Blame - tests/test_x509_ext.py - platform/external/python/cryptography

blob: 281beeb1ec14a8e3ae611aa0cd6ee5cc52f5b757 [file] [log] [blame]

Paul Kehrer	8cf2642	2015-03-21 09:50:24 -0500	[diff] [blame]	1	# This file is dual licensed under the terms of the Apache License, Version
				2	# 2.0, and the BSD License. See the LICENSE file in the root of this repository
				3	# for complete details.
				4
				5	from __future__ import absolute_import, division, print_function
				6
Paul Kehrer	1eb82a6	2015-03-31 20:00:33 -0500	[diff] [blame]	7	import binascii
Paul Kehrer	31bdf79	2015-03-25 14:11:00 -0500	[diff] [blame]	8	import ipaddress
Paul Kehrer	fbb7ac8	2015-03-16 19:26:29 -0500	[diff] [blame]	9	import os
				10
Paul Kehrer	8cf2642	2015-03-21 09:50:24 -0500	[diff] [blame]	11	import pytest
				12
Paul Kehrer	cbfb101	2015-04-10 20:57:20 -0400	[diff] [blame]	13	import six
				14
Paul Kehrer	8cf2642	2015-03-21 09:50:24 -0500	[diff] [blame]	15	from cryptography import x509
Paul Kehrer	fbb7ac8	2015-03-16 19:26:29 -0500	[diff] [blame]	16	from cryptography.hazmat.backends.interfaces import RSABackend, X509Backend
				17
				18	from .test_x509 import _load_cert
Paul Kehrer	8cf2642	2015-03-21 09:50:24 -0500	[diff] [blame]	19
				20
Paul Kehrer	8589466	2015-03-22 13:19:31 -0500	[diff] [blame]	21	class TestExtension(object):
				22	def test_not_an_oid(self):
Paul Kehrer	a5c6e9a	2015-03-23 19:23:43 -0500	[diff] [blame]	23	bc = x509.BasicConstraints(ca=False, path_length=None)
Paul Kehrer	8589466	2015-03-22 13:19:31 -0500	[diff] [blame]	24	with pytest.raises(TypeError):
				25	x509.Extension("notanoid", True, bc)
				26
				27	def test_critical_not_a_bool(self):
Paul Kehrer	a5c6e9a	2015-03-23 19:23:43 -0500	[diff] [blame]	28	bc = x509.BasicConstraints(ca=False, path_length=None)
Paul Kehrer	8589466	2015-03-22 13:19:31 -0500	[diff] [blame]	29	with pytest.raises(TypeError):
				30	x509.Extension(x509.OID_BASIC_CONSTRAINTS, "notabool", bc)
				31
				32	def test_repr(self):
Paul Kehrer	a5c6e9a	2015-03-23 19:23:43 -0500	[diff] [blame]	33	bc = x509.BasicConstraints(ca=False, path_length=None)
Paul Kehrer	8589466	2015-03-22 13:19:31 -0500	[diff] [blame]	34	ext = x509.Extension(x509.OID_BASIC_CONSTRAINTS, True, bc)
				35	assert repr(ext) == (
				36	"<Extension(oid=<ObjectIdentifier(oid=2.5.29.19, name=basicConst"
				37	"raints)>, critical=True, value=<BasicConstraints(ca=False, path"
				38	"_length=None)>)>"
				39	)
				40
				41
Paul Kehrer	2b62258	2015-04-15 11:04:29 -0400	[diff] [blame]	42	class TestNoticeReference(object):
				43	def test_notice_numbers_not_all_int(self):
				44	with pytest.raises(TypeError):
				45	x509.NoticeReference("org", [1, 2, "three"])
				46
				47	def test_notice_numbers_none(self):
Paul Kehrer	6e198b0	2015-05-12 15:53:38 -0500	[diff] [blame]	48	with pytest.raises(TypeError):
				49	x509.NoticeReference("org", None)
Paul Kehrer	2b62258	2015-04-15 11:04:29 -0400	[diff] [blame]	50
				51	def test_repr(self):
Paul Kehrer	73be2ca	2015-05-11 21:22:38 -0500	[diff] [blame]	52	nr = x509.NoticeReference(u"org", [1, 3, 4])
Paul Kehrer	2b62258	2015-04-15 11:04:29 -0400	[diff] [blame]	53
Paul Kehrer	73be2ca	2015-05-11 21:22:38 -0500	[diff] [blame]	54	if six.PY3:
				55	assert repr(nr) == (
				56	"<NoticeReference(organization='org', notice_numbers=[1, 3, 4"
				57	"])>"
				58	)
				59	else:
				60	assert repr(nr) == (
				61	"<NoticeReference(organization=u'org', notice_numbers=[1, 3, "
				62	"4])>"
				63	)
Paul Kehrer	2b62258	2015-04-15 11:04:29 -0400	[diff] [blame]	64
Paul Kehrer	c56ab62	2015-05-03 09:56:31 -0500	[diff] [blame]	65	def test_eq(self):
				66	nr = x509.NoticeReference("org", [1, 2])
				67	nr2 = x509.NoticeReference("org", [1, 2])
				68	assert nr == nr2
				69
				70	def test_ne(self):
				71	nr = x509.NoticeReference("org", [1, 2])
				72	nr2 = x509.NoticeReference("org", [1])
				73	nr3 = x509.NoticeReference(None, [1, 2])
				74	assert nr != nr2
				75	assert nr != nr3
				76	assert nr != object()
				77
Paul Kehrer	2b62258	2015-04-15 11:04:29 -0400	[diff] [blame]	78
				79	class TestUserNotice(object):
				80	def test_notice_reference_invalid(self):
				81	with pytest.raises(TypeError):
				82	x509.UserNotice("invalid", None)
				83
				84	def test_notice_reference_none(self):
				85	un = x509.UserNotice(None, "text")
				86	assert un.notice_reference is None
				87	assert un.explicit_text == "text"
				88
				89	def test_repr(self):
Paul Kehrer	6e198b0	2015-05-12 15:53:38 -0500	[diff] [blame]	90	un = x509.UserNotice(x509.NoticeReference(u"org", [1]), u"text")
Paul Kehrer	73be2ca	2015-05-11 21:22:38 -0500	[diff] [blame]	91	if six.PY3:
				92	assert repr(un) == (
				93	"<UserNotice(notice_reference=<NoticeReference(organization='"
Paul Kehrer	6e198b0	2015-05-12 15:53:38 -0500	[diff] [blame]	94	"org', notice_numbers=[1])>, explicit_text='text')>"
Paul Kehrer	73be2ca	2015-05-11 21:22:38 -0500	[diff] [blame]	95	)
				96	else:
				97	assert repr(un) == (
				98	"<UserNotice(notice_reference=<NoticeReference(organization=u"
Paul Kehrer	6e198b0	2015-05-12 15:53:38 -0500	[diff] [blame]	99	"'org', notice_numbers=[1])>, explicit_text=u'text')>"
Paul Kehrer	73be2ca	2015-05-11 21:22:38 -0500	[diff] [blame]	100	)
Paul Kehrer	2b62258	2015-04-15 11:04:29 -0400	[diff] [blame]	101
Paul Kehrer	c56ab62	2015-05-03 09:56:31 -0500	[diff] [blame]	102	def test_eq(self):
				103	nr = x509.NoticeReference("org", [1, 2])
				104	nr2 = x509.NoticeReference("org", [1, 2])
				105	un = x509.UserNotice(nr, "text")
				106	un2 = x509.UserNotice(nr2, "text")
				107	assert un == un2
				108
				109	def test_ne(self):
				110	nr = x509.NoticeReference("org", [1, 2])
				111	nr2 = x509.NoticeReference("org", [1])
				112	un = x509.UserNotice(nr, "text")
				113	un2 = x509.UserNotice(nr2, "text")
				114	un3 = x509.UserNotice(nr, "text3")
				115	assert un != un2
				116	assert un != un3
				117	assert un != object()
				118
Paul Kehrer	2b62258	2015-04-15 11:04:29 -0400	[diff] [blame]	119
Paul Kehrer	2b62258	2015-04-15 11:04:29 -0400	[diff] [blame]	120	class TestPolicyInformation(object):
				121	def test_invalid_policy_identifier(self):
				122	with pytest.raises(TypeError):
				123	x509.PolicyInformation("notanoid", None)
				124
				125	def test_none_policy_qualifiers(self):
				126	pi = x509.PolicyInformation(x509.ObjectIdentifier("1.2.3"), None)
				127	assert pi.policy_identifier == x509.ObjectIdentifier("1.2.3")
				128	assert pi.policy_qualifiers is None
				129
				130	def test_policy_qualifiers(self):
Paul Kehrer	ba35b3b	2015-05-10 13:07:59 -0500	[diff] [blame]	131	pq = [u"string"]
Paul Kehrer	2b62258	2015-04-15 11:04:29 -0400	[diff] [blame]	132	pi = x509.PolicyInformation(x509.ObjectIdentifier("1.2.3"), pq)
				133	assert pi.policy_identifier == x509.ObjectIdentifier("1.2.3")
				134	assert pi.policy_qualifiers == pq
				135
				136	def test_invalid_policy_identifiers(self):
				137	with pytest.raises(TypeError):
				138	x509.PolicyInformation(x509.ObjectIdentifier("1.2.3"), [1, 2])
				139
				140	def test_repr(self):
Paul Kehrer	73be2ca	2015-05-11 21:22:38 -0500	[diff] [blame]	141	pq = [u"string", x509.UserNotice(None, u"hi")]
Paul Kehrer	2b62258	2015-04-15 11:04:29 -0400	[diff] [blame]	142	pi = x509.PolicyInformation(x509.ObjectIdentifier("1.2.3"), pq)
Paul Kehrer	ba35b3b	2015-05-10 13:07:59 -0500	[diff] [blame]	143	if six.PY3:
				144	assert repr(pi) == (
				145	"<PolicyInformation(policy_identifier=<ObjectIdentifier(oid=1."
				146	"2.3, name=Unknown OID)>, policy_qualifiers=['string', <UserNo"
Paul Kehrer	9aaef9e	2015-05-11 10:49:20 -0500	[diff] [blame]	147	"tice(notice_reference=None, explicit_text='hi')>])>"
Paul Kehrer	ba35b3b	2015-05-10 13:07:59 -0500	[diff] [blame]	148	)
				149	else:
				150	assert repr(pi) == (
				151	"<PolicyInformation(policy_identifier=<ObjectIdentifier(oid=1."
				152	"2.3, name=Unknown OID)>, policy_qualifiers=[u'string', <UserN"
Paul Kehrer	73be2ca	2015-05-11 21:22:38 -0500	[diff] [blame]	153	"otice(notice_reference=None, explicit_text=u'hi')>])>"
Paul Kehrer	ba35b3b	2015-05-10 13:07:59 -0500	[diff] [blame]	154	)
Paul Kehrer	2b62258	2015-04-15 11:04:29 -0400	[diff] [blame]	155
Paul Kehrer	c56ab62	2015-05-03 09:56:31 -0500	[diff] [blame]	156	def test_eq(self):
				157	pi = x509.PolicyInformation(
				158	x509.ObjectIdentifier("1.2.3"),
				159	[u"string", x509.UserNotice(None, u"hi")]
				160	)
				161	pi2 = x509.PolicyInformation(
				162	x509.ObjectIdentifier("1.2.3"),
				163	[u"string", x509.UserNotice(None, u"hi")]
				164	)
				165	assert pi == pi2
				166
				167	def test_ne(self):
				168	pi = x509.PolicyInformation(
				169	x509.ObjectIdentifier("1.2.3"), [u"string"]
				170	)
				171	pi2 = x509.PolicyInformation(
				172	x509.ObjectIdentifier("1.2.3"), [u"string2"]
				173	)
				174	pi3 = x509.PolicyInformation(
				175	x509.ObjectIdentifier("1.2.3.4"), [u"string"]
				176	)
				177	assert pi != pi2
				178	assert pi != pi3
				179	assert pi != object()
				180
Paul Kehrer	2b62258	2015-04-15 11:04:29 -0400	[diff] [blame]	181
				182	class TestCertificatePolicies(object):
				183	def test_invalid_policies(self):
Paul Kehrer	ba35b3b	2015-05-10 13:07:59 -0500	[diff] [blame]	184	pq = [u"string"]
Paul Kehrer	2b62258	2015-04-15 11:04:29 -0400	[diff] [blame]	185	pi = x509.PolicyInformation(x509.ObjectIdentifier("1.2.3"), pq)
				186	with pytest.raises(TypeError):
				187	x509.CertificatePolicies([1, pi])
				188
				189	def test_iter_len(self):
Paul Kehrer	ba35b3b	2015-05-10 13:07:59 -0500	[diff] [blame]	190	pq = [u"string"]
Paul Kehrer	2b62258	2015-04-15 11:04:29 -0400	[diff] [blame]	191	pi = x509.PolicyInformation(x509.ObjectIdentifier("1.2.3"), pq)
				192	cp = x509.CertificatePolicies([pi])
				193	assert len(cp) == 1
				194	for policyinfo in cp:
				195	assert policyinfo == pi
				196
				197	def test_repr(self):
Paul Kehrer	ba35b3b	2015-05-10 13:07:59 -0500	[diff] [blame]	198	pq = [u"string"]
Paul Kehrer	2b62258	2015-04-15 11:04:29 -0400	[diff] [blame]	199	pi = x509.PolicyInformation(x509.ObjectIdentifier("1.2.3"), pq)
				200	cp = x509.CertificatePolicies([pi])
Paul Kehrer	ba35b3b	2015-05-10 13:07:59 -0500	[diff] [blame]	201	if six.PY3:
				202	assert repr(cp) == (
				203	"<CertificatePolicies([<PolicyInformation(policy_identifier=<O"
				204	"bjectIdentifier(oid=1.2.3, name=Unknown OID)>, policy_qualifi"
				205	"ers=['string'])>])>"
				206	)
				207	else:
				208	assert repr(cp) == (
				209	"<CertificatePolicies([<PolicyInformation(policy_identifier=<O"
				210	"bjectIdentifier(oid=1.2.3, name=Unknown OID)>, policy_qualifi"
				211	"ers=[u'string'])>])>"
				212	)
Paul Kehrer	2b62258	2015-04-15 11:04:29 -0400	[diff] [blame]	213
Paul Kehrer	c56ab62	2015-05-03 09:56:31 -0500	[diff] [blame]	214	def test_eq(self):
				215	pi = x509.PolicyInformation(
				216	x509.ObjectIdentifier("1.2.3"), [u"string"]
				217	)
				218	cp = x509.CertificatePolicies([pi])
				219	pi2 = x509.PolicyInformation(
				220	x509.ObjectIdentifier("1.2.3"), [u"string"]
				221	)
				222	cp2 = x509.CertificatePolicies([pi2])
				223	assert cp == cp2
				224
				225	def test_ne(self):
				226	pi = x509.PolicyInformation(
				227	x509.ObjectIdentifier("1.2.3"), [u"string"]
				228	)
				229	cp = x509.CertificatePolicies([pi])
				230	pi2 = x509.PolicyInformation(
				231	x509.ObjectIdentifier("1.2.3"), [u"string2"]
				232	)
				233	cp2 = x509.CertificatePolicies([pi2])
				234	assert cp != cp2
				235	assert cp != object()
				236
Paul Kehrer	2b62258	2015-04-15 11:04:29 -0400	[diff] [blame]	237
Paul Kehrer	11026fe	2015-05-12 11:23:56 -0500	[diff] [blame]	238	@pytest.mark.requires_backend_interface(interface=RSABackend)
				239	@pytest.mark.requires_backend_interface(interface=X509Backend)
				240	class TestCertificatePoliciesExtension(object):
				241	def test_cps_uri_policy_qualifier(self, backend):
				242	cert = _load_cert(
				243	os.path.join("x509", "custom", "cp_cps_uri.pem"),
				244	x509.load_pem_x509_certificate,
				245	backend
				246	)
				247
				248	cp = cert.extensions.get_extension_for_oid(
				249	x509.OID_CERTIFICATE_POLICIES
				250	).value
				251
				252	assert cp == x509.CertificatePolicies([
				253	x509.PolicyInformation(
				254	x509.ObjectIdentifier("2.16.840.1.12345.1.2.3.4.1"),
				255	[u"http://other.com/cps"]
				256	)
				257	])
				258
				259	def test_user_notice_with_notice_reference(self, backend):
				260	cert = _load_cert(
				261	os.path.join(
				262	"x509", "custom", "cp_user_notice_with_notice_reference.pem"
				263	),
				264	x509.load_pem_x509_certificate,
				265	backend
				266	)
				267
				268	cp = cert.extensions.get_extension_for_oid(
				269	x509.OID_CERTIFICATE_POLICIES
				270	).value
				271
				272	assert cp == x509.CertificatePolicies([
				273	x509.PolicyInformation(
				274	x509.ObjectIdentifier("2.16.840.1.12345.1.2.3.4.1"),
				275	[
				276	u"http://example.com/cps",
				277	u"http://other.com/cps",
				278	x509.UserNotice(
				279	x509.NoticeReference(u"my org", [1, 2, 3, 4]),
				280	u"thing"
				281	)
				282	]
				283	)
				284	])
				285
				286	def test_user_notice_with_explicit_text(self, backend):
				287	cert = _load_cert(
				288	os.path.join(
				289	"x509", "custom", "cp_user_notice_with_explicit_text.pem"
				290	),
				291	x509.load_pem_x509_certificate,
				292	backend
				293	)
				294
				295	cp = cert.extensions.get_extension_for_oid(
				296	x509.OID_CERTIFICATE_POLICIES
				297	).value
				298
				299	assert cp == x509.CertificatePolicies([
				300	x509.PolicyInformation(
				301	x509.ObjectIdentifier("2.16.840.1.12345.1.2.3.4.1"),
				302	[x509.UserNotice(None, u"thing")]
				303	)
				304	])
				305
				306	def test_user_notice_no_explicit_text(self, backend):
				307	cert = _load_cert(
				308	os.path.join(
				309	"x509", "custom", "cp_user_notice_no_explicit_text.pem"
				310	),
				311	x509.load_pem_x509_certificate,
				312	backend
				313	)
				314
				315	cp = cert.extensions.get_extension_for_oid(
				316	x509.OID_CERTIFICATE_POLICIES
				317	).value
				318
				319	assert cp == x509.CertificatePolicies([
				320	x509.PolicyInformation(
				321	x509.ObjectIdentifier("2.16.840.1.12345.1.2.3.4.1"),
				322	[
				323	x509.UserNotice(
				324	x509.NoticeReference(u"my org", [1, 2, 3, 4]),
				325	None
				326	)
				327	]
				328	)
				329	])
				330
				331
Paul Kehrer	cecbbba	2015-03-30 14:58:38 -0500	[diff] [blame]	332	class TestKeyUsage(object):
				333	def test_key_agreement_false_encipher_decipher_true(self):
				334	with pytest.raises(ValueError):
				335	x509.KeyUsage(
				336	digital_signature=False,
				337	content_commitment=False,
				338	key_encipherment=False,
				339	data_encipherment=False,
				340	key_agreement=False,
				341	key_cert_sign=False,
				342	crl_sign=False,
				343	encipher_only=True,
				344	decipher_only=False
				345	)
				346
				347	with pytest.raises(ValueError):
				348	x509.KeyUsage(
				349	digital_signature=False,
				350	content_commitment=False,
				351	key_encipherment=False,
				352	data_encipherment=False,
				353	key_agreement=False,
				354	key_cert_sign=False,
				355	crl_sign=False,
				356	encipher_only=True,
				357	decipher_only=True
				358	)
				359
				360	with pytest.raises(ValueError):
				361	x509.KeyUsage(
				362	digital_signature=False,
				363	content_commitment=False,
				364	key_encipherment=False,
				365	data_encipherment=False,
				366	key_agreement=False,
				367	key_cert_sign=False,
				368	crl_sign=False,
				369	encipher_only=False,
				370	decipher_only=True
				371	)
				372
				373	def test_properties_key_agreement_true(self):
				374	ku = x509.KeyUsage(
				375	digital_signature=True,
				376	content_commitment=True,
				377	key_encipherment=False,
				378	data_encipherment=False,
				379	key_agreement=False,
				380	key_cert_sign=True,
				381	crl_sign=False,
				382	encipher_only=False,
				383	decipher_only=False
				384	)
				385	assert ku.digital_signature is True
				386	assert ku.content_commitment is True
				387	assert ku.key_encipherment is False
				388	assert ku.data_encipherment is False
				389	assert ku.key_agreement is False
				390	assert ku.key_cert_sign is True
				391	assert ku.crl_sign is False
				392
				393	def test_key_agreement_true_properties(self):
				394	ku = x509.KeyUsage(
				395	digital_signature=False,
				396	content_commitment=False,
				397	key_encipherment=False,
				398	data_encipherment=False,
				399	key_agreement=True,
				400	key_cert_sign=False,
				401	crl_sign=False,
				402	encipher_only=False,
				403	decipher_only=True
				404	)
				405	assert ku.key_agreement is True
				406	assert ku.encipher_only is False
				407	assert ku.decipher_only is True
				408
				409	def test_key_agreement_false_properties(self):
				410	ku = x509.KeyUsage(
				411	digital_signature=False,
				412	content_commitment=False,
				413	key_encipherment=False,
				414	data_encipherment=False,
				415	key_agreement=False,
				416	key_cert_sign=False,
				417	crl_sign=False,
				418	encipher_only=False,
				419	decipher_only=False
				420	)
				421	assert ku.key_agreement is False
				422	with pytest.raises(ValueError):
				423	ku.encipher_only
				424
				425	with pytest.raises(ValueError):
				426	ku.decipher_only
				427
Paul Kehrer	ac3e5bb	2015-04-02 23:07:10 -0500	[diff] [blame]	428	def test_repr_key_agreement_false(self):
				429	ku = x509.KeyUsage(
				430	digital_signature=True,
				431	content_commitment=True,
				432	key_encipherment=False,
				433	data_encipherment=False,
				434	key_agreement=False,
				435	key_cert_sign=True,
				436	crl_sign=False,
				437	encipher_only=False,
				438	decipher_only=False
				439	)
				440	assert repr(ku) == (
				441	"<KeyUsage(digital_signature=True, content_commitment=True, key_en"
				442	"cipherment=False, data_encipherment=False, key_agreement=False, k"
Paul Kehrer	b372e67	2015-04-15 11:05:24 -0400	[diff] [blame]	443	"ey_cert_sign=True, crl_sign=False, encipher_only=None, decipher_o"
				444	"nly=None)>"
Paul Kehrer	ac3e5bb	2015-04-02 23:07:10 -0500	[diff] [blame]	445	)
				446
				447	def test_repr_key_agreement_true(self):
				448	ku = x509.KeyUsage(
				449	digital_signature=True,
				450	content_commitment=True,
				451	key_encipherment=False,
				452	data_encipherment=False,
				453	key_agreement=True,
				454	key_cert_sign=True,
				455	crl_sign=False,
				456	encipher_only=False,
				457	decipher_only=False
				458	)
				459	assert repr(ku) == (
				460	"<KeyUsage(digital_signature=True, content_commitment=True, key_en"
				461	"cipherment=False, data_encipherment=False, key_agreement=True, k"
				462	"ey_cert_sign=True, crl_sign=False, encipher_only=False, decipher_"
				463	"only=False)>"
				464	)
				465
Paul Kehrer	cecbbba	2015-03-30 14:58:38 -0500	[diff] [blame]	466
Paul Kehrer	1eb82a6	2015-03-31 20:00:33 -0500	[diff] [blame]	467	class TestSubjectKeyIdentifier(object):
				468	def test_properties(self):
Paul Kehrer	cbfb101	2015-04-10 20:57:20 -0400	[diff] [blame]	469	value = binascii.unhexlify(b"092384932230498bc980aa8098456f6ff7ff3ac9")
Paul Kehrer	1eb82a6	2015-03-31 20:00:33 -0500	[diff] [blame]	470	ski = x509.SubjectKeyIdentifier(value)
				471	assert ski.digest == value
Paul Kehrer	1eb82a6	2015-03-31 20:00:33 -0500	[diff] [blame]	472
				473	def test_repr(self):
				474	ski = x509.SubjectKeyIdentifier(
Paul Kehrer	ee99726	2015-04-04 12:20:28 -0500	[diff] [blame]	475	binascii.unhexlify(b"092384932230498bc980aa8098456f6ff7ff3ac9")
Paul Kehrer	1eb82a6	2015-03-31 20:00:33 -0500	[diff] [blame]	476	)
				477	ext = x509.Extension(x509.OID_SUBJECT_KEY_IDENTIFIER, False, ski)
Paul Kehrer	cbfb101	2015-04-10 20:57:20 -0400	[diff] [blame]	478	if six.PY3:
				479	assert repr(ext) == (
				480	"<Extension(oid=<ObjectIdentifier(oid=2.5.29.14, name=subjectK"
				481	"eyIdentifier)>, critical=False, value=<SubjectKeyIdentifier(d"
				482	"igest=b\'\\t#\\x84\\x93\"0I\\x8b\\xc9\\x80\\xaa\\x80\\x98Eoo"
				483	"\\xf7\\xff:\\xc9\')>)>"
				484	)
				485	else:
				486	assert repr(ext) == (
				487	"<Extension(oid=<ObjectIdentifier(oid=2.5.29.14, name=subjectK"
				488	"eyIdentifier)>, critical=False, value=<SubjectKeyIdentifier(d"
				489	"igest=\'\\t#\\x84\\x93\"0I\\x8b\\xc9\\x80\\xaa\\x80\\x98Eoo"
				490	"\\xf7\\xff:\\xc9\')>)>"
				491	)
Paul Kehrer	1eb82a6	2015-03-31 20:00:33 -0500	[diff] [blame]	492
				493	def test_eq(self):
				494	ski = x509.SubjectKeyIdentifier(
Paul Kehrer	ee99726	2015-04-04 12:20:28 -0500	[diff] [blame]	495	binascii.unhexlify(b"092384932230498bc980aa8098456f6ff7ff3ac9")
Paul Kehrer	1eb82a6	2015-03-31 20:00:33 -0500	[diff] [blame]	496	)
				497	ski2 = x509.SubjectKeyIdentifier(
Paul Kehrer	ee99726	2015-04-04 12:20:28 -0500	[diff] [blame]	498	binascii.unhexlify(b"092384932230498bc980aa8098456f6ff7ff3ac9")
Paul Kehrer	1eb82a6	2015-03-31 20:00:33 -0500	[diff] [blame]	499	)
				500	assert ski == ski2
				501
				502	def test_ne(self):
				503	ski = x509.SubjectKeyIdentifier(
Paul Kehrer	ee99726	2015-04-04 12:20:28 -0500	[diff] [blame]	504	binascii.unhexlify(b"092384932230498bc980aa8098456f6ff7ff3ac9")
Paul Kehrer	1eb82a6	2015-03-31 20:00:33 -0500	[diff] [blame]	505	)
				506	ski2 = x509.SubjectKeyIdentifier(
Paul Kehrer	ee99726	2015-04-04 12:20:28 -0500	[diff] [blame]	507	binascii.unhexlify(b"aa8098456f6ff7ff3ac9092384932230498bc980")
Paul Kehrer	1eb82a6	2015-03-31 20:00:33 -0500	[diff] [blame]	508	)
				509	assert ski != ski2
				510	assert ski != object()
				511
				512
Paul Kehrer	2eb4ed9	2015-04-11 15:33:45 -0400	[diff] [blame]	513	class TestAuthorityKeyIdentifier(object):
Paul Kehrer	c6e0f06	2015-05-03 11:04:34 -0500	[diff] [blame]	514	def test_authority_cert_issuer_not_generalname(self):
Paul Kehrer	2eb4ed9	2015-04-11 15:33:45 -0400	[diff] [blame]	515	with pytest.raises(TypeError):
Paul Kehrer	c6e0f06	2015-05-03 11:04:34 -0500	[diff] [blame]	516	x509.AuthorityKeyIdentifier(b"identifier", ["notname"], 3)
Paul Kehrer	2eb4ed9	2015-04-11 15:33:45 -0400	[diff] [blame]	517
				518	def test_authority_cert_serial_number_not_integer(self):
Paul Kehrer	c6e0f06	2015-05-03 11:04:34 -0500	[diff] [blame]	519	dirname = x509.DirectoryName(
				520	x509.Name([
				521	x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value1'),
				522	x509.NameAttribute(x509.ObjectIdentifier('oid2'), 'value2'),
				523	])
				524	)
Paul Kehrer	2eb4ed9	2015-04-11 15:33:45 -0400	[diff] [blame]	525	with pytest.raises(TypeError):
Paul Kehrer	c6e0f06	2015-05-03 11:04:34 -0500	[diff] [blame]	526	x509.AuthorityKeyIdentifier(b"identifier", [dirname], "notanint")
Paul Kehrer	2eb4ed9	2015-04-11 15:33:45 -0400	[diff] [blame]	527
				528	def test_authority_issuer_none_serial_not_none(self):
				529	with pytest.raises(ValueError):
				530	x509.AuthorityKeyIdentifier(b"identifier", None, 3)
				531
				532	def test_authority_issuer_not_none_serial_none(self):
Paul Kehrer	c6e0f06	2015-05-03 11:04:34 -0500	[diff] [blame]	533	dirname = x509.DirectoryName(
				534	x509.Name([
				535	x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value1'),
				536	x509.NameAttribute(x509.ObjectIdentifier('oid2'), 'value2'),
				537	])
				538	)
Paul Kehrer	2eb4ed9	2015-04-11 15:33:45 -0400	[diff] [blame]	539	with pytest.raises(ValueError):
Paul Kehrer	c6e0f06	2015-05-03 11:04:34 -0500	[diff] [blame]	540	x509.AuthorityKeyIdentifier(b"identifier", [dirname], None)
Paul Kehrer	2eb4ed9	2015-04-11 15:33:45 -0400	[diff] [blame]	541
				542	def test_authority_cert_serial_and_issuer_none(self):
				543	aki = x509.AuthorityKeyIdentifier(b"id", None, None)
				544	assert aki.key_identifier == b"id"
				545	assert aki.authority_cert_issuer is None
				546	assert aki.authority_cert_serial_number is None
				547
				548	def test_repr(self):
Paul Kehrer	c6e0f06	2015-05-03 11:04:34 -0500	[diff] [blame]	549	dirname = x509.DirectoryName(
				550	x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, 'myCN')])
				551	)
				552	aki = x509.AuthorityKeyIdentifier(b"digest", [dirname], 1234)
Paul Kehrer	2eb4ed9	2015-04-11 15:33:45 -0400	[diff] [blame]	553
				554	if six.PY3:
				555	assert repr(aki) == (
				556	"<AuthorityKeyIdentifier(key_identifier=b'digest', authority_"
Paul Kehrer	c6e0f06	2015-05-03 11:04:34 -0500	[diff] [blame]	557	"cert_issuer=[<DirectoryName(value=<Name([<NameAttribute(oid="
				558	"<ObjectIdentifier(oid=2.5.4.3, name=commonName)>, value='myC"
				559	"N')>])>)>], authority_cert_serial_number=1234)>"
Paul Kehrer	2eb4ed9	2015-04-11 15:33:45 -0400	[diff] [blame]	560	)
				561	else:
				562	assert repr(aki) == (
				563	"<AuthorityKeyIdentifier(key_identifier='digest', authority_ce"
Paul Kehrer	c6e0f06	2015-05-03 11:04:34 -0500	[diff] [blame]	564	"rt_issuer=[<DirectoryName(value=<Name([<NameAttribute(oid=<Ob"
				565	"jectIdentifier(oid=2.5.4.3, name=commonName)>, value='myCN')>"
				566	"])>)>], authority_cert_serial_number=1234)>"
Paul Kehrer	2eb4ed9	2015-04-11 15:33:45 -0400	[diff] [blame]	567	)
				568
Paul Kehrer	2ca2eb3	2015-05-03 10:04:57 -0500	[diff] [blame]	569	def test_eq(self):
				570	dirname = x509.DirectoryName(
				571	x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, 'myCN')])
				572	)
				573	aki = x509.AuthorityKeyIdentifier(b"digest", [dirname], 1234)
				574	dirname2 = x509.DirectoryName(
				575	x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, 'myCN')])
				576	)
				577	aki2 = x509.AuthorityKeyIdentifier(b"digest", [dirname2], 1234)
				578	assert aki == aki2
				579
				580	def test_ne(self):
				581	dirname = x509.DirectoryName(
				582	x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, 'myCN')])
				583	)
				584	dirname5 = x509.DirectoryName(
				585	x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, 'aCN')])
				586	)
				587	aki = x509.AuthorityKeyIdentifier(b"digest", [dirname], 1234)
				588	aki2 = x509.AuthorityKeyIdentifier(b"diges", [dirname], 1234)
				589	aki3 = x509.AuthorityKeyIdentifier(b"digest", None, None)
				590	aki4 = x509.AuthorityKeyIdentifier(b"digest", [dirname], 12345)
				591	aki5 = x509.AuthorityKeyIdentifier(b"digest", [dirname5], 12345)
				592	assert aki != aki2
				593	assert aki != aki3
				594	assert aki != aki4
				595	assert aki != aki5
				596	assert aki != object()
				597
Paul Kehrer	2eb4ed9	2015-04-11 15:33:45 -0400	[diff] [blame]	598
Paul Kehrer	8cf2642	2015-03-21 09:50:24 -0500	[diff] [blame]	599	class TestBasicConstraints(object):
				600	def test_ca_not_boolean(self):
				601	with pytest.raises(TypeError):
Paul Kehrer	a5c6e9a	2015-03-23 19:23:43 -0500	[diff] [blame]	602	x509.BasicConstraints(ca="notbool", path_length=None)
Paul Kehrer	8cf2642	2015-03-21 09:50:24 -0500	[diff] [blame]	603
				604	def test_path_length_not_ca(self):
				605	with pytest.raises(ValueError):
Paul Kehrer	a5c6e9a	2015-03-23 19:23:43 -0500	[diff] [blame]	606	x509.BasicConstraints(ca=False, path_length=0)
Paul Kehrer	8cf2642	2015-03-21 09:50:24 -0500	[diff] [blame]	607
				608	def test_path_length_not_int(self):
				609	with pytest.raises(TypeError):
Paul Kehrer	a5c6e9a	2015-03-23 19:23:43 -0500	[diff] [blame]	610	x509.BasicConstraints(ca=True, path_length=1.1)
Paul Kehrer	8cf2642	2015-03-21 09:50:24 -0500	[diff] [blame]	611
				612	with pytest.raises(TypeError):
Paul Kehrer	a5c6e9a	2015-03-23 19:23:43 -0500	[diff] [blame]	613	x509.BasicConstraints(ca=True, path_length="notint")
Paul Kehrer	8cf2642	2015-03-21 09:50:24 -0500	[diff] [blame]	614
				615	def test_path_length_negative(self):
				616	with pytest.raises(TypeError):
Paul Kehrer	a5c6e9a	2015-03-23 19:23:43 -0500	[diff] [blame]	617	x509.BasicConstraints(ca=True, path_length=-1)
Paul Kehrer	8cf2642	2015-03-21 09:50:24 -0500	[diff] [blame]	618
				619	def test_repr(self):
Paul Kehrer	a5c6e9a	2015-03-23 19:23:43 -0500	[diff] [blame]	620	na = x509.BasicConstraints(ca=True, path_length=None)
Paul Kehrer	8cf2642	2015-03-21 09:50:24 -0500	[diff] [blame]	621	assert repr(na) == (
Paul Kehrer	8589466	2015-03-22 13:19:31 -0500	[diff] [blame]	622	"<BasicConstraints(ca=True, path_length=None)>"
Paul Kehrer	8cf2642	2015-03-21 09:50:24 -0500	[diff] [blame]	623	)
Paul Kehrer	fbb7ac8	2015-03-16 19:26:29 -0500	[diff] [blame]	624
Paul Kehrer	3a69b13	2015-05-13 10:03:46 -0500	[diff] [blame^]	625	def test_eq(self):
				626	na = x509.BasicConstraints(ca=True, path_length=None)
				627	na2 = x509.BasicConstraints(ca=True, path_length=None)
				628	assert na == na2
				629
				630	def test_ne(self):
				631	na = x509.BasicConstraints(ca=True, path_length=None)
				632	na2 = x509.BasicConstraints(ca=True, path_length=1)
				633	na3 = x509.BasicConstraints(ca=False, path_length=None)
				634	assert na != na2
				635	assert na != na3
				636	assert na != object()
				637
Paul Kehrer	fbb7ac8	2015-03-16 19:26:29 -0500	[diff] [blame]	638
Paul Kehrer	ffa2a15	2015-03-31 08:18:25 -0500	[diff] [blame]	639	class TestExtendedKeyUsage(object):
				640	def test_not_all_oids(self):
				641	with pytest.raises(TypeError):
				642	x509.ExtendedKeyUsage(["notoid"])
				643
				644	def test_iter_len(self):
				645	eku = x509.ExtendedKeyUsage([
				646	x509.ObjectIdentifier("1.3.6.1.5.5.7.3.1"),
				647	x509.ObjectIdentifier("1.3.6.1.5.5.7.3.2"),
				648	])
				649	assert len(eku) == 2
				650	assert list(eku) == [
				651	x509.OID_SERVER_AUTH,
				652	x509.OID_CLIENT_AUTH
				653	]
				654
Paul Kehrer	23d10c3	2015-04-02 23:12:32 -0500	[diff] [blame]	655	def test_repr(self):
				656	eku = x509.ExtendedKeyUsage([
				657	x509.ObjectIdentifier("1.3.6.1.5.5.7.3.1"),
				658	x509.ObjectIdentifier("1.3.6.1.5.5.7.3.2"),
				659	])
				660	assert repr(eku) == (
				661	"<ExtendedKeyUsage([<ObjectIdentifier(oid=1.3.6.1.5.5.7.3.1, name="
				662	"serverAuth)>, <ObjectIdentifier(oid=1.3.6.1.5.5.7.3.2, name=clien"
				663	"tAuth)>])>"
				664	)
				665
Paul Kehrer	b047617	2015-05-02 19:34:51 -0500	[diff] [blame]	666	def test_eq(self):
				667	eku = x509.ExtendedKeyUsage([
				668	x509.ObjectIdentifier("1.3.6"), x509.ObjectIdentifier("1.3.7")
				669	])
				670	eku2 = x509.ExtendedKeyUsage([
				671	x509.ObjectIdentifier("1.3.6"), x509.ObjectIdentifier("1.3.7")
				672	])
				673	assert eku == eku2
				674
				675	def test_ne(self):
				676	eku = x509.ExtendedKeyUsage([x509.ObjectIdentifier("1.3.6")])
				677	eku2 = x509.ExtendedKeyUsage([x509.ObjectIdentifier("1.3.6.1")])
				678	assert eku != eku2
				679	assert eku != object()
				680
Paul Kehrer	ffa2a15	2015-03-31 08:18:25 -0500	[diff] [blame]	681
Paul Kehrer	fbb7ac8	2015-03-16 19:26:29 -0500	[diff] [blame]	682	@pytest.mark.requires_backend_interface(interface=RSABackend)
				683	@pytest.mark.requires_backend_interface(interface=X509Backend)
				684	class TestExtensions(object):
				685	def test_no_extensions(self, backend):
				686	cert = _load_cert(
				687	os.path.join("x509", "verisign_md2_root.pem"),
				688	x509.load_pem_x509_certificate,
				689	backend
				690	)
				691	ext = cert.extensions
				692	assert len(ext) == 0
				693	assert list(ext) == []
Paul Kehrer	fa56a23	2015-03-17 13:14:03 -0500	[diff] [blame]	694	with pytest.raises(x509.ExtensionNotFound) as exc:
				695	ext.get_extension_for_oid(x509.OID_BASIC_CONSTRAINTS)
				696
				697	assert exc.value.oid == x509.OID_BASIC_CONSTRAINTS
				698
				699	def test_one_extension(self, backend):
				700	cert = _load_cert(
				701	os.path.join(
				702	"x509", "custom", "basic_constraints_not_critical.pem"
				703	),
				704	x509.load_pem_x509_certificate,
				705	backend
				706	)
				707	extensions = cert.extensions
				708	ext = extensions.get_extension_for_oid(x509.OID_BASIC_CONSTRAINTS)
				709	assert ext is not None
				710	assert ext.value.ca is False
Paul Kehrer	fbb7ac8	2015-03-16 19:26:29 -0500	[diff] [blame]	711
				712	def test_duplicate_extension(self, backend):
				713	cert = _load_cert(
				714	os.path.join(
				715	"x509", "custom", "two_basic_constraints.pem"
				716	),
				717	x509.load_pem_x509_certificate,
				718	backend
				719	)
				720	with pytest.raises(x509.DuplicateExtension) as exc:
				721	cert.extensions
				722
				723	assert exc.value.oid == x509.OID_BASIC_CONSTRAINTS
				724
				725	def test_unsupported_critical_extension(self, backend):
				726	cert = _load_cert(
				727	os.path.join(
				728	"x509", "custom", "unsupported_extension_critical.pem"
				729	),
				730	x509.load_pem_x509_certificate,
				731	backend
				732	)
				733	with pytest.raises(x509.UnsupportedExtension) as exc:
				734	cert.extensions
				735
				736	assert exc.value.oid == x509.ObjectIdentifier("1.2.3.4")
				737
				738	def test_unsupported_extension(self, backend):
				739	# TODO: this will raise an exception when all extensions are complete
				740	cert = _load_cert(
				741	os.path.join(
				742	"x509", "custom", "unsupported_extension.pem"
				743	),
				744	x509.load_pem_x509_certificate,
				745	backend
				746	)
				747	extensions = cert.extensions
				748	assert len(extensions) == 0
Paul Kehrer	fa56a23	2015-03-17 13:14:03 -0500	[diff] [blame]	749
				750
				751	@pytest.mark.requires_backend_interface(interface=RSABackend)
				752	@pytest.mark.requires_backend_interface(interface=X509Backend)
Paul Kehrer	de813ea	2015-03-28 12:44:34 -0500	[diff] [blame]	753	class TestBasicConstraintsExtension(object):
Paul Kehrer	fa56a23	2015-03-17 13:14:03 -0500	[diff] [blame]	754	def test_ca_true_pathlen_6(self, backend):
				755	cert = _load_cert(
				756	os.path.join(
				757	"x509", "PKITS_data", "certs", "pathLenConstraint6CACert.crt"
				758	),
				759	x509.load_der_x509_certificate,
				760	backend
				761	)
				762	ext = cert.extensions.get_extension_for_oid(
				763	x509.OID_BASIC_CONSTRAINTS
				764	)
				765	assert ext is not None
				766	assert ext.critical is True
				767	assert ext.value.ca is True
				768	assert ext.value.path_length == 6
				769
				770	def test_path_length_zero(self, backend):
				771	cert = _load_cert(
				772	os.path.join("x509", "custom", "bc_path_length_zero.pem"),
				773	x509.load_pem_x509_certificate,
				774	backend
				775	)
				776	ext = cert.extensions.get_extension_for_oid(
				777	x509.OID_BASIC_CONSTRAINTS
				778	)
				779	assert ext is not None
				780	assert ext.critical is True
				781	assert ext.value.ca is True
				782	assert ext.value.path_length == 0
				783
				784	def test_ca_true_no_pathlen(self, backend):
				785	cert = _load_cert(
				786	os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"),
				787	x509.load_der_x509_certificate,
				788	backend
				789	)
				790	ext = cert.extensions.get_extension_for_oid(
				791	x509.OID_BASIC_CONSTRAINTS
				792	)
				793	assert ext is not None
				794	assert ext.critical is True
				795	assert ext.value.ca is True
				796	assert ext.value.path_length is None
				797
				798	def test_ca_false(self, backend):
				799	cert = _load_cert(
				800	os.path.join("x509", "cryptography.io.pem"),
				801	x509.load_pem_x509_certificate,
				802	backend
				803	)
				804	ext = cert.extensions.get_extension_for_oid(
				805	x509.OID_BASIC_CONSTRAINTS
				806	)
				807	assert ext is not None
				808	assert ext.critical is True
				809	assert ext.value.ca is False
				810	assert ext.value.path_length is None
				811
				812	def test_no_basic_constraints(self, backend):
				813	cert = _load_cert(
				814	os.path.join(
				815	"x509",
				816	"PKITS_data",
				817	"certs",
				818	"ValidCertificatePathTest1EE.crt"
				819	),
				820	x509.load_der_x509_certificate,
				821	backend
				822	)
				823	with pytest.raises(x509.ExtensionNotFound):
				824	cert.extensions.get_extension_for_oid(x509.OID_BASIC_CONSTRAINTS)
				825
				826	def test_basic_constraint_not_critical(self, backend):
				827	cert = _load_cert(
				828	os.path.join(
				829	"x509", "custom", "basic_constraints_not_critical.pem"
				830	),
				831	x509.load_pem_x509_certificate,
				832	backend
				833	)
				834	ext = cert.extensions.get_extension_for_oid(
				835	x509.OID_BASIC_CONSTRAINTS
				836	)
				837	assert ext is not None
				838	assert ext.critical is False
				839	assert ext.value.ca is False
Paul Kehrer	1eb82a6	2015-03-31 20:00:33 -0500	[diff] [blame]	840
				841
				842	@pytest.mark.requires_backend_interface(interface=RSABackend)
				843	@pytest.mark.requires_backend_interface(interface=X509Backend)
				844	class TestSubjectKeyIdentifierExtension(object):
				845	def test_subject_key_identifier(self, backend):
				846	cert = _load_cert(
				847	os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"),
				848	x509.load_der_x509_certificate,
				849	backend
				850	)
				851	ext = cert.extensions.get_extension_for_oid(
				852	x509.OID_SUBJECT_KEY_IDENTIFIER
				853	)
				854	ski = ext.value
				855	assert ext is not None
				856	assert ext.critical is False
Paul Kehrer	1eb82a6	2015-03-31 20:00:33 -0500	[diff] [blame]	857	assert ski.digest == binascii.unhexlify(
Paul Kehrer	ee99726	2015-04-04 12:20:28 -0500	[diff] [blame]	858	b"580184241bbc2b52944a3da510721451f5af3ac9"
Paul Kehrer	1eb82a6	2015-03-31 20:00:33 -0500	[diff] [blame]	859	)
				860
				861	def test_no_subject_key_identifier(self, backend):
				862	cert = _load_cert(
				863	os.path.join("x509", "custom", "bc_path_length_zero.pem"),
				864	x509.load_pem_x509_certificate,
				865	backend
				866	)
				867	with pytest.raises(x509.ExtensionNotFound):
				868	cert.extensions.get_extension_for_oid(
				869	x509.OID_SUBJECT_KEY_IDENTIFIER
				870	)
Paul Kehrer	5508ee2	2015-04-02 19:31:03 -0500	[diff] [blame]	871
				872
				873	@pytest.mark.requires_backend_interface(interface=RSABackend)
				874	@pytest.mark.requires_backend_interface(interface=X509Backend)
				875	class TestKeyUsageExtension(object):
				876	def test_no_key_usage(self, backend):
				877	cert = _load_cert(
				878	os.path.join("x509", "verisign_md2_root.pem"),
				879	x509.load_pem_x509_certificate,
				880	backend
				881	)
				882	ext = cert.extensions
				883	with pytest.raises(x509.ExtensionNotFound) as exc:
				884	ext.get_extension_for_oid(x509.OID_KEY_USAGE)
				885
				886	assert exc.value.oid == x509.OID_KEY_USAGE
				887
				888	def test_all_purposes(self, backend):
				889	cert = _load_cert(
				890	os.path.join(
				891	"x509", "custom", "all_key_usages.pem"
				892	),
				893	x509.load_pem_x509_certificate,
				894	backend
				895	)
				896	extensions = cert.extensions
				897	ext = extensions.get_extension_for_oid(x509.OID_KEY_USAGE)
				898	assert ext is not None
				899
				900	ku = ext.value
				901	assert ku.digital_signature is True
				902	assert ku.content_commitment is True
				903	assert ku.key_encipherment is True
				904	assert ku.data_encipherment is True
				905	assert ku.key_agreement is True
				906	assert ku.key_cert_sign is True
				907	assert ku.crl_sign is True
				908	assert ku.encipher_only is True
				909	assert ku.decipher_only is True
				910
				911	def test_key_cert_sign_crl_sign(self, backend):
				912	cert = _load_cert(
				913	os.path.join(
				914	"x509", "PKITS_data", "certs", "pathLenConstraint6CACert.crt"
				915	),
				916	x509.load_der_x509_certificate,
				917	backend
				918	)
				919	ext = cert.extensions.get_extension_for_oid(x509.OID_KEY_USAGE)
				920	assert ext is not None
				921	assert ext.critical is True
				922
				923	ku = ext.value
				924	assert ku.digital_signature is False
				925	assert ku.content_commitment is False
				926	assert ku.key_encipherment is False
				927	assert ku.data_encipherment is False
				928	assert ku.key_agreement is False
				929	assert ku.key_cert_sign is True
				930	assert ku.crl_sign is True
Paul Kehrer	31bdf79	2015-03-25 14:11:00 -0500	[diff] [blame]	931
				932
				933	@pytest.mark.parametrize(
				934	"name", [
				935	x509.RFC822Name,
				936	x509.DNSName,
				937	x509.UniformResourceIdentifier
				938	]
				939	)
				940	class TestTextGeneralNames(object):
				941	def test_not_text(self, name):
				942	with pytest.raises(TypeError):
				943	name(b"notaunicodestring")
				944
				945	with pytest.raises(TypeError):
				946	name(1.3)
				947
				948	def test_repr(self, name):
Eeshan Garg	f123415	2015-04-29 18:41:00 +0530	[diff] [blame]	949	gn = name(u"string")
Paul Kehrer	31bdf79	2015-03-25 14:11:00 -0500	[diff] [blame]	950	assert repr(gn) == "<{0}(value=string)>".format(name.__name__)
				951
				952	def test_eq(self, name):
Eeshan Garg	f123415	2015-04-29 18:41:00 +0530	[diff] [blame]	953	gn = name(u"string")
				954	gn2 = name(u"string")
Paul Kehrer	31bdf79	2015-03-25 14:11:00 -0500	[diff] [blame]	955	assert gn == gn2
				956
				957	def test_ne(self, name):
Eeshan Garg	f123415	2015-04-29 18:41:00 +0530	[diff] [blame]	958	gn = name(u"string")
				959	gn2 = name(u"string2")
Paul Kehrer	31bdf79	2015-03-25 14:11:00 -0500	[diff] [blame]	960	assert gn != gn2
				961	assert gn != object()
				962
				963
				964	class TestDirectoryName(object):
				965	def test_not_name(self):
				966	with pytest.raises(TypeError):
				967	x509.DirectoryName(b"notaname")
				968
				969	with pytest.raises(TypeError):
				970	x509.DirectoryName(1.3)
				971
				972	def test_repr(self):
				973	name = x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, 'value1')])
				974	gn = x509.DirectoryName(x509.Name([name]))
				975	assert repr(gn) == (
				976	"<DirectoryName(value=<Name([<Name([<NameAttribute(oid=<ObjectIden"
				977	"tifier(oid=2.5.4.3, name=commonName)>, value='value1')>])>])>)>"
				978	)
				979
				980	def test_eq(self):
				981	name = x509.Name([
				982	x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value1')
				983	])
				984	name2 = x509.Name([
				985	x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value1')
				986	])
				987	gn = x509.DirectoryName(x509.Name([name]))
				988	gn2 = x509.DirectoryName(x509.Name([name2]))
				989	assert gn == gn2
				990
				991	def test_ne(self):
				992	name = x509.Name([
				993	x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value1')
				994	])
				995	name2 = x509.Name([
				996	x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value2')
				997	])
				998	gn = x509.DirectoryName(x509.Name([name]))
				999	gn2 = x509.DirectoryName(x509.Name([name2]))
				1000	assert gn != gn2
				1001	assert gn != object()
				1002
				1003
				1004	class TestRegisteredID(object):
				1005	def test_not_oid(self):
				1006	with pytest.raises(TypeError):
				1007	x509.RegisteredID(b"notanoid")
				1008
				1009	with pytest.raises(TypeError):
				1010	x509.RegisteredID(1.3)
				1011
				1012	def test_repr(self):
				1013	gn = x509.RegisteredID(x509.OID_COMMON_NAME)
				1014	assert repr(gn) == (
				1015	"<RegisteredID(value=<ObjectIdentifier(oid=2.5.4.3, name=commonNam"
				1016	"e)>)>"
				1017	)
				1018
				1019	def test_eq(self):
				1020	gn = x509.RegisteredID(x509.OID_COMMON_NAME)
				1021	gn2 = x509.RegisteredID(x509.OID_COMMON_NAME)
				1022	assert gn == gn2
				1023
				1024	def test_ne(self):
				1025	gn = x509.RegisteredID(x509.OID_COMMON_NAME)
				1026	gn2 = x509.RegisteredID(x509.OID_BASIC_CONSTRAINTS)
				1027	assert gn != gn2
				1028	assert gn != object()
				1029
				1030
				1031	class TestIPAddress(object):
				1032	def test_not_ipaddress(self):
				1033	with pytest.raises(TypeError):
				1034	x509.IPAddress(b"notanipaddress")
				1035
				1036	with pytest.raises(TypeError):
				1037	x509.IPAddress(1.3)
				1038
				1039	def test_repr(self):
Eeshan Garg	f123415	2015-04-29 18:41:00 +0530	[diff] [blame]	1040	gn = x509.IPAddress(ipaddress.IPv4Address(u"127.0.0.1"))
Paul Kehrer	31bdf79	2015-03-25 14:11:00 -0500	[diff] [blame]	1041	assert repr(gn) == "<IPAddress(value=127.0.0.1)>"
				1042
Eeshan Garg	f123415	2015-04-29 18:41:00 +0530	[diff] [blame]	1043	gn2 = x509.IPAddress(ipaddress.IPv6Address(u"ff::"))
Paul Kehrer	31bdf79	2015-03-25 14:11:00 -0500	[diff] [blame]	1044	assert repr(gn2) == "<IPAddress(value=ff::)>"
				1045
				1046	def test_eq(self):
Eeshan Garg	f123415	2015-04-29 18:41:00 +0530	[diff] [blame]	1047	gn = x509.IPAddress(ipaddress.IPv4Address(u"127.0.0.1"))
				1048	gn2 = x509.IPAddress(ipaddress.IPv4Address(u"127.0.0.1"))
Paul Kehrer	31bdf79	2015-03-25 14:11:00 -0500	[diff] [blame]	1049	assert gn == gn2
				1050
				1051	def test_ne(self):
Eeshan Garg	f123415	2015-04-29 18:41:00 +0530	[diff] [blame]	1052	gn = x509.IPAddress(ipaddress.IPv4Address(u"127.0.0.1"))
				1053	gn2 = x509.IPAddress(ipaddress.IPv4Address(u"127.0.0.2"))
Paul Kehrer	31bdf79	2015-03-25 14:11:00 -0500	[diff] [blame]	1054	assert gn != gn2
				1055	assert gn != object()
				1056
				1057
				1058	class TestSubjectAlternativeName(object):
				1059	def test_get_values_for_type(self):
				1060	san = x509.SubjectAlternativeName(
Eeshan Garg	f123415	2015-04-29 18:41:00 +0530	[diff] [blame]	1061	[x509.DNSName(u"cryptography.io")]
Paul Kehrer	31bdf79	2015-03-25 14:11:00 -0500	[diff] [blame]	1062	)
				1063	names = san.get_values_for_type(x509.DNSName)
Eeshan Garg	f123415	2015-04-29 18:41:00 +0530	[diff] [blame]	1064	assert names == [u"cryptography.io"]
Paul Kehrer	31bdf79	2015-03-25 14:11:00 -0500	[diff] [blame]	1065
				1066	def test_iter_names(self):
				1067	san = x509.SubjectAlternativeName([
Eeshan Garg	f123415	2015-04-29 18:41:00 +0530	[diff] [blame]	1068	x509.DNSName(u"cryptography.io"),
				1069	x509.DNSName(u"crypto.local"),
Paul Kehrer	31bdf79	2015-03-25 14:11:00 -0500	[diff] [blame]	1070	])
				1071	assert len(san) == 2
				1072	assert list(san) == [
Eeshan Garg	f123415	2015-04-29 18:41:00 +0530	[diff] [blame]	1073	x509.DNSName(u"cryptography.io"),
				1074	x509.DNSName(u"crypto.local"),
Paul Kehrer	31bdf79	2015-03-25 14:11:00 -0500	[diff] [blame]	1075	]
				1076
Paul Kehrer	d04b39b	2015-04-21 08:44:17 -0500	[diff] [blame]	1077	def test_invalid_general_names(self):
				1078	with pytest.raises(TypeError):
				1079	x509.SubjectAlternativeName(
Eeshan Garg	f123415	2015-04-29 18:41:00 +0530	[diff] [blame]	1080	[x509.DNSName(u"cryptography.io"), "invalid"]
Paul Kehrer	d04b39b	2015-04-21 08:44:17 -0500	[diff] [blame]	1081	)
				1082
Paul Kehrer	31bdf79	2015-03-25 14:11:00 -0500	[diff] [blame]	1083	def test_repr(self):
				1084	san = x509.SubjectAlternativeName(
				1085	[
Eeshan Garg	f123415	2015-04-29 18:41:00 +0530	[diff] [blame]	1086	x509.DNSName(u"cryptography.io")
Paul Kehrer	31bdf79	2015-03-25 14:11:00 -0500	[diff] [blame]	1087	]
				1088	)
				1089	assert repr(san) == (
				1090	"<SubjectAlternativeName([<DNSName(value=cryptography.io)>])>"
				1091	)
Paul Kehrer	40f8338	2015-04-20 15:00:16 -0500	[diff] [blame]	1092
				1093
				1094	@pytest.mark.requires_backend_interface(interface=RSABackend)
				1095	@pytest.mark.requires_backend_interface(interface=X509Backend)
				1096	class TestRSASubjectAlternativeNameExtension(object):
				1097	def test_dns_name(self, backend):
				1098	cert = _load_cert(
				1099	os.path.join("x509", "cryptography.io.pem"),
				1100	x509.load_pem_x509_certificate,
				1101	backend
				1102	)
				1103	ext = cert.extensions.get_extension_for_oid(
				1104	x509.OID_SUBJECT_ALTERNATIVE_NAME
				1105	)
				1106	assert ext is not None
				1107	assert ext.critical is False
				1108
				1109	san = ext.value
				1110
				1111	dns = san.get_values_for_type(x509.DNSName)
				1112	assert dns == [u"www.cryptography.io", u"cryptography.io"]
Paul Kehrer	9089c91	2015-04-20 22:15:20 -0500	[diff] [blame]	1113
				1114	def test_unsupported_other_name(self, backend):
				1115	cert = _load_cert(
				1116	os.path.join(
				1117	"x509", "custom", "san_other_name.pem"
				1118	),
				1119	x509.load_pem_x509_certificate,
				1120	backend
				1121	)
Paul Kehrer	bed0735	2015-04-21 08:31:10 -0500	[diff] [blame]	1122	with pytest.raises(x509.UnsupportedGeneralNameType) as exc:
Paul Kehrer	9089c91	2015-04-20 22:15:20 -0500	[diff] [blame]	1123	cert.extensions
Paul Kehrer	bed0735	2015-04-21 08:31:10 -0500	[diff] [blame]	1124
Paul Kehrer	0a621bf	2015-04-22 09:22:56 -0500	[diff] [blame]	1125	assert exc.value.type == 0
Paul Kehrer	4db9662	2015-04-20 22:17:39 -0500	[diff] [blame]	1126
				1127	def test_registered_id(self, backend):
				1128	cert = _load_cert(
				1129	os.path.join(
				1130	"x509", "custom", "san_registered_id.pem"
				1131	),
				1132	x509.load_pem_x509_certificate,
				1133	backend
				1134	)
				1135	ext = cert.extensions.get_extension_for_oid(
				1136	x509.OID_SUBJECT_ALTERNATIVE_NAME
				1137	)
				1138	assert ext is not None
				1139	assert ext.critical is False
				1140
				1141	san = ext.value
				1142	rid = san.get_values_for_type(x509.RegisteredID)
				1143	assert rid == [x509.ObjectIdentifier("1.2.3.4")]
Paul Kehrer	b8ef82e	2015-04-22 16:04:24 -0500	[diff] [blame]	1144
				1145	def test_uri(self, backend):
				1146	cert = _load_cert(
				1147	os.path.join(
				1148	"x509", "custom", "san_uri_with_port.pem"
				1149	),
				1150	x509.load_pem_x509_certificate,
				1151	backend
				1152	)
				1153	ext = cert.extensions.get_extension_for_oid(
				1154	x509.OID_SUBJECT_ALTERNATIVE_NAME
				1155	)
				1156	assert ext is not None
				1157	uri = ext.value.get_values_for_type(
				1158	x509.UniformResourceIdentifier
				1159	)
				1160	assert uri == [
				1161	u"gopher://\u043f\u044b\u043a\u0430.cryptography:70/path?q=s#hel"
				1162	u"lo",
				1163	u"http://someregulardomain.com",
				1164	]
Paul Kehrer	a5f030c	2015-04-28 08:33:18 -0500	[diff] [blame]	1165
				1166	def test_ipaddress(self, backend):
				1167	cert = _load_cert(
				1168	os.path.join(
				1169	"x509", "custom", "san_ipaddr.pem"
				1170	),
				1171	x509.load_pem_x509_certificate,
				1172	backend
				1173	)
				1174	ext = cert.extensions.get_extension_for_oid(
				1175	x509.OID_SUBJECT_ALTERNATIVE_NAME
				1176	)
				1177	assert ext is not None
				1178	assert ext.critical is False
				1179
				1180	san = ext.value
				1181
				1182	ip = san.get_values_for_type(x509.IPAddress)
				1183	assert [
				1184	ipaddress.ip_address(u"127.0.0.1"),
				1185	ipaddress.ip_address(u"ff::")
				1186	] == ip
Paul Kehrer	2187a05	2015-04-30 08:22:07 -0500	[diff] [blame]	1187
				1188	def test_dirname(self, backend):
				1189	cert = _load_cert(
				1190	os.path.join(
				1191	"x509", "custom", "san_dirname.pem"
				1192	),
				1193	x509.load_pem_x509_certificate,
				1194	backend
				1195	)
				1196	ext = cert.extensions.get_extension_for_oid(
				1197	x509.OID_SUBJECT_ALTERNATIVE_NAME
				1198	)
				1199	assert ext is not None
				1200	assert ext.critical is False
				1201
				1202	san = ext.value
				1203
				1204	dirname = san.get_values_for_type(x509.DirectoryName)
				1205	assert [
				1206	x509.Name([
				1207	x509.NameAttribute(x509.OID_COMMON_NAME, 'test'),
				1208	x509.NameAttribute(x509.OID_ORGANIZATION_NAME, 'Org'),
				1209	x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, 'Texas'),
				1210	])
				1211	] == dirname
Paul Kehrer	e06cab4	2015-04-30 10:23:33 -0500	[diff] [blame]	1212
				1213	def test_rfc822name(self, backend):
				1214	cert = _load_cert(
				1215	os.path.join(
				1216	"x509", "custom", "san_rfc822_idna.pem"
				1217	),
				1218	x509.load_pem_x509_certificate,
				1219	backend
				1220	)
				1221	ext = cert.extensions.get_extension_for_oid(
				1222	x509.OID_SUBJECT_ALTERNATIVE_NAME
				1223	)
				1224	assert ext is not None
				1225	assert ext.critical is False
				1226
				1227	san = ext.value
				1228
				1229	rfc822name = san.get_values_for_type(x509.RFC822Name)
				1230	assert [u"email@em\xe5\xefl.com"] == rfc822name
				1231
				1232	def test_unicode_rfc822_name_dns_name_uri(self, backend):
				1233	cert = _load_cert(
				1234	os.path.join(
				1235	"x509", "custom", "san_idna_names.pem"
				1236	),
				1237	x509.load_pem_x509_certificate,
				1238	backend
				1239	)
				1240	ext = cert.extensions.get_extension_for_oid(
				1241	x509.OID_SUBJECT_ALTERNATIVE_NAME
				1242	)
				1243	assert ext is not None
				1244	rfc822_name = ext.value.get_values_for_type(x509.RFC822Name)
				1245	dns_name = ext.value.get_values_for_type(x509.DNSName)
				1246	uri = ext.value.get_values_for_type(x509.UniformResourceIdentifier)
				1247	assert rfc822_name == [u"email@\u043f\u044b\u043a\u0430.cryptography"]
				1248	assert dns_name == [u"\u043f\u044b\u043a\u0430.cryptography"]
				1249	assert uri == [u"https://www.\u043f\u044b\u043a\u0430.cryptography"]
				1250
				1251	def test_rfc822name_dnsname_ipaddress_directoryname_uri(self, backend):
				1252	cert = _load_cert(
				1253	os.path.join(
				1254	"x509", "custom", "san_email_dns_ip_dirname_uri.pem"
				1255	),
				1256	x509.load_pem_x509_certificate,
				1257	backend
				1258	)
				1259	ext = cert.extensions.get_extension_for_oid(
				1260	x509.OID_SUBJECT_ALTERNATIVE_NAME
				1261	)
				1262	assert ext is not None
				1263	assert ext.critical is False
				1264
				1265	san = ext.value
				1266
				1267	rfc822_name = san.get_values_for_type(x509.RFC822Name)
				1268	uri = san.get_values_for_type(x509.UniformResourceIdentifier)
				1269	dns = san.get_values_for_type(x509.DNSName)
				1270	ip = san.get_values_for_type(x509.IPAddress)
				1271	dirname = san.get_values_for_type(x509.DirectoryName)
				1272	assert [u"user@cryptography.io"] == rfc822_name
Paul Kehrer	e3a330c	2015-05-02 16:42:52 -0500	[diff] [blame]	1273	assert [u"https://cryptography.io"] == uri
Paul Kehrer	e06cab4	2015-04-30 10:23:33 -0500	[diff] [blame]	1274	assert [u"cryptography.io"] == dns
				1275	assert [
				1276	x509.Name([
				1277	x509.NameAttribute(x509.OID_COMMON_NAME, 'dirCN'),
				1278	x509.NameAttribute(
				1279	x509.OID_ORGANIZATION_NAME, 'Cryptographic Authority'
				1280	),
				1281	])
				1282	] == dirname
				1283	assert [
				1284	ipaddress.ip_address(u"127.0.0.1"),
				1285	ipaddress.ip_address(u"ff::")
				1286	] == ip
				1287
				1288	def test_invalid_rfc822name(self, backend):
				1289	cert = _load_cert(
				1290	os.path.join(
				1291	"x509", "custom", "san_rfc822_names.pem"
				1292	),
				1293	x509.load_pem_x509_certificate,
				1294	backend
				1295	)
				1296	with pytest.raises(ValueError) as exc:
				1297	cert.extensions
				1298
				1299	assert 'Invalid rfc822name value' in str(exc.value)
Paul Kehrer	94c6960	2015-05-02 19:29:40 -0500	[diff] [blame]	1300
				1301
				1302	@pytest.mark.requires_backend_interface(interface=RSABackend)
				1303	@pytest.mark.requires_backend_interface(interface=X509Backend)
				1304	class TestExtendedKeyUsageExtension(object):
				1305	def test_eku(self, backend):
				1306	cert = _load_cert(
				1307	os.path.join(
				1308	"x509", "custom", "extended_key_usage.pem"
				1309	),
				1310	x509.load_pem_x509_certificate,
				1311	backend
				1312	)
				1313	ext = cert.extensions.get_extension_for_oid(
				1314	x509.OID_EXTENDED_KEY_USAGE
				1315	)
				1316	assert ext is not None
				1317	assert ext.critical is False
				1318
				1319	assert [
				1320	x509.ObjectIdentifier("1.3.6.1.5.5.7.3.1"),
				1321	x509.ObjectIdentifier("1.3.6.1.5.5.7.3.2"),
				1322	x509.ObjectIdentifier("1.3.6.1.5.5.7.3.3"),
				1323	x509.ObjectIdentifier("1.3.6.1.5.5.7.3.4"),
				1324	x509.ObjectIdentifier("1.3.6.1.5.5.7.3.9"),
				1325	x509.ObjectIdentifier("1.3.6.1.5.5.7.3.8"),
				1326	x509.ObjectIdentifier("2.5.29.37.0"),
				1327	x509.ObjectIdentifier("2.16.840.1.113730.4.1"),
				1328	] == list(ext.value)
Paul Kehrer	3e6d558	2015-05-02 21:57:56 -0500	[diff] [blame]	1329
				1330
				1331	class TestAccessDescription(object):
				1332	def test_invalid_access_method(self):
Paul Kehrer	f506bca	2015-05-02 22:31:47 -0500	[diff] [blame]	1333	with pytest.raises(ValueError):
Paul Kehrer	3e6d558	2015-05-02 21:57:56 -0500	[diff] [blame]	1334	x509.AccessDescription("notanoid", x509.DNSName(u"test"))
				1335
				1336	def test_invalid_access_location(self):
				1337	with pytest.raises(TypeError):
				1338	x509.AccessDescription(x509.OID_CA_ISSUERS, "invalid")
				1339
				1340	def test_repr(self):
				1341	ad = x509.AccessDescription(
				1342	x509.OID_OCSP,
				1343	x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
				1344	)
				1345	assert repr(ad) == (
				1346	"<AccessDescription(access_method=<ObjectIdentifier(oid=1.3.6.1.5."
				1347	"5.7.48.1, name=OCSP)>, access_location=<UniformResourceIdentifier"
				1348	"(value=http://ocsp.domain.com)>)>"
				1349	)
				1350
				1351	def test_eq(self):
				1352	ad = x509.AccessDescription(
				1353	x509.OID_OCSP,
				1354	x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
				1355	)
				1356	ad2 = x509.AccessDescription(
				1357	x509.OID_OCSP,
				1358	x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
				1359	)
				1360	assert ad == ad2
				1361
				1362	def test_ne(self):
				1363	ad = x509.AccessDescription(
				1364	x509.OID_OCSP,
				1365	x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
				1366	)
				1367	ad2 = x509.AccessDescription(
				1368	x509.OID_CA_ISSUERS,
				1369	x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
				1370	)
				1371	ad3 = x509.AccessDescription(
				1372	x509.OID_OCSP,
				1373	x509.UniformResourceIdentifier(u"http://notthesame")
				1374	)
				1375	assert ad != ad2
				1376	assert ad != ad3
				1377	assert ad != object()
				1378
				1379
				1380	class TestAuthorityInformationAccess(object):
				1381	def test_invalid_descriptions(self):
				1382	with pytest.raises(TypeError):
				1383	x509.AuthorityInformationAccess(["notanAccessDescription"])
				1384
				1385	def test_iter_len(self):
				1386	aia = x509.AuthorityInformationAccess([
				1387	x509.AccessDescription(
				1388	x509.OID_OCSP,
				1389	x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
				1390	),
				1391	x509.AccessDescription(
				1392	x509.OID_CA_ISSUERS,
				1393	x509.UniformResourceIdentifier(u"http://domain.com/ca.crt")
				1394	)
				1395	])
				1396	assert len(aia) == 2
				1397	assert list(aia) == [
				1398	x509.AccessDescription(
				1399	x509.OID_OCSP,
				1400	x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
				1401	),
				1402	x509.AccessDescription(
				1403	x509.OID_CA_ISSUERS,
				1404	x509.UniformResourceIdentifier(u"http://domain.com/ca.crt")
				1405	)
				1406	]
				1407
				1408	def test_repr(self):
				1409	aia = x509.AuthorityInformationAccess([
				1410	x509.AccessDescription(
				1411	x509.OID_OCSP,
				1412	x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
				1413	),
				1414	x509.AccessDescription(
				1415	x509.OID_CA_ISSUERS,
				1416	x509.UniformResourceIdentifier(u"http://domain.com/ca.crt")
				1417	)
				1418	])
				1419	assert repr(aia) == (
				1420	"<AuthorityInformationAccess([<AccessDescription(access_method=<Ob"
				1421	"jectIdentifier(oid=1.3.6.1.5.5.7.48.1, name=OCSP)>, access_locati"
				1422	"on=<UniformResourceIdentifier(value=http://ocsp.domain.com)>)>, <"
				1423	"AccessDescription(access_method=<ObjectIdentifier(oid=1.3.6.1.5.5"
				1424	".7.48.2, name=caIssuers)>, access_location=<UniformResourceIdenti"
				1425	"fier(value=http://domain.com/ca.crt)>)>])>"
				1426	)
				1427
				1428	def test_eq(self):
				1429	aia = x509.AuthorityInformationAccess([
				1430	x509.AccessDescription(
				1431	x509.OID_OCSP,
				1432	x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
				1433	),
				1434	x509.AccessDescription(
				1435	x509.OID_CA_ISSUERS,
				1436	x509.UniformResourceIdentifier(u"http://domain.com/ca.crt")
				1437	)
				1438	])
				1439	aia2 = x509.AuthorityInformationAccess([
				1440	x509.AccessDescription(
				1441	x509.OID_OCSP,
				1442	x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
				1443	),
				1444	x509.AccessDescription(
				1445	x509.OID_CA_ISSUERS,
				1446	x509.UniformResourceIdentifier(u"http://domain.com/ca.crt")
				1447	)
				1448	])
				1449	assert aia == aia2
				1450
				1451	def test_ne(self):
				1452	aia = x509.AuthorityInformationAccess([
				1453	x509.AccessDescription(
				1454	x509.OID_OCSP,
				1455	x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
				1456	),
				1457	x509.AccessDescription(
				1458	x509.OID_CA_ISSUERS,
				1459	x509.UniformResourceIdentifier(u"http://domain.com/ca.crt")
				1460	)
				1461	])
				1462	aia2 = x509.AuthorityInformationAccess([
				1463	x509.AccessDescription(
				1464	x509.OID_OCSP,
				1465	x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
				1466	),
				1467	])
				1468
				1469	assert aia != aia2
				1470	assert aia != object()
Paul Kehrer	d774de9	2015-05-03 10:52:25 -0500	[diff] [blame]	1471
				1472
				1473	@pytest.mark.requires_backend_interface(interface=RSABackend)
				1474	@pytest.mark.requires_backend_interface(interface=X509Backend)
Paul Kehrer	a147699	2015-05-04 17:35:47 -0500	[diff] [blame]	1475	class TestAuthorityInformationAccessExtension(object):
				1476	def test_aia_ocsp_ca_issuers(self, backend):
				1477	cert = _load_cert(
				1478	os.path.join("x509", "cryptography.io.pem"),
				1479	x509.load_pem_x509_certificate,
				1480	backend
				1481	)
				1482	ext = cert.extensions.get_extension_for_oid(
				1483	x509.OID_AUTHORITY_INFORMATION_ACCESS
				1484	)
				1485	assert ext is not None
				1486	assert ext.critical is False
				1487
				1488	assert ext.value == x509.AuthorityInformationAccess([
				1489	x509.AccessDescription(
				1490	x509.OID_OCSP,
				1491	x509.UniformResourceIdentifier(u"http://gv.symcd.com")
				1492	),
				1493	x509.AccessDescription(
				1494	x509.OID_CA_ISSUERS,
				1495	x509.UniformResourceIdentifier(u"http://gv.symcb.com/gv.crt")
				1496	),
				1497	])
				1498
				1499	def test_aia_multiple_ocsp_ca_issuers(self, backend):
				1500	cert = _load_cert(
				1501	os.path.join("x509", "custom", "aia_ocsp_ca_issuers.pem"),
				1502	x509.load_pem_x509_certificate,
				1503	backend
				1504	)
				1505	ext = cert.extensions.get_extension_for_oid(
				1506	x509.OID_AUTHORITY_INFORMATION_ACCESS
				1507	)
				1508	assert ext is not None
				1509	assert ext.critical is False
				1510
				1511	assert ext.value == x509.AuthorityInformationAccess([
				1512	x509.AccessDescription(
				1513	x509.OID_OCSP,
				1514	x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
				1515	),
				1516	x509.AccessDescription(
				1517	x509.OID_OCSP,
				1518	x509.UniformResourceIdentifier(u"http://ocsp2.domain.com")
				1519	),
				1520	x509.AccessDescription(
				1521	x509.OID_CA_ISSUERS,
				1522	x509.DirectoryName(x509.Name([
				1523	x509.NameAttribute(x509.OID_COMMON_NAME, "myCN"),
				1524	x509.NameAttribute(x509.OID_ORGANIZATION_NAME, "some Org"),
				1525	]))
				1526	),
				1527	])
				1528
				1529	def test_aia_ocsp_only(self, backend):
				1530	cert = _load_cert(
				1531	os.path.join("x509", "custom", "aia_ocsp.pem"),
				1532	x509.load_pem_x509_certificate,
				1533	backend
				1534	)
				1535	ext = cert.extensions.get_extension_for_oid(
				1536	x509.OID_AUTHORITY_INFORMATION_ACCESS
				1537	)
				1538	assert ext is not None
				1539	assert ext.critical is False
				1540
				1541	assert ext.value == x509.AuthorityInformationAccess([
				1542	x509.AccessDescription(
				1543	x509.OID_OCSP,
				1544	x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
				1545	),
				1546	])
				1547
				1548	def test_aia_ca_issuers_only(self, backend):
				1549	cert = _load_cert(
				1550	os.path.join("x509", "custom", "aia_ca_issuers.pem"),
				1551	x509.load_pem_x509_certificate,
				1552	backend
				1553	)
				1554	ext = cert.extensions.get_extension_for_oid(
				1555	x509.OID_AUTHORITY_INFORMATION_ACCESS
				1556	)
				1557	assert ext is not None
				1558	assert ext.critical is False
				1559
				1560	assert ext.value == x509.AuthorityInformationAccess([
				1561	x509.AccessDescription(
				1562	x509.OID_CA_ISSUERS,
				1563	x509.DirectoryName(x509.Name([
				1564	x509.NameAttribute(x509.OID_COMMON_NAME, "myCN"),
				1565	x509.NameAttribute(x509.OID_ORGANIZATION_NAME, "some Org"),
				1566	]))
				1567	),
				1568	])
				1569
				1570
				1571	@pytest.mark.requires_backend_interface(interface=RSABackend)
				1572	@pytest.mark.requires_backend_interface(interface=X509Backend)
Paul Kehrer	d774de9	2015-05-03 10:52:25 -0500	[diff] [blame]	1573	class TestAuthorityKeyIdentifierExtension(object):
				1574	def test_aki_keyid(self, backend):
				1575	cert = _load_cert(
				1576	os.path.join(
				1577	"x509", "cryptography.io.pem"
				1578	),
				1579	x509.load_pem_x509_certificate,
				1580	backend
				1581	)
				1582	ext = cert.extensions.get_extension_for_oid(
				1583	x509.OID_AUTHORITY_KEY_IDENTIFIER
				1584	)
				1585	assert ext is not None
				1586	assert ext.critical is False
				1587
				1588	assert ext.value.key_identifier == (
				1589	b"\xc3\x9c\xf3\xfc\xd3F\x084\xbb\xceF\x7f\xa0\|[\xf3\xe2\x08\xcbY"
				1590	)
				1591	assert ext.value.authority_cert_issuer is None
				1592	assert ext.value.authority_cert_serial_number is None
				1593
				1594	def test_aki_all_fields(self, backend):
				1595	cert = _load_cert(
				1596	os.path.join(
				1597	"x509", "custom", "authority_key_identifier.pem"
				1598	),
				1599	x509.load_pem_x509_certificate,
				1600	backend
				1601	)
				1602	ext = cert.extensions.get_extension_for_oid(
				1603	x509.OID_AUTHORITY_KEY_IDENTIFIER
				1604	)
				1605	assert ext is not None
				1606	assert ext.critical is False
				1607
				1608	assert ext.value.key_identifier == (
				1609	b"9E>\xca=b\x1d\xea\x86I\xf6Z\xab@\xb7\xa4p\x98\xf1\xec"
				1610	)
				1611	assert ext.value.authority_cert_issuer == [
				1612	x509.DirectoryName(
				1613	x509.Name([
				1614	x509.NameAttribute(
				1615	x509.OID_ORGANIZATION_NAME, u"PyCA"
				1616	),
				1617	x509.NameAttribute(
				1618	x509.OID_COMMON_NAME, u"cryptography.io"
				1619	)
				1620	])
				1621	)
				1622	]
				1623	assert ext.value.authority_cert_serial_number == 3
				1624
				1625	def test_aki_no_keyid(self, backend):
				1626	cert = _load_cert(
				1627	os.path.join(
				1628	"x509", "custom", "authority_key_identifier_no_keyid.pem"
				1629	),
				1630	x509.load_pem_x509_certificate,
				1631	backend
				1632	)
				1633	ext = cert.extensions.get_extension_for_oid(
				1634	x509.OID_AUTHORITY_KEY_IDENTIFIER
				1635	)
				1636	assert ext is not None
				1637	assert ext.critical is False
				1638
				1639	assert ext.value.key_identifier is None
				1640	assert ext.value.authority_cert_issuer == [
				1641	x509.DirectoryName(
				1642	x509.Name([
				1643	x509.NameAttribute(
				1644	x509.OID_ORGANIZATION_NAME, u"PyCA"
				1645	),
				1646	x509.NameAttribute(
				1647	x509.OID_COMMON_NAME, u"cryptography.io"
				1648	)
				1649	])
				1650	)
				1651	]
				1652	assert ext.value.authority_cert_serial_number == 3
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1653
				1654
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1655	class TestDistributionPoint(object):
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1656	def test_distribution_point_full_name_not_general_names(self):
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1657	with pytest.raises(TypeError):
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1658	x509.DistributionPoint(["notgn"], None, None, None)
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1659
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1660	def test_distribution_point_relative_name_not_name(self):
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1661	with pytest.raises(TypeError):
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1662	x509.DistributionPoint(None, "notname", None, None)
				1663
				1664	def test_distribution_point_full_and_relative_not_none(self):
				1665	with pytest.raises(ValueError):
				1666	x509.DistributionPoint("data", "notname", None, None)
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1667
				1668	def test_crl_issuer_not_general_names(self):
				1669	with pytest.raises(TypeError):
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1670	x509.DistributionPoint(None, None, None, ["notgn"])
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1671
				1672	def test_reason_not_reasonflags(self):
				1673	with pytest.raises(TypeError):
				1674	x509.DistributionPoint(
				1675	[x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1676	None,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1677	frozenset(["notreasonflags"]),
				1678	None
				1679	)
				1680
				1681	def test_reason_not_frozenset(self):
				1682	with pytest.raises(TypeError):
				1683	x509.DistributionPoint(
				1684	[x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
				1685	None,
				1686	[x509.ReasonFlags.ca_compromise],
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1687	None
				1688	)
				1689
				1690	def test_disallowed_reasons(self):
				1691	with pytest.raises(ValueError):
				1692	x509.DistributionPoint(
				1693	[x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
				1694	None,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1695	frozenset([x509.ReasonFlags.unspecified]),
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1696	None
				1697	)
				1698
				1699	with pytest.raises(ValueError):
				1700	x509.DistributionPoint(
				1701	[x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
				1702	None,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1703	frozenset([x509.ReasonFlags.remove_from_crl]),
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1704	None
				1705	)
				1706
				1707	def test_reason_only(self):
				1708	with pytest.raises(ValueError):
				1709	x509.DistributionPoint(
				1710	None,
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1711	None,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1712	frozenset([x509.ReasonFlags.aa_compromise]),
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1713	None
				1714	)
				1715
				1716	def test_eq(self):
				1717	dp = x509.DistributionPoint(
				1718	[x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1719	None,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1720	frozenset([x509.ReasonFlags.superseded]),
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1721	[
				1722	x509.DirectoryName(
				1723	x509.Name([
				1724	x509.NameAttribute(
				1725	x509.OID_COMMON_NAME, "Important CA"
				1726	)
				1727	])
				1728	)
				1729	],
				1730	)
				1731	dp2 = x509.DistributionPoint(
				1732	[x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1733	None,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1734	frozenset([x509.ReasonFlags.superseded]),
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1735	[
				1736	x509.DirectoryName(
				1737	x509.Name([
				1738	x509.NameAttribute(
				1739	x509.OID_COMMON_NAME, "Important CA"
				1740	)
				1741	])
				1742	)
				1743	],
				1744	)
				1745	assert dp == dp2
				1746
				1747	def test_ne(self):
				1748	dp = x509.DistributionPoint(
				1749	[x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1750	None,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1751	frozenset([x509.ReasonFlags.superseded]),
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1752	[
				1753	x509.DirectoryName(
				1754	x509.Name([
				1755	x509.NameAttribute(
				1756	x509.OID_COMMON_NAME, "Important CA"
				1757	)
				1758	])
				1759	)
				1760	],
				1761	)
				1762	dp2 = x509.DistributionPoint(
				1763	[x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
				1764	None,
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1765	None,
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1766	None
				1767	)
				1768	assert dp != dp2
				1769	assert dp != object()
				1770
				1771	def test_repr(self):
				1772	dp = x509.DistributionPoint(
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1773	None,
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1774	x509.Name([
				1775	x509.NameAttribute(x509.OID_COMMON_NAME, "myCN")
				1776	]),
Paul Kehrer	96ef63c	2015-05-09 21:17:04 -0500	[diff] [blame]	1777	frozenset([x509.ReasonFlags.ca_compromise]),
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1778	[
				1779	x509.DirectoryName(
				1780	x509.Name([
				1781	x509.NameAttribute(
				1782	x509.OID_COMMON_NAME, "Important CA"
				1783	)
				1784	])
				1785	)
				1786	],
				1787	)
Paul Kehrer	749da3b	2015-05-10 09:58:29 -0500	[diff] [blame]	1788	if six.PY3:
				1789	assert repr(dp) == (
				1790	"<DistributionPoint(full_name=None, relative_name=<Name([<Name"
				1791	"Attribute(oid=<ObjectIdentifier(oid=2.5.4.3, name=commonName)"
				1792	">, value='myCN')>])>, reasons=frozenset({<ReasonFlags.ca_comp"
				1793	"romise: 'cACompromise'>}), crl_issuer=[<DirectoryName(value=<"
				1794	"Name([<NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.3, name="
				1795	"commonName)>, value='Important CA')>])>)>])>"
				1796	)
				1797	else:
				1798	assert repr(dp) == (
				1799	"<DistributionPoint(full_name=None, relative_name=<Name([<Name"
				1800	"Attribute(oid=<ObjectIdentifier(oid=2.5.4.3, name=commonName)"
				1801	">, value='myCN')>])>, reasons=frozenset([<ReasonFlags.ca_comp"
				1802	"romise: 'cACompromise'>]), crl_issuer=[<DirectoryName(value=<"
				1803	"Name([<NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.3, name="
				1804	"commonName)>, value='Important CA')>])>)>])>"
				1805	)
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1806
				1807
				1808	class TestCRLDistributionPoints(object):
				1809	def test_invalid_distribution_points(self):
				1810	with pytest.raises(TypeError):
				1811	x509.CRLDistributionPoints(["notadistributionpoint"])
				1812
				1813	def test_iter_len(self):
				1814	cdp = x509.CRLDistributionPoints([
				1815	x509.DistributionPoint(
				1816	[x509.UniformResourceIdentifier(u"http://domain")],
				1817	None,
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1818	None,
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1819	None
				1820	),
				1821	x509.DistributionPoint(
				1822	[x509.UniformResourceIdentifier(u"ftp://domain")],
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1823	None,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1824	frozenset([
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1825	x509.ReasonFlags.key_compromise,
				1826	x509.ReasonFlags.ca_compromise,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1827	]),
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1828	None
				1829	),
				1830	])
				1831	assert len(cdp) == 2
				1832	assert list(cdp) == [
				1833	x509.DistributionPoint(
				1834	[x509.UniformResourceIdentifier(u"http://domain")],
				1835	None,
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1836	None,
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1837	None
				1838	),
				1839	x509.DistributionPoint(
				1840	[x509.UniformResourceIdentifier(u"ftp://domain")],
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1841	None,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1842	frozenset([
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1843	x509.ReasonFlags.key_compromise,
				1844	x509.ReasonFlags.ca_compromise,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1845	]),
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1846	None
				1847	),
				1848	]
				1849
				1850	def test_repr(self):
				1851	cdp = x509.CRLDistributionPoints([
				1852	x509.DistributionPoint(
				1853	[x509.UniformResourceIdentifier(u"ftp://domain")],
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1854	None,
Paul Kehrer	96ef63c	2015-05-09 21:17:04 -0500	[diff] [blame]	1855	frozenset([x509.ReasonFlags.key_compromise]),
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1856	None
				1857	),
				1858	])
Paul Kehrer	749da3b	2015-05-10 09:58:29 -0500	[diff] [blame]	1859	if six.PY3:
				1860	assert repr(cdp) == (
				1861	"<CRLDistributionPoints([<DistributionPoint(full_name=[<Unifo"
				1862	"rmResourceIdentifier(value=ftp://domain)>], relative_name=No"
				1863	"ne, reasons=frozenset({<ReasonFlags.key_compromise: 'keyComp"
				1864	"romise'>}), crl_issuer=None)>])>"
				1865	)
				1866	else:
				1867	assert repr(cdp) == (
				1868	"<CRLDistributionPoints([<DistributionPoint(full_name=[<Unifo"
				1869	"rmResourceIdentifier(value=ftp://domain)>], relative_name=No"
				1870	"ne, reasons=frozenset([<ReasonFlags.key_compromise: 'keyComp"
				1871	"romise'>]), crl_issuer=None)>])>"
				1872	)
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1873
				1874	def test_eq(self):
				1875	cdp = x509.CRLDistributionPoints([
				1876	x509.DistributionPoint(
				1877	[x509.UniformResourceIdentifier(u"ftp://domain")],
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1878	None,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1879	frozenset([
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1880	x509.ReasonFlags.key_compromise,
				1881	x509.ReasonFlags.ca_compromise,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1882	]),
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1883	[x509.UniformResourceIdentifier(u"uri://thing")],
				1884	),
				1885	])
				1886	cdp2 = x509.CRLDistributionPoints([
				1887	x509.DistributionPoint(
				1888	[x509.UniformResourceIdentifier(u"ftp://domain")],
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1889	None,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1890	frozenset([
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1891	x509.ReasonFlags.key_compromise,
				1892	x509.ReasonFlags.ca_compromise,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1893	]),
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1894	[x509.UniformResourceIdentifier(u"uri://thing")],
				1895	),
				1896	])
				1897	assert cdp == cdp2
				1898
				1899	def test_ne(self):
				1900	cdp = x509.CRLDistributionPoints([
				1901	x509.DistributionPoint(
				1902	[x509.UniformResourceIdentifier(u"ftp://domain")],
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1903	None,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1904	frozenset([
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1905	x509.ReasonFlags.key_compromise,
				1906	x509.ReasonFlags.ca_compromise,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1907	]),
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1908	[x509.UniformResourceIdentifier(u"uri://thing")],
				1909	),
				1910	])
				1911	cdp2 = x509.CRLDistributionPoints([
				1912	x509.DistributionPoint(
				1913	[x509.UniformResourceIdentifier(u"ftp://domain2")],
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1914	None,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1915	frozenset([
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1916	x509.ReasonFlags.key_compromise,
				1917	x509.ReasonFlags.ca_compromise,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1918	]),
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1919	[x509.UniformResourceIdentifier(u"uri://thing")],
				1920	),
				1921	])
				1922	cdp3 = x509.CRLDistributionPoints([
				1923	x509.DistributionPoint(
				1924	[x509.UniformResourceIdentifier(u"ftp://domain")],
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1925	None,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1926	frozenset([x509.ReasonFlags.key_compromise]),
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1927	[x509.UniformResourceIdentifier(u"uri://thing")],
				1928	),
				1929	])
				1930	cdp4 = x509.CRLDistributionPoints([
				1931	x509.DistributionPoint(
				1932	[x509.UniformResourceIdentifier(u"ftp://domain")],
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1933	None,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1934	frozenset([
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1935	x509.ReasonFlags.key_compromise,
				1936	x509.ReasonFlags.ca_compromise,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1937	]),
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1938	[x509.UniformResourceIdentifier(u"uri://thing2")],
				1939	),
				1940	])
				1941	assert cdp != cdp2
				1942	assert cdp != cdp3
				1943	assert cdp != cdp4
				1944	assert cdp != object()