('geotrust_certs/GeoTrust_Universal_CA.crt', b'\xda\xbb.\xaa\xb0\x0c\xb8\x88&Qt\\m\x03\xd3\xc0\xd8\x8fz\xd6'),
1157 ('geotrust_certs/GeoTrust_Primary_CA.crt', None),
1158 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', b',\xd5PA\x97\x15\x8b\xf0\x8f6a[J\xfbk\xd9\x99\xc93\x92'),
1159 ('geotrust_certs/codex.crt', b'\xde\xcf\\P\xb7\xae\x02\x1f\x15\x17\xaa\x16\xe8\r\xb5(\x9djZ\xf3'),
1160 ('lets_encrypt/isrgrootx1.pem', None),
1161 ('lets_encrypt/letsencryptauthorityx1.pem', b'y\xb4Y\xe6{\xb6\xe5\xe4\x01s\x80\x08\x88\xc8\x1aX\xf6\xe9\x9bn'),
1162 ('lets_encrypt/letsencryptauthorityx2.pem', b'y\xb4Y\xe6{\xb6\xe5\xe4\x01s\x80\x08\x88\xc8\x1aX\xf6\xe9\x9bn'),
1163 ('globalsign_example_keys/IssuingCA-der.cer', b'd|\\\xe1\xe0`8NH\x9f\x05\xbcUc~?\xaeM\xf7\x1e'),
1164 ('globalsign_example_keys/rootCA.cer', None),
1165 ('globalsign_example_keys/SSL1.cer', b"'\xf8/\xe9]\xd7\r\xf4\xa8\xea\x87\x99=\xfd\x8e\xb3\x9e@\xd0\x91"),
1166 ('globalsign_example_keys/SSL2.cer', b"'\xf8/\xe9]\xd7\r\xf4\xa8\xea\x87\x99=\xfd\x8e\xb3\x9e@\xd0\x91"),
1167 ('globalsign_example_keys/SSL3.cer', b"'\xf8/\xe9]\xd7\r\xf4\xa8\xea\x87\x99=\xfd\x8e\xb3\x9e@\xd0\x91"),
1168 )
1169
1170 @data('authority_key_identifier_info')
1171 def authority_key_identifier(self, relative_path, authority_key_identifier):
1172 cert = self._load_cert(relative_path)
1173 self.assertEqual(authority_key_identifier, cert.authority_key_identifier)
1174
1175 #pylint: disable=C0326
1176 @staticmethod
1177 def authority_issuer_serial_info():
1178 return (
1179 ('keys/test-der.crt', b'\xdd\x8a\x19x\xae`\x19=\xa7\xf8\x00\xb9\xfbx\xf8\xedu\xb8!\xf8\x8c\xdb\x1f\x99\'7w\x93\xb4\xa4\'\xa0:13683582341504654466'),
1180 ('keys/test-inter-der.crt', None),
1181 ('keys/test-third-der.crt', None),
1182 ('geotrust_certs/GeoTrust_Universal_CA.crt', None),
1183 ('geotrust_certs/GeoTrust_Primary_CA.crt', None),
1184 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', None),
1185 ('geotrust_certs/codex.crt', None),
1186 ('lets_encrypt/isrgrootx1.pem', None),
1187 ('lets_encrypt/letsencryptauthorityx1.pem', None),
1188 ('lets_encrypt/letsencryptauthorityx2.pem', None),
1189 ('globalsign_example_keys/IssuingCA-der.cer', None),
1190 ('globalsign_example_keys/rootCA.cer', None),
1191 ('globalsign_example_keys/SSL1.cer', None),
1192 ('globalsign_example_keys/SSL2.cer', None),
1193 ('globalsign_example_keys/SSL3.cer', None),
1194 )
1195
1196 @data('authority_issuer_serial_info')
1197 def authority_issuer_serial(self, relative_path, authority_issuer_serial):
1198 cert = self._load_cert(relative_path)
1199 self.assertEqual(authority_issuer_serial, cert.authority_issuer_serial)
1200
1201 #pylint: disable=C0326
1202 @staticmethod
1203 def ocsp_urls_info():
1204 return (
1205 ('keys/test-der.crt', []),
1206 ('keys/test-inter-der.crt', []),
1207 ('keys/test-third-der.crt', []),
1208 ('geotrust_certs/GeoTrust_Universal_CA.crt', []),
1209 ('geotrust_certs/GeoTrust_Primary_CA.crt', []),
1210 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', ['http://g2.symcb.com']),
1211 ('geotrust_certs/codex.crt', ['http://gm.symcd.com']),
1212 ('lets_encrypt/isrgrootx1.pem', []),
1213 ('lets_encrypt/letsencryptauthorityx1.pem', ['http://ocsp.root-x1.letsencrypt.org/']),
1214 ('lets_encrypt/letsencryptauthorityx2.pem', ['http://ocsp.root-x1.letsencrypt.org/']),
1215 ('globalsign_example_keys/IssuingCA-der.cer', []),
1216 ('globalsign_example_keys/rootCA.cer', []),
1217 ('globalsign_example_keys/SSL1.cer', ['http://ocsp.exampleovca.com/']),
1218 ('globalsign_example_keys/SSL2.cer', ['http://ocsp.exampleovca.com/']),
1219 ('globalsign_example_keys/SSL3.cer', ['http://ocsp.exampleovca.com/']),
1220 )
1221
1222 @data('ocsp_urls_info')
1223 def ocsp_urls(self, relative_path, ocsp_url):
1224 cert = self._load_cert(relative_path)
1225 self.assertEqual(ocsp_url, cert.ocsp_urls)
1226
1227 #pylint: disable=C0326
1228 @staticmethod
wbond6888bc62015-07-21 15:05:59 -0400[diff] [blame]1229 def crl_distribution_points_info():
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1230 return (
1231 ('keys/test-der.crt', []),
1232 ('keys/test-inter-der.crt', []),
1233 ('keys/test-third-der.crt', []),
1234 ('geotrust_certs/GeoTrust_Universal_CA.crt', []),
1235 ('geotrust_certs/GeoTrust_Primary_CA.crt', []),
wbond6888bc62015-07-21 15:05:59 -0400[diff] [blame]1236 (
1237 'geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt',
1238 [
1239 OrderedDict([
1240 ('distribution_point', ['http://g1.symcb.com/GeoTrustPCA.crl']),
1241 ('reasons', None),
1242 ('crl_issuer', None)
1243 ])
1244 ]
1245 ),
1246 (
1247 'geotrust_certs/codex.crt',
1248 [
1249 OrderedDict([
1250 ('distribution_point', ['http://gm.symcb.com/gm.crl']),
1251 ('reasons', None),
1252 ('crl_issuer', None)
1253 ])
1254 ]
1255 ),
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1256 ('lets_encrypt/isrgrootx1.pem', []),
wbond6888bc62015-07-21 15:05:59 -0400[diff] [blame]1257 (
1258 'lets_encrypt/letsencryptauthorityx1.pem',
1259 [
1260 OrderedDict([
1261 ('distribution_point', ['http://crl.root-x1.letsencrypt.org']),
1262 ('reasons', None),
1263 ('crl_issuer', None)
1264 ])
1265 ]
1266 ),
1267 (
1268 'lets_encrypt/letsencryptauthorityx2.pem',
1269 [
1270 OrderedDict([
1271 ('distribution_point', ['http://crl.root-x1.letsencrypt.org']),
1272 ('reasons', None),
1273 ('crl_issuer', None)
1274 ])
1275 ]
1276 ),
1277 (
1278 'globalsign_example_keys/IssuingCA-der.cer',
1279 [
1280 OrderedDict([
1281 ('distribution_point', ['http://crl.globalsign.com/gs/trustrootcatg2.crl']),
1282 ('reasons', None),
1283 ('crl_issuer', None)
1284 ])
1285 ]
1286 ),
1287 (
1288 'globalsign_example_keys/rootCA.cer',
1289 [
1290 OrderedDict([
1291 ('distribution_point', ['http://crl.globalsign.com/gs/trustrootcatg2.crl']),
1292 ('reasons', None),
1293 ('crl_issuer', None)
1294 ])
1295 ]
1296 ),
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1297 ('globalsign_example_keys/SSL1.cer', []),
1298 ('globalsign_example_keys/SSL2.cer', []),
1299 ('globalsign_example_keys/SSL3.cer', []),
1300 )
1301
wbond6888bc62015-07-21 15:05:59 -0400[diff] [blame]1302 @data('crl_distribution_points_info')
1303 def crl_distribution_points(self, relative_path, crl_distribution_point):
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1304 cert = self._load_cert(relative_path)
wbond6888bc62015-07-21 15:05:59 -0400[diff] [blame]1305 points = [point.native for point in cert.crl_distribution_points]
1306 self.assertEqual(crl_distribution_point, points)
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1307
1308 #pylint: disable=C0326
1309 @staticmethod
1310 def valid_domains_info():
1311 return (
1312 ('keys/test-der.crt', []),
1313 ('keys/test-inter-der.crt', []),
1314 ('keys/test-third-der.crt', []),
1315 ('geotrust_certs/GeoTrust_Universal_CA.crt', []),
1316 ('geotrust_certs/GeoTrust_Primary_CA.crt', []),
1317 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', []),
1318 ('geotrust_certs/codex.crt', ['codexns.io', 'dev.codexns.io', 'rc.codexns.io', 'packagecontrol.io', 'wbond.net']),
1319 ('lets_encrypt/isrgrootx1.pem', []),
1320 ('lets_encrypt/letsencryptauthorityx1.pem', []),
1321 ('lets_encrypt/letsencryptauthorityx2.pem', []),
1322 ('globalsign_example_keys/IssuingCA-der.cer', []),
1323 ('globalsign_example_keys/rootCA.cer', []),
1324 ('globalsign_example_keys/SSL1.cer', ['anything.example.com']),
1325 ('globalsign_example_keys/SSL2.cer', ['*.google.com', 'anything.example.com']),
1326 ('globalsign_example_keys/SSL3.cer', ['*.google.com']),
1327 )
1328
1329 @data('valid_domains_info')
1330 def valid_domains(self, relative_path, valid_domains):
1331 cert = self._load_cert(relative_path)
1332 self.assertEqual(valid_domains, cert.valid_domains)
1333
1334 #pylint: disable=C0326
1335 @staticmethod
1336 def valid_ips_info():
1337 return (
1338 ('keys/test-der.crt', []),
1339 ('keys/test-inter-der.crt', []),
1340 ('keys/test-third-der.crt', []),
1341 ('geotrust_certs/GeoTrust_Universal_CA.crt', []),
1342 ('geotrust_certs/GeoTrust_Primary_CA.crt', []),
1343 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', []),
1344 ('geotrust_certs/codex.crt', []),
1345 ('lets_encrypt/isrgrootx1.pem', []),
1346 ('lets_encrypt/letsencryptauthorityx1.pem', []),
1347 ('lets_encrypt/letsencryptauthorityx2.pem', []),
1348 ('globalsign_example_keys/IssuingCA-der.cer', []),
1349 ('globalsign_example_keys/rootCA.cer', []),
1350 ('globalsign_example_keys/SSL1.cer', []),
1351 ('globalsign_example_keys/SSL2.cer', []),
1352 ('globalsign_example_keys/SSL3.cer', []),
1353 )
1354
1355 @data('valid_ips_info')
1356 def valid_ips(self, relative_path, crl_url):
1357 cert = self._load_cert(relative_path)
1358 self.assertEqual(crl_url, cert.valid_ips)
wbond8bb77d02015-07-13 17:44:29 -0400[diff] [blame]1359
wbond9a7a0992015-07-23 09:59:06 -0400[diff] [blame^]1360 #pylint: disable=C0326
1361 @staticmethod
1362 def self_issued_info():
1363 return (
1364 ('keys/test-der.crt', True),
1365 ('keys/test-inter-der.crt', False),
1366 ('keys/test-third-der.crt', False),
1367 ('geotrust_certs/GeoTrust_Universal_CA.crt', True),
1368 ('geotrust_certs/GeoTrust_Primary_CA.crt', True),
1369 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', False),
1370 ('geotrust_certs/codex.crt', False),
1371 ('lets_encrypt/isrgrootx1.pem', True),
1372 ('lets_encrypt/letsencryptauthorityx1.pem', False),
1373 ('lets_encrypt/letsencryptauthorityx2.pem', False),
1374 ('globalsign_example_keys/IssuingCA-der.cer', False),
1375 ('globalsign_example_keys/rootCA.cer', True),
1376 ('globalsign_example_keys/SSL1.cer', False),
1377 ('globalsign_example_keys/SSL2.cer', False),
1378 ('globalsign_example_keys/SSL3.cer', False),
1379 )
1380
1381 @data('self_issued_info')
1382 def self_issued(self, relative_path, self_issued):
1383 cert = self._load_cert(relative_path)
1384 self.assertEqual(self_issued, cert.self_issued)
1385
1386 #pylint: disable=C0326
1387 @staticmethod
1388 def self_signed_info():
1389 return (
1390 ('keys/test-der.crt', 'yes'),
1391 ('keys/test-inter-der.crt', 'no'),
1392 ('keys/test-third-der.crt', 'no'),
1393 ('geotrust_certs/GeoTrust_Universal_CA.crt', 'yes'),
1394 ('geotrust_certs/GeoTrust_Primary_CA.crt', 'yes'),
1395 ('geotrust_certs/GeoTrust_EV_SSL_CA_-_G4.crt', 'no'),
1396 ('geotrust_certs/codex.crt', 'no'),
1397 ('lets_encrypt/isrgrootx1.pem', 'yes'),
1398 ('lets_encrypt/letsencryptauthorityx1.pem', 'no'),
1399 ('lets_encrypt/letsencryptauthorityx2.pem', 'no'),
1400 ('globalsign_example_keys/IssuingCA-der.cer', 'no'),
1401 ('globalsign_example_keys/rootCA.cer', 'yes'),
1402 ('globalsign_example_keys/SSL1.cer', 'no'),
1403 ('globalsign_example_keys/SSL2.cer', 'no'),
1404 ('globalsign_example_keys/SSL3.cer', 'no'),
1405 )
1406
1407 @data('self_signed_info')
1408 def self_signed(self, relative_path, self_signed):
1409 cert = self._load_cert(relative_path)
1410 self.assertEqual(self_signed, cert.self_signed)
1411
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]1412 def test_parse_certificate(self):
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1413 cert = self._load_cert('keys/test-der.crt')
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]1414
1415 tbs_certificate = cert['tbs_certificate']
1416 signature = tbs_certificate['signature']
1417 issuer = tbs_certificate['issuer']
1418 validity = tbs_certificate['validity']
1419 subject = tbs_certificate['subject']
1420 subject_public_key_info = tbs_certificate['subject_public_key_info']
1421 subject_public_key_algorithm = subject_public_key_info['algorithm']
1422 subject_public_key = subject_public_key_info['public_key'].parsed
1423 extensions = tbs_certificate['extensions']
1424
1425 self.assertEqual(
1426 'v3',
1427 tbs_certificate['version'].native
1428 )
1429 self.assertEqual(
1430 13683582341504654466,
1431 tbs_certificate['serial_number'].native
1432 )
1433 self.assertEqual(
1434 'sha256_rsa',
1435 signature['algorithm'].native
1436 )
1437 self.assertEqual(
1438 None,
1439 signature['parameters'].native
1440 )
1441 self.assertEqual(
1442 OrderedDict([
1443 ('country_name', 'US'),
1444 ('state_or_province_name', 'Massachusetts'),
1445 ('locality_name', 'Newbury'),
1446 ('organization_name', 'Codex Non Sufficit LC'),
1447 ('organizational_unit_name', 'Testing'),
1448 ('common_name', 'Will Bond'),
1449 ('email_address', 'will@codexns.io'),
1450 ]),
1451 issuer.native
1452 )
1453 self.assertEqual(
1454 datetime(2015, 5, 6, 14, 37, 16, tzinfo=core.timezone.utc),
1455 validity['not_before'].native
1456 )
1457 self.assertEqual(
1458 datetime(2025, 5, 3, 14, 37, 16, tzinfo=core.timezone.utc),
1459 validity['not_after'].native
1460 )
1461 self.assertEqual(
1462 OrderedDict([
1463 ('country_name', 'US'),
1464 ('state_or_province_name', 'Massachusetts'),
1465 ('locality_name', 'Newbury'),
1466 ('organization_name', 'Codex Non Sufficit LC'),
1467 ('organizational_unit_name', 'Testing'),
1468 ('common_name', 'Will Bond'),
1469 ('email_address', 'will@codexns.io'),
1470 ]),
1471 subject.native
1472 )
1473 self.assertEqual(
1474 'rsa',
1475 subject_public_key_algorithm['algorithm'].native
1476 )
1477 self.assertEqual(
1478 None,
1479 subject_public_key_algorithm['parameters'].native
1480 )
1481 self.assertEqual(
1482 23903990516906431865559598284199534387004799030432486061102966678620221767754702651554142956492614440585611990224871381291841413369032752409360196079700921141819811294444393525264295297988924243231844876926173670633422654261873814968313363171188082579071492839040415373948505938897419917635370450127498164824808630475648771544810334682447182123219422360569466851807131368135806769502898151721274383486320505905826683946456552230958810028663378886363555981449715929872558073101554364803925363048965464124465016494920967179276744892632783712377912841537032383450409486298694116013299423220523450956288827030007092359007,
1483 subject_public_key['modulus'].native
1484 )
1485 self.assertEqual(
1486 65537,
1487 subject_public_key['public_exponent'].native
1488 )
1489 self.assertEqual(
1490 None,
1491 tbs_certificate['issuer_unique_id'].native
1492 )
1493 self.assertIsInstance(
1494 tbs_certificate['issuer_unique_id'],
1495 core.NoValue
1496 )
1497 self.assertEqual(
1498 None,
1499 tbs_certificate['subject_unique_id'].native
1500 )
1501 self.assertIsInstance(
1502 tbs_certificate['subject_unique_id'],
1503 core.NoValue
1504 )
1505
1506 self.maxDiff = None
1507 for extension in extensions:
1508 self.assertIsInstance(
1509 extension,
1510 x509.Extension
1511 )
1512 self.assertEqual(
1513 [
1514 OrderedDict([
1515 ('extn_id', 'key_identifier'),
1516 ('critical', False),
1517 ('extn_value', b'\xBE\x42\x85\x3D\xCC\xFF\xE3\xF9\x28\x02\x8F\x7E\x58\x56\xB4\xFD\x03\x5C\xEA\x4B'),
1518 ]),
1519 OrderedDict([
1520 ('extn_id', 'authority_key_identifier'),
1521 ('critical', False),
1522 (
1523 'extn_value',
1524 OrderedDict([
1525 ('key_identifier', b'\xBE\x42\x85\x3D\xCC\xFF\xE3\xF9\x28\x02\x8F\x7E\x58\x56\xB4\xFD\x03\x5C\xEA\x4B'),
1526 (
1527 'authority_cert_issuer',
1528 [
1529 OrderedDict([
1530 ('country_name', 'US'),
1531 ('state_or_province_name', 'Massachusetts'),
1532 ('locality_name', 'Newbury'),
1533 ('organization_name', 'Codex Non Sufficit LC'),
1534 ('organizational_unit_name', 'Testing'),
1535 ('common_name', 'Will Bond'),
1536 ('email_address', 'will@codexns.io'),
1537 ])
1538 ]
1539 ),
1540 ('authority_cert_serial_number', 13683582341504654466),
1541 ])
1542 ),
1543 ]),
1544 OrderedDict([
1545 ('extn_id', 'basic_constraints'),
1546 ('critical', False),
1547 (
1548 'extn_value',
1549 OrderedDict([
1550 ('ca', True),
1551 ('path_len_constraint', None)
1552 ])
1553 ),
1554 ]),
1555 ],
1556 extensions.native
1557 )
1558
1559 def test_parse_dsa_certificate(self):
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1560 cert = self._load_cert('keys/test-dsa-der.crt')
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]1561
1562 tbs_certificate = cert['tbs_certificate']
1563 signature = tbs_certificate['signature']
1564 issuer = tbs_certificate['issuer']
1565 validity = tbs_certificate['validity']
1566 subject = tbs_certificate['subject']
1567 subject_public_key_info = tbs_certificate['subject_public_key_info']
1568 subject_public_key_algorithm = subject_public_key_info['algorithm']
1569 subject_public_key = subject_public_key_info['public_key'].parsed
1570 extensions = tbs_certificate['extensions']
1571
1572 self.assertEqual(
1573 'v3',
1574 tbs_certificate['version'].native
1575 )
1576 self.assertEqual(
1577 14308214745771946523,
1578 tbs_certificate['serial_number'].native
1579 )
1580 self.assertEqual(
1581 'sha256_dsa',
1582 signature['algorithm'].native
1583 )
1584 self.assertEqual(
1585 None,
1586 signature['parameters'].native
1587 )
1588 self.assertEqual(
1589 OrderedDict([
1590 ('country_name', 'US'),
1591 ('state_or_province_name', 'Massachusetts'),
1592 ('locality_name', 'Newbury'),
1593 ('organization_name', 'Codex Non Sufficit LC'),
1594 ('organizational_unit_name', 'Testing'),
1595 ('common_name', 'Will Bond'),
1596 ('email_address', 'will@codexns.io'),
1597 ]),
1598 issuer.native
1599 )
1600 self.assertEqual(
1601 datetime(2015, 5, 20, 13, 9, 2, tzinfo=core.timezone.utc),
1602 validity['not_before'].native
1603 )
1604 self.assertEqual(
1605 datetime(2025, 5, 17, 13, 9, 2, tzinfo=core.timezone.utc),
1606 validity['not_after'].native
1607 )
1608 self.assertEqual(
1609 OrderedDict([
1610 ('country_name', 'US'),
1611 ('state_or_province_name', 'Massachusetts'),
1612 ('locality_name', 'Newbury'),
1613 ('organization_name', 'Codex Non Sufficit LC'),
1614 ('organizational_unit_name', 'Testing'),
1615 ('common_name', 'Will Bond'),
1616 ('email_address', 'will@codexns.io'),
1617 ]),
1618 subject.native
1619 )
1620 self.assertEqual(
1621 'dsa',
1622 subject_public_key_algorithm['algorithm'].native
1623 )
1624 self.assertEqual(
1625 OrderedDict([
1626 ('p', 4511743893397705393934377497936985478231822206263141826261443300639402520800626925517264115785551703273809312112372693877437137848393530691841757974971843334497076835630893064661599193178307024379015589119302113551197423138934242435710226975119594589912289060014025377813473273600967729027125618396732574594753039493158066887433778053086408525146692226448554390096911703556213619406958876388642882534250747780313634767409586007581976273681005928967585750017105562145167146445061803488570714706090280814293902464230717946651489964409785146803791743658888866280873858000476717727810363942159874283767926511678640730707887895260274767195555813448140889391762755466967436731106514029224490921857229134393798015954890071206959203407845438863870686180087606429828973298318856683615900474921310376145478859687052812749087809700610549251964102790514588562086548577933609968589710807989944739877028770343142449461177732058649962678857),
1627 ('q', 71587850165936478337655415373676526523562874562337607790945426056266440596923),
1628 ('g', 761437146067908309288345767887973163494473925243194806582679580640442238588269326525839153095505341738937595419375068472941615006110237832663093084973431440436421580371384720052414080562019831325744042316268714195397974084616335082272743706567701546951285088540646372701485690904535540223121118329044403681933304838754517522024738251994717369464179515923093116622352823578284891812676662979104509631349201801577889230316128523885862472086364717411346341249139971907827526291913249445756671582283459372536334490171231311487207683108274785825764378203622999309355578169139646003751751448501475767709869676880946562283552431757983801739671783678927397420797147373441051876558068212062253171347849380506793433921881336652424898488378657239798694995315456959568806256079056461448199493507273882763491729787817044805150879660784158902456811649964987582162907020243296662602990514615480712948126671999033658064244112238138589732202),
1629 ]),
1630 subject_public_key_algorithm['parameters'].native
1631 )
1632 self.assertEqual(
1633 934231235067929794039535952071098031636053793876274937162425423023735221571983693370780054696865229184537343792766496068557051933738826401423094028670222490622041397241325320965905259541032379046252395145258594355589801644789631904099105867133976990593761395721476198083091062806327384261369876465927159169400428623265291958463077792777155465482611741502621885386691681062128487785344975981628995609792181581218570320181053055516069553767918513262908069925035292416868414952256645902605335068760774106734518308281769128146479819566784704033671969858507248124850451414380441279385481154336362988505436125981975735568289420374790767927084033441728922597082155884801013899630856890463962357814273014111039522903328923758417820349377075487103441305806369234738881875734407495707878637895190993370257589211331043479113328811265005530361001980539377903738453549980082795009589559114091215518866106998956304437954236070776810740036,
1634 subject_public_key.native
1635 )
1636 self.assertEqual(
1637 None,
1638 tbs_certificate['issuer_unique_id'].native
1639 )
1640 self.assertIsInstance(
1641 tbs_certificate['issuer_unique_id'],
1642 core.NoValue
1643 )
1644 self.assertEqual(
1645 None,
1646 tbs_certificate['subject_unique_id'].native
1647 )
1648 self.assertIsInstance(
1649 tbs_certificate['subject_unique_id'],
1650 core.NoValue
1651 )
1652
1653 self.maxDiff = None
1654 for extension in extensions:
1655 self.assertIsInstance(
1656 extension,
1657 x509.Extension
1658 )
1659 self.assertEqual(
1660 [
1661 OrderedDict([
1662 ('extn_id', 'key_identifier'),
1663 ('critical', False),
1664 ('extn_value', b'\x81\xA3\x37\x86\xF9\x99\x28\xF2\x74\x70\x60\x87\xF2\xD3\x7E\x8D\x19\x61\xA8\xBE'),
1665 ]),
1666 OrderedDict([
1667 ('extn_id', 'authority_key_identifier'),
1668 ('critical', False),
1669 (
1670 'extn_value',
1671 OrderedDict([
1672 ('key_identifier', b'\x81\xA3\x37\x86\xF9\x99\x28\xF2\x74\x70\x60\x87\xF2\xD3\x7E\x8D\x19\x61\xA8\xBE'),
1673 ('authority_cert_issuer', None),
1674 ('authority_cert_serial_number', None),
1675 ])
1676 ),
1677 ]),
1678 OrderedDict([
1679 ('extn_id', 'basic_constraints'),
1680 ('critical', False),
1681 (
1682 'extn_value',
1683 OrderedDict([
1684 ('ca', True),
1685 ('path_len_constraint', None)
1686 ])
1687 ),
1688 ]),
1689 ],
1690 extensions.native
1691 )
1692
1693 def test_parse_ec_certificate(self):
wbondaf1f5a82015-07-17 12:13:15 -0400[diff] [blame]1694 cert = self._load_cert('keys/test-ec-der.crt')
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]1695
1696 tbs_certificate = cert['tbs_certificate']
1697 signature = tbs_certificate['signature']
1698 issuer = tbs_certificate['issuer']
1699 validity = tbs_certificate['validity']
1700 subject = tbs_certificate['subject']
1701 subject_public_key_info = tbs_certificate['subject_public_key_info']
1702 subject_public_key_algorithm = subject_public_key_info['algorithm']
1703 public_key_params = subject_public_key_info['algorithm']['parameters'].chosen
1704 field_id = public_key_params['field_id']
1705 curve = public_key_params['curve']
1706 subject_public_key = subject_public_key_info['public_key'].parsed
1707 extensions = tbs_certificate['extensions']
1708
1709 self.assertEqual(
1710 'v3',
1711 tbs_certificate['version'].native
1712 )
1713 self.assertEqual(
1714 15854128451240978884,
1715 tbs_certificate['serial_number'].native
1716 )
1717 self.assertEqual(
1718 'sha256_ecdsa',
1719 signature['algorithm'].native
1720 )
1721 self.assertEqual(
1722 None,
1723 signature['parameters'].native
1724 )
1725 self.assertEqual(
1726 OrderedDict([
1727 ('country_name', 'US'),
1728 ('state_or_province_name', 'Massachusetts'),
1729 ('locality_name', 'Newbury'),
1730 ('organization_name', 'Codex Non Sufficit LC'),
1731 ('organizational_unit_name', 'Testing'),
1732 ('common_name', 'Will Bond'),
1733 ('email_address', 'will@codexns.io'),
1734 ]),
1735 issuer.native
1736 )
1737 self.assertEqual(
1738 datetime(2015, 5, 20, 12, 56, 46, tzinfo=core.timezone.utc),
1739 validity['not_before'].native
1740 )
1741 self.assertEqual(
1742 datetime(2025, 5, 17, 12, 56, 46, tzinfo=core.timezone.utc),
1743 validity['not_after'].native
1744 )
1745 self.assertEqual(
1746 OrderedDict([
1747 ('country_name', 'US'),
1748 ('state_or_province_name', 'Massachusetts'),
1749 ('locality_name', 'Newbury'),
1750 ('organization_name', 'Codex Non Sufficit LC'),
1751 ('organizational_unit_name', 'Testing'),
1752 ('common_name', 'Will Bond'),
1753 ('email_address', 'will@codexns.io'),
1754 ]),
1755 subject.native
1756 )
1757 self.assertEqual(
wbond680cba12015-07-01 23:53:54 -0400[diff] [blame]1758 'ec',
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]1759 subject_public_key_algorithm['algorithm'].native
1760 )
1761 self.assertEqual(
1762 'ecdpVer1',
1763 public_key_params['version'].native
1764 )
1765 self.assertEqual(
1766 'prime_field',
1767 field_id['field_type'].native
1768 )
1769 self.assertEqual(
1770 115792089210356248762697446949407573530086143415290314195533631308867097853951,
1771 field_id['parameters'].native
1772 )
1773 self.assertEqual(
1774 b'\xFF\xFF\xFF\xFF\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFC',
1775 curve['a'].native
1776 )
1777 self.assertEqual(
1778 b'\x5A\xC6\x35\xD8\xAA\x3A\x93\xE7\xB3\xEB\xBD\x55\x76\x98\x86\xBC\x65\x1D\x06\xB0\xCC\x53\xB0\xF6\x3B\xCE\x3C\x3E\x27\xD2\x60\x4B',
1779 curve['b'].native
1780 )
1781 self.assertEqual(
1782 b'\xC4\x9D\x36\x08\x86\xE7\x04\x93\x6A\x66\x78\xE1\x13\x9D\x26\xB7\x81\x9F\x7E\x90',
1783 curve['seed'].native
1784 )
1785 self.assertEqual(
1786 b'\x04\x6B\x17\xD1\xF2\xE1\x2C\x42\x47\xF8\xBC\xE6\xE5\x63\xA4\x40\xF2\x77\x03\x7D\x81\x2D\xEB\x33\xA0\xF4\xA1\x39\x45\xD8\x98\xC2\x96\x4F\xE3\x42\xE2\xFE\x1A\x7F\x9B\x8E\xE7\xEB\x4A\x7C\x0F\x9E\x16\x2B\xCE\x33\x57\x6B\x31\x5E\xCE\xCB\xB6\x40\x68\x37\xBF\x51\xF5',
1787 public_key_params['base'].native
1788 )
1789 self.assertEqual(
1790 115792089210356248762697446949407573529996955224135760342422259061068512044369,
1791 public_key_params['order'].native
1792 )
1793 self.assertEqual(
1794 1,
1795 public_key_params['cofactor'].native
1796 )
1797 self.assertEqual(
1798 None,
1799 public_key_params['hash'].native
1800 )
1801 self.assertEqual(
1802 b'G\x9f\xcbs$\x1d\xc9\xdd\xd1-\xf1:\x9f\xb7\x04\xde \xd0X\x00\x93T\xf6\x89\xc7/\x87+\xf7\xf9=;4\xed\x9e{\x0e=WB\xdfx\x03\x0b\xcc1\xc6\x03\xd7\x9f`\x01',
1803 subject_public_key.native
1804 )
1805 self.assertEqual(
1806 None,
1807 tbs_certificate['issuer_unique_id'].native
1808 )
1809 self.assertIsInstance(
1810 tbs_certificate['issuer_unique_id'],
1811 core.NoValue
1812 )
1813 self.assertEqual(
1814 None,
1815 tbs_certificate['subject_unique_id'].native
1816 )
1817 self.assertIsInstance(
1818 tbs_certificate['subject_unique_id'],
1819 core.NoValue
1820 )
1821
1822 self.maxDiff = None
1823 for extension in extensions:
1824 self.assertIsInstance(
1825 extension,
1826 x509.Extension
1827 )
1828 self.assertEqual(
1829 [
1830 OrderedDict([
1831 ('extn_id', 'key_identifier'),
1832 ('critical', False),
1833 ('extn_value', b'\x54\xAA\x54\x70\x6C\x34\x1A\x6D\xEB\x5D\x97\xD7\x1E\xFC\xD5\x24\x3C\x8A\x0E\xD7'),
1834 ]),
1835 OrderedDict([
1836 ('extn_id', 'authority_key_identifier'),
1837 ('critical', False),
1838 (
1839 'extn_value',
1840 OrderedDict([
1841 ('key_identifier', b'\x54\xAA\x54\x70\x6C\x34\x1A\x6D\xEB\x5D\x97\xD7\x1E\xFC\xD5\x24\x3C\x8A\x0E\xD7'),
1842 ('authority_cert_issuer', None),
1843 ('authority_cert_serial_number', None),
1844 ])
1845 ),
1846 ]),
1847 OrderedDict([
1848 ('extn_id', 'basic_constraints'),
1849 ('critical', False),
1850 (
1851 'extn_value',
1852 OrderedDict([
1853 ('ca', True),
1854 ('path_len_constraint', None)
1855 ])
1856 ),
1857 ]),
1858 ],
1859 extensions.native
1860 )