Blame - tests/x509/test_ocsp.py - platform/external/python/cryptography

blob: 709ef6f4977197d08f8e89ec8e39df59c34dda40 [file] [log] [blame]

Paul Kehrer	732cf64	2018-08-15 18:04:28 -0500	[diff] [blame]	1	# This file is dual licensed under the terms of the Apache License, Version
				2	# 2.0, and the BSD License. See the LICENSE file in the root of this repository
				3	# for complete details.
				4
				5	from __future__ import absolute_import, division, print_function
				6
Paul Kehrer	002fa75	2018-08-30 10:41:32 -0400	[diff] [blame]	7	import base64
Paul Kehrer	732cf64	2018-08-15 18:04:28 -0500	[diff] [blame]	8	import os
				9
				10	import pytest
				11
Paul Kehrer	002fa75	2018-08-30 10:41:32 -0400	[diff] [blame]	12	from cryptography import x509
Paul Kehrer	732cf64	2018-08-15 18:04:28 -0500	[diff] [blame]	13	from cryptography.exceptions import UnsupportedAlgorithm
				14	from cryptography.hazmat.primitives import hashes, serialization
				15	from cryptography.x509 import ocsp
				16
Paul Kehrer	002fa75	2018-08-30 10:41:32 -0400	[diff] [blame]	17	from .test_x509 import _load_cert
Paul Kehrer	732cf64	2018-08-15 18:04:28 -0500	[diff] [blame]	18	from ..utils import load_vectors_from_file
				19
				20
				21	def _load_data(filename, loader):
				22	return load_vectors_from_file(
				23	filename=filename,
				24	loader=lambda data: loader(data.read()),
				25	mode="rb"
				26	)
				27
				28
Paul Kehrer	002fa75	2018-08-30 10:41:32 -0400	[diff] [blame]	29	def _cert_and_issuer():
				30	from cryptography.hazmat.backends.openssl.backend import backend
				31	cert = _load_cert(
				32	os.path.join("x509", "cryptography.io.pem"),
				33	x509.load_pem_x509_certificate,
				34	backend
				35	)
				36	issuer = _load_cert(
				37	os.path.join("x509", "rapidssl_sha256_ca_g3.pem"),
				38	x509.load_pem_x509_certificate,
				39	backend
				40	)
				41	return cert, issuer
				42
				43
Paul Kehrer	732cf64	2018-08-15 18:04:28 -0500	[diff] [blame]	44	class TestOCSPRequest(object):
				45	def test_bad_request(self):
				46	with pytest.raises(ValueError):
				47	ocsp.load_der_ocsp_request(b"invalid")
				48
				49	def test_load_request_one_item(self):
				50	req = _load_data(
				51	os.path.join("x509", "ocsp", "req-sha1.der"),
				52	ocsp.load_der_ocsp_request,
				53	)
				54	assert len(req) == 1
				55	assert req[0].issuer_name_hash == (b"8\xcaF\x8c\x07D\x8d\xf4\x81\x96"
				56	b"\xc7mmLpQ\x9e`\xa7\xbd")
				57	assert req[0].issuer_key_hash == (b"yu\xbb\x84:\xcb,\xdez\t\xbe1"
				58	b"\x1bC\xbc\x1c*MSX")
				59	assert isinstance(req[0].hash_algorithm, hashes.SHA1)
				60	assert req[0].serial_number == int(
				61	"98D9E5C0B4C373552DF77C5D0F1EB5128E4945F9", 16
				62	)
				63
				64	def test_load_request_multiple_items(self):
				65	req = _load_data(
				66	os.path.join("x509", "ocsp", "req-multi-sha1.der"),
				67	ocsp.load_der_ocsp_request,
				68	)
				69	assert len(req) == 2
				70	assert req[0].issuer_name_hash == (b"8\xcaF\x8c\x07D\x8d\xf4\x81\x96"
				71	b"\xc7mmLpQ\x9e`\xa7\xbd")
				72	assert req[0].issuer_key_hash == (b"yu\xbb\x84:\xcb,\xdez\t\xbe1"
				73	b"\x1bC\xbc\x1c*MSX")
				74	assert isinstance(req[0].hash_algorithm, hashes.SHA1)
				75	assert req[0].serial_number == int(
				76	"98D9E5C0B4C373552DF77C5D0F1EB5128E4945F9", 16
				77	)
				78	assert req[1].issuer_name_hash == (b"8\xcaF\x8c\x07D\x8d\xf4\x81\x96"
				79	b"\xc7mmLpQ\x9e`\xa7\xbd")
				80	assert req[1].issuer_key_hash == (b"yu\xbb\x84:\xcb,\xdez\t\xbe1"
				81	b"\x1bC\xbc\x1c*MSX")
				82	assert isinstance(req[1].hash_algorithm, hashes.SHA1)
				83	assert req[1].serial_number == int(
				84	"98D9E5C0B4C373552DF77C5D0F1EB5128E4945F0", 16
				85	)
				86
				87	def test_iter(self):
				88	req = _load_data(
				89	os.path.join("x509", "ocsp", "req-multi-sha1.der"),
				90	ocsp.load_der_ocsp_request,
				91	)
				92	for request in req:
				93	assert isinstance(request, ocsp.Request)
				94
				95	def test_indexing_ocsp_request(self):
				96	req = _load_data(
				97	os.path.join("x509", "ocsp", "req-multi-sha1.der"),
				98	ocsp.load_der_ocsp_request,
				99	)
				100	assert req[1].serial_number == req[-1].serial_number
				101	assert len(req[0:2]) == 2
				102	assert req[1:2][0].serial_number == int(
				103	"98D9E5C0B4C373552DF77C5D0F1EB5128E4945F0", 16
				104	)
				105	with pytest.raises(IndexError):
				106	req[10]
				107
				108	def test_invalid_hash_algorithm(self):
				109	req = _load_data(
				110	os.path.join("x509", "ocsp", "req-invalid-hash-alg.der"),
				111	ocsp.load_der_ocsp_request,
				112	)
				113	with pytest.raises(UnsupportedAlgorithm):
				114	req[0].hash_algorithm
				115
				116	def test_serialize_request(self):
				117	req_bytes = load_vectors_from_file(
				118	filename=os.path.join("x509", "ocsp", "req-sha1.der"),
				119	loader=lambda data: data.read(),
				120	mode="rb"
				121	)
				122	req = ocsp.load_der_ocsp_request(req_bytes)
				123	assert req.public_bytes(serialization.Encoding.DER) == req_bytes
				124
				125	def test_invalid_serialize_encoding(self):
				126	req = _load_data(
				127	os.path.join("x509", "ocsp", "req-sha1.der"),
				128	ocsp.load_der_ocsp_request,
				129	)
				130	with pytest.raises(ValueError):
				131	req.public_bytes("invalid")
				132	with pytest.raises(ValueError):
				133	req.public_bytes(serialization.Encoding.PEM)
Paul Kehrer	002fa75	2018-08-30 10:41:32 -0400	[diff] [blame]	134
				135
				136	class TestOCSPRequestBuilder(object):
				137	def test_create_ocsp_request_no_req(self):
				138	builder = ocsp.OCSPRequestBuilder()
				139	with pytest.raises(ValueError):
				140	builder.build()
				141
				142	def test_create_ocsp_request_invalid_alg(self):
				143	cert, issuer = _cert_and_issuer()
				144	builder = ocsp.OCSPRequestBuilder()
				145	with pytest.raises(ValueError):
				146	builder.add_request(cert, issuer, hashes.MD5())
				147
				148	def test_create_ocsp_request_invalid_cert(self):
				149	cert, issuer = _cert_and_issuer()
				150	builder = ocsp.OCSPRequestBuilder()
				151	with pytest.raises(TypeError):
				152	builder.add_request(b"notacert", issuer, hashes.SHA1())
				153
				154	with pytest.raises(TypeError):
				155	builder.add_request(cert, b"notacert", hashes.SHA1())
				156
				157	def test_create_ocsp_request(self):
				158	cert, issuer = _cert_and_issuer()
				159	builder = ocsp.OCSPRequestBuilder()
				160	builder = builder.add_request(cert, issuer, hashes.SHA1())
				161	req = builder.build()
				162	serialized = req.public_bytes(serialization.Encoding.DER)
				163	assert serialized == base64.b64decode(
				164	b"MEMwQTA/MD0wOzAJBgUrDgMCGgUABBRAC0Z68eay0wmDug1gfn5ZN0gkxAQUw5zz"
				165	b"/NNGCDS7zkZ/oHxb8+IIy1kCAj8g"
				166	)
				167
				168	def test_create_ocsp_request_two_reqs(self):
				169	builder = ocsp.OCSPRequestBuilder()
				170	cert, issuer = _cert_and_issuer()
				171	builder = builder.add_request(cert, issuer, hashes.SHA1())
				172	builder = builder.add_request(cert, issuer, hashes.SHA1())
				173	req = builder.build()
				174	serialized = req.public_bytes(serialization.Encoding.DER)
				175	assert serialized == base64.b64decode(
				176	b"MIGDMIGAMH4wPTA7MAkGBSsOAwIaBQAEFEALRnrx5rLTCYO6DWB+flk3SCTEBBTD"
				177	b"nPP800YINLvORn+gfFvz4gjLWQICPyAwPTA7MAkGBSsOAwIaBQAEFEALRnrx5rLT"
				178	b"CYO6DWB+flk3SCTEBBTDnPP800YINLvORn+gfFvz4gjLWQICPyA="
				179	)