Merge pull request #2388 from reaperhulk/docs-testing
Doc update for test matrix + OS X install
diff --git a/.gitignore b/.gitignore
index 8a870e0..60f9006 100644
--- a/.gitignore
+++ b/.gitignore
@@ -11,3 +11,4 @@
*.egg
.eggs/
*.py[co]
+.hypothesis/
diff --git a/dev-requirements.txt b/dev-requirements.txt
index 440d3b0..6130eb3 100644
--- a/dev-requirements.txt
+++ b/dev-requirements.txt
@@ -12,5 +12,6 @@
sphinxcontrib-spelling
tox
twine
+hypothesis
-e .
-e vectors
diff --git a/docs/development/test-vectors.rst b/docs/development/test-vectors.rst
index 0495cc7..25871d5 100644
--- a/docs/development/test-vectors.rst
+++ b/docs/development/test-vectors.rst
@@ -396,14 +396,14 @@
.. _`IETF`: https://www.ietf.org/
.. _`NIST CAVP`: http://csrc.nist.gov/groups/STM/cavp/
.. _`Bruce Schneier's vectors`: https://www.schneier.com/code/vectors.txt
-.. _`Camellia page`: http://info.isl.ntt.co.jp/crypt/eng/camellia/
-.. _`CRYPTREC`: http://www.cryptrec.go.jp
+.. _`Camellia page`: https://info.isl.ntt.co.jp/crypt/eng/camellia/
+.. _`CRYPTREC`: https://www.cryptrec.go.jp
.. _`OpenSSL's test vectors`: https://github.com/openssl/openssl/blob/97cf1f6c2854a3a955fd7dd3a1f113deba00c9ef/crypto/evp/evptests.txt#L232
.. _`RIPEMD website`: http://homes.esat.kuleuven.be/~bosselae/ripemd160.html
.. _`Whirlpool website`: http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html
.. _`draft RFC`: https://tools.ietf.org/html/draft-josefsson-scrypt-kdf-01
.. _`Specification repository`: https://github.com/fernet/spec
-.. _`errata`: http://www.rfc-editor.org/errata_search.php?rfc=6238
+.. _`errata`: https://www.rfc-editor.org/errata_search.php?rfc=6238
.. _`OpenSSL example key`: https://github.com/openssl/openssl/blob/d02b48c63a58ea4367a0e905979f140b7d090f86/test/testrsa.pem
.. _`GnuTLS key parsing tests`: https://gitlab.com/gnutls/gnutls/commit/f16ef39ef0303b02d7fa590a37820440c466ce8d
.. _`enc-rsa-pkcs8.pem`: https://gitlab.com/gnutls/gnutls/blob/f8d943b38bf74eaaa11d396112daf43cb8aa82ae/tests/pkcs8-decode/encpkcs8.pem
diff --git a/docs/hazmat/primitives/asymmetric/rsa.rst b/docs/hazmat/primitives/asymmetric/rsa.rst
index a67ea47..f88750c 100644
--- a/docs/hazmat/primitives/asymmetric/rsa.rst
+++ b/docs/hazmat/primitives/asymmetric/rsa.rst
@@ -652,4 +652,4 @@
.. _`Chinese Remainder Theorem`: https://en.wikipedia.org/wiki/RSA_%28cryptosystem%29#Using_the_Chinese_remainder_algorithm
.. _`security proof`: http://eprint.iacr.org/2001/062.pdf
.. _`recommended padding algorithm`: http://www.daemonology.net/blog/2009-06-11-cryptographic-right-answers.html
-.. _`proven secure`: http://cseweb.ucsd.edu/~mihir/papers/oae.pdf
+.. _`proven secure`: https://cseweb.ucsd.edu/~mihir/papers/oae.pdf
diff --git a/docs/hazmat/primitives/mac/index.rst b/docs/hazmat/primitives/mac/index.rst
index bc54bae..05db708 100644
--- a/docs/hazmat/primitives/mac/index.rst
+++ b/docs/hazmat/primitives/mac/index.rst
@@ -9,7 +9,7 @@
For more information on why HMAC is preferred, see `Use cases for CMAC vs.
HMAC?`_
-.. _`Use cases for CMAC vs. HMAC?`: http://crypto.stackexchange.com/questions/15721/use-cases-for-cmac-vs-hmac
+.. _`Use cases for CMAC vs. HMAC?`: https://crypto.stackexchange.com/questions/15721/use-cases-for-cmac-vs-hmac
.. toctree::
:maxdepth: 1
diff --git a/docs/installation.rst b/docs/installation.rst
index fd9a2d7..1456b72 100644
--- a/docs/installation.rst
+++ b/docs/installation.rst
@@ -196,7 +196,7 @@
.. _`Homebrew`: http://brew.sh
-.. _`MacPorts`: http://www.macports.org
+.. _`MacPorts`: https://www.macports.org
.. _`32-bit`: https://jenkins.cryptography.io/job/openssl-win32-release/
.. _`64-bit`: https://jenkins.cryptography.io/job/openssl-win64-release/
.. _`bug in conda`: https://github.com/conda/conda-recipes/issues/110
diff --git a/docs/x509/reference.rst b/docs/x509/reference.rst
index 62bdb3a..87383db 100644
--- a/docs/x509/reference.rst
+++ b/docs/x509/reference.rst
@@ -496,9 +496,8 @@
Adds an X.509 extension to the certificate.
- :param extension: The extension to add to the certificate. Can be one
- of :class:`~cryptography.x509.BasicConstraints` or
- :class:`~cryptography.x509.SubjectAlternativeName`.
+ :param extension: An extension conforming to the
+ :class:`~cryptography.x509.ExtensionType` interface.
:param critical: Set to ``True`` if the extension must be understood and
handled by whoever reads the certificate.
@@ -663,8 +662,8 @@
.. method:: add_extension(extension, critical)
- :param extension: The :class:`~cryptography.x509.Extension` to add to
- the request.
+ :param extension: An extension conforming to the
+ :class:`~cryptography.x509.ExtensionType` interface.
:param critical: Set to `True` if the extension must be understood and
handled by whoever reads the certificate.
:returns: A new
diff --git a/setup.py b/setup.py
index b36f3de..5db8477 100644
--- a/setup.py
+++ b/setup.py
@@ -60,6 +60,7 @@
"pytest<2.8",
"pretend",
"iso8601",
+ "hypothesis",
]
# If there's no vectors locally that probably means we are in a tarball and
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index d30bfc2..ac025e9 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -235,7 +235,7 @@
constraints, backend._lib.BASIC_CONSTRAINTS_free
)
constraints.ca = 255 if basic_constraints.ca else 0
- if basic_constraints.ca:
+ if basic_constraints.ca and basic_constraints.path_length is not None:
constraints.pathlen = _encode_asn1_int(
backend, basic_constraints.path_length
)
diff --git a/src/cryptography/utils.py b/src/cryptography/utils.py
index 237d596..dac4046 100644
--- a/src/cryptography/utils.py
+++ b/src/cryptography/utils.py
@@ -58,6 +58,12 @@
pass
+if hasattr(inspect, "signature"):
+ signature = inspect.signature
+else:
+ signature = inspect.getargspec
+
+
def verify_interface(iface, klass):
for method in iface.__abstractmethods__:
if not hasattr(klass, method):
@@ -67,13 +73,13 @@
if isinstance(getattr(iface, method), abc.abstractproperty):
# Can't properly verify these yet.
continue
- spec = inspect.getargspec(getattr(iface, method))
- actual = inspect.getargspec(getattr(klass, method))
- if spec != actual:
+ sig = signature(getattr(iface, method))
+ actual = signature(getattr(klass, method))
+ if sig != actual:
raise InterfaceNotImplemented(
"{0}.{1}'s signature differs from the expected. Expected: "
"{2!r}. Received: {3!r}".format(
- klass, method, spec, actual
+ klass, method, sig, actual
)
)
diff --git a/tests/hypothesis/__init__.py b/tests/hypothesis/__init__.py
new file mode 100644
index 0000000..4b54088
--- /dev/null
+++ b/tests/hypothesis/__init__.py
@@ -0,0 +1,5 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from __future__ import absolute_import, division, print_function
diff --git a/tests/hypothesis/test_fernet.py b/tests/hypothesis/test_fernet.py
new file mode 100644
index 0000000..fd24380
--- /dev/null
+++ b/tests/hypothesis/test_fernet.py
@@ -0,0 +1,11 @@
+from hypothesis import given
+from hypothesis.strategies import binary
+
+from cryptography.fernet import Fernet
+
+
+@given(binary())
+def test_fernet(data):
+ f = Fernet(Fernet.generate_key())
+ ct = f.encrypt(data)
+ assert f.decrypt(ct) == data
diff --git a/tests/test_x509.py b/tests/test_x509.py
index 220e71a..0c022df 100644
--- a/tests/test_x509.py
+++ b/tests/test_x509.py
@@ -1601,6 +1601,30 @@
decipher_only=False
)
+ @pytest.mark.requires_backend_interface(interface=RSABackend)
+ @pytest.mark.requires_backend_interface(interface=X509Backend)
+ def test_build_ca_request_with_path_length_none(self, backend):
+ private_key = RSA_KEY_2048.private_key(backend)
+
+ request = x509.CertificateSigningRequestBuilder().subject_name(
+ x509.Name([
+ x509.NameAttribute(NameOID.ORGANIZATION_NAME,
+ u'PyCA'),
+ ])
+ ).add_extension(
+ x509.BasicConstraints(ca=True, path_length=None), critical=True
+ ).sign(private_key, hashes.SHA1(), backend)
+
+ loaded_request = x509.load_pem_x509_csr(
+ request.public_bytes(encoding=serialization.Encoding.PEM), backend
+ )
+ subject = loaded_request.subject
+ assert isinstance(subject, x509.Name)
+ basic_constraints = request.extensions.get_extension_for_oid(
+ ExtensionOID.BASIC_CONSTRAINTS
+ )
+ assert basic_constraints.value.path_length is None
+
@pytest.mark.requires_backend_interface(interface=X509Backend)
class TestCertificateSigningRequestBuilder(object):
diff --git a/tox.ini b/tox.ini
index a890e38..016aada 100644
--- a/tox.ini
+++ b/tox.ini
@@ -8,6 +8,7 @@
iso8601
pretend
pytest<2.8
+ hypothesis>=1.11.4
./vectors
passenv = ARCHFLAGS LDFLAGS CFLAGS INCLUDE LIB LD_LIBRARY_PATH USERNAME
commands =
@@ -85,7 +86,7 @@
py.test --capture=no --strict --random {posargs}
[flake8]
-exclude = .tox,*.egg,.git,_build
+exclude = .tox,*.egg,.git,_build,.hypothesis
select = E,W,F,N,I
application-import-names = cryptography,cryptography_vectors,tests