Blame - tests/test_x509_ext.py - platform/external/python/cryptography

blob: a366265c1065d442399e9927dcebd81c4eb8ec7b [file] [log] [blame]

Paul Kehrer	8cf2642	2015-03-21 09:50:24 -0500	[diff] [blame]	1	# This file is dual licensed under the terms of the Apache License, Version
				2	# 2.0, and the BSD License. See the LICENSE file in the root of this repository
				3	# for complete details.
				4
				5	from __future__ import absolute_import, division, print_function
				6
Paul Kehrer	1eb82a6	2015-03-31 20:00:33 -0500	[diff] [blame]	7	import binascii
Paul Kehrer	31bdf79	2015-03-25 14:11:00 -0500	[diff] [blame]	8	import ipaddress
Paul Kehrer	fbb7ac8	2015-03-16 19:26:29 -0500	[diff] [blame]	9	import os
				10
Paul Kehrer	8cf2642	2015-03-21 09:50:24 -0500	[diff] [blame]	11	import pytest
				12
Paul Kehrer	cbfb101	2015-04-10 20:57:20 -0400	[diff] [blame]	13	import six
				14
Paul Kehrer	8cf2642	2015-03-21 09:50:24 -0500	[diff] [blame]	15	from cryptography import x509
Paul Kehrer	fbb7ac8	2015-03-16 19:26:29 -0500	[diff] [blame]	16	from cryptography.hazmat.backends.interfaces import RSABackend, X509Backend
				17
				18	from .test_x509 import _load_cert
Paul Kehrer	8cf2642	2015-03-21 09:50:24 -0500	[diff] [blame]	19
				20
Paul Kehrer	8589466	2015-03-22 13:19:31 -0500	[diff] [blame]	21	class TestExtension(object):
				22	def test_not_an_oid(self):
Paul Kehrer	a5c6e9a	2015-03-23 19:23:43 -0500	[diff] [blame]	23	bc = x509.BasicConstraints(ca=False, path_length=None)
Paul Kehrer	8589466	2015-03-22 13:19:31 -0500	[diff] [blame]	24	with pytest.raises(TypeError):
				25	x509.Extension("notanoid", True, bc)
				26
				27	def test_critical_not_a_bool(self):
Paul Kehrer	a5c6e9a	2015-03-23 19:23:43 -0500	[diff] [blame]	28	bc = x509.BasicConstraints(ca=False, path_length=None)
Paul Kehrer	8589466	2015-03-22 13:19:31 -0500	[diff] [blame]	29	with pytest.raises(TypeError):
				30	x509.Extension(x509.OID_BASIC_CONSTRAINTS, "notabool", bc)
				31
				32	def test_repr(self):
Paul Kehrer	a5c6e9a	2015-03-23 19:23:43 -0500	[diff] [blame]	33	bc = x509.BasicConstraints(ca=False, path_length=None)
Paul Kehrer	8589466	2015-03-22 13:19:31 -0500	[diff] [blame]	34	ext = x509.Extension(x509.OID_BASIC_CONSTRAINTS, True, bc)
				35	assert repr(ext) == (
				36	"<Extension(oid=<ObjectIdentifier(oid=2.5.29.19, name=basicConst"
				37	"raints)>, critical=True, value=<BasicConstraints(ca=False, path"
				38	"_length=None)>)>"
				39	)
				40
				41
Paul Kehrer	2b62258	2015-04-15 11:04:29 -0400	[diff] [blame]	42	class TestNoticeReference(object):
				43	def test_notice_numbers_not_all_int(self):
				44	with pytest.raises(TypeError):
				45	x509.NoticeReference("org", [1, 2, "three"])
				46
				47	def test_notice_numbers_none(self):
				48	nr = x509.NoticeReference("org", None)
				49	assert nr.organization == "org"
				50	assert nr.notice_numbers is None
				51
				52	def test_repr(self):
Paul Kehrer	73be2ca	2015-05-11 21:22:38 -0500	[diff] [blame]	53	nr = x509.NoticeReference(u"org", [1, 3, 4])
Paul Kehrer	2b62258	2015-04-15 11:04:29 -0400	[diff] [blame]	54
Paul Kehrer	73be2ca	2015-05-11 21:22:38 -0500	[diff] [blame]	55	if six.PY3:
				56	assert repr(nr) == (
				57	"<NoticeReference(organization='org', notice_numbers=[1, 3, 4"
				58	"])>"
				59	)
				60	else:
				61	assert repr(nr) == (
				62	"<NoticeReference(organization=u'org', notice_numbers=[1, 3, "
				63	"4])>"
				64	)
Paul Kehrer	2b62258	2015-04-15 11:04:29 -0400	[diff] [blame]	65
Paul Kehrer	c56ab62	2015-05-03 09:56:31 -0500	[diff] [blame]	66	def test_eq(self):
				67	nr = x509.NoticeReference("org", [1, 2])
				68	nr2 = x509.NoticeReference("org", [1, 2])
				69	assert nr == nr2
				70
				71	def test_ne(self):
				72	nr = x509.NoticeReference("org", [1, 2])
				73	nr2 = x509.NoticeReference("org", [1])
				74	nr3 = x509.NoticeReference(None, [1, 2])
				75	assert nr != nr2
				76	assert nr != nr3
				77	assert nr != object()
				78
Paul Kehrer	2b62258	2015-04-15 11:04:29 -0400	[diff] [blame]	79
				80	class TestUserNotice(object):
				81	def test_notice_reference_invalid(self):
				82	with pytest.raises(TypeError):
				83	x509.UserNotice("invalid", None)
				84
				85	def test_notice_reference_none(self):
				86	un = x509.UserNotice(None, "text")
				87	assert un.notice_reference is None
				88	assert un.explicit_text == "text"
				89
				90	def test_repr(self):
Paul Kehrer	73be2ca	2015-05-11 21:22:38 -0500	[diff] [blame]	91	un = x509.UserNotice(x509.NoticeReference(u"org", None), u"text")
				92	if six.PY3:
				93	assert repr(un) == (
				94	"<UserNotice(notice_reference=<NoticeReference(organization='"
				95	"org', notice_numbers=None)>, explicit_text='text')>"
				96	)
				97	else:
				98	assert repr(un) == (
				99	"<UserNotice(notice_reference=<NoticeReference(organization=u"
				100	"'org', notice_numbers=None)>, explicit_text=u'text')>"
				101	)
Paul Kehrer	2b62258	2015-04-15 11:04:29 -0400	[diff] [blame]	102
Paul Kehrer	c56ab62	2015-05-03 09:56:31 -0500	[diff] [blame]	103	def test_eq(self):
				104	nr = x509.NoticeReference("org", [1, 2])
				105	nr2 = x509.NoticeReference("org", [1, 2])
				106	un = x509.UserNotice(nr, "text")
				107	un2 = x509.UserNotice(nr2, "text")
				108	assert un == un2
				109
				110	def test_ne(self):
				111	nr = x509.NoticeReference("org", [1, 2])
				112	nr2 = x509.NoticeReference("org", [1])
				113	un = x509.UserNotice(nr, "text")
				114	un2 = x509.UserNotice(nr2, "text")
				115	un3 = x509.UserNotice(nr, "text3")
				116	assert un != un2
				117	assert un != un3
				118	assert un != object()
				119
Paul Kehrer	2b62258	2015-04-15 11:04:29 -0400	[diff] [blame]	120
Paul Kehrer	2b62258	2015-04-15 11:04:29 -0400	[diff] [blame]	121	class TestPolicyInformation(object):
				122	def test_invalid_policy_identifier(self):
				123	with pytest.raises(TypeError):
				124	x509.PolicyInformation("notanoid", None)
				125
				126	def test_none_policy_qualifiers(self):
				127	pi = x509.PolicyInformation(x509.ObjectIdentifier("1.2.3"), None)
				128	assert pi.policy_identifier == x509.ObjectIdentifier("1.2.3")
				129	assert pi.policy_qualifiers is None
				130
				131	def test_policy_qualifiers(self):
Paul Kehrer	ba35b3b	2015-05-10 13:07:59 -0500	[diff] [blame]	132	pq = [u"string"]
Paul Kehrer	2b62258	2015-04-15 11:04:29 -0400	[diff] [blame]	133	pi = x509.PolicyInformation(x509.ObjectIdentifier("1.2.3"), pq)
				134	assert pi.policy_identifier == x509.ObjectIdentifier("1.2.3")
				135	assert pi.policy_qualifiers == pq
				136
				137	def test_invalid_policy_identifiers(self):
				138	with pytest.raises(TypeError):
				139	x509.PolicyInformation(x509.ObjectIdentifier("1.2.3"), [1, 2])
				140
				141	def test_repr(self):
Paul Kehrer	73be2ca	2015-05-11 21:22:38 -0500	[diff] [blame]	142	pq = [u"string", x509.UserNotice(None, u"hi")]
Paul Kehrer	2b62258	2015-04-15 11:04:29 -0400	[diff] [blame]	143	pi = x509.PolicyInformation(x509.ObjectIdentifier("1.2.3"), pq)
Paul Kehrer	ba35b3b	2015-05-10 13:07:59 -0500	[diff] [blame]	144	if six.PY3:
				145	assert repr(pi) == (
				146	"<PolicyInformation(policy_identifier=<ObjectIdentifier(oid=1."
				147	"2.3, name=Unknown OID)>, policy_qualifiers=['string', <UserNo"
Paul Kehrer	9aaef9e	2015-05-11 10:49:20 -0500	[diff] [blame]	148	"tice(notice_reference=None, explicit_text='hi')>])>"
Paul Kehrer	ba35b3b	2015-05-10 13:07:59 -0500	[diff] [blame]	149	)
				150	else:
				151	assert repr(pi) == (
				152	"<PolicyInformation(policy_identifier=<ObjectIdentifier(oid=1."
				153	"2.3, name=Unknown OID)>, policy_qualifiers=[u'string', <UserN"
Paul Kehrer	73be2ca	2015-05-11 21:22:38 -0500	[diff] [blame]	154	"otice(notice_reference=None, explicit_text=u'hi')>])>"
Paul Kehrer	ba35b3b	2015-05-10 13:07:59 -0500	[diff] [blame]	155	)
Paul Kehrer	2b62258	2015-04-15 11:04:29 -0400	[diff] [blame]	156
Paul Kehrer	c56ab62	2015-05-03 09:56:31 -0500	[diff] [blame]	157	def test_eq(self):
				158	pi = x509.PolicyInformation(
				159	x509.ObjectIdentifier("1.2.3"),
				160	[u"string", x509.UserNotice(None, u"hi")]
				161	)
				162	pi2 = x509.PolicyInformation(
				163	x509.ObjectIdentifier("1.2.3"),
				164	[u"string", x509.UserNotice(None, u"hi")]
				165	)
				166	assert pi == pi2
				167
				168	def test_ne(self):
				169	pi = x509.PolicyInformation(
				170	x509.ObjectIdentifier("1.2.3"), [u"string"]
				171	)
				172	pi2 = x509.PolicyInformation(
				173	x509.ObjectIdentifier("1.2.3"), [u"string2"]
				174	)
				175	pi3 = x509.PolicyInformation(
				176	x509.ObjectIdentifier("1.2.3.4"), [u"string"]
				177	)
				178	assert pi != pi2
				179	assert pi != pi3
				180	assert pi != object()
				181
Paul Kehrer	2b62258	2015-04-15 11:04:29 -0400	[diff] [blame]	182
				183	class TestCertificatePolicies(object):
				184	def test_invalid_policies(self):
Paul Kehrer	ba35b3b	2015-05-10 13:07:59 -0500	[diff] [blame]	185	pq = [u"string"]
Paul Kehrer	2b62258	2015-04-15 11:04:29 -0400	[diff] [blame]	186	pi = x509.PolicyInformation(x509.ObjectIdentifier("1.2.3"), pq)
				187	with pytest.raises(TypeError):
				188	x509.CertificatePolicies([1, pi])
				189
				190	def test_iter_len(self):
Paul Kehrer	ba35b3b	2015-05-10 13:07:59 -0500	[diff] [blame]	191	pq = [u"string"]
Paul Kehrer	2b62258	2015-04-15 11:04:29 -0400	[diff] [blame]	192	pi = x509.PolicyInformation(x509.ObjectIdentifier("1.2.3"), pq)
				193	cp = x509.CertificatePolicies([pi])
				194	assert len(cp) == 1
				195	for policyinfo in cp:
				196	assert policyinfo == pi
				197
				198	def test_repr(self):
Paul Kehrer	ba35b3b	2015-05-10 13:07:59 -0500	[diff] [blame]	199	pq = [u"string"]
Paul Kehrer	2b62258	2015-04-15 11:04:29 -0400	[diff] [blame]	200	pi = x509.PolicyInformation(x509.ObjectIdentifier("1.2.3"), pq)
				201	cp = x509.CertificatePolicies([pi])
Paul Kehrer	ba35b3b	2015-05-10 13:07:59 -0500	[diff] [blame]	202	if six.PY3:
				203	assert repr(cp) == (
				204	"<CertificatePolicies([<PolicyInformation(policy_identifier=<O"
				205	"bjectIdentifier(oid=1.2.3, name=Unknown OID)>, policy_qualifi"
				206	"ers=['string'])>])>"
				207	)
				208	else:
				209	assert repr(cp) == (
				210	"<CertificatePolicies([<PolicyInformation(policy_identifier=<O"
				211	"bjectIdentifier(oid=1.2.3, name=Unknown OID)>, policy_qualifi"
				212	"ers=[u'string'])>])>"
				213	)
Paul Kehrer	2b62258	2015-04-15 11:04:29 -0400	[diff] [blame]	214
Paul Kehrer	c56ab62	2015-05-03 09:56:31 -0500	[diff] [blame]	215	def test_eq(self):
				216	pi = x509.PolicyInformation(
				217	x509.ObjectIdentifier("1.2.3"), [u"string"]
				218	)
				219	cp = x509.CertificatePolicies([pi])
				220	pi2 = x509.PolicyInformation(
				221	x509.ObjectIdentifier("1.2.3"), [u"string"]
				222	)
				223	cp2 = x509.CertificatePolicies([pi2])
				224	assert cp == cp2
				225
				226	def test_ne(self):
				227	pi = x509.PolicyInformation(
				228	x509.ObjectIdentifier("1.2.3"), [u"string"]
				229	)
				230	cp = x509.CertificatePolicies([pi])
				231	pi2 = x509.PolicyInformation(
				232	x509.ObjectIdentifier("1.2.3"), [u"string2"]
				233	)
				234	cp2 = x509.CertificatePolicies([pi2])
				235	assert cp != cp2
				236	assert cp != object()
				237
Paul Kehrer	2b62258	2015-04-15 11:04:29 -0400	[diff] [blame]	238
Paul Kehrer	cecbbba	2015-03-30 14:58:38 -0500	[diff] [blame]	239	class TestKeyUsage(object):
				240	def test_key_agreement_false_encipher_decipher_true(self):
				241	with pytest.raises(ValueError):
				242	x509.KeyUsage(
				243	digital_signature=False,
				244	content_commitment=False,
				245	key_encipherment=False,
				246	data_encipherment=False,
				247	key_agreement=False,
				248	key_cert_sign=False,
				249	crl_sign=False,
				250	encipher_only=True,
				251	decipher_only=False
				252	)
				253
				254	with pytest.raises(ValueError):
				255	x509.KeyUsage(
				256	digital_signature=False,
				257	content_commitment=False,
				258	key_encipherment=False,
				259	data_encipherment=False,
				260	key_agreement=False,
				261	key_cert_sign=False,
				262	crl_sign=False,
				263	encipher_only=True,
				264	decipher_only=True
				265	)
				266
				267	with pytest.raises(ValueError):
				268	x509.KeyUsage(
				269	digital_signature=False,
				270	content_commitment=False,
				271	key_encipherment=False,
				272	data_encipherment=False,
				273	key_agreement=False,
				274	key_cert_sign=False,
				275	crl_sign=False,
				276	encipher_only=False,
				277	decipher_only=True
				278	)
				279
				280	def test_properties_key_agreement_true(self):
				281	ku = x509.KeyUsage(
				282	digital_signature=True,
				283	content_commitment=True,
				284	key_encipherment=False,
				285	data_encipherment=False,
				286	key_agreement=False,
				287	key_cert_sign=True,
				288	crl_sign=False,
				289	encipher_only=False,
				290	decipher_only=False
				291	)
				292	assert ku.digital_signature is True
				293	assert ku.content_commitment is True
				294	assert ku.key_encipherment is False
				295	assert ku.data_encipherment is False
				296	assert ku.key_agreement is False
				297	assert ku.key_cert_sign is True
				298	assert ku.crl_sign is False
				299
				300	def test_key_agreement_true_properties(self):
				301	ku = x509.KeyUsage(
				302	digital_signature=False,
				303	content_commitment=False,
				304	key_encipherment=False,
				305	data_encipherment=False,
				306	key_agreement=True,
				307	key_cert_sign=False,
				308	crl_sign=False,
				309	encipher_only=False,
				310	decipher_only=True
				311	)
				312	assert ku.key_agreement is True
				313	assert ku.encipher_only is False
				314	assert ku.decipher_only is True
				315
				316	def test_key_agreement_false_properties(self):
				317	ku = x509.KeyUsage(
				318	digital_signature=False,
				319	content_commitment=False,
				320	key_encipherment=False,
				321	data_encipherment=False,
				322	key_agreement=False,
				323	key_cert_sign=False,
				324	crl_sign=False,
				325	encipher_only=False,
				326	decipher_only=False
				327	)
				328	assert ku.key_agreement is False
				329	with pytest.raises(ValueError):
				330	ku.encipher_only
				331
				332	with pytest.raises(ValueError):
				333	ku.decipher_only
				334
Paul Kehrer	ac3e5bb	2015-04-02 23:07:10 -0500	[diff] [blame]	335	def test_repr_key_agreement_false(self):
				336	ku = x509.KeyUsage(
				337	digital_signature=True,
				338	content_commitment=True,
				339	key_encipherment=False,
				340	data_encipherment=False,
				341	key_agreement=False,
				342	key_cert_sign=True,
				343	crl_sign=False,
				344	encipher_only=False,
				345	decipher_only=False
				346	)
				347	assert repr(ku) == (
				348	"<KeyUsage(digital_signature=True, content_commitment=True, key_en"
				349	"cipherment=False, data_encipherment=False, key_agreement=False, k"
Paul Kehrer	b372e67	2015-04-15 11:05:24 -0400	[diff] [blame]	350	"ey_cert_sign=True, crl_sign=False, encipher_only=None, decipher_o"
				351	"nly=None)>"
Paul Kehrer	ac3e5bb	2015-04-02 23:07:10 -0500	[diff] [blame]	352	)
				353
				354	def test_repr_key_agreement_true(self):
				355	ku = x509.KeyUsage(
				356	digital_signature=True,
				357	content_commitment=True,
				358	key_encipherment=False,
				359	data_encipherment=False,
				360	key_agreement=True,
				361	key_cert_sign=True,
				362	crl_sign=False,
				363	encipher_only=False,
				364	decipher_only=False
				365	)
				366	assert repr(ku) == (
				367	"<KeyUsage(digital_signature=True, content_commitment=True, key_en"
				368	"cipherment=False, data_encipherment=False, key_agreement=True, k"
				369	"ey_cert_sign=True, crl_sign=False, encipher_only=False, decipher_"
				370	"only=False)>"
				371	)
				372
Paul Kehrer	cecbbba	2015-03-30 14:58:38 -0500	[diff] [blame]	373
Paul Kehrer	1eb82a6	2015-03-31 20:00:33 -0500	[diff] [blame]	374	class TestSubjectKeyIdentifier(object):
				375	def test_properties(self):
Paul Kehrer	cbfb101	2015-04-10 20:57:20 -0400	[diff] [blame]	376	value = binascii.unhexlify(b"092384932230498bc980aa8098456f6ff7ff3ac9")
Paul Kehrer	1eb82a6	2015-03-31 20:00:33 -0500	[diff] [blame]	377	ski = x509.SubjectKeyIdentifier(value)
				378	assert ski.digest == value
Paul Kehrer	1eb82a6	2015-03-31 20:00:33 -0500	[diff] [blame]	379
				380	def test_repr(self):
				381	ski = x509.SubjectKeyIdentifier(
Paul Kehrer	ee99726	2015-04-04 12:20:28 -0500	[diff] [blame]	382	binascii.unhexlify(b"092384932230498bc980aa8098456f6ff7ff3ac9")
Paul Kehrer	1eb82a6	2015-03-31 20:00:33 -0500	[diff] [blame]	383	)
				384	ext = x509.Extension(x509.OID_SUBJECT_KEY_IDENTIFIER, False, ski)
Paul Kehrer	cbfb101	2015-04-10 20:57:20 -0400	[diff] [blame]	385	if six.PY3:
				386	assert repr(ext) == (
				387	"<Extension(oid=<ObjectIdentifier(oid=2.5.29.14, name=subjectK"
				388	"eyIdentifier)>, critical=False, value=<SubjectKeyIdentifier(d"
				389	"igest=b\'\\t#\\x84\\x93\"0I\\x8b\\xc9\\x80\\xaa\\x80\\x98Eoo"
				390	"\\xf7\\xff:\\xc9\')>)>"
				391	)
				392	else:
				393	assert repr(ext) == (
				394	"<Extension(oid=<ObjectIdentifier(oid=2.5.29.14, name=subjectK"
				395	"eyIdentifier)>, critical=False, value=<SubjectKeyIdentifier(d"
				396	"igest=\'\\t#\\x84\\x93\"0I\\x8b\\xc9\\x80\\xaa\\x80\\x98Eoo"
				397	"\\xf7\\xff:\\xc9\')>)>"
				398	)
Paul Kehrer	1eb82a6	2015-03-31 20:00:33 -0500	[diff] [blame]	399
				400	def test_eq(self):
				401	ski = x509.SubjectKeyIdentifier(
Paul Kehrer	ee99726	2015-04-04 12:20:28 -0500	[diff] [blame]	402	binascii.unhexlify(b"092384932230498bc980aa8098456f6ff7ff3ac9")
Paul Kehrer	1eb82a6	2015-03-31 20:00:33 -0500	[diff] [blame]	403	)
				404	ski2 = x509.SubjectKeyIdentifier(
Paul Kehrer	ee99726	2015-04-04 12:20:28 -0500	[diff] [blame]	405	binascii.unhexlify(b"092384932230498bc980aa8098456f6ff7ff3ac9")
Paul Kehrer	1eb82a6	2015-03-31 20:00:33 -0500	[diff] [blame]	406	)
				407	assert ski == ski2
				408
				409	def test_ne(self):
				410	ski = x509.SubjectKeyIdentifier(
Paul Kehrer	ee99726	2015-04-04 12:20:28 -0500	[diff] [blame]	411	binascii.unhexlify(b"092384932230498bc980aa8098456f6ff7ff3ac9")
Paul Kehrer	1eb82a6	2015-03-31 20:00:33 -0500	[diff] [blame]	412	)
				413	ski2 = x509.SubjectKeyIdentifier(
Paul Kehrer	ee99726	2015-04-04 12:20:28 -0500	[diff] [blame]	414	binascii.unhexlify(b"aa8098456f6ff7ff3ac9092384932230498bc980")
Paul Kehrer	1eb82a6	2015-03-31 20:00:33 -0500	[diff] [blame]	415	)
				416	assert ski != ski2
				417	assert ski != object()
				418
				419
Paul Kehrer	2eb4ed9	2015-04-11 15:33:45 -0400	[diff] [blame]	420	class TestAuthorityKeyIdentifier(object):
Paul Kehrer	c6e0f06	2015-05-03 11:04:34 -0500	[diff] [blame]	421	def test_authority_cert_issuer_not_generalname(self):
Paul Kehrer	2eb4ed9	2015-04-11 15:33:45 -0400	[diff] [blame]	422	with pytest.raises(TypeError):
Paul Kehrer	c6e0f06	2015-05-03 11:04:34 -0500	[diff] [blame]	423	x509.AuthorityKeyIdentifier(b"identifier", ["notname"], 3)
Paul Kehrer	2eb4ed9	2015-04-11 15:33:45 -0400	[diff] [blame]	424
				425	def test_authority_cert_serial_number_not_integer(self):
Paul Kehrer	c6e0f06	2015-05-03 11:04:34 -0500	[diff] [blame]	426	dirname = x509.DirectoryName(
				427	x509.Name([
				428	x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value1'),
				429	x509.NameAttribute(x509.ObjectIdentifier('oid2'), 'value2'),
				430	])
				431	)
Paul Kehrer	2eb4ed9	2015-04-11 15:33:45 -0400	[diff] [blame]	432	with pytest.raises(TypeError):
Paul Kehrer	c6e0f06	2015-05-03 11:04:34 -0500	[diff] [blame]	433	x509.AuthorityKeyIdentifier(b"identifier", [dirname], "notanint")
Paul Kehrer	2eb4ed9	2015-04-11 15:33:45 -0400	[diff] [blame]	434
				435	def test_authority_issuer_none_serial_not_none(self):
				436	with pytest.raises(ValueError):
				437	x509.AuthorityKeyIdentifier(b"identifier", None, 3)
				438
				439	def test_authority_issuer_not_none_serial_none(self):
Paul Kehrer	c6e0f06	2015-05-03 11:04:34 -0500	[diff] [blame]	440	dirname = x509.DirectoryName(
				441	x509.Name([
				442	x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value1'),
				443	x509.NameAttribute(x509.ObjectIdentifier('oid2'), 'value2'),
				444	])
				445	)
Paul Kehrer	2eb4ed9	2015-04-11 15:33:45 -0400	[diff] [blame]	446	with pytest.raises(ValueError):
Paul Kehrer	c6e0f06	2015-05-03 11:04:34 -0500	[diff] [blame]	447	x509.AuthorityKeyIdentifier(b"identifier", [dirname], None)
Paul Kehrer	2eb4ed9	2015-04-11 15:33:45 -0400	[diff] [blame]	448
				449	def test_authority_cert_serial_and_issuer_none(self):
				450	aki = x509.AuthorityKeyIdentifier(b"id", None, None)
				451	assert aki.key_identifier == b"id"
				452	assert aki.authority_cert_issuer is None
				453	assert aki.authority_cert_serial_number is None
				454
				455	def test_repr(self):
Paul Kehrer	c6e0f06	2015-05-03 11:04:34 -0500	[diff] [blame]	456	dirname = x509.DirectoryName(
				457	x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, 'myCN')])
				458	)
				459	aki = x509.AuthorityKeyIdentifier(b"digest", [dirname], 1234)
Paul Kehrer	2eb4ed9	2015-04-11 15:33:45 -0400	[diff] [blame]	460
				461	if six.PY3:
				462	assert repr(aki) == (
				463	"<AuthorityKeyIdentifier(key_identifier=b'digest', authority_"
Paul Kehrer	c6e0f06	2015-05-03 11:04:34 -0500	[diff] [blame]	464	"cert_issuer=[<DirectoryName(value=<Name([<NameAttribute(oid="
				465	"<ObjectIdentifier(oid=2.5.4.3, name=commonName)>, value='myC"
				466	"N')>])>)>], authority_cert_serial_number=1234)>"
Paul Kehrer	2eb4ed9	2015-04-11 15:33:45 -0400	[diff] [blame]	467	)
				468	else:
				469	assert repr(aki) == (
				470	"<AuthorityKeyIdentifier(key_identifier='digest', authority_ce"
Paul Kehrer	c6e0f06	2015-05-03 11:04:34 -0500	[diff] [blame]	471	"rt_issuer=[<DirectoryName(value=<Name([<NameAttribute(oid=<Ob"
				472	"jectIdentifier(oid=2.5.4.3, name=commonName)>, value='myCN')>"
				473	"])>)>], authority_cert_serial_number=1234)>"
Paul Kehrer	2eb4ed9	2015-04-11 15:33:45 -0400	[diff] [blame]	474	)
				475
Paul Kehrer	2ca2eb3	2015-05-03 10:04:57 -0500	[diff] [blame^]	476	def test_eq(self):
				477	dirname = x509.DirectoryName(
				478	x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, 'myCN')])
				479	)
				480	aki = x509.AuthorityKeyIdentifier(b"digest", [dirname], 1234)
				481	dirname2 = x509.DirectoryName(
				482	x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, 'myCN')])
				483	)
				484	aki2 = x509.AuthorityKeyIdentifier(b"digest", [dirname2], 1234)
				485	assert aki == aki2
				486
				487	def test_ne(self):
				488	dirname = x509.DirectoryName(
				489	x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, 'myCN')])
				490	)
				491	dirname5 = x509.DirectoryName(
				492	x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, 'aCN')])
				493	)
				494	aki = x509.AuthorityKeyIdentifier(b"digest", [dirname], 1234)
				495	aki2 = x509.AuthorityKeyIdentifier(b"diges", [dirname], 1234)
				496	aki3 = x509.AuthorityKeyIdentifier(b"digest", None, None)
				497	aki4 = x509.AuthorityKeyIdentifier(b"digest", [dirname], 12345)
				498	aki5 = x509.AuthorityKeyIdentifier(b"digest", [dirname5], 12345)
				499	assert aki != aki2
				500	assert aki != aki3
				501	assert aki != aki4
				502	assert aki != aki5
				503	assert aki != object()
				504
Paul Kehrer	2eb4ed9	2015-04-11 15:33:45 -0400	[diff] [blame]	505
Paul Kehrer	8cf2642	2015-03-21 09:50:24 -0500	[diff] [blame]	506	class TestBasicConstraints(object):
				507	def test_ca_not_boolean(self):
				508	with pytest.raises(TypeError):
Paul Kehrer	a5c6e9a	2015-03-23 19:23:43 -0500	[diff] [blame]	509	x509.BasicConstraints(ca="notbool", path_length=None)
Paul Kehrer	8cf2642	2015-03-21 09:50:24 -0500	[diff] [blame]	510
				511	def test_path_length_not_ca(self):
				512	with pytest.raises(ValueError):
Paul Kehrer	a5c6e9a	2015-03-23 19:23:43 -0500	[diff] [blame]	513	x509.BasicConstraints(ca=False, path_length=0)
Paul Kehrer	8cf2642	2015-03-21 09:50:24 -0500	[diff] [blame]	514
				515	def test_path_length_not_int(self):
				516	with pytest.raises(TypeError):
Paul Kehrer	a5c6e9a	2015-03-23 19:23:43 -0500	[diff] [blame]	517	x509.BasicConstraints(ca=True, path_length=1.1)
Paul Kehrer	8cf2642	2015-03-21 09:50:24 -0500	[diff] [blame]	518
				519	with pytest.raises(TypeError):
Paul Kehrer	a5c6e9a	2015-03-23 19:23:43 -0500	[diff] [blame]	520	x509.BasicConstraints(ca=True, path_length="notint")
Paul Kehrer	8cf2642	2015-03-21 09:50:24 -0500	[diff] [blame]	521
				522	def test_path_length_negative(self):
				523	with pytest.raises(TypeError):
Paul Kehrer	a5c6e9a	2015-03-23 19:23:43 -0500	[diff] [blame]	524	x509.BasicConstraints(ca=True, path_length=-1)
Paul Kehrer	8cf2642	2015-03-21 09:50:24 -0500	[diff] [blame]	525
				526	def test_repr(self):
Paul Kehrer	a5c6e9a	2015-03-23 19:23:43 -0500	[diff] [blame]	527	na = x509.BasicConstraints(ca=True, path_length=None)
Paul Kehrer	8cf2642	2015-03-21 09:50:24 -0500	[diff] [blame]	528	assert repr(na) == (
Paul Kehrer	8589466	2015-03-22 13:19:31 -0500	[diff] [blame]	529	"<BasicConstraints(ca=True, path_length=None)>"
Paul Kehrer	8cf2642	2015-03-21 09:50:24 -0500	[diff] [blame]	530	)
Paul Kehrer	fbb7ac8	2015-03-16 19:26:29 -0500	[diff] [blame]	531
				532
Paul Kehrer	ffa2a15	2015-03-31 08:18:25 -0500	[diff] [blame]	533	class TestExtendedKeyUsage(object):
				534	def test_not_all_oids(self):
				535	with pytest.raises(TypeError):
				536	x509.ExtendedKeyUsage(["notoid"])
				537
				538	def test_iter_len(self):
				539	eku = x509.ExtendedKeyUsage([
				540	x509.ObjectIdentifier("1.3.6.1.5.5.7.3.1"),
				541	x509.ObjectIdentifier("1.3.6.1.5.5.7.3.2"),
				542	])
				543	assert len(eku) == 2
				544	assert list(eku) == [
				545	x509.OID_SERVER_AUTH,
				546	x509.OID_CLIENT_AUTH
				547	]
				548
Paul Kehrer	23d10c3	2015-04-02 23:12:32 -0500	[diff] [blame]	549	def test_repr(self):
				550	eku = x509.ExtendedKeyUsage([
				551	x509.ObjectIdentifier("1.3.6.1.5.5.7.3.1"),
				552	x509.ObjectIdentifier("1.3.6.1.5.5.7.3.2"),
				553	])
				554	assert repr(eku) == (
				555	"<ExtendedKeyUsage([<ObjectIdentifier(oid=1.3.6.1.5.5.7.3.1, name="
				556	"serverAuth)>, <ObjectIdentifier(oid=1.3.6.1.5.5.7.3.2, name=clien"
				557	"tAuth)>])>"
				558	)
				559
Paul Kehrer	b047617	2015-05-02 19:34:51 -0500	[diff] [blame]	560	def test_eq(self):
				561	eku = x509.ExtendedKeyUsage([
				562	x509.ObjectIdentifier("1.3.6"), x509.ObjectIdentifier("1.3.7")
				563	])
				564	eku2 = x509.ExtendedKeyUsage([
				565	x509.ObjectIdentifier("1.3.6"), x509.ObjectIdentifier("1.3.7")
				566	])
				567	assert eku == eku2
				568
				569	def test_ne(self):
				570	eku = x509.ExtendedKeyUsage([x509.ObjectIdentifier("1.3.6")])
				571	eku2 = x509.ExtendedKeyUsage([x509.ObjectIdentifier("1.3.6.1")])
				572	assert eku != eku2
				573	assert eku != object()
				574
Paul Kehrer	ffa2a15	2015-03-31 08:18:25 -0500	[diff] [blame]	575
Paul Kehrer	fbb7ac8	2015-03-16 19:26:29 -0500	[diff] [blame]	576	@pytest.mark.requires_backend_interface(interface=RSABackend)
				577	@pytest.mark.requires_backend_interface(interface=X509Backend)
				578	class TestExtensions(object):
				579	def test_no_extensions(self, backend):
				580	cert = _load_cert(
				581	os.path.join("x509", "verisign_md2_root.pem"),
				582	x509.load_pem_x509_certificate,
				583	backend
				584	)
				585	ext = cert.extensions
				586	assert len(ext) == 0
				587	assert list(ext) == []
Paul Kehrer	fa56a23	2015-03-17 13:14:03 -0500	[diff] [blame]	588	with pytest.raises(x509.ExtensionNotFound) as exc:
				589	ext.get_extension_for_oid(x509.OID_BASIC_CONSTRAINTS)
				590
				591	assert exc.value.oid == x509.OID_BASIC_CONSTRAINTS
				592
				593	def test_one_extension(self, backend):
				594	cert = _load_cert(
				595	os.path.join(
				596	"x509", "custom", "basic_constraints_not_critical.pem"
				597	),
				598	x509.load_pem_x509_certificate,
				599	backend
				600	)
				601	extensions = cert.extensions
				602	ext = extensions.get_extension_for_oid(x509.OID_BASIC_CONSTRAINTS)
				603	assert ext is not None
				604	assert ext.value.ca is False
Paul Kehrer	fbb7ac8	2015-03-16 19:26:29 -0500	[diff] [blame]	605
				606	def test_duplicate_extension(self, backend):
				607	cert = _load_cert(
				608	os.path.join(
				609	"x509", "custom", "two_basic_constraints.pem"
				610	),
				611	x509.load_pem_x509_certificate,
				612	backend
				613	)
				614	with pytest.raises(x509.DuplicateExtension) as exc:
				615	cert.extensions
				616
				617	assert exc.value.oid == x509.OID_BASIC_CONSTRAINTS
				618
				619	def test_unsupported_critical_extension(self, backend):
				620	cert = _load_cert(
				621	os.path.join(
				622	"x509", "custom", "unsupported_extension_critical.pem"
				623	),
				624	x509.load_pem_x509_certificate,
				625	backend
				626	)
				627	with pytest.raises(x509.UnsupportedExtension) as exc:
				628	cert.extensions
				629
				630	assert exc.value.oid == x509.ObjectIdentifier("1.2.3.4")
				631
				632	def test_unsupported_extension(self, backend):
				633	# TODO: this will raise an exception when all extensions are complete
				634	cert = _load_cert(
				635	os.path.join(
				636	"x509", "custom", "unsupported_extension.pem"
				637	),
				638	x509.load_pem_x509_certificate,
				639	backend
				640	)
				641	extensions = cert.extensions
				642	assert len(extensions) == 0
Paul Kehrer	fa56a23	2015-03-17 13:14:03 -0500	[diff] [blame]	643
				644
				645	@pytest.mark.requires_backend_interface(interface=RSABackend)
				646	@pytest.mark.requires_backend_interface(interface=X509Backend)
Paul Kehrer	de813ea	2015-03-28 12:44:34 -0500	[diff] [blame]	647	class TestBasicConstraintsExtension(object):
Paul Kehrer	fa56a23	2015-03-17 13:14:03 -0500	[diff] [blame]	648	def test_ca_true_pathlen_6(self, backend):
				649	cert = _load_cert(
				650	os.path.join(
				651	"x509", "PKITS_data", "certs", "pathLenConstraint6CACert.crt"
				652	),
				653	x509.load_der_x509_certificate,
				654	backend
				655	)
				656	ext = cert.extensions.get_extension_for_oid(
				657	x509.OID_BASIC_CONSTRAINTS
				658	)
				659	assert ext is not None
				660	assert ext.critical is True
				661	assert ext.value.ca is True
				662	assert ext.value.path_length == 6
				663
				664	def test_path_length_zero(self, backend):
				665	cert = _load_cert(
				666	os.path.join("x509", "custom", "bc_path_length_zero.pem"),
				667	x509.load_pem_x509_certificate,
				668	backend
				669	)
				670	ext = cert.extensions.get_extension_for_oid(
				671	x509.OID_BASIC_CONSTRAINTS
				672	)
				673	assert ext is not None
				674	assert ext.critical is True
				675	assert ext.value.ca is True
				676	assert ext.value.path_length == 0
				677
				678	def test_ca_true_no_pathlen(self, backend):
				679	cert = _load_cert(
				680	os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"),
				681	x509.load_der_x509_certificate,
				682	backend
				683	)
				684	ext = cert.extensions.get_extension_for_oid(
				685	x509.OID_BASIC_CONSTRAINTS
				686	)
				687	assert ext is not None
				688	assert ext.critical is True
				689	assert ext.value.ca is True
				690	assert ext.value.path_length is None
				691
				692	def test_ca_false(self, backend):
				693	cert = _load_cert(
				694	os.path.join("x509", "cryptography.io.pem"),
				695	x509.load_pem_x509_certificate,
				696	backend
				697	)
				698	ext = cert.extensions.get_extension_for_oid(
				699	x509.OID_BASIC_CONSTRAINTS
				700	)
				701	assert ext is not None
				702	assert ext.critical is True
				703	assert ext.value.ca is False
				704	assert ext.value.path_length is None
				705
				706	def test_no_basic_constraints(self, backend):
				707	cert = _load_cert(
				708	os.path.join(
				709	"x509",
				710	"PKITS_data",
				711	"certs",
				712	"ValidCertificatePathTest1EE.crt"
				713	),
				714	x509.load_der_x509_certificate,
				715	backend
				716	)
				717	with pytest.raises(x509.ExtensionNotFound):
				718	cert.extensions.get_extension_for_oid(x509.OID_BASIC_CONSTRAINTS)
				719
				720	def test_basic_constraint_not_critical(self, backend):
				721	cert = _load_cert(
				722	os.path.join(
				723	"x509", "custom", "basic_constraints_not_critical.pem"
				724	),
				725	x509.load_pem_x509_certificate,
				726	backend
				727	)
				728	ext = cert.extensions.get_extension_for_oid(
				729	x509.OID_BASIC_CONSTRAINTS
				730	)
				731	assert ext is not None
				732	assert ext.critical is False
				733	assert ext.value.ca is False
Paul Kehrer	1eb82a6	2015-03-31 20:00:33 -0500	[diff] [blame]	734
				735
				736	@pytest.mark.requires_backend_interface(interface=RSABackend)
				737	@pytest.mark.requires_backend_interface(interface=X509Backend)
				738	class TestSubjectKeyIdentifierExtension(object):
				739	def test_subject_key_identifier(self, backend):
				740	cert = _load_cert(
				741	os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"),
				742	x509.load_der_x509_certificate,
				743	backend
				744	)
				745	ext = cert.extensions.get_extension_for_oid(
				746	x509.OID_SUBJECT_KEY_IDENTIFIER
				747	)
				748	ski = ext.value
				749	assert ext is not None
				750	assert ext.critical is False
Paul Kehrer	1eb82a6	2015-03-31 20:00:33 -0500	[diff] [blame]	751	assert ski.digest == binascii.unhexlify(
Paul Kehrer	ee99726	2015-04-04 12:20:28 -0500	[diff] [blame]	752	b"580184241bbc2b52944a3da510721451f5af3ac9"
Paul Kehrer	1eb82a6	2015-03-31 20:00:33 -0500	[diff] [blame]	753	)
				754
				755	def test_no_subject_key_identifier(self, backend):
				756	cert = _load_cert(
				757	os.path.join("x509", "custom", "bc_path_length_zero.pem"),
				758	x509.load_pem_x509_certificate,
				759	backend
				760	)
				761	with pytest.raises(x509.ExtensionNotFound):
				762	cert.extensions.get_extension_for_oid(
				763	x509.OID_SUBJECT_KEY_IDENTIFIER
				764	)
Paul Kehrer	5508ee2	2015-04-02 19:31:03 -0500	[diff] [blame]	765
				766
				767	@pytest.mark.requires_backend_interface(interface=RSABackend)
				768	@pytest.mark.requires_backend_interface(interface=X509Backend)
				769	class TestKeyUsageExtension(object):
				770	def test_no_key_usage(self, backend):
				771	cert = _load_cert(
				772	os.path.join("x509", "verisign_md2_root.pem"),
				773	x509.load_pem_x509_certificate,
				774	backend
				775	)
				776	ext = cert.extensions
				777	with pytest.raises(x509.ExtensionNotFound) as exc:
				778	ext.get_extension_for_oid(x509.OID_KEY_USAGE)
				779
				780	assert exc.value.oid == x509.OID_KEY_USAGE
				781
				782	def test_all_purposes(self, backend):
				783	cert = _load_cert(
				784	os.path.join(
				785	"x509", "custom", "all_key_usages.pem"
				786	),
				787	x509.load_pem_x509_certificate,
				788	backend
				789	)
				790	extensions = cert.extensions
				791	ext = extensions.get_extension_for_oid(x509.OID_KEY_USAGE)
				792	assert ext is not None
				793
				794	ku = ext.value
				795	assert ku.digital_signature is True
				796	assert ku.content_commitment is True
				797	assert ku.key_encipherment is True
				798	assert ku.data_encipherment is True
				799	assert ku.key_agreement is True
				800	assert ku.key_cert_sign is True
				801	assert ku.crl_sign is True
				802	assert ku.encipher_only is True
				803	assert ku.decipher_only is True
				804
				805	def test_key_cert_sign_crl_sign(self, backend):
				806	cert = _load_cert(
				807	os.path.join(
				808	"x509", "PKITS_data", "certs", "pathLenConstraint6CACert.crt"
				809	),
				810	x509.load_der_x509_certificate,
				811	backend
				812	)
				813	ext = cert.extensions.get_extension_for_oid(x509.OID_KEY_USAGE)
				814	assert ext is not None
				815	assert ext.critical is True
				816
				817	ku = ext.value
				818	assert ku.digital_signature is False
				819	assert ku.content_commitment is False
				820	assert ku.key_encipherment is False
				821	assert ku.data_encipherment is False
				822	assert ku.key_agreement is False
				823	assert ku.key_cert_sign is True
				824	assert ku.crl_sign is True
Paul Kehrer	31bdf79	2015-03-25 14:11:00 -0500	[diff] [blame]	825
				826
				827	@pytest.mark.parametrize(
				828	"name", [
				829	x509.RFC822Name,
				830	x509.DNSName,
				831	x509.UniformResourceIdentifier
				832	]
				833	)
				834	class TestTextGeneralNames(object):
				835	def test_not_text(self, name):
				836	with pytest.raises(TypeError):
				837	name(b"notaunicodestring")
				838
				839	with pytest.raises(TypeError):
				840	name(1.3)
				841
				842	def test_repr(self, name):
Eeshan Garg	f123415	2015-04-29 18:41:00 +0530	[diff] [blame]	843	gn = name(u"string")
Paul Kehrer	31bdf79	2015-03-25 14:11:00 -0500	[diff] [blame]	844	assert repr(gn) == "<{0}(value=string)>".format(name.__name__)
				845
				846	def test_eq(self, name):
Eeshan Garg	f123415	2015-04-29 18:41:00 +0530	[diff] [blame]	847	gn = name(u"string")
				848	gn2 = name(u"string")
Paul Kehrer	31bdf79	2015-03-25 14:11:00 -0500	[diff] [blame]	849	assert gn == gn2
				850
				851	def test_ne(self, name):
Eeshan Garg	f123415	2015-04-29 18:41:00 +0530	[diff] [blame]	852	gn = name(u"string")
				853	gn2 = name(u"string2")
Paul Kehrer	31bdf79	2015-03-25 14:11:00 -0500	[diff] [blame]	854	assert gn != gn2
				855	assert gn != object()
				856
				857
				858	class TestDirectoryName(object):
				859	def test_not_name(self):
				860	with pytest.raises(TypeError):
				861	x509.DirectoryName(b"notaname")
				862
				863	with pytest.raises(TypeError):
				864	x509.DirectoryName(1.3)
				865
				866	def test_repr(self):
				867	name = x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, 'value1')])
				868	gn = x509.DirectoryName(x509.Name([name]))
				869	assert repr(gn) == (
				870	"<DirectoryName(value=<Name([<Name([<NameAttribute(oid=<ObjectIden"
				871	"tifier(oid=2.5.4.3, name=commonName)>, value='value1')>])>])>)>"
				872	)
				873
				874	def test_eq(self):
				875	name = x509.Name([
				876	x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value1')
				877	])
				878	name2 = x509.Name([
				879	x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value1')
				880	])
				881	gn = x509.DirectoryName(x509.Name([name]))
				882	gn2 = x509.DirectoryName(x509.Name([name2]))
				883	assert gn == gn2
				884
				885	def test_ne(self):
				886	name = x509.Name([
				887	x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value1')
				888	])
				889	name2 = x509.Name([
				890	x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value2')
				891	])
				892	gn = x509.DirectoryName(x509.Name([name]))
				893	gn2 = x509.DirectoryName(x509.Name([name2]))
				894	assert gn != gn2
				895	assert gn != object()
				896
				897
				898	class TestRegisteredID(object):
				899	def test_not_oid(self):
				900	with pytest.raises(TypeError):
				901	x509.RegisteredID(b"notanoid")
				902
				903	with pytest.raises(TypeError):
				904	x509.RegisteredID(1.3)
				905
				906	def test_repr(self):
				907	gn = x509.RegisteredID(x509.OID_COMMON_NAME)
				908	assert repr(gn) == (
				909	"<RegisteredID(value=<ObjectIdentifier(oid=2.5.4.3, name=commonNam"
				910	"e)>)>"
				911	)
				912
				913	def test_eq(self):
				914	gn = x509.RegisteredID(x509.OID_COMMON_NAME)
				915	gn2 = x509.RegisteredID(x509.OID_COMMON_NAME)
				916	assert gn == gn2
				917
				918	def test_ne(self):
				919	gn = x509.RegisteredID(x509.OID_COMMON_NAME)
				920	gn2 = x509.RegisteredID(x509.OID_BASIC_CONSTRAINTS)
				921	assert gn != gn2
				922	assert gn != object()
				923
				924
				925	class TestIPAddress(object):
				926	def test_not_ipaddress(self):
				927	with pytest.raises(TypeError):
				928	x509.IPAddress(b"notanipaddress")
				929
				930	with pytest.raises(TypeError):
				931	x509.IPAddress(1.3)
				932
				933	def test_repr(self):
Eeshan Garg	f123415	2015-04-29 18:41:00 +0530	[diff] [blame]	934	gn = x509.IPAddress(ipaddress.IPv4Address(u"127.0.0.1"))
Paul Kehrer	31bdf79	2015-03-25 14:11:00 -0500	[diff] [blame]	935	assert repr(gn) == "<IPAddress(value=127.0.0.1)>"
				936
Eeshan Garg	f123415	2015-04-29 18:41:00 +0530	[diff] [blame]	937	gn2 = x509.IPAddress(ipaddress.IPv6Address(u"ff::"))
Paul Kehrer	31bdf79	2015-03-25 14:11:00 -0500	[diff] [blame]	938	assert repr(gn2) == "<IPAddress(value=ff::)>"
				939
				940	def test_eq(self):
Eeshan Garg	f123415	2015-04-29 18:41:00 +0530	[diff] [blame]	941	gn = x509.IPAddress(ipaddress.IPv4Address(u"127.0.0.1"))
				942	gn2 = x509.IPAddress(ipaddress.IPv4Address(u"127.0.0.1"))
Paul Kehrer	31bdf79	2015-03-25 14:11:00 -0500	[diff] [blame]	943	assert gn == gn2
				944
				945	def test_ne(self):
Eeshan Garg	f123415	2015-04-29 18:41:00 +0530	[diff] [blame]	946	gn = x509.IPAddress(ipaddress.IPv4Address(u"127.0.0.1"))
				947	gn2 = x509.IPAddress(ipaddress.IPv4Address(u"127.0.0.2"))
Paul Kehrer	31bdf79	2015-03-25 14:11:00 -0500	[diff] [blame]	948	assert gn != gn2
				949	assert gn != object()
				950
				951
				952	class TestSubjectAlternativeName(object):
				953	def test_get_values_for_type(self):
				954	san = x509.SubjectAlternativeName(
Eeshan Garg	f123415	2015-04-29 18:41:00 +0530	[diff] [blame]	955	[x509.DNSName(u"cryptography.io")]
Paul Kehrer	31bdf79	2015-03-25 14:11:00 -0500	[diff] [blame]	956	)
				957	names = san.get_values_for_type(x509.DNSName)
Eeshan Garg	f123415	2015-04-29 18:41:00 +0530	[diff] [blame]	958	assert names == [u"cryptography.io"]
Paul Kehrer	31bdf79	2015-03-25 14:11:00 -0500	[diff] [blame]	959
				960	def test_iter_names(self):
				961	san = x509.SubjectAlternativeName([
Eeshan Garg	f123415	2015-04-29 18:41:00 +0530	[diff] [blame]	962	x509.DNSName(u"cryptography.io"),
				963	x509.DNSName(u"crypto.local"),
Paul Kehrer	31bdf79	2015-03-25 14:11:00 -0500	[diff] [blame]	964	])
				965	assert len(san) == 2
				966	assert list(san) == [
Eeshan Garg	f123415	2015-04-29 18:41:00 +0530	[diff] [blame]	967	x509.DNSName(u"cryptography.io"),
				968	x509.DNSName(u"crypto.local"),
Paul Kehrer	31bdf79	2015-03-25 14:11:00 -0500	[diff] [blame]	969	]
				970
Paul Kehrer	d04b39b	2015-04-21 08:44:17 -0500	[diff] [blame]	971	def test_invalid_general_names(self):
				972	with pytest.raises(TypeError):
				973	x509.SubjectAlternativeName(
Eeshan Garg	f123415	2015-04-29 18:41:00 +0530	[diff] [blame]	974	[x509.DNSName(u"cryptography.io"), "invalid"]
Paul Kehrer	d04b39b	2015-04-21 08:44:17 -0500	[diff] [blame]	975	)
				976
Paul Kehrer	31bdf79	2015-03-25 14:11:00 -0500	[diff] [blame]	977	def test_repr(self):
				978	san = x509.SubjectAlternativeName(
				979	[
Eeshan Garg	f123415	2015-04-29 18:41:00 +0530	[diff] [blame]	980	x509.DNSName(u"cryptography.io")
Paul Kehrer	31bdf79	2015-03-25 14:11:00 -0500	[diff] [blame]	981	]
				982	)
				983	assert repr(san) == (
				984	"<SubjectAlternativeName([<DNSName(value=cryptography.io)>])>"
				985	)
Paul Kehrer	40f8338	2015-04-20 15:00:16 -0500	[diff] [blame]	986
				987
				988	@pytest.mark.requires_backend_interface(interface=RSABackend)
				989	@pytest.mark.requires_backend_interface(interface=X509Backend)
				990	class TestRSASubjectAlternativeNameExtension(object):
				991	def test_dns_name(self, backend):
				992	cert = _load_cert(
				993	os.path.join("x509", "cryptography.io.pem"),
				994	x509.load_pem_x509_certificate,
				995	backend
				996	)
				997	ext = cert.extensions.get_extension_for_oid(
				998	x509.OID_SUBJECT_ALTERNATIVE_NAME
				999	)
				1000	assert ext is not None
				1001	assert ext.critical is False
				1002
				1003	san = ext.value
				1004
				1005	dns = san.get_values_for_type(x509.DNSName)
				1006	assert dns == [u"www.cryptography.io", u"cryptography.io"]
Paul Kehrer	9089c91	2015-04-20 22:15:20 -0500	[diff] [blame]	1007
				1008	def test_unsupported_other_name(self, backend):
				1009	cert = _load_cert(
				1010	os.path.join(
				1011	"x509", "custom", "san_other_name.pem"
				1012	),
				1013	x509.load_pem_x509_certificate,
				1014	backend
				1015	)
Paul Kehrer	bed0735	2015-04-21 08:31:10 -0500	[diff] [blame]	1016	with pytest.raises(x509.UnsupportedGeneralNameType) as exc:
Paul Kehrer	9089c91	2015-04-20 22:15:20 -0500	[diff] [blame]	1017	cert.extensions
Paul Kehrer	bed0735	2015-04-21 08:31:10 -0500	[diff] [blame]	1018
Paul Kehrer	0a621bf	2015-04-22 09:22:56 -0500	[diff] [blame]	1019	assert exc.value.type == 0
Paul Kehrer	4db9662	2015-04-20 22:17:39 -0500	[diff] [blame]	1020
				1021	def test_registered_id(self, backend):
				1022	cert = _load_cert(
				1023	os.path.join(
				1024	"x509", "custom", "san_registered_id.pem"
				1025	),
				1026	x509.load_pem_x509_certificate,
				1027	backend
				1028	)
				1029	ext = cert.extensions.get_extension_for_oid(
				1030	x509.OID_SUBJECT_ALTERNATIVE_NAME
				1031	)
				1032	assert ext is not None
				1033	assert ext.critical is False
				1034
				1035	san = ext.value
				1036	rid = san.get_values_for_type(x509.RegisteredID)
				1037	assert rid == [x509.ObjectIdentifier("1.2.3.4")]
Paul Kehrer	b8ef82e	2015-04-22 16:04:24 -0500	[diff] [blame]	1038
				1039	def test_uri(self, backend):
				1040	cert = _load_cert(
				1041	os.path.join(
				1042	"x509", "custom", "san_uri_with_port.pem"
				1043	),
				1044	x509.load_pem_x509_certificate,
				1045	backend
				1046	)
				1047	ext = cert.extensions.get_extension_for_oid(
				1048	x509.OID_SUBJECT_ALTERNATIVE_NAME
				1049	)
				1050	assert ext is not None
				1051	uri = ext.value.get_values_for_type(
				1052	x509.UniformResourceIdentifier
				1053	)
				1054	assert uri == [
				1055	u"gopher://\u043f\u044b\u043a\u0430.cryptography:70/path?q=s#hel"
				1056	u"lo",
				1057	u"http://someregulardomain.com",
				1058	]
Paul Kehrer	a5f030c	2015-04-28 08:33:18 -0500	[diff] [blame]	1059
				1060	def test_ipaddress(self, backend):
				1061	cert = _load_cert(
				1062	os.path.join(
				1063	"x509", "custom", "san_ipaddr.pem"
				1064	),
				1065	x509.load_pem_x509_certificate,
				1066	backend
				1067	)
				1068	ext = cert.extensions.get_extension_for_oid(
				1069	x509.OID_SUBJECT_ALTERNATIVE_NAME
				1070	)
				1071	assert ext is not None
				1072	assert ext.critical is False
				1073
				1074	san = ext.value
				1075
				1076	ip = san.get_values_for_type(x509.IPAddress)
				1077	assert [
				1078	ipaddress.ip_address(u"127.0.0.1"),
				1079	ipaddress.ip_address(u"ff::")
				1080	] == ip
Paul Kehrer	2187a05	2015-04-30 08:22:07 -0500	[diff] [blame]	1081
				1082	def test_dirname(self, backend):
				1083	cert = _load_cert(
				1084	os.path.join(
				1085	"x509", "custom", "san_dirname.pem"
				1086	),
				1087	x509.load_pem_x509_certificate,
				1088	backend
				1089	)
				1090	ext = cert.extensions.get_extension_for_oid(
				1091	x509.OID_SUBJECT_ALTERNATIVE_NAME
				1092	)
				1093	assert ext is not None
				1094	assert ext.critical is False
				1095
				1096	san = ext.value
				1097
				1098	dirname = san.get_values_for_type(x509.DirectoryName)
				1099	assert [
				1100	x509.Name([
				1101	x509.NameAttribute(x509.OID_COMMON_NAME, 'test'),
				1102	x509.NameAttribute(x509.OID_ORGANIZATION_NAME, 'Org'),
				1103	x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, 'Texas'),
				1104	])
				1105	] == dirname
Paul Kehrer	e06cab4	2015-04-30 10:23:33 -0500	[diff] [blame]	1106
				1107	def test_rfc822name(self, backend):
				1108	cert = _load_cert(
				1109	os.path.join(
				1110	"x509", "custom", "san_rfc822_idna.pem"
				1111	),
				1112	x509.load_pem_x509_certificate,
				1113	backend
				1114	)
				1115	ext = cert.extensions.get_extension_for_oid(
				1116	x509.OID_SUBJECT_ALTERNATIVE_NAME
				1117	)
				1118	assert ext is not None
				1119	assert ext.critical is False
				1120
				1121	san = ext.value
				1122
				1123	rfc822name = san.get_values_for_type(x509.RFC822Name)
				1124	assert [u"email@em\xe5\xefl.com"] == rfc822name
				1125
				1126	def test_unicode_rfc822_name_dns_name_uri(self, backend):
				1127	cert = _load_cert(
				1128	os.path.join(
				1129	"x509", "custom", "san_idna_names.pem"
				1130	),
				1131	x509.load_pem_x509_certificate,
				1132	backend
				1133	)
				1134	ext = cert.extensions.get_extension_for_oid(
				1135	x509.OID_SUBJECT_ALTERNATIVE_NAME
				1136	)
				1137	assert ext is not None
				1138	rfc822_name = ext.value.get_values_for_type(x509.RFC822Name)
				1139	dns_name = ext.value.get_values_for_type(x509.DNSName)
				1140	uri = ext.value.get_values_for_type(x509.UniformResourceIdentifier)
				1141	assert rfc822_name == [u"email@\u043f\u044b\u043a\u0430.cryptography"]
				1142	assert dns_name == [u"\u043f\u044b\u043a\u0430.cryptography"]
				1143	assert uri == [u"https://www.\u043f\u044b\u043a\u0430.cryptography"]
				1144
				1145	def test_rfc822name_dnsname_ipaddress_directoryname_uri(self, backend):
				1146	cert = _load_cert(
				1147	os.path.join(
				1148	"x509", "custom", "san_email_dns_ip_dirname_uri.pem"
				1149	),
				1150	x509.load_pem_x509_certificate,
				1151	backend
				1152	)
				1153	ext = cert.extensions.get_extension_for_oid(
				1154	x509.OID_SUBJECT_ALTERNATIVE_NAME
				1155	)
				1156	assert ext is not None
				1157	assert ext.critical is False
				1158
				1159	san = ext.value
				1160
				1161	rfc822_name = san.get_values_for_type(x509.RFC822Name)
				1162	uri = san.get_values_for_type(x509.UniformResourceIdentifier)
				1163	dns = san.get_values_for_type(x509.DNSName)
				1164	ip = san.get_values_for_type(x509.IPAddress)
				1165	dirname = san.get_values_for_type(x509.DirectoryName)
				1166	assert [u"user@cryptography.io"] == rfc822_name
Paul Kehrer	e3a330c	2015-05-02 16:42:52 -0500	[diff] [blame]	1167	assert [u"https://cryptography.io"] == uri
Paul Kehrer	e06cab4	2015-04-30 10:23:33 -0500	[diff] [blame]	1168	assert [u"cryptography.io"] == dns
				1169	assert [
				1170	x509.Name([
				1171	x509.NameAttribute(x509.OID_COMMON_NAME, 'dirCN'),
				1172	x509.NameAttribute(
				1173	x509.OID_ORGANIZATION_NAME, 'Cryptographic Authority'
				1174	),
				1175	])
				1176	] == dirname
				1177	assert [
				1178	ipaddress.ip_address(u"127.0.0.1"),
				1179	ipaddress.ip_address(u"ff::")
				1180	] == ip
				1181
				1182	def test_invalid_rfc822name(self, backend):
				1183	cert = _load_cert(
				1184	os.path.join(
				1185	"x509", "custom", "san_rfc822_names.pem"
				1186	),
				1187	x509.load_pem_x509_certificate,
				1188	backend
				1189	)
				1190	with pytest.raises(ValueError) as exc:
				1191	cert.extensions
				1192
				1193	assert 'Invalid rfc822name value' in str(exc.value)
Paul Kehrer	94c6960	2015-05-02 19:29:40 -0500	[diff] [blame]	1194
				1195
				1196	@pytest.mark.requires_backend_interface(interface=RSABackend)
				1197	@pytest.mark.requires_backend_interface(interface=X509Backend)
				1198	class TestExtendedKeyUsageExtension(object):
				1199	def test_eku(self, backend):
				1200	cert = _load_cert(
				1201	os.path.join(
				1202	"x509", "custom", "extended_key_usage.pem"
				1203	),
				1204	x509.load_pem_x509_certificate,
				1205	backend
				1206	)
				1207	ext = cert.extensions.get_extension_for_oid(
				1208	x509.OID_EXTENDED_KEY_USAGE
				1209	)
				1210	assert ext is not None
				1211	assert ext.critical is False
				1212
				1213	assert [
				1214	x509.ObjectIdentifier("1.3.6.1.5.5.7.3.1"),
				1215	x509.ObjectIdentifier("1.3.6.1.5.5.7.3.2"),
				1216	x509.ObjectIdentifier("1.3.6.1.5.5.7.3.3"),
				1217	x509.ObjectIdentifier("1.3.6.1.5.5.7.3.4"),
				1218	x509.ObjectIdentifier("1.3.6.1.5.5.7.3.9"),
				1219	x509.ObjectIdentifier("1.3.6.1.5.5.7.3.8"),
				1220	x509.ObjectIdentifier("2.5.29.37.0"),
				1221	x509.ObjectIdentifier("2.16.840.1.113730.4.1"),
				1222	] == list(ext.value)
Paul Kehrer	3e6d558	2015-05-02 21:57:56 -0500	[diff] [blame]	1223
				1224
				1225	class TestAccessDescription(object):
				1226	def test_invalid_access_method(self):
Paul Kehrer	f506bca	2015-05-02 22:31:47 -0500	[diff] [blame]	1227	with pytest.raises(ValueError):
Paul Kehrer	3e6d558	2015-05-02 21:57:56 -0500	[diff] [blame]	1228	x509.AccessDescription("notanoid", x509.DNSName(u"test"))
				1229
				1230	def test_invalid_access_location(self):
				1231	with pytest.raises(TypeError):
				1232	x509.AccessDescription(x509.OID_CA_ISSUERS, "invalid")
				1233
				1234	def test_repr(self):
				1235	ad = x509.AccessDescription(
				1236	x509.OID_OCSP,
				1237	x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
				1238	)
				1239	assert repr(ad) == (
				1240	"<AccessDescription(access_method=<ObjectIdentifier(oid=1.3.6.1.5."
				1241	"5.7.48.1, name=OCSP)>, access_location=<UniformResourceIdentifier"
				1242	"(value=http://ocsp.domain.com)>)>"
				1243	)
				1244
				1245	def test_eq(self):
				1246	ad = x509.AccessDescription(
				1247	x509.OID_OCSP,
				1248	x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
				1249	)
				1250	ad2 = x509.AccessDescription(
				1251	x509.OID_OCSP,
				1252	x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
				1253	)
				1254	assert ad == ad2
				1255
				1256	def test_ne(self):
				1257	ad = x509.AccessDescription(
				1258	x509.OID_OCSP,
				1259	x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
				1260	)
				1261	ad2 = x509.AccessDescription(
				1262	x509.OID_CA_ISSUERS,
				1263	x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
				1264	)
				1265	ad3 = x509.AccessDescription(
				1266	x509.OID_OCSP,
				1267	x509.UniformResourceIdentifier(u"http://notthesame")
				1268	)
				1269	assert ad != ad2
				1270	assert ad != ad3
				1271	assert ad != object()
				1272
				1273
				1274	class TestAuthorityInformationAccess(object):
				1275	def test_invalid_descriptions(self):
				1276	with pytest.raises(TypeError):
				1277	x509.AuthorityInformationAccess(["notanAccessDescription"])
				1278
				1279	def test_iter_len(self):
				1280	aia = x509.AuthorityInformationAccess([
				1281	x509.AccessDescription(
				1282	x509.OID_OCSP,
				1283	x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
				1284	),
				1285	x509.AccessDescription(
				1286	x509.OID_CA_ISSUERS,
				1287	x509.UniformResourceIdentifier(u"http://domain.com/ca.crt")
				1288	)
				1289	])
				1290	assert len(aia) == 2
				1291	assert list(aia) == [
				1292	x509.AccessDescription(
				1293	x509.OID_OCSP,
				1294	x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
				1295	),
				1296	x509.AccessDescription(
				1297	x509.OID_CA_ISSUERS,
				1298	x509.UniformResourceIdentifier(u"http://domain.com/ca.crt")
				1299	)
				1300	]
				1301
				1302	def test_repr(self):
				1303	aia = x509.AuthorityInformationAccess([
				1304	x509.AccessDescription(
				1305	x509.OID_OCSP,
				1306	x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
				1307	),
				1308	x509.AccessDescription(
				1309	x509.OID_CA_ISSUERS,
				1310	x509.UniformResourceIdentifier(u"http://domain.com/ca.crt")
				1311	)
				1312	])
				1313	assert repr(aia) == (
				1314	"<AuthorityInformationAccess([<AccessDescription(access_method=<Ob"
				1315	"jectIdentifier(oid=1.3.6.1.5.5.7.48.1, name=OCSP)>, access_locati"
				1316	"on=<UniformResourceIdentifier(value=http://ocsp.domain.com)>)>, <"
				1317	"AccessDescription(access_method=<ObjectIdentifier(oid=1.3.6.1.5.5"
				1318	".7.48.2, name=caIssuers)>, access_location=<UniformResourceIdenti"
				1319	"fier(value=http://domain.com/ca.crt)>)>])>"
				1320	)
				1321
				1322	def test_eq(self):
				1323	aia = x509.AuthorityInformationAccess([
				1324	x509.AccessDescription(
				1325	x509.OID_OCSP,
				1326	x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
				1327	),
				1328	x509.AccessDescription(
				1329	x509.OID_CA_ISSUERS,
				1330	x509.UniformResourceIdentifier(u"http://domain.com/ca.crt")
				1331	)
				1332	])
				1333	aia2 = x509.AuthorityInformationAccess([
				1334	x509.AccessDescription(
				1335	x509.OID_OCSP,
				1336	x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
				1337	),
				1338	x509.AccessDescription(
				1339	x509.OID_CA_ISSUERS,
				1340	x509.UniformResourceIdentifier(u"http://domain.com/ca.crt")
				1341	)
				1342	])
				1343	assert aia == aia2
				1344
				1345	def test_ne(self):
				1346	aia = x509.AuthorityInformationAccess([
				1347	x509.AccessDescription(
				1348	x509.OID_OCSP,
				1349	x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
				1350	),
				1351	x509.AccessDescription(
				1352	x509.OID_CA_ISSUERS,
				1353	x509.UniformResourceIdentifier(u"http://domain.com/ca.crt")
				1354	)
				1355	])
				1356	aia2 = x509.AuthorityInformationAccess([
				1357	x509.AccessDescription(
				1358	x509.OID_OCSP,
				1359	x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
				1360	),
				1361	])
				1362
				1363	assert aia != aia2
				1364	assert aia != object()
Paul Kehrer	d774de9	2015-05-03 10:52:25 -0500	[diff] [blame]	1365
				1366
				1367	@pytest.mark.requires_backend_interface(interface=RSABackend)
				1368	@pytest.mark.requires_backend_interface(interface=X509Backend)
Paul Kehrer	a147699	2015-05-04 17:35:47 -0500	[diff] [blame]	1369	class TestAuthorityInformationAccessExtension(object):
				1370	def test_aia_ocsp_ca_issuers(self, backend):
				1371	cert = _load_cert(
				1372	os.path.join("x509", "cryptography.io.pem"),
				1373	x509.load_pem_x509_certificate,
				1374	backend
				1375	)
				1376	ext = cert.extensions.get_extension_for_oid(
				1377	x509.OID_AUTHORITY_INFORMATION_ACCESS
				1378	)
				1379	assert ext is not None
				1380	assert ext.critical is False
				1381
				1382	assert ext.value == x509.AuthorityInformationAccess([
				1383	x509.AccessDescription(
				1384	x509.OID_OCSP,
				1385	x509.UniformResourceIdentifier(u"http://gv.symcd.com")
				1386	),
				1387	x509.AccessDescription(
				1388	x509.OID_CA_ISSUERS,
				1389	x509.UniformResourceIdentifier(u"http://gv.symcb.com/gv.crt")
				1390	),
				1391	])
				1392
				1393	def test_aia_multiple_ocsp_ca_issuers(self, backend):
				1394	cert = _load_cert(
				1395	os.path.join("x509", "custom", "aia_ocsp_ca_issuers.pem"),
				1396	x509.load_pem_x509_certificate,
				1397	backend
				1398	)
				1399	ext = cert.extensions.get_extension_for_oid(
				1400	x509.OID_AUTHORITY_INFORMATION_ACCESS
				1401	)
				1402	assert ext is not None
				1403	assert ext.critical is False
				1404
				1405	assert ext.value == x509.AuthorityInformationAccess([
				1406	x509.AccessDescription(
				1407	x509.OID_OCSP,
				1408	x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
				1409	),
				1410	x509.AccessDescription(
				1411	x509.OID_OCSP,
				1412	x509.UniformResourceIdentifier(u"http://ocsp2.domain.com")
				1413	),
				1414	x509.AccessDescription(
				1415	x509.OID_CA_ISSUERS,
				1416	x509.DirectoryName(x509.Name([
				1417	x509.NameAttribute(x509.OID_COMMON_NAME, "myCN"),
				1418	x509.NameAttribute(x509.OID_ORGANIZATION_NAME, "some Org"),
				1419	]))
				1420	),
				1421	])
				1422
				1423	def test_aia_ocsp_only(self, backend):
				1424	cert = _load_cert(
				1425	os.path.join("x509", "custom", "aia_ocsp.pem"),
				1426	x509.load_pem_x509_certificate,
				1427	backend
				1428	)
				1429	ext = cert.extensions.get_extension_for_oid(
				1430	x509.OID_AUTHORITY_INFORMATION_ACCESS
				1431	)
				1432	assert ext is not None
				1433	assert ext.critical is False
				1434
				1435	assert ext.value == x509.AuthorityInformationAccess([
				1436	x509.AccessDescription(
				1437	x509.OID_OCSP,
				1438	x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
				1439	),
				1440	])
				1441
				1442	def test_aia_ca_issuers_only(self, backend):
				1443	cert = _load_cert(
				1444	os.path.join("x509", "custom", "aia_ca_issuers.pem"),
				1445	x509.load_pem_x509_certificate,
				1446	backend
				1447	)
				1448	ext = cert.extensions.get_extension_for_oid(
				1449	x509.OID_AUTHORITY_INFORMATION_ACCESS
				1450	)
				1451	assert ext is not None
				1452	assert ext.critical is False
				1453
				1454	assert ext.value == x509.AuthorityInformationAccess([
				1455	x509.AccessDescription(
				1456	x509.OID_CA_ISSUERS,
				1457	x509.DirectoryName(x509.Name([
				1458	x509.NameAttribute(x509.OID_COMMON_NAME, "myCN"),
				1459	x509.NameAttribute(x509.OID_ORGANIZATION_NAME, "some Org"),
				1460	]))
				1461	),
				1462	])
				1463
				1464
				1465	@pytest.mark.requires_backend_interface(interface=RSABackend)
				1466	@pytest.mark.requires_backend_interface(interface=X509Backend)
Paul Kehrer	d774de9	2015-05-03 10:52:25 -0500	[diff] [blame]	1467	class TestAuthorityKeyIdentifierExtension(object):
				1468	def test_aki_keyid(self, backend):
				1469	cert = _load_cert(
				1470	os.path.join(
				1471	"x509", "cryptography.io.pem"
				1472	),
				1473	x509.load_pem_x509_certificate,
				1474	backend
				1475	)
				1476	ext = cert.extensions.get_extension_for_oid(
				1477	x509.OID_AUTHORITY_KEY_IDENTIFIER
				1478	)
				1479	assert ext is not None
				1480	assert ext.critical is False
				1481
				1482	assert ext.value.key_identifier == (
				1483	b"\xc3\x9c\xf3\xfc\xd3F\x084\xbb\xceF\x7f\xa0\|[\xf3\xe2\x08\xcbY"
				1484	)
				1485	assert ext.value.authority_cert_issuer is None
				1486	assert ext.value.authority_cert_serial_number is None
				1487
				1488	def test_aki_all_fields(self, backend):
				1489	cert = _load_cert(
				1490	os.path.join(
				1491	"x509", "custom", "authority_key_identifier.pem"
				1492	),
				1493	x509.load_pem_x509_certificate,
				1494	backend
				1495	)
				1496	ext = cert.extensions.get_extension_for_oid(
				1497	x509.OID_AUTHORITY_KEY_IDENTIFIER
				1498	)
				1499	assert ext is not None
				1500	assert ext.critical is False
				1501
				1502	assert ext.value.key_identifier == (
				1503	b"9E>\xca=b\x1d\xea\x86I\xf6Z\xab@\xb7\xa4p\x98\xf1\xec"
				1504	)
				1505	assert ext.value.authority_cert_issuer == [
				1506	x509.DirectoryName(
				1507	x509.Name([
				1508	x509.NameAttribute(
				1509	x509.OID_ORGANIZATION_NAME, u"PyCA"
				1510	),
				1511	x509.NameAttribute(
				1512	x509.OID_COMMON_NAME, u"cryptography.io"
				1513	)
				1514	])
				1515	)
				1516	]
				1517	assert ext.value.authority_cert_serial_number == 3
				1518
				1519	def test_aki_no_keyid(self, backend):
				1520	cert = _load_cert(
				1521	os.path.join(
				1522	"x509", "custom", "authority_key_identifier_no_keyid.pem"
				1523	),
				1524	x509.load_pem_x509_certificate,
				1525	backend
				1526	)
				1527	ext = cert.extensions.get_extension_for_oid(
				1528	x509.OID_AUTHORITY_KEY_IDENTIFIER
				1529	)
				1530	assert ext is not None
				1531	assert ext.critical is False
				1532
				1533	assert ext.value.key_identifier is None
				1534	assert ext.value.authority_cert_issuer == [
				1535	x509.DirectoryName(
				1536	x509.Name([
				1537	x509.NameAttribute(
				1538	x509.OID_ORGANIZATION_NAME, u"PyCA"
				1539	),
				1540	x509.NameAttribute(
				1541	x509.OID_COMMON_NAME, u"cryptography.io"
				1542	)
				1543	])
				1544	)
				1545	]
				1546	assert ext.value.authority_cert_serial_number == 3
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1547
				1548
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1549	class TestDistributionPoint(object):
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1550	def test_distribution_point_full_name_not_general_names(self):
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1551	with pytest.raises(TypeError):
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1552	x509.DistributionPoint(["notgn"], None, None, None)
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1553
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1554	def test_distribution_point_relative_name_not_name(self):
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1555	with pytest.raises(TypeError):
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1556	x509.DistributionPoint(None, "notname", None, None)
				1557
				1558	def test_distribution_point_full_and_relative_not_none(self):
				1559	with pytest.raises(ValueError):
				1560	x509.DistributionPoint("data", "notname", None, None)
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1561
				1562	def test_crl_issuer_not_general_names(self):
				1563	with pytest.raises(TypeError):
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1564	x509.DistributionPoint(None, None, None, ["notgn"])
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1565
				1566	def test_reason_not_reasonflags(self):
				1567	with pytest.raises(TypeError):
				1568	x509.DistributionPoint(
				1569	[x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1570	None,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1571	frozenset(["notreasonflags"]),
				1572	None
				1573	)
				1574
				1575	def test_reason_not_frozenset(self):
				1576	with pytest.raises(TypeError):
				1577	x509.DistributionPoint(
				1578	[x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
				1579	None,
				1580	[x509.ReasonFlags.ca_compromise],
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1581	None
				1582	)
				1583
				1584	def test_disallowed_reasons(self):
				1585	with pytest.raises(ValueError):
				1586	x509.DistributionPoint(
				1587	[x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
				1588	None,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1589	frozenset([x509.ReasonFlags.unspecified]),
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1590	None
				1591	)
				1592
				1593	with pytest.raises(ValueError):
				1594	x509.DistributionPoint(
				1595	[x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
				1596	None,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1597	frozenset([x509.ReasonFlags.remove_from_crl]),
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1598	None
				1599	)
				1600
				1601	def test_reason_only(self):
				1602	with pytest.raises(ValueError):
				1603	x509.DistributionPoint(
				1604	None,
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1605	None,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1606	frozenset([x509.ReasonFlags.aa_compromise]),
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1607	None
				1608	)
				1609
				1610	def test_eq(self):
				1611	dp = x509.DistributionPoint(
				1612	[x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1613	None,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1614	frozenset([x509.ReasonFlags.superseded]),
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1615	[
				1616	x509.DirectoryName(
				1617	x509.Name([
				1618	x509.NameAttribute(
				1619	x509.OID_COMMON_NAME, "Important CA"
				1620	)
				1621	])
				1622	)
				1623	],
				1624	)
				1625	dp2 = x509.DistributionPoint(
				1626	[x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1627	None,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1628	frozenset([x509.ReasonFlags.superseded]),
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1629	[
				1630	x509.DirectoryName(
				1631	x509.Name([
				1632	x509.NameAttribute(
				1633	x509.OID_COMMON_NAME, "Important CA"
				1634	)
				1635	])
				1636	)
				1637	],
				1638	)
				1639	assert dp == dp2
				1640
				1641	def test_ne(self):
				1642	dp = x509.DistributionPoint(
				1643	[x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1644	None,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1645	frozenset([x509.ReasonFlags.superseded]),
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1646	[
				1647	x509.DirectoryName(
				1648	x509.Name([
				1649	x509.NameAttribute(
				1650	x509.OID_COMMON_NAME, "Important CA"
				1651	)
				1652	])
				1653	)
				1654	],
				1655	)
				1656	dp2 = x509.DistributionPoint(
				1657	[x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
				1658	None,
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1659	None,
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1660	None
				1661	)
				1662	assert dp != dp2
				1663	assert dp != object()
				1664
				1665	def test_repr(self):
				1666	dp = x509.DistributionPoint(
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1667	None,
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1668	x509.Name([
				1669	x509.NameAttribute(x509.OID_COMMON_NAME, "myCN")
				1670	]),
Paul Kehrer	96ef63c	2015-05-09 21:17:04 -0500	[diff] [blame]	1671	frozenset([x509.ReasonFlags.ca_compromise]),
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1672	[
				1673	x509.DirectoryName(
				1674	x509.Name([
				1675	x509.NameAttribute(
				1676	x509.OID_COMMON_NAME, "Important CA"
				1677	)
				1678	])
				1679	)
				1680	],
				1681	)
Paul Kehrer	749da3b	2015-05-10 09:58:29 -0500	[diff] [blame]	1682	if six.PY3:
				1683	assert repr(dp) == (
				1684	"<DistributionPoint(full_name=None, relative_name=<Name([<Name"
				1685	"Attribute(oid=<ObjectIdentifier(oid=2.5.4.3, name=commonName)"
				1686	">, value='myCN')>])>, reasons=frozenset({<ReasonFlags.ca_comp"
				1687	"romise: 'cACompromise'>}), crl_issuer=[<DirectoryName(value=<"
				1688	"Name([<NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.3, name="
				1689	"commonName)>, value='Important CA')>])>)>])>"
				1690	)
				1691	else:
				1692	assert repr(dp) == (
				1693	"<DistributionPoint(full_name=None, relative_name=<Name([<Name"
				1694	"Attribute(oid=<ObjectIdentifier(oid=2.5.4.3, name=commonName)"
				1695	">, value='myCN')>])>, reasons=frozenset([<ReasonFlags.ca_comp"
				1696	"romise: 'cACompromise'>]), crl_issuer=[<DirectoryName(value=<"
				1697	"Name([<NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.3, name="
				1698	"commonName)>, value='Important CA')>])>)>])>"
				1699	)
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1700
				1701
				1702	class TestCRLDistributionPoints(object):
				1703	def test_invalid_distribution_points(self):
				1704	with pytest.raises(TypeError):
				1705	x509.CRLDistributionPoints(["notadistributionpoint"])
				1706
				1707	def test_iter_len(self):
				1708	cdp = x509.CRLDistributionPoints([
				1709	x509.DistributionPoint(
				1710	[x509.UniformResourceIdentifier(u"http://domain")],
				1711	None,
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1712	None,
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1713	None
				1714	),
				1715	x509.DistributionPoint(
				1716	[x509.UniformResourceIdentifier(u"ftp://domain")],
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1717	None,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1718	frozenset([
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1719	x509.ReasonFlags.key_compromise,
				1720	x509.ReasonFlags.ca_compromise,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1721	]),
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1722	None
				1723	),
				1724	])
				1725	assert len(cdp) == 2
				1726	assert list(cdp) == [
				1727	x509.DistributionPoint(
				1728	[x509.UniformResourceIdentifier(u"http://domain")],
				1729	None,
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1730	None,
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1731	None
				1732	),
				1733	x509.DistributionPoint(
				1734	[x509.UniformResourceIdentifier(u"ftp://domain")],
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1735	None,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1736	frozenset([
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1737	x509.ReasonFlags.key_compromise,
				1738	x509.ReasonFlags.ca_compromise,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1739	]),
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1740	None
				1741	),
				1742	]
				1743
				1744	def test_repr(self):
				1745	cdp = x509.CRLDistributionPoints([
				1746	x509.DistributionPoint(
				1747	[x509.UniformResourceIdentifier(u"ftp://domain")],
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1748	None,
Paul Kehrer	96ef63c	2015-05-09 21:17:04 -0500	[diff] [blame]	1749	frozenset([x509.ReasonFlags.key_compromise]),
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1750	None
				1751	),
				1752	])
Paul Kehrer	749da3b	2015-05-10 09:58:29 -0500	[diff] [blame]	1753	if six.PY3:
				1754	assert repr(cdp) == (
				1755	"<CRLDistributionPoints([<DistributionPoint(full_name=[<Unifo"
				1756	"rmResourceIdentifier(value=ftp://domain)>], relative_name=No"
				1757	"ne, reasons=frozenset({<ReasonFlags.key_compromise: 'keyComp"
				1758	"romise'>}), crl_issuer=None)>])>"
				1759	)
				1760	else:
				1761	assert repr(cdp) == (
				1762	"<CRLDistributionPoints([<DistributionPoint(full_name=[<Unifo"
				1763	"rmResourceIdentifier(value=ftp://domain)>], relative_name=No"
				1764	"ne, reasons=frozenset([<ReasonFlags.key_compromise: 'keyComp"
				1765	"romise'>]), crl_issuer=None)>])>"
				1766	)
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1767
				1768	def test_eq(self):
				1769	cdp = x509.CRLDistributionPoints([
				1770	x509.DistributionPoint(
				1771	[x509.UniformResourceIdentifier(u"ftp://domain")],
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1772	None,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1773	frozenset([
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1774	x509.ReasonFlags.key_compromise,
				1775	x509.ReasonFlags.ca_compromise,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1776	]),
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1777	[x509.UniformResourceIdentifier(u"uri://thing")],
				1778	),
				1779	])
				1780	cdp2 = x509.CRLDistributionPoints([
				1781	x509.DistributionPoint(
				1782	[x509.UniformResourceIdentifier(u"ftp://domain")],
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1783	None,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1784	frozenset([
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1785	x509.ReasonFlags.key_compromise,
				1786	x509.ReasonFlags.ca_compromise,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1787	]),
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1788	[x509.UniformResourceIdentifier(u"uri://thing")],
				1789	),
				1790	])
				1791	assert cdp == cdp2
				1792
				1793	def test_ne(self):
				1794	cdp = x509.CRLDistributionPoints([
				1795	x509.DistributionPoint(
				1796	[x509.UniformResourceIdentifier(u"ftp://domain")],
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1797	None,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1798	frozenset([
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1799	x509.ReasonFlags.key_compromise,
				1800	x509.ReasonFlags.ca_compromise,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1801	]),
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1802	[x509.UniformResourceIdentifier(u"uri://thing")],
				1803	),
				1804	])
				1805	cdp2 = x509.CRLDistributionPoints([
				1806	x509.DistributionPoint(
				1807	[x509.UniformResourceIdentifier(u"ftp://domain2")],
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1808	None,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1809	frozenset([
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1810	x509.ReasonFlags.key_compromise,
				1811	x509.ReasonFlags.ca_compromise,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1812	]),
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1813	[x509.UniformResourceIdentifier(u"uri://thing")],
				1814	),
				1815	])
				1816	cdp3 = x509.CRLDistributionPoints([
				1817	x509.DistributionPoint(
				1818	[x509.UniformResourceIdentifier(u"ftp://domain")],
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1819	None,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1820	frozenset([x509.ReasonFlags.key_compromise]),
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1821	[x509.UniformResourceIdentifier(u"uri://thing")],
				1822	),
				1823	])
				1824	cdp4 = x509.CRLDistributionPoints([
				1825	x509.DistributionPoint(
				1826	[x509.UniformResourceIdentifier(u"ftp://domain")],
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1827	None,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1828	frozenset([
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1829	x509.ReasonFlags.key_compromise,
				1830	x509.ReasonFlags.ca_compromise,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1831	]),
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1832	[x509.UniformResourceIdentifier(u"uri://thing2")],
				1833	),
				1834	])
				1835	assert cdp != cdp2
				1836	assert cdp != cdp3
				1837	assert cdp != cdp4
				1838	assert cdp != object()