Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cryptography / 22e69b58a95d69cc0001d16f888411cf52db96e1 / . / tests / test_x509.py
blob: fb7f17d454ff9974aa99e2d6e4a71b3b1cbc6a83 [file] [log] [blame]
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]1# This file is dual licensed under the terms of the Apache License, Version
2# 2.0, and the BSD License. See the LICENSE file in the root of this repository
3# for complete details.
4
5from __future__ import absolute_import, division, print_function
6
Paul Kehrer0307c372014-11-27 09:49:31 -1000[diff] [blame]7import binascii
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]8import datetime
9import os
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]10
11import pytest
12
Ian Cordascoa908d692015-06-16 21:35:24 -0500[diff] [blame]13import six
14
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]15from cryptography import x509
Paul Kehrer8802a5b2015-02-13 12:06:57 -0600[diff] [blame]16from cryptography.exceptions import UnsupportedAlgorithm
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]17from cryptography.hazmat.backends.interfaces import (
18 DSABackend, EllipticCurveBackend, RSABackend, X509Backend
19)
Andre Caron476c5df2015-05-18 10:23:28 -0400[diff] [blame]20from cryptography.hazmat.primitives import hashes, serialization
Alex Gaynor32c57df2015-02-23 21:51:27 -0800[diff] [blame]21from cryptography.hazmat.primitives.asymmetric import dsa, ec, rsa
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]22
Ian Cordasco8ed8edc2015-06-22 20:11:17 -0500[diff] [blame]23from .hazmat.primitives.fixtures_dsa import DSA_KEY_2048
Ian Cordasco41f51ce2015-06-17 11:49:11 -0500[diff] [blame]24from .hazmat.primitives.fixtures_rsa import RSA_KEY_2048
Ian Cordasco4d46eb72015-06-17 12:08:27 -0500[diff] [blame]25from .hazmat.primitives.test_ec import _skip_curve_unsupported
Paul Kehrera9d78c12014-11-26 10:59:03 -1000[diff] [blame]26from .utils import load_vectors_from_file
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]27
28
Paul Kehrer41120322014-12-02 18:31:14 -1000[diff] [blame]29def _load_cert(filename, loader, backend):
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]30 cert = load_vectors_from_file(
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]31 filename=filename,
32 loader=lambda pemfile: loader(pemfile.read(), backend),
33 mode="rb"
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]34 )
35 return cert
36
37
38@pytest.mark.requires_backend_interface(interface=RSABackend)
39@pytest.mark.requires_backend_interface(interface=X509Backend)
Paul Kehrere76cd272014-12-14 19:00:51 -0600[diff] [blame]40class TestRSACertificate(object):
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]41 def test_load_pem_cert(self, backend):
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]42 cert = _load_cert(
43 os.path.join("x509", "custom", "post2000utctime.pem"),
Paul Kehrer41120322014-12-02 18:31:14 -1000[diff] [blame]44 x509.load_pem_x509_certificate,
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]45 backend
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]46 )
Paul Kehrere76cd272014-12-14 19:00:51 -0600[diff] [blame]47 assert isinstance(cert, x509.Certificate)
48 assert cert.serial == 11559813051657483483
49 fingerprint = binascii.hexlify(cert.fingerprint(hashes.SHA1()))
50 assert fingerprint == b"2b619ed04bfc9c3b08eb677d272192286a0947a8"
Paul Kehrer8802a5b2015-02-13 12:06:57 -0600[diff] [blame]51 assert isinstance(cert.signature_hash_algorithm, hashes.SHA1)
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]52
53 def test_load_der_cert(self, backend):
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]54 cert = _load_cert(
55 os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"),
Paul Kehrer41120322014-12-02 18:31:14 -1000[diff] [blame]56 x509.load_der_x509_certificate,
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]57 backend
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]58 )
Paul Kehrere76cd272014-12-14 19:00:51 -0600[diff] [blame]59 assert isinstance(cert, x509.Certificate)
60 assert cert.serial == 2
61 fingerprint = binascii.hexlify(cert.fingerprint(hashes.SHA1()))
62 assert fingerprint == b"6f49779533d565e8b7c1062503eab41492c38e4d"
Paul Kehrer8802a5b2015-02-13 12:06:57 -0600[diff] [blame]63 assert isinstance(cert.signature_hash_algorithm, hashes.SHA256)
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]64
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]65 def test_issuer(self, backend):
66 cert = _load_cert(
67 os.path.join(
68 "x509", "PKITS_data", "certs",
69 "Validpre2000UTCnotBeforeDateTest3EE.crt"
70 ),
71 x509.load_der_x509_certificate,
72 backend
73 )
74 issuer = cert.issuer
75 assert isinstance(issuer, x509.Name)
Paul Kehrer8b21a4a2015-02-14 07:56:36 -0600[diff] [blame]76 assert list(issuer) == [
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]77 x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]78 x509.NameAttribute(
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]79 x509.OID_ORGANIZATION_NAME, u'Test Certificates 2011'
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]80 ),
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]81 x509.NameAttribute(x509.OID_COMMON_NAME, u'Good CA')
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]82 ]
Paul Kehrere901d642015-02-11 18:50:58 -0600[diff] [blame]83 assert issuer.get_attributes_for_oid(x509.OID_COMMON_NAME) == [
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]84 x509.NameAttribute(x509.OID_COMMON_NAME, u'Good CA')
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]85 ]
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]86
87 def test_all_issuer_name_types(self, backend):
88 cert = _load_cert(
89 os.path.join(
90 "x509", "custom",
91 "all_supported_names.pem"
92 ),
93 x509.load_pem_x509_certificate,
94 backend
95 )
96 issuer = cert.issuer
97
98 assert isinstance(issuer, x509.Name)
Paul Kehrer8b21a4a2015-02-14 07:56:36 -0600[diff] [blame]99 assert list(issuer) == [
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]100 x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
101 x509.NameAttribute(x509.OID_COUNTRY_NAME, u'CA'),
102 x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Texas'),
103 x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Illinois'),
104 x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Chicago'),
105 x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Austin'),
106 x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'Zero, LLC'),
107 x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'One, LLC'),
108 x509.NameAttribute(x509.OID_COMMON_NAME, u'common name 0'),
109 x509.NameAttribute(x509.OID_COMMON_NAME, u'common name 1'),
110 x509.NameAttribute(x509.OID_ORGANIZATIONAL_UNIT_NAME, u'OU 0'),
111 x509.NameAttribute(x509.OID_ORGANIZATIONAL_UNIT_NAME, u'OU 1'),
112 x509.NameAttribute(x509.OID_DN_QUALIFIER, u'dnQualifier0'),
113 x509.NameAttribute(x509.OID_DN_QUALIFIER, u'dnQualifier1'),
114 x509.NameAttribute(x509.OID_SERIAL_NUMBER, u'123'),
115 x509.NameAttribute(x509.OID_SERIAL_NUMBER, u'456'),
116 x509.NameAttribute(x509.OID_TITLE, u'Title 0'),
117 x509.NameAttribute(x509.OID_TITLE, u'Title 1'),
118 x509.NameAttribute(x509.OID_SURNAME, u'Surname 0'),
119 x509.NameAttribute(x509.OID_SURNAME, u'Surname 1'),
120 x509.NameAttribute(x509.OID_GIVEN_NAME, u'Given Name 0'),
121 x509.NameAttribute(x509.OID_GIVEN_NAME, u'Given Name 1'),
122 x509.NameAttribute(x509.OID_PSEUDONYM, u'Incognito 0'),
123 x509.NameAttribute(x509.OID_PSEUDONYM, u'Incognito 1'),
124 x509.NameAttribute(x509.OID_GENERATION_QUALIFIER, u'Last Gen'),
125 x509.NameAttribute(x509.OID_GENERATION_QUALIFIER, u'Next Gen'),
126 x509.NameAttribute(x509.OID_DOMAIN_COMPONENT, u'dc0'),
127 x509.NameAttribute(x509.OID_DOMAIN_COMPONENT, u'dc1'),
128 x509.NameAttribute(x509.OID_EMAIL_ADDRESS, u'test0@test.local'),
129 x509.NameAttribute(x509.OID_EMAIL_ADDRESS, u'test1@test.local'),
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]130 ]
131
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]132 def test_subject(self, backend):
133 cert = _load_cert(
134 os.path.join(
135 "x509", "PKITS_data", "certs",
136 "Validpre2000UTCnotBeforeDateTest3EE.crt"
137 ),
138 x509.load_der_x509_certificate,
139 backend
140 )
141 subject = cert.subject
142 assert isinstance(subject, x509.Name)
Paul Kehrer8b21a4a2015-02-14 07:56:36 -0600[diff] [blame]143 assert list(subject) == [
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]144 x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]145 x509.NameAttribute(
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]146 x509.OID_ORGANIZATION_NAME, u'Test Certificates 2011'
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]147 ),
148 x509.NameAttribute(
149 x509.OID_COMMON_NAME,
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]150 u'Valid pre2000 UTC notBefore Date EE Certificate Test3'
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]151 )
152 ]
Paul Kehrere901d642015-02-11 18:50:58 -0600[diff] [blame]153 assert subject.get_attributes_for_oid(x509.OID_COMMON_NAME) == [
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]154 x509.NameAttribute(
155 x509.OID_COMMON_NAME,
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]156 u'Valid pre2000 UTC notBefore Date EE Certificate Test3'
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]157 )
158 ]
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]159
160 def test_unicode_name(self, backend):
161 cert = _load_cert(
162 os.path.join(
163 "x509", "custom",
164 "utf8_common_name.pem"
165 ),
166 x509.load_pem_x509_certificate,
167 backend
168 )
Paul Kehrere901d642015-02-11 18:50:58 -0600[diff] [blame]169 assert cert.subject.get_attributes_for_oid(x509.OID_COMMON_NAME) == [
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]170 x509.NameAttribute(
171 x509.OID_COMMON_NAME,
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]172 u'We heart UTF8!\u2122'
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]173 )
174 ]
Paul Kehrere901d642015-02-11 18:50:58 -0600[diff] [blame]175 assert cert.issuer.get_attributes_for_oid(x509.OID_COMMON_NAME) == [
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]176 x509.NameAttribute(
177 x509.OID_COMMON_NAME,
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]178 u'We heart UTF8!\u2122'
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]179 )
180 ]
181
182 def test_all_subject_name_types(self, backend):
183 cert = _load_cert(
184 os.path.join(
185 "x509", "custom",
186 "all_supported_names.pem"
187 ),
188 x509.load_pem_x509_certificate,
189 backend
190 )
191 subject = cert.subject
192 assert isinstance(subject, x509.Name)
Paul Kehrer8b21a4a2015-02-14 07:56:36 -0600[diff] [blame]193 assert list(subject) == [
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]194 x509.NameAttribute(x509.OID_COUNTRY_NAME, u'AU'),
195 x509.NameAttribute(x509.OID_COUNTRY_NAME, u'DE'),
196 x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'California'),
197 x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'New York'),
198 x509.NameAttribute(x509.OID_LOCALITY_NAME, u'San Francisco'),
199 x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Ithaca'),
200 x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'Org Zero, LLC'),
201 x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'Org One, LLC'),
202 x509.NameAttribute(x509.OID_COMMON_NAME, u'CN 0'),
203 x509.NameAttribute(x509.OID_COMMON_NAME, u'CN 1'),
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]204 x509.NameAttribute(
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]205 x509.OID_ORGANIZATIONAL_UNIT_NAME, u'Engineering 0'
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]206 ),
207 x509.NameAttribute(
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]208 x509.OID_ORGANIZATIONAL_UNIT_NAME, u'Engineering 1'
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]209 ),
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]210 x509.NameAttribute(x509.OID_DN_QUALIFIER, u'qualified0'),
211 x509.NameAttribute(x509.OID_DN_QUALIFIER, u'qualified1'),
212 x509.NameAttribute(x509.OID_SERIAL_NUMBER, u'789'),
213 x509.NameAttribute(x509.OID_SERIAL_NUMBER, u'012'),
214 x509.NameAttribute(x509.OID_TITLE, u'Title IX'),
215 x509.NameAttribute(x509.OID_TITLE, u'Title X'),
216 x509.NameAttribute(x509.OID_SURNAME, u'Last 0'),
217 x509.NameAttribute(x509.OID_SURNAME, u'Last 1'),
218 x509.NameAttribute(x509.OID_GIVEN_NAME, u'First 0'),
219 x509.NameAttribute(x509.OID_GIVEN_NAME, u'First 1'),
220 x509.NameAttribute(x509.OID_PSEUDONYM, u'Guy Incognito 0'),
221 x509.NameAttribute(x509.OID_PSEUDONYM, u'Guy Incognito 1'),
222 x509.NameAttribute(x509.OID_GENERATION_QUALIFIER, u'32X'),
223 x509.NameAttribute(x509.OID_GENERATION_QUALIFIER, u'Dreamcast'),
224 x509.NameAttribute(x509.OID_DOMAIN_COMPONENT, u'dc2'),
225 x509.NameAttribute(x509.OID_DOMAIN_COMPONENT, u'dc3'),
226 x509.NameAttribute(x509.OID_EMAIL_ADDRESS, u'test2@test.local'),
227 x509.NameAttribute(x509.OID_EMAIL_ADDRESS, u'test3@test.local'),
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]228 ]
229
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]230 def test_load_good_ca_cert(self, backend):
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]231 cert = _load_cert(
232 os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"),
Paul Kehrer41120322014-12-02 18:31:14 -1000[diff] [blame]233 x509.load_der_x509_certificate,
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]234 backend
235 )
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]236
Paul Kehrerd9fc7252014-12-11 12:25:00 -0600[diff] [blame]237 assert cert.not_valid_before == datetime.datetime(2010, 1, 1, 8, 30)
238 assert cert.not_valid_after == datetime.datetime(2030, 12, 31, 8, 30)
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]239 assert cert.serial == 2
240 public_key = cert.public_key()
Alex Gaynor32c57df2015-02-23 21:51:27 -0800[diff] [blame]241 assert isinstance(public_key, rsa.RSAPublicKey)
Paul Kehrere76cd272014-12-14 19:00:51 -0600[diff] [blame]242 assert cert.version is x509.Version.v3
Paul Kehrer0307c372014-11-27 09:49:31 -1000[diff] [blame]243 fingerprint = binascii.hexlify(cert.fingerprint(hashes.SHA1()))
Paul Kehrer4e1db792014-11-27 10:50:55 -1000[diff] [blame]244 assert fingerprint == b"6f49779533d565e8b7c1062503eab41492c38e4d"
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]245
Paul Kehrer1eb5b862014-11-26 11:44:03 -1000[diff] [blame]246 def test_utc_pre_2000_not_before_cert(self, backend):
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]247 cert = _load_cert(
248 os.path.join(
249 "x509", "PKITS_data", "certs",
250 "Validpre2000UTCnotBeforeDateTest3EE.crt"
251 ),
Paul Kehrer41120322014-12-02 18:31:14 -1000[diff] [blame]252 x509.load_der_x509_certificate,
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]253 backend
254 )
255
Paul Kehrerd9fc7252014-12-11 12:25:00 -0600[diff] [blame]256 assert cert.not_valid_before == datetime.datetime(1950, 1, 1, 12, 1)
Paul Kehrer1eb5b862014-11-26 11:44:03 -1000[diff] [blame]257
258 def test_pre_2000_utc_not_after_cert(self, backend):
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]259 cert = _load_cert(
260 os.path.join(
261 "x509", "PKITS_data", "certs",
262 "Invalidpre2000UTCEEnotAfterDateTest7EE.crt"
263 ),
Paul Kehrer41120322014-12-02 18:31:14 -1000[diff] [blame]264 x509.load_der_x509_certificate,
Paul Kehrer1eb5b862014-11-26 11:44:03 -1000[diff] [blame]265 backend
266 )
267
Paul Kehrerd9fc7252014-12-11 12:25:00 -0600[diff] [blame]268 assert cert.not_valid_after == datetime.datetime(1999, 1, 1, 12, 1)
Paul Kehrer1eb5b862014-11-26 11:44:03 -1000[diff] [blame]269
270 def test_post_2000_utc_cert(self, backend):
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]271 cert = _load_cert(
Paul Kehrer1eb5b862014-11-26 11:44:03 -1000[diff] [blame]272 os.path.join("x509", "custom", "post2000utctime.pem"),
Paul Kehrer41120322014-12-02 18:31:14 -1000[diff] [blame]273 x509.load_pem_x509_certificate,
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]274 backend
Paul Kehrer1eb5b862014-11-26 11:44:03 -1000[diff] [blame]275 )
Paul Kehrerd9fc7252014-12-11 12:25:00 -0600[diff] [blame]276 assert cert.not_valid_before == datetime.datetime(
277 2014, 11, 26, 21, 41, 20
278 )
279 assert cert.not_valid_after == datetime.datetime(
280 2014, 12, 26, 21, 41, 20
281 )
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]282
283 def test_generalized_time_not_before_cert(self, backend):
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]284 cert = _load_cert(
285 os.path.join(
286 "x509", "PKITS_data", "certs",
287 "ValidGeneralizedTimenotBeforeDateTest4EE.crt"
288 ),
Paul Kehrer41120322014-12-02 18:31:14 -1000[diff] [blame]289 x509.load_der_x509_certificate,
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]290 backend
291 )
Paul Kehrerd9fc7252014-12-11 12:25:00 -0600[diff] [blame]292 assert cert.not_valid_before == datetime.datetime(2002, 1, 1, 12, 1)
293 assert cert.not_valid_after == datetime.datetime(2030, 12, 31, 8, 30)
Paul Kehrere76cd272014-12-14 19:00:51 -0600[diff] [blame]294 assert cert.version is x509.Version.v3
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]295
296 def test_generalized_time_not_after_cert(self, backend):
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]297 cert = _load_cert(
298 os.path.join(
299 "x509", "PKITS_data", "certs",
300 "ValidGeneralizedTimenotAfterDateTest8EE.crt"
301 ),
Paul Kehrer41120322014-12-02 18:31:14 -1000[diff] [blame]302 x509.load_der_x509_certificate,
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]303 backend
304 )
Paul Kehrerd9fc7252014-12-11 12:25:00 -0600[diff] [blame]305 assert cert.not_valid_before == datetime.datetime(2010, 1, 1, 8, 30)
306 assert cert.not_valid_after == datetime.datetime(2050, 1, 1, 12, 1)
Paul Kehrere76cd272014-12-14 19:00:51 -0600[diff] [blame]307 assert cert.version is x509.Version.v3
Paul Kehrera9d78c12014-11-26 10:59:03 -1000[diff] [blame]308
309 def test_invalid_version_cert(self, backend):
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]310 cert = _load_cert(
Paul Kehrera9d78c12014-11-26 10:59:03 -1000[diff] [blame]311 os.path.join("x509", "custom", "invalid_version.pem"),
Paul Kehrer41120322014-12-02 18:31:14 -1000[diff] [blame]312 x509.load_pem_x509_certificate,
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]313 backend
Paul Kehrera9d78c12014-11-26 10:59:03 -1000[diff] [blame]314 )
Paul Kehrerd5cccf72014-12-15 17:20:33 -0600[diff] [blame]315 with pytest.raises(x509.InvalidVersion) as exc:
Paul Kehrera9d78c12014-11-26 10:59:03 -1000[diff] [blame]316 cert.version
Paul Kehrer30c5ccd2014-11-26 11:10:28 -1000[diff] [blame]317
Paul Kehrerd5cccf72014-12-15 17:20:33 -0600[diff] [blame]318 assert exc.value.parsed_version == 7
319
Paul Kehrer8bbdc6f2015-04-30 16:47:16 -0500[diff] [blame]320 def test_eq(self, backend):
321 cert = _load_cert(
322 os.path.join("x509", "custom", "post2000utctime.pem"),
323 x509.load_pem_x509_certificate,
324 backend
325 )
326 cert2 = _load_cert(
327 os.path.join("x509", "custom", "post2000utctime.pem"),
328 x509.load_pem_x509_certificate,
329 backend
330 )
331 assert cert == cert2
332
333 def test_ne(self, backend):
334 cert = _load_cert(
335 os.path.join("x509", "custom", "post2000utctime.pem"),
336 x509.load_pem_x509_certificate,
337 backend
338 )
339 cert2 = _load_cert(
340 os.path.join(
341 "x509", "PKITS_data", "certs",
342 "ValidGeneralizedTimenotAfterDateTest8EE.crt"
343 ),
344 x509.load_der_x509_certificate,
345 backend
346 )
347 assert cert != cert2
348 assert cert != object()
349
Paul Kehrer30c5ccd2014-11-26 11:10:28 -1000[diff] [blame]350 def test_version_1_cert(self, backend):
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]351 cert = _load_cert(
Paul Kehrer30c5ccd2014-11-26 11:10:28 -1000[diff] [blame]352 os.path.join("x509", "v1_cert.pem"),
Paul Kehrer41120322014-12-02 18:31:14 -1000[diff] [blame]353 x509.load_pem_x509_certificate,
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]354 backend
Paul Kehrer30c5ccd2014-11-26 11:10:28 -1000[diff] [blame]355 )
Paul Kehrere76cd272014-12-14 19:00:51 -0600[diff] [blame]356 assert cert.version is x509.Version.v1
Paul Kehrer7638c312014-11-26 11:13:31 -1000[diff] [blame]357
358 def test_invalid_pem(self, backend):
359 with pytest.raises(ValueError):
360 x509.load_pem_x509_certificate(b"notacert", backend)
361
362 def test_invalid_der(self, backend):
363 with pytest.raises(ValueError):
364 x509.load_der_x509_certificate(b"notacert", backend)
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]365
Paul Kehrer8802a5b2015-02-13 12:06:57 -0600[diff] [blame]366 def test_unsupported_signature_hash_algorithm_cert(self, backend):
367 cert = _load_cert(
368 os.path.join("x509", "verisign_md2_root.pem"),
369 x509.load_pem_x509_certificate,
370 backend
371 )
372 with pytest.raises(UnsupportedAlgorithm):
373 cert.signature_hash_algorithm
374
Andre Carona8aded62015-05-19 20:11:57 -0400[diff] [blame]375 def test_public_bytes_pem(self, backend):
376 # Load an existing certificate.
377 cert = _load_cert(
378 os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"),
379 x509.load_der_x509_certificate,
380 backend
381 )
382
383 # Encode it to PEM and load it back.
384 cert = x509.load_pem_x509_certificate(cert.public_bytes(
385 encoding=serialization.Encoding.PEM,
386 ), backend)
387
388 # We should recover what we had to start with.
389 assert cert.not_valid_before == datetime.datetime(2010, 1, 1, 8, 30)
390 assert cert.not_valid_after == datetime.datetime(2030, 12, 31, 8, 30)
391 assert cert.serial == 2
392 public_key = cert.public_key()
393 assert isinstance(public_key, rsa.RSAPublicKey)
394 assert cert.version is x509.Version.v3
395 fingerprint = binascii.hexlify(cert.fingerprint(hashes.SHA1()))
396 assert fingerprint == b"6f49779533d565e8b7c1062503eab41492c38e4d"
397
398 def test_public_bytes_der(self, backend):
399 # Load an existing certificate.
400 cert = _load_cert(
401 os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"),
402 x509.load_der_x509_certificate,
403 backend
404 )
405
406 # Encode it to DER and load it back.
407 cert = x509.load_der_x509_certificate(cert.public_bytes(
408 encoding=serialization.Encoding.DER,
409 ), backend)
410
411 # We should recover what we had to start with.
412 assert cert.not_valid_before == datetime.datetime(2010, 1, 1, 8, 30)
413 assert cert.not_valid_after == datetime.datetime(2030, 12, 31, 8, 30)
414 assert cert.serial == 2
415 public_key = cert.public_key()
416 assert isinstance(public_key, rsa.RSAPublicKey)
417 assert cert.version is x509.Version.v3
418 fingerprint = binascii.hexlify(cert.fingerprint(hashes.SHA1()))
419 assert fingerprint == b"6f49779533d565e8b7c1062503eab41492c38e4d"
420
421 def test_public_bytes_invalid_encoding(self, backend):
422 cert = _load_cert(
423 os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"),
424 x509.load_der_x509_certificate,
425 backend
426 )
427
428 with pytest.raises(TypeError):
429 cert.public_bytes('NotAnEncoding')
430
431 @pytest.mark.parametrize(
432 ("cert_path", "loader_func", "encoding"),
433 [
434 (
435 os.path.join("x509", "v1_cert.pem"),
436 x509.load_pem_x509_certificate,
437 serialization.Encoding.PEM,
438 ),
439 (
440 os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"),
441 x509.load_der_x509_certificate,
442 serialization.Encoding.DER,
443 ),
444 ]
445 )
446 def test_public_bytes_match(self, cert_path, loader_func, encoding,
447 backend):
448 cert_bytes = load_vectors_from_file(
449 cert_path, lambda pemfile: pemfile.read(), mode="rb"
450 )
451 cert = loader_func(cert_bytes, backend)
452 serialized = cert.public_bytes(encoding)
453 assert serialized == cert_bytes
454
Major Haydenf315af22015-06-17 14:02:26 -0500[diff] [blame]455 def test_certificate_repr(self, backend):
456 cert = _load_cert(
457 os.path.join(
458 "x509", "cryptography.io.pem"
459 ),
460 x509.load_pem_x509_certificate,
461 backend
462 )
463 if six.PY3:
464 assert repr(cert) == (
465 "<Certificate(subject=<Name([<NameAttribute(oid=<ObjectIdentif"
466 "ier(oid=2.5.4.11, name=organizationalUnitName)>, value='GT487"
467 "42965')>, <NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.11, "
468 "name=organizationalUnitName)>, value='See www.rapidssl.com/re"
469 "sources/cps (c)14')>, <NameAttribute(oid=<ObjectIdentifier(oi"
470 "d=2.5.4.11, name=organizationalUnitName)>, value='Domain Cont"
471 "rol Validated - RapidSSL(R)')>, <NameAttribute(oid=<ObjectIde"
472 "ntifier(oid=2.5.4.3, name=commonName)>, value='www.cryptograp"
473 "hy.io')>])>, ...)>"
474 )
475 else:
476 assert repr(cert) == (
477 "<Certificate(subject=<Name([<NameAttribute(oid=<ObjectIdentif"
478 "ier(oid=2.5.4.11, name=organizationalUnitName)>, value=u'GT48"
479 "742965')>, <NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.11,"
480 " name=organizationalUnitName)>, value=u'See www.rapidssl.com/"
481 "resources/cps (c)14')>, <NameAttribute(oid=<ObjectIdentifier("
482 "oid=2.5.4.11, name=organizationalUnitName)>, value=u'Domain C"
483 "ontrol Validated - RapidSSL(R)')>, <NameAttribute(oid=<Object"
484 "Identifier(oid=2.5.4.3, name=commonName)>, value=u'www.crypto"
485 "graphy.io')>])>, ...)>"
486 )
487
Andre Carona8aded62015-05-19 20:11:57 -0400[diff] [blame]488
489@pytest.mark.requires_backend_interface(interface=RSABackend)
490@pytest.mark.requires_backend_interface(interface=X509Backend)
491class TestRSACertificateRequest(object):
Paul Kehrer1effb6e2015-03-30 15:05:59 -0500[diff] [blame]492 @pytest.mark.parametrize(
493 ("path", "loader_func"),
494 [
495 [
496 os.path.join("x509", "requests", "rsa_sha1.pem"),
497 x509.load_pem_x509_csr
498 ],
499 [
500 os.path.join("x509", "requests", "rsa_sha1.der"),
501 x509.load_der_x509_csr
502 ],
503 ]
504 )
505 def test_load_rsa_certificate_request(self, path, loader_func, backend):
506 request = _load_cert(path, loader_func, backend)
Paul Kehrerdc480ad2015-02-23 12:14:54 -0600[diff] [blame]507 assert isinstance(request.signature_hash_algorithm, hashes.SHA1)
508 public_key = request.public_key()
509 assert isinstance(public_key, rsa.RSAPublicKey)
510 subject = request.subject
511 assert isinstance(subject, x509.Name)
512 assert list(subject) == [
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]513 x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
514 x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Texas'),
515 x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Austin'),
516 x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'PyCA'),
517 x509.NameAttribute(x509.OID_COMMON_NAME, u'cryptography.io'),
Paul Kehrerdc480ad2015-02-23 12:14:54 -0600[diff] [blame]518 ]
Andre Caron6e721a92015-05-17 15:08:48 -0400[diff] [blame]519 extensions = request.extensions
520 assert isinstance(extensions, x509.Extensions)
521 assert list(extensions) == []
Paul Kehrerdc480ad2015-02-23 12:14:54 -0600[diff] [blame]522
Paul Kehrer1effb6e2015-03-30 15:05:59 -0500[diff] [blame]523 @pytest.mark.parametrize(
524 "loader_func",
525 [x509.load_pem_x509_csr, x509.load_der_x509_csr]
526 )
527 def test_invalid_certificate_request(self, loader_func, backend):
Paul Kehrerb759e292015-03-17 07:34:41 -0500[diff] [blame]528 with pytest.raises(ValueError):
Paul Kehrer1effb6e2015-03-30 15:05:59 -0500[diff] [blame]529 loader_func(b"notacsr", backend)
Paul Kehrerb759e292015-03-17 07:34:41 -0500[diff] [blame]530
Paul Kehrerdc480ad2015-02-23 12:14:54 -0600[diff] [blame]531 def test_unsupported_signature_hash_algorithm_request(self, backend):
532 request = _load_cert(
533 os.path.join("x509", "requests", "rsa_md4.pem"),
Paul Kehrer31e39882015-03-11 11:37:04 -0500[diff] [blame]534 x509.load_pem_x509_csr,
Paul Kehrerdc480ad2015-02-23 12:14:54 -0600[diff] [blame]535 backend
536 )
537 with pytest.raises(UnsupportedAlgorithm):
538 request.signature_hash_algorithm
539
Andre Caron6e721a92015-05-17 15:08:48 -0400[diff] [blame]540 def test_duplicate_extension(self, backend):
541 request = _load_cert(
542 os.path.join(
543 "x509", "requests", "two_basic_constraints.pem"
544 ),
545 x509.load_pem_x509_csr,
546 backend
547 )
548 with pytest.raises(x509.DuplicateExtension) as exc:
549 request.extensions
550
551 assert exc.value.oid == x509.OID_BASIC_CONSTRAINTS
552
553 def test_unsupported_critical_extension(self, backend):
554 request = _load_cert(
555 os.path.join(
556 "x509", "requests", "unsupported_extension_critical.pem"
557 ),
558 x509.load_pem_x509_csr,
559 backend
560 )
561 with pytest.raises(x509.UnsupportedExtension) as exc:
562 request.extensions
563
564 assert exc.value.oid == x509.ObjectIdentifier('1.2.3.4')
565
566 def test_unsupported_extension(self, backend):
567 request = _load_cert(
568 os.path.join(
569 "x509", "requests", "unsupported_extension.pem"
570 ),
571 x509.load_pem_x509_csr,
572 backend
573 )
574 extensions = request.extensions
575 assert len(extensions) == 0
576
577 def test_request_basic_constraints(self, backend):
578 request = _load_cert(
579 os.path.join(
580 "x509", "requests", "basic_constraints.pem"
581 ),
582 x509.load_pem_x509_csr,
583 backend
584 )
585 extensions = request.extensions
586 assert isinstance(extensions, x509.Extensions)
587 assert list(extensions) == [
588 x509.Extension(
589 x509.OID_BASIC_CONSTRAINTS,
590 True,
Ian Cordasco0112b022015-06-16 17:51:18 -0500[diff] [blame]591 x509.BasicConstraints(ca=True, path_length=1),
Andre Caron6e721a92015-05-17 15:08:48 -0400[diff] [blame]592 ),
593 ]
594
Andre Caronf27e4f42015-05-18 17:54:59 -0400[diff] [blame]595 def test_public_bytes_pem(self, backend):
Andre Caron476c5df2015-05-18 10:23:28 -0400[diff] [blame]596 # Load an existing CSR.
597 request = _load_cert(
598 os.path.join("x509", "requests", "rsa_sha1.pem"),
599 x509.load_pem_x509_csr,
600 backend
601 )
602
603 # Encode it to PEM and load it back.
604 request = x509.load_pem_x509_csr(request.public_bytes(
605 encoding=serialization.Encoding.PEM,
606 ), backend)
607
608 # We should recover what we had to start with.
609 assert isinstance(request.signature_hash_algorithm, hashes.SHA1)
610 public_key = request.public_key()
611 assert isinstance(public_key, rsa.RSAPublicKey)
612 subject = request.subject
613 assert isinstance(subject, x509.Name)
614 assert list(subject) == [
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]615 x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
616 x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Texas'),
617 x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Austin'),
618 x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'PyCA'),
619 x509.NameAttribute(x509.OID_COMMON_NAME, u'cryptography.io'),
Andre Caron476c5df2015-05-18 10:23:28 -0400[diff] [blame]620 ]
621
Andre Caronf27e4f42015-05-18 17:54:59 -0400[diff] [blame]622 def test_public_bytes_der(self, backend):
Andre Caron476c5df2015-05-18 10:23:28 -0400[diff] [blame]623 # Load an existing CSR.
624 request = _load_cert(
625 os.path.join("x509", "requests", "rsa_sha1.pem"),
626 x509.load_pem_x509_csr,
627 backend
628 )
629
630 # Encode it to DER and load it back.
631 request = x509.load_der_x509_csr(request.public_bytes(
632 encoding=serialization.Encoding.DER,
633 ), backend)
634
635 # We should recover what we had to start with.
636 assert isinstance(request.signature_hash_algorithm, hashes.SHA1)
637 public_key = request.public_key()
638 assert isinstance(public_key, rsa.RSAPublicKey)
639 subject = request.subject
640 assert isinstance(subject, x509.Name)
641 assert list(subject) == [
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]642 x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
643 x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Texas'),
644 x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Austin'),
645 x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'PyCA'),
646 x509.NameAttribute(x509.OID_COMMON_NAME, u'cryptography.io'),
Andre Caron476c5df2015-05-18 10:23:28 -0400[diff] [blame]647 ]
648
Andre Caronf27e4f42015-05-18 17:54:59 -0400[diff] [blame]649 def test_public_bytes_invalid_encoding(self, backend):
Andre Caron476c5df2015-05-18 10:23:28 -0400[diff] [blame]650 request = _load_cert(
651 os.path.join("x509", "requests", "rsa_sha1.pem"),
652 x509.load_pem_x509_csr,
653 backend
654 )
655
656 with pytest.raises(TypeError):
657 request.public_bytes('NotAnEncoding')
658
Andre Caronacb18972015-05-18 21:04:15 -0400[diff] [blame]659 @pytest.mark.parametrize(
660 ("request_path", "loader_func", "encoding"),
661 [
662 (
663 os.path.join("x509", "requests", "rsa_sha1.pem"),
664 x509.load_pem_x509_csr,
665 serialization.Encoding.PEM,
666 ),
667 (
668 os.path.join("x509", "requests", "rsa_sha1.der"),
669 x509.load_der_x509_csr,
670 serialization.Encoding.DER,
671 ),
672 ]
673 )
674 def test_public_bytes_match(self, request_path, loader_func, encoding,
675 backend):
676 request_bytes = load_vectors_from_file(
677 request_path, lambda pemfile: pemfile.read(), mode="rb"
678 )
679 request = loader_func(request_bytes, backend)
680 serialized = request.public_bytes(encoding)
681 assert serialized == request_bytes
682
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]683
Andre Caron0ef595f2015-05-18 13:53:43 -0400[diff] [blame]684@pytest.mark.requires_backend_interface(interface=X509Backend)
685class TestCertificateSigningRequestBuilder(object):
Ian Cordasco8ed8edc2015-06-22 20:11:17 -0500[diff] [blame]686 @pytest.mark.requires_backend_interface(interface=RSABackend)
Andre Caron0ef595f2015-05-18 13:53:43 -0400[diff] [blame]687 def test_sign_invalid_hash_algorithm(self, backend):
Ian Cordasco4d46eb72015-06-17 12:08:27 -0500[diff] [blame]688 private_key = RSA_KEY_2048.private_key(backend)
689
Andre Caron0ef595f2015-05-18 13:53:43 -0400[diff] [blame]690 builder = x509.CertificateSigningRequestBuilder()
691 with pytest.raises(TypeError):
Ian Cordasco4d46eb72015-06-17 12:08:27 -0500[diff] [blame]692 builder.sign(backend, private_key, 'NotAHash')
Andre Caron0ef595f2015-05-18 13:53:43 -0400[diff] [blame]693
Ian Cordasco8ed8edc2015-06-22 20:11:17 -0500[diff] [blame]694 @pytest.mark.requires_backend_interface(interface=RSABackend)
695 def test_build_ca_request_with_rsa(self, backend):
Ian Cordasco4d46eb72015-06-17 12:08:27 -0500[diff] [blame]696 private_key = RSA_KEY_2048.private_key(backend)
697
Andre Carona9a51172015-06-06 20:18:44 -0400[diff] [blame]698 request = x509.CertificateSigningRequestBuilder().subject_name(
Andre Caron99d0f902015-06-01 08:36:59 -0400[diff] [blame]699 x509.Name([
Ian Cordasco94b34d32015-06-17 10:55:07 -0500[diff] [blame]700 x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
701 x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Texas'),
702 x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Austin'),
703 x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'PyCA'),
704 x509.NameAttribute(x509.OID_COMMON_NAME, u'cryptography.io'),
Andre Caron99d0f902015-06-01 08:36:59 -0400[diff] [blame]705 ])
Andre Caron472fd692015-06-06 20:04:44 -0400[diff] [blame]706 ).add_extension(
Ian Cordasco41f51ce2015-06-17 11:49:11 -0500[diff] [blame]707 x509.BasicConstraints(ca=True, path_length=2), critical=True
Andre Caron472fd692015-06-06 20:04:44 -0400[diff] [blame]708 ).sign(
Ian Cordasco4d46eb72015-06-17 12:08:27 -0500[diff] [blame]709 backend, private_key, hashes.SHA1()
Andre Caronfc164c52015-05-31 17:36:18 -0400[diff] [blame]710 )
Andre Caron0ef595f2015-05-18 13:53:43 -0400[diff] [blame]711
712 assert isinstance(request.signature_hash_algorithm, hashes.SHA1)
713 public_key = request.public_key()
714 assert isinstance(public_key, rsa.RSAPublicKey)
715 subject = request.subject
716 assert isinstance(subject, x509.Name)
717 assert list(subject) == [
Ian Cordasco94b34d32015-06-17 10:55:07 -0500[diff] [blame]718 x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
719 x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Texas'),
720 x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Austin'),
721 x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'PyCA'),
722 x509.NameAttribute(x509.OID_COMMON_NAME, u'cryptography.io'),
Andre Caron0ef595f2015-05-18 13:53:43 -0400[diff] [blame]723 ]
724 basic_constraints = request.extensions.get_extension_for_oid(
725 x509.OID_BASIC_CONSTRAINTS
726 )
727 assert basic_constraints.value.ca is True
728 assert basic_constraints.value.path_length == 2
729
Ian Cordasco8ed8edc2015-06-22 20:11:17 -0500[diff] [blame]730 @pytest.mark.requires_backend_interface(interface=RSABackend)
731 def test_build_nonca_request_with_rsa(self, backend):
Ian Cordasco4d46eb72015-06-17 12:08:27 -0500[diff] [blame]732 private_key = RSA_KEY_2048.private_key(backend)
733
Andre Carona9a51172015-06-06 20:18:44 -0400[diff] [blame]734 request = x509.CertificateSigningRequestBuilder().subject_name(
Andre Caron99d0f902015-06-01 08:36:59 -0400[diff] [blame]735 x509.Name([
Ian Cordasco94b34d32015-06-17 10:55:07 -0500[diff] [blame]736 x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
737 x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Texas'),
738 x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Austin'),
739 x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'PyCA'),
740 x509.NameAttribute(x509.OID_COMMON_NAME, u'cryptography.io'),
Andre Caron99d0f902015-06-01 08:36:59 -0400[diff] [blame]741 ])
Andre Caron472fd692015-06-06 20:04:44 -0400[diff] [blame]742 ).add_extension(
Ian Cordasco0112b022015-06-16 17:51:18 -0500[diff] [blame]743 x509.BasicConstraints(ca=False, path_length=None), critical=True,
Andre Caron472fd692015-06-06 20:04:44 -0400[diff] [blame]744 ).sign(
Ian Cordasco4d46eb72015-06-17 12:08:27 -0500[diff] [blame]745 backend, private_key, hashes.SHA1()
Andre Caronfc164c52015-05-31 17:36:18 -0400[diff] [blame]746 )
Andre Caron0ef595f2015-05-18 13:53:43 -0400[diff] [blame]747
748 assert isinstance(request.signature_hash_algorithm, hashes.SHA1)
749 public_key = request.public_key()
750 assert isinstance(public_key, rsa.RSAPublicKey)
751 subject = request.subject
752 assert isinstance(subject, x509.Name)
753 assert list(subject) == [
Ian Cordasco94b34d32015-06-17 10:55:07 -0500[diff] [blame]754 x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
755 x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Texas'),
756 x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Austin'),
757 x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'PyCA'),
758 x509.NameAttribute(x509.OID_COMMON_NAME, u'cryptography.io'),
Andre Caron0ef595f2015-05-18 13:53:43 -0400[diff] [blame]759 ]
760 basic_constraints = request.extensions.get_extension_for_oid(
761 x509.OID_BASIC_CONSTRAINTS
762 )
763 assert basic_constraints.value.ca is False
764 assert basic_constraints.value.path_length is None
765
Ian Cordasco8ed8edc2015-06-22 20:11:17 -0500[diff] [blame]766 @pytest.mark.requires_backend_interface(interface=EllipticCurveBackend)
767 def test_build_ca_request_with_ec(self, backend):
768 if backend._lib.OPENSSL_VERSION_NUMBER < 0x10001000:
769 pytest.skip("Requires a newer OpenSSL. Must be >= 1.0.1")
770
Ian Cordasco22e69b52015-06-24 20:09:43 -0500[diff] [blame^]771 _skip_curve_unsupported(backend, ec.SECT283K1())
Ian Cordasco8ed8edc2015-06-22 20:11:17 -0500[diff] [blame]772 private_key = ec.generate_private_key(ec.SECT283K1(), backend)
773
774 request = x509.CertificateSigningRequestBuilder().subject_name(
775 x509.Name([
776 x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
777 x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Texas'),
778 x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Austin'),
779 x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'PyCA'),
780 x509.NameAttribute(x509.OID_COMMON_NAME, u'cryptography.io'),
781 ])
782 ).add_extension(
783 x509.BasicConstraints(ca=True, path_length=2), critical=True
784 ).sign(
785 backend, private_key, hashes.SHA1()
786 )
787
788 assert isinstance(request.signature_hash_algorithm, hashes.SHA1)
789 public_key = request.public_key()
790 assert isinstance(public_key, ec.EllipticCurvePublicKey)
791 subject = request.subject
792 assert isinstance(subject, x509.Name)
793 assert list(subject) == [
794 x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
795 x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Texas'),
796 x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Austin'),
797 x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'PyCA'),
798 x509.NameAttribute(x509.OID_COMMON_NAME, u'cryptography.io'),
799 ]
800 basic_constraints = request.extensions.get_extension_for_oid(
801 x509.OID_BASIC_CONSTRAINTS
802 )
803 assert basic_constraints.value.ca is True
804 assert basic_constraints.value.path_length == 2
805
806 @pytest.mark.requires_backend_interface(interface=DSABackend)
807 def test_build_ca_request_with_dsa(self, backend):
808 if backend._lib.OPENSSL_VERSION_NUMBER < 0x10001000:
809 pytest.skip("Requires a newer OpenSSL. Must be >= 1.0.1")
810
811 private_key = DSA_KEY_2048.private_key(backend)
812
813 request = x509.CertificateSigningRequestBuilder().subject_name(
814 x509.Name([
815 x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
816 x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Texas'),
817 x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Austin'),
818 x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'PyCA'),
819 x509.NameAttribute(x509.OID_COMMON_NAME, u'cryptography.io'),
820 ])
821 ).add_extension(
822 x509.BasicConstraints(ca=True, path_length=2), critical=True
823 ).sign(
824 backend, private_key, hashes.SHA1()
825 )
826
827 assert isinstance(request.signature_hash_algorithm, hashes.SHA1)
828 public_key = request.public_key()
829 assert isinstance(public_key, dsa.DSAPublicKey)
830 subject = request.subject
831 assert isinstance(subject, x509.Name)
832 assert list(subject) == [
833 x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
834 x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Texas'),
835 x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Austin'),
836 x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'PyCA'),
837 x509.NameAttribute(x509.OID_COMMON_NAME, u'cryptography.io'),
838 ]
839 basic_constraints = request.extensions.get_extension_for_oid(
840 x509.OID_BASIC_CONSTRAINTS
841 )
842 assert basic_constraints.value.ca is True
843 assert basic_constraints.value.path_length == 2
844
Andre Caron0ef595f2015-05-18 13:53:43 -0400[diff] [blame]845 def test_add_duplicate_extension(self, backend):
Andre Caronfc164c52015-05-31 17:36:18 -0400[diff] [blame]846 builder = x509.CertificateSigningRequestBuilder().add_extension(
Andre Caron472fd692015-06-06 20:04:44 -0400[diff] [blame]847 x509.BasicConstraints(True, 2), critical=True,
Andre Caronfc164c52015-05-31 17:36:18 -0400[diff] [blame]848 )
Andre Caron0ef595f2015-05-18 13:53:43 -0400[diff] [blame]849 with pytest.raises(ValueError):
Andre Caron472fd692015-06-06 20:04:44 -0400[diff] [blame]850 builder.add_extension(
851 x509.BasicConstraints(True, 2), critical=True,
852 )
Andre Caron0ef595f2015-05-18 13:53:43 -0400[diff] [blame]853
854 def test_set_invalid_subject(self, backend):
855 builder = x509.CertificateSigningRequestBuilder()
856 with pytest.raises(TypeError):
Andre Carona9a51172015-06-06 20:18:44 -0400[diff] [blame]857 builder.subject_name('NotAName')
Andre Caron0ef595f2015-05-18 13:53:43 -0400[diff] [blame]858
Andre Caron0ef595f2015-05-18 13:53:43 -0400[diff] [blame]859 def test_add_unsupported_extension(self, backend):
Ian Cordasco34853f32015-06-21 10:50:53 -0500[diff] [blame]860 builder = x509.CertificateSigningRequestBuilder()
Ian Cordascof06b6be2015-06-21 10:09:18 -0500[diff] [blame]861 with pytest.raises(NotImplementedError):
Andre Caron472fd692015-06-06 20:04:44 -0400[diff] [blame]862 builder.add_extension(
Ian Cordascof06b6be2015-06-21 10:09:18 -0500[diff] [blame]863 x509.AuthorityKeyIdentifier('keyid', None, None),
864 critical=False,
Andre Caron472fd692015-06-06 20:04:44 -0400[diff] [blame]865 )
Andre Caron0ef595f2015-05-18 13:53:43 -0400[diff] [blame]866
867
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]868@pytest.mark.requires_backend_interface(interface=DSABackend)
869@pytest.mark.requires_backend_interface(interface=X509Backend)
Paul Kehrere76cd272014-12-14 19:00:51 -0600[diff] [blame]870class TestDSACertificate(object):
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]871 def test_load_dsa_cert(self, backend):
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]872 cert = _load_cert(
Paul Kehrer4903adc2014-12-13 16:57:50 -0600[diff] [blame]873 os.path.join("x509", "custom", "dsa_selfsigned_ca.pem"),
Paul Kehrer41120322014-12-02 18:31:14 -1000[diff] [blame]874 x509.load_pem_x509_certificate,
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]875 backend
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]876 )
Paul Kehrer8802a5b2015-02-13 12:06:57 -0600[diff] [blame]877 assert isinstance(cert.signature_hash_algorithm, hashes.SHA1)
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]878 public_key = cert.public_key()
Alex Gaynor32c57df2015-02-23 21:51:27 -0800[diff] [blame]879 assert isinstance(public_key, dsa.DSAPublicKey)
Alex Gaynorfcadda62015-03-10 10:01:18 -0400[diff] [blame]880 if isinstance(public_key, dsa.DSAPublicKeyWithSerialization):
Paul Kehrere76cd272014-12-14 19:00:51 -0600[diff] [blame]881 num = public_key.public_numbers()
882 assert num.y == int(
883 "4c08bfe5f2d76649c80acf7d431f6ae2124b217abc8c9f6aca776ddfa94"
884 "53b6656f13e543684cd5f6431a314377d2abfa068b7080cb8ddc065afc2"
885 "dea559f0b584c97a2b235b9b69b46bc6de1aed422a6f341832618bcaae2"
886 "198aba388099dafb05ff0b5efecb3b0ae169a62e1c72022af50ae68af3b"
887 "033c18e6eec1f7df4692c456ccafb79cc7e08da0a5786e9816ceda651d6"
888 "1b4bb7b81c2783da97cea62df67af5e85991fdc13aff10fc60e06586386"
889 "b96bb78d65750f542f86951e05a6d81baadbcd35a2e5cad4119923ae6a2"
890 "002091a3d17017f93c52970113cdc119970b9074ca506eac91c3dd37632"
891 "5df4af6b3911ef267d26623a5a1c5df4a6d13f1c", 16
892 )
893 assert num.parameter_numbers.g == int(
894 "4b7ced71dc353965ecc10d441a9a06fc24943a32d66429dd5ef44d43e67"
895 "d789d99770aec32c0415dc92970880872da45fef8dd1e115a3e4801387b"
896 "a6d755861f062fd3b6e9ea8e2641152339b828315b1528ee6c7b79458d2"
897 "1f3db973f6fc303f9397174c2799dd2351282aa2d8842c357a73495bbaa"
898 "c4932786414c55e60d73169f5761036fba29e9eebfb049f8a3b1b7cee6f"
899 "3fbfa136205f130bee2cf5b9c38dc1095d4006f2e73335c07352c64130a"
900 "1ab2b89f13b48f628d3cc3868beece9bb7beade9f830eacc6fa241425c0"
901 "b3fcc0df416a0c89f7bf35668d765ec95cdcfbe9caff49cfc156c668c76"
902 "fa6247676a6d3ac945844a083509c6a1b436baca", 16
903 )
904 assert num.parameter_numbers.p == int(
905 "bfade6048e373cd4e48b677e878c8e5b08c02102ae04eb2cb5c46a523a3"
906 "af1c73d16b24f34a4964781ae7e50500e21777754a670bd19a7420d6330"
907 "84e5556e33ca2c0e7d547ea5f46a07a01bf8669ae3bdec042d9b2ae5e6e"
908 "cf49f00ba9dac99ab6eff140d2cedf722ee62c2f9736857971444c25d0a"
909 "33d2017dc36d682a1054fe2a9428dda355a851ce6e6d61e03e419fd4ca4"
910 "e703313743d86caa885930f62ed5bf342d8165627681e9cc3244ba72aa2"
911 "2148400a6bbe80154e855d042c9dc2a3405f1e517be9dea50562f56da93"
912 "f6085f844a7e705c1f043e65751c583b80d29103e590ccb26efdaa0893d"
913 "833e36468f3907cfca788a3cb790f0341c8a31bf", 16
914 )
915 assert num.parameter_numbers.q == int(
916 "822ff5d234e073b901cf5941f58e1f538e71d40d", 16
917 )
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]918
Paul Kehrer1effb6e2015-03-30 15:05:59 -0500[diff] [blame]919 @pytest.mark.parametrize(
920 ("path", "loader_func"),
921 [
922 [
923 os.path.join("x509", "requests", "dsa_sha1.pem"),
924 x509.load_pem_x509_csr
925 ],
926 [
927 os.path.join("x509", "requests", "dsa_sha1.der"),
928 x509.load_der_x509_csr
929 ],
930 ]
931 )
932 def test_load_dsa_request(self, path, loader_func, backend):
933 request = _load_cert(path, loader_func, backend)
Paul Kehrerdc480ad2015-02-23 12:14:54 -0600[diff] [blame]934 assert isinstance(request.signature_hash_algorithm, hashes.SHA1)
935 public_key = request.public_key()
936 assert isinstance(public_key, dsa.DSAPublicKey)
937 subject = request.subject
938 assert isinstance(subject, x509.Name)
939 assert list(subject) == [
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]940 x509.NameAttribute(x509.OID_COMMON_NAME, u'cryptography.io'),
941 x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'PyCA'),
942 x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
943 x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Texas'),
944 x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Austin'),
Paul Kehrerdc480ad2015-02-23 12:14:54 -0600[diff] [blame]945 ]
946
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]947
948@pytest.mark.requires_backend_interface(interface=EllipticCurveBackend)
949@pytest.mark.requires_backend_interface(interface=X509Backend)
Paul Kehrere76cd272014-12-14 19:00:51 -0600[diff] [blame]950class TestECDSACertificate(object):
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]951 def test_load_ecdsa_cert(self, backend):
952 _skip_curve_unsupported(backend, ec.SECP384R1())
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]953 cert = _load_cert(
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]954 os.path.join("x509", "ecdsa_root.pem"),
Paul Kehrer41120322014-12-02 18:31:14 -1000[diff] [blame]955 x509.load_pem_x509_certificate,
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]956 backend
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]957 )
Paul Kehrer8802a5b2015-02-13 12:06:57 -0600[diff] [blame]958 assert isinstance(cert.signature_hash_algorithm, hashes.SHA384)
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]959 public_key = cert.public_key()
Alex Gaynor32c57df2015-02-23 21:51:27 -0800[diff] [blame]960 assert isinstance(public_key, ec.EllipticCurvePublicKey)
Alex Gaynorfcadda62015-03-10 10:01:18 -0400[diff] [blame]961 if isinstance(public_key, ec.EllipticCurvePublicKeyWithSerialization):
Paul Kehrere76cd272014-12-14 19:00:51 -0600[diff] [blame]962 num = public_key.public_numbers()
963 assert num.x == int(
964 "dda7d9bb8ab80bfb0b7f21d2f0bebe73f3335d1abc34eadec69bbcd095f"
965 "6f0ccd00bba615b51467e9e2d9fee8e630c17", 16
966 )
967 assert num.y == int(
968 "ec0770f5cf842e40839ce83f416d3badd3a4145936789d0343ee10136c7"
969 "2deae88a7a16bb543ce67dc23ff031ca3e23e", 16
970 )
971 assert isinstance(num.curve, ec.SECP384R1)
Paul Kehrer6c660a82014-12-12 11:50:44 -0600[diff] [blame]972
973 def test_load_ecdsa_no_named_curve(self, backend):
974 _skip_curve_unsupported(backend, ec.SECP256R1())
975 cert = _load_cert(
976 os.path.join("x509", "custom", "ec_no_named_curve.pem"),
977 x509.load_pem_x509_certificate,
978 backend
979 )
980 with pytest.raises(NotImplementedError):
981 cert.public_key()
Paul Kehrer912d3fb2015-01-29 11:19:22 -0600[diff] [blame]982
Paul Kehrer1effb6e2015-03-30 15:05:59 -0500[diff] [blame]983 @pytest.mark.parametrize(
984 ("path", "loader_func"),
985 [
986 [
987 os.path.join("x509", "requests", "ec_sha256.pem"),
988 x509.load_pem_x509_csr
989 ],
990 [
991 os.path.join("x509", "requests", "ec_sha256.der"),
992 x509.load_der_x509_csr
993 ],
994 ]
995 )
996 def test_load_ecdsa_certificate_request(self, path, loader_func, backend):
Paul Kehrerdc480ad2015-02-23 12:14:54 -0600[diff] [blame]997 _skip_curve_unsupported(backend, ec.SECP384R1())
Paul Kehrer1effb6e2015-03-30 15:05:59 -0500[diff] [blame]998 request = _load_cert(path, loader_func, backend)
Paul Kehrerdc480ad2015-02-23 12:14:54 -0600[diff] [blame]999 assert isinstance(request.signature_hash_algorithm, hashes.SHA256)
1000 public_key = request.public_key()
1001 assert isinstance(public_key, ec.EllipticCurvePublicKey)
1002 subject = request.subject
1003 assert isinstance(subject, x509.Name)
1004 assert list(subject) == [
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]1005 x509.NameAttribute(x509.OID_COMMON_NAME, u'cryptography.io'),
1006 x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'PyCA'),
1007 x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
1008 x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Texas'),
1009 x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Austin'),
Paul Kehrerdc480ad2015-02-23 12:14:54 -0600[diff] [blame]1010 ]
1011
Paul Kehrer912d3fb2015-01-29 11:19:22 -0600[diff] [blame]1012
Paul Kehrer806bfb22015-02-02 17:05:24 -0600[diff] [blame]1013class TestNameAttribute(object):
Alex Gaynora56ff412015-02-10 17:26:32 -0500[diff] [blame]1014 def test_init_bad_oid(self):
1015 with pytest.raises(TypeError):
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]1016 x509.NameAttribute(None, u'value')
Alex Gaynora56ff412015-02-10 17:26:32 -0500[diff] [blame]1017
Ian Cordasco7618fbe2015-06-16 19:12:17 -0500[diff] [blame]1018 def test_init_bad_value(self):
1019 with pytest.raises(TypeError):
1020 x509.NameAttribute(
1021 x509.ObjectIdentifier('oid'),
1022 b'bytes'
1023 )
1024
Paul Kehrer912d3fb2015-01-29 11:19:22 -0600[diff] [blame]1025 def test_eq(self):
Paul Kehrer806bfb22015-02-02 17:05:24 -0600[diff] [blame]1026 assert x509.NameAttribute(
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]1027 x509.ObjectIdentifier('oid'), u'value'
Paul Kehrer806bfb22015-02-02 17:05:24 -0600[diff] [blame]1028 ) == x509.NameAttribute(
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]1029 x509.ObjectIdentifier('oid'), u'value'
Paul Kehrer912d3fb2015-01-29 11:19:22 -0600[diff] [blame]1030 )
1031
1032 def test_ne(self):
Paul Kehrer806bfb22015-02-02 17:05:24 -0600[diff] [blame]1033 assert x509.NameAttribute(
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]1034 x509.ObjectIdentifier('2.5.4.3'), u'value'
Paul Kehrer806bfb22015-02-02 17:05:24 -0600[diff] [blame]1035 ) != x509.NameAttribute(
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]1036 x509.ObjectIdentifier('2.5.4.5'), u'value'
Paul Kehrer912d3fb2015-01-29 11:19:22 -0600[diff] [blame]1037 )
Paul Kehrer806bfb22015-02-02 17:05:24 -0600[diff] [blame]1038 assert x509.NameAttribute(
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]1039 x509.ObjectIdentifier('oid'), u'value'
Paul Kehrer806bfb22015-02-02 17:05:24 -0600[diff] [blame]1040 ) != x509.NameAttribute(
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]1041 x509.ObjectIdentifier('oid'), u'value2'
Paul Kehrer912d3fb2015-01-29 11:19:22 -0600[diff] [blame]1042 )
Paul Kehrer806bfb22015-02-02 17:05:24 -0600[diff] [blame]1043 assert x509.NameAttribute(
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]1044 x509.ObjectIdentifier('oid'), u'value'
Paul Kehrer912d3fb2015-01-29 11:19:22 -0600[diff] [blame]1045 ) != object()
1046
Paul Kehrera498be82015-02-12 15:00:56 -0600[diff] [blame]1047 def test_repr(self):
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]1048 na = x509.NameAttribute(x509.ObjectIdentifier('2.5.4.3'), u'value')
Ian Cordascoa908d692015-06-16 21:35:24 -0500[diff] [blame]1049 if six.PY3:
1050 assert repr(na) == (
1051 "<NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.3, name=commo"
1052 "nName)>, value='value')>"
1053 )
1054 else:
1055 assert repr(na) == (
1056 "<NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.3, name=commo"
1057 "nName)>, value=u'value')>"
1058 )
Paul Kehrera498be82015-02-12 15:00:56 -0600[diff] [blame]1059
Paul Kehrer912d3fb2015-01-29 11:19:22 -0600[diff] [blame]1060
1061class TestObjectIdentifier(object):
1062 def test_eq(self):
Paul Kehrer806bfb22015-02-02 17:05:24 -0600[diff] [blame]1063 oid1 = x509.ObjectIdentifier('oid')
1064 oid2 = x509.ObjectIdentifier('oid')
Paul Kehrer912d3fb2015-01-29 11:19:22 -0600[diff] [blame]1065 assert oid1 == oid2
1066
1067 def test_ne(self):
Paul Kehrer806bfb22015-02-02 17:05:24 -0600[diff] [blame]1068 oid1 = x509.ObjectIdentifier('oid')
1069 assert oid1 != x509.ObjectIdentifier('oid1')
Paul Kehrer912d3fb2015-01-29 11:19:22 -0600[diff] [blame]1070 assert oid1 != object()
1071
1072 def test_repr(self):
Paul Kehrer806bfb22015-02-02 17:05:24 -0600[diff] [blame]1073 oid = x509.ObjectIdentifier("2.5.4.3")
1074 assert repr(oid) == "<ObjectIdentifier(oid=2.5.4.3, name=commonName)>"
1075 oid = x509.ObjectIdentifier("oid1")
1076 assert repr(oid) == "<ObjectIdentifier(oid=oid1, name=Unknown OID)>"
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]1077
1078
1079class TestName(object):
1080 def test_eq(self):
1081 name1 = x509.Name([
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]1082 x509.NameAttribute(x509.ObjectIdentifier('oid'), u'value1'),
1083 x509.NameAttribute(x509.ObjectIdentifier('oid2'), u'value2'),
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]1084 ])
1085 name2 = x509.Name([
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]1086 x509.NameAttribute(x509.ObjectIdentifier('oid'), u'value1'),
1087 x509.NameAttribute(x509.ObjectIdentifier('oid2'), u'value2'),
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]1088 ])
1089 assert name1 == name2
1090
1091 def test_ne(self):
1092 name1 = x509.Name([
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]1093 x509.NameAttribute(x509.ObjectIdentifier('oid'), u'value1'),
1094 x509.NameAttribute(x509.ObjectIdentifier('oid2'), u'value2'),
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]1095 ])
1096 name2 = x509.Name([
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]1097 x509.NameAttribute(x509.ObjectIdentifier('oid2'), u'value2'),
1098 x509.NameAttribute(x509.ObjectIdentifier('oid'), u'value1'),
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]1099 ])
1100 assert name1 != name2
1101 assert name1 != object()
Paul Kehrer1fb35c92015-04-11 15:42:54 -0400[diff] [blame]1102
1103 def test_repr(self):
1104 name = x509.Name([
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]1105 x509.NameAttribute(x509.OID_COMMON_NAME, u'cryptography.io'),
1106 x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'PyCA'),
Paul Kehrer1fb35c92015-04-11 15:42:54 -0400[diff] [blame]1107 ])
1108
Ian Cordascoa908d692015-06-16 21:35:24 -0500[diff] [blame]1109 if six.PY3:
1110 assert repr(name) == (
1111 "<Name([<NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.3, name"
1112 "=commonName)>, value='cryptography.io')>, <NameAttribute(oid="
1113 "<ObjectIdentifier(oid=2.5.4.10, name=organizationName)>, valu"
1114 "e='PyCA')>])>"
1115 )
1116 else:
1117 assert repr(name) == (
1118 "<Name([<NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.3, name"
1119 "=commonName)>, value=u'cryptography.io')>, <NameAttribute(oid"
1120 "=<ObjectIdentifier(oid=2.5.4.10, name=organizationName)>, val"
1121 "ue=u'PyCA')>])>"
1122 )