Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cryptography / 014b68ead801e23a33e06524c20d2f290ba6772f / . / tests / test_x509.py
blob: a3bed85fc4f55188256b59b1317dd143b2a7df09 [file] [log] [blame]
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]1# This file is dual licensed under the terms of the Apache License, Version
2# 2.0, and the BSD License. See the LICENSE file in the root of this repository
3# for complete details.
4
5from __future__ import absolute_import, division, print_function
6
Paul Kehrer0307c372014-11-27 09:49:31 -1000[diff] [blame]7import binascii
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]8import datetime
9import os
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]10
11import pytest
12
13from cryptography import x509
Paul Kehrer8802a5b2015-02-13 12:06:57 -0600[diff] [blame]14from cryptography.exceptions import UnsupportedAlgorithm
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]15from cryptography.hazmat.backends.interfaces import (
16 DSABackend, EllipticCurveBackend, RSABackend, X509Backend
17)
Andre Caron476c5df2015-05-18 10:23:28 -0400[diff] [blame]18from cryptography.hazmat.primitives import hashes, serialization
Alex Gaynor32c57df2015-02-23 21:51:27 -0800[diff] [blame]19from cryptography.hazmat.primitives.asymmetric import dsa, ec, rsa
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]20
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]21from .hazmat.primitives.test_ec import _skip_curve_unsupported
Paul Kehrera9d78c12014-11-26 10:59:03 -1000[diff] [blame]22from .utils import load_vectors_from_file
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]23
24
Paul Kehrer41120322014-12-02 18:31:14 -1000[diff] [blame]25def _load_cert(filename, loader, backend):
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]26 cert = load_vectors_from_file(
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]27 filename=filename,
28 loader=lambda pemfile: loader(pemfile.read(), backend),
29 mode="rb"
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]30 )
31 return cert
32
33
34@pytest.mark.requires_backend_interface(interface=RSABackend)
35@pytest.mark.requires_backend_interface(interface=X509Backend)
Paul Kehrere76cd272014-12-14 19:00:51 -0600[diff] [blame]36class TestRSACertificate(object):
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]37 def test_load_pem_cert(self, backend):
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]38 cert = _load_cert(
39 os.path.join("x509", "custom", "post2000utctime.pem"),
Paul Kehrer41120322014-12-02 18:31:14 -1000[diff] [blame]40 x509.load_pem_x509_certificate,
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]41 backend
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]42 )
Paul Kehrere76cd272014-12-14 19:00:51 -0600[diff] [blame]43 assert isinstance(cert, x509.Certificate)
44 assert cert.serial == 11559813051657483483
45 fingerprint = binascii.hexlify(cert.fingerprint(hashes.SHA1()))
46 assert fingerprint == b"2b619ed04bfc9c3b08eb677d272192286a0947a8"
Paul Kehrer8802a5b2015-02-13 12:06:57 -0600[diff] [blame]47 assert isinstance(cert.signature_hash_algorithm, hashes.SHA1)
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]48
49 def test_load_der_cert(self, backend):
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]50 cert = _load_cert(
51 os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"),
Paul Kehrer41120322014-12-02 18:31:14 -1000[diff] [blame]52 x509.load_der_x509_certificate,
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]53 backend
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]54 )
Paul Kehrere76cd272014-12-14 19:00:51 -0600[diff] [blame]55 assert isinstance(cert, x509.Certificate)
56 assert cert.serial == 2
57 fingerprint = binascii.hexlify(cert.fingerprint(hashes.SHA1()))
58 assert fingerprint == b"6f49779533d565e8b7c1062503eab41492c38e4d"
Paul Kehrer8802a5b2015-02-13 12:06:57 -0600[diff] [blame]59 assert isinstance(cert.signature_hash_algorithm, hashes.SHA256)
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]60
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]61 def test_issuer(self, backend):
62 cert = _load_cert(
63 os.path.join(
64 "x509", "PKITS_data", "certs",
65 "Validpre2000UTCnotBeforeDateTest3EE.crt"
66 ),
67 x509.load_der_x509_certificate,
68 backend
69 )
70 issuer = cert.issuer
71 assert isinstance(issuer, x509.Name)
Paul Kehrer8b21a4a2015-02-14 07:56:36 -0600[diff] [blame]72 assert list(issuer) == [
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]73 x509.NameAttribute(x509.OID_COUNTRY_NAME, 'US'),
74 x509.NameAttribute(
75 x509.OID_ORGANIZATION_NAME, 'Test Certificates 2011'
76 ),
77 x509.NameAttribute(x509.OID_COMMON_NAME, 'Good CA')
78 ]
Paul Kehrere901d642015-02-11 18:50:58 -0600[diff] [blame]79 assert issuer.get_attributes_for_oid(x509.OID_COMMON_NAME) == [
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]80 x509.NameAttribute(x509.OID_COMMON_NAME, 'Good CA')
81 ]
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]82
83 def test_all_issuer_name_types(self, backend):
84 cert = _load_cert(
85 os.path.join(
86 "x509", "custom",
87 "all_supported_names.pem"
88 ),
89 x509.load_pem_x509_certificate,
90 backend
91 )
92 issuer = cert.issuer
93
94 assert isinstance(issuer, x509.Name)
Paul Kehrer8b21a4a2015-02-14 07:56:36 -0600[diff] [blame]95 assert list(issuer) == [
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]96 x509.NameAttribute(x509.OID_COUNTRY_NAME, 'US'),
97 x509.NameAttribute(x509.OID_COUNTRY_NAME, 'CA'),
98 x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, 'Texas'),
99 x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, 'Illinois'),
100 x509.NameAttribute(x509.OID_LOCALITY_NAME, 'Chicago'),
101 x509.NameAttribute(x509.OID_LOCALITY_NAME, 'Austin'),
102 x509.NameAttribute(x509.OID_ORGANIZATION_NAME, 'Zero, LLC'),
103 x509.NameAttribute(x509.OID_ORGANIZATION_NAME, 'One, LLC'),
104 x509.NameAttribute(x509.OID_COMMON_NAME, 'common name 0'),
105 x509.NameAttribute(x509.OID_COMMON_NAME, 'common name 1'),
106 x509.NameAttribute(x509.OID_ORGANIZATIONAL_UNIT_NAME, 'OU 0'),
107 x509.NameAttribute(x509.OID_ORGANIZATIONAL_UNIT_NAME, 'OU 1'),
108 x509.NameAttribute(x509.OID_DN_QUALIFIER, 'dnQualifier0'),
109 x509.NameAttribute(x509.OID_DN_QUALIFIER, 'dnQualifier1'),
110 x509.NameAttribute(x509.OID_SERIAL_NUMBER, '123'),
111 x509.NameAttribute(x509.OID_SERIAL_NUMBER, '456'),
112 x509.NameAttribute(x509.OID_TITLE, 'Title 0'),
113 x509.NameAttribute(x509.OID_TITLE, 'Title 1'),
114 x509.NameAttribute(x509.OID_SURNAME, 'Surname 0'),
115 x509.NameAttribute(x509.OID_SURNAME, 'Surname 1'),
116 x509.NameAttribute(x509.OID_GIVEN_NAME, 'Given Name 0'),
117 x509.NameAttribute(x509.OID_GIVEN_NAME, 'Given Name 1'),
118 x509.NameAttribute(x509.OID_PSEUDONYM, 'Incognito 0'),
119 x509.NameAttribute(x509.OID_PSEUDONYM, 'Incognito 1'),
120 x509.NameAttribute(x509.OID_GENERATION_QUALIFIER, 'Last Gen'),
121 x509.NameAttribute(x509.OID_GENERATION_QUALIFIER, 'Next Gen'),
122 x509.NameAttribute(x509.OID_DOMAIN_COMPONENT, 'dc0'),
123 x509.NameAttribute(x509.OID_DOMAIN_COMPONENT, 'dc1'),
124 x509.NameAttribute(x509.OID_EMAIL_ADDRESS, 'test0@test.local'),
125 x509.NameAttribute(x509.OID_EMAIL_ADDRESS, 'test1@test.local'),
126 ]
127
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]128 def test_subject(self, backend):
129 cert = _load_cert(
130 os.path.join(
131 "x509", "PKITS_data", "certs",
132 "Validpre2000UTCnotBeforeDateTest3EE.crt"
133 ),
134 x509.load_der_x509_certificate,
135 backend
136 )
137 subject = cert.subject
138 assert isinstance(subject, x509.Name)
Paul Kehrer8b21a4a2015-02-14 07:56:36 -0600[diff] [blame]139 assert list(subject) == [
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]140 x509.NameAttribute(x509.OID_COUNTRY_NAME, 'US'),
141 x509.NameAttribute(
142 x509.OID_ORGANIZATION_NAME, 'Test Certificates 2011'
143 ),
144 x509.NameAttribute(
145 x509.OID_COMMON_NAME,
146 'Valid pre2000 UTC notBefore Date EE Certificate Test3'
147 )
148 ]
Paul Kehrere901d642015-02-11 18:50:58 -0600[diff] [blame]149 assert subject.get_attributes_for_oid(x509.OID_COMMON_NAME) == [
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]150 x509.NameAttribute(
151 x509.OID_COMMON_NAME,
152 'Valid pre2000 UTC notBefore Date EE Certificate Test3'
153 )
154 ]
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]155
156 def test_unicode_name(self, backend):
157 cert = _load_cert(
158 os.path.join(
159 "x509", "custom",
160 "utf8_common_name.pem"
161 ),
162 x509.load_pem_x509_certificate,
163 backend
164 )
Paul Kehrere901d642015-02-11 18:50:58 -0600[diff] [blame]165 assert cert.subject.get_attributes_for_oid(x509.OID_COMMON_NAME) == [
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]166 x509.NameAttribute(
167 x509.OID_COMMON_NAME,
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]168 u'We heart UTF8!\u2122'
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]169 )
170 ]
Paul Kehrere901d642015-02-11 18:50:58 -0600[diff] [blame]171 assert cert.issuer.get_attributes_for_oid(x509.OID_COMMON_NAME) == [
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]172 x509.NameAttribute(
173 x509.OID_COMMON_NAME,
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]174 u'We heart UTF8!\u2122'
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]175 )
176 ]
177
178 def test_all_subject_name_types(self, backend):
179 cert = _load_cert(
180 os.path.join(
181 "x509", "custom",
182 "all_supported_names.pem"
183 ),
184 x509.load_pem_x509_certificate,
185 backend
186 )
187 subject = cert.subject
188 assert isinstance(subject, x509.Name)
Paul Kehrer8b21a4a2015-02-14 07:56:36 -0600[diff] [blame]189 assert list(subject) == [
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]190 x509.NameAttribute(x509.OID_COUNTRY_NAME, 'AU'),
191 x509.NameAttribute(x509.OID_COUNTRY_NAME, 'DE'),
192 x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, 'California'),
193 x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, 'New York'),
194 x509.NameAttribute(x509.OID_LOCALITY_NAME, 'San Francisco'),
195 x509.NameAttribute(x509.OID_LOCALITY_NAME, 'Ithaca'),
196 x509.NameAttribute(x509.OID_ORGANIZATION_NAME, 'Org Zero, LLC'),
197 x509.NameAttribute(x509.OID_ORGANIZATION_NAME, 'Org One, LLC'),
198 x509.NameAttribute(x509.OID_COMMON_NAME, 'CN 0'),
199 x509.NameAttribute(x509.OID_COMMON_NAME, 'CN 1'),
200 x509.NameAttribute(
201 x509.OID_ORGANIZATIONAL_UNIT_NAME, 'Engineering 0'
202 ),
203 x509.NameAttribute(
204 x509.OID_ORGANIZATIONAL_UNIT_NAME, 'Engineering 1'
205 ),
206 x509.NameAttribute(x509.OID_DN_QUALIFIER, 'qualified0'),
207 x509.NameAttribute(x509.OID_DN_QUALIFIER, 'qualified1'),
208 x509.NameAttribute(x509.OID_SERIAL_NUMBER, '789'),
209 x509.NameAttribute(x509.OID_SERIAL_NUMBER, '012'),
210 x509.NameAttribute(x509.OID_TITLE, 'Title IX'),
211 x509.NameAttribute(x509.OID_TITLE, 'Title X'),
212 x509.NameAttribute(x509.OID_SURNAME, 'Last 0'),
213 x509.NameAttribute(x509.OID_SURNAME, 'Last 1'),
214 x509.NameAttribute(x509.OID_GIVEN_NAME, 'First 0'),
215 x509.NameAttribute(x509.OID_GIVEN_NAME, 'First 1'),
216 x509.NameAttribute(x509.OID_PSEUDONYM, 'Guy Incognito 0'),
217 x509.NameAttribute(x509.OID_PSEUDONYM, 'Guy Incognito 1'),
218 x509.NameAttribute(x509.OID_GENERATION_QUALIFIER, '32X'),
219 x509.NameAttribute(x509.OID_GENERATION_QUALIFIER, 'Dreamcast'),
220 x509.NameAttribute(x509.OID_DOMAIN_COMPONENT, 'dc2'),
221 x509.NameAttribute(x509.OID_DOMAIN_COMPONENT, 'dc3'),
222 x509.NameAttribute(x509.OID_EMAIL_ADDRESS, 'test2@test.local'),
223 x509.NameAttribute(x509.OID_EMAIL_ADDRESS, 'test3@test.local'),
224 ]
225
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]226 def test_load_good_ca_cert(self, backend):
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]227 cert = _load_cert(
228 os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"),
Paul Kehrer41120322014-12-02 18:31:14 -1000[diff] [blame]229 x509.load_der_x509_certificate,
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]230 backend
231 )
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]232
Paul Kehrerd9fc7252014-12-11 12:25:00 -0600[diff] [blame]233 assert cert.not_valid_before == datetime.datetime(2010, 1, 1, 8, 30)
234 assert cert.not_valid_after == datetime.datetime(2030, 12, 31, 8, 30)
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]235 assert cert.serial == 2
236 public_key = cert.public_key()
Alex Gaynor32c57df2015-02-23 21:51:27 -0800[diff] [blame]237 assert isinstance(public_key, rsa.RSAPublicKey)
Paul Kehrere76cd272014-12-14 19:00:51 -0600[diff] [blame]238 assert cert.version is x509.Version.v3
Paul Kehrer0307c372014-11-27 09:49:31 -1000[diff] [blame]239 fingerprint = binascii.hexlify(cert.fingerprint(hashes.SHA1()))
Paul Kehrer4e1db792014-11-27 10:50:55 -1000[diff] [blame]240 assert fingerprint == b"6f49779533d565e8b7c1062503eab41492c38e4d"
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]241
Paul Kehrer1eb5b862014-11-26 11:44:03 -1000[diff] [blame]242 def test_utc_pre_2000_not_before_cert(self, backend):
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]243 cert = _load_cert(
244 os.path.join(
245 "x509", "PKITS_data", "certs",
246 "Validpre2000UTCnotBeforeDateTest3EE.crt"
247 ),
Paul Kehrer41120322014-12-02 18:31:14 -1000[diff] [blame]248 x509.load_der_x509_certificate,
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]249 backend
250 )
251
Paul Kehrerd9fc7252014-12-11 12:25:00 -0600[diff] [blame]252 assert cert.not_valid_before == datetime.datetime(1950, 1, 1, 12, 1)
Paul Kehrer1eb5b862014-11-26 11:44:03 -1000[diff] [blame]253
254 def test_pre_2000_utc_not_after_cert(self, backend):
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]255 cert = _load_cert(
256 os.path.join(
257 "x509", "PKITS_data", "certs",
258 "Invalidpre2000UTCEEnotAfterDateTest7EE.crt"
259 ),
Paul Kehrer41120322014-12-02 18:31:14 -1000[diff] [blame]260 x509.load_der_x509_certificate,
Paul Kehrer1eb5b862014-11-26 11:44:03 -1000[diff] [blame]261 backend
262 )
263
Paul Kehrerd9fc7252014-12-11 12:25:00 -0600[diff] [blame]264 assert cert.not_valid_after == datetime.datetime(1999, 1, 1, 12, 1)
Paul Kehrer1eb5b862014-11-26 11:44:03 -1000[diff] [blame]265
266 def test_post_2000_utc_cert(self, backend):
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]267 cert = _load_cert(
Paul Kehrer1eb5b862014-11-26 11:44:03 -1000[diff] [blame]268 os.path.join("x509", "custom", "post2000utctime.pem"),
Paul Kehrer41120322014-12-02 18:31:14 -1000[diff] [blame]269 x509.load_pem_x509_certificate,
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]270 backend
Paul Kehrer1eb5b862014-11-26 11:44:03 -1000[diff] [blame]271 )
Paul Kehrerd9fc7252014-12-11 12:25:00 -0600[diff] [blame]272 assert cert.not_valid_before == datetime.datetime(
273 2014, 11, 26, 21, 41, 20
274 )
275 assert cert.not_valid_after == datetime.datetime(
276 2014, 12, 26, 21, 41, 20
277 )
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]278
279 def test_generalized_time_not_before_cert(self, backend):
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]280 cert = _load_cert(
281 os.path.join(
282 "x509", "PKITS_data", "certs",
283 "ValidGeneralizedTimenotBeforeDateTest4EE.crt"
284 ),
Paul Kehrer41120322014-12-02 18:31:14 -1000[diff] [blame]285 x509.load_der_x509_certificate,
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]286 backend
287 )
Paul Kehrerd9fc7252014-12-11 12:25:00 -0600[diff] [blame]288 assert cert.not_valid_before == datetime.datetime(2002, 1, 1, 12, 1)
289 assert cert.not_valid_after == datetime.datetime(2030, 12, 31, 8, 30)
Paul Kehrere76cd272014-12-14 19:00:51 -0600[diff] [blame]290 assert cert.version is x509.Version.v3
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]291
292 def test_generalized_time_not_after_cert(self, backend):
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]293 cert = _load_cert(
294 os.path.join(
295 "x509", "PKITS_data", "certs",
296 "ValidGeneralizedTimenotAfterDateTest8EE.crt"
297 ),
Paul Kehrer41120322014-12-02 18:31:14 -1000[diff] [blame]298 x509.load_der_x509_certificate,
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]299 backend
300 )
Paul Kehrerd9fc7252014-12-11 12:25:00 -0600[diff] [blame]301 assert cert.not_valid_before == datetime.datetime(2010, 1, 1, 8, 30)
302 assert cert.not_valid_after == datetime.datetime(2050, 1, 1, 12, 1)
Paul Kehrere76cd272014-12-14 19:00:51 -0600[diff] [blame]303 assert cert.version is x509.Version.v3
Paul Kehrera9d78c12014-11-26 10:59:03 -1000[diff] [blame]304
305 def test_invalid_version_cert(self, backend):
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]306 cert = _load_cert(
Paul Kehrera9d78c12014-11-26 10:59:03 -1000[diff] [blame]307 os.path.join("x509", "custom", "invalid_version.pem"),
Paul Kehrer41120322014-12-02 18:31:14 -1000[diff] [blame]308 x509.load_pem_x509_certificate,
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]309 backend
Paul Kehrera9d78c12014-11-26 10:59:03 -1000[diff] [blame]310 )
Paul Kehrerd5cccf72014-12-15 17:20:33 -0600[diff] [blame]311 with pytest.raises(x509.InvalidVersion) as exc:
Paul Kehrera9d78c12014-11-26 10:59:03 -1000[diff] [blame]312 cert.version
Paul Kehrer30c5ccd2014-11-26 11:10:28 -1000[diff] [blame]313
Paul Kehrerd5cccf72014-12-15 17:20:33 -0600[diff] [blame]314 assert exc.value.parsed_version == 7
315
Paul Kehrer8bbdc6f2015-04-30 16:47:16 -0500[diff] [blame]316 def test_eq(self, backend):
317 cert = _load_cert(
318 os.path.join("x509", "custom", "post2000utctime.pem"),
319 x509.load_pem_x509_certificate,
320 backend
321 )
322 cert2 = _load_cert(
323 os.path.join("x509", "custom", "post2000utctime.pem"),
324 x509.load_pem_x509_certificate,
325 backend
326 )
327 assert cert == cert2
328
329 def test_ne(self, backend):
330 cert = _load_cert(
331 os.path.join("x509", "custom", "post2000utctime.pem"),
332 x509.load_pem_x509_certificate,
333 backend
334 )
335 cert2 = _load_cert(
336 os.path.join(
337 "x509", "PKITS_data", "certs",
338 "ValidGeneralizedTimenotAfterDateTest8EE.crt"
339 ),
340 x509.load_der_x509_certificate,
341 backend
342 )
343 assert cert != cert2
344 assert cert != object()
345
Paul Kehrer30c5ccd2014-11-26 11:10:28 -1000[diff] [blame]346 def test_version_1_cert(self, backend):
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]347 cert = _load_cert(
Paul Kehrer30c5ccd2014-11-26 11:10:28 -1000[diff] [blame]348 os.path.join("x509", "v1_cert.pem"),
Paul Kehrer41120322014-12-02 18:31:14 -1000[diff] [blame]349 x509.load_pem_x509_certificate,
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]350 backend
Paul Kehrer30c5ccd2014-11-26 11:10:28 -1000[diff] [blame]351 )
Paul Kehrere76cd272014-12-14 19:00:51 -0600[diff] [blame]352 assert cert.version is x509.Version.v1
Paul Kehrer7638c312014-11-26 11:13:31 -1000[diff] [blame]353
354 def test_invalid_pem(self, backend):
355 with pytest.raises(ValueError):
356 x509.load_pem_x509_certificate(b"notacert", backend)
357
358 def test_invalid_der(self, backend):
359 with pytest.raises(ValueError):
360 x509.load_der_x509_certificate(b"notacert", backend)
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]361
Paul Kehrer8802a5b2015-02-13 12:06:57 -0600[diff] [blame]362 def test_unsupported_signature_hash_algorithm_cert(self, backend):
363 cert = _load_cert(
364 os.path.join("x509", "verisign_md2_root.pem"),
365 x509.load_pem_x509_certificate,
366 backend
367 )
368 with pytest.raises(UnsupportedAlgorithm):
369 cert.signature_hash_algorithm
370
Andre Carona8aded62015-05-19 20:11:57 -0400[diff] [blame]371 def test_public_bytes_pem(self, backend):
372 # Load an existing certificate.
373 cert = _load_cert(
374 os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"),
375 x509.load_der_x509_certificate,
376 backend
377 )
378
379 # Encode it to PEM and load it back.
380 cert = x509.load_pem_x509_certificate(cert.public_bytes(
381 encoding=serialization.Encoding.PEM,
382 ), backend)
383
384 # We should recover what we had to start with.
385 assert cert.not_valid_before == datetime.datetime(2010, 1, 1, 8, 30)
386 assert cert.not_valid_after == datetime.datetime(2030, 12, 31, 8, 30)
387 assert cert.serial == 2
388 public_key = cert.public_key()
389 assert isinstance(public_key, rsa.RSAPublicKey)
390 assert cert.version is x509.Version.v3
391 fingerprint = binascii.hexlify(cert.fingerprint(hashes.SHA1()))
392 assert fingerprint == b"6f49779533d565e8b7c1062503eab41492c38e4d"
393
394 def test_public_bytes_der(self, backend):
395 # Load an existing certificate.
396 cert = _load_cert(
397 os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"),
398 x509.load_der_x509_certificate,
399 backend
400 )
401
402 # Encode it to DER and load it back.
403 cert = x509.load_der_x509_certificate(cert.public_bytes(
404 encoding=serialization.Encoding.DER,
405 ), backend)
406
407 # We should recover what we had to start with.
408 assert cert.not_valid_before == datetime.datetime(2010, 1, 1, 8, 30)
409 assert cert.not_valid_after == datetime.datetime(2030, 12, 31, 8, 30)
410 assert cert.serial == 2
411 public_key = cert.public_key()
412 assert isinstance(public_key, rsa.RSAPublicKey)
413 assert cert.version is x509.Version.v3
414 fingerprint = binascii.hexlify(cert.fingerprint(hashes.SHA1()))
415 assert fingerprint == b"6f49779533d565e8b7c1062503eab41492c38e4d"
416
417 def test_public_bytes_invalid_encoding(self, backend):
418 cert = _load_cert(
419 os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"),
420 x509.load_der_x509_certificate,
421 backend
422 )
423
424 with pytest.raises(TypeError):
425 cert.public_bytes('NotAnEncoding')
426
427 @pytest.mark.parametrize(
428 ("cert_path", "loader_func", "encoding"),
429 [
430 (
431 os.path.join("x509", "v1_cert.pem"),
432 x509.load_pem_x509_certificate,
433 serialization.Encoding.PEM,
434 ),
435 (
436 os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"),
437 x509.load_der_x509_certificate,
438 serialization.Encoding.DER,
439 ),
440 ]
441 )
442 def test_public_bytes_match(self, cert_path, loader_func, encoding,
443 backend):
444 cert_bytes = load_vectors_from_file(
445 cert_path, lambda pemfile: pemfile.read(), mode="rb"
446 )
447 cert = loader_func(cert_bytes, backend)
448 serialized = cert.public_bytes(encoding)
449 assert serialized == cert_bytes
450
451
452@pytest.mark.requires_backend_interface(interface=RSABackend)
453@pytest.mark.requires_backend_interface(interface=X509Backend)
454class TestRSACertificateRequest(object):
Paul Kehrer1effb6e2015-03-30 15:05:59 -0500[diff] [blame]455 @pytest.mark.parametrize(
456 ("path", "loader_func"),
457 [
458 [
459 os.path.join("x509", "requests", "rsa_sha1.pem"),
460 x509.load_pem_x509_csr
461 ],
462 [
463 os.path.join("x509", "requests", "rsa_sha1.der"),
464 x509.load_der_x509_csr
465 ],
466 ]
467 )
468 def test_load_rsa_certificate_request(self, path, loader_func, backend):
469 request = _load_cert(path, loader_func, backend)
Paul Kehrerdc480ad2015-02-23 12:14:54 -0600[diff] [blame]470 assert isinstance(request.signature_hash_algorithm, hashes.SHA1)
471 public_key = request.public_key()
472 assert isinstance(public_key, rsa.RSAPublicKey)
473 subject = request.subject
474 assert isinstance(subject, x509.Name)
475 assert list(subject) == [
476 x509.NameAttribute(x509.OID_COUNTRY_NAME, 'US'),
477 x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, 'Texas'),
478 x509.NameAttribute(x509.OID_LOCALITY_NAME, 'Austin'),
479 x509.NameAttribute(x509.OID_ORGANIZATION_NAME, 'PyCA'),
480 x509.NameAttribute(x509.OID_COMMON_NAME, 'cryptography.io'),
481 ]
Andre Caron6e721a92015-05-17 15:08:48 -0400[diff] [blame]482 extensions = request.extensions
483 assert isinstance(extensions, x509.Extensions)
484 assert list(extensions) == []
Paul Kehrerdc480ad2015-02-23 12:14:54 -0600[diff] [blame]485
Paul Kehrer1effb6e2015-03-30 15:05:59 -0500[diff] [blame]486 @pytest.mark.parametrize(
487 "loader_func",
488 [x509.load_pem_x509_csr, x509.load_der_x509_csr]
489 )
490 def test_invalid_certificate_request(self, loader_func, backend):
Paul Kehrerb759e292015-03-17 07:34:41 -0500[diff] [blame]491 with pytest.raises(ValueError):
Paul Kehrer1effb6e2015-03-30 15:05:59 -0500[diff] [blame]492 loader_func(b"notacsr", backend)
Paul Kehrerb759e292015-03-17 07:34:41 -0500[diff] [blame]493
Paul Kehrerdc480ad2015-02-23 12:14:54 -0600[diff] [blame]494 def test_unsupported_signature_hash_algorithm_request(self, backend):
495 request = _load_cert(
496 os.path.join("x509", "requests", "rsa_md4.pem"),
Paul Kehrer31e39882015-03-11 11:37:04 -0500[diff] [blame]497 x509.load_pem_x509_csr,
Paul Kehrerdc480ad2015-02-23 12:14:54 -0600[diff] [blame]498 backend
499 )
500 with pytest.raises(UnsupportedAlgorithm):
501 request.signature_hash_algorithm
502
Andre Caron6e721a92015-05-17 15:08:48 -0400[diff] [blame]503 def test_duplicate_extension(self, backend):
504 request = _load_cert(
505 os.path.join(
506 "x509", "requests", "two_basic_constraints.pem"
507 ),
508 x509.load_pem_x509_csr,
509 backend
510 )
511 with pytest.raises(x509.DuplicateExtension) as exc:
512 request.extensions
513
514 assert exc.value.oid == x509.OID_BASIC_CONSTRAINTS
515
516 def test_unsupported_critical_extension(self, backend):
517 request = _load_cert(
518 os.path.join(
519 "x509", "requests", "unsupported_extension_critical.pem"
520 ),
521 x509.load_pem_x509_csr,
522 backend
523 )
524 with pytest.raises(x509.UnsupportedExtension) as exc:
525 request.extensions
526
527 assert exc.value.oid == x509.ObjectIdentifier('1.2.3.4')
528
529 def test_unsupported_extension(self, backend):
530 request = _load_cert(
531 os.path.join(
532 "x509", "requests", "unsupported_extension.pem"
533 ),
534 x509.load_pem_x509_csr,
535 backend
536 )
537 extensions = request.extensions
538 assert len(extensions) == 0
539
540 def test_request_basic_constraints(self, backend):
541 request = _load_cert(
542 os.path.join(
543 "x509", "requests", "basic_constraints.pem"
544 ),
545 x509.load_pem_x509_csr,
546 backend
547 )
548 extensions = request.extensions
549 assert isinstance(extensions, x509.Extensions)
550 assert list(extensions) == [
551 x509.Extension(
552 x509.OID_BASIC_CONSTRAINTS,
553 True,
554 x509.BasicConstraints(True, 1),
555 ),
556 ]
557
Andre Caronf27e4f42015-05-18 17:54:59 -0400[diff] [blame]558 def test_public_bytes_pem(self, backend):
Andre Caron476c5df2015-05-18 10:23:28 -0400[diff] [blame]559 # Load an existing CSR.
560 request = _load_cert(
561 os.path.join("x509", "requests", "rsa_sha1.pem"),
562 x509.load_pem_x509_csr,
563 backend
564 )
565
566 # Encode it to PEM and load it back.
567 request = x509.load_pem_x509_csr(request.public_bytes(
568 encoding=serialization.Encoding.PEM,
569 ), backend)
570
571 # We should recover what we had to start with.
572 assert isinstance(request.signature_hash_algorithm, hashes.SHA1)
573 public_key = request.public_key()
574 assert isinstance(public_key, rsa.RSAPublicKey)
575 subject = request.subject
576 assert isinstance(subject, x509.Name)
577 assert list(subject) == [
578 x509.NameAttribute(x509.OID_COUNTRY_NAME, 'US'),
579 x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, 'Texas'),
580 x509.NameAttribute(x509.OID_LOCALITY_NAME, 'Austin'),
581 x509.NameAttribute(x509.OID_ORGANIZATION_NAME, 'PyCA'),
582 x509.NameAttribute(x509.OID_COMMON_NAME, 'cryptography.io'),
583 ]
584
Andre Caronf27e4f42015-05-18 17:54:59 -0400[diff] [blame]585 def test_public_bytes_der(self, backend):
Andre Caron476c5df2015-05-18 10:23:28 -0400[diff] [blame]586 # Load an existing CSR.
587 request = _load_cert(
588 os.path.join("x509", "requests", "rsa_sha1.pem"),
589 x509.load_pem_x509_csr,
590 backend
591 )
592
593 # Encode it to DER and load it back.
594 request = x509.load_der_x509_csr(request.public_bytes(
595 encoding=serialization.Encoding.DER,
596 ), backend)
597
598 # We should recover what we had to start with.
599 assert isinstance(request.signature_hash_algorithm, hashes.SHA1)
600 public_key = request.public_key()
601 assert isinstance(public_key, rsa.RSAPublicKey)
602 subject = request.subject
603 assert isinstance(subject, x509.Name)
604 assert list(subject) == [
605 x509.NameAttribute(x509.OID_COUNTRY_NAME, 'US'),
606 x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, 'Texas'),
607 x509.NameAttribute(x509.OID_LOCALITY_NAME, 'Austin'),
608 x509.NameAttribute(x509.OID_ORGANIZATION_NAME, 'PyCA'),
609 x509.NameAttribute(x509.OID_COMMON_NAME, 'cryptography.io'),
610 ]
611
Andre Caronf27e4f42015-05-18 17:54:59 -0400[diff] [blame]612 def test_public_bytes_invalid_encoding(self, backend):
Andre Caron476c5df2015-05-18 10:23:28 -0400[diff] [blame]613 request = _load_cert(
614 os.path.join("x509", "requests", "rsa_sha1.pem"),
615 x509.load_pem_x509_csr,
616 backend
617 )
618
619 with pytest.raises(TypeError):
620 request.public_bytes('NotAnEncoding')
621
Andre Caronacb18972015-05-18 21:04:15 -0400[diff] [blame]622 @pytest.mark.parametrize(
623 ("request_path", "loader_func", "encoding"),
624 [
625 (
626 os.path.join("x509", "requests", "rsa_sha1.pem"),
627 x509.load_pem_x509_csr,
628 serialization.Encoding.PEM,
629 ),
630 (
631 os.path.join("x509", "requests", "rsa_sha1.der"),
632 x509.load_der_x509_csr,
633 serialization.Encoding.DER,
634 ),
635 ]
636 )
637 def test_public_bytes_match(self, request_path, loader_func, encoding,
638 backend):
639 request_bytes = load_vectors_from_file(
640 request_path, lambda pemfile: pemfile.read(), mode="rb"
641 )
642 request = loader_func(request_bytes, backend)
643 serialized = request.public_bytes(encoding)
644 assert serialized == request_bytes
645
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]646
647@pytest.mark.requires_backend_interface(interface=DSABackend)
648@pytest.mark.requires_backend_interface(interface=X509Backend)
Paul Kehrere76cd272014-12-14 19:00:51 -0600[diff] [blame]649class TestDSACertificate(object):
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]650 def test_load_dsa_cert(self, backend):
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]651 cert = _load_cert(
Paul Kehrer4903adc2014-12-13 16:57:50 -0600[diff] [blame]652 os.path.join("x509", "custom", "dsa_selfsigned_ca.pem"),
Paul Kehrer41120322014-12-02 18:31:14 -1000[diff] [blame]653 x509.load_pem_x509_certificate,
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]654 backend
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]655 )
Paul Kehrer8802a5b2015-02-13 12:06:57 -0600[diff] [blame]656 assert isinstance(cert.signature_hash_algorithm, hashes.SHA1)
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]657 public_key = cert.public_key()
Alex Gaynor32c57df2015-02-23 21:51:27 -0800[diff] [blame]658 assert isinstance(public_key, dsa.DSAPublicKey)
Alex Gaynorfcadda62015-03-10 10:01:18 -0400[diff] [blame]659 if isinstance(public_key, dsa.DSAPublicKeyWithSerialization):
Paul Kehrere76cd272014-12-14 19:00:51 -0600[diff] [blame]660 num = public_key.public_numbers()
661 assert num.y == int(
662 "4c08bfe5f2d76649c80acf7d431f6ae2124b217abc8c9f6aca776ddfa94"
663 "53b6656f13e543684cd5f6431a314377d2abfa068b7080cb8ddc065afc2"
664 "dea559f0b584c97a2b235b9b69b46bc6de1aed422a6f341832618bcaae2"
665 "198aba388099dafb05ff0b5efecb3b0ae169a62e1c72022af50ae68af3b"
666 "033c18e6eec1f7df4692c456ccafb79cc7e08da0a5786e9816ceda651d6"
667 "1b4bb7b81c2783da97cea62df67af5e85991fdc13aff10fc60e06586386"
668 "b96bb78d65750f542f86951e05a6d81baadbcd35a2e5cad4119923ae6a2"
669 "002091a3d17017f93c52970113cdc119970b9074ca506eac91c3dd37632"
670 "5df4af6b3911ef267d26623a5a1c5df4a6d13f1c", 16
671 )
672 assert num.parameter_numbers.g == int(
673 "4b7ced71dc353965ecc10d441a9a06fc24943a32d66429dd5ef44d43e67"
674 "d789d99770aec32c0415dc92970880872da45fef8dd1e115a3e4801387b"
675 "a6d755861f062fd3b6e9ea8e2641152339b828315b1528ee6c7b79458d2"
676 "1f3db973f6fc303f9397174c2799dd2351282aa2d8842c357a73495bbaa"
677 "c4932786414c55e60d73169f5761036fba29e9eebfb049f8a3b1b7cee6f"
678 "3fbfa136205f130bee2cf5b9c38dc1095d4006f2e73335c07352c64130a"
679 "1ab2b89f13b48f628d3cc3868beece9bb7beade9f830eacc6fa241425c0"
680 "b3fcc0df416a0c89f7bf35668d765ec95cdcfbe9caff49cfc156c668c76"
681 "fa6247676a6d3ac945844a083509c6a1b436baca", 16
682 )
683 assert num.parameter_numbers.p == int(
684 "bfade6048e373cd4e48b677e878c8e5b08c02102ae04eb2cb5c46a523a3"
685 "af1c73d16b24f34a4964781ae7e50500e21777754a670bd19a7420d6330"
686 "84e5556e33ca2c0e7d547ea5f46a07a01bf8669ae3bdec042d9b2ae5e6e"
687 "cf49f00ba9dac99ab6eff140d2cedf722ee62c2f9736857971444c25d0a"
688 "33d2017dc36d682a1054fe2a9428dda355a851ce6e6d61e03e419fd4ca4"
689 "e703313743d86caa885930f62ed5bf342d8165627681e9cc3244ba72aa2"
690 "2148400a6bbe80154e855d042c9dc2a3405f1e517be9dea50562f56da93"
691 "f6085f844a7e705c1f043e65751c583b80d29103e590ccb26efdaa0893d"
692 "833e36468f3907cfca788a3cb790f0341c8a31bf", 16
693 )
694 assert num.parameter_numbers.q == int(
695 "822ff5d234e073b901cf5941f58e1f538e71d40d", 16
696 )
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]697
Paul Kehrer1effb6e2015-03-30 15:05:59 -0500[diff] [blame]698 @pytest.mark.parametrize(
699 ("path", "loader_func"),
700 [
701 [
702 os.path.join("x509", "requests", "dsa_sha1.pem"),
703 x509.load_pem_x509_csr
704 ],
705 [
706 os.path.join("x509", "requests", "dsa_sha1.der"),
707 x509.load_der_x509_csr
708 ],
709 ]
710 )
711 def test_load_dsa_request(self, path, loader_func, backend):
712 request = _load_cert(path, loader_func, backend)
Paul Kehrerdc480ad2015-02-23 12:14:54 -0600[diff] [blame]713 assert isinstance(request.signature_hash_algorithm, hashes.SHA1)
714 public_key = request.public_key()
715 assert isinstance(public_key, dsa.DSAPublicKey)
716 subject = request.subject
717 assert isinstance(subject, x509.Name)
718 assert list(subject) == [
719 x509.NameAttribute(x509.OID_COMMON_NAME, 'cryptography.io'),
720 x509.NameAttribute(x509.OID_ORGANIZATION_NAME, 'PyCA'),
721 x509.NameAttribute(x509.OID_COUNTRY_NAME, 'US'),
722 x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, 'Texas'),
723 x509.NameAttribute(x509.OID_LOCALITY_NAME, 'Austin'),
724 ]
725
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]726
727@pytest.mark.requires_backend_interface(interface=EllipticCurveBackend)
728@pytest.mark.requires_backend_interface(interface=X509Backend)
Paul Kehrere76cd272014-12-14 19:00:51 -0600[diff] [blame]729class TestECDSACertificate(object):
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]730 def test_load_ecdsa_cert(self, backend):
731 _skip_curve_unsupported(backend, ec.SECP384R1())
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]732 cert = _load_cert(
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]733 os.path.join("x509", "ecdsa_root.pem"),
Paul Kehrer41120322014-12-02 18:31:14 -1000[diff] [blame]734 x509.load_pem_x509_certificate,
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]735 backend
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]736 )
Paul Kehrer8802a5b2015-02-13 12:06:57 -0600[diff] [blame]737 assert isinstance(cert.signature_hash_algorithm, hashes.SHA384)
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]738 public_key = cert.public_key()
Alex Gaynor32c57df2015-02-23 21:51:27 -0800[diff] [blame]739 assert isinstance(public_key, ec.EllipticCurvePublicKey)
Alex Gaynorfcadda62015-03-10 10:01:18 -0400[diff] [blame]740 if isinstance(public_key, ec.EllipticCurvePublicKeyWithSerialization):
Paul Kehrere76cd272014-12-14 19:00:51 -0600[diff] [blame]741 num = public_key.public_numbers()
742 assert num.x == int(
743 "dda7d9bb8ab80bfb0b7f21d2f0bebe73f3335d1abc34eadec69bbcd095f"
744 "6f0ccd00bba615b51467e9e2d9fee8e630c17", 16
745 )
746 assert num.y == int(
747 "ec0770f5cf842e40839ce83f416d3badd3a4145936789d0343ee10136c7"
748 "2deae88a7a16bb543ce67dc23ff031ca3e23e", 16
749 )
750 assert isinstance(num.curve, ec.SECP384R1)
Paul Kehrer6c660a82014-12-12 11:50:44 -0600[diff] [blame]751
752 def test_load_ecdsa_no_named_curve(self, backend):
753 _skip_curve_unsupported(backend, ec.SECP256R1())
754 cert = _load_cert(
755 os.path.join("x509", "custom", "ec_no_named_curve.pem"),
756 x509.load_pem_x509_certificate,
757 backend
758 )
759 with pytest.raises(NotImplementedError):
760 cert.public_key()
Paul Kehrer912d3fb2015-01-29 11:19:22 -0600[diff] [blame]761
Paul Kehrer1effb6e2015-03-30 15:05:59 -0500[diff] [blame]762 @pytest.mark.parametrize(
763 ("path", "loader_func"),
764 [
765 [
766 os.path.join("x509", "requests", "ec_sha256.pem"),
767 x509.load_pem_x509_csr
768 ],
769 [
770 os.path.join("x509", "requests", "ec_sha256.der"),
771 x509.load_der_x509_csr
772 ],
773 ]
774 )
775 def test_load_ecdsa_certificate_request(self, path, loader_func, backend):
Paul Kehrerdc480ad2015-02-23 12:14:54 -0600[diff] [blame]776 _skip_curve_unsupported(backend, ec.SECP384R1())
Paul Kehrer1effb6e2015-03-30 15:05:59 -0500[diff] [blame]777 request = _load_cert(path, loader_func, backend)
Paul Kehrerdc480ad2015-02-23 12:14:54 -0600[diff] [blame]778 assert isinstance(request.signature_hash_algorithm, hashes.SHA256)
779 public_key = request.public_key()
780 assert isinstance(public_key, ec.EllipticCurvePublicKey)
781 subject = request.subject
782 assert isinstance(subject, x509.Name)
783 assert list(subject) == [
784 x509.NameAttribute(x509.OID_COMMON_NAME, 'cryptography.io'),
785 x509.NameAttribute(x509.OID_ORGANIZATION_NAME, 'PyCA'),
786 x509.NameAttribute(x509.OID_COUNTRY_NAME, 'US'),
787 x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, 'Texas'),
788 x509.NameAttribute(x509.OID_LOCALITY_NAME, 'Austin'),
789 ]
790
Paul Kehrer912d3fb2015-01-29 11:19:22 -0600[diff] [blame]791
Paul Kehrer806bfb22015-02-02 17:05:24 -0600[diff] [blame]792class TestNameAttribute(object):
Alex Gaynora56ff412015-02-10 17:26:32 -0500[diff] [blame]793 def test_init_bad_oid(self):
794 with pytest.raises(TypeError):
795 x509.NameAttribute(None, 'value')
796
Paul Kehrer912d3fb2015-01-29 11:19:22 -0600[diff] [blame]797 def test_eq(self):
Paul Kehrer806bfb22015-02-02 17:05:24 -0600[diff] [blame]798 assert x509.NameAttribute(
799 x509.ObjectIdentifier('oid'), 'value'
800 ) == x509.NameAttribute(
801 x509.ObjectIdentifier('oid'), 'value'
Paul Kehrer912d3fb2015-01-29 11:19:22 -0600[diff] [blame]802 )
803
804 def test_ne(self):
Paul Kehrer806bfb22015-02-02 17:05:24 -0600[diff] [blame]805 assert x509.NameAttribute(
806 x509.ObjectIdentifier('2.5.4.3'), 'value'
807 ) != x509.NameAttribute(
808 x509.ObjectIdentifier('2.5.4.5'), 'value'
Paul Kehrer912d3fb2015-01-29 11:19:22 -0600[diff] [blame]809 )
Paul Kehrer806bfb22015-02-02 17:05:24 -0600[diff] [blame]810 assert x509.NameAttribute(
811 x509.ObjectIdentifier('oid'), 'value'
812 ) != x509.NameAttribute(
813 x509.ObjectIdentifier('oid'), 'value2'
Paul Kehrer912d3fb2015-01-29 11:19:22 -0600[diff] [blame]814 )
Paul Kehrer806bfb22015-02-02 17:05:24 -0600[diff] [blame]815 assert x509.NameAttribute(
816 x509.ObjectIdentifier('oid'), 'value'
Paul Kehrer912d3fb2015-01-29 11:19:22 -0600[diff] [blame]817 ) != object()
818
Paul Kehrera498be82015-02-12 15:00:56 -0600[diff] [blame]819 def test_repr(self):
820 na = x509.NameAttribute(x509.ObjectIdentifier('2.5.4.3'), 'value')
821 assert repr(na) == (
822 "<NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.3, name=commonName"
823 ")>, value='value')>"
824 )
825
Paul Kehrer912d3fb2015-01-29 11:19:22 -0600[diff] [blame]826
827class TestObjectIdentifier(object):
828 def test_eq(self):
Paul Kehrer806bfb22015-02-02 17:05:24 -0600[diff] [blame]829 oid1 = x509.ObjectIdentifier('oid')
830 oid2 = x509.ObjectIdentifier('oid')
Paul Kehrer912d3fb2015-01-29 11:19:22 -0600[diff] [blame]831 assert oid1 == oid2
832
833 def test_ne(self):
Paul Kehrer806bfb22015-02-02 17:05:24 -0600[diff] [blame]834 oid1 = x509.ObjectIdentifier('oid')
835 assert oid1 != x509.ObjectIdentifier('oid1')
Paul Kehrer912d3fb2015-01-29 11:19:22 -0600[diff] [blame]836 assert oid1 != object()
837
838 def test_repr(self):
Paul Kehrer806bfb22015-02-02 17:05:24 -0600[diff] [blame]839 oid = x509.ObjectIdentifier("2.5.4.3")
840 assert repr(oid) == "<ObjectIdentifier(oid=2.5.4.3, name=commonName)>"
841 oid = x509.ObjectIdentifier("oid1")
842 assert repr(oid) == "<ObjectIdentifier(oid=oid1, name=Unknown OID)>"
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]843
844
845class TestName(object):
846 def test_eq(self):
847 name1 = x509.Name([
848 x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value1'),
849 x509.NameAttribute(x509.ObjectIdentifier('oid2'), 'value2'),
850 ])
851 name2 = x509.Name([
852 x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value1'),
853 x509.NameAttribute(x509.ObjectIdentifier('oid2'), 'value2'),
854 ])
855 assert name1 == name2
856
857 def test_ne(self):
858 name1 = x509.Name([
859 x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value1'),
860 x509.NameAttribute(x509.ObjectIdentifier('oid2'), 'value2'),
861 ])
862 name2 = x509.Name([
863 x509.NameAttribute(x509.ObjectIdentifier('oid2'), 'value2'),
864 x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value1'),
865 ])
866 assert name1 != name2
867 assert name1 != object()
Paul Kehrer1fb35c92015-04-11 15:42:54 -0400[diff] [blame]868
869 def test_repr(self):
870 name = x509.Name([
871 x509.NameAttribute(x509.OID_COMMON_NAME, 'cryptography.io'),
872 x509.NameAttribute(x509.OID_ORGANIZATION_NAME, 'PyCA'),
873 ])
874
875 assert repr(name) == (
Paul Kehrere613e5d2015-04-11 15:52:04 -0400[diff] [blame]876 "<Name([<NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.3, name=com"
877 "monName)>, value='cryptography.io')>, <NameAttribute(oid=<ObjectI"
878 "dentifier(oid=2.5.4.10, name=organizationName)>, value='PyCA')>])"
879 ">"
Paul Kehrer1fb35c92015-04-11 15:42:54 -0400[diff] [blame]880 )