Blame - tests/test_x509_ext.py - platform/external/python/cryptography

blob: 5d54da1e4d3ac5cea101522b1b8cb7c9cad795fe [file] [log] [blame]

Paul Kehrer	8cf2642	2015-03-21 09:50:24 -0500	[diff] [blame]	1	# This file is dual licensed under the terms of the Apache License, Version
				2	# 2.0, and the BSD License. See the LICENSE file in the root of this repository
				3	# for complete details.
				4
				5	from __future__ import absolute_import, division, print_function
				6
Paul Kehrer	1eb82a6	2015-03-31 20:00:33 -0500	[diff] [blame]	7	import binascii
Paul Kehrer	31bdf79	2015-03-25 14:11:00 -0500	[diff] [blame]	8	import ipaddress
Paul Kehrer	fbb7ac8	2015-03-16 19:26:29 -0500	[diff] [blame]	9	import os
				10
Paul Kehrer	8cf2642	2015-03-21 09:50:24 -0500	[diff] [blame]	11	import pytest
				12
Paul Kehrer	cbfb101	2015-04-10 20:57:20 -0400	[diff] [blame]	13	import six
				14
Paul Kehrer	8cf2642	2015-03-21 09:50:24 -0500	[diff] [blame]	15	from cryptography import x509
Paul Kehrer	fbb7ac8	2015-03-16 19:26:29 -0500	[diff] [blame]	16	from cryptography.hazmat.backends.interfaces import RSABackend, X509Backend
				17
				18	from .test_x509 import _load_cert
Paul Kehrer	8cf2642	2015-03-21 09:50:24 -0500	[diff] [blame]	19
				20
Paul Kehrer	8589466	2015-03-22 13:19:31 -0500	[diff] [blame]	21	class TestExtension(object):
				22	def test_not_an_oid(self):
Paul Kehrer	a5c6e9a	2015-03-23 19:23:43 -0500	[diff] [blame]	23	bc = x509.BasicConstraints(ca=False, path_length=None)
Paul Kehrer	8589466	2015-03-22 13:19:31 -0500	[diff] [blame]	24	with pytest.raises(TypeError):
				25	x509.Extension("notanoid", True, bc)
				26
				27	def test_critical_not_a_bool(self):
Paul Kehrer	a5c6e9a	2015-03-23 19:23:43 -0500	[diff] [blame]	28	bc = x509.BasicConstraints(ca=False, path_length=None)
Paul Kehrer	8589466	2015-03-22 13:19:31 -0500	[diff] [blame]	29	with pytest.raises(TypeError):
				30	x509.Extension(x509.OID_BASIC_CONSTRAINTS, "notabool", bc)
				31
				32	def test_repr(self):
Paul Kehrer	a5c6e9a	2015-03-23 19:23:43 -0500	[diff] [blame]	33	bc = x509.BasicConstraints(ca=False, path_length=None)
Paul Kehrer	8589466	2015-03-22 13:19:31 -0500	[diff] [blame]	34	ext = x509.Extension(x509.OID_BASIC_CONSTRAINTS, True, bc)
				35	assert repr(ext) == (
				36	"<Extension(oid=<ObjectIdentifier(oid=2.5.29.19, name=basicConst"
				37	"raints)>, critical=True, value=<BasicConstraints(ca=False, path"
				38	"_length=None)>)>"
				39	)
				40
				41
Paul Kehrer	2b62258	2015-04-15 11:04:29 -0400	[diff] [blame]	42	class TestNoticeReference(object):
				43	def test_notice_numbers_not_all_int(self):
				44	with pytest.raises(TypeError):
				45	x509.NoticeReference("org", [1, 2, "three"])
				46
				47	def test_notice_numbers_none(self):
Paul Kehrer	6e198b0	2015-05-12 15:53:38 -0500	[diff] [blame]	48	with pytest.raises(TypeError):
				49	x509.NoticeReference("org", None)
Paul Kehrer	2b62258	2015-04-15 11:04:29 -0400	[diff] [blame]	50
				51	def test_repr(self):
Paul Kehrer	73be2ca	2015-05-11 21:22:38 -0500	[diff] [blame]	52	nr = x509.NoticeReference(u"org", [1, 3, 4])
Paul Kehrer	2b62258	2015-04-15 11:04:29 -0400	[diff] [blame]	53
Paul Kehrer	73be2ca	2015-05-11 21:22:38 -0500	[diff] [blame]	54	if six.PY3:
				55	assert repr(nr) == (
				56	"<NoticeReference(organization='org', notice_numbers=[1, 3, 4"
				57	"])>"
				58	)
				59	else:
				60	assert repr(nr) == (
				61	"<NoticeReference(organization=u'org', notice_numbers=[1, 3, "
				62	"4])>"
				63	)
Paul Kehrer	2b62258	2015-04-15 11:04:29 -0400	[diff] [blame]	64
Paul Kehrer	c56ab62	2015-05-03 09:56:31 -0500	[diff] [blame]	65	def test_eq(self):
				66	nr = x509.NoticeReference("org", [1, 2])
				67	nr2 = x509.NoticeReference("org", [1, 2])
				68	assert nr == nr2
				69
				70	def test_ne(self):
				71	nr = x509.NoticeReference("org", [1, 2])
				72	nr2 = x509.NoticeReference("org", [1])
				73	nr3 = x509.NoticeReference(None, [1, 2])
				74	assert nr != nr2
				75	assert nr != nr3
				76	assert nr != object()
				77
Paul Kehrer	2b62258	2015-04-15 11:04:29 -0400	[diff] [blame]	78
				79	class TestUserNotice(object):
				80	def test_notice_reference_invalid(self):
				81	with pytest.raises(TypeError):
				82	x509.UserNotice("invalid", None)
				83
				84	def test_notice_reference_none(self):
				85	un = x509.UserNotice(None, "text")
				86	assert un.notice_reference is None
				87	assert un.explicit_text == "text"
				88
				89	def test_repr(self):
Paul Kehrer	6e198b0	2015-05-12 15:53:38 -0500	[diff] [blame]	90	un = x509.UserNotice(x509.NoticeReference(u"org", [1]), u"text")
Paul Kehrer	73be2ca	2015-05-11 21:22:38 -0500	[diff] [blame]	91	if six.PY3:
				92	assert repr(un) == (
				93	"<UserNotice(notice_reference=<NoticeReference(organization='"
Paul Kehrer	6e198b0	2015-05-12 15:53:38 -0500	[diff] [blame]	94	"org', notice_numbers=[1])>, explicit_text='text')>"
Paul Kehrer	73be2ca	2015-05-11 21:22:38 -0500	[diff] [blame]	95	)
				96	else:
				97	assert repr(un) == (
				98	"<UserNotice(notice_reference=<NoticeReference(organization=u"
Paul Kehrer	6e198b0	2015-05-12 15:53:38 -0500	[diff] [blame]	99	"'org', notice_numbers=[1])>, explicit_text=u'text')>"
Paul Kehrer	73be2ca	2015-05-11 21:22:38 -0500	[diff] [blame]	100	)
Paul Kehrer	2b62258	2015-04-15 11:04:29 -0400	[diff] [blame]	101
Paul Kehrer	c56ab62	2015-05-03 09:56:31 -0500	[diff] [blame]	102	def test_eq(self):
				103	nr = x509.NoticeReference("org", [1, 2])
				104	nr2 = x509.NoticeReference("org", [1, 2])
				105	un = x509.UserNotice(nr, "text")
				106	un2 = x509.UserNotice(nr2, "text")
				107	assert un == un2
				108
				109	def test_ne(self):
				110	nr = x509.NoticeReference("org", [1, 2])
				111	nr2 = x509.NoticeReference("org", [1])
				112	un = x509.UserNotice(nr, "text")
				113	un2 = x509.UserNotice(nr2, "text")
				114	un3 = x509.UserNotice(nr, "text3")
				115	assert un != un2
				116	assert un != un3
				117	assert un != object()
				118
Paul Kehrer	2b62258	2015-04-15 11:04:29 -0400	[diff] [blame]	119
Paul Kehrer	2b62258	2015-04-15 11:04:29 -0400	[diff] [blame]	120	class TestPolicyInformation(object):
				121	def test_invalid_policy_identifier(self):
				122	with pytest.raises(TypeError):
				123	x509.PolicyInformation("notanoid", None)
				124
				125	def test_none_policy_qualifiers(self):
				126	pi = x509.PolicyInformation(x509.ObjectIdentifier("1.2.3"), None)
				127	assert pi.policy_identifier == x509.ObjectIdentifier("1.2.3")
				128	assert pi.policy_qualifiers is None
				129
				130	def test_policy_qualifiers(self):
Paul Kehrer	ba35b3b	2015-05-10 13:07:59 -0500	[diff] [blame]	131	pq = [u"string"]
Paul Kehrer	2b62258	2015-04-15 11:04:29 -0400	[diff] [blame]	132	pi = x509.PolicyInformation(x509.ObjectIdentifier("1.2.3"), pq)
				133	assert pi.policy_identifier == x509.ObjectIdentifier("1.2.3")
				134	assert pi.policy_qualifiers == pq
				135
				136	def test_invalid_policy_identifiers(self):
				137	with pytest.raises(TypeError):
				138	x509.PolicyInformation(x509.ObjectIdentifier("1.2.3"), [1, 2])
				139
				140	def test_repr(self):
Paul Kehrer	73be2ca	2015-05-11 21:22:38 -0500	[diff] [blame]	141	pq = [u"string", x509.UserNotice(None, u"hi")]
Paul Kehrer	2b62258	2015-04-15 11:04:29 -0400	[diff] [blame]	142	pi = x509.PolicyInformation(x509.ObjectIdentifier("1.2.3"), pq)
Paul Kehrer	ba35b3b	2015-05-10 13:07:59 -0500	[diff] [blame]	143	if six.PY3:
				144	assert repr(pi) == (
				145	"<PolicyInformation(policy_identifier=<ObjectIdentifier(oid=1."
				146	"2.3, name=Unknown OID)>, policy_qualifiers=['string', <UserNo"
Paul Kehrer	9aaef9e	2015-05-11 10:49:20 -0500	[diff] [blame]	147	"tice(notice_reference=None, explicit_text='hi')>])>"
Paul Kehrer	ba35b3b	2015-05-10 13:07:59 -0500	[diff] [blame]	148	)
				149	else:
				150	assert repr(pi) == (
				151	"<PolicyInformation(policy_identifier=<ObjectIdentifier(oid=1."
				152	"2.3, name=Unknown OID)>, policy_qualifiers=[u'string', <UserN"
Paul Kehrer	73be2ca	2015-05-11 21:22:38 -0500	[diff] [blame]	153	"otice(notice_reference=None, explicit_text=u'hi')>])>"
Paul Kehrer	ba35b3b	2015-05-10 13:07:59 -0500	[diff] [blame]	154	)
Paul Kehrer	2b62258	2015-04-15 11:04:29 -0400	[diff] [blame]	155
Paul Kehrer	c56ab62	2015-05-03 09:56:31 -0500	[diff] [blame]	156	def test_eq(self):
				157	pi = x509.PolicyInformation(
				158	x509.ObjectIdentifier("1.2.3"),
				159	[u"string", x509.UserNotice(None, u"hi")]
				160	)
				161	pi2 = x509.PolicyInformation(
				162	x509.ObjectIdentifier("1.2.3"),
				163	[u"string", x509.UserNotice(None, u"hi")]
				164	)
				165	assert pi == pi2
				166
				167	def test_ne(self):
				168	pi = x509.PolicyInformation(
				169	x509.ObjectIdentifier("1.2.3"), [u"string"]
				170	)
				171	pi2 = x509.PolicyInformation(
				172	x509.ObjectIdentifier("1.2.3"), [u"string2"]
				173	)
				174	pi3 = x509.PolicyInformation(
				175	x509.ObjectIdentifier("1.2.3.4"), [u"string"]
				176	)
				177	assert pi != pi2
				178	assert pi != pi3
				179	assert pi != object()
				180
Paul Kehrer	2b62258	2015-04-15 11:04:29 -0400	[diff] [blame]	181
				182	class TestCertificatePolicies(object):
				183	def test_invalid_policies(self):
Paul Kehrer	ba35b3b	2015-05-10 13:07:59 -0500	[diff] [blame]	184	pq = [u"string"]
Paul Kehrer	2b62258	2015-04-15 11:04:29 -0400	[diff] [blame]	185	pi = x509.PolicyInformation(x509.ObjectIdentifier("1.2.3"), pq)
				186	with pytest.raises(TypeError):
				187	x509.CertificatePolicies([1, pi])
				188
				189	def test_iter_len(self):
Paul Kehrer	ba35b3b	2015-05-10 13:07:59 -0500	[diff] [blame]	190	pq = [u"string"]
Paul Kehrer	2b62258	2015-04-15 11:04:29 -0400	[diff] [blame]	191	pi = x509.PolicyInformation(x509.ObjectIdentifier("1.2.3"), pq)
				192	cp = x509.CertificatePolicies([pi])
				193	assert len(cp) == 1
				194	for policyinfo in cp:
				195	assert policyinfo == pi
				196
				197	def test_repr(self):
Paul Kehrer	ba35b3b	2015-05-10 13:07:59 -0500	[diff] [blame]	198	pq = [u"string"]
Paul Kehrer	2b62258	2015-04-15 11:04:29 -0400	[diff] [blame]	199	pi = x509.PolicyInformation(x509.ObjectIdentifier("1.2.3"), pq)
				200	cp = x509.CertificatePolicies([pi])
Paul Kehrer	ba35b3b	2015-05-10 13:07:59 -0500	[diff] [blame]	201	if six.PY3:
				202	assert repr(cp) == (
				203	"<CertificatePolicies([<PolicyInformation(policy_identifier=<O"
				204	"bjectIdentifier(oid=1.2.3, name=Unknown OID)>, policy_qualifi"
				205	"ers=['string'])>])>"
				206	)
				207	else:
				208	assert repr(cp) == (
				209	"<CertificatePolicies([<PolicyInformation(policy_identifier=<O"
				210	"bjectIdentifier(oid=1.2.3, name=Unknown OID)>, policy_qualifi"
				211	"ers=[u'string'])>])>"
				212	)
Paul Kehrer	2b62258	2015-04-15 11:04:29 -0400	[diff] [blame]	213
Paul Kehrer	c56ab62	2015-05-03 09:56:31 -0500	[diff] [blame]	214	def test_eq(self):
				215	pi = x509.PolicyInformation(
				216	x509.ObjectIdentifier("1.2.3"), [u"string"]
				217	)
				218	cp = x509.CertificatePolicies([pi])
				219	pi2 = x509.PolicyInformation(
				220	x509.ObjectIdentifier("1.2.3"), [u"string"]
				221	)
				222	cp2 = x509.CertificatePolicies([pi2])
				223	assert cp == cp2
				224
				225	def test_ne(self):
				226	pi = x509.PolicyInformation(
				227	x509.ObjectIdentifier("1.2.3"), [u"string"]
				228	)
				229	cp = x509.CertificatePolicies([pi])
				230	pi2 = x509.PolicyInformation(
				231	x509.ObjectIdentifier("1.2.3"), [u"string2"]
				232	)
				233	cp2 = x509.CertificatePolicies([pi2])
				234	assert cp != cp2
				235	assert cp != object()
				236
Paul Kehrer	2b62258	2015-04-15 11:04:29 -0400	[diff] [blame]	237
Paul Kehrer	11026fe	2015-05-12 11:23:56 -0500	[diff] [blame]	238	@pytest.mark.requires_backend_interface(interface=RSABackend)
				239	@pytest.mark.requires_backend_interface(interface=X509Backend)
				240	class TestCertificatePoliciesExtension(object):
				241	def test_cps_uri_policy_qualifier(self, backend):
				242	cert = _load_cert(
				243	os.path.join("x509", "custom", "cp_cps_uri.pem"),
				244	x509.load_pem_x509_certificate,
				245	backend
				246	)
				247
				248	cp = cert.extensions.get_extension_for_oid(
				249	x509.OID_CERTIFICATE_POLICIES
				250	).value
				251
				252	assert cp == x509.CertificatePolicies([
				253	x509.PolicyInformation(
				254	x509.ObjectIdentifier("2.16.840.1.12345.1.2.3.4.1"),
				255	[u"http://other.com/cps"]
				256	)
				257	])
				258
				259	def test_user_notice_with_notice_reference(self, backend):
				260	cert = _load_cert(
				261	os.path.join(
				262	"x509", "custom", "cp_user_notice_with_notice_reference.pem"
				263	),
				264	x509.load_pem_x509_certificate,
				265	backend
				266	)
				267
				268	cp = cert.extensions.get_extension_for_oid(
				269	x509.OID_CERTIFICATE_POLICIES
				270	).value
				271
				272	assert cp == x509.CertificatePolicies([
				273	x509.PolicyInformation(
				274	x509.ObjectIdentifier("2.16.840.1.12345.1.2.3.4.1"),
				275	[
				276	u"http://example.com/cps",
				277	u"http://other.com/cps",
				278	x509.UserNotice(
				279	x509.NoticeReference(u"my org", [1, 2, 3, 4]),
				280	u"thing"
				281	)
				282	]
				283	)
				284	])
				285
				286	def test_user_notice_with_explicit_text(self, backend):
				287	cert = _load_cert(
				288	os.path.join(
				289	"x509", "custom", "cp_user_notice_with_explicit_text.pem"
				290	),
				291	x509.load_pem_x509_certificate,
				292	backend
				293	)
				294
				295	cp = cert.extensions.get_extension_for_oid(
				296	x509.OID_CERTIFICATE_POLICIES
				297	).value
				298
				299	assert cp == x509.CertificatePolicies([
				300	x509.PolicyInformation(
				301	x509.ObjectIdentifier("2.16.840.1.12345.1.2.3.4.1"),
				302	[x509.UserNotice(None, u"thing")]
				303	)
				304	])
				305
				306	def test_user_notice_no_explicit_text(self, backend):
				307	cert = _load_cert(
				308	os.path.join(
				309	"x509", "custom", "cp_user_notice_no_explicit_text.pem"
				310	),
				311	x509.load_pem_x509_certificate,
				312	backend
				313	)
				314
				315	cp = cert.extensions.get_extension_for_oid(
				316	x509.OID_CERTIFICATE_POLICIES
				317	).value
				318
				319	assert cp == x509.CertificatePolicies([
				320	x509.PolicyInformation(
				321	x509.ObjectIdentifier("2.16.840.1.12345.1.2.3.4.1"),
				322	[
				323	x509.UserNotice(
				324	x509.NoticeReference(u"my org", [1, 2, 3, 4]),
				325	None
				326	)
				327	]
				328	)
				329	])
				330
				331
Paul Kehrer	cecbbba	2015-03-30 14:58:38 -0500	[diff] [blame]	332	class TestKeyUsage(object):
				333	def test_key_agreement_false_encipher_decipher_true(self):
				334	with pytest.raises(ValueError):
				335	x509.KeyUsage(
				336	digital_signature=False,
				337	content_commitment=False,
				338	key_encipherment=False,
				339	data_encipherment=False,
				340	key_agreement=False,
				341	key_cert_sign=False,
				342	crl_sign=False,
				343	encipher_only=True,
				344	decipher_only=False
				345	)
				346
				347	with pytest.raises(ValueError):
				348	x509.KeyUsage(
				349	digital_signature=False,
				350	content_commitment=False,
				351	key_encipherment=False,
				352	data_encipherment=False,
				353	key_agreement=False,
				354	key_cert_sign=False,
				355	crl_sign=False,
				356	encipher_only=True,
				357	decipher_only=True
				358	)
				359
				360	with pytest.raises(ValueError):
				361	x509.KeyUsage(
				362	digital_signature=False,
				363	content_commitment=False,
				364	key_encipherment=False,
				365	data_encipherment=False,
				366	key_agreement=False,
				367	key_cert_sign=False,
				368	crl_sign=False,
				369	encipher_only=False,
				370	decipher_only=True
				371	)
				372
				373	def test_properties_key_agreement_true(self):
				374	ku = x509.KeyUsage(
				375	digital_signature=True,
				376	content_commitment=True,
				377	key_encipherment=False,
				378	data_encipherment=False,
				379	key_agreement=False,
				380	key_cert_sign=True,
				381	crl_sign=False,
				382	encipher_only=False,
				383	decipher_only=False
				384	)
				385	assert ku.digital_signature is True
				386	assert ku.content_commitment is True
				387	assert ku.key_encipherment is False
				388	assert ku.data_encipherment is False
				389	assert ku.key_agreement is False
				390	assert ku.key_cert_sign is True
				391	assert ku.crl_sign is False
				392
				393	def test_key_agreement_true_properties(self):
				394	ku = x509.KeyUsage(
				395	digital_signature=False,
				396	content_commitment=False,
				397	key_encipherment=False,
				398	data_encipherment=False,
				399	key_agreement=True,
				400	key_cert_sign=False,
				401	crl_sign=False,
				402	encipher_only=False,
				403	decipher_only=True
				404	)
				405	assert ku.key_agreement is True
				406	assert ku.encipher_only is False
				407	assert ku.decipher_only is True
				408
				409	def test_key_agreement_false_properties(self):
				410	ku = x509.KeyUsage(
				411	digital_signature=False,
				412	content_commitment=False,
				413	key_encipherment=False,
				414	data_encipherment=False,
				415	key_agreement=False,
				416	key_cert_sign=False,
				417	crl_sign=False,
				418	encipher_only=False,
				419	decipher_only=False
				420	)
				421	assert ku.key_agreement is False
				422	with pytest.raises(ValueError):
				423	ku.encipher_only
				424
				425	with pytest.raises(ValueError):
				426	ku.decipher_only
				427
Paul Kehrer	ac3e5bb	2015-04-02 23:07:10 -0500	[diff] [blame]	428	def test_repr_key_agreement_false(self):
				429	ku = x509.KeyUsage(
				430	digital_signature=True,
				431	content_commitment=True,
				432	key_encipherment=False,
				433	data_encipherment=False,
				434	key_agreement=False,
				435	key_cert_sign=True,
				436	crl_sign=False,
				437	encipher_only=False,
				438	decipher_only=False
				439	)
				440	assert repr(ku) == (
				441	"<KeyUsage(digital_signature=True, content_commitment=True, key_en"
				442	"cipherment=False, data_encipherment=False, key_agreement=False, k"
Paul Kehrer	b372e67	2015-04-15 11:05:24 -0400	[diff] [blame]	443	"ey_cert_sign=True, crl_sign=False, encipher_only=None, decipher_o"
				444	"nly=None)>"
Paul Kehrer	ac3e5bb	2015-04-02 23:07:10 -0500	[diff] [blame]	445	)
				446
				447	def test_repr_key_agreement_true(self):
				448	ku = x509.KeyUsage(
				449	digital_signature=True,
				450	content_commitment=True,
				451	key_encipherment=False,
				452	data_encipherment=False,
				453	key_agreement=True,
				454	key_cert_sign=True,
				455	crl_sign=False,
				456	encipher_only=False,
				457	decipher_only=False
				458	)
				459	assert repr(ku) == (
				460	"<KeyUsage(digital_signature=True, content_commitment=True, key_en"
				461	"cipherment=False, data_encipherment=False, key_agreement=True, k"
				462	"ey_cert_sign=True, crl_sign=False, encipher_only=False, decipher_"
				463	"only=False)>"
				464	)
				465
Paul Kehrer	cecbbba	2015-03-30 14:58:38 -0500	[diff] [blame]	466
Paul Kehrer	1eb82a6	2015-03-31 20:00:33 -0500	[diff] [blame]	467	class TestSubjectKeyIdentifier(object):
				468	def test_properties(self):
Paul Kehrer	cbfb101	2015-04-10 20:57:20 -0400	[diff] [blame]	469	value = binascii.unhexlify(b"092384932230498bc980aa8098456f6ff7ff3ac9")
Paul Kehrer	1eb82a6	2015-03-31 20:00:33 -0500	[diff] [blame]	470	ski = x509.SubjectKeyIdentifier(value)
				471	assert ski.digest == value
Paul Kehrer	1eb82a6	2015-03-31 20:00:33 -0500	[diff] [blame]	472
				473	def test_repr(self):
				474	ski = x509.SubjectKeyIdentifier(
Paul Kehrer	ee99726	2015-04-04 12:20:28 -0500	[diff] [blame]	475	binascii.unhexlify(b"092384932230498bc980aa8098456f6ff7ff3ac9")
Paul Kehrer	1eb82a6	2015-03-31 20:00:33 -0500	[diff] [blame]	476	)
				477	ext = x509.Extension(x509.OID_SUBJECT_KEY_IDENTIFIER, False, ski)
Paul Kehrer	cbfb101	2015-04-10 20:57:20 -0400	[diff] [blame]	478	if six.PY3:
				479	assert repr(ext) == (
				480	"<Extension(oid=<ObjectIdentifier(oid=2.5.29.14, name=subjectK"
				481	"eyIdentifier)>, critical=False, value=<SubjectKeyIdentifier(d"
				482	"igest=b\'\\t#\\x84\\x93\"0I\\x8b\\xc9\\x80\\xaa\\x80\\x98Eoo"
				483	"\\xf7\\xff:\\xc9\')>)>"
				484	)
				485	else:
				486	assert repr(ext) == (
				487	"<Extension(oid=<ObjectIdentifier(oid=2.5.29.14, name=subjectK"
				488	"eyIdentifier)>, critical=False, value=<SubjectKeyIdentifier(d"
				489	"igest=\'\\t#\\x84\\x93\"0I\\x8b\\xc9\\x80\\xaa\\x80\\x98Eoo"
				490	"\\xf7\\xff:\\xc9\')>)>"
				491	)
Paul Kehrer	1eb82a6	2015-03-31 20:00:33 -0500	[diff] [blame]	492
				493	def test_eq(self):
				494	ski = x509.SubjectKeyIdentifier(
Paul Kehrer	ee99726	2015-04-04 12:20:28 -0500	[diff] [blame]	495	binascii.unhexlify(b"092384932230498bc980aa8098456f6ff7ff3ac9")
Paul Kehrer	1eb82a6	2015-03-31 20:00:33 -0500	[diff] [blame]	496	)
				497	ski2 = x509.SubjectKeyIdentifier(
Paul Kehrer	ee99726	2015-04-04 12:20:28 -0500	[diff] [blame]	498	binascii.unhexlify(b"092384932230498bc980aa8098456f6ff7ff3ac9")
Paul Kehrer	1eb82a6	2015-03-31 20:00:33 -0500	[diff] [blame]	499	)
				500	assert ski == ski2
				501
				502	def test_ne(self):
				503	ski = x509.SubjectKeyIdentifier(
Paul Kehrer	ee99726	2015-04-04 12:20:28 -0500	[diff] [blame]	504	binascii.unhexlify(b"092384932230498bc980aa8098456f6ff7ff3ac9")
Paul Kehrer	1eb82a6	2015-03-31 20:00:33 -0500	[diff] [blame]	505	)
				506	ski2 = x509.SubjectKeyIdentifier(
Paul Kehrer	ee99726	2015-04-04 12:20:28 -0500	[diff] [blame]	507	binascii.unhexlify(b"aa8098456f6ff7ff3ac9092384932230498bc980")
Paul Kehrer	1eb82a6	2015-03-31 20:00:33 -0500	[diff] [blame]	508	)
				509	assert ski != ski2
				510	assert ski != object()
				511
				512
Paul Kehrer	2eb4ed9	2015-04-11 15:33:45 -0400	[diff] [blame]	513	class TestAuthorityKeyIdentifier(object):
Paul Kehrer	c6e0f06	2015-05-03 11:04:34 -0500	[diff] [blame]	514	def test_authority_cert_issuer_not_generalname(self):
Paul Kehrer	2eb4ed9	2015-04-11 15:33:45 -0400	[diff] [blame]	515	with pytest.raises(TypeError):
Paul Kehrer	c6e0f06	2015-05-03 11:04:34 -0500	[diff] [blame]	516	x509.AuthorityKeyIdentifier(b"identifier", ["notname"], 3)
Paul Kehrer	2eb4ed9	2015-04-11 15:33:45 -0400	[diff] [blame]	517
				518	def test_authority_cert_serial_number_not_integer(self):
Paul Kehrer	c6e0f06	2015-05-03 11:04:34 -0500	[diff] [blame]	519	dirname = x509.DirectoryName(
				520	x509.Name([
				521	x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value1'),
				522	x509.NameAttribute(x509.ObjectIdentifier('oid2'), 'value2'),
				523	])
				524	)
Paul Kehrer	2eb4ed9	2015-04-11 15:33:45 -0400	[diff] [blame]	525	with pytest.raises(TypeError):
Paul Kehrer	c6e0f06	2015-05-03 11:04:34 -0500	[diff] [blame]	526	x509.AuthorityKeyIdentifier(b"identifier", [dirname], "notanint")
Paul Kehrer	2eb4ed9	2015-04-11 15:33:45 -0400	[diff] [blame]	527
				528	def test_authority_issuer_none_serial_not_none(self):
				529	with pytest.raises(ValueError):
				530	x509.AuthorityKeyIdentifier(b"identifier", None, 3)
				531
				532	def test_authority_issuer_not_none_serial_none(self):
Paul Kehrer	c6e0f06	2015-05-03 11:04:34 -0500	[diff] [blame]	533	dirname = x509.DirectoryName(
				534	x509.Name([
				535	x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value1'),
				536	x509.NameAttribute(x509.ObjectIdentifier('oid2'), 'value2'),
				537	])
				538	)
Paul Kehrer	2eb4ed9	2015-04-11 15:33:45 -0400	[diff] [blame]	539	with pytest.raises(ValueError):
Paul Kehrer	c6e0f06	2015-05-03 11:04:34 -0500	[diff] [blame]	540	x509.AuthorityKeyIdentifier(b"identifier", [dirname], None)
Paul Kehrer	2eb4ed9	2015-04-11 15:33:45 -0400	[diff] [blame]	541
				542	def test_authority_cert_serial_and_issuer_none(self):
				543	aki = x509.AuthorityKeyIdentifier(b"id", None, None)
				544	assert aki.key_identifier == b"id"
				545	assert aki.authority_cert_issuer is None
				546	assert aki.authority_cert_serial_number is None
				547
				548	def test_repr(self):
Paul Kehrer	c6e0f06	2015-05-03 11:04:34 -0500	[diff] [blame]	549	dirname = x509.DirectoryName(
				550	x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, 'myCN')])
				551	)
				552	aki = x509.AuthorityKeyIdentifier(b"digest", [dirname], 1234)
Paul Kehrer	2eb4ed9	2015-04-11 15:33:45 -0400	[diff] [blame]	553
				554	if six.PY3:
				555	assert repr(aki) == (
				556	"<AuthorityKeyIdentifier(key_identifier=b'digest', authority_"
Paul Kehrer	c6e0f06	2015-05-03 11:04:34 -0500	[diff] [blame]	557	"cert_issuer=[<DirectoryName(value=<Name([<NameAttribute(oid="
				558	"<ObjectIdentifier(oid=2.5.4.3, name=commonName)>, value='myC"
				559	"N')>])>)>], authority_cert_serial_number=1234)>"
Paul Kehrer	2eb4ed9	2015-04-11 15:33:45 -0400	[diff] [blame]	560	)
				561	else:
				562	assert repr(aki) == (
				563	"<AuthorityKeyIdentifier(key_identifier='digest', authority_ce"
Paul Kehrer	c6e0f06	2015-05-03 11:04:34 -0500	[diff] [blame]	564	"rt_issuer=[<DirectoryName(value=<Name([<NameAttribute(oid=<Ob"
				565	"jectIdentifier(oid=2.5.4.3, name=commonName)>, value='myCN')>"
				566	"])>)>], authority_cert_serial_number=1234)>"
Paul Kehrer	2eb4ed9	2015-04-11 15:33:45 -0400	[diff] [blame]	567	)
				568
Paul Kehrer	2ca2eb3	2015-05-03 10:04:57 -0500	[diff] [blame]	569	def test_eq(self):
				570	dirname = x509.DirectoryName(
				571	x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, 'myCN')])
				572	)
				573	aki = x509.AuthorityKeyIdentifier(b"digest", [dirname], 1234)
				574	dirname2 = x509.DirectoryName(
				575	x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, 'myCN')])
				576	)
				577	aki2 = x509.AuthorityKeyIdentifier(b"digest", [dirname2], 1234)
				578	assert aki == aki2
				579
				580	def test_ne(self):
				581	dirname = x509.DirectoryName(
				582	x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, 'myCN')])
				583	)
				584	dirname5 = x509.DirectoryName(
				585	x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, 'aCN')])
				586	)
				587	aki = x509.AuthorityKeyIdentifier(b"digest", [dirname], 1234)
				588	aki2 = x509.AuthorityKeyIdentifier(b"diges", [dirname], 1234)
				589	aki3 = x509.AuthorityKeyIdentifier(b"digest", None, None)
				590	aki4 = x509.AuthorityKeyIdentifier(b"digest", [dirname], 12345)
				591	aki5 = x509.AuthorityKeyIdentifier(b"digest", [dirname5], 12345)
				592	assert aki != aki2
				593	assert aki != aki3
				594	assert aki != aki4
				595	assert aki != aki5
				596	assert aki != object()
				597
Paul Kehrer	2eb4ed9	2015-04-11 15:33:45 -0400	[diff] [blame]	598
Paul Kehrer	8cf2642	2015-03-21 09:50:24 -0500	[diff] [blame]	599	class TestBasicConstraints(object):
				600	def test_ca_not_boolean(self):
				601	with pytest.raises(TypeError):
Paul Kehrer	a5c6e9a	2015-03-23 19:23:43 -0500	[diff] [blame]	602	x509.BasicConstraints(ca="notbool", path_length=None)
Paul Kehrer	8cf2642	2015-03-21 09:50:24 -0500	[diff] [blame]	603
				604	def test_path_length_not_ca(self):
				605	with pytest.raises(ValueError):
Paul Kehrer	a5c6e9a	2015-03-23 19:23:43 -0500	[diff] [blame]	606	x509.BasicConstraints(ca=False, path_length=0)
Paul Kehrer	8cf2642	2015-03-21 09:50:24 -0500	[diff] [blame]	607
				608	def test_path_length_not_int(self):
				609	with pytest.raises(TypeError):
Paul Kehrer	a5c6e9a	2015-03-23 19:23:43 -0500	[diff] [blame]	610	x509.BasicConstraints(ca=True, path_length=1.1)
Paul Kehrer	8cf2642	2015-03-21 09:50:24 -0500	[diff] [blame]	611
				612	with pytest.raises(TypeError):
Paul Kehrer	a5c6e9a	2015-03-23 19:23:43 -0500	[diff] [blame]	613	x509.BasicConstraints(ca=True, path_length="notint")
Paul Kehrer	8cf2642	2015-03-21 09:50:24 -0500	[diff] [blame]	614
				615	def test_path_length_negative(self):
				616	with pytest.raises(TypeError):
Paul Kehrer	a5c6e9a	2015-03-23 19:23:43 -0500	[diff] [blame]	617	x509.BasicConstraints(ca=True, path_length=-1)
Paul Kehrer	8cf2642	2015-03-21 09:50:24 -0500	[diff] [blame]	618
				619	def test_repr(self):
Paul Kehrer	a5c6e9a	2015-03-23 19:23:43 -0500	[diff] [blame]	620	na = x509.BasicConstraints(ca=True, path_length=None)
Paul Kehrer	8cf2642	2015-03-21 09:50:24 -0500	[diff] [blame]	621	assert repr(na) == (
Paul Kehrer	8589466	2015-03-22 13:19:31 -0500	[diff] [blame]	622	"<BasicConstraints(ca=True, path_length=None)>"
Paul Kehrer	8cf2642	2015-03-21 09:50:24 -0500	[diff] [blame]	623	)
Paul Kehrer	fbb7ac8	2015-03-16 19:26:29 -0500	[diff] [blame]	624
				625
Paul Kehrer	ffa2a15	2015-03-31 08:18:25 -0500	[diff] [blame]	626	class TestExtendedKeyUsage(object):
				627	def test_not_all_oids(self):
				628	with pytest.raises(TypeError):
				629	x509.ExtendedKeyUsage(["notoid"])
				630
				631	def test_iter_len(self):
				632	eku = x509.ExtendedKeyUsage([
				633	x509.ObjectIdentifier("1.3.6.1.5.5.7.3.1"),
				634	x509.ObjectIdentifier("1.3.6.1.5.5.7.3.2"),
				635	])
				636	assert len(eku) == 2
				637	assert list(eku) == [
				638	x509.OID_SERVER_AUTH,
				639	x509.OID_CLIENT_AUTH
				640	]
				641
Paul Kehrer	23d10c3	2015-04-02 23:12:32 -0500	[diff] [blame]	642	def test_repr(self):
				643	eku = x509.ExtendedKeyUsage([
				644	x509.ObjectIdentifier("1.3.6.1.5.5.7.3.1"),
				645	x509.ObjectIdentifier("1.3.6.1.5.5.7.3.2"),
				646	])
				647	assert repr(eku) == (
				648	"<ExtendedKeyUsage([<ObjectIdentifier(oid=1.3.6.1.5.5.7.3.1, name="
				649	"serverAuth)>, <ObjectIdentifier(oid=1.3.6.1.5.5.7.3.2, name=clien"
				650	"tAuth)>])>"
				651	)
				652
Paul Kehrer	b047617	2015-05-02 19:34:51 -0500	[diff] [blame]	653	def test_eq(self):
				654	eku = x509.ExtendedKeyUsage([
				655	x509.ObjectIdentifier("1.3.6"), x509.ObjectIdentifier("1.3.7")
				656	])
				657	eku2 = x509.ExtendedKeyUsage([
				658	x509.ObjectIdentifier("1.3.6"), x509.ObjectIdentifier("1.3.7")
				659	])
				660	assert eku == eku2
				661
				662	def test_ne(self):
				663	eku = x509.ExtendedKeyUsage([x509.ObjectIdentifier("1.3.6")])
				664	eku2 = x509.ExtendedKeyUsage([x509.ObjectIdentifier("1.3.6.1")])
				665	assert eku != eku2
				666	assert eku != object()
				667
Paul Kehrer	ffa2a15	2015-03-31 08:18:25 -0500	[diff] [blame]	668
Paul Kehrer	fbb7ac8	2015-03-16 19:26:29 -0500	[diff] [blame]	669	@pytest.mark.requires_backend_interface(interface=RSABackend)
				670	@pytest.mark.requires_backend_interface(interface=X509Backend)
				671	class TestExtensions(object):
				672	def test_no_extensions(self, backend):
				673	cert = _load_cert(
				674	os.path.join("x509", "verisign_md2_root.pem"),
				675	x509.load_pem_x509_certificate,
				676	backend
				677	)
				678	ext = cert.extensions
				679	assert len(ext) == 0
				680	assert list(ext) == []
Paul Kehrer	fa56a23	2015-03-17 13:14:03 -0500	[diff] [blame]	681	with pytest.raises(x509.ExtensionNotFound) as exc:
				682	ext.get_extension_for_oid(x509.OID_BASIC_CONSTRAINTS)
				683
				684	assert exc.value.oid == x509.OID_BASIC_CONSTRAINTS
				685
				686	def test_one_extension(self, backend):
				687	cert = _load_cert(
				688	os.path.join(
				689	"x509", "custom", "basic_constraints_not_critical.pem"
				690	),
				691	x509.load_pem_x509_certificate,
				692	backend
				693	)
				694	extensions = cert.extensions
				695	ext = extensions.get_extension_for_oid(x509.OID_BASIC_CONSTRAINTS)
				696	assert ext is not None
				697	assert ext.value.ca is False
Paul Kehrer	fbb7ac8	2015-03-16 19:26:29 -0500	[diff] [blame]	698
				699	def test_duplicate_extension(self, backend):
				700	cert = _load_cert(
				701	os.path.join(
				702	"x509", "custom", "two_basic_constraints.pem"
				703	),
				704	x509.load_pem_x509_certificate,
				705	backend
				706	)
				707	with pytest.raises(x509.DuplicateExtension) as exc:
				708	cert.extensions
				709
				710	assert exc.value.oid == x509.OID_BASIC_CONSTRAINTS
				711
				712	def test_unsupported_critical_extension(self, backend):
				713	cert = _load_cert(
				714	os.path.join(
				715	"x509", "custom", "unsupported_extension_critical.pem"
				716	),
				717	x509.load_pem_x509_certificate,
				718	backend
				719	)
				720	with pytest.raises(x509.UnsupportedExtension) as exc:
				721	cert.extensions
				722
				723	assert exc.value.oid == x509.ObjectIdentifier("1.2.3.4")
				724
				725	def test_unsupported_extension(self, backend):
				726	# TODO: this will raise an exception when all extensions are complete
				727	cert = _load_cert(
				728	os.path.join(
				729	"x509", "custom", "unsupported_extension.pem"
				730	),
				731	x509.load_pem_x509_certificate,
				732	backend
				733	)
				734	extensions = cert.extensions
				735	assert len(extensions) == 0
Paul Kehrer	fa56a23	2015-03-17 13:14:03 -0500	[diff] [blame]	736
				737
				738	@pytest.mark.requires_backend_interface(interface=RSABackend)
				739	@pytest.mark.requires_backend_interface(interface=X509Backend)
Paul Kehrer	de813ea	2015-03-28 12:44:34 -0500	[diff] [blame]	740	class TestBasicConstraintsExtension(object):
Paul Kehrer	fa56a23	2015-03-17 13:14:03 -0500	[diff] [blame]	741	def test_ca_true_pathlen_6(self, backend):
				742	cert = _load_cert(
				743	os.path.join(
				744	"x509", "PKITS_data", "certs", "pathLenConstraint6CACert.crt"
				745	),
				746	x509.load_der_x509_certificate,
				747	backend
				748	)
				749	ext = cert.extensions.get_extension_for_oid(
				750	x509.OID_BASIC_CONSTRAINTS
				751	)
				752	assert ext is not None
				753	assert ext.critical is True
				754	assert ext.value.ca is True
				755	assert ext.value.path_length == 6
				756
				757	def test_path_length_zero(self, backend):
				758	cert = _load_cert(
				759	os.path.join("x509", "custom", "bc_path_length_zero.pem"),
				760	x509.load_pem_x509_certificate,
				761	backend
				762	)
				763	ext = cert.extensions.get_extension_for_oid(
				764	x509.OID_BASIC_CONSTRAINTS
				765	)
				766	assert ext is not None
				767	assert ext.critical is True
				768	assert ext.value.ca is True
				769	assert ext.value.path_length == 0
				770
				771	def test_ca_true_no_pathlen(self, backend):
				772	cert = _load_cert(
				773	os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"),
				774	x509.load_der_x509_certificate,
				775	backend
				776	)
				777	ext = cert.extensions.get_extension_for_oid(
				778	x509.OID_BASIC_CONSTRAINTS
				779	)
				780	assert ext is not None
				781	assert ext.critical is True
				782	assert ext.value.ca is True
				783	assert ext.value.path_length is None
				784
				785	def test_ca_false(self, backend):
				786	cert = _load_cert(
				787	os.path.join("x509", "cryptography.io.pem"),
				788	x509.load_pem_x509_certificate,
				789	backend
				790	)
				791	ext = cert.extensions.get_extension_for_oid(
				792	x509.OID_BASIC_CONSTRAINTS
				793	)
				794	assert ext is not None
				795	assert ext.critical is True
				796	assert ext.value.ca is False
				797	assert ext.value.path_length is None
				798
				799	def test_no_basic_constraints(self, backend):
				800	cert = _load_cert(
				801	os.path.join(
				802	"x509",
				803	"PKITS_data",
				804	"certs",
				805	"ValidCertificatePathTest1EE.crt"
				806	),
				807	x509.load_der_x509_certificate,
				808	backend
				809	)
				810	with pytest.raises(x509.ExtensionNotFound):
				811	cert.extensions.get_extension_for_oid(x509.OID_BASIC_CONSTRAINTS)
				812
				813	def test_basic_constraint_not_critical(self, backend):
				814	cert = _load_cert(
				815	os.path.join(
				816	"x509", "custom", "basic_constraints_not_critical.pem"
				817	),
				818	x509.load_pem_x509_certificate,
				819	backend
				820	)
				821	ext = cert.extensions.get_extension_for_oid(
				822	x509.OID_BASIC_CONSTRAINTS
				823	)
				824	assert ext is not None
				825	assert ext.critical is False
				826	assert ext.value.ca is False
Paul Kehrer	1eb82a6	2015-03-31 20:00:33 -0500	[diff] [blame]	827
				828
				829	@pytest.mark.requires_backend_interface(interface=RSABackend)
				830	@pytest.mark.requires_backend_interface(interface=X509Backend)
				831	class TestSubjectKeyIdentifierExtension(object):
				832	def test_subject_key_identifier(self, backend):
				833	cert = _load_cert(
				834	os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"),
				835	x509.load_der_x509_certificate,
				836	backend
				837	)
				838	ext = cert.extensions.get_extension_for_oid(
				839	x509.OID_SUBJECT_KEY_IDENTIFIER
				840	)
				841	ski = ext.value
				842	assert ext is not None
				843	assert ext.critical is False
Paul Kehrer	1eb82a6	2015-03-31 20:00:33 -0500	[diff] [blame]	844	assert ski.digest == binascii.unhexlify(
Paul Kehrer	ee99726	2015-04-04 12:20:28 -0500	[diff] [blame]	845	b"580184241bbc2b52944a3da510721451f5af3ac9"
Paul Kehrer	1eb82a6	2015-03-31 20:00:33 -0500	[diff] [blame]	846	)
				847
				848	def test_no_subject_key_identifier(self, backend):
				849	cert = _load_cert(
				850	os.path.join("x509", "custom", "bc_path_length_zero.pem"),
				851	x509.load_pem_x509_certificate,
				852	backend
				853	)
				854	with pytest.raises(x509.ExtensionNotFound):
				855	cert.extensions.get_extension_for_oid(
				856	x509.OID_SUBJECT_KEY_IDENTIFIER
				857	)
Paul Kehrer	5508ee2	2015-04-02 19:31:03 -0500	[diff] [blame]	858
				859
				860	@pytest.mark.requires_backend_interface(interface=RSABackend)
				861	@pytest.mark.requires_backend_interface(interface=X509Backend)
				862	class TestKeyUsageExtension(object):
				863	def test_no_key_usage(self, backend):
				864	cert = _load_cert(
				865	os.path.join("x509", "verisign_md2_root.pem"),
				866	x509.load_pem_x509_certificate,
				867	backend
				868	)
				869	ext = cert.extensions
				870	with pytest.raises(x509.ExtensionNotFound) as exc:
				871	ext.get_extension_for_oid(x509.OID_KEY_USAGE)
				872
				873	assert exc.value.oid == x509.OID_KEY_USAGE
				874
				875	def test_all_purposes(self, backend):
				876	cert = _load_cert(
				877	os.path.join(
				878	"x509", "custom", "all_key_usages.pem"
				879	),
				880	x509.load_pem_x509_certificate,
				881	backend
				882	)
				883	extensions = cert.extensions
				884	ext = extensions.get_extension_for_oid(x509.OID_KEY_USAGE)
				885	assert ext is not None
				886
				887	ku = ext.value
				888	assert ku.digital_signature is True
				889	assert ku.content_commitment is True
				890	assert ku.key_encipherment is True
				891	assert ku.data_encipherment is True
				892	assert ku.key_agreement is True
				893	assert ku.key_cert_sign is True
				894	assert ku.crl_sign is True
				895	assert ku.encipher_only is True
				896	assert ku.decipher_only is True
				897
				898	def test_key_cert_sign_crl_sign(self, backend):
				899	cert = _load_cert(
				900	os.path.join(
				901	"x509", "PKITS_data", "certs", "pathLenConstraint6CACert.crt"
				902	),
				903	x509.load_der_x509_certificate,
				904	backend
				905	)
				906	ext = cert.extensions.get_extension_for_oid(x509.OID_KEY_USAGE)
				907	assert ext is not None
				908	assert ext.critical is True
				909
				910	ku = ext.value
				911	assert ku.digital_signature is False
				912	assert ku.content_commitment is False
				913	assert ku.key_encipherment is False
				914	assert ku.data_encipherment is False
				915	assert ku.key_agreement is False
				916	assert ku.key_cert_sign is True
				917	assert ku.crl_sign is True
Paul Kehrer	31bdf79	2015-03-25 14:11:00 -0500	[diff] [blame]	918
				919
				920	@pytest.mark.parametrize(
				921	"name", [
				922	x509.RFC822Name,
				923	x509.DNSName,
				924	x509.UniformResourceIdentifier
				925	]
				926	)
				927	class TestTextGeneralNames(object):
				928	def test_not_text(self, name):
				929	with pytest.raises(TypeError):
				930	name(b"notaunicodestring")
				931
				932	with pytest.raises(TypeError):
				933	name(1.3)
				934
				935	def test_repr(self, name):
Eeshan Garg	f123415	2015-04-29 18:41:00 +0530	[diff] [blame]	936	gn = name(u"string")
Paul Kehrer	31bdf79	2015-03-25 14:11:00 -0500	[diff] [blame]	937	assert repr(gn) == "<{0}(value=string)>".format(name.__name__)
				938
				939	def test_eq(self, name):
Eeshan Garg	f123415	2015-04-29 18:41:00 +0530	[diff] [blame]	940	gn = name(u"string")
				941	gn2 = name(u"string")
Paul Kehrer	31bdf79	2015-03-25 14:11:00 -0500	[diff] [blame]	942	assert gn == gn2
				943
				944	def test_ne(self, name):
Eeshan Garg	f123415	2015-04-29 18:41:00 +0530	[diff] [blame]	945	gn = name(u"string")
				946	gn2 = name(u"string2")
Paul Kehrer	31bdf79	2015-03-25 14:11:00 -0500	[diff] [blame]	947	assert gn != gn2
				948	assert gn != object()
				949
				950
				951	class TestDirectoryName(object):
				952	def test_not_name(self):
				953	with pytest.raises(TypeError):
				954	x509.DirectoryName(b"notaname")
				955
				956	with pytest.raises(TypeError):
				957	x509.DirectoryName(1.3)
				958
				959	def test_repr(self):
				960	name = x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, 'value1')])
				961	gn = x509.DirectoryName(x509.Name([name]))
				962	assert repr(gn) == (
				963	"<DirectoryName(value=<Name([<Name([<NameAttribute(oid=<ObjectIden"
				964	"tifier(oid=2.5.4.3, name=commonName)>, value='value1')>])>])>)>"
				965	)
				966
				967	def test_eq(self):
				968	name = x509.Name([
				969	x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value1')
				970	])
				971	name2 = x509.Name([
				972	x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value1')
				973	])
				974	gn = x509.DirectoryName(x509.Name([name]))
				975	gn2 = x509.DirectoryName(x509.Name([name2]))
				976	assert gn == gn2
				977
				978	def test_ne(self):
				979	name = x509.Name([
				980	x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value1')
				981	])
				982	name2 = x509.Name([
				983	x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value2')
				984	])
				985	gn = x509.DirectoryName(x509.Name([name]))
				986	gn2 = x509.DirectoryName(x509.Name([name2]))
				987	assert gn != gn2
				988	assert gn != object()
				989
				990
				991	class TestRegisteredID(object):
				992	def test_not_oid(self):
				993	with pytest.raises(TypeError):
				994	x509.RegisteredID(b"notanoid")
				995
				996	with pytest.raises(TypeError):
				997	x509.RegisteredID(1.3)
				998
				999	def test_repr(self):
				1000	gn = x509.RegisteredID(x509.OID_COMMON_NAME)
				1001	assert repr(gn) == (
				1002	"<RegisteredID(value=<ObjectIdentifier(oid=2.5.4.3, name=commonNam"
				1003	"e)>)>"
				1004	)
				1005
				1006	def test_eq(self):
				1007	gn = x509.RegisteredID(x509.OID_COMMON_NAME)
				1008	gn2 = x509.RegisteredID(x509.OID_COMMON_NAME)
				1009	assert gn == gn2
				1010
				1011	def test_ne(self):
				1012	gn = x509.RegisteredID(x509.OID_COMMON_NAME)
				1013	gn2 = x509.RegisteredID(x509.OID_BASIC_CONSTRAINTS)
				1014	assert gn != gn2
				1015	assert gn != object()
				1016
				1017
				1018	class TestIPAddress(object):
				1019	def test_not_ipaddress(self):
				1020	with pytest.raises(TypeError):
				1021	x509.IPAddress(b"notanipaddress")
				1022
				1023	with pytest.raises(TypeError):
				1024	x509.IPAddress(1.3)
				1025
				1026	def test_repr(self):
Eeshan Garg	f123415	2015-04-29 18:41:00 +0530	[diff] [blame]	1027	gn = x509.IPAddress(ipaddress.IPv4Address(u"127.0.0.1"))
Paul Kehrer	31bdf79	2015-03-25 14:11:00 -0500	[diff] [blame]	1028	assert repr(gn) == "<IPAddress(value=127.0.0.1)>"
				1029
Eeshan Garg	f123415	2015-04-29 18:41:00 +0530	[diff] [blame]	1030	gn2 = x509.IPAddress(ipaddress.IPv6Address(u"ff::"))
Paul Kehrer	31bdf79	2015-03-25 14:11:00 -0500	[diff] [blame]	1031	assert repr(gn2) == "<IPAddress(value=ff::)>"
				1032
				1033	def test_eq(self):
Eeshan Garg	f123415	2015-04-29 18:41:00 +0530	[diff] [blame]	1034	gn = x509.IPAddress(ipaddress.IPv4Address(u"127.0.0.1"))
				1035	gn2 = x509.IPAddress(ipaddress.IPv4Address(u"127.0.0.1"))
Paul Kehrer	31bdf79	2015-03-25 14:11:00 -0500	[diff] [blame]	1036	assert gn == gn2
				1037
				1038	def test_ne(self):
Eeshan Garg	f123415	2015-04-29 18:41:00 +0530	[diff] [blame]	1039	gn = x509.IPAddress(ipaddress.IPv4Address(u"127.0.0.1"))
				1040	gn2 = x509.IPAddress(ipaddress.IPv4Address(u"127.0.0.2"))
Paul Kehrer	31bdf79	2015-03-25 14:11:00 -0500	[diff] [blame]	1041	assert gn != gn2
				1042	assert gn != object()
				1043
				1044
				1045	class TestSubjectAlternativeName(object):
				1046	def test_get_values_for_type(self):
				1047	san = x509.SubjectAlternativeName(
Eeshan Garg	f123415	2015-04-29 18:41:00 +0530	[diff] [blame]	1048	[x509.DNSName(u"cryptography.io")]
Paul Kehrer	31bdf79	2015-03-25 14:11:00 -0500	[diff] [blame]	1049	)
				1050	names = san.get_values_for_type(x509.DNSName)
Eeshan Garg	f123415	2015-04-29 18:41:00 +0530	[diff] [blame]	1051	assert names == [u"cryptography.io"]
Paul Kehrer	31bdf79	2015-03-25 14:11:00 -0500	[diff] [blame]	1052
				1053	def test_iter_names(self):
				1054	san = x509.SubjectAlternativeName([
Eeshan Garg	f123415	2015-04-29 18:41:00 +0530	[diff] [blame]	1055	x509.DNSName(u"cryptography.io"),
				1056	x509.DNSName(u"crypto.local"),
Paul Kehrer	31bdf79	2015-03-25 14:11:00 -0500	[diff] [blame]	1057	])
				1058	assert len(san) == 2
				1059	assert list(san) == [
Eeshan Garg	f123415	2015-04-29 18:41:00 +0530	[diff] [blame]	1060	x509.DNSName(u"cryptography.io"),
				1061	x509.DNSName(u"crypto.local"),
Paul Kehrer	31bdf79	2015-03-25 14:11:00 -0500	[diff] [blame]	1062	]
				1063
Paul Kehrer	d04b39b	2015-04-21 08:44:17 -0500	[diff] [blame]	1064	def test_invalid_general_names(self):
				1065	with pytest.raises(TypeError):
				1066	x509.SubjectAlternativeName(
Eeshan Garg	f123415	2015-04-29 18:41:00 +0530	[diff] [blame]	1067	[x509.DNSName(u"cryptography.io"), "invalid"]
Paul Kehrer	d04b39b	2015-04-21 08:44:17 -0500	[diff] [blame]	1068	)
				1069
Paul Kehrer	31bdf79	2015-03-25 14:11:00 -0500	[diff] [blame]	1070	def test_repr(self):
				1071	san = x509.SubjectAlternativeName(
				1072	[
Eeshan Garg	f123415	2015-04-29 18:41:00 +0530	[diff] [blame]	1073	x509.DNSName(u"cryptography.io")
Paul Kehrer	31bdf79	2015-03-25 14:11:00 -0500	[diff] [blame]	1074	]
				1075	)
				1076	assert repr(san) == (
				1077	"<SubjectAlternativeName([<DNSName(value=cryptography.io)>])>"
				1078	)
Paul Kehrer	40f8338	2015-04-20 15:00:16 -0500	[diff] [blame]	1079
Paul Kehrer	58cc397	2015-05-13 10:00:41 -0500	[diff] [blame^]	1080	def test_eq(self):
				1081	san = x509.SubjectAlternativeName(
				1082	[x509.DNSName(u"cryptography.io")]
				1083	)
				1084	san2 = x509.SubjectAlternativeName(
				1085	[x509.DNSName(u"cryptography.io")]
				1086	)
				1087	assert san == san2
				1088
				1089	def test_ne(self):
				1090	san = x509.SubjectAlternativeName(
				1091	[x509.DNSName(u"cryptography.io")]
				1092	)
				1093	san2 = x509.SubjectAlternativeName(
				1094	[x509.RFC822Name(u"admin@cryptography.io")]
				1095	)
				1096	assert san != san2
				1097	assert san != object()
				1098
Paul Kehrer	40f8338	2015-04-20 15:00:16 -0500	[diff] [blame]	1099
				1100	@pytest.mark.requires_backend_interface(interface=RSABackend)
				1101	@pytest.mark.requires_backend_interface(interface=X509Backend)
				1102	class TestRSASubjectAlternativeNameExtension(object):
				1103	def test_dns_name(self, backend):
				1104	cert = _load_cert(
				1105	os.path.join("x509", "cryptography.io.pem"),
				1106	x509.load_pem_x509_certificate,
				1107	backend
				1108	)
				1109	ext = cert.extensions.get_extension_for_oid(
				1110	x509.OID_SUBJECT_ALTERNATIVE_NAME
				1111	)
				1112	assert ext is not None
				1113	assert ext.critical is False
				1114
				1115	san = ext.value
				1116
				1117	dns = san.get_values_for_type(x509.DNSName)
				1118	assert dns == [u"www.cryptography.io", u"cryptography.io"]
Paul Kehrer	9089c91	2015-04-20 22:15:20 -0500	[diff] [blame]	1119
				1120	def test_unsupported_other_name(self, backend):
				1121	cert = _load_cert(
				1122	os.path.join(
				1123	"x509", "custom", "san_other_name.pem"
				1124	),
				1125	x509.load_pem_x509_certificate,
				1126	backend
				1127	)
Paul Kehrer	bed0735	2015-04-21 08:31:10 -0500	[diff] [blame]	1128	with pytest.raises(x509.UnsupportedGeneralNameType) as exc:
Paul Kehrer	9089c91	2015-04-20 22:15:20 -0500	[diff] [blame]	1129	cert.extensions
Paul Kehrer	bed0735	2015-04-21 08:31:10 -0500	[diff] [blame]	1130
Paul Kehrer	0a621bf	2015-04-22 09:22:56 -0500	[diff] [blame]	1131	assert exc.value.type == 0
Paul Kehrer	4db9662	2015-04-20 22:17:39 -0500	[diff] [blame]	1132
				1133	def test_registered_id(self, backend):
				1134	cert = _load_cert(
				1135	os.path.join(
				1136	"x509", "custom", "san_registered_id.pem"
				1137	),
				1138	x509.load_pem_x509_certificate,
				1139	backend
				1140	)
				1141	ext = cert.extensions.get_extension_for_oid(
				1142	x509.OID_SUBJECT_ALTERNATIVE_NAME
				1143	)
				1144	assert ext is not None
				1145	assert ext.critical is False
				1146
				1147	san = ext.value
				1148	rid = san.get_values_for_type(x509.RegisteredID)
				1149	assert rid == [x509.ObjectIdentifier("1.2.3.4")]
Paul Kehrer	b8ef82e	2015-04-22 16:04:24 -0500	[diff] [blame]	1150
				1151	def test_uri(self, backend):
				1152	cert = _load_cert(
				1153	os.path.join(
				1154	"x509", "custom", "san_uri_with_port.pem"
				1155	),
				1156	x509.load_pem_x509_certificate,
				1157	backend
				1158	)
				1159	ext = cert.extensions.get_extension_for_oid(
				1160	x509.OID_SUBJECT_ALTERNATIVE_NAME
				1161	)
				1162	assert ext is not None
				1163	uri = ext.value.get_values_for_type(
				1164	x509.UniformResourceIdentifier
				1165	)
				1166	assert uri == [
				1167	u"gopher://\u043f\u044b\u043a\u0430.cryptography:70/path?q=s#hel"
				1168	u"lo",
				1169	u"http://someregulardomain.com",
				1170	]
Paul Kehrer	a5f030c	2015-04-28 08:33:18 -0500	[diff] [blame]	1171
				1172	def test_ipaddress(self, backend):
				1173	cert = _load_cert(
				1174	os.path.join(
				1175	"x509", "custom", "san_ipaddr.pem"
				1176	),
				1177	x509.load_pem_x509_certificate,
				1178	backend
				1179	)
				1180	ext = cert.extensions.get_extension_for_oid(
				1181	x509.OID_SUBJECT_ALTERNATIVE_NAME
				1182	)
				1183	assert ext is not None
				1184	assert ext.critical is False
				1185
				1186	san = ext.value
				1187
				1188	ip = san.get_values_for_type(x509.IPAddress)
				1189	assert [
				1190	ipaddress.ip_address(u"127.0.0.1"),
				1191	ipaddress.ip_address(u"ff::")
				1192	] == ip
Paul Kehrer	2187a05	2015-04-30 08:22:07 -0500	[diff] [blame]	1193
				1194	def test_dirname(self, backend):
				1195	cert = _load_cert(
				1196	os.path.join(
				1197	"x509", "custom", "san_dirname.pem"
				1198	),
				1199	x509.load_pem_x509_certificate,
				1200	backend
				1201	)
				1202	ext = cert.extensions.get_extension_for_oid(
				1203	x509.OID_SUBJECT_ALTERNATIVE_NAME
				1204	)
				1205	assert ext is not None
				1206	assert ext.critical is False
				1207
				1208	san = ext.value
				1209
				1210	dirname = san.get_values_for_type(x509.DirectoryName)
				1211	assert [
				1212	x509.Name([
				1213	x509.NameAttribute(x509.OID_COMMON_NAME, 'test'),
				1214	x509.NameAttribute(x509.OID_ORGANIZATION_NAME, 'Org'),
				1215	x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, 'Texas'),
				1216	])
				1217	] == dirname
Paul Kehrer	e06cab4	2015-04-30 10:23:33 -0500	[diff] [blame]	1218
				1219	def test_rfc822name(self, backend):
				1220	cert = _load_cert(
				1221	os.path.join(
				1222	"x509", "custom", "san_rfc822_idna.pem"
				1223	),
				1224	x509.load_pem_x509_certificate,
				1225	backend
				1226	)
				1227	ext = cert.extensions.get_extension_for_oid(
				1228	x509.OID_SUBJECT_ALTERNATIVE_NAME
				1229	)
				1230	assert ext is not None
				1231	assert ext.critical is False
				1232
				1233	san = ext.value
				1234
				1235	rfc822name = san.get_values_for_type(x509.RFC822Name)
				1236	assert [u"email@em\xe5\xefl.com"] == rfc822name
				1237
				1238	def test_unicode_rfc822_name_dns_name_uri(self, backend):
				1239	cert = _load_cert(
				1240	os.path.join(
				1241	"x509", "custom", "san_idna_names.pem"
				1242	),
				1243	x509.load_pem_x509_certificate,
				1244	backend
				1245	)
				1246	ext = cert.extensions.get_extension_for_oid(
				1247	x509.OID_SUBJECT_ALTERNATIVE_NAME
				1248	)
				1249	assert ext is not None
				1250	rfc822_name = ext.value.get_values_for_type(x509.RFC822Name)
				1251	dns_name = ext.value.get_values_for_type(x509.DNSName)
				1252	uri = ext.value.get_values_for_type(x509.UniformResourceIdentifier)
				1253	assert rfc822_name == [u"email@\u043f\u044b\u043a\u0430.cryptography"]
				1254	assert dns_name == [u"\u043f\u044b\u043a\u0430.cryptography"]
				1255	assert uri == [u"https://www.\u043f\u044b\u043a\u0430.cryptography"]
				1256
				1257	def test_rfc822name_dnsname_ipaddress_directoryname_uri(self, backend):
				1258	cert = _load_cert(
				1259	os.path.join(
				1260	"x509", "custom", "san_email_dns_ip_dirname_uri.pem"
				1261	),
				1262	x509.load_pem_x509_certificate,
				1263	backend
				1264	)
				1265	ext = cert.extensions.get_extension_for_oid(
				1266	x509.OID_SUBJECT_ALTERNATIVE_NAME
				1267	)
				1268	assert ext is not None
				1269	assert ext.critical is False
				1270
				1271	san = ext.value
				1272
				1273	rfc822_name = san.get_values_for_type(x509.RFC822Name)
				1274	uri = san.get_values_for_type(x509.UniformResourceIdentifier)
				1275	dns = san.get_values_for_type(x509.DNSName)
				1276	ip = san.get_values_for_type(x509.IPAddress)
				1277	dirname = san.get_values_for_type(x509.DirectoryName)
				1278	assert [u"user@cryptography.io"] == rfc822_name
Paul Kehrer	e3a330c	2015-05-02 16:42:52 -0500	[diff] [blame]	1279	assert [u"https://cryptography.io"] == uri
Paul Kehrer	e06cab4	2015-04-30 10:23:33 -0500	[diff] [blame]	1280	assert [u"cryptography.io"] == dns
				1281	assert [
				1282	x509.Name([
				1283	x509.NameAttribute(x509.OID_COMMON_NAME, 'dirCN'),
				1284	x509.NameAttribute(
				1285	x509.OID_ORGANIZATION_NAME, 'Cryptographic Authority'
				1286	),
				1287	])
				1288	] == dirname
				1289	assert [
				1290	ipaddress.ip_address(u"127.0.0.1"),
				1291	ipaddress.ip_address(u"ff::")
				1292	] == ip
				1293
				1294	def test_invalid_rfc822name(self, backend):
				1295	cert = _load_cert(
				1296	os.path.join(
				1297	"x509", "custom", "san_rfc822_names.pem"
				1298	),
				1299	x509.load_pem_x509_certificate,
				1300	backend
				1301	)
				1302	with pytest.raises(ValueError) as exc:
				1303	cert.extensions
				1304
				1305	assert 'Invalid rfc822name value' in str(exc.value)
Paul Kehrer	94c6960	2015-05-02 19:29:40 -0500	[diff] [blame]	1306
				1307
				1308	@pytest.mark.requires_backend_interface(interface=RSABackend)
				1309	@pytest.mark.requires_backend_interface(interface=X509Backend)
				1310	class TestExtendedKeyUsageExtension(object):
				1311	def test_eku(self, backend):
				1312	cert = _load_cert(
				1313	os.path.join(
				1314	"x509", "custom", "extended_key_usage.pem"
				1315	),
				1316	x509.load_pem_x509_certificate,
				1317	backend
				1318	)
				1319	ext = cert.extensions.get_extension_for_oid(
				1320	x509.OID_EXTENDED_KEY_USAGE
				1321	)
				1322	assert ext is not None
				1323	assert ext.critical is False
				1324
				1325	assert [
				1326	x509.ObjectIdentifier("1.3.6.1.5.5.7.3.1"),
				1327	x509.ObjectIdentifier("1.3.6.1.5.5.7.3.2"),
				1328	x509.ObjectIdentifier("1.3.6.1.5.5.7.3.3"),
				1329	x509.ObjectIdentifier("1.3.6.1.5.5.7.3.4"),
				1330	x509.ObjectIdentifier("1.3.6.1.5.5.7.3.9"),
				1331	x509.ObjectIdentifier("1.3.6.1.5.5.7.3.8"),
				1332	x509.ObjectIdentifier("2.5.29.37.0"),
				1333	x509.ObjectIdentifier("2.16.840.1.113730.4.1"),
				1334	] == list(ext.value)
Paul Kehrer	3e6d558	2015-05-02 21:57:56 -0500	[diff] [blame]	1335
				1336
				1337	class TestAccessDescription(object):
				1338	def test_invalid_access_method(self):
Paul Kehrer	f506bca	2015-05-02 22:31:47 -0500	[diff] [blame]	1339	with pytest.raises(ValueError):
Paul Kehrer	3e6d558	2015-05-02 21:57:56 -0500	[diff] [blame]	1340	x509.AccessDescription("notanoid", x509.DNSName(u"test"))
				1341
				1342	def test_invalid_access_location(self):
				1343	with pytest.raises(TypeError):
				1344	x509.AccessDescription(x509.OID_CA_ISSUERS, "invalid")
				1345
				1346	def test_repr(self):
				1347	ad = x509.AccessDescription(
				1348	x509.OID_OCSP,
				1349	x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
				1350	)
				1351	assert repr(ad) == (
				1352	"<AccessDescription(access_method=<ObjectIdentifier(oid=1.3.6.1.5."
				1353	"5.7.48.1, name=OCSP)>, access_location=<UniformResourceIdentifier"
				1354	"(value=http://ocsp.domain.com)>)>"
				1355	)
				1356
				1357	def test_eq(self):
				1358	ad = x509.AccessDescription(
				1359	x509.OID_OCSP,
				1360	x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
				1361	)
				1362	ad2 = x509.AccessDescription(
				1363	x509.OID_OCSP,
				1364	x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
				1365	)
				1366	assert ad == ad2
				1367
				1368	def test_ne(self):
				1369	ad = x509.AccessDescription(
				1370	x509.OID_OCSP,
				1371	x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
				1372	)
				1373	ad2 = x509.AccessDescription(
				1374	x509.OID_CA_ISSUERS,
				1375	x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
				1376	)
				1377	ad3 = x509.AccessDescription(
				1378	x509.OID_OCSP,
				1379	x509.UniformResourceIdentifier(u"http://notthesame")
				1380	)
				1381	assert ad != ad2
				1382	assert ad != ad3
				1383	assert ad != object()
				1384
				1385
				1386	class TestAuthorityInformationAccess(object):
				1387	def test_invalid_descriptions(self):
				1388	with pytest.raises(TypeError):
				1389	x509.AuthorityInformationAccess(["notanAccessDescription"])
				1390
				1391	def test_iter_len(self):
				1392	aia = x509.AuthorityInformationAccess([
				1393	x509.AccessDescription(
				1394	x509.OID_OCSP,
				1395	x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
				1396	),
				1397	x509.AccessDescription(
				1398	x509.OID_CA_ISSUERS,
				1399	x509.UniformResourceIdentifier(u"http://domain.com/ca.crt")
				1400	)
				1401	])
				1402	assert len(aia) == 2
				1403	assert list(aia) == [
				1404	x509.AccessDescription(
				1405	x509.OID_OCSP,
				1406	x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
				1407	),
				1408	x509.AccessDescription(
				1409	x509.OID_CA_ISSUERS,
				1410	x509.UniformResourceIdentifier(u"http://domain.com/ca.crt")
				1411	)
				1412	]
				1413
				1414	def test_repr(self):
				1415	aia = x509.AuthorityInformationAccess([
				1416	x509.AccessDescription(
				1417	x509.OID_OCSP,
				1418	x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
				1419	),
				1420	x509.AccessDescription(
				1421	x509.OID_CA_ISSUERS,
				1422	x509.UniformResourceIdentifier(u"http://domain.com/ca.crt")
				1423	)
				1424	])
				1425	assert repr(aia) == (
				1426	"<AuthorityInformationAccess([<AccessDescription(access_method=<Ob"
				1427	"jectIdentifier(oid=1.3.6.1.5.5.7.48.1, name=OCSP)>, access_locati"
				1428	"on=<UniformResourceIdentifier(value=http://ocsp.domain.com)>)>, <"
				1429	"AccessDescription(access_method=<ObjectIdentifier(oid=1.3.6.1.5.5"
				1430	".7.48.2, name=caIssuers)>, access_location=<UniformResourceIdenti"
				1431	"fier(value=http://domain.com/ca.crt)>)>])>"
				1432	)
				1433
				1434	def test_eq(self):
				1435	aia = x509.AuthorityInformationAccess([
				1436	x509.AccessDescription(
				1437	x509.OID_OCSP,
				1438	x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
				1439	),
				1440	x509.AccessDescription(
				1441	x509.OID_CA_ISSUERS,
				1442	x509.UniformResourceIdentifier(u"http://domain.com/ca.crt")
				1443	)
				1444	])
				1445	aia2 = x509.AuthorityInformationAccess([
				1446	x509.AccessDescription(
				1447	x509.OID_OCSP,
				1448	x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
				1449	),
				1450	x509.AccessDescription(
				1451	x509.OID_CA_ISSUERS,
				1452	x509.UniformResourceIdentifier(u"http://domain.com/ca.crt")
				1453	)
				1454	])
				1455	assert aia == aia2
				1456
				1457	def test_ne(self):
				1458	aia = x509.AuthorityInformationAccess([
				1459	x509.AccessDescription(
				1460	x509.OID_OCSP,
				1461	x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
				1462	),
				1463	x509.AccessDescription(
				1464	x509.OID_CA_ISSUERS,
				1465	x509.UniformResourceIdentifier(u"http://domain.com/ca.crt")
				1466	)
				1467	])
				1468	aia2 = x509.AuthorityInformationAccess([
				1469	x509.AccessDescription(
				1470	x509.OID_OCSP,
				1471	x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
				1472	),
				1473	])
				1474
				1475	assert aia != aia2
				1476	assert aia != object()
Paul Kehrer	d774de9	2015-05-03 10:52:25 -0500	[diff] [blame]	1477
				1478
				1479	@pytest.mark.requires_backend_interface(interface=RSABackend)
				1480	@pytest.mark.requires_backend_interface(interface=X509Backend)
Paul Kehrer	a147699	2015-05-04 17:35:47 -0500	[diff] [blame]	1481	class TestAuthorityInformationAccessExtension(object):
				1482	def test_aia_ocsp_ca_issuers(self, backend):
				1483	cert = _load_cert(
				1484	os.path.join("x509", "cryptography.io.pem"),
				1485	x509.load_pem_x509_certificate,
				1486	backend
				1487	)
				1488	ext = cert.extensions.get_extension_for_oid(
				1489	x509.OID_AUTHORITY_INFORMATION_ACCESS
				1490	)
				1491	assert ext is not None
				1492	assert ext.critical is False
				1493
				1494	assert ext.value == x509.AuthorityInformationAccess([
				1495	x509.AccessDescription(
				1496	x509.OID_OCSP,
				1497	x509.UniformResourceIdentifier(u"http://gv.symcd.com")
				1498	),
				1499	x509.AccessDescription(
				1500	x509.OID_CA_ISSUERS,
				1501	x509.UniformResourceIdentifier(u"http://gv.symcb.com/gv.crt")
				1502	),
				1503	])
				1504
				1505	def test_aia_multiple_ocsp_ca_issuers(self, backend):
				1506	cert = _load_cert(
				1507	os.path.join("x509", "custom", "aia_ocsp_ca_issuers.pem"),
				1508	x509.load_pem_x509_certificate,
				1509	backend
				1510	)
				1511	ext = cert.extensions.get_extension_for_oid(
				1512	x509.OID_AUTHORITY_INFORMATION_ACCESS
				1513	)
				1514	assert ext is not None
				1515	assert ext.critical is False
				1516
				1517	assert ext.value == x509.AuthorityInformationAccess([
				1518	x509.AccessDescription(
				1519	x509.OID_OCSP,
				1520	x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
				1521	),
				1522	x509.AccessDescription(
				1523	x509.OID_OCSP,
				1524	x509.UniformResourceIdentifier(u"http://ocsp2.domain.com")
				1525	),
				1526	x509.AccessDescription(
				1527	x509.OID_CA_ISSUERS,
				1528	x509.DirectoryName(x509.Name([
				1529	x509.NameAttribute(x509.OID_COMMON_NAME, "myCN"),
				1530	x509.NameAttribute(x509.OID_ORGANIZATION_NAME, "some Org"),
				1531	]))
				1532	),
				1533	])
				1534
				1535	def test_aia_ocsp_only(self, backend):
				1536	cert = _load_cert(
				1537	os.path.join("x509", "custom", "aia_ocsp.pem"),
				1538	x509.load_pem_x509_certificate,
				1539	backend
				1540	)
				1541	ext = cert.extensions.get_extension_for_oid(
				1542	x509.OID_AUTHORITY_INFORMATION_ACCESS
				1543	)
				1544	assert ext is not None
				1545	assert ext.critical is False
				1546
				1547	assert ext.value == x509.AuthorityInformationAccess([
				1548	x509.AccessDescription(
				1549	x509.OID_OCSP,
				1550	x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
				1551	),
				1552	])
				1553
				1554	def test_aia_ca_issuers_only(self, backend):
				1555	cert = _load_cert(
				1556	os.path.join("x509", "custom", "aia_ca_issuers.pem"),
				1557	x509.load_pem_x509_certificate,
				1558	backend
				1559	)
				1560	ext = cert.extensions.get_extension_for_oid(
				1561	x509.OID_AUTHORITY_INFORMATION_ACCESS
				1562	)
				1563	assert ext is not None
				1564	assert ext.critical is False
				1565
				1566	assert ext.value == x509.AuthorityInformationAccess([
				1567	x509.AccessDescription(
				1568	x509.OID_CA_ISSUERS,
				1569	x509.DirectoryName(x509.Name([
				1570	x509.NameAttribute(x509.OID_COMMON_NAME, "myCN"),
				1571	x509.NameAttribute(x509.OID_ORGANIZATION_NAME, "some Org"),
				1572	]))
				1573	),
				1574	])
				1575
				1576
				1577	@pytest.mark.requires_backend_interface(interface=RSABackend)
				1578	@pytest.mark.requires_backend_interface(interface=X509Backend)
Paul Kehrer	d774de9	2015-05-03 10:52:25 -0500	[diff] [blame]	1579	class TestAuthorityKeyIdentifierExtension(object):
				1580	def test_aki_keyid(self, backend):
				1581	cert = _load_cert(
				1582	os.path.join(
				1583	"x509", "cryptography.io.pem"
				1584	),
				1585	x509.load_pem_x509_certificate,
				1586	backend
				1587	)
				1588	ext = cert.extensions.get_extension_for_oid(
				1589	x509.OID_AUTHORITY_KEY_IDENTIFIER
				1590	)
				1591	assert ext is not None
				1592	assert ext.critical is False
				1593
				1594	assert ext.value.key_identifier == (
				1595	b"\xc3\x9c\xf3\xfc\xd3F\x084\xbb\xceF\x7f\xa0\|[\xf3\xe2\x08\xcbY"
				1596	)
				1597	assert ext.value.authority_cert_issuer is None
				1598	assert ext.value.authority_cert_serial_number is None
				1599
				1600	def test_aki_all_fields(self, backend):
				1601	cert = _load_cert(
				1602	os.path.join(
				1603	"x509", "custom", "authority_key_identifier.pem"
				1604	),
				1605	x509.load_pem_x509_certificate,
				1606	backend
				1607	)
				1608	ext = cert.extensions.get_extension_for_oid(
				1609	x509.OID_AUTHORITY_KEY_IDENTIFIER
				1610	)
				1611	assert ext is not None
				1612	assert ext.critical is False
				1613
				1614	assert ext.value.key_identifier == (
				1615	b"9E>\xca=b\x1d\xea\x86I\xf6Z\xab@\xb7\xa4p\x98\xf1\xec"
				1616	)
				1617	assert ext.value.authority_cert_issuer == [
				1618	x509.DirectoryName(
				1619	x509.Name([
				1620	x509.NameAttribute(
				1621	x509.OID_ORGANIZATION_NAME, u"PyCA"
				1622	),
				1623	x509.NameAttribute(
				1624	x509.OID_COMMON_NAME, u"cryptography.io"
				1625	)
				1626	])
				1627	)
				1628	]
				1629	assert ext.value.authority_cert_serial_number == 3
				1630
				1631	def test_aki_no_keyid(self, backend):
				1632	cert = _load_cert(
				1633	os.path.join(
				1634	"x509", "custom", "authority_key_identifier_no_keyid.pem"
				1635	),
				1636	x509.load_pem_x509_certificate,
				1637	backend
				1638	)
				1639	ext = cert.extensions.get_extension_for_oid(
				1640	x509.OID_AUTHORITY_KEY_IDENTIFIER
				1641	)
				1642	assert ext is not None
				1643	assert ext.critical is False
				1644
				1645	assert ext.value.key_identifier is None
				1646	assert ext.value.authority_cert_issuer == [
				1647	x509.DirectoryName(
				1648	x509.Name([
				1649	x509.NameAttribute(
				1650	x509.OID_ORGANIZATION_NAME, u"PyCA"
				1651	),
				1652	x509.NameAttribute(
				1653	x509.OID_COMMON_NAME, u"cryptography.io"
				1654	)
				1655	])
				1656	)
				1657	]
				1658	assert ext.value.authority_cert_serial_number == 3
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1659
				1660
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1661	class TestDistributionPoint(object):
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1662	def test_distribution_point_full_name_not_general_names(self):
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1663	with pytest.raises(TypeError):
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1664	x509.DistributionPoint(["notgn"], None, None, None)
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1665
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1666	def test_distribution_point_relative_name_not_name(self):
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1667	with pytest.raises(TypeError):
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1668	x509.DistributionPoint(None, "notname", None, None)
				1669
				1670	def test_distribution_point_full_and_relative_not_none(self):
				1671	with pytest.raises(ValueError):
				1672	x509.DistributionPoint("data", "notname", None, None)
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1673
				1674	def test_crl_issuer_not_general_names(self):
				1675	with pytest.raises(TypeError):
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1676	x509.DistributionPoint(None, None, None, ["notgn"])
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1677
				1678	def test_reason_not_reasonflags(self):
				1679	with pytest.raises(TypeError):
				1680	x509.DistributionPoint(
				1681	[x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1682	None,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1683	frozenset(["notreasonflags"]),
				1684	None
				1685	)
				1686
				1687	def test_reason_not_frozenset(self):
				1688	with pytest.raises(TypeError):
				1689	x509.DistributionPoint(
				1690	[x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
				1691	None,
				1692	[x509.ReasonFlags.ca_compromise],
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1693	None
				1694	)
				1695
				1696	def test_disallowed_reasons(self):
				1697	with pytest.raises(ValueError):
				1698	x509.DistributionPoint(
				1699	[x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
				1700	None,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1701	frozenset([x509.ReasonFlags.unspecified]),
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1702	None
				1703	)
				1704
				1705	with pytest.raises(ValueError):
				1706	x509.DistributionPoint(
				1707	[x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
				1708	None,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1709	frozenset([x509.ReasonFlags.remove_from_crl]),
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1710	None
				1711	)
				1712
				1713	def test_reason_only(self):
				1714	with pytest.raises(ValueError):
				1715	x509.DistributionPoint(
				1716	None,
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1717	None,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1718	frozenset([x509.ReasonFlags.aa_compromise]),
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1719	None
				1720	)
				1721
				1722	def test_eq(self):
				1723	dp = x509.DistributionPoint(
				1724	[x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1725	None,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1726	frozenset([x509.ReasonFlags.superseded]),
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1727	[
				1728	x509.DirectoryName(
				1729	x509.Name([
				1730	x509.NameAttribute(
				1731	x509.OID_COMMON_NAME, "Important CA"
				1732	)
				1733	])
				1734	)
				1735	],
				1736	)
				1737	dp2 = x509.DistributionPoint(
				1738	[x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1739	None,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1740	frozenset([x509.ReasonFlags.superseded]),
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1741	[
				1742	x509.DirectoryName(
				1743	x509.Name([
				1744	x509.NameAttribute(
				1745	x509.OID_COMMON_NAME, "Important CA"
				1746	)
				1747	])
				1748	)
				1749	],
				1750	)
				1751	assert dp == dp2
				1752
				1753	def test_ne(self):
				1754	dp = x509.DistributionPoint(
				1755	[x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1756	None,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1757	frozenset([x509.ReasonFlags.superseded]),
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1758	[
				1759	x509.DirectoryName(
				1760	x509.Name([
				1761	x509.NameAttribute(
				1762	x509.OID_COMMON_NAME, "Important CA"
				1763	)
				1764	])
				1765	)
				1766	],
				1767	)
				1768	dp2 = x509.DistributionPoint(
				1769	[x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
				1770	None,
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1771	None,
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1772	None
				1773	)
				1774	assert dp != dp2
				1775	assert dp != object()
				1776
				1777	def test_repr(self):
				1778	dp = x509.DistributionPoint(
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1779	None,
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1780	x509.Name([
				1781	x509.NameAttribute(x509.OID_COMMON_NAME, "myCN")
				1782	]),
Paul Kehrer	96ef63c	2015-05-09 21:17:04 -0500	[diff] [blame]	1783	frozenset([x509.ReasonFlags.ca_compromise]),
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1784	[
				1785	x509.DirectoryName(
				1786	x509.Name([
				1787	x509.NameAttribute(
				1788	x509.OID_COMMON_NAME, "Important CA"
				1789	)
				1790	])
				1791	)
				1792	],
				1793	)
Paul Kehrer	749da3b	2015-05-10 09:58:29 -0500	[diff] [blame]	1794	if six.PY3:
				1795	assert repr(dp) == (
				1796	"<DistributionPoint(full_name=None, relative_name=<Name([<Name"
				1797	"Attribute(oid=<ObjectIdentifier(oid=2.5.4.3, name=commonName)"
				1798	">, value='myCN')>])>, reasons=frozenset({<ReasonFlags.ca_comp"
				1799	"romise: 'cACompromise'>}), crl_issuer=[<DirectoryName(value=<"
				1800	"Name([<NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.3, name="
				1801	"commonName)>, value='Important CA')>])>)>])>"
				1802	)
				1803	else:
				1804	assert repr(dp) == (
				1805	"<DistributionPoint(full_name=None, relative_name=<Name([<Name"
				1806	"Attribute(oid=<ObjectIdentifier(oid=2.5.4.3, name=commonName)"
				1807	">, value='myCN')>])>, reasons=frozenset([<ReasonFlags.ca_comp"
				1808	"romise: 'cACompromise'>]), crl_issuer=[<DirectoryName(value=<"
				1809	"Name([<NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.3, name="
				1810	"commonName)>, value='Important CA')>])>)>])>"
				1811	)
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1812
				1813
				1814	class TestCRLDistributionPoints(object):
				1815	def test_invalid_distribution_points(self):
				1816	with pytest.raises(TypeError):
				1817	x509.CRLDistributionPoints(["notadistributionpoint"])
				1818
				1819	def test_iter_len(self):
				1820	cdp = x509.CRLDistributionPoints([
				1821	x509.DistributionPoint(
				1822	[x509.UniformResourceIdentifier(u"http://domain")],
				1823	None,
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1824	None,
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1825	None
				1826	),
				1827	x509.DistributionPoint(
				1828	[x509.UniformResourceIdentifier(u"ftp://domain")],
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1829	None,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1830	frozenset([
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1831	x509.ReasonFlags.key_compromise,
				1832	x509.ReasonFlags.ca_compromise,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1833	]),
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1834	None
				1835	),
				1836	])
				1837	assert len(cdp) == 2
				1838	assert list(cdp) == [
				1839	x509.DistributionPoint(
				1840	[x509.UniformResourceIdentifier(u"http://domain")],
				1841	None,
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1842	None,
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1843	None
				1844	),
				1845	x509.DistributionPoint(
				1846	[x509.UniformResourceIdentifier(u"ftp://domain")],
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1847	None,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1848	frozenset([
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1849	x509.ReasonFlags.key_compromise,
				1850	x509.ReasonFlags.ca_compromise,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1851	]),
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1852	None
				1853	),
				1854	]
				1855
				1856	def test_repr(self):
				1857	cdp = x509.CRLDistributionPoints([
				1858	x509.DistributionPoint(
				1859	[x509.UniformResourceIdentifier(u"ftp://domain")],
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1860	None,
Paul Kehrer	96ef63c	2015-05-09 21:17:04 -0500	[diff] [blame]	1861	frozenset([x509.ReasonFlags.key_compromise]),
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1862	None
				1863	),
				1864	])
Paul Kehrer	749da3b	2015-05-10 09:58:29 -0500	[diff] [blame]	1865	if six.PY3:
				1866	assert repr(cdp) == (
				1867	"<CRLDistributionPoints([<DistributionPoint(full_name=[<Unifo"
				1868	"rmResourceIdentifier(value=ftp://domain)>], relative_name=No"
				1869	"ne, reasons=frozenset({<ReasonFlags.key_compromise: 'keyComp"
				1870	"romise'>}), crl_issuer=None)>])>"
				1871	)
				1872	else:
				1873	assert repr(cdp) == (
				1874	"<CRLDistributionPoints([<DistributionPoint(full_name=[<Unifo"
				1875	"rmResourceIdentifier(value=ftp://domain)>], relative_name=No"
				1876	"ne, reasons=frozenset([<ReasonFlags.key_compromise: 'keyComp"
				1877	"romise'>]), crl_issuer=None)>])>"
				1878	)
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1879
				1880	def test_eq(self):
				1881	cdp = x509.CRLDistributionPoints([
				1882	x509.DistributionPoint(
				1883	[x509.UniformResourceIdentifier(u"ftp://domain")],
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1884	None,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1885	frozenset([
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1886	x509.ReasonFlags.key_compromise,
				1887	x509.ReasonFlags.ca_compromise,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1888	]),
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1889	[x509.UniformResourceIdentifier(u"uri://thing")],
				1890	),
				1891	])
				1892	cdp2 = x509.CRLDistributionPoints([
				1893	x509.DistributionPoint(
				1894	[x509.UniformResourceIdentifier(u"ftp://domain")],
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1895	None,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1896	frozenset([
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1897	x509.ReasonFlags.key_compromise,
				1898	x509.ReasonFlags.ca_compromise,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1899	]),
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1900	[x509.UniformResourceIdentifier(u"uri://thing")],
				1901	),
				1902	])
				1903	assert cdp == cdp2
				1904
				1905	def test_ne(self):
				1906	cdp = x509.CRLDistributionPoints([
				1907	x509.DistributionPoint(
				1908	[x509.UniformResourceIdentifier(u"ftp://domain")],
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1909	None,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1910	frozenset([
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1911	x509.ReasonFlags.key_compromise,
				1912	x509.ReasonFlags.ca_compromise,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1913	]),
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1914	[x509.UniformResourceIdentifier(u"uri://thing")],
				1915	),
				1916	])
				1917	cdp2 = x509.CRLDistributionPoints([
				1918	x509.DistributionPoint(
				1919	[x509.UniformResourceIdentifier(u"ftp://domain2")],
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1920	None,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1921	frozenset([
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1922	x509.ReasonFlags.key_compromise,
				1923	x509.ReasonFlags.ca_compromise,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1924	]),
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1925	[x509.UniformResourceIdentifier(u"uri://thing")],
				1926	),
				1927	])
				1928	cdp3 = x509.CRLDistributionPoints([
				1929	x509.DistributionPoint(
				1930	[x509.UniformResourceIdentifier(u"ftp://domain")],
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1931	None,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1932	frozenset([x509.ReasonFlags.key_compromise]),
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1933	[x509.UniformResourceIdentifier(u"uri://thing")],
				1934	),
				1935	])
				1936	cdp4 = x509.CRLDistributionPoints([
				1937	x509.DistributionPoint(
				1938	[x509.UniformResourceIdentifier(u"ftp://domain")],
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1939	None,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1940	frozenset([
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1941	x509.ReasonFlags.key_compromise,
				1942	x509.ReasonFlags.ca_compromise,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1943	]),
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1944	[x509.UniformResourceIdentifier(u"uri://thing2")],
				1945	),
				1946	])
				1947	assert cdp != cdp2
				1948	assert cdp != cdp3
				1949	assert cdp != cdp4
				1950	assert cdp != object()