Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cryptography / 0facc2a21462721e5a6105d43d50ebb85a1d11f6 / . / tests / test_x509_ext.py
blob: 701ea167210bad0c15fb5ac997c3f99142ee0379 [file] [log] [blame]
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]1# This file is dual licensed under the terms of the Apache License, Version
2# 2.0, and the BSD License. See the LICENSE file in the root of this repository
3# for complete details.
4
5from __future__ import absolute_import, division, print_function
6
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]7import binascii
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]8import ipaddress
Paul Kehrerfbb7ac82015-03-16 19:26:29 -0500[diff] [blame]9import os
10
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]11import pytest
12
Paul Kehrercbfb1012015-04-10 20:57:20 -0400[diff] [blame]13import six
14
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]15from cryptography import x509
Paul Kehrerfbb7ac82015-03-16 19:26:29 -0500[diff] [blame]16from cryptography.hazmat.backends.interfaces import RSABackend, X509Backend
17
18from .test_x509 import _load_cert
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]19
20
Paul Kehrer85894662015-03-22 13:19:31 -0500[diff] [blame]21class TestExtension(object):
22 def test_not_an_oid(self):
Paul Kehrera5c6e9a2015-03-23 19:23:43 -0500[diff] [blame]23 bc = x509.BasicConstraints(ca=False, path_length=None)
Paul Kehrer85894662015-03-22 13:19:31 -0500[diff] [blame]24 with pytest.raises(TypeError):
25 x509.Extension("notanoid", True, bc)
26
27 def test_critical_not_a_bool(self):
Paul Kehrera5c6e9a2015-03-23 19:23:43 -0500[diff] [blame]28 bc = x509.BasicConstraints(ca=False, path_length=None)
Paul Kehrer85894662015-03-22 13:19:31 -0500[diff] [blame]29 with pytest.raises(TypeError):
30 x509.Extension(x509.OID_BASIC_CONSTRAINTS, "notabool", bc)
31
32 def test_repr(self):
Paul Kehrera5c6e9a2015-03-23 19:23:43 -0500[diff] [blame]33 bc = x509.BasicConstraints(ca=False, path_length=None)
Paul Kehrer85894662015-03-22 13:19:31 -0500[diff] [blame]34 ext = x509.Extension(x509.OID_BASIC_CONSTRAINTS, True, bc)
35 assert repr(ext) == (
36 "<Extension(oid=<ObjectIdentifier(oid=2.5.29.19, name=basicConst"
37 "raints)>, critical=True, value=<BasicConstraints(ca=False, path"
38 "_length=None)>)>"
39 )
40
41
Paul Kehrer2b622582015-04-15 11:04:29 -0400[diff] [blame]42class TestNoticeReference(object):
43 def test_notice_numbers_not_all_int(self):
44 with pytest.raises(TypeError):
45 x509.NoticeReference("org", [1, 2, "three"])
46
47 def test_notice_numbers_none(self):
Paul Kehrer6e198b02015-05-12 15:53:38 -0500[diff] [blame]48 with pytest.raises(TypeError):
49 x509.NoticeReference("org", None)
Paul Kehrer2b622582015-04-15 11:04:29 -0400[diff] [blame]50
51 def test_repr(self):
Paul Kehrer73be2ca2015-05-11 21:22:38 -0500[diff] [blame]52 nr = x509.NoticeReference(u"org", [1, 3, 4])
Paul Kehrer2b622582015-04-15 11:04:29 -0400[diff] [blame]53
Paul Kehrer73be2ca2015-05-11 21:22:38 -0500[diff] [blame]54 if six.PY3:
55 assert repr(nr) == (
56 "<NoticeReference(organization='org', notice_numbers=[1, 3, 4"
57 "])>"
58 )
59 else:
60 assert repr(nr) == (
61 "<NoticeReference(organization=u'org', notice_numbers=[1, 3, "
62 "4])>"
63 )
Paul Kehrer2b622582015-04-15 11:04:29 -0400[diff] [blame]64
Paul Kehrerc56ab622015-05-03 09:56:31 -0500[diff] [blame]65 def test_eq(self):
66 nr = x509.NoticeReference("org", [1, 2])
67 nr2 = x509.NoticeReference("org", [1, 2])
68 assert nr == nr2
69
70 def test_ne(self):
71 nr = x509.NoticeReference("org", [1, 2])
72 nr2 = x509.NoticeReference("org", [1])
73 nr3 = x509.NoticeReference(None, [1, 2])
74 assert nr != nr2
75 assert nr != nr3
76 assert nr != object()
77
Paul Kehrer2b622582015-04-15 11:04:29 -0400[diff] [blame]78
79class TestUserNotice(object):
80 def test_notice_reference_invalid(self):
81 with pytest.raises(TypeError):
82 x509.UserNotice("invalid", None)
83
84 def test_notice_reference_none(self):
85 un = x509.UserNotice(None, "text")
86 assert un.notice_reference is None
87 assert un.explicit_text == "text"
88
89 def test_repr(self):
Paul Kehrer6e198b02015-05-12 15:53:38 -0500[diff] [blame]90 un = x509.UserNotice(x509.NoticeReference(u"org", [1]), u"text")
Paul Kehrer73be2ca2015-05-11 21:22:38 -0500[diff] [blame]91 if six.PY3:
92 assert repr(un) == (
93 "<UserNotice(notice_reference=<NoticeReference(organization='"
Paul Kehrer6e198b02015-05-12 15:53:38 -0500[diff] [blame]94 "org', notice_numbers=[1])>, explicit_text='text')>"
Paul Kehrer73be2ca2015-05-11 21:22:38 -0500[diff] [blame]95 )
96 else:
97 assert repr(un) == (
98 "<UserNotice(notice_reference=<NoticeReference(organization=u"
Paul Kehrer6e198b02015-05-12 15:53:38 -0500[diff] [blame]99 "'org', notice_numbers=[1])>, explicit_text=u'text')>"
Paul Kehrer73be2ca2015-05-11 21:22:38 -0500[diff] [blame]100 )
Paul Kehrer2b622582015-04-15 11:04:29 -0400[diff] [blame]101
Paul Kehrerc56ab622015-05-03 09:56:31 -0500[diff] [blame]102 def test_eq(self):
103 nr = x509.NoticeReference("org", [1, 2])
104 nr2 = x509.NoticeReference("org", [1, 2])
105 un = x509.UserNotice(nr, "text")
106 un2 = x509.UserNotice(nr2, "text")
107 assert un == un2
108
109 def test_ne(self):
110 nr = x509.NoticeReference("org", [1, 2])
111 nr2 = x509.NoticeReference("org", [1])
112 un = x509.UserNotice(nr, "text")
113 un2 = x509.UserNotice(nr2, "text")
114 un3 = x509.UserNotice(nr, "text3")
115 assert un != un2
116 assert un != un3
117 assert un != object()
118
Paul Kehrer2b622582015-04-15 11:04:29 -0400[diff] [blame]119
Paul Kehrer2b622582015-04-15 11:04:29 -0400[diff] [blame]120class TestPolicyInformation(object):
121 def test_invalid_policy_identifier(self):
122 with pytest.raises(TypeError):
123 x509.PolicyInformation("notanoid", None)
124
125 def test_none_policy_qualifiers(self):
126 pi = x509.PolicyInformation(x509.ObjectIdentifier("1.2.3"), None)
127 assert pi.policy_identifier == x509.ObjectIdentifier("1.2.3")
128 assert pi.policy_qualifiers is None
129
130 def test_policy_qualifiers(self):
Paul Kehrerba35b3b2015-05-10 13:07:59 -0500[diff] [blame]131 pq = [u"string"]
Paul Kehrer2b622582015-04-15 11:04:29 -0400[diff] [blame]132 pi = x509.PolicyInformation(x509.ObjectIdentifier("1.2.3"), pq)
133 assert pi.policy_identifier == x509.ObjectIdentifier("1.2.3")
134 assert pi.policy_qualifiers == pq
135
136 def test_invalid_policy_identifiers(self):
137 with pytest.raises(TypeError):
138 x509.PolicyInformation(x509.ObjectIdentifier("1.2.3"), [1, 2])
139
140 def test_repr(self):
Paul Kehrer73be2ca2015-05-11 21:22:38 -0500[diff] [blame]141 pq = [u"string", x509.UserNotice(None, u"hi")]
Paul Kehrer2b622582015-04-15 11:04:29 -0400[diff] [blame]142 pi = x509.PolicyInformation(x509.ObjectIdentifier("1.2.3"), pq)
Paul Kehrerba35b3b2015-05-10 13:07:59 -0500[diff] [blame]143 if six.PY3:
144 assert repr(pi) == (
145 "<PolicyInformation(policy_identifier=<ObjectIdentifier(oid=1."
146 "2.3, name=Unknown OID)>, policy_qualifiers=['string', <UserNo"
Paul Kehrer9aaef9e2015-05-11 10:49:20 -0500[diff] [blame]147 "tice(notice_reference=None, explicit_text='hi')>])>"
Paul Kehrerba35b3b2015-05-10 13:07:59 -0500[diff] [blame]148 )
149 else:
150 assert repr(pi) == (
151 "<PolicyInformation(policy_identifier=<ObjectIdentifier(oid=1."
152 "2.3, name=Unknown OID)>, policy_qualifiers=[u'string', <UserN"
Paul Kehrer73be2ca2015-05-11 21:22:38 -0500[diff] [blame]153 "otice(notice_reference=None, explicit_text=u'hi')>])>"
Paul Kehrerba35b3b2015-05-10 13:07:59 -0500[diff] [blame]154 )
Paul Kehrer2b622582015-04-15 11:04:29 -0400[diff] [blame]155
Paul Kehrerc56ab622015-05-03 09:56:31 -0500[diff] [blame]156 def test_eq(self):
157 pi = x509.PolicyInformation(
158 x509.ObjectIdentifier("1.2.3"),
159 [u"string", x509.UserNotice(None, u"hi")]
160 )
161 pi2 = x509.PolicyInformation(
162 x509.ObjectIdentifier("1.2.3"),
163 [u"string", x509.UserNotice(None, u"hi")]
164 )
165 assert pi == pi2
166
167 def test_ne(self):
168 pi = x509.PolicyInformation(
169 x509.ObjectIdentifier("1.2.3"), [u"string"]
170 )
171 pi2 = x509.PolicyInformation(
172 x509.ObjectIdentifier("1.2.3"), [u"string2"]
173 )
174 pi3 = x509.PolicyInformation(
175 x509.ObjectIdentifier("1.2.3.4"), [u"string"]
176 )
177 assert pi != pi2
178 assert pi != pi3
179 assert pi != object()
180
Paul Kehrer2b622582015-04-15 11:04:29 -0400[diff] [blame]181
182class TestCertificatePolicies(object):
183 def test_invalid_policies(self):
Paul Kehrerba35b3b2015-05-10 13:07:59 -0500[diff] [blame]184 pq = [u"string"]
Paul Kehrer2b622582015-04-15 11:04:29 -0400[diff] [blame]185 pi = x509.PolicyInformation(x509.ObjectIdentifier("1.2.3"), pq)
186 with pytest.raises(TypeError):
187 x509.CertificatePolicies([1, pi])
188
189 def test_iter_len(self):
Paul Kehrerba35b3b2015-05-10 13:07:59 -0500[diff] [blame]190 pq = [u"string"]
Paul Kehrer2b622582015-04-15 11:04:29 -0400[diff] [blame]191 pi = x509.PolicyInformation(x509.ObjectIdentifier("1.2.3"), pq)
192 cp = x509.CertificatePolicies([pi])
193 assert len(cp) == 1
194 for policyinfo in cp:
195 assert policyinfo == pi
196
197 def test_repr(self):
Paul Kehrerba35b3b2015-05-10 13:07:59 -0500[diff] [blame]198 pq = [u"string"]
Paul Kehrer2b622582015-04-15 11:04:29 -0400[diff] [blame]199 pi = x509.PolicyInformation(x509.ObjectIdentifier("1.2.3"), pq)
200 cp = x509.CertificatePolicies([pi])
Paul Kehrerba35b3b2015-05-10 13:07:59 -0500[diff] [blame]201 if six.PY3:
202 assert repr(cp) == (
203 "<CertificatePolicies([<PolicyInformation(policy_identifier=<O"
204 "bjectIdentifier(oid=1.2.3, name=Unknown OID)>, policy_qualifi"
205 "ers=['string'])>])>"
206 )
207 else:
208 assert repr(cp) == (
209 "<CertificatePolicies([<PolicyInformation(policy_identifier=<O"
210 "bjectIdentifier(oid=1.2.3, name=Unknown OID)>, policy_qualifi"
211 "ers=[u'string'])>])>"
212 )
Paul Kehrer2b622582015-04-15 11:04:29 -0400[diff] [blame]213
Paul Kehrerc56ab622015-05-03 09:56:31 -0500[diff] [blame]214 def test_eq(self):
215 pi = x509.PolicyInformation(
216 x509.ObjectIdentifier("1.2.3"), [u"string"]
217 )
218 cp = x509.CertificatePolicies([pi])
219 pi2 = x509.PolicyInformation(
220 x509.ObjectIdentifier("1.2.3"), [u"string"]
221 )
222 cp2 = x509.CertificatePolicies([pi2])
223 assert cp == cp2
224
225 def test_ne(self):
226 pi = x509.PolicyInformation(
227 x509.ObjectIdentifier("1.2.3"), [u"string"]
228 )
229 cp = x509.CertificatePolicies([pi])
230 pi2 = x509.PolicyInformation(
231 x509.ObjectIdentifier("1.2.3"), [u"string2"]
232 )
233 cp2 = x509.CertificatePolicies([pi2])
234 assert cp != cp2
235 assert cp != object()
236
Paul Kehrer2b622582015-04-15 11:04:29 -0400[diff] [blame]237
Paul Kehrercecbbba2015-03-30 14:58:38 -0500[diff] [blame]238class TestKeyUsage(object):
239 def test_key_agreement_false_encipher_decipher_true(self):
240 with pytest.raises(ValueError):
241 x509.KeyUsage(
242 digital_signature=False,
243 content_commitment=False,
244 key_encipherment=False,
245 data_encipherment=False,
246 key_agreement=False,
247 key_cert_sign=False,
248 crl_sign=False,
249 encipher_only=True,
250 decipher_only=False
251 )
252
253 with pytest.raises(ValueError):
254 x509.KeyUsage(
255 digital_signature=False,
256 content_commitment=False,
257 key_encipherment=False,
258 data_encipherment=False,
259 key_agreement=False,
260 key_cert_sign=False,
261 crl_sign=False,
262 encipher_only=True,
263 decipher_only=True
264 )
265
266 with pytest.raises(ValueError):
267 x509.KeyUsage(
268 digital_signature=False,
269 content_commitment=False,
270 key_encipherment=False,
271 data_encipherment=False,
272 key_agreement=False,
273 key_cert_sign=False,
274 crl_sign=False,
275 encipher_only=False,
276 decipher_only=True
277 )
278
279 def test_properties_key_agreement_true(self):
280 ku = x509.KeyUsage(
281 digital_signature=True,
282 content_commitment=True,
283 key_encipherment=False,
284 data_encipherment=False,
285 key_agreement=False,
286 key_cert_sign=True,
287 crl_sign=False,
288 encipher_only=False,
289 decipher_only=False
290 )
291 assert ku.digital_signature is True
292 assert ku.content_commitment is True
293 assert ku.key_encipherment is False
294 assert ku.data_encipherment is False
295 assert ku.key_agreement is False
296 assert ku.key_cert_sign is True
297 assert ku.crl_sign is False
298
299 def test_key_agreement_true_properties(self):
300 ku = x509.KeyUsage(
301 digital_signature=False,
302 content_commitment=False,
303 key_encipherment=False,
304 data_encipherment=False,
305 key_agreement=True,
306 key_cert_sign=False,
307 crl_sign=False,
308 encipher_only=False,
309 decipher_only=True
310 )
311 assert ku.key_agreement is True
312 assert ku.encipher_only is False
313 assert ku.decipher_only is True
314
315 def test_key_agreement_false_properties(self):
316 ku = x509.KeyUsage(
317 digital_signature=False,
318 content_commitment=False,
319 key_encipherment=False,
320 data_encipherment=False,
321 key_agreement=False,
322 key_cert_sign=False,
323 crl_sign=False,
324 encipher_only=False,
325 decipher_only=False
326 )
327 assert ku.key_agreement is False
328 with pytest.raises(ValueError):
329 ku.encipher_only
330
331 with pytest.raises(ValueError):
332 ku.decipher_only
333
Paul Kehrerac3e5bb2015-04-02 23:07:10 -0500[diff] [blame]334 def test_repr_key_agreement_false(self):
335 ku = x509.KeyUsage(
336 digital_signature=True,
337 content_commitment=True,
338 key_encipherment=False,
339 data_encipherment=False,
340 key_agreement=False,
341 key_cert_sign=True,
342 crl_sign=False,
343 encipher_only=False,
344 decipher_only=False
345 )
346 assert repr(ku) == (
347 "<KeyUsage(digital_signature=True, content_commitment=True, key_en"
348 "cipherment=False, data_encipherment=False, key_agreement=False, k"
Paul Kehrerb372e672015-04-15 11:05:24 -0400[diff] [blame]349 "ey_cert_sign=True, crl_sign=False, encipher_only=None, decipher_o"
350 "nly=None)>"
Paul Kehrerac3e5bb2015-04-02 23:07:10 -0500[diff] [blame]351 )
352
353 def test_repr_key_agreement_true(self):
354 ku = x509.KeyUsage(
355 digital_signature=True,
356 content_commitment=True,
357 key_encipherment=False,
358 data_encipherment=False,
359 key_agreement=True,
360 key_cert_sign=True,
361 crl_sign=False,
362 encipher_only=False,
363 decipher_only=False
364 )
365 assert repr(ku) == (
366 "<KeyUsage(digital_signature=True, content_commitment=True, key_en"
367 "cipherment=False, data_encipherment=False, key_agreement=True, k"
368 "ey_cert_sign=True, crl_sign=False, encipher_only=False, decipher_"
369 "only=False)>"
370 )
371
Paul Kehrercecbbba2015-03-30 14:58:38 -0500[diff] [blame]372
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]373class TestSubjectKeyIdentifier(object):
374 def test_properties(self):
Paul Kehrercbfb1012015-04-10 20:57:20 -0400[diff] [blame]375 value = binascii.unhexlify(b"092384932230498bc980aa8098456f6ff7ff3ac9")
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]376 ski = x509.SubjectKeyIdentifier(value)
377 assert ski.digest == value
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]378
379 def test_repr(self):
380 ski = x509.SubjectKeyIdentifier(
Paul Kehreree997262015-04-04 12:20:28 -0500[diff] [blame]381 binascii.unhexlify(b"092384932230498bc980aa8098456f6ff7ff3ac9")
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]382 )
383 ext = x509.Extension(x509.OID_SUBJECT_KEY_IDENTIFIER, False, ski)
Paul Kehrercbfb1012015-04-10 20:57:20 -0400[diff] [blame]384 if six.PY3:
385 assert repr(ext) == (
386 "<Extension(oid=<ObjectIdentifier(oid=2.5.29.14, name=subjectK"
387 "eyIdentifier)>, critical=False, value=<SubjectKeyIdentifier(d"
388 "igest=b\'\\t#\\x84\\x93\"0I\\x8b\\xc9\\x80\\xaa\\x80\\x98Eoo"
389 "\\xf7\\xff:\\xc9\')>)>"
390 )
391 else:
392 assert repr(ext) == (
393 "<Extension(oid=<ObjectIdentifier(oid=2.5.29.14, name=subjectK"
394 "eyIdentifier)>, critical=False, value=<SubjectKeyIdentifier(d"
395 "igest=\'\\t#\\x84\\x93\"0I\\x8b\\xc9\\x80\\xaa\\x80\\x98Eoo"
396 "\\xf7\\xff:\\xc9\')>)>"
397 )
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]398
399 def test_eq(self):
400 ski = x509.SubjectKeyIdentifier(
Paul Kehreree997262015-04-04 12:20:28 -0500[diff] [blame]401 binascii.unhexlify(b"092384932230498bc980aa8098456f6ff7ff3ac9")
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]402 )
403 ski2 = x509.SubjectKeyIdentifier(
Paul Kehreree997262015-04-04 12:20:28 -0500[diff] [blame]404 binascii.unhexlify(b"092384932230498bc980aa8098456f6ff7ff3ac9")
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]405 )
406 assert ski == ski2
407
408 def test_ne(self):
409 ski = x509.SubjectKeyIdentifier(
Paul Kehreree997262015-04-04 12:20:28 -0500[diff] [blame]410 binascii.unhexlify(b"092384932230498bc980aa8098456f6ff7ff3ac9")
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]411 )
412 ski2 = x509.SubjectKeyIdentifier(
Paul Kehreree997262015-04-04 12:20:28 -0500[diff] [blame]413 binascii.unhexlify(b"aa8098456f6ff7ff3ac9092384932230498bc980")
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]414 )
415 assert ski != ski2
416 assert ski != object()
417
418
Paul Kehrer2eb4ed92015-04-11 15:33:45 -0400[diff] [blame]419class TestAuthorityKeyIdentifier(object):
Paul Kehrerc6e0f062015-05-03 11:04:34 -0500[diff] [blame]420 def test_authority_cert_issuer_not_generalname(self):
Paul Kehrer2eb4ed92015-04-11 15:33:45 -0400[diff] [blame]421 with pytest.raises(TypeError):
Paul Kehrerc6e0f062015-05-03 11:04:34 -0500[diff] [blame]422 x509.AuthorityKeyIdentifier(b"identifier", ["notname"], 3)
Paul Kehrer2eb4ed92015-04-11 15:33:45 -0400[diff] [blame]423
424 def test_authority_cert_serial_number_not_integer(self):
Paul Kehrerc6e0f062015-05-03 11:04:34 -0500[diff] [blame]425 dirname = x509.DirectoryName(
426 x509.Name([
427 x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value1'),
428 x509.NameAttribute(x509.ObjectIdentifier('oid2'), 'value2'),
429 ])
430 )
Paul Kehrer2eb4ed92015-04-11 15:33:45 -0400[diff] [blame]431 with pytest.raises(TypeError):
Paul Kehrerc6e0f062015-05-03 11:04:34 -0500[diff] [blame]432 x509.AuthorityKeyIdentifier(b"identifier", [dirname], "notanint")
Paul Kehrer2eb4ed92015-04-11 15:33:45 -0400[diff] [blame]433
434 def test_authority_issuer_none_serial_not_none(self):
435 with pytest.raises(ValueError):
436 x509.AuthorityKeyIdentifier(b"identifier", None, 3)
437
438 def test_authority_issuer_not_none_serial_none(self):
Paul Kehrerc6e0f062015-05-03 11:04:34 -0500[diff] [blame]439 dirname = x509.DirectoryName(
440 x509.Name([
441 x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value1'),
442 x509.NameAttribute(x509.ObjectIdentifier('oid2'), 'value2'),
443 ])
444 )
Paul Kehrer2eb4ed92015-04-11 15:33:45 -0400[diff] [blame]445 with pytest.raises(ValueError):
Paul Kehrerc6e0f062015-05-03 11:04:34 -0500[diff] [blame]446 x509.AuthorityKeyIdentifier(b"identifier", [dirname], None)
Paul Kehrer2eb4ed92015-04-11 15:33:45 -0400[diff] [blame]447
448 def test_authority_cert_serial_and_issuer_none(self):
449 aki = x509.AuthorityKeyIdentifier(b"id", None, None)
450 assert aki.key_identifier == b"id"
451 assert aki.authority_cert_issuer is None
452 assert aki.authority_cert_serial_number is None
453
454 def test_repr(self):
Paul Kehrerc6e0f062015-05-03 11:04:34 -0500[diff] [blame]455 dirname = x509.DirectoryName(
456 x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, 'myCN')])
457 )
458 aki = x509.AuthorityKeyIdentifier(b"digest", [dirname], 1234)
Paul Kehrer2eb4ed92015-04-11 15:33:45 -0400[diff] [blame]459
460 if six.PY3:
461 assert repr(aki) == (
462 "<AuthorityKeyIdentifier(key_identifier=b'digest', authority_"
Paul Kehrerc6e0f062015-05-03 11:04:34 -0500[diff] [blame]463 "cert_issuer=[<DirectoryName(value=<Name([<NameAttribute(oid="
464 "<ObjectIdentifier(oid=2.5.4.3, name=commonName)>, value='myC"
465 "N')>])>)>], authority_cert_serial_number=1234)>"
Paul Kehrer2eb4ed92015-04-11 15:33:45 -0400[diff] [blame]466 )
467 else:
468 assert repr(aki) == (
469 "<AuthorityKeyIdentifier(key_identifier='digest', authority_ce"
Paul Kehrerc6e0f062015-05-03 11:04:34 -0500[diff] [blame]470 "rt_issuer=[<DirectoryName(value=<Name([<NameAttribute(oid=<Ob"
471 "jectIdentifier(oid=2.5.4.3, name=commonName)>, value='myCN')>"
472 "])>)>], authority_cert_serial_number=1234)>"
Paul Kehrer2eb4ed92015-04-11 15:33:45 -0400[diff] [blame]473 )
474
Paul Kehrer2ca2eb32015-05-03 10:04:57 -0500[diff] [blame]475 def test_eq(self):
476 dirname = x509.DirectoryName(
477 x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, 'myCN')])
478 )
479 aki = x509.AuthorityKeyIdentifier(b"digest", [dirname], 1234)
480 dirname2 = x509.DirectoryName(
481 x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, 'myCN')])
482 )
483 aki2 = x509.AuthorityKeyIdentifier(b"digest", [dirname2], 1234)
484 assert aki == aki2
485
486 def test_ne(self):
487 dirname = x509.DirectoryName(
488 x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, 'myCN')])
489 )
490 dirname5 = x509.DirectoryName(
491 x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, 'aCN')])
492 )
493 aki = x509.AuthorityKeyIdentifier(b"digest", [dirname], 1234)
494 aki2 = x509.AuthorityKeyIdentifier(b"diges", [dirname], 1234)
495 aki3 = x509.AuthorityKeyIdentifier(b"digest", None, None)
496 aki4 = x509.AuthorityKeyIdentifier(b"digest", [dirname], 12345)
497 aki5 = x509.AuthorityKeyIdentifier(b"digest", [dirname5], 12345)
498 assert aki != aki2
499 assert aki != aki3
500 assert aki != aki4
501 assert aki != aki5
502 assert aki != object()
503
Paul Kehrer2eb4ed92015-04-11 15:33:45 -0400[diff] [blame]504
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]505class TestBasicConstraints(object):
506 def test_ca_not_boolean(self):
507 with pytest.raises(TypeError):
Paul Kehrera5c6e9a2015-03-23 19:23:43 -0500[diff] [blame]508 x509.BasicConstraints(ca="notbool", path_length=None)
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]509
510 def test_path_length_not_ca(self):
511 with pytest.raises(ValueError):
Paul Kehrera5c6e9a2015-03-23 19:23:43 -0500[diff] [blame]512 x509.BasicConstraints(ca=False, path_length=0)
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]513
514 def test_path_length_not_int(self):
515 with pytest.raises(TypeError):
Paul Kehrera5c6e9a2015-03-23 19:23:43 -0500[diff] [blame]516 x509.BasicConstraints(ca=True, path_length=1.1)
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]517
518 with pytest.raises(TypeError):
Paul Kehrera5c6e9a2015-03-23 19:23:43 -0500[diff] [blame]519 x509.BasicConstraints(ca=True, path_length="notint")
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]520
521 def test_path_length_negative(self):
522 with pytest.raises(TypeError):
Paul Kehrera5c6e9a2015-03-23 19:23:43 -0500[diff] [blame]523 x509.BasicConstraints(ca=True, path_length=-1)
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]524
525 def test_repr(self):
Paul Kehrera5c6e9a2015-03-23 19:23:43 -0500[diff] [blame]526 na = x509.BasicConstraints(ca=True, path_length=None)
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]527 assert repr(na) == (
Paul Kehrer85894662015-03-22 13:19:31 -0500[diff] [blame]528 "<BasicConstraints(ca=True, path_length=None)>"
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]529 )
Paul Kehrerfbb7ac82015-03-16 19:26:29 -0500[diff] [blame]530
531
Paul Kehrerffa2a152015-03-31 08:18:25 -0500[diff] [blame]532class TestExtendedKeyUsage(object):
533 def test_not_all_oids(self):
534 with pytest.raises(TypeError):
535 x509.ExtendedKeyUsage(["notoid"])
536
537 def test_iter_len(self):
538 eku = x509.ExtendedKeyUsage([
539 x509.ObjectIdentifier("1.3.6.1.5.5.7.3.1"),
540 x509.ObjectIdentifier("1.3.6.1.5.5.7.3.2"),
541 ])
542 assert len(eku) == 2
543 assert list(eku) == [
544 x509.OID_SERVER_AUTH,
545 x509.OID_CLIENT_AUTH
546 ]
547
Paul Kehrer23d10c32015-04-02 23:12:32 -0500[diff] [blame]548 def test_repr(self):
549 eku = x509.ExtendedKeyUsage([
550 x509.ObjectIdentifier("1.3.6.1.5.5.7.3.1"),
551 x509.ObjectIdentifier("1.3.6.1.5.5.7.3.2"),
552 ])
553 assert repr(eku) == (
554 "<ExtendedKeyUsage([<ObjectIdentifier(oid=1.3.6.1.5.5.7.3.1, name="
555 "serverAuth)>, <ObjectIdentifier(oid=1.3.6.1.5.5.7.3.2, name=clien"
556 "tAuth)>])>"
557 )
558
Paul Kehrerb0476172015-05-02 19:34:51 -0500[diff] [blame]559 def test_eq(self):
560 eku = x509.ExtendedKeyUsage([
561 x509.ObjectIdentifier("1.3.6"), x509.ObjectIdentifier("1.3.7")
562 ])
563 eku2 = x509.ExtendedKeyUsage([
564 x509.ObjectIdentifier("1.3.6"), x509.ObjectIdentifier("1.3.7")
565 ])
566 assert eku == eku2
567
568 def test_ne(self):
569 eku = x509.ExtendedKeyUsage([x509.ObjectIdentifier("1.3.6")])
570 eku2 = x509.ExtendedKeyUsage([x509.ObjectIdentifier("1.3.6.1")])
571 assert eku != eku2
572 assert eku != object()
573
Paul Kehrerffa2a152015-03-31 08:18:25 -0500[diff] [blame]574
Paul Kehrerfbb7ac82015-03-16 19:26:29 -0500[diff] [blame]575@pytest.mark.requires_backend_interface(interface=RSABackend)
576@pytest.mark.requires_backend_interface(interface=X509Backend)
577class TestExtensions(object):
578 def test_no_extensions(self, backend):
579 cert = _load_cert(
580 os.path.join("x509", "verisign_md2_root.pem"),
581 x509.load_pem_x509_certificate,
582 backend
583 )
584 ext = cert.extensions
585 assert len(ext) == 0
586 assert list(ext) == []
Paul Kehrerfa56a232015-03-17 13:14:03 -0500[diff] [blame]587 with pytest.raises(x509.ExtensionNotFound) as exc:
588 ext.get_extension_for_oid(x509.OID_BASIC_CONSTRAINTS)
589
590 assert exc.value.oid == x509.OID_BASIC_CONSTRAINTS
591
592 def test_one_extension(self, backend):
593 cert = _load_cert(
594 os.path.join(
595 "x509", "custom", "basic_constraints_not_critical.pem"
596 ),
597 x509.load_pem_x509_certificate,
598 backend
599 )
600 extensions = cert.extensions
601 ext = extensions.get_extension_for_oid(x509.OID_BASIC_CONSTRAINTS)
602 assert ext is not None
603 assert ext.value.ca is False
Paul Kehrerfbb7ac82015-03-16 19:26:29 -0500[diff] [blame]604
605 def test_duplicate_extension(self, backend):
606 cert = _load_cert(
607 os.path.join(
608 "x509", "custom", "two_basic_constraints.pem"
609 ),
610 x509.load_pem_x509_certificate,
611 backend
612 )
613 with pytest.raises(x509.DuplicateExtension) as exc:
614 cert.extensions
615
616 assert exc.value.oid == x509.OID_BASIC_CONSTRAINTS
617
618 def test_unsupported_critical_extension(self, backend):
619 cert = _load_cert(
620 os.path.join(
621 "x509", "custom", "unsupported_extension_critical.pem"
622 ),
623 x509.load_pem_x509_certificate,
624 backend
625 )
626 with pytest.raises(x509.UnsupportedExtension) as exc:
627 cert.extensions
628
629 assert exc.value.oid == x509.ObjectIdentifier("1.2.3.4")
630
631 def test_unsupported_extension(self, backend):
632 # TODO: this will raise an exception when all extensions are complete
633 cert = _load_cert(
634 os.path.join(
635 "x509", "custom", "unsupported_extension.pem"
636 ),
637 x509.load_pem_x509_certificate,
638 backend
639 )
640 extensions = cert.extensions
641 assert len(extensions) == 0
Paul Kehrerfa56a232015-03-17 13:14:03 -0500[diff] [blame]642
643
644@pytest.mark.requires_backend_interface(interface=RSABackend)
645@pytest.mark.requires_backend_interface(interface=X509Backend)
Paul Kehrerde813ea2015-03-28 12:44:34 -0500[diff] [blame]646class TestBasicConstraintsExtension(object):
Paul Kehrerfa56a232015-03-17 13:14:03 -0500[diff] [blame]647 def test_ca_true_pathlen_6(self, backend):
648 cert = _load_cert(
649 os.path.join(
650 "x509", "PKITS_data", "certs", "pathLenConstraint6CACert.crt"
651 ),
652 x509.load_der_x509_certificate,
653 backend
654 )
655 ext = cert.extensions.get_extension_for_oid(
656 x509.OID_BASIC_CONSTRAINTS
657 )
658 assert ext is not None
659 assert ext.critical is True
660 assert ext.value.ca is True
661 assert ext.value.path_length == 6
662
663 def test_path_length_zero(self, backend):
664 cert = _load_cert(
665 os.path.join("x509", "custom", "bc_path_length_zero.pem"),
666 x509.load_pem_x509_certificate,
667 backend
668 )
669 ext = cert.extensions.get_extension_for_oid(
670 x509.OID_BASIC_CONSTRAINTS
671 )
672 assert ext is not None
673 assert ext.critical is True
674 assert ext.value.ca is True
675 assert ext.value.path_length == 0
676
677 def test_ca_true_no_pathlen(self, backend):
678 cert = _load_cert(
679 os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"),
680 x509.load_der_x509_certificate,
681 backend
682 )
683 ext = cert.extensions.get_extension_for_oid(
684 x509.OID_BASIC_CONSTRAINTS
685 )
686 assert ext is not None
687 assert ext.critical is True
688 assert ext.value.ca is True
689 assert ext.value.path_length is None
690
691 def test_ca_false(self, backend):
692 cert = _load_cert(
693 os.path.join("x509", "cryptography.io.pem"),
694 x509.load_pem_x509_certificate,
695 backend
696 )
697 ext = cert.extensions.get_extension_for_oid(
698 x509.OID_BASIC_CONSTRAINTS
699 )
700 assert ext is not None
701 assert ext.critical is True
702 assert ext.value.ca is False
703 assert ext.value.path_length is None
704
705 def test_no_basic_constraints(self, backend):
706 cert = _load_cert(
707 os.path.join(
708 "x509",
709 "PKITS_data",
710 "certs",
711 "ValidCertificatePathTest1EE.crt"
712 ),
713 x509.load_der_x509_certificate,
714 backend
715 )
716 with pytest.raises(x509.ExtensionNotFound):
717 cert.extensions.get_extension_for_oid(x509.OID_BASIC_CONSTRAINTS)
718
719 def test_basic_constraint_not_critical(self, backend):
720 cert = _load_cert(
721 os.path.join(
722 "x509", "custom", "basic_constraints_not_critical.pem"
723 ),
724 x509.load_pem_x509_certificate,
725 backend
726 )
727 ext = cert.extensions.get_extension_for_oid(
728 x509.OID_BASIC_CONSTRAINTS
729 )
730 assert ext is not None
731 assert ext.critical is False
732 assert ext.value.ca is False
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]733
734
735@pytest.mark.requires_backend_interface(interface=RSABackend)
736@pytest.mark.requires_backend_interface(interface=X509Backend)
737class TestSubjectKeyIdentifierExtension(object):
738 def test_subject_key_identifier(self, backend):
739 cert = _load_cert(
740 os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"),
741 x509.load_der_x509_certificate,
742 backend
743 )
744 ext = cert.extensions.get_extension_for_oid(
745 x509.OID_SUBJECT_KEY_IDENTIFIER
746 )
747 ski = ext.value
748 assert ext is not None
749 assert ext.critical is False
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]750 assert ski.digest == binascii.unhexlify(
Paul Kehreree997262015-04-04 12:20:28 -0500[diff] [blame]751 b"580184241bbc2b52944a3da510721451f5af3ac9"
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]752 )
753
754 def test_no_subject_key_identifier(self, backend):
755 cert = _load_cert(
756 os.path.join("x509", "custom", "bc_path_length_zero.pem"),
757 x509.load_pem_x509_certificate,
758 backend
759 )
760 with pytest.raises(x509.ExtensionNotFound):
761 cert.extensions.get_extension_for_oid(
762 x509.OID_SUBJECT_KEY_IDENTIFIER
763 )
Paul Kehrer5508ee22015-04-02 19:31:03 -0500[diff] [blame]764
765
766@pytest.mark.requires_backend_interface(interface=RSABackend)
767@pytest.mark.requires_backend_interface(interface=X509Backend)
768class TestKeyUsageExtension(object):
769 def test_no_key_usage(self, backend):
770 cert = _load_cert(
771 os.path.join("x509", "verisign_md2_root.pem"),
772 x509.load_pem_x509_certificate,
773 backend
774 )
775 ext = cert.extensions
776 with pytest.raises(x509.ExtensionNotFound) as exc:
777 ext.get_extension_for_oid(x509.OID_KEY_USAGE)
778
779 assert exc.value.oid == x509.OID_KEY_USAGE
780
781 def test_all_purposes(self, backend):
782 cert = _load_cert(
783 os.path.join(
784 "x509", "custom", "all_key_usages.pem"
785 ),
786 x509.load_pem_x509_certificate,
787 backend
788 )
789 extensions = cert.extensions
790 ext = extensions.get_extension_for_oid(x509.OID_KEY_USAGE)
791 assert ext is not None
792
793 ku = ext.value
794 assert ku.digital_signature is True
795 assert ku.content_commitment is True
796 assert ku.key_encipherment is True
797 assert ku.data_encipherment is True
798 assert ku.key_agreement is True
799 assert ku.key_cert_sign is True
800 assert ku.crl_sign is True
801 assert ku.encipher_only is True
802 assert ku.decipher_only is True
803
804 def test_key_cert_sign_crl_sign(self, backend):
805 cert = _load_cert(
806 os.path.join(
807 "x509", "PKITS_data", "certs", "pathLenConstraint6CACert.crt"
808 ),
809 x509.load_der_x509_certificate,
810 backend
811 )
812 ext = cert.extensions.get_extension_for_oid(x509.OID_KEY_USAGE)
813 assert ext is not None
814 assert ext.critical is True
815
816 ku = ext.value
817 assert ku.digital_signature is False
818 assert ku.content_commitment is False
819 assert ku.key_encipherment is False
820 assert ku.data_encipherment is False
821 assert ku.key_agreement is False
822 assert ku.key_cert_sign is True
823 assert ku.crl_sign is True
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]824
825
826@pytest.mark.parametrize(
827 "name", [
828 x509.RFC822Name,
829 x509.DNSName,
830 x509.UniformResourceIdentifier
831 ]
832)
833class TestTextGeneralNames(object):
834 def test_not_text(self, name):
835 with pytest.raises(TypeError):
836 name(b"notaunicodestring")
837
838 with pytest.raises(TypeError):
839 name(1.3)
840
841 def test_repr(self, name):
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]842 gn = name(u"string")
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]843 assert repr(gn) == "<{0}(value=string)>".format(name.__name__)
844
845 def test_eq(self, name):
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]846 gn = name(u"string")
847 gn2 = name(u"string")
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]848 assert gn == gn2
849
850 def test_ne(self, name):
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]851 gn = name(u"string")
852 gn2 = name(u"string2")
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]853 assert gn != gn2
854 assert gn != object()
855
856
857class TestDirectoryName(object):
858 def test_not_name(self):
859 with pytest.raises(TypeError):
860 x509.DirectoryName(b"notaname")
861
862 with pytest.raises(TypeError):
863 x509.DirectoryName(1.3)
864
865 def test_repr(self):
866 name = x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, 'value1')])
867 gn = x509.DirectoryName(x509.Name([name]))
868 assert repr(gn) == (
869 "<DirectoryName(value=<Name([<Name([<NameAttribute(oid=<ObjectIden"
870 "tifier(oid=2.5.4.3, name=commonName)>, value='value1')>])>])>)>"
871 )
872
873 def test_eq(self):
874 name = x509.Name([
875 x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value1')
876 ])
877 name2 = x509.Name([
878 x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value1')
879 ])
880 gn = x509.DirectoryName(x509.Name([name]))
881 gn2 = x509.DirectoryName(x509.Name([name2]))
882 assert gn == gn2
883
884 def test_ne(self):
885 name = x509.Name([
886 x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value1')
887 ])
888 name2 = x509.Name([
889 x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value2')
890 ])
891 gn = x509.DirectoryName(x509.Name([name]))
892 gn2 = x509.DirectoryName(x509.Name([name2]))
893 assert gn != gn2
894 assert gn != object()
895
896
897class TestRegisteredID(object):
898 def test_not_oid(self):
899 with pytest.raises(TypeError):
900 x509.RegisteredID(b"notanoid")
901
902 with pytest.raises(TypeError):
903 x509.RegisteredID(1.3)
904
905 def test_repr(self):
906 gn = x509.RegisteredID(x509.OID_COMMON_NAME)
907 assert repr(gn) == (
908 "<RegisteredID(value=<ObjectIdentifier(oid=2.5.4.3, name=commonNam"
909 "e)>)>"
910 )
911
912 def test_eq(self):
913 gn = x509.RegisteredID(x509.OID_COMMON_NAME)
914 gn2 = x509.RegisteredID(x509.OID_COMMON_NAME)
915 assert gn == gn2
916
917 def test_ne(self):
918 gn = x509.RegisteredID(x509.OID_COMMON_NAME)
919 gn2 = x509.RegisteredID(x509.OID_BASIC_CONSTRAINTS)
920 assert gn != gn2
921 assert gn != object()
922
923
924class TestIPAddress(object):
925 def test_not_ipaddress(self):
926 with pytest.raises(TypeError):
927 x509.IPAddress(b"notanipaddress")
928
929 with pytest.raises(TypeError):
930 x509.IPAddress(1.3)
931
932 def test_repr(self):
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]933 gn = x509.IPAddress(ipaddress.IPv4Address(u"127.0.0.1"))
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]934 assert repr(gn) == "<IPAddress(value=127.0.0.1)>"
935
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]936 gn2 = x509.IPAddress(ipaddress.IPv6Address(u"ff::"))
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]937 assert repr(gn2) == "<IPAddress(value=ff::)>"
938
939 def test_eq(self):
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]940 gn = x509.IPAddress(ipaddress.IPv4Address(u"127.0.0.1"))
941 gn2 = x509.IPAddress(ipaddress.IPv4Address(u"127.0.0.1"))
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]942 assert gn == gn2
943
944 def test_ne(self):
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]945 gn = x509.IPAddress(ipaddress.IPv4Address(u"127.0.0.1"))
946 gn2 = x509.IPAddress(ipaddress.IPv4Address(u"127.0.0.2"))
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]947 assert gn != gn2
948 assert gn != object()
949
950
951class TestSubjectAlternativeName(object):
952 def test_get_values_for_type(self):
953 san = x509.SubjectAlternativeName(
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]954 [x509.DNSName(u"cryptography.io")]
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]955 )
956 names = san.get_values_for_type(x509.DNSName)
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]957 assert names == [u"cryptography.io"]
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]958
959 def test_iter_names(self):
960 san = x509.SubjectAlternativeName([
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]961 x509.DNSName(u"cryptography.io"),
962 x509.DNSName(u"crypto.local"),
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]963 ])
964 assert len(san) == 2
965 assert list(san) == [
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]966 x509.DNSName(u"cryptography.io"),
967 x509.DNSName(u"crypto.local"),
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]968 ]
969
Paul Kehrerd04b39b2015-04-21 08:44:17 -0500[diff] [blame]970 def test_invalid_general_names(self):
971 with pytest.raises(TypeError):
972 x509.SubjectAlternativeName(
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]973 [x509.DNSName(u"cryptography.io"), "invalid"]
Paul Kehrerd04b39b2015-04-21 08:44:17 -0500[diff] [blame]974 )
975
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]976 def test_repr(self):
977 san = x509.SubjectAlternativeName(
978 [
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]979 x509.DNSName(u"cryptography.io")
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]980 ]
981 )
982 assert repr(san) == (
983 "<SubjectAlternativeName([<DNSName(value=cryptography.io)>])>"
984 )
Paul Kehrer40f83382015-04-20 15:00:16 -0500[diff] [blame]985
986
987@pytest.mark.requires_backend_interface(interface=RSABackend)
988@pytest.mark.requires_backend_interface(interface=X509Backend)
989class TestRSASubjectAlternativeNameExtension(object):
990 def test_dns_name(self, backend):
991 cert = _load_cert(
992 os.path.join("x509", "cryptography.io.pem"),
993 x509.load_pem_x509_certificate,
994 backend
995 )
996 ext = cert.extensions.get_extension_for_oid(
997 x509.OID_SUBJECT_ALTERNATIVE_NAME
998 )
999 assert ext is not None
1000 assert ext.critical is False
1001
1002 san = ext.value
1003
1004 dns = san.get_values_for_type(x509.DNSName)
1005 assert dns == [u"www.cryptography.io", u"cryptography.io"]
Paul Kehrer9089c912015-04-20 22:15:20 -0500[diff] [blame]1006
1007 def test_unsupported_other_name(self, backend):
1008 cert = _load_cert(
1009 os.path.join(
1010 "x509", "custom", "san_other_name.pem"
1011 ),
1012 x509.load_pem_x509_certificate,
1013 backend
1014 )
Paul Kehrerbed07352015-04-21 08:31:10 -0500[diff] [blame]1015 with pytest.raises(x509.UnsupportedGeneralNameType) as exc:
Paul Kehrer9089c912015-04-20 22:15:20 -0500[diff] [blame]1016 cert.extensions
Paul Kehrerbed07352015-04-21 08:31:10 -0500[diff] [blame]1017
Paul Kehrer0a621bf2015-04-22 09:22:56 -0500[diff] [blame]1018 assert exc.value.type == 0
Paul Kehrer4db96622015-04-20 22:17:39 -0500[diff] [blame]1019
1020 def test_registered_id(self, backend):
1021 cert = _load_cert(
1022 os.path.join(
1023 "x509", "custom", "san_registered_id.pem"
1024 ),
1025 x509.load_pem_x509_certificate,
1026 backend
1027 )
1028 ext = cert.extensions.get_extension_for_oid(
1029 x509.OID_SUBJECT_ALTERNATIVE_NAME
1030 )
1031 assert ext is not None
1032 assert ext.critical is False
1033
1034 san = ext.value
1035 rid = san.get_values_for_type(x509.RegisteredID)
1036 assert rid == [x509.ObjectIdentifier("1.2.3.4")]
Paul Kehrerb8ef82e2015-04-22 16:04:24 -0500[diff] [blame]1037
1038 def test_uri(self, backend):
1039 cert = _load_cert(
1040 os.path.join(
1041 "x509", "custom", "san_uri_with_port.pem"
1042 ),
1043 x509.load_pem_x509_certificate,
1044 backend
1045 )
1046 ext = cert.extensions.get_extension_for_oid(
1047 x509.OID_SUBJECT_ALTERNATIVE_NAME
1048 )
1049 assert ext is not None
1050 uri = ext.value.get_values_for_type(
1051 x509.UniformResourceIdentifier
1052 )
1053 assert uri == [
1054 u"gopher://\u043f\u044b\u043a\u0430.cryptography:70/path?q=s#hel"
1055 u"lo",
1056 u"http://someregulardomain.com",
1057 ]
Paul Kehrera5f030c2015-04-28 08:33:18 -0500[diff] [blame]1058
1059 def test_ipaddress(self, backend):
1060 cert = _load_cert(
1061 os.path.join(
1062 "x509", "custom", "san_ipaddr.pem"
1063 ),
1064 x509.load_pem_x509_certificate,
1065 backend
1066 )
1067 ext = cert.extensions.get_extension_for_oid(
1068 x509.OID_SUBJECT_ALTERNATIVE_NAME
1069 )
1070 assert ext is not None
1071 assert ext.critical is False
1072
1073 san = ext.value
1074
1075 ip = san.get_values_for_type(x509.IPAddress)
1076 assert [
1077 ipaddress.ip_address(u"127.0.0.1"),
1078 ipaddress.ip_address(u"ff::")
1079 ] == ip
Paul Kehrer2187a052015-04-30 08:22:07 -0500[diff] [blame]1080
1081 def test_dirname(self, backend):
1082 cert = _load_cert(
1083 os.path.join(
1084 "x509", "custom", "san_dirname.pem"
1085 ),
1086 x509.load_pem_x509_certificate,
1087 backend
1088 )
1089 ext = cert.extensions.get_extension_for_oid(
1090 x509.OID_SUBJECT_ALTERNATIVE_NAME
1091 )
1092 assert ext is not None
1093 assert ext.critical is False
1094
1095 san = ext.value
1096
1097 dirname = san.get_values_for_type(x509.DirectoryName)
1098 assert [
1099 x509.Name([
1100 x509.NameAttribute(x509.OID_COMMON_NAME, 'test'),
1101 x509.NameAttribute(x509.OID_ORGANIZATION_NAME, 'Org'),
1102 x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, 'Texas'),
1103 ])
1104 ] == dirname
Paul Kehrere06cab42015-04-30 10:23:33 -0500[diff] [blame]1105
1106 def test_rfc822name(self, backend):
1107 cert = _load_cert(
1108 os.path.join(
1109 "x509", "custom", "san_rfc822_idna.pem"
1110 ),
1111 x509.load_pem_x509_certificate,
1112 backend
1113 )
1114 ext = cert.extensions.get_extension_for_oid(
1115 x509.OID_SUBJECT_ALTERNATIVE_NAME
1116 )
1117 assert ext is not None
1118 assert ext.critical is False
1119
1120 san = ext.value
1121
1122 rfc822name = san.get_values_for_type(x509.RFC822Name)
1123 assert [u"email@em\xe5\xefl.com"] == rfc822name
1124
1125 def test_unicode_rfc822_name_dns_name_uri(self, backend):
1126 cert = _load_cert(
1127 os.path.join(
1128 "x509", "custom", "san_idna_names.pem"
1129 ),
1130 x509.load_pem_x509_certificate,
1131 backend
1132 )
1133 ext = cert.extensions.get_extension_for_oid(
1134 x509.OID_SUBJECT_ALTERNATIVE_NAME
1135 )
1136 assert ext is not None
1137 rfc822_name = ext.value.get_values_for_type(x509.RFC822Name)
1138 dns_name = ext.value.get_values_for_type(x509.DNSName)
1139 uri = ext.value.get_values_for_type(x509.UniformResourceIdentifier)
1140 assert rfc822_name == [u"email@\u043f\u044b\u043a\u0430.cryptography"]
1141 assert dns_name == [u"\u043f\u044b\u043a\u0430.cryptography"]
1142 assert uri == [u"https://www.\u043f\u044b\u043a\u0430.cryptography"]
1143
1144 def test_rfc822name_dnsname_ipaddress_directoryname_uri(self, backend):
1145 cert = _load_cert(
1146 os.path.join(
1147 "x509", "custom", "san_email_dns_ip_dirname_uri.pem"
1148 ),
1149 x509.load_pem_x509_certificate,
1150 backend
1151 )
1152 ext = cert.extensions.get_extension_for_oid(
1153 x509.OID_SUBJECT_ALTERNATIVE_NAME
1154 )
1155 assert ext is not None
1156 assert ext.critical is False
1157
1158 san = ext.value
1159
1160 rfc822_name = san.get_values_for_type(x509.RFC822Name)
1161 uri = san.get_values_for_type(x509.UniformResourceIdentifier)
1162 dns = san.get_values_for_type(x509.DNSName)
1163 ip = san.get_values_for_type(x509.IPAddress)
1164 dirname = san.get_values_for_type(x509.DirectoryName)
1165 assert [u"user@cryptography.io"] == rfc822_name
Paul Kehrere3a330c2015-05-02 16:42:52 -0500[diff] [blame]1166 assert [u"https://cryptography.io"] == uri
Paul Kehrere06cab42015-04-30 10:23:33 -0500[diff] [blame]1167 assert [u"cryptography.io"] == dns
1168 assert [
1169 x509.Name([
1170 x509.NameAttribute(x509.OID_COMMON_NAME, 'dirCN'),
1171 x509.NameAttribute(
1172 x509.OID_ORGANIZATION_NAME, 'Cryptographic Authority'
1173 ),
1174 ])
1175 ] == dirname
1176 assert [
1177 ipaddress.ip_address(u"127.0.0.1"),
1178 ipaddress.ip_address(u"ff::")
1179 ] == ip
1180
1181 def test_invalid_rfc822name(self, backend):
1182 cert = _load_cert(
1183 os.path.join(
1184 "x509", "custom", "san_rfc822_names.pem"
1185 ),
1186 x509.load_pem_x509_certificate,
1187 backend
1188 )
1189 with pytest.raises(ValueError) as exc:
1190 cert.extensions
1191
1192 assert 'Invalid rfc822name value' in str(exc.value)
Paul Kehrer94c69602015-05-02 19:29:40 -0500[diff] [blame]1193
1194
1195@pytest.mark.requires_backend_interface(interface=RSABackend)
1196@pytest.mark.requires_backend_interface(interface=X509Backend)
1197class TestExtendedKeyUsageExtension(object):
1198 def test_eku(self, backend):
1199 cert = _load_cert(
1200 os.path.join(
1201 "x509", "custom", "extended_key_usage.pem"
1202 ),
1203 x509.load_pem_x509_certificate,
1204 backend
1205 )
1206 ext = cert.extensions.get_extension_for_oid(
1207 x509.OID_EXTENDED_KEY_USAGE
1208 )
1209 assert ext is not None
1210 assert ext.critical is False
1211
1212 assert [
1213 x509.ObjectIdentifier("1.3.6.1.5.5.7.3.1"),
1214 x509.ObjectIdentifier("1.3.6.1.5.5.7.3.2"),
1215 x509.ObjectIdentifier("1.3.6.1.5.5.7.3.3"),
1216 x509.ObjectIdentifier("1.3.6.1.5.5.7.3.4"),
1217 x509.ObjectIdentifier("1.3.6.1.5.5.7.3.9"),
1218 x509.ObjectIdentifier("1.3.6.1.5.5.7.3.8"),
1219 x509.ObjectIdentifier("2.5.29.37.0"),
1220 x509.ObjectIdentifier("2.16.840.1.113730.4.1"),
1221 ] == list(ext.value)
Paul Kehrer3e6d5582015-05-02 21:57:56 -0500[diff] [blame]1222
1223
1224class TestAccessDescription(object):
1225 def test_invalid_access_method(self):
Paul Kehrerf506bca2015-05-02 22:31:47 -0500[diff] [blame]1226 with pytest.raises(ValueError):
Paul Kehrer3e6d5582015-05-02 21:57:56 -0500[diff] [blame]1227 x509.AccessDescription("notanoid", x509.DNSName(u"test"))
1228
1229 def test_invalid_access_location(self):
1230 with pytest.raises(TypeError):
1231 x509.AccessDescription(x509.OID_CA_ISSUERS, "invalid")
1232
1233 def test_repr(self):
1234 ad = x509.AccessDescription(
1235 x509.OID_OCSP,
1236 x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
1237 )
1238 assert repr(ad) == (
1239 "<AccessDescription(access_method=<ObjectIdentifier(oid=1.3.6.1.5."
1240 "5.7.48.1, name=OCSP)>, access_location=<UniformResourceIdentifier"
1241 "(value=http://ocsp.domain.com)>)>"
1242 )
1243
1244 def test_eq(self):
1245 ad = x509.AccessDescription(
1246 x509.OID_OCSP,
1247 x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
1248 )
1249 ad2 = x509.AccessDescription(
1250 x509.OID_OCSP,
1251 x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
1252 )
1253 assert ad == ad2
1254
1255 def test_ne(self):
1256 ad = x509.AccessDescription(
1257 x509.OID_OCSP,
1258 x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
1259 )
1260 ad2 = x509.AccessDescription(
1261 x509.OID_CA_ISSUERS,
1262 x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
1263 )
1264 ad3 = x509.AccessDescription(
1265 x509.OID_OCSP,
1266 x509.UniformResourceIdentifier(u"http://notthesame")
1267 )
1268 assert ad != ad2
1269 assert ad != ad3
1270 assert ad != object()
1271
1272
1273class TestAuthorityInformationAccess(object):
1274 def test_invalid_descriptions(self):
1275 with pytest.raises(TypeError):
1276 x509.AuthorityInformationAccess(["notanAccessDescription"])
1277
1278 def test_iter_len(self):
1279 aia = x509.AuthorityInformationAccess([
1280 x509.AccessDescription(
1281 x509.OID_OCSP,
1282 x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
1283 ),
1284 x509.AccessDescription(
1285 x509.OID_CA_ISSUERS,
1286 x509.UniformResourceIdentifier(u"http://domain.com/ca.crt")
1287 )
1288 ])
1289 assert len(aia) == 2
1290 assert list(aia) == [
1291 x509.AccessDescription(
1292 x509.OID_OCSP,
1293 x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
1294 ),
1295 x509.AccessDescription(
1296 x509.OID_CA_ISSUERS,
1297 x509.UniformResourceIdentifier(u"http://domain.com/ca.crt")
1298 )
1299 ]
1300
1301 def test_repr(self):
1302 aia = x509.AuthorityInformationAccess([
1303 x509.AccessDescription(
1304 x509.OID_OCSP,
1305 x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
1306 ),
1307 x509.AccessDescription(
1308 x509.OID_CA_ISSUERS,
1309 x509.UniformResourceIdentifier(u"http://domain.com/ca.crt")
1310 )
1311 ])
1312 assert repr(aia) == (
1313 "<AuthorityInformationAccess([<AccessDescription(access_method=<Ob"
1314 "jectIdentifier(oid=1.3.6.1.5.5.7.48.1, name=OCSP)>, access_locati"
1315 "on=<UniformResourceIdentifier(value=http://ocsp.domain.com)>)>, <"
1316 "AccessDescription(access_method=<ObjectIdentifier(oid=1.3.6.1.5.5"
1317 ".7.48.2, name=caIssuers)>, access_location=<UniformResourceIdenti"
1318 "fier(value=http://domain.com/ca.crt)>)>])>"
1319 )
1320
1321 def test_eq(self):
1322 aia = x509.AuthorityInformationAccess([
1323 x509.AccessDescription(
1324 x509.OID_OCSP,
1325 x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
1326 ),
1327 x509.AccessDescription(
1328 x509.OID_CA_ISSUERS,
1329 x509.UniformResourceIdentifier(u"http://domain.com/ca.crt")
1330 )
1331 ])
1332 aia2 = x509.AuthorityInformationAccess([
1333 x509.AccessDescription(
1334 x509.OID_OCSP,
1335 x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
1336 ),
1337 x509.AccessDescription(
1338 x509.OID_CA_ISSUERS,
1339 x509.UniformResourceIdentifier(u"http://domain.com/ca.crt")
1340 )
1341 ])
1342 assert aia == aia2
1343
1344 def test_ne(self):
1345 aia = x509.AuthorityInformationAccess([
1346 x509.AccessDescription(
1347 x509.OID_OCSP,
1348 x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
1349 ),
1350 x509.AccessDescription(
1351 x509.OID_CA_ISSUERS,
1352 x509.UniformResourceIdentifier(u"http://domain.com/ca.crt")
1353 )
1354 ])
1355 aia2 = x509.AuthorityInformationAccess([
1356 x509.AccessDescription(
1357 x509.OID_OCSP,
1358 x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
1359 ),
1360 ])
1361
1362 assert aia != aia2
1363 assert aia != object()
Paul Kehrerd774de92015-05-03 10:52:25 -0500[diff] [blame]1364
1365
1366@pytest.mark.requires_backend_interface(interface=RSABackend)
1367@pytest.mark.requires_backend_interface(interface=X509Backend)
Paul Kehrera1476992015-05-04 17:35:47 -0500[diff] [blame]1368class TestAuthorityInformationAccessExtension(object):
1369 def test_aia_ocsp_ca_issuers(self, backend):
1370 cert = _load_cert(
1371 os.path.join("x509", "cryptography.io.pem"),
1372 x509.load_pem_x509_certificate,
1373 backend
1374 )
1375 ext = cert.extensions.get_extension_for_oid(
1376 x509.OID_AUTHORITY_INFORMATION_ACCESS
1377 )
1378 assert ext is not None
1379 assert ext.critical is False
1380
1381 assert ext.value == x509.AuthorityInformationAccess([
1382 x509.AccessDescription(
1383 x509.OID_OCSP,
1384 x509.UniformResourceIdentifier(u"http://gv.symcd.com")
1385 ),
1386 x509.AccessDescription(
1387 x509.OID_CA_ISSUERS,
1388 x509.UniformResourceIdentifier(u"http://gv.symcb.com/gv.crt")
1389 ),
1390 ])
1391
1392 def test_aia_multiple_ocsp_ca_issuers(self, backend):
1393 cert = _load_cert(
1394 os.path.join("x509", "custom", "aia_ocsp_ca_issuers.pem"),
1395 x509.load_pem_x509_certificate,
1396 backend
1397 )
1398 ext = cert.extensions.get_extension_for_oid(
1399 x509.OID_AUTHORITY_INFORMATION_ACCESS
1400 )
1401 assert ext is not None
1402 assert ext.critical is False
1403
1404 assert ext.value == x509.AuthorityInformationAccess([
1405 x509.AccessDescription(
1406 x509.OID_OCSP,
1407 x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
1408 ),
1409 x509.AccessDescription(
1410 x509.OID_OCSP,
1411 x509.UniformResourceIdentifier(u"http://ocsp2.domain.com")
1412 ),
1413 x509.AccessDescription(
1414 x509.OID_CA_ISSUERS,
1415 x509.DirectoryName(x509.Name([
1416 x509.NameAttribute(x509.OID_COMMON_NAME, "myCN"),
1417 x509.NameAttribute(x509.OID_ORGANIZATION_NAME, "some Org"),
1418 ]))
1419 ),
1420 ])
1421
1422 def test_aia_ocsp_only(self, backend):
1423 cert = _load_cert(
1424 os.path.join("x509", "custom", "aia_ocsp.pem"),
1425 x509.load_pem_x509_certificate,
1426 backend
1427 )
1428 ext = cert.extensions.get_extension_for_oid(
1429 x509.OID_AUTHORITY_INFORMATION_ACCESS
1430 )
1431 assert ext is not None
1432 assert ext.critical is False
1433
1434 assert ext.value == x509.AuthorityInformationAccess([
1435 x509.AccessDescription(
1436 x509.OID_OCSP,
1437 x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
1438 ),
1439 ])
1440
1441 def test_aia_ca_issuers_only(self, backend):
1442 cert = _load_cert(
1443 os.path.join("x509", "custom", "aia_ca_issuers.pem"),
1444 x509.load_pem_x509_certificate,
1445 backend
1446 )
1447 ext = cert.extensions.get_extension_for_oid(
1448 x509.OID_AUTHORITY_INFORMATION_ACCESS
1449 )
1450 assert ext is not None
1451 assert ext.critical is False
1452
1453 assert ext.value == x509.AuthorityInformationAccess([
1454 x509.AccessDescription(
1455 x509.OID_CA_ISSUERS,
1456 x509.DirectoryName(x509.Name([
1457 x509.NameAttribute(x509.OID_COMMON_NAME, "myCN"),
1458 x509.NameAttribute(x509.OID_ORGANIZATION_NAME, "some Org"),
1459 ]))
1460 ),
1461 ])
1462
1463
1464@pytest.mark.requires_backend_interface(interface=RSABackend)
1465@pytest.mark.requires_backend_interface(interface=X509Backend)
Paul Kehrerd774de92015-05-03 10:52:25 -0500[diff] [blame]1466class TestAuthorityKeyIdentifierExtension(object):
1467 def test_aki_keyid(self, backend):
1468 cert = _load_cert(
1469 os.path.join(
1470 "x509", "cryptography.io.pem"
1471 ),
1472 x509.load_pem_x509_certificate,
1473 backend
1474 )
1475 ext = cert.extensions.get_extension_for_oid(
1476 x509.OID_AUTHORITY_KEY_IDENTIFIER
1477 )
1478 assert ext is not None
1479 assert ext.critical is False
1480
1481 assert ext.value.key_identifier == (
1482 b"\xc3\x9c\xf3\xfc\xd3F\x084\xbb\xceF\x7f\xa0|[\xf3\xe2\x08\xcbY"
1483 )
1484 assert ext.value.authority_cert_issuer is None
1485 assert ext.value.authority_cert_serial_number is None
1486
1487 def test_aki_all_fields(self, backend):
1488 cert = _load_cert(
1489 os.path.join(
1490 "x509", "custom", "authority_key_identifier.pem"
1491 ),
1492 x509.load_pem_x509_certificate,
1493 backend
1494 )
1495 ext = cert.extensions.get_extension_for_oid(
1496 x509.OID_AUTHORITY_KEY_IDENTIFIER
1497 )
1498 assert ext is not None
1499 assert ext.critical is False
1500
1501 assert ext.value.key_identifier == (
1502 b"9E>\xca=b\x1d\xea\x86I\xf6Z\xab@\xb7\xa4p\x98\xf1\xec"
1503 )
1504 assert ext.value.authority_cert_issuer == [
1505 x509.DirectoryName(
1506 x509.Name([
1507 x509.NameAttribute(
1508 x509.OID_ORGANIZATION_NAME, u"PyCA"
1509 ),
1510 x509.NameAttribute(
1511 x509.OID_COMMON_NAME, u"cryptography.io"
1512 )
1513 ])
1514 )
1515 ]
1516 assert ext.value.authority_cert_serial_number == 3
1517
1518 def test_aki_no_keyid(self, backend):
1519 cert = _load_cert(
1520 os.path.join(
1521 "x509", "custom", "authority_key_identifier_no_keyid.pem"
1522 ),
1523 x509.load_pem_x509_certificate,
1524 backend
1525 )
1526 ext = cert.extensions.get_extension_for_oid(
1527 x509.OID_AUTHORITY_KEY_IDENTIFIER
1528 )
1529 assert ext is not None
1530 assert ext.critical is False
1531
1532 assert ext.value.key_identifier is None
1533 assert ext.value.authority_cert_issuer == [
1534 x509.DirectoryName(
1535 x509.Name([
1536 x509.NameAttribute(
1537 x509.OID_ORGANIZATION_NAME, u"PyCA"
1538 ),
1539 x509.NameAttribute(
1540 x509.OID_COMMON_NAME, u"cryptography.io"
1541 )
1542 ])
1543 )
1544 ]
1545 assert ext.value.authority_cert_serial_number == 3
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1546
1547
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1548class TestDistributionPoint(object):
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1549 def test_distribution_point_full_name_not_general_names(self):
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1550 with pytest.raises(TypeError):
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1551 x509.DistributionPoint(["notgn"], None, None, None)
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1552
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1553 def test_distribution_point_relative_name_not_name(self):
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1554 with pytest.raises(TypeError):
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1555 x509.DistributionPoint(None, "notname", None, None)
1556
1557 def test_distribution_point_full_and_relative_not_none(self):
1558 with pytest.raises(ValueError):
1559 x509.DistributionPoint("data", "notname", None, None)
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1560
1561 def test_crl_issuer_not_general_names(self):
1562 with pytest.raises(TypeError):
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1563 x509.DistributionPoint(None, None, None, ["notgn"])
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1564
1565 def test_reason_not_reasonflags(self):
1566 with pytest.raises(TypeError):
1567 x509.DistributionPoint(
1568 [x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1569 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1570 frozenset(["notreasonflags"]),
1571 None
1572 )
1573
1574 def test_reason_not_frozenset(self):
1575 with pytest.raises(TypeError):
1576 x509.DistributionPoint(
1577 [x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
1578 None,
1579 [x509.ReasonFlags.ca_compromise],
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1580 None
1581 )
1582
1583 def test_disallowed_reasons(self):
1584 with pytest.raises(ValueError):
1585 x509.DistributionPoint(
1586 [x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
1587 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1588 frozenset([x509.ReasonFlags.unspecified]),
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1589 None
1590 )
1591
1592 with pytest.raises(ValueError):
1593 x509.DistributionPoint(
1594 [x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
1595 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1596 frozenset([x509.ReasonFlags.remove_from_crl]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1597 None
1598 )
1599
1600 def test_reason_only(self):
1601 with pytest.raises(ValueError):
1602 x509.DistributionPoint(
1603 None,
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1604 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1605 frozenset([x509.ReasonFlags.aa_compromise]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1606 None
1607 )
1608
1609 def test_eq(self):
1610 dp = x509.DistributionPoint(
1611 [x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1612 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1613 frozenset([x509.ReasonFlags.superseded]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1614 [
1615 x509.DirectoryName(
1616 x509.Name([
1617 x509.NameAttribute(
1618 x509.OID_COMMON_NAME, "Important CA"
1619 )
1620 ])
1621 )
1622 ],
1623 )
1624 dp2 = x509.DistributionPoint(
1625 [x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1626 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1627 frozenset([x509.ReasonFlags.superseded]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1628 [
1629 x509.DirectoryName(
1630 x509.Name([
1631 x509.NameAttribute(
1632 x509.OID_COMMON_NAME, "Important CA"
1633 )
1634 ])
1635 )
1636 ],
1637 )
1638 assert dp == dp2
1639
1640 def test_ne(self):
1641 dp = x509.DistributionPoint(
1642 [x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1643 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1644 frozenset([x509.ReasonFlags.superseded]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1645 [
1646 x509.DirectoryName(
1647 x509.Name([
1648 x509.NameAttribute(
1649 x509.OID_COMMON_NAME, "Important CA"
1650 )
1651 ])
1652 )
1653 ],
1654 )
1655 dp2 = x509.DistributionPoint(
1656 [x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
1657 None,
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1658 None,
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1659 None
1660 )
1661 assert dp != dp2
1662 assert dp != object()
1663
1664 def test_repr(self):
1665 dp = x509.DistributionPoint(
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1666 None,
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1667 x509.Name([
1668 x509.NameAttribute(x509.OID_COMMON_NAME, "myCN")
1669 ]),
Paul Kehrer96ef63c2015-05-09 21:17:04 -0500[diff] [blame]1670 frozenset([x509.ReasonFlags.ca_compromise]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1671 [
1672 x509.DirectoryName(
1673 x509.Name([
1674 x509.NameAttribute(
1675 x509.OID_COMMON_NAME, "Important CA"
1676 )
1677 ])
1678 )
1679 ],
1680 )
Paul Kehrer749da3b2015-05-10 09:58:29 -0500[diff] [blame]1681 if six.PY3:
1682 assert repr(dp) == (
1683 "<DistributionPoint(full_name=None, relative_name=<Name([<Name"
1684 "Attribute(oid=<ObjectIdentifier(oid=2.5.4.3, name=commonName)"
1685 ">, value='myCN')>])>, reasons=frozenset({<ReasonFlags.ca_comp"
1686 "romise: 'cACompromise'>}), crl_issuer=[<DirectoryName(value=<"
1687 "Name([<NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.3, name="
1688 "commonName)>, value='Important CA')>])>)>])>"
1689 )
1690 else:
1691 assert repr(dp) == (
1692 "<DistributionPoint(full_name=None, relative_name=<Name([<Name"
1693 "Attribute(oid=<ObjectIdentifier(oid=2.5.4.3, name=commonName)"
1694 ">, value='myCN')>])>, reasons=frozenset([<ReasonFlags.ca_comp"
1695 "romise: 'cACompromise'>]), crl_issuer=[<DirectoryName(value=<"
1696 "Name([<NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.3, name="
1697 "commonName)>, value='Important CA')>])>)>])>"
1698 )
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1699
1700
1701class TestCRLDistributionPoints(object):
1702 def test_invalid_distribution_points(self):
1703 with pytest.raises(TypeError):
1704 x509.CRLDistributionPoints(["notadistributionpoint"])
1705
1706 def test_iter_len(self):
1707 cdp = x509.CRLDistributionPoints([
1708 x509.DistributionPoint(
1709 [x509.UniformResourceIdentifier(u"http://domain")],
1710 None,
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1711 None,
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1712 None
1713 ),
1714 x509.DistributionPoint(
1715 [x509.UniformResourceIdentifier(u"ftp://domain")],
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1716 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1717 frozenset([
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1718 x509.ReasonFlags.key_compromise,
1719 x509.ReasonFlags.ca_compromise,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1720 ]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1721 None
1722 ),
1723 ])
1724 assert len(cdp) == 2
1725 assert list(cdp) == [
1726 x509.DistributionPoint(
1727 [x509.UniformResourceIdentifier(u"http://domain")],
1728 None,
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1729 None,
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1730 None
1731 ),
1732 x509.DistributionPoint(
1733 [x509.UniformResourceIdentifier(u"ftp://domain")],
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1734 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1735 frozenset([
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1736 x509.ReasonFlags.key_compromise,
1737 x509.ReasonFlags.ca_compromise,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1738 ]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1739 None
1740 ),
1741 ]
1742
1743 def test_repr(self):
1744 cdp = x509.CRLDistributionPoints([
1745 x509.DistributionPoint(
1746 [x509.UniformResourceIdentifier(u"ftp://domain")],
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1747 None,
Paul Kehrer96ef63c2015-05-09 21:17:04 -0500[diff] [blame]1748 frozenset([x509.ReasonFlags.key_compromise]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1749 None
1750 ),
1751 ])
Paul Kehrer749da3b2015-05-10 09:58:29 -0500[diff] [blame]1752 if six.PY3:
1753 assert repr(cdp) == (
1754 "<CRLDistributionPoints([<DistributionPoint(full_name=[<Unifo"
1755 "rmResourceIdentifier(value=ftp://domain)>], relative_name=No"
1756 "ne, reasons=frozenset({<ReasonFlags.key_compromise: 'keyComp"
1757 "romise'>}), crl_issuer=None)>])>"
1758 )
1759 else:
1760 assert repr(cdp) == (
1761 "<CRLDistributionPoints([<DistributionPoint(full_name=[<Unifo"
1762 "rmResourceIdentifier(value=ftp://domain)>], relative_name=No"
1763 "ne, reasons=frozenset([<ReasonFlags.key_compromise: 'keyComp"
1764 "romise'>]), crl_issuer=None)>])>"
1765 )
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1766
1767 def test_eq(self):
1768 cdp = x509.CRLDistributionPoints([
1769 x509.DistributionPoint(
1770 [x509.UniformResourceIdentifier(u"ftp://domain")],
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1771 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1772 frozenset([
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1773 x509.ReasonFlags.key_compromise,
1774 x509.ReasonFlags.ca_compromise,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1775 ]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1776 [x509.UniformResourceIdentifier(u"uri://thing")],
1777 ),
1778 ])
1779 cdp2 = x509.CRLDistributionPoints([
1780 x509.DistributionPoint(
1781 [x509.UniformResourceIdentifier(u"ftp://domain")],
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1782 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1783 frozenset([
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1784 x509.ReasonFlags.key_compromise,
1785 x509.ReasonFlags.ca_compromise,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1786 ]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1787 [x509.UniformResourceIdentifier(u"uri://thing")],
1788 ),
1789 ])
1790 assert cdp == cdp2
1791
1792 def test_ne(self):
1793 cdp = x509.CRLDistributionPoints([
1794 x509.DistributionPoint(
1795 [x509.UniformResourceIdentifier(u"ftp://domain")],
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1796 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1797 frozenset([
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1798 x509.ReasonFlags.key_compromise,
1799 x509.ReasonFlags.ca_compromise,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1800 ]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1801 [x509.UniformResourceIdentifier(u"uri://thing")],
1802 ),
1803 ])
1804 cdp2 = x509.CRLDistributionPoints([
1805 x509.DistributionPoint(
1806 [x509.UniformResourceIdentifier(u"ftp://domain2")],
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1807 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1808 frozenset([
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1809 x509.ReasonFlags.key_compromise,
1810 x509.ReasonFlags.ca_compromise,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1811 ]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1812 [x509.UniformResourceIdentifier(u"uri://thing")],
1813 ),
1814 ])
1815 cdp3 = x509.CRLDistributionPoints([
1816 x509.DistributionPoint(
1817 [x509.UniformResourceIdentifier(u"ftp://domain")],
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1818 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1819 frozenset([x509.ReasonFlags.key_compromise]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1820 [x509.UniformResourceIdentifier(u"uri://thing")],
1821 ),
1822 ])
1823 cdp4 = x509.CRLDistributionPoints([
1824 x509.DistributionPoint(
1825 [x509.UniformResourceIdentifier(u"ftp://domain")],
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1826 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1827 frozenset([
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1828 x509.ReasonFlags.key_compromise,
1829 x509.ReasonFlags.ca_compromise,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1830 ]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1831 [x509.UniformResourceIdentifier(u"uri://thing2")],
1832 ),
1833 ])
1834 assert cdp != cdp2
1835 assert cdp != cdp3
1836 assert cdp != cdp4
1837 assert cdp != object()