commit 8e66ca6813016d9fc6f57d5f1e50530fc39f78ae
author InvalidInterrupt <InvalidInterrupt@users.noreply.github.com> Tue Aug 16 19:39:31 2016 -0700
committer Alex Gaynor <alex.gaynor@gmail.com> Tue Aug 16 22:39:31 2016 -0400
tree 630a57899cf44a6c98f7928c065da04f16504267
parent dcbd220ee6b4e23f292897e1d6b1e26004ecfd64

CertificateBuilder accepts aware datetimes for not_valid_after and not_valid_before (#2920)

* CertificateBuilder accepts aware datetimes for not_valid_after and not_valid_before
These functions now accept aware datetimes and convert them to UTC

* Added pytz to test requirements

* Correct pep8 error and improve Changelog wording

* Improve tests and clarify changelog message

* Trim Changelog line length

* Allow RevokedCertificateBuilder and CertificateRevocationListBuilder to accept aware datetimes

* Fix accidental changelog entry

tests/test_x509_crlbuilder.py

diff --git a/tests/test_x509_crlbuilder.py b/tests/test_x509_crlbuilder.py
index 96311ee..0d29a3e 100644
--- a/tests/test_x509_crlbuilder.py
+++ b/tests/test_x509_crlbuilder.py
@@ -8,6 +8,8 @@
 
 import pytest
 
+import pytz
+
 from cryptography import x509
 from cryptography.hazmat.backends.interfaces import (
     DSABackend, EllipticCurveBackend, RSABackend, X509Backend
@@ -36,6 +38,24 @@
                 x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, u'US')])
             )
 
+    @pytest.mark.requires_backend_interface(interface=RSABackend)
+    @pytest.mark.requires_backend_interface(interface=X509Backend)
+    def test_aware_last_update(self, backend):
+        last_time = datetime.datetime(2012, 1, 16, 22, 43)
+        tz = pytz.timezone("US/Pacific")
+        last_time = tz.localize(last_time)
+        utc_last = datetime.datetime(2012, 1, 17, 6, 43)
+        next_time = datetime.datetime(2022, 1, 17, 6, 43)
+        private_key = RSA_KEY_2048.private_key(backend)
+        builder = x509.CertificateRevocationListBuilder().issuer_name(
+            x509.Name([
+                x509.NameAttribute(NameOID.COMMON_NAME, u"cryptography.io CA")
+            ])
+        ).last_update(last_time).next_update(next_time)
+
+        crl = builder.sign(private_key, hashes.SHA256(), backend)
+        assert crl.last_update == utc_last
+
     def test_last_update_invalid(self):
         builder = x509.CertificateRevocationListBuilder()
         with pytest.raises(TypeError):
@@ -53,6 +73,24 @@
         with pytest.raises(ValueError):
             builder.last_update(datetime.datetime(2002, 1, 1, 12, 1))
 
+    @pytest.mark.requires_backend_interface(interface=RSABackend)
+    @pytest.mark.requires_backend_interface(interface=X509Backend)
+    def test_aware_next_update(self, backend):
+        next_time = datetime.datetime(2022, 1, 16, 22, 43)
+        tz = pytz.timezone("US/Pacific")
+        next_time = tz.localize(next_time)
+        utc_next = datetime.datetime(2022, 1, 17, 6, 43)
+        last_time = datetime.datetime(2012, 1, 17, 6, 43)
+        private_key = RSA_KEY_2048.private_key(backend)
+        builder = x509.CertificateRevocationListBuilder().issuer_name(
+            x509.Name([
+                x509.NameAttribute(NameOID.COMMON_NAME, u"cryptography.io CA")
+            ])
+        ).last_update(last_time).next_update(next_time)
+
+        crl = builder.sign(private_key, hashes.SHA256(), backend)
+        assert crl.next_update == utc_next
+
     def test_next_update_invalid(self):
         builder = x509.CertificateRevocationListBuilder()
         with pytest.raises(TypeError):