Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cryptography / 15827f1fcb7459aac7dbe43c373a826f69a09c0c / . / tests / x509 / test_ocsp.py
blob: 3e6ac9cdeb709d1cc33065af2b6610f30793c921 [file] [log] [blame]
Paul Kehrer732cf642018-08-15 18:04:28 -0500[diff] [blame]1# This file is dual licensed under the terms of the Apache License, Version
2# 2.0, and the BSD License. See the LICENSE file in the root of this repository
3# for complete details.
4
5from __future__ import absolute_import, division, print_function
6
Paul Kehrer002fa752018-08-30 10:41:32 -0400[diff] [blame]7import base64
Paul Kehrer732cf642018-08-15 18:04:28 -0500[diff] [blame]8import os
9
10import pytest
11
Paul Kehrer002fa752018-08-30 10:41:32 -0400[diff] [blame]12from cryptography import x509
Paul Kehrer732cf642018-08-15 18:04:28 -0500[diff] [blame]13from cryptography.exceptions import UnsupportedAlgorithm
14from cryptography.hazmat.primitives import hashes, serialization
15from cryptography.x509 import ocsp
16
Paul Kehrer002fa752018-08-30 10:41:32 -0400[diff] [blame]17from .test_x509 import _load_cert
Paul Kehrer732cf642018-08-15 18:04:28 -0500[diff] [blame]18from ..utils import load_vectors_from_file
19
20
21def _load_data(filename, loader):
22 return load_vectors_from_file(
23 filename=filename,
24 loader=lambda data: loader(data.read()),
25 mode="rb"
26 )
27
28
Paul Kehrer002fa752018-08-30 10:41:32 -0400[diff] [blame]29def _cert_and_issuer():
30 from cryptography.hazmat.backends.openssl.backend import backend
31 cert = _load_cert(
32 os.path.join("x509", "cryptography.io.pem"),
33 x509.load_pem_x509_certificate,
34 backend
35 )
36 issuer = _load_cert(
37 os.path.join("x509", "rapidssl_sha256_ca_g3.pem"),
38 x509.load_pem_x509_certificate,
39 backend
40 )
41 return cert, issuer
42
43
Paul Kehrer732cf642018-08-15 18:04:28 -0500[diff] [blame]44class TestOCSPRequest(object):
45 def test_bad_request(self):
46 with pytest.raises(ValueError):
47 ocsp.load_der_ocsp_request(b"invalid")
48
Paul Kehrer0f629bb2018-08-31 10:47:56 -0400[diff] [blame]49 def test_load_request(self):
Paul Kehrer732cf642018-08-15 18:04:28 -0500[diff] [blame]50 req = _load_data(
51 os.path.join("x509", "ocsp", "req-sha1.der"),
52 ocsp.load_der_ocsp_request,
53 )
Paul Kehrer0f629bb2018-08-31 10:47:56 -0400[diff] [blame]54 assert req.issuer_name_hash == (b"8\xcaF\x8c\x07D\x8d\xf4\x81\x96"
55 b"\xc7mmLpQ\x9e`\xa7\xbd")
56 assert req.issuer_key_hash == (b"yu\xbb\x84:\xcb,\xdez\t\xbe1"
57 b"\x1bC\xbc\x1c*MSX")
58 assert isinstance(req.hash_algorithm, hashes.SHA1)
59 assert req.serial_number == int(
Paul Kehrer732cf642018-08-15 18:04:28 -0500[diff] [blame]60 "98D9E5C0B4C373552DF77C5D0F1EB5128E4945F9", 16
61 )
62
Paul Kehrer0f629bb2018-08-31 10:47:56 -0400[diff] [blame]63 def test_load_request_two_requests(self):
64 with pytest.raises(NotImplementedError):
65 _load_data(
66 os.path.join("x509", "ocsp", "req-multi-sha1.der"),
67 ocsp.load_der_ocsp_request,
68 )
Paul Kehrer732cf642018-08-15 18:04:28 -0500[diff] [blame]69
70 def test_invalid_hash_algorithm(self):
71 req = _load_data(
72 os.path.join("x509", "ocsp", "req-invalid-hash-alg.der"),
73 ocsp.load_der_ocsp_request,
74 )
75 with pytest.raises(UnsupportedAlgorithm):
Paul Kehrer0f629bb2018-08-31 10:47:56 -0400[diff] [blame]76 req.hash_algorithm
Paul Kehrer732cf642018-08-15 18:04:28 -0500[diff] [blame]77
78 def test_serialize_request(self):
79 req_bytes = load_vectors_from_file(
80 filename=os.path.join("x509", "ocsp", "req-sha1.der"),
81 loader=lambda data: data.read(),
82 mode="rb"
83 )
84 req = ocsp.load_der_ocsp_request(req_bytes)
85 assert req.public_bytes(serialization.Encoding.DER) == req_bytes
86
87 def test_invalid_serialize_encoding(self):
88 req = _load_data(
89 os.path.join("x509", "ocsp", "req-sha1.der"),
90 ocsp.load_der_ocsp_request,
91 )
92 with pytest.raises(ValueError):
93 req.public_bytes("invalid")
94 with pytest.raises(ValueError):
95 req.public_bytes(serialization.Encoding.PEM)
Paul Kehrer002fa752018-08-30 10:41:32 -0400[diff] [blame]96
97
98class TestOCSPRequestBuilder(object):
Paul Kehrer0f629bb2018-08-31 10:47:56 -0400[diff] [blame]99 def test_add_two_certs(self):
100 cert, issuer = _cert_and_issuer()
101 builder = ocsp.OCSPRequestBuilder()
102 builder = builder.add_certificate(cert, issuer, hashes.SHA1())
103 with pytest.raises(ValueError):
104 builder.add_certificate(cert, issuer, hashes.SHA1())
105
Paul Kehrer002fa752018-08-30 10:41:32 -0400[diff] [blame]106 def test_create_ocsp_request_no_req(self):
107 builder = ocsp.OCSPRequestBuilder()
108 with pytest.raises(ValueError):
109 builder.build()
110
111 def test_create_ocsp_request_invalid_alg(self):
112 cert, issuer = _cert_and_issuer()
113 builder = ocsp.OCSPRequestBuilder()
114 with pytest.raises(ValueError):
Paul Kehrer0f629bb2018-08-31 10:47:56 -0400[diff] [blame]115 builder.add_certificate(cert, issuer, hashes.MD5())
Paul Kehrer002fa752018-08-30 10:41:32 -0400[diff] [blame]116
117 def test_create_ocsp_request_invalid_cert(self):
118 cert, issuer = _cert_and_issuer()
119 builder = ocsp.OCSPRequestBuilder()
120 with pytest.raises(TypeError):
Paul Kehrer0f629bb2018-08-31 10:47:56 -0400[diff] [blame]121 builder.add_certificate(b"notacert", issuer, hashes.SHA1())
Paul Kehrer002fa752018-08-30 10:41:32 -0400[diff] [blame]122
123 with pytest.raises(TypeError):
Paul Kehrer0f629bb2018-08-31 10:47:56 -0400[diff] [blame]124 builder.add_certificate(cert, b"notacert", hashes.SHA1())
Paul Kehrer002fa752018-08-30 10:41:32 -0400[diff] [blame]125
126 def test_create_ocsp_request(self):
127 cert, issuer = _cert_and_issuer()
128 builder = ocsp.OCSPRequestBuilder()
Paul Kehrer0f629bb2018-08-31 10:47:56 -0400[diff] [blame]129 builder = builder.add_certificate(cert, issuer, hashes.SHA1())
Paul Kehrer002fa752018-08-30 10:41:32 -0400[diff] [blame]130 req = builder.build()
131 serialized = req.public_bytes(serialization.Encoding.DER)
132 assert serialized == base64.b64decode(
133 b"MEMwQTA/MD0wOzAJBgUrDgMCGgUABBRAC0Z68eay0wmDug1gfn5ZN0gkxAQUw5zz"
134 b"/NNGCDS7zkZ/oHxb8+IIy1kCAj8g"
135 )