Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cryptography / 702ef6ac75c9e84e221e6696d324bada8076ecb4 / . / tests / test_x509_ext.py
blob: 4811541f46bff46944d6467ead067624074c80a2 [file] [log] [blame]
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]1# This file is dual licensed under the terms of the Apache License, Version
2# 2.0, and the BSD License. See the LICENSE file in the root of this repository
3# for complete details.
4
5from __future__ import absolute_import, division, print_function
6
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]7import binascii
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]8import ipaddress
Paul Kehrerfbb7ac82015-03-16 19:26:29 -0500[diff] [blame]9import os
10
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]11import pytest
12
Paul Kehrercbfb1012015-04-10 20:57:20 -0400[diff] [blame]13import six
14
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]15from cryptography import x509
Paul Kehrerfbb7ac82015-03-16 19:26:29 -0500[diff] [blame]16from cryptography.hazmat.backends.interfaces import RSABackend, X509Backend
17
18from .test_x509 import _load_cert
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]19
20
Paul Kehrer85894662015-03-22 13:19:31 -0500[diff] [blame]21class TestExtension(object):
22 def test_not_an_oid(self):
Paul Kehrera5c6e9a2015-03-23 19:23:43 -0500[diff] [blame]23 bc = x509.BasicConstraints(ca=False, path_length=None)
Paul Kehrer85894662015-03-22 13:19:31 -0500[diff] [blame]24 with pytest.raises(TypeError):
25 x509.Extension("notanoid", True, bc)
26
27 def test_critical_not_a_bool(self):
Paul Kehrera5c6e9a2015-03-23 19:23:43 -0500[diff] [blame]28 bc = x509.BasicConstraints(ca=False, path_length=None)
Paul Kehrer85894662015-03-22 13:19:31 -0500[diff] [blame]29 with pytest.raises(TypeError):
30 x509.Extension(x509.OID_BASIC_CONSTRAINTS, "notabool", bc)
31
32 def test_repr(self):
Paul Kehrera5c6e9a2015-03-23 19:23:43 -0500[diff] [blame]33 bc = x509.BasicConstraints(ca=False, path_length=None)
Paul Kehrer85894662015-03-22 13:19:31 -0500[diff] [blame]34 ext = x509.Extension(x509.OID_BASIC_CONSTRAINTS, True, bc)
35 assert repr(ext) == (
36 "<Extension(oid=<ObjectIdentifier(oid=2.5.29.19, name=basicConst"
37 "raints)>, critical=True, value=<BasicConstraints(ca=False, path"
38 "_length=None)>)>"
39 )
40
41
Paul Kehrercecbbba2015-03-30 14:58:38 -0500[diff] [blame]42class TestKeyUsage(object):
43 def test_key_agreement_false_encipher_decipher_true(self):
44 with pytest.raises(ValueError):
45 x509.KeyUsage(
46 digital_signature=False,
47 content_commitment=False,
48 key_encipherment=False,
49 data_encipherment=False,
50 key_agreement=False,
51 key_cert_sign=False,
52 crl_sign=False,
53 encipher_only=True,
54 decipher_only=False
55 )
56
57 with pytest.raises(ValueError):
58 x509.KeyUsage(
59 digital_signature=False,
60 content_commitment=False,
61 key_encipherment=False,
62 data_encipherment=False,
63 key_agreement=False,
64 key_cert_sign=False,
65 crl_sign=False,
66 encipher_only=True,
67 decipher_only=True
68 )
69
70 with pytest.raises(ValueError):
71 x509.KeyUsage(
72 digital_signature=False,
73 content_commitment=False,
74 key_encipherment=False,
75 data_encipherment=False,
76 key_agreement=False,
77 key_cert_sign=False,
78 crl_sign=False,
79 encipher_only=False,
80 decipher_only=True
81 )
82
83 def test_properties_key_agreement_true(self):
84 ku = x509.KeyUsage(
85 digital_signature=True,
86 content_commitment=True,
87 key_encipherment=False,
88 data_encipherment=False,
89 key_agreement=False,
90 key_cert_sign=True,
91 crl_sign=False,
92 encipher_only=False,
93 decipher_only=False
94 )
95 assert ku.digital_signature is True
96 assert ku.content_commitment is True
97 assert ku.key_encipherment is False
98 assert ku.data_encipherment is False
99 assert ku.key_agreement is False
100 assert ku.key_cert_sign is True
101 assert ku.crl_sign is False
102
103 def test_key_agreement_true_properties(self):
104 ku = x509.KeyUsage(
105 digital_signature=False,
106 content_commitment=False,
107 key_encipherment=False,
108 data_encipherment=False,
109 key_agreement=True,
110 key_cert_sign=False,
111 crl_sign=False,
112 encipher_only=False,
113 decipher_only=True
114 )
115 assert ku.key_agreement is True
116 assert ku.encipher_only is False
117 assert ku.decipher_only is True
118
119 def test_key_agreement_false_properties(self):
120 ku = x509.KeyUsage(
121 digital_signature=False,
122 content_commitment=False,
123 key_encipherment=False,
124 data_encipherment=False,
125 key_agreement=False,
126 key_cert_sign=False,
127 crl_sign=False,
128 encipher_only=False,
129 decipher_only=False
130 )
131 assert ku.key_agreement is False
132 with pytest.raises(ValueError):
133 ku.encipher_only
134
135 with pytest.raises(ValueError):
136 ku.decipher_only
137
Paul Kehrerac3e5bb2015-04-02 23:07:10 -0500[diff] [blame]138 def test_repr_key_agreement_false(self):
139 ku = x509.KeyUsage(
140 digital_signature=True,
141 content_commitment=True,
142 key_encipherment=False,
143 data_encipherment=False,
144 key_agreement=False,
145 key_cert_sign=True,
146 crl_sign=False,
147 encipher_only=False,
148 decipher_only=False
149 )
150 assert repr(ku) == (
151 "<KeyUsage(digital_signature=True, content_commitment=True, key_en"
152 "cipherment=False, data_encipherment=False, key_agreement=False, k"
Paul Kehrerb372e672015-04-15 11:05:24 -0400[diff] [blame]153 "ey_cert_sign=True, crl_sign=False, encipher_only=None, decipher_o"
154 "nly=None)>"
Paul Kehrerac3e5bb2015-04-02 23:07:10 -0500[diff] [blame]155 )
156
157 def test_repr_key_agreement_true(self):
158 ku = x509.KeyUsage(
159 digital_signature=True,
160 content_commitment=True,
161 key_encipherment=False,
162 data_encipherment=False,
163 key_agreement=True,
164 key_cert_sign=True,
165 crl_sign=False,
166 encipher_only=False,
167 decipher_only=False
168 )
169 assert repr(ku) == (
170 "<KeyUsage(digital_signature=True, content_commitment=True, key_en"
171 "cipherment=False, data_encipherment=False, key_agreement=True, k"
172 "ey_cert_sign=True, crl_sign=False, encipher_only=False, decipher_"
173 "only=False)>"
174 )
175
Paul Kehrercecbbba2015-03-30 14:58:38 -0500[diff] [blame]176
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]177class TestSubjectKeyIdentifier(object):
178 def test_properties(self):
Paul Kehrercbfb1012015-04-10 20:57:20 -0400[diff] [blame]179 value = binascii.unhexlify(b"092384932230498bc980aa8098456f6ff7ff3ac9")
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]180 ski = x509.SubjectKeyIdentifier(value)
181 assert ski.digest == value
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]182
183 def test_repr(self):
184 ski = x509.SubjectKeyIdentifier(
Paul Kehreree997262015-04-04 12:20:28 -0500[diff] [blame]185 binascii.unhexlify(b"092384932230498bc980aa8098456f6ff7ff3ac9")
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]186 )
187 ext = x509.Extension(x509.OID_SUBJECT_KEY_IDENTIFIER, False, ski)
Paul Kehrercbfb1012015-04-10 20:57:20 -0400[diff] [blame]188 if six.PY3:
189 assert repr(ext) == (
190 "<Extension(oid=<ObjectIdentifier(oid=2.5.29.14, name=subjectK"
191 "eyIdentifier)>, critical=False, value=<SubjectKeyIdentifier(d"
192 "igest=b\'\\t#\\x84\\x93\"0I\\x8b\\xc9\\x80\\xaa\\x80\\x98Eoo"
193 "\\xf7\\xff:\\xc9\')>)>"
194 )
195 else:
196 assert repr(ext) == (
197 "<Extension(oid=<ObjectIdentifier(oid=2.5.29.14, name=subjectK"
198 "eyIdentifier)>, critical=False, value=<SubjectKeyIdentifier(d"
199 "igest=\'\\t#\\x84\\x93\"0I\\x8b\\xc9\\x80\\xaa\\x80\\x98Eoo"
200 "\\xf7\\xff:\\xc9\')>)>"
201 )
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]202
203 def test_eq(self):
204 ski = x509.SubjectKeyIdentifier(
Paul Kehreree997262015-04-04 12:20:28 -0500[diff] [blame]205 binascii.unhexlify(b"092384932230498bc980aa8098456f6ff7ff3ac9")
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]206 )
207 ski2 = x509.SubjectKeyIdentifier(
Paul Kehreree997262015-04-04 12:20:28 -0500[diff] [blame]208 binascii.unhexlify(b"092384932230498bc980aa8098456f6ff7ff3ac9")
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]209 )
210 assert ski == ski2
211
212 def test_ne(self):
213 ski = x509.SubjectKeyIdentifier(
Paul Kehreree997262015-04-04 12:20:28 -0500[diff] [blame]214 binascii.unhexlify(b"092384932230498bc980aa8098456f6ff7ff3ac9")
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]215 )
216 ski2 = x509.SubjectKeyIdentifier(
Paul Kehreree997262015-04-04 12:20:28 -0500[diff] [blame]217 binascii.unhexlify(b"aa8098456f6ff7ff3ac9092384932230498bc980")
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]218 )
219 assert ski != ski2
220 assert ski != object()
221
222
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]223class TestBasicConstraints(object):
224 def test_ca_not_boolean(self):
225 with pytest.raises(TypeError):
Paul Kehrera5c6e9a2015-03-23 19:23:43 -0500[diff] [blame]226 x509.BasicConstraints(ca="notbool", path_length=None)
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]227
228 def test_path_length_not_ca(self):
229 with pytest.raises(ValueError):
Paul Kehrera5c6e9a2015-03-23 19:23:43 -0500[diff] [blame]230 x509.BasicConstraints(ca=False, path_length=0)
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]231
232 def test_path_length_not_int(self):
233 with pytest.raises(TypeError):
Paul Kehrera5c6e9a2015-03-23 19:23:43 -0500[diff] [blame]234 x509.BasicConstraints(ca=True, path_length=1.1)
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]235
236 with pytest.raises(TypeError):
Paul Kehrera5c6e9a2015-03-23 19:23:43 -0500[diff] [blame]237 x509.BasicConstraints(ca=True, path_length="notint")
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]238
239 def test_path_length_negative(self):
240 with pytest.raises(TypeError):
Paul Kehrera5c6e9a2015-03-23 19:23:43 -0500[diff] [blame]241 x509.BasicConstraints(ca=True, path_length=-1)
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]242
243 def test_repr(self):
Paul Kehrera5c6e9a2015-03-23 19:23:43 -0500[diff] [blame]244 na = x509.BasicConstraints(ca=True, path_length=None)
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]245 assert repr(na) == (
Paul Kehrer85894662015-03-22 13:19:31 -0500[diff] [blame]246 "<BasicConstraints(ca=True, path_length=None)>"
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]247 )
Paul Kehrerfbb7ac82015-03-16 19:26:29 -0500[diff] [blame]248
249
Paul Kehrerffa2a152015-03-31 08:18:25 -0500[diff] [blame]250class TestExtendedKeyUsage(object):
251 def test_not_all_oids(self):
252 with pytest.raises(TypeError):
253 x509.ExtendedKeyUsage(["notoid"])
254
255 def test_iter_len(self):
256 eku = x509.ExtendedKeyUsage([
257 x509.ObjectIdentifier("1.3.6.1.5.5.7.3.1"),
258 x509.ObjectIdentifier("1.3.6.1.5.5.7.3.2"),
259 ])
260 assert len(eku) == 2
261 assert list(eku) == [
262 x509.OID_SERVER_AUTH,
263 x509.OID_CLIENT_AUTH
264 ]
265
Paul Kehrer23d10c32015-04-02 23:12:32 -0500[diff] [blame]266 def test_repr(self):
267 eku = x509.ExtendedKeyUsage([
268 x509.ObjectIdentifier("1.3.6.1.5.5.7.3.1"),
269 x509.ObjectIdentifier("1.3.6.1.5.5.7.3.2"),
270 ])
271 assert repr(eku) == (
272 "<ExtendedKeyUsage([<ObjectIdentifier(oid=1.3.6.1.5.5.7.3.1, name="
273 "serverAuth)>, <ObjectIdentifier(oid=1.3.6.1.5.5.7.3.2, name=clien"
274 "tAuth)>])>"
275 )
276
Paul Kehrerffa2a152015-03-31 08:18:25 -0500[diff] [blame]277
Paul Kehrerfbb7ac82015-03-16 19:26:29 -0500[diff] [blame]278@pytest.mark.requires_backend_interface(interface=RSABackend)
279@pytest.mark.requires_backend_interface(interface=X509Backend)
280class TestExtensions(object):
281 def test_no_extensions(self, backend):
282 cert = _load_cert(
283 os.path.join("x509", "verisign_md2_root.pem"),
284 x509.load_pem_x509_certificate,
285 backend
286 )
287 ext = cert.extensions
288 assert len(ext) == 0
289 assert list(ext) == []
Paul Kehrerfa56a232015-03-17 13:14:03 -0500[diff] [blame]290 with pytest.raises(x509.ExtensionNotFound) as exc:
291 ext.get_extension_for_oid(x509.OID_BASIC_CONSTRAINTS)
292
293 assert exc.value.oid == x509.OID_BASIC_CONSTRAINTS
294
295 def test_one_extension(self, backend):
296 cert = _load_cert(
297 os.path.join(
298 "x509", "custom", "basic_constraints_not_critical.pem"
299 ),
300 x509.load_pem_x509_certificate,
301 backend
302 )
303 extensions = cert.extensions
304 ext = extensions.get_extension_for_oid(x509.OID_BASIC_CONSTRAINTS)
305 assert ext is not None
306 assert ext.value.ca is False
Paul Kehrerfbb7ac82015-03-16 19:26:29 -0500[diff] [blame]307
308 def test_duplicate_extension(self, backend):
309 cert = _load_cert(
310 os.path.join(
311 "x509", "custom", "two_basic_constraints.pem"
312 ),
313 x509.load_pem_x509_certificate,
314 backend
315 )
316 with pytest.raises(x509.DuplicateExtension) as exc:
317 cert.extensions
318
319 assert exc.value.oid == x509.OID_BASIC_CONSTRAINTS
320
321 def test_unsupported_critical_extension(self, backend):
322 cert = _load_cert(
323 os.path.join(
324 "x509", "custom", "unsupported_extension_critical.pem"
325 ),
326 x509.load_pem_x509_certificate,
327 backend
328 )
329 with pytest.raises(x509.UnsupportedExtension) as exc:
330 cert.extensions
331
332 assert exc.value.oid == x509.ObjectIdentifier("1.2.3.4")
333
334 def test_unsupported_extension(self, backend):
335 # TODO: this will raise an exception when all extensions are complete
336 cert = _load_cert(
337 os.path.join(
338 "x509", "custom", "unsupported_extension.pem"
339 ),
340 x509.load_pem_x509_certificate,
341 backend
342 )
343 extensions = cert.extensions
344 assert len(extensions) == 0
Paul Kehrerfa56a232015-03-17 13:14:03 -0500[diff] [blame]345
346
347@pytest.mark.requires_backend_interface(interface=RSABackend)
348@pytest.mark.requires_backend_interface(interface=X509Backend)
Paul Kehrerde813ea2015-03-28 12:44:34 -0500[diff] [blame]349class TestBasicConstraintsExtension(object):
Paul Kehrerfa56a232015-03-17 13:14:03 -0500[diff] [blame]350 def test_ca_true_pathlen_6(self, backend):
351 cert = _load_cert(
352 os.path.join(
353 "x509", "PKITS_data", "certs", "pathLenConstraint6CACert.crt"
354 ),
355 x509.load_der_x509_certificate,
356 backend
357 )
358 ext = cert.extensions.get_extension_for_oid(
359 x509.OID_BASIC_CONSTRAINTS
360 )
361 assert ext is not None
362 assert ext.critical is True
363 assert ext.value.ca is True
364 assert ext.value.path_length == 6
365
366 def test_path_length_zero(self, backend):
367 cert = _load_cert(
368 os.path.join("x509", "custom", "bc_path_length_zero.pem"),
369 x509.load_pem_x509_certificate,
370 backend
371 )
372 ext = cert.extensions.get_extension_for_oid(
373 x509.OID_BASIC_CONSTRAINTS
374 )
375 assert ext is not None
376 assert ext.critical is True
377 assert ext.value.ca is True
378 assert ext.value.path_length == 0
379
380 def test_ca_true_no_pathlen(self, backend):
381 cert = _load_cert(
382 os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"),
383 x509.load_der_x509_certificate,
384 backend
385 )
386 ext = cert.extensions.get_extension_for_oid(
387 x509.OID_BASIC_CONSTRAINTS
388 )
389 assert ext is not None
390 assert ext.critical is True
391 assert ext.value.ca is True
392 assert ext.value.path_length is None
393
394 def test_ca_false(self, backend):
395 cert = _load_cert(
396 os.path.join("x509", "cryptography.io.pem"),
397 x509.load_pem_x509_certificate,
398 backend
399 )
400 ext = cert.extensions.get_extension_for_oid(
401 x509.OID_BASIC_CONSTRAINTS
402 )
403 assert ext is not None
404 assert ext.critical is True
405 assert ext.value.ca is False
406 assert ext.value.path_length is None
407
408 def test_no_basic_constraints(self, backend):
409 cert = _load_cert(
410 os.path.join(
411 "x509",
412 "PKITS_data",
413 "certs",
414 "ValidCertificatePathTest1EE.crt"
415 ),
416 x509.load_der_x509_certificate,
417 backend
418 )
419 with pytest.raises(x509.ExtensionNotFound):
420 cert.extensions.get_extension_for_oid(x509.OID_BASIC_CONSTRAINTS)
421
422 def test_basic_constraint_not_critical(self, backend):
423 cert = _load_cert(
424 os.path.join(
425 "x509", "custom", "basic_constraints_not_critical.pem"
426 ),
427 x509.load_pem_x509_certificate,
428 backend
429 )
430 ext = cert.extensions.get_extension_for_oid(
431 x509.OID_BASIC_CONSTRAINTS
432 )
433 assert ext is not None
434 assert ext.critical is False
435 assert ext.value.ca is False
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]436
437
438@pytest.mark.requires_backend_interface(interface=RSABackend)
439@pytest.mark.requires_backend_interface(interface=X509Backend)
440class TestSubjectKeyIdentifierExtension(object):
441 def test_subject_key_identifier(self, backend):
442 cert = _load_cert(
443 os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"),
444 x509.load_der_x509_certificate,
445 backend
446 )
447 ext = cert.extensions.get_extension_for_oid(
448 x509.OID_SUBJECT_KEY_IDENTIFIER
449 )
450 ski = ext.value
451 assert ext is not None
452 assert ext.critical is False
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]453 assert ski.digest == binascii.unhexlify(
Paul Kehreree997262015-04-04 12:20:28 -0500[diff] [blame]454 b"580184241bbc2b52944a3da510721451f5af3ac9"
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]455 )
456
457 def test_no_subject_key_identifier(self, backend):
458 cert = _load_cert(
459 os.path.join("x509", "custom", "bc_path_length_zero.pem"),
460 x509.load_pem_x509_certificate,
461 backend
462 )
463 with pytest.raises(x509.ExtensionNotFound):
464 cert.extensions.get_extension_for_oid(
465 x509.OID_SUBJECT_KEY_IDENTIFIER
466 )
Paul Kehrer5508ee22015-04-02 19:31:03 -0500[diff] [blame]467
468
469@pytest.mark.requires_backend_interface(interface=RSABackend)
470@pytest.mark.requires_backend_interface(interface=X509Backend)
471class TestKeyUsageExtension(object):
472 def test_no_key_usage(self, backend):
473 cert = _load_cert(
474 os.path.join("x509", "verisign_md2_root.pem"),
475 x509.load_pem_x509_certificate,
476 backend
477 )
478 ext = cert.extensions
479 with pytest.raises(x509.ExtensionNotFound) as exc:
480 ext.get_extension_for_oid(x509.OID_KEY_USAGE)
481
482 assert exc.value.oid == x509.OID_KEY_USAGE
483
484 def test_all_purposes(self, backend):
485 cert = _load_cert(
486 os.path.join(
487 "x509", "custom", "all_key_usages.pem"
488 ),
489 x509.load_pem_x509_certificate,
490 backend
491 )
492 extensions = cert.extensions
493 ext = extensions.get_extension_for_oid(x509.OID_KEY_USAGE)
494 assert ext is not None
495
496 ku = ext.value
497 assert ku.digital_signature is True
498 assert ku.content_commitment is True
499 assert ku.key_encipherment is True
500 assert ku.data_encipherment is True
501 assert ku.key_agreement is True
502 assert ku.key_cert_sign is True
503 assert ku.crl_sign is True
504 assert ku.encipher_only is True
505 assert ku.decipher_only is True
506
507 def test_key_cert_sign_crl_sign(self, backend):
508 cert = _load_cert(
509 os.path.join(
510 "x509", "PKITS_data", "certs", "pathLenConstraint6CACert.crt"
511 ),
512 x509.load_der_x509_certificate,
513 backend
514 )
515 ext = cert.extensions.get_extension_for_oid(x509.OID_KEY_USAGE)
516 assert ext is not None
517 assert ext.critical is True
518
519 ku = ext.value
520 assert ku.digital_signature is False
521 assert ku.content_commitment is False
522 assert ku.key_encipherment is False
523 assert ku.data_encipherment is False
524 assert ku.key_agreement is False
525 assert ku.key_cert_sign is True
526 assert ku.crl_sign is True
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]527
528
529@pytest.mark.parametrize(
530 "name", [
531 x509.RFC822Name,
532 x509.DNSName,
533 x509.UniformResourceIdentifier
534 ]
535)
536class TestTextGeneralNames(object):
537 def test_not_text(self, name):
538 with pytest.raises(TypeError):
539 name(b"notaunicodestring")
540
541 with pytest.raises(TypeError):
542 name(1.3)
543
544 def test_repr(self, name):
545 gn = name(six.u("string"))
546 assert repr(gn) == "<{0}(value=string)>".format(name.__name__)
547
548 def test_eq(self, name):
549 gn = name(six.u("string"))
550 gn2 = name(six.u("string"))
551 assert gn == gn2
552
553 def test_ne(self, name):
554 gn = name(six.u("string"))
555 gn2 = name(six.u("string2"))
556 assert gn != gn2
557 assert gn != object()
558
559
560class TestDirectoryName(object):
561 def test_not_name(self):
562 with pytest.raises(TypeError):
563 x509.DirectoryName(b"notaname")
564
565 with pytest.raises(TypeError):
566 x509.DirectoryName(1.3)
567
568 def test_repr(self):
569 name = x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, 'value1')])
570 gn = x509.DirectoryName(x509.Name([name]))
571 assert repr(gn) == (
572 "<DirectoryName(value=<Name([<Name([<NameAttribute(oid=<ObjectIden"
573 "tifier(oid=2.5.4.3, name=commonName)>, value='value1')>])>])>)>"
574 )
575
576 def test_eq(self):
577 name = x509.Name([
578 x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value1')
579 ])
580 name2 = x509.Name([
581 x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value1')
582 ])
583 gn = x509.DirectoryName(x509.Name([name]))
584 gn2 = x509.DirectoryName(x509.Name([name2]))
585 assert gn == gn2
586
587 def test_ne(self):
588 name = x509.Name([
589 x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value1')
590 ])
591 name2 = x509.Name([
592 x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value2')
593 ])
594 gn = x509.DirectoryName(x509.Name([name]))
595 gn2 = x509.DirectoryName(x509.Name([name2]))
596 assert gn != gn2
597 assert gn != object()
598
599
600class TestRegisteredID(object):
601 def test_not_oid(self):
602 with pytest.raises(TypeError):
603 x509.RegisteredID(b"notanoid")
604
605 with pytest.raises(TypeError):
606 x509.RegisteredID(1.3)
607
608 def test_repr(self):
609 gn = x509.RegisteredID(x509.OID_COMMON_NAME)
610 assert repr(gn) == (
611 "<RegisteredID(value=<ObjectIdentifier(oid=2.5.4.3, name=commonNam"
612 "e)>)>"
613 )
614
615 def test_eq(self):
616 gn = x509.RegisteredID(x509.OID_COMMON_NAME)
617 gn2 = x509.RegisteredID(x509.OID_COMMON_NAME)
618 assert gn == gn2
619
620 def test_ne(self):
621 gn = x509.RegisteredID(x509.OID_COMMON_NAME)
622 gn2 = x509.RegisteredID(x509.OID_BASIC_CONSTRAINTS)
623 assert gn != gn2
624 assert gn != object()
625
626
627class TestIPAddress(object):
628 def test_not_ipaddress(self):
629 with pytest.raises(TypeError):
630 x509.IPAddress(b"notanipaddress")
631
632 with pytest.raises(TypeError):
633 x509.IPAddress(1.3)
634
635 def test_repr(self):
636 gn = x509.IPAddress(ipaddress.IPv4Address(six.u("127.0.0.1")))
637 assert repr(gn) == "<IPAddress(value=127.0.0.1)>"
638
639 gn2 = x509.IPAddress(ipaddress.IPv6Address(six.u("ff::")))
640 assert repr(gn2) == "<IPAddress(value=ff::)>"
641
642 def test_eq(self):
643 gn = x509.IPAddress(ipaddress.IPv4Address(six.u("127.0.0.1")))
644 gn2 = x509.IPAddress(ipaddress.IPv4Address(six.u("127.0.0.1")))
645 assert gn == gn2
646
647 def test_ne(self):
648 gn = x509.IPAddress(ipaddress.IPv4Address(six.u("127.0.0.1")))
649 gn2 = x509.IPAddress(ipaddress.IPv4Address(six.u("127.0.0.2")))
650 assert gn != gn2
651 assert gn != object()
652
653
654class TestSubjectAlternativeName(object):
655 def test_get_values_for_type(self):
656 san = x509.SubjectAlternativeName(
657 [x509.DNSName(six.u("cryptography.io"))]
658 )
659 names = san.get_values_for_type(x509.DNSName)
660 assert names == [six.u("cryptography.io")]
661
662 def test_iter_names(self):
663 san = x509.SubjectAlternativeName([
664 x509.DNSName(six.u("cryptography.io")),
665 x509.DNSName(six.u("crypto.local")),
666 ])
667 assert len(san) == 2
668 assert list(san) == [
669 x509.DNSName(six.u("cryptography.io")),
670 x509.DNSName(six.u("crypto.local")),
671 ]
672
673 def test_repr(self):
674 san = x509.SubjectAlternativeName(
675 [
676 x509.DNSName(six.u("cryptography.io"))
677 ]
678 )
679 assert repr(san) == (
680 "<SubjectAlternativeName([<DNSName(value=cryptography.io)>])>"
681 )