Blame - tests/test_x509_ext.py - platform/external/python/cryptography

blob: 94b33aeb46ec11c46f13ed14a43a3cc77a0d9280 [file] [log] [blame]

Paul Kehrer	8cf2642	2015-03-21 09:50:24 -0500	[diff] [blame]	1	# This file is dual licensed under the terms of the Apache License, Version
				2	# 2.0, and the BSD License. See the LICENSE file in the root of this repository
				3	# for complete details.
				4
				5	from __future__ import absolute_import, division, print_function
				6
Paul Kehrer	1eb82a6	2015-03-31 20:00:33 -0500	[diff] [blame]	7	import binascii
Paul Kehrer	31bdf79	2015-03-25 14:11:00 -0500	[diff] [blame]	8	import ipaddress
Paul Kehrer	fbb7ac8	2015-03-16 19:26:29 -0500	[diff] [blame]	9	import os
				10
Paul Kehrer	8cf2642	2015-03-21 09:50:24 -0500	[diff] [blame]	11	import pytest
				12
Paul Kehrer	cbfb101	2015-04-10 20:57:20 -0400	[diff] [blame]	13	import six
				14
Paul Kehrer	8cf2642	2015-03-21 09:50:24 -0500	[diff] [blame]	15	from cryptography import x509
Paul Kehrer	fbb7ac8	2015-03-16 19:26:29 -0500	[diff] [blame]	16	from cryptography.hazmat.backends.interfaces import RSABackend, X509Backend
				17
				18	from .test_x509 import _load_cert
Paul Kehrer	8cf2642	2015-03-21 09:50:24 -0500	[diff] [blame]	19
				20
Paul Kehrer	8589466	2015-03-22 13:19:31 -0500	[diff] [blame]	21	class TestExtension(object):
				22	def test_not_an_oid(self):
Paul Kehrer	a5c6e9a	2015-03-23 19:23:43 -0500	[diff] [blame]	23	bc = x509.BasicConstraints(ca=False, path_length=None)
Paul Kehrer	8589466	2015-03-22 13:19:31 -0500	[diff] [blame]	24	with pytest.raises(TypeError):
				25	x509.Extension("notanoid", True, bc)
				26
				27	def test_critical_not_a_bool(self):
Paul Kehrer	a5c6e9a	2015-03-23 19:23:43 -0500	[diff] [blame]	28	bc = x509.BasicConstraints(ca=False, path_length=None)
Paul Kehrer	8589466	2015-03-22 13:19:31 -0500	[diff] [blame]	29	with pytest.raises(TypeError):
				30	x509.Extension(x509.OID_BASIC_CONSTRAINTS, "notabool", bc)
				31
				32	def test_repr(self):
Paul Kehrer	a5c6e9a	2015-03-23 19:23:43 -0500	[diff] [blame]	33	bc = x509.BasicConstraints(ca=False, path_length=None)
Paul Kehrer	8589466	2015-03-22 13:19:31 -0500	[diff] [blame]	34	ext = x509.Extension(x509.OID_BASIC_CONSTRAINTS, True, bc)
				35	assert repr(ext) == (
				36	"<Extension(oid=<ObjectIdentifier(oid=2.5.29.19, name=basicConst"
				37	"raints)>, critical=True, value=<BasicConstraints(ca=False, path"
				38	"_length=None)>)>"
				39	)
				40
				41
Paul Kehrer	2b62258	2015-04-15 11:04:29 -0400	[diff] [blame]	42	class TestNoticeReference(object):
				43	def test_notice_numbers_not_all_int(self):
				44	with pytest.raises(TypeError):
				45	x509.NoticeReference("org", [1, 2, "three"])
				46
				47	def test_notice_numbers_none(self):
Paul Kehrer	6e198b0	2015-05-12 15:53:38 -0500	[diff] [blame]	48	with pytest.raises(TypeError):
				49	x509.NoticeReference("org", None)
Paul Kehrer	2b62258	2015-04-15 11:04:29 -0400	[diff] [blame]	50
				51	def test_repr(self):
Paul Kehrer	73be2ca	2015-05-11 21:22:38 -0500	[diff] [blame]	52	nr = x509.NoticeReference(u"org", [1, 3, 4])
Paul Kehrer	2b62258	2015-04-15 11:04:29 -0400	[diff] [blame]	53
Paul Kehrer	73be2ca	2015-05-11 21:22:38 -0500	[diff] [blame]	54	if six.PY3:
				55	assert repr(nr) == (
				56	"<NoticeReference(organization='org', notice_numbers=[1, 3, 4"
				57	"])>"
				58	)
				59	else:
				60	assert repr(nr) == (
				61	"<NoticeReference(organization=u'org', notice_numbers=[1, 3, "
				62	"4])>"
				63	)
Paul Kehrer	2b62258	2015-04-15 11:04:29 -0400	[diff] [blame]	64
Paul Kehrer	c56ab62	2015-05-03 09:56:31 -0500	[diff] [blame]	65	def test_eq(self):
				66	nr = x509.NoticeReference("org", [1, 2])
				67	nr2 = x509.NoticeReference("org", [1, 2])
				68	assert nr == nr2
				69
				70	def test_ne(self):
				71	nr = x509.NoticeReference("org", [1, 2])
				72	nr2 = x509.NoticeReference("org", [1])
				73	nr3 = x509.NoticeReference(None, [1, 2])
				74	assert nr != nr2
				75	assert nr != nr3
				76	assert nr != object()
				77
Paul Kehrer	2b62258	2015-04-15 11:04:29 -0400	[diff] [blame]	78
				79	class TestUserNotice(object):
				80	def test_notice_reference_invalid(self):
				81	with pytest.raises(TypeError):
				82	x509.UserNotice("invalid", None)
				83
				84	def test_notice_reference_none(self):
				85	un = x509.UserNotice(None, "text")
				86	assert un.notice_reference is None
				87	assert un.explicit_text == "text"
				88
				89	def test_repr(self):
Paul Kehrer	6e198b0	2015-05-12 15:53:38 -0500	[diff] [blame]	90	un = x509.UserNotice(x509.NoticeReference(u"org", [1]), u"text")
Paul Kehrer	73be2ca	2015-05-11 21:22:38 -0500	[diff] [blame]	91	if six.PY3:
				92	assert repr(un) == (
				93	"<UserNotice(notice_reference=<NoticeReference(organization='"
Paul Kehrer	6e198b0	2015-05-12 15:53:38 -0500	[diff] [blame]	94	"org', notice_numbers=[1])>, explicit_text='text')>"
Paul Kehrer	73be2ca	2015-05-11 21:22:38 -0500	[diff] [blame]	95	)
				96	else:
				97	assert repr(un) == (
				98	"<UserNotice(notice_reference=<NoticeReference(organization=u"
Paul Kehrer	6e198b0	2015-05-12 15:53:38 -0500	[diff] [blame]	99	"'org', notice_numbers=[1])>, explicit_text=u'text')>"
Paul Kehrer	73be2ca	2015-05-11 21:22:38 -0500	[diff] [blame]	100	)
Paul Kehrer	2b62258	2015-04-15 11:04:29 -0400	[diff] [blame]	101
Paul Kehrer	c56ab62	2015-05-03 09:56:31 -0500	[diff] [blame]	102	def test_eq(self):
				103	nr = x509.NoticeReference("org", [1, 2])
				104	nr2 = x509.NoticeReference("org", [1, 2])
				105	un = x509.UserNotice(nr, "text")
				106	un2 = x509.UserNotice(nr2, "text")
				107	assert un == un2
				108
				109	def test_ne(self):
				110	nr = x509.NoticeReference("org", [1, 2])
				111	nr2 = x509.NoticeReference("org", [1])
				112	un = x509.UserNotice(nr, "text")
				113	un2 = x509.UserNotice(nr2, "text")
				114	un3 = x509.UserNotice(nr, "text3")
				115	assert un != un2
				116	assert un != un3
				117	assert un != object()
				118
Paul Kehrer	2b62258	2015-04-15 11:04:29 -0400	[diff] [blame]	119
Paul Kehrer	2b62258	2015-04-15 11:04:29 -0400	[diff] [blame]	120	class TestPolicyInformation(object):
				121	def test_invalid_policy_identifier(self):
				122	with pytest.raises(TypeError):
				123	x509.PolicyInformation("notanoid", None)
				124
				125	def test_none_policy_qualifiers(self):
				126	pi = x509.PolicyInformation(x509.ObjectIdentifier("1.2.3"), None)
				127	assert pi.policy_identifier == x509.ObjectIdentifier("1.2.3")
				128	assert pi.policy_qualifiers is None
				129
				130	def test_policy_qualifiers(self):
Paul Kehrer	ba35b3b	2015-05-10 13:07:59 -0500	[diff] [blame]	131	pq = [u"string"]
Paul Kehrer	2b62258	2015-04-15 11:04:29 -0400	[diff] [blame]	132	pi = x509.PolicyInformation(x509.ObjectIdentifier("1.2.3"), pq)
				133	assert pi.policy_identifier == x509.ObjectIdentifier("1.2.3")
				134	assert pi.policy_qualifiers == pq
				135
				136	def test_invalid_policy_identifiers(self):
				137	with pytest.raises(TypeError):
				138	x509.PolicyInformation(x509.ObjectIdentifier("1.2.3"), [1, 2])
				139
				140	def test_repr(self):
Paul Kehrer	73be2ca	2015-05-11 21:22:38 -0500	[diff] [blame]	141	pq = [u"string", x509.UserNotice(None, u"hi")]
Paul Kehrer	2b62258	2015-04-15 11:04:29 -0400	[diff] [blame]	142	pi = x509.PolicyInformation(x509.ObjectIdentifier("1.2.3"), pq)
Paul Kehrer	ba35b3b	2015-05-10 13:07:59 -0500	[diff] [blame]	143	if six.PY3:
				144	assert repr(pi) == (
				145	"<PolicyInformation(policy_identifier=<ObjectIdentifier(oid=1."
				146	"2.3, name=Unknown OID)>, policy_qualifiers=['string', <UserNo"
Paul Kehrer	9aaef9e	2015-05-11 10:49:20 -0500	[diff] [blame]	147	"tice(notice_reference=None, explicit_text='hi')>])>"
Paul Kehrer	ba35b3b	2015-05-10 13:07:59 -0500	[diff] [blame]	148	)
				149	else:
				150	assert repr(pi) == (
				151	"<PolicyInformation(policy_identifier=<ObjectIdentifier(oid=1."
				152	"2.3, name=Unknown OID)>, policy_qualifiers=[u'string', <UserN"
Paul Kehrer	73be2ca	2015-05-11 21:22:38 -0500	[diff] [blame]	153	"otice(notice_reference=None, explicit_text=u'hi')>])>"
Paul Kehrer	ba35b3b	2015-05-10 13:07:59 -0500	[diff] [blame]	154	)
Paul Kehrer	2b62258	2015-04-15 11:04:29 -0400	[diff] [blame]	155
Paul Kehrer	c56ab62	2015-05-03 09:56:31 -0500	[diff] [blame]	156	def test_eq(self):
				157	pi = x509.PolicyInformation(
				158	x509.ObjectIdentifier("1.2.3"),
				159	[u"string", x509.UserNotice(None, u"hi")]
				160	)
				161	pi2 = x509.PolicyInformation(
				162	x509.ObjectIdentifier("1.2.3"),
				163	[u"string", x509.UserNotice(None, u"hi")]
				164	)
				165	assert pi == pi2
				166
				167	def test_ne(self):
				168	pi = x509.PolicyInformation(
				169	x509.ObjectIdentifier("1.2.3"), [u"string"]
				170	)
				171	pi2 = x509.PolicyInformation(
				172	x509.ObjectIdentifier("1.2.3"), [u"string2"]
				173	)
				174	pi3 = x509.PolicyInformation(
				175	x509.ObjectIdentifier("1.2.3.4"), [u"string"]
				176	)
				177	assert pi != pi2
				178	assert pi != pi3
				179	assert pi != object()
				180
Paul Kehrer	2b62258	2015-04-15 11:04:29 -0400	[diff] [blame]	181
				182	class TestCertificatePolicies(object):
				183	def test_invalid_policies(self):
Paul Kehrer	ba35b3b	2015-05-10 13:07:59 -0500	[diff] [blame]	184	pq = [u"string"]
Paul Kehrer	2b62258	2015-04-15 11:04:29 -0400	[diff] [blame]	185	pi = x509.PolicyInformation(x509.ObjectIdentifier("1.2.3"), pq)
				186	with pytest.raises(TypeError):
				187	x509.CertificatePolicies([1, pi])
				188
				189	def test_iter_len(self):
Paul Kehrer	ba35b3b	2015-05-10 13:07:59 -0500	[diff] [blame]	190	pq = [u"string"]
Paul Kehrer	2b62258	2015-04-15 11:04:29 -0400	[diff] [blame]	191	pi = x509.PolicyInformation(x509.ObjectIdentifier("1.2.3"), pq)
				192	cp = x509.CertificatePolicies([pi])
				193	assert len(cp) == 1
				194	for policyinfo in cp:
				195	assert policyinfo == pi
				196
				197	def test_repr(self):
Paul Kehrer	ba35b3b	2015-05-10 13:07:59 -0500	[diff] [blame]	198	pq = [u"string"]
Paul Kehrer	2b62258	2015-04-15 11:04:29 -0400	[diff] [blame]	199	pi = x509.PolicyInformation(x509.ObjectIdentifier("1.2.3"), pq)
				200	cp = x509.CertificatePolicies([pi])
Paul Kehrer	ba35b3b	2015-05-10 13:07:59 -0500	[diff] [blame]	201	if six.PY3:
				202	assert repr(cp) == (
				203	"<CertificatePolicies([<PolicyInformation(policy_identifier=<O"
				204	"bjectIdentifier(oid=1.2.3, name=Unknown OID)>, policy_qualifi"
				205	"ers=['string'])>])>"
				206	)
				207	else:
				208	assert repr(cp) == (
				209	"<CertificatePolicies([<PolicyInformation(policy_identifier=<O"
				210	"bjectIdentifier(oid=1.2.3, name=Unknown OID)>, policy_qualifi"
				211	"ers=[u'string'])>])>"
				212	)
Paul Kehrer	2b62258	2015-04-15 11:04:29 -0400	[diff] [blame]	213
Paul Kehrer	c56ab62	2015-05-03 09:56:31 -0500	[diff] [blame]	214	def test_eq(self):
				215	pi = x509.PolicyInformation(
				216	x509.ObjectIdentifier("1.2.3"), [u"string"]
				217	)
				218	cp = x509.CertificatePolicies([pi])
				219	pi2 = x509.PolicyInformation(
				220	x509.ObjectIdentifier("1.2.3"), [u"string"]
				221	)
				222	cp2 = x509.CertificatePolicies([pi2])
				223	assert cp == cp2
				224
				225	def test_ne(self):
				226	pi = x509.PolicyInformation(
				227	x509.ObjectIdentifier("1.2.3"), [u"string"]
				228	)
				229	cp = x509.CertificatePolicies([pi])
				230	pi2 = x509.PolicyInformation(
				231	x509.ObjectIdentifier("1.2.3"), [u"string2"]
				232	)
				233	cp2 = x509.CertificatePolicies([pi2])
				234	assert cp != cp2
				235	assert cp != object()
				236
Paul Kehrer	2b62258	2015-04-15 11:04:29 -0400	[diff] [blame]	237
Paul Kehrer	11026fe	2015-05-12 11:23:56 -0500	[diff] [blame]	238	@pytest.mark.requires_backend_interface(interface=RSABackend)
				239	@pytest.mark.requires_backend_interface(interface=X509Backend)
				240	class TestCertificatePoliciesExtension(object):
				241	def test_cps_uri_policy_qualifier(self, backend):
				242	cert = _load_cert(
				243	os.path.join("x509", "custom", "cp_cps_uri.pem"),
				244	x509.load_pem_x509_certificate,
				245	backend
				246	)
				247
				248	cp = cert.extensions.get_extension_for_oid(
				249	x509.OID_CERTIFICATE_POLICIES
				250	).value
				251
				252	assert cp == x509.CertificatePolicies([
				253	x509.PolicyInformation(
				254	x509.ObjectIdentifier("2.16.840.1.12345.1.2.3.4.1"),
				255	[u"http://other.com/cps"]
				256	)
				257	])
				258
				259	def test_user_notice_with_notice_reference(self, backend):
				260	cert = _load_cert(
				261	os.path.join(
				262	"x509", "custom", "cp_user_notice_with_notice_reference.pem"
				263	),
				264	x509.load_pem_x509_certificate,
				265	backend
				266	)
				267
				268	cp = cert.extensions.get_extension_for_oid(
				269	x509.OID_CERTIFICATE_POLICIES
				270	).value
				271
				272	assert cp == x509.CertificatePolicies([
				273	x509.PolicyInformation(
				274	x509.ObjectIdentifier("2.16.840.1.12345.1.2.3.4.1"),
				275	[
				276	u"http://example.com/cps",
				277	u"http://other.com/cps",
				278	x509.UserNotice(
				279	x509.NoticeReference(u"my org", [1, 2, 3, 4]),
				280	u"thing"
				281	)
				282	]
				283	)
				284	])
				285
				286	def test_user_notice_with_explicit_text(self, backend):
				287	cert = _load_cert(
				288	os.path.join(
				289	"x509", "custom", "cp_user_notice_with_explicit_text.pem"
				290	),
				291	x509.load_pem_x509_certificate,
				292	backend
				293	)
				294
				295	cp = cert.extensions.get_extension_for_oid(
				296	x509.OID_CERTIFICATE_POLICIES
				297	).value
				298
				299	assert cp == x509.CertificatePolicies([
				300	x509.PolicyInformation(
				301	x509.ObjectIdentifier("2.16.840.1.12345.1.2.3.4.1"),
				302	[x509.UserNotice(None, u"thing")]
				303	)
				304	])
				305
				306	def test_user_notice_no_explicit_text(self, backend):
				307	cert = _load_cert(
				308	os.path.join(
				309	"x509", "custom", "cp_user_notice_no_explicit_text.pem"
				310	),
				311	x509.load_pem_x509_certificate,
				312	backend
				313	)
				314
				315	cp = cert.extensions.get_extension_for_oid(
				316	x509.OID_CERTIFICATE_POLICIES
				317	).value
				318
				319	assert cp == x509.CertificatePolicies([
				320	x509.PolicyInformation(
				321	x509.ObjectIdentifier("2.16.840.1.12345.1.2.3.4.1"),
				322	[
				323	x509.UserNotice(
				324	x509.NoticeReference(u"my org", [1, 2, 3, 4]),
				325	None
				326	)
				327	]
				328	)
				329	])
				330
				331
Paul Kehrer	cecbbba	2015-03-30 14:58:38 -0500	[diff] [blame]	332	class TestKeyUsage(object):
				333	def test_key_agreement_false_encipher_decipher_true(self):
				334	with pytest.raises(ValueError):
				335	x509.KeyUsage(
				336	digital_signature=False,
				337	content_commitment=False,
				338	key_encipherment=False,
				339	data_encipherment=False,
				340	key_agreement=False,
				341	key_cert_sign=False,
				342	crl_sign=False,
				343	encipher_only=True,
				344	decipher_only=False
				345	)
				346
				347	with pytest.raises(ValueError):
				348	x509.KeyUsage(
				349	digital_signature=False,
				350	content_commitment=False,
				351	key_encipherment=False,
				352	data_encipherment=False,
				353	key_agreement=False,
				354	key_cert_sign=False,
				355	crl_sign=False,
				356	encipher_only=True,
				357	decipher_only=True
				358	)
				359
				360	with pytest.raises(ValueError):
				361	x509.KeyUsage(
				362	digital_signature=False,
				363	content_commitment=False,
				364	key_encipherment=False,
				365	data_encipherment=False,
				366	key_agreement=False,
				367	key_cert_sign=False,
				368	crl_sign=False,
				369	encipher_only=False,
				370	decipher_only=True
				371	)
				372
				373	def test_properties_key_agreement_true(self):
				374	ku = x509.KeyUsage(
				375	digital_signature=True,
				376	content_commitment=True,
				377	key_encipherment=False,
				378	data_encipherment=False,
				379	key_agreement=False,
				380	key_cert_sign=True,
				381	crl_sign=False,
				382	encipher_only=False,
				383	decipher_only=False
				384	)
				385	assert ku.digital_signature is True
				386	assert ku.content_commitment is True
				387	assert ku.key_encipherment is False
				388	assert ku.data_encipherment is False
				389	assert ku.key_agreement is False
				390	assert ku.key_cert_sign is True
				391	assert ku.crl_sign is False
				392
				393	def test_key_agreement_true_properties(self):
				394	ku = x509.KeyUsage(
				395	digital_signature=False,
				396	content_commitment=False,
				397	key_encipherment=False,
				398	data_encipherment=False,
				399	key_agreement=True,
				400	key_cert_sign=False,
				401	crl_sign=False,
				402	encipher_only=False,
				403	decipher_only=True
				404	)
				405	assert ku.key_agreement is True
				406	assert ku.encipher_only is False
				407	assert ku.decipher_only is True
				408
				409	def test_key_agreement_false_properties(self):
				410	ku = x509.KeyUsage(
				411	digital_signature=False,
				412	content_commitment=False,
				413	key_encipherment=False,
				414	data_encipherment=False,
				415	key_agreement=False,
				416	key_cert_sign=False,
				417	crl_sign=False,
				418	encipher_only=False,
				419	decipher_only=False
				420	)
				421	assert ku.key_agreement is False
				422	with pytest.raises(ValueError):
				423	ku.encipher_only
				424
				425	with pytest.raises(ValueError):
				426	ku.decipher_only
				427
Paul Kehrer	ac3e5bb	2015-04-02 23:07:10 -0500	[diff] [blame]	428	def test_repr_key_agreement_false(self):
				429	ku = x509.KeyUsage(
				430	digital_signature=True,
				431	content_commitment=True,
				432	key_encipherment=False,
				433	data_encipherment=False,
				434	key_agreement=False,
				435	key_cert_sign=True,
				436	crl_sign=False,
				437	encipher_only=False,
				438	decipher_only=False
				439	)
				440	assert repr(ku) == (
				441	"<KeyUsage(digital_signature=True, content_commitment=True, key_en"
				442	"cipherment=False, data_encipherment=False, key_agreement=False, k"
Paul Kehrer	b372e67	2015-04-15 11:05:24 -0400	[diff] [blame]	443	"ey_cert_sign=True, crl_sign=False, encipher_only=None, decipher_o"
				444	"nly=None)>"
Paul Kehrer	ac3e5bb	2015-04-02 23:07:10 -0500	[diff] [blame]	445	)
				446
				447	def test_repr_key_agreement_true(self):
				448	ku = x509.KeyUsage(
				449	digital_signature=True,
				450	content_commitment=True,
				451	key_encipherment=False,
				452	data_encipherment=False,
				453	key_agreement=True,
				454	key_cert_sign=True,
				455	crl_sign=False,
				456	encipher_only=False,
				457	decipher_only=False
				458	)
				459	assert repr(ku) == (
				460	"<KeyUsage(digital_signature=True, content_commitment=True, key_en"
				461	"cipherment=False, data_encipherment=False, key_agreement=True, k"
				462	"ey_cert_sign=True, crl_sign=False, encipher_only=False, decipher_"
				463	"only=False)>"
				464	)
				465
Paul Kehrer	cecbbba	2015-03-30 14:58:38 -0500	[diff] [blame]	466
Paul Kehrer	1eb82a6	2015-03-31 20:00:33 -0500	[diff] [blame]	467	class TestSubjectKeyIdentifier(object):
				468	def test_properties(self):
Paul Kehrer	cbfb101	2015-04-10 20:57:20 -0400	[diff] [blame]	469	value = binascii.unhexlify(b"092384932230498bc980aa8098456f6ff7ff3ac9")
Paul Kehrer	1eb82a6	2015-03-31 20:00:33 -0500	[diff] [blame]	470	ski = x509.SubjectKeyIdentifier(value)
				471	assert ski.digest == value
Paul Kehrer	1eb82a6	2015-03-31 20:00:33 -0500	[diff] [blame]	472
				473	def test_repr(self):
				474	ski = x509.SubjectKeyIdentifier(
Paul Kehrer	ee99726	2015-04-04 12:20:28 -0500	[diff] [blame]	475	binascii.unhexlify(b"092384932230498bc980aa8098456f6ff7ff3ac9")
Paul Kehrer	1eb82a6	2015-03-31 20:00:33 -0500	[diff] [blame]	476	)
				477	ext = x509.Extension(x509.OID_SUBJECT_KEY_IDENTIFIER, False, ski)
Paul Kehrer	cbfb101	2015-04-10 20:57:20 -0400	[diff] [blame]	478	if six.PY3:
				479	assert repr(ext) == (
				480	"<Extension(oid=<ObjectIdentifier(oid=2.5.29.14, name=subjectK"
				481	"eyIdentifier)>, critical=False, value=<SubjectKeyIdentifier(d"
				482	"igest=b\'\\t#\\x84\\x93\"0I\\x8b\\xc9\\x80\\xaa\\x80\\x98Eoo"
				483	"\\xf7\\xff:\\xc9\')>)>"
				484	)
				485	else:
				486	assert repr(ext) == (
				487	"<Extension(oid=<ObjectIdentifier(oid=2.5.29.14, name=subjectK"
				488	"eyIdentifier)>, critical=False, value=<SubjectKeyIdentifier(d"
				489	"igest=\'\\t#\\x84\\x93\"0I\\x8b\\xc9\\x80\\xaa\\x80\\x98Eoo"
				490	"\\xf7\\xff:\\xc9\')>)>"
				491	)
Paul Kehrer	1eb82a6	2015-03-31 20:00:33 -0500	[diff] [blame]	492
				493	def test_eq(self):
				494	ski = x509.SubjectKeyIdentifier(
Paul Kehrer	ee99726	2015-04-04 12:20:28 -0500	[diff] [blame]	495	binascii.unhexlify(b"092384932230498bc980aa8098456f6ff7ff3ac9")
Paul Kehrer	1eb82a6	2015-03-31 20:00:33 -0500	[diff] [blame]	496	)
				497	ski2 = x509.SubjectKeyIdentifier(
Paul Kehrer	ee99726	2015-04-04 12:20:28 -0500	[diff] [blame]	498	binascii.unhexlify(b"092384932230498bc980aa8098456f6ff7ff3ac9")
Paul Kehrer	1eb82a6	2015-03-31 20:00:33 -0500	[diff] [blame]	499	)
				500	assert ski == ski2
				501
				502	def test_ne(self):
				503	ski = x509.SubjectKeyIdentifier(
Paul Kehrer	ee99726	2015-04-04 12:20:28 -0500	[diff] [blame]	504	binascii.unhexlify(b"092384932230498bc980aa8098456f6ff7ff3ac9")
Paul Kehrer	1eb82a6	2015-03-31 20:00:33 -0500	[diff] [blame]	505	)
				506	ski2 = x509.SubjectKeyIdentifier(
Paul Kehrer	ee99726	2015-04-04 12:20:28 -0500	[diff] [blame]	507	binascii.unhexlify(b"aa8098456f6ff7ff3ac9092384932230498bc980")
Paul Kehrer	1eb82a6	2015-03-31 20:00:33 -0500	[diff] [blame]	508	)
				509	assert ski != ski2
				510	assert ski != object()
				511
				512
Paul Kehrer	2eb4ed9	2015-04-11 15:33:45 -0400	[diff] [blame]	513	class TestAuthorityKeyIdentifier(object):
Paul Kehrer	c6e0f06	2015-05-03 11:04:34 -0500	[diff] [blame]	514	def test_authority_cert_issuer_not_generalname(self):
Paul Kehrer	2eb4ed9	2015-04-11 15:33:45 -0400	[diff] [blame]	515	with pytest.raises(TypeError):
Paul Kehrer	c6e0f06	2015-05-03 11:04:34 -0500	[diff] [blame]	516	x509.AuthorityKeyIdentifier(b"identifier", ["notname"], 3)
Paul Kehrer	2eb4ed9	2015-04-11 15:33:45 -0400	[diff] [blame]	517
				518	def test_authority_cert_serial_number_not_integer(self):
Paul Kehrer	c6e0f06	2015-05-03 11:04:34 -0500	[diff] [blame]	519	dirname = x509.DirectoryName(
				520	x509.Name([
				521	x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value1'),
				522	x509.NameAttribute(x509.ObjectIdentifier('oid2'), 'value2'),
				523	])
				524	)
Paul Kehrer	2eb4ed9	2015-04-11 15:33:45 -0400	[diff] [blame]	525	with pytest.raises(TypeError):
Paul Kehrer	c6e0f06	2015-05-03 11:04:34 -0500	[diff] [blame]	526	x509.AuthorityKeyIdentifier(b"identifier", [dirname], "notanint")
Paul Kehrer	2eb4ed9	2015-04-11 15:33:45 -0400	[diff] [blame]	527
				528	def test_authority_issuer_none_serial_not_none(self):
				529	with pytest.raises(ValueError):
				530	x509.AuthorityKeyIdentifier(b"identifier", None, 3)
				531
				532	def test_authority_issuer_not_none_serial_none(self):
Paul Kehrer	c6e0f06	2015-05-03 11:04:34 -0500	[diff] [blame]	533	dirname = x509.DirectoryName(
				534	x509.Name([
				535	x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value1'),
				536	x509.NameAttribute(x509.ObjectIdentifier('oid2'), 'value2'),
				537	])
				538	)
Paul Kehrer	2eb4ed9	2015-04-11 15:33:45 -0400	[diff] [blame]	539	with pytest.raises(ValueError):
Paul Kehrer	c6e0f06	2015-05-03 11:04:34 -0500	[diff] [blame]	540	x509.AuthorityKeyIdentifier(b"identifier", [dirname], None)
Paul Kehrer	2eb4ed9	2015-04-11 15:33:45 -0400	[diff] [blame]	541
				542	def test_authority_cert_serial_and_issuer_none(self):
				543	aki = x509.AuthorityKeyIdentifier(b"id", None, None)
				544	assert aki.key_identifier == b"id"
				545	assert aki.authority_cert_issuer is None
				546	assert aki.authority_cert_serial_number is None
				547
				548	def test_repr(self):
Paul Kehrer	c6e0f06	2015-05-03 11:04:34 -0500	[diff] [blame]	549	dirname = x509.DirectoryName(
				550	x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, 'myCN')])
				551	)
				552	aki = x509.AuthorityKeyIdentifier(b"digest", [dirname], 1234)
Paul Kehrer	2eb4ed9	2015-04-11 15:33:45 -0400	[diff] [blame]	553
				554	if six.PY3:
				555	assert repr(aki) == (
				556	"<AuthorityKeyIdentifier(key_identifier=b'digest', authority_"
Paul Kehrer	c6e0f06	2015-05-03 11:04:34 -0500	[diff] [blame]	557	"cert_issuer=[<DirectoryName(value=<Name([<NameAttribute(oid="
				558	"<ObjectIdentifier(oid=2.5.4.3, name=commonName)>, value='myC"
				559	"N')>])>)>], authority_cert_serial_number=1234)>"
Paul Kehrer	2eb4ed9	2015-04-11 15:33:45 -0400	[diff] [blame]	560	)
				561	else:
				562	assert repr(aki) == (
				563	"<AuthorityKeyIdentifier(key_identifier='digest', authority_ce"
Paul Kehrer	c6e0f06	2015-05-03 11:04:34 -0500	[diff] [blame]	564	"rt_issuer=[<DirectoryName(value=<Name([<NameAttribute(oid=<Ob"
				565	"jectIdentifier(oid=2.5.4.3, name=commonName)>, value='myCN')>"
				566	"])>)>], authority_cert_serial_number=1234)>"
Paul Kehrer	2eb4ed9	2015-04-11 15:33:45 -0400	[diff] [blame]	567	)
				568
Paul Kehrer	2ca2eb3	2015-05-03 10:04:57 -0500	[diff] [blame]	569	def test_eq(self):
				570	dirname = x509.DirectoryName(
				571	x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, 'myCN')])
				572	)
				573	aki = x509.AuthorityKeyIdentifier(b"digest", [dirname], 1234)
				574	dirname2 = x509.DirectoryName(
				575	x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, 'myCN')])
				576	)
				577	aki2 = x509.AuthorityKeyIdentifier(b"digest", [dirname2], 1234)
				578	assert aki == aki2
				579
				580	def test_ne(self):
				581	dirname = x509.DirectoryName(
				582	x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, 'myCN')])
				583	)
				584	dirname5 = x509.DirectoryName(
				585	x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, 'aCN')])
				586	)
				587	aki = x509.AuthorityKeyIdentifier(b"digest", [dirname], 1234)
				588	aki2 = x509.AuthorityKeyIdentifier(b"diges", [dirname], 1234)
				589	aki3 = x509.AuthorityKeyIdentifier(b"digest", None, None)
				590	aki4 = x509.AuthorityKeyIdentifier(b"digest", [dirname], 12345)
				591	aki5 = x509.AuthorityKeyIdentifier(b"digest", [dirname5], 12345)
				592	assert aki != aki2
				593	assert aki != aki3
				594	assert aki != aki4
				595	assert aki != aki5
				596	assert aki != object()
				597
Paul Kehrer	2eb4ed9	2015-04-11 15:33:45 -0400	[diff] [blame]	598
Paul Kehrer	8cf2642	2015-03-21 09:50:24 -0500	[diff] [blame]	599	class TestBasicConstraints(object):
				600	def test_ca_not_boolean(self):
				601	with pytest.raises(TypeError):
Paul Kehrer	a5c6e9a	2015-03-23 19:23:43 -0500	[diff] [blame]	602	x509.BasicConstraints(ca="notbool", path_length=None)
Paul Kehrer	8cf2642	2015-03-21 09:50:24 -0500	[diff] [blame]	603
				604	def test_path_length_not_ca(self):
				605	with pytest.raises(ValueError):
Paul Kehrer	a5c6e9a	2015-03-23 19:23:43 -0500	[diff] [blame]	606	x509.BasicConstraints(ca=False, path_length=0)
Paul Kehrer	8cf2642	2015-03-21 09:50:24 -0500	[diff] [blame]	607
				608	def test_path_length_not_int(self):
				609	with pytest.raises(TypeError):
Paul Kehrer	a5c6e9a	2015-03-23 19:23:43 -0500	[diff] [blame]	610	x509.BasicConstraints(ca=True, path_length=1.1)
Paul Kehrer	8cf2642	2015-03-21 09:50:24 -0500	[diff] [blame]	611
				612	with pytest.raises(TypeError):
Paul Kehrer	a5c6e9a	2015-03-23 19:23:43 -0500	[diff] [blame]	613	x509.BasicConstraints(ca=True, path_length="notint")
Paul Kehrer	8cf2642	2015-03-21 09:50:24 -0500	[diff] [blame]	614
				615	def test_path_length_negative(self):
				616	with pytest.raises(TypeError):
Paul Kehrer	a5c6e9a	2015-03-23 19:23:43 -0500	[diff] [blame]	617	x509.BasicConstraints(ca=True, path_length=-1)
Paul Kehrer	8cf2642	2015-03-21 09:50:24 -0500	[diff] [blame]	618
				619	def test_repr(self):
Paul Kehrer	a5c6e9a	2015-03-23 19:23:43 -0500	[diff] [blame]	620	na = x509.BasicConstraints(ca=True, path_length=None)
Paul Kehrer	8cf2642	2015-03-21 09:50:24 -0500	[diff] [blame]	621	assert repr(na) == (
Paul Kehrer	8589466	2015-03-22 13:19:31 -0500	[diff] [blame]	622	"<BasicConstraints(ca=True, path_length=None)>"
Paul Kehrer	8cf2642	2015-03-21 09:50:24 -0500	[diff] [blame]	623	)
Paul Kehrer	fbb7ac8	2015-03-16 19:26:29 -0500	[diff] [blame]	624
				625
Paul Kehrer	ffa2a15	2015-03-31 08:18:25 -0500	[diff] [blame]	626	class TestExtendedKeyUsage(object):
				627	def test_not_all_oids(self):
				628	with pytest.raises(TypeError):
				629	x509.ExtendedKeyUsage(["notoid"])
				630
				631	def test_iter_len(self):
				632	eku = x509.ExtendedKeyUsage([
				633	x509.ObjectIdentifier("1.3.6.1.5.5.7.3.1"),
				634	x509.ObjectIdentifier("1.3.6.1.5.5.7.3.2"),
				635	])
				636	assert len(eku) == 2
				637	assert list(eku) == [
				638	x509.OID_SERVER_AUTH,
				639	x509.OID_CLIENT_AUTH
				640	]
				641
Paul Kehrer	23d10c3	2015-04-02 23:12:32 -0500	[diff] [blame]	642	def test_repr(self):
				643	eku = x509.ExtendedKeyUsage([
				644	x509.ObjectIdentifier("1.3.6.1.5.5.7.3.1"),
				645	x509.ObjectIdentifier("1.3.6.1.5.5.7.3.2"),
				646	])
				647	assert repr(eku) == (
				648	"<ExtendedKeyUsage([<ObjectIdentifier(oid=1.3.6.1.5.5.7.3.1, name="
				649	"serverAuth)>, <ObjectIdentifier(oid=1.3.6.1.5.5.7.3.2, name=clien"
				650	"tAuth)>])>"
				651	)
				652
Paul Kehrer	b047617	2015-05-02 19:34:51 -0500	[diff] [blame]	653	def test_eq(self):
				654	eku = x509.ExtendedKeyUsage([
				655	x509.ObjectIdentifier("1.3.6"), x509.ObjectIdentifier("1.3.7")
				656	])
				657	eku2 = x509.ExtendedKeyUsage([
				658	x509.ObjectIdentifier("1.3.6"), x509.ObjectIdentifier("1.3.7")
				659	])
				660	assert eku == eku2
				661
				662	def test_ne(self):
				663	eku = x509.ExtendedKeyUsage([x509.ObjectIdentifier("1.3.6")])
				664	eku2 = x509.ExtendedKeyUsage([x509.ObjectIdentifier("1.3.6.1")])
				665	assert eku != eku2
				666	assert eku != object()
				667
Paul Kehrer	ffa2a15	2015-03-31 08:18:25 -0500	[diff] [blame]	668
Paul Kehrer	fbb7ac8	2015-03-16 19:26:29 -0500	[diff] [blame]	669	@pytest.mark.requires_backend_interface(interface=RSABackend)
				670	@pytest.mark.requires_backend_interface(interface=X509Backend)
				671	class TestExtensions(object):
				672	def test_no_extensions(self, backend):
				673	cert = _load_cert(
				674	os.path.join("x509", "verisign_md2_root.pem"),
				675	x509.load_pem_x509_certificate,
				676	backend
				677	)
				678	ext = cert.extensions
				679	assert len(ext) == 0
				680	assert list(ext) == []
Paul Kehrer	fa56a23	2015-03-17 13:14:03 -0500	[diff] [blame]	681	with pytest.raises(x509.ExtensionNotFound) as exc:
				682	ext.get_extension_for_oid(x509.OID_BASIC_CONSTRAINTS)
				683
				684	assert exc.value.oid == x509.OID_BASIC_CONSTRAINTS
				685
				686	def test_one_extension(self, backend):
				687	cert = _load_cert(
				688	os.path.join(
				689	"x509", "custom", "basic_constraints_not_critical.pem"
				690	),
				691	x509.load_pem_x509_certificate,
				692	backend
				693	)
				694	extensions = cert.extensions
				695	ext = extensions.get_extension_for_oid(x509.OID_BASIC_CONSTRAINTS)
				696	assert ext is not None
				697	assert ext.value.ca is False
Paul Kehrer	fbb7ac8	2015-03-16 19:26:29 -0500	[diff] [blame]	698
				699	def test_duplicate_extension(self, backend):
				700	cert = _load_cert(
				701	os.path.join(
				702	"x509", "custom", "two_basic_constraints.pem"
				703	),
				704	x509.load_pem_x509_certificate,
				705	backend
				706	)
				707	with pytest.raises(x509.DuplicateExtension) as exc:
				708	cert.extensions
				709
				710	assert exc.value.oid == x509.OID_BASIC_CONSTRAINTS
				711
				712	def test_unsupported_critical_extension(self, backend):
				713	cert = _load_cert(
				714	os.path.join(
				715	"x509", "custom", "unsupported_extension_critical.pem"
				716	),
				717	x509.load_pem_x509_certificate,
				718	backend
				719	)
				720	with pytest.raises(x509.UnsupportedExtension) as exc:
				721	cert.extensions
				722
				723	assert exc.value.oid == x509.ObjectIdentifier("1.2.3.4")
				724
				725	def test_unsupported_extension(self, backend):
				726	# TODO: this will raise an exception when all extensions are complete
				727	cert = _load_cert(
				728	os.path.join(
				729	"x509", "custom", "unsupported_extension.pem"
				730	),
				731	x509.load_pem_x509_certificate,
				732	backend
				733	)
				734	extensions = cert.extensions
				735	assert len(extensions) == 0
Paul Kehrer	fa56a23	2015-03-17 13:14:03 -0500	[diff] [blame]	736
				737
				738	@pytest.mark.requires_backend_interface(interface=RSABackend)
				739	@pytest.mark.requires_backend_interface(interface=X509Backend)
Paul Kehrer	de813ea	2015-03-28 12:44:34 -0500	[diff] [blame]	740	class TestBasicConstraintsExtension(object):
Paul Kehrer	fa56a23	2015-03-17 13:14:03 -0500	[diff] [blame]	741	def test_ca_true_pathlen_6(self, backend):
				742	cert = _load_cert(
				743	os.path.join(
				744	"x509", "PKITS_data", "certs", "pathLenConstraint6CACert.crt"
				745	),
				746	x509.load_der_x509_certificate,
				747	backend
				748	)
				749	ext = cert.extensions.get_extension_for_oid(
				750	x509.OID_BASIC_CONSTRAINTS
				751	)
				752	assert ext is not None
				753	assert ext.critical is True
				754	assert ext.value.ca is True
				755	assert ext.value.path_length == 6
				756
				757	def test_path_length_zero(self, backend):
				758	cert = _load_cert(
				759	os.path.join("x509", "custom", "bc_path_length_zero.pem"),
				760	x509.load_pem_x509_certificate,
				761	backend
				762	)
				763	ext = cert.extensions.get_extension_for_oid(
				764	x509.OID_BASIC_CONSTRAINTS
				765	)
				766	assert ext is not None
				767	assert ext.critical is True
				768	assert ext.value.ca is True
				769	assert ext.value.path_length == 0
				770
				771	def test_ca_true_no_pathlen(self, backend):
				772	cert = _load_cert(
				773	os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"),
				774	x509.load_der_x509_certificate,
				775	backend
				776	)
				777	ext = cert.extensions.get_extension_for_oid(
				778	x509.OID_BASIC_CONSTRAINTS
				779	)
				780	assert ext is not None
				781	assert ext.critical is True
				782	assert ext.value.ca is True
				783	assert ext.value.path_length is None
				784
				785	def test_ca_false(self, backend):
				786	cert = _load_cert(
				787	os.path.join("x509", "cryptography.io.pem"),
				788	x509.load_pem_x509_certificate,
				789	backend
				790	)
				791	ext = cert.extensions.get_extension_for_oid(
				792	x509.OID_BASIC_CONSTRAINTS
				793	)
				794	assert ext is not None
				795	assert ext.critical is True
				796	assert ext.value.ca is False
				797	assert ext.value.path_length is None
				798
				799	def test_no_basic_constraints(self, backend):
				800	cert = _load_cert(
				801	os.path.join(
				802	"x509",
				803	"PKITS_data",
				804	"certs",
				805	"ValidCertificatePathTest1EE.crt"
				806	),
				807	x509.load_der_x509_certificate,
				808	backend
				809	)
				810	with pytest.raises(x509.ExtensionNotFound):
				811	cert.extensions.get_extension_for_oid(x509.OID_BASIC_CONSTRAINTS)
				812
				813	def test_basic_constraint_not_critical(self, backend):
				814	cert = _load_cert(
				815	os.path.join(
				816	"x509", "custom", "basic_constraints_not_critical.pem"
				817	),
				818	x509.load_pem_x509_certificate,
				819	backend
				820	)
				821	ext = cert.extensions.get_extension_for_oid(
				822	x509.OID_BASIC_CONSTRAINTS
				823	)
				824	assert ext is not None
				825	assert ext.critical is False
				826	assert ext.value.ca is False
Paul Kehrer	1eb82a6	2015-03-31 20:00:33 -0500	[diff] [blame]	827
				828
				829	@pytest.mark.requires_backend_interface(interface=RSABackend)
				830	@pytest.mark.requires_backend_interface(interface=X509Backend)
				831	class TestSubjectKeyIdentifierExtension(object):
				832	def test_subject_key_identifier(self, backend):
				833	cert = _load_cert(
				834	os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"),
				835	x509.load_der_x509_certificate,
				836	backend
				837	)
				838	ext = cert.extensions.get_extension_for_oid(
				839	x509.OID_SUBJECT_KEY_IDENTIFIER
				840	)
				841	ski = ext.value
				842	assert ext is not None
				843	assert ext.critical is False
Paul Kehrer	1eb82a6	2015-03-31 20:00:33 -0500	[diff] [blame]	844	assert ski.digest == binascii.unhexlify(
Paul Kehrer	ee99726	2015-04-04 12:20:28 -0500	[diff] [blame]	845	b"580184241bbc2b52944a3da510721451f5af3ac9"
Paul Kehrer	1eb82a6	2015-03-31 20:00:33 -0500	[diff] [blame]	846	)
				847
				848	def test_no_subject_key_identifier(self, backend):
				849	cert = _load_cert(
				850	os.path.join("x509", "custom", "bc_path_length_zero.pem"),
				851	x509.load_pem_x509_certificate,
				852	backend
				853	)
				854	with pytest.raises(x509.ExtensionNotFound):
				855	cert.extensions.get_extension_for_oid(
				856	x509.OID_SUBJECT_KEY_IDENTIFIER
				857	)
Paul Kehrer	5508ee2	2015-04-02 19:31:03 -0500	[diff] [blame]	858
				859
				860	@pytest.mark.requires_backend_interface(interface=RSABackend)
				861	@pytest.mark.requires_backend_interface(interface=X509Backend)
				862	class TestKeyUsageExtension(object):
				863	def test_no_key_usage(self, backend):
				864	cert = _load_cert(
				865	os.path.join("x509", "verisign_md2_root.pem"),
				866	x509.load_pem_x509_certificate,
				867	backend
				868	)
				869	ext = cert.extensions
				870	with pytest.raises(x509.ExtensionNotFound) as exc:
				871	ext.get_extension_for_oid(x509.OID_KEY_USAGE)
				872
				873	assert exc.value.oid == x509.OID_KEY_USAGE
				874
				875	def test_all_purposes(self, backend):
				876	cert = _load_cert(
				877	os.path.join(
				878	"x509", "custom", "all_key_usages.pem"
				879	),
				880	x509.load_pem_x509_certificate,
				881	backend
				882	)
				883	extensions = cert.extensions
				884	ext = extensions.get_extension_for_oid(x509.OID_KEY_USAGE)
				885	assert ext is not None
				886
				887	ku = ext.value
				888	assert ku.digital_signature is True
				889	assert ku.content_commitment is True
				890	assert ku.key_encipherment is True
				891	assert ku.data_encipherment is True
				892	assert ku.key_agreement is True
				893	assert ku.key_cert_sign is True
				894	assert ku.crl_sign is True
				895	assert ku.encipher_only is True
				896	assert ku.decipher_only is True
				897
				898	def test_key_cert_sign_crl_sign(self, backend):
				899	cert = _load_cert(
				900	os.path.join(
				901	"x509", "PKITS_data", "certs", "pathLenConstraint6CACert.crt"
				902	),
				903	x509.load_der_x509_certificate,
				904	backend
				905	)
				906	ext = cert.extensions.get_extension_for_oid(x509.OID_KEY_USAGE)
				907	assert ext is not None
				908	assert ext.critical is True
				909
				910	ku = ext.value
				911	assert ku.digital_signature is False
				912	assert ku.content_commitment is False
				913	assert ku.key_encipherment is False
				914	assert ku.data_encipherment is False
				915	assert ku.key_agreement is False
				916	assert ku.key_cert_sign is True
				917	assert ku.crl_sign is True
Paul Kehrer	31bdf79	2015-03-25 14:11:00 -0500	[diff] [blame]	918
				919
				920	@pytest.mark.parametrize(
				921	"name", [
				922	x509.RFC822Name,
				923	x509.DNSName,
				924	x509.UniformResourceIdentifier
				925	]
				926	)
				927	class TestTextGeneralNames(object):
				928	def test_not_text(self, name):
				929	with pytest.raises(TypeError):
				930	name(b"notaunicodestring")
				931
				932	with pytest.raises(TypeError):
				933	name(1.3)
				934
				935	def test_repr(self, name):
Eeshan Garg	f123415	2015-04-29 18:41:00 +0530	[diff] [blame]	936	gn = name(u"string")
Paul Kehrer	31bdf79	2015-03-25 14:11:00 -0500	[diff] [blame]	937	assert repr(gn) == "<{0}(value=string)>".format(name.__name__)
				938
				939	def test_eq(self, name):
Eeshan Garg	f123415	2015-04-29 18:41:00 +0530	[diff] [blame]	940	gn = name(u"string")
				941	gn2 = name(u"string")
Paul Kehrer	31bdf79	2015-03-25 14:11:00 -0500	[diff] [blame]	942	assert gn == gn2
				943
				944	def test_ne(self, name):
Eeshan Garg	f123415	2015-04-29 18:41:00 +0530	[diff] [blame]	945	gn = name(u"string")
				946	gn2 = name(u"string2")
Paul Kehrer	31bdf79	2015-03-25 14:11:00 -0500	[diff] [blame]	947	assert gn != gn2
				948	assert gn != object()
				949
				950
				951	class TestDirectoryName(object):
				952	def test_not_name(self):
				953	with pytest.raises(TypeError):
				954	x509.DirectoryName(b"notaname")
				955
				956	with pytest.raises(TypeError):
				957	x509.DirectoryName(1.3)
				958
				959	def test_repr(self):
				960	name = x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, 'value1')])
				961	gn = x509.DirectoryName(x509.Name([name]))
				962	assert repr(gn) == (
				963	"<DirectoryName(value=<Name([<Name([<NameAttribute(oid=<ObjectIden"
				964	"tifier(oid=2.5.4.3, name=commonName)>, value='value1')>])>])>)>"
				965	)
				966
				967	def test_eq(self):
				968	name = x509.Name([
				969	x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value1')
				970	])
				971	name2 = x509.Name([
				972	x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value1')
				973	])
				974	gn = x509.DirectoryName(x509.Name([name]))
				975	gn2 = x509.DirectoryName(x509.Name([name2]))
				976	assert gn == gn2
				977
				978	def test_ne(self):
				979	name = x509.Name([
				980	x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value1')
				981	])
				982	name2 = x509.Name([
				983	x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value2')
				984	])
				985	gn = x509.DirectoryName(x509.Name([name]))
				986	gn2 = x509.DirectoryName(x509.Name([name2]))
				987	assert gn != gn2
				988	assert gn != object()
				989
				990
				991	class TestRegisteredID(object):
				992	def test_not_oid(self):
				993	with pytest.raises(TypeError):
				994	x509.RegisteredID(b"notanoid")
				995
				996	with pytest.raises(TypeError):
				997	x509.RegisteredID(1.3)
				998
				999	def test_repr(self):
				1000	gn = x509.RegisteredID(x509.OID_COMMON_NAME)
				1001	assert repr(gn) == (
				1002	"<RegisteredID(value=<ObjectIdentifier(oid=2.5.4.3, name=commonNam"
				1003	"e)>)>"
				1004	)
				1005
				1006	def test_eq(self):
				1007	gn = x509.RegisteredID(x509.OID_COMMON_NAME)
				1008	gn2 = x509.RegisteredID(x509.OID_COMMON_NAME)
				1009	assert gn == gn2
				1010
				1011	def test_ne(self):
				1012	gn = x509.RegisteredID(x509.OID_COMMON_NAME)
				1013	gn2 = x509.RegisteredID(x509.OID_BASIC_CONSTRAINTS)
				1014	assert gn != gn2
				1015	assert gn != object()
				1016
				1017
				1018	class TestIPAddress(object):
				1019	def test_not_ipaddress(self):
				1020	with pytest.raises(TypeError):
				1021	x509.IPAddress(b"notanipaddress")
				1022
				1023	with pytest.raises(TypeError):
				1024	x509.IPAddress(1.3)
				1025
				1026	def test_repr(self):
Eeshan Garg	f123415	2015-04-29 18:41:00 +0530	[diff] [blame]	1027	gn = x509.IPAddress(ipaddress.IPv4Address(u"127.0.0.1"))
Paul Kehrer	31bdf79	2015-03-25 14:11:00 -0500	[diff] [blame]	1028	assert repr(gn) == "<IPAddress(value=127.0.0.1)>"
				1029
Eeshan Garg	f123415	2015-04-29 18:41:00 +0530	[diff] [blame]	1030	gn2 = x509.IPAddress(ipaddress.IPv6Address(u"ff::"))
Paul Kehrer	31bdf79	2015-03-25 14:11:00 -0500	[diff] [blame]	1031	assert repr(gn2) == "<IPAddress(value=ff::)>"
				1032
				1033	def test_eq(self):
Eeshan Garg	f123415	2015-04-29 18:41:00 +0530	[diff] [blame]	1034	gn = x509.IPAddress(ipaddress.IPv4Address(u"127.0.0.1"))
				1035	gn2 = x509.IPAddress(ipaddress.IPv4Address(u"127.0.0.1"))
Paul Kehrer	31bdf79	2015-03-25 14:11:00 -0500	[diff] [blame]	1036	assert gn == gn2
				1037
				1038	def test_ne(self):
Eeshan Garg	f123415	2015-04-29 18:41:00 +0530	[diff] [blame]	1039	gn = x509.IPAddress(ipaddress.IPv4Address(u"127.0.0.1"))
				1040	gn2 = x509.IPAddress(ipaddress.IPv4Address(u"127.0.0.2"))
Paul Kehrer	31bdf79	2015-03-25 14:11:00 -0500	[diff] [blame]	1041	assert gn != gn2
				1042	assert gn != object()
				1043
				1044
				1045	class TestSubjectAlternativeName(object):
				1046	def test_get_values_for_type(self):
				1047	san = x509.SubjectAlternativeName(
Eeshan Garg	f123415	2015-04-29 18:41:00 +0530	[diff] [blame]	1048	[x509.DNSName(u"cryptography.io")]
Paul Kehrer	31bdf79	2015-03-25 14:11:00 -0500	[diff] [blame]	1049	)
				1050	names = san.get_values_for_type(x509.DNSName)
Eeshan Garg	f123415	2015-04-29 18:41:00 +0530	[diff] [blame]	1051	assert names == [u"cryptography.io"]
Paul Kehrer	31bdf79	2015-03-25 14:11:00 -0500	[diff] [blame]	1052
				1053	def test_iter_names(self):
				1054	san = x509.SubjectAlternativeName([
Eeshan Garg	f123415	2015-04-29 18:41:00 +0530	[diff] [blame]	1055	x509.DNSName(u"cryptography.io"),
				1056	x509.DNSName(u"crypto.local"),
Paul Kehrer	31bdf79	2015-03-25 14:11:00 -0500	[diff] [blame]	1057	])
				1058	assert len(san) == 2
				1059	assert list(san) == [
Eeshan Garg	f123415	2015-04-29 18:41:00 +0530	[diff] [blame]	1060	x509.DNSName(u"cryptography.io"),
				1061	x509.DNSName(u"crypto.local"),
Paul Kehrer	31bdf79	2015-03-25 14:11:00 -0500	[diff] [blame]	1062	]
				1063
Paul Kehrer	d04b39b	2015-04-21 08:44:17 -0500	[diff] [blame]	1064	def test_invalid_general_names(self):
				1065	with pytest.raises(TypeError):
				1066	x509.SubjectAlternativeName(
Eeshan Garg	f123415	2015-04-29 18:41:00 +0530	[diff] [blame]	1067	[x509.DNSName(u"cryptography.io"), "invalid"]
Paul Kehrer	d04b39b	2015-04-21 08:44:17 -0500	[diff] [blame]	1068	)
				1069
Paul Kehrer	31bdf79	2015-03-25 14:11:00 -0500	[diff] [blame]	1070	def test_repr(self):
				1071	san = x509.SubjectAlternativeName(
				1072	[
Eeshan Garg	f123415	2015-04-29 18:41:00 +0530	[diff] [blame]	1073	x509.DNSName(u"cryptography.io")
Paul Kehrer	31bdf79	2015-03-25 14:11:00 -0500	[diff] [blame]	1074	]
				1075	)
				1076	assert repr(san) == (
				1077	"<SubjectAlternativeName([<DNSName(value=cryptography.io)>])>"
				1078	)
Paul Kehrer	40f8338	2015-04-20 15:00:16 -0500	[diff] [blame]	1079
				1080
				1081	@pytest.mark.requires_backend_interface(interface=RSABackend)
				1082	@pytest.mark.requires_backend_interface(interface=X509Backend)
				1083	class TestRSASubjectAlternativeNameExtension(object):
				1084	def test_dns_name(self, backend):
				1085	cert = _load_cert(
				1086	os.path.join("x509", "cryptography.io.pem"),
				1087	x509.load_pem_x509_certificate,
				1088	backend
				1089	)
				1090	ext = cert.extensions.get_extension_for_oid(
				1091	x509.OID_SUBJECT_ALTERNATIVE_NAME
				1092	)
				1093	assert ext is not None
				1094	assert ext.critical is False
				1095
				1096	san = ext.value
				1097
				1098	dns = san.get_values_for_type(x509.DNSName)
				1099	assert dns == [u"www.cryptography.io", u"cryptography.io"]
Paul Kehrer	9089c91	2015-04-20 22:15:20 -0500	[diff] [blame]	1100
				1101	def test_unsupported_other_name(self, backend):
				1102	cert = _load_cert(
				1103	os.path.join(
				1104	"x509", "custom", "san_other_name.pem"
				1105	),
				1106	x509.load_pem_x509_certificate,
				1107	backend
				1108	)
Paul Kehrer	bed0735	2015-04-21 08:31:10 -0500	[diff] [blame]	1109	with pytest.raises(x509.UnsupportedGeneralNameType) as exc:
Paul Kehrer	9089c91	2015-04-20 22:15:20 -0500	[diff] [blame]	1110	cert.extensions
Paul Kehrer	bed0735	2015-04-21 08:31:10 -0500	[diff] [blame]	1111
Paul Kehrer	0a621bf	2015-04-22 09:22:56 -0500	[diff] [blame]	1112	assert exc.value.type == 0
Paul Kehrer	4db9662	2015-04-20 22:17:39 -0500	[diff] [blame]	1113
				1114	def test_registered_id(self, backend):
				1115	cert = _load_cert(
				1116	os.path.join(
				1117	"x509", "custom", "san_registered_id.pem"
				1118	),
				1119	x509.load_pem_x509_certificate,
				1120	backend
				1121	)
				1122	ext = cert.extensions.get_extension_for_oid(
				1123	x509.OID_SUBJECT_ALTERNATIVE_NAME
				1124	)
				1125	assert ext is not None
				1126	assert ext.critical is False
				1127
				1128	san = ext.value
				1129	rid = san.get_values_for_type(x509.RegisteredID)
				1130	assert rid == [x509.ObjectIdentifier("1.2.3.4")]
Paul Kehrer	b8ef82e	2015-04-22 16:04:24 -0500	[diff] [blame]	1131
				1132	def test_uri(self, backend):
				1133	cert = _load_cert(
				1134	os.path.join(
				1135	"x509", "custom", "san_uri_with_port.pem"
				1136	),
				1137	x509.load_pem_x509_certificate,
				1138	backend
				1139	)
				1140	ext = cert.extensions.get_extension_for_oid(
				1141	x509.OID_SUBJECT_ALTERNATIVE_NAME
				1142	)
				1143	assert ext is not None
				1144	uri = ext.value.get_values_for_type(
				1145	x509.UniformResourceIdentifier
				1146	)
				1147	assert uri == [
				1148	u"gopher://\u043f\u044b\u043a\u0430.cryptography:70/path?q=s#hel"
				1149	u"lo",
				1150	u"http://someregulardomain.com",
				1151	]
Paul Kehrer	a5f030c	2015-04-28 08:33:18 -0500	[diff] [blame]	1152
				1153	def test_ipaddress(self, backend):
				1154	cert = _load_cert(
				1155	os.path.join(
				1156	"x509", "custom", "san_ipaddr.pem"
				1157	),
				1158	x509.load_pem_x509_certificate,
				1159	backend
				1160	)
				1161	ext = cert.extensions.get_extension_for_oid(
				1162	x509.OID_SUBJECT_ALTERNATIVE_NAME
				1163	)
				1164	assert ext is not None
				1165	assert ext.critical is False
				1166
				1167	san = ext.value
				1168
				1169	ip = san.get_values_for_type(x509.IPAddress)
				1170	assert [
				1171	ipaddress.ip_address(u"127.0.0.1"),
				1172	ipaddress.ip_address(u"ff::")
				1173	] == ip
Paul Kehrer	2187a05	2015-04-30 08:22:07 -0500	[diff] [blame]	1174
				1175	def test_dirname(self, backend):
				1176	cert = _load_cert(
				1177	os.path.join(
				1178	"x509", "custom", "san_dirname.pem"
				1179	),
				1180	x509.load_pem_x509_certificate,
				1181	backend
				1182	)
				1183	ext = cert.extensions.get_extension_for_oid(
				1184	x509.OID_SUBJECT_ALTERNATIVE_NAME
				1185	)
				1186	assert ext is not None
				1187	assert ext.critical is False
				1188
				1189	san = ext.value
				1190
				1191	dirname = san.get_values_for_type(x509.DirectoryName)
				1192	assert [
				1193	x509.Name([
				1194	x509.NameAttribute(x509.OID_COMMON_NAME, 'test'),
				1195	x509.NameAttribute(x509.OID_ORGANIZATION_NAME, 'Org'),
				1196	x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, 'Texas'),
				1197	])
				1198	] == dirname
Paul Kehrer	e06cab4	2015-04-30 10:23:33 -0500	[diff] [blame]	1199
				1200	def test_rfc822name(self, backend):
				1201	cert = _load_cert(
				1202	os.path.join(
				1203	"x509", "custom", "san_rfc822_idna.pem"
				1204	),
				1205	x509.load_pem_x509_certificate,
				1206	backend
				1207	)
				1208	ext = cert.extensions.get_extension_for_oid(
				1209	x509.OID_SUBJECT_ALTERNATIVE_NAME
				1210	)
				1211	assert ext is not None
				1212	assert ext.critical is False
				1213
				1214	san = ext.value
				1215
				1216	rfc822name = san.get_values_for_type(x509.RFC822Name)
				1217	assert [u"email@em\xe5\xefl.com"] == rfc822name
				1218
				1219	def test_unicode_rfc822_name_dns_name_uri(self, backend):
				1220	cert = _load_cert(
				1221	os.path.join(
				1222	"x509", "custom", "san_idna_names.pem"
				1223	),
				1224	x509.load_pem_x509_certificate,
				1225	backend
				1226	)
				1227	ext = cert.extensions.get_extension_for_oid(
				1228	x509.OID_SUBJECT_ALTERNATIVE_NAME
				1229	)
				1230	assert ext is not None
				1231	rfc822_name = ext.value.get_values_for_type(x509.RFC822Name)
				1232	dns_name = ext.value.get_values_for_type(x509.DNSName)
				1233	uri = ext.value.get_values_for_type(x509.UniformResourceIdentifier)
				1234	assert rfc822_name == [u"email@\u043f\u044b\u043a\u0430.cryptography"]
				1235	assert dns_name == [u"\u043f\u044b\u043a\u0430.cryptography"]
				1236	assert uri == [u"https://www.\u043f\u044b\u043a\u0430.cryptography"]
				1237
				1238	def test_rfc822name_dnsname_ipaddress_directoryname_uri(self, backend):
				1239	cert = _load_cert(
				1240	os.path.join(
				1241	"x509", "custom", "san_email_dns_ip_dirname_uri.pem"
				1242	),
				1243	x509.load_pem_x509_certificate,
				1244	backend
				1245	)
				1246	ext = cert.extensions.get_extension_for_oid(
				1247	x509.OID_SUBJECT_ALTERNATIVE_NAME
				1248	)
				1249	assert ext is not None
				1250	assert ext.critical is False
				1251
				1252	san = ext.value
				1253
				1254	rfc822_name = san.get_values_for_type(x509.RFC822Name)
				1255	uri = san.get_values_for_type(x509.UniformResourceIdentifier)
				1256	dns = san.get_values_for_type(x509.DNSName)
				1257	ip = san.get_values_for_type(x509.IPAddress)
				1258	dirname = san.get_values_for_type(x509.DirectoryName)
				1259	assert [u"user@cryptography.io"] == rfc822_name
Paul Kehrer	e3a330c	2015-05-02 16:42:52 -0500	[diff] [blame]	1260	assert [u"https://cryptography.io"] == uri
Paul Kehrer	e06cab4	2015-04-30 10:23:33 -0500	[diff] [blame]	1261	assert [u"cryptography.io"] == dns
				1262	assert [
				1263	x509.Name([
				1264	x509.NameAttribute(x509.OID_COMMON_NAME, 'dirCN'),
				1265	x509.NameAttribute(
				1266	x509.OID_ORGANIZATION_NAME, 'Cryptographic Authority'
				1267	),
				1268	])
				1269	] == dirname
				1270	assert [
				1271	ipaddress.ip_address(u"127.0.0.1"),
				1272	ipaddress.ip_address(u"ff::")
				1273	] == ip
				1274
				1275	def test_invalid_rfc822name(self, backend):
				1276	cert = _load_cert(
				1277	os.path.join(
				1278	"x509", "custom", "san_rfc822_names.pem"
				1279	),
				1280	x509.load_pem_x509_certificate,
				1281	backend
				1282	)
				1283	with pytest.raises(ValueError) as exc:
				1284	cert.extensions
				1285
				1286	assert 'Invalid rfc822name value' in str(exc.value)
Paul Kehrer	94c6960	2015-05-02 19:29:40 -0500	[diff] [blame]	1287
				1288
				1289	@pytest.mark.requires_backend_interface(interface=RSABackend)
				1290	@pytest.mark.requires_backend_interface(interface=X509Backend)
				1291	class TestExtendedKeyUsageExtension(object):
				1292	def test_eku(self, backend):
				1293	cert = _load_cert(
				1294	os.path.join(
				1295	"x509", "custom", "extended_key_usage.pem"
				1296	),
				1297	x509.load_pem_x509_certificate,
				1298	backend
				1299	)
				1300	ext = cert.extensions.get_extension_for_oid(
				1301	x509.OID_EXTENDED_KEY_USAGE
				1302	)
				1303	assert ext is not None
				1304	assert ext.critical is False
				1305
				1306	assert [
				1307	x509.ObjectIdentifier("1.3.6.1.5.5.7.3.1"),
				1308	x509.ObjectIdentifier("1.3.6.1.5.5.7.3.2"),
				1309	x509.ObjectIdentifier("1.3.6.1.5.5.7.3.3"),
				1310	x509.ObjectIdentifier("1.3.6.1.5.5.7.3.4"),
				1311	x509.ObjectIdentifier("1.3.6.1.5.5.7.3.9"),
				1312	x509.ObjectIdentifier("1.3.6.1.5.5.7.3.8"),
				1313	x509.ObjectIdentifier("2.5.29.37.0"),
				1314	x509.ObjectIdentifier("2.16.840.1.113730.4.1"),
				1315	] == list(ext.value)
Paul Kehrer	3e6d558	2015-05-02 21:57:56 -0500	[diff] [blame]	1316
				1317
				1318	class TestAccessDescription(object):
				1319	def test_invalid_access_method(self):
Paul Kehrer	f506bca	2015-05-02 22:31:47 -0500	[diff] [blame]	1320	with pytest.raises(ValueError):
Paul Kehrer	3e6d558	2015-05-02 21:57:56 -0500	[diff] [blame]	1321	x509.AccessDescription("notanoid", x509.DNSName(u"test"))
				1322
				1323	def test_invalid_access_location(self):
				1324	with pytest.raises(TypeError):
				1325	x509.AccessDescription(x509.OID_CA_ISSUERS, "invalid")
				1326
				1327	def test_repr(self):
				1328	ad = x509.AccessDescription(
				1329	x509.OID_OCSP,
				1330	x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
				1331	)
				1332	assert repr(ad) == (
				1333	"<AccessDescription(access_method=<ObjectIdentifier(oid=1.3.6.1.5."
				1334	"5.7.48.1, name=OCSP)>, access_location=<UniformResourceIdentifier"
				1335	"(value=http://ocsp.domain.com)>)>"
				1336	)
				1337
				1338	def test_eq(self):
				1339	ad = x509.AccessDescription(
				1340	x509.OID_OCSP,
				1341	x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
				1342	)
				1343	ad2 = x509.AccessDescription(
				1344	x509.OID_OCSP,
				1345	x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
				1346	)
				1347	assert ad == ad2
				1348
				1349	def test_ne(self):
				1350	ad = x509.AccessDescription(
				1351	x509.OID_OCSP,
				1352	x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
				1353	)
				1354	ad2 = x509.AccessDescription(
				1355	x509.OID_CA_ISSUERS,
				1356	x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
				1357	)
				1358	ad3 = x509.AccessDescription(
				1359	x509.OID_OCSP,
				1360	x509.UniformResourceIdentifier(u"http://notthesame")
				1361	)
				1362	assert ad != ad2
				1363	assert ad != ad3
				1364	assert ad != object()
				1365
				1366
				1367	class TestAuthorityInformationAccess(object):
				1368	def test_invalid_descriptions(self):
				1369	with pytest.raises(TypeError):
				1370	x509.AuthorityInformationAccess(["notanAccessDescription"])
				1371
				1372	def test_iter_len(self):
				1373	aia = x509.AuthorityInformationAccess([
				1374	x509.AccessDescription(
				1375	x509.OID_OCSP,
				1376	x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
				1377	),
				1378	x509.AccessDescription(
				1379	x509.OID_CA_ISSUERS,
				1380	x509.UniformResourceIdentifier(u"http://domain.com/ca.crt")
				1381	)
				1382	])
				1383	assert len(aia) == 2
				1384	assert list(aia) == [
				1385	x509.AccessDescription(
				1386	x509.OID_OCSP,
				1387	x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
				1388	),
				1389	x509.AccessDescription(
				1390	x509.OID_CA_ISSUERS,
				1391	x509.UniformResourceIdentifier(u"http://domain.com/ca.crt")
				1392	)
				1393	]
				1394
				1395	def test_repr(self):
				1396	aia = x509.AuthorityInformationAccess([
				1397	x509.AccessDescription(
				1398	x509.OID_OCSP,
				1399	x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
				1400	),
				1401	x509.AccessDescription(
				1402	x509.OID_CA_ISSUERS,
				1403	x509.UniformResourceIdentifier(u"http://domain.com/ca.crt")
				1404	)
				1405	])
				1406	assert repr(aia) == (
				1407	"<AuthorityInformationAccess([<AccessDescription(access_method=<Ob"
				1408	"jectIdentifier(oid=1.3.6.1.5.5.7.48.1, name=OCSP)>, access_locati"
				1409	"on=<UniformResourceIdentifier(value=http://ocsp.domain.com)>)>, <"
				1410	"AccessDescription(access_method=<ObjectIdentifier(oid=1.3.6.1.5.5"
				1411	".7.48.2, name=caIssuers)>, access_location=<UniformResourceIdenti"
				1412	"fier(value=http://domain.com/ca.crt)>)>])>"
				1413	)
				1414
				1415	def test_eq(self):
				1416	aia = x509.AuthorityInformationAccess([
				1417	x509.AccessDescription(
				1418	x509.OID_OCSP,
				1419	x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
				1420	),
				1421	x509.AccessDescription(
				1422	x509.OID_CA_ISSUERS,
				1423	x509.UniformResourceIdentifier(u"http://domain.com/ca.crt")
				1424	)
				1425	])
				1426	aia2 = x509.AuthorityInformationAccess([
				1427	x509.AccessDescription(
				1428	x509.OID_OCSP,
				1429	x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
				1430	),
				1431	x509.AccessDescription(
				1432	x509.OID_CA_ISSUERS,
				1433	x509.UniformResourceIdentifier(u"http://domain.com/ca.crt")
				1434	)
				1435	])
				1436	assert aia == aia2
				1437
				1438	def test_ne(self):
				1439	aia = x509.AuthorityInformationAccess([
				1440	x509.AccessDescription(
				1441	x509.OID_OCSP,
				1442	x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
				1443	),
				1444	x509.AccessDescription(
				1445	x509.OID_CA_ISSUERS,
				1446	x509.UniformResourceIdentifier(u"http://domain.com/ca.crt")
				1447	)
				1448	])
				1449	aia2 = x509.AuthorityInformationAccess([
				1450	x509.AccessDescription(
				1451	x509.OID_OCSP,
				1452	x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
				1453	),
				1454	])
				1455
				1456	assert aia != aia2
				1457	assert aia != object()
Paul Kehrer	d774de9	2015-05-03 10:52:25 -0500	[diff] [blame]	1458
				1459
				1460	@pytest.mark.requires_backend_interface(interface=RSABackend)
				1461	@pytest.mark.requires_backend_interface(interface=X509Backend)
Paul Kehrer	a147699	2015-05-04 17:35:47 -0500	[diff] [blame]	1462	class TestAuthorityInformationAccessExtension(object):
				1463	def test_aia_ocsp_ca_issuers(self, backend):
				1464	cert = _load_cert(
				1465	os.path.join("x509", "cryptography.io.pem"),
				1466	x509.load_pem_x509_certificate,
				1467	backend
				1468	)
				1469	ext = cert.extensions.get_extension_for_oid(
				1470	x509.OID_AUTHORITY_INFORMATION_ACCESS
				1471	)
				1472	assert ext is not None
				1473	assert ext.critical is False
				1474
				1475	assert ext.value == x509.AuthorityInformationAccess([
				1476	x509.AccessDescription(
				1477	x509.OID_OCSP,
				1478	x509.UniformResourceIdentifier(u"http://gv.symcd.com")
				1479	),
				1480	x509.AccessDescription(
				1481	x509.OID_CA_ISSUERS,
				1482	x509.UniformResourceIdentifier(u"http://gv.symcb.com/gv.crt")
				1483	),
				1484	])
				1485
				1486	def test_aia_multiple_ocsp_ca_issuers(self, backend):
				1487	cert = _load_cert(
				1488	os.path.join("x509", "custom", "aia_ocsp_ca_issuers.pem"),
				1489	x509.load_pem_x509_certificate,
				1490	backend
				1491	)
				1492	ext = cert.extensions.get_extension_for_oid(
				1493	x509.OID_AUTHORITY_INFORMATION_ACCESS
				1494	)
				1495	assert ext is not None
				1496	assert ext.critical is False
				1497
				1498	assert ext.value == x509.AuthorityInformationAccess([
				1499	x509.AccessDescription(
				1500	x509.OID_OCSP,
				1501	x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
				1502	),
				1503	x509.AccessDescription(
				1504	x509.OID_OCSP,
				1505	x509.UniformResourceIdentifier(u"http://ocsp2.domain.com")
				1506	),
				1507	x509.AccessDescription(
				1508	x509.OID_CA_ISSUERS,
				1509	x509.DirectoryName(x509.Name([
				1510	x509.NameAttribute(x509.OID_COMMON_NAME, "myCN"),
				1511	x509.NameAttribute(x509.OID_ORGANIZATION_NAME, "some Org"),
				1512	]))
				1513	),
				1514	])
				1515
				1516	def test_aia_ocsp_only(self, backend):
				1517	cert = _load_cert(
				1518	os.path.join("x509", "custom", "aia_ocsp.pem"),
				1519	x509.load_pem_x509_certificate,
				1520	backend
				1521	)
				1522	ext = cert.extensions.get_extension_for_oid(
				1523	x509.OID_AUTHORITY_INFORMATION_ACCESS
				1524	)
				1525	assert ext is not None
				1526	assert ext.critical is False
				1527
				1528	assert ext.value == x509.AuthorityInformationAccess([
				1529	x509.AccessDescription(
				1530	x509.OID_OCSP,
				1531	x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
				1532	),
				1533	])
				1534
				1535	def test_aia_ca_issuers_only(self, backend):
				1536	cert = _load_cert(
				1537	os.path.join("x509", "custom", "aia_ca_issuers.pem"),
				1538	x509.load_pem_x509_certificate,
				1539	backend
				1540	)
				1541	ext = cert.extensions.get_extension_for_oid(
				1542	x509.OID_AUTHORITY_INFORMATION_ACCESS
				1543	)
				1544	assert ext is not None
				1545	assert ext.critical is False
				1546
				1547	assert ext.value == x509.AuthorityInformationAccess([
				1548	x509.AccessDescription(
				1549	x509.OID_CA_ISSUERS,
				1550	x509.DirectoryName(x509.Name([
				1551	x509.NameAttribute(x509.OID_COMMON_NAME, "myCN"),
				1552	x509.NameAttribute(x509.OID_ORGANIZATION_NAME, "some Org"),
				1553	]))
				1554	),
				1555	])
				1556
				1557
				1558	@pytest.mark.requires_backend_interface(interface=RSABackend)
				1559	@pytest.mark.requires_backend_interface(interface=X509Backend)
Paul Kehrer	d774de9	2015-05-03 10:52:25 -0500	[diff] [blame]	1560	class TestAuthorityKeyIdentifierExtension(object):
				1561	def test_aki_keyid(self, backend):
				1562	cert = _load_cert(
				1563	os.path.join(
				1564	"x509", "cryptography.io.pem"
				1565	),
				1566	x509.load_pem_x509_certificate,
				1567	backend
				1568	)
				1569	ext = cert.extensions.get_extension_for_oid(
				1570	x509.OID_AUTHORITY_KEY_IDENTIFIER
				1571	)
				1572	assert ext is not None
				1573	assert ext.critical is False
				1574
				1575	assert ext.value.key_identifier == (
				1576	b"\xc3\x9c\xf3\xfc\xd3F\x084\xbb\xceF\x7f\xa0\|[\xf3\xe2\x08\xcbY"
				1577	)
				1578	assert ext.value.authority_cert_issuer is None
				1579	assert ext.value.authority_cert_serial_number is None
				1580
				1581	def test_aki_all_fields(self, backend):
				1582	cert = _load_cert(
				1583	os.path.join(
				1584	"x509", "custom", "authority_key_identifier.pem"
				1585	),
				1586	x509.load_pem_x509_certificate,
				1587	backend
				1588	)
				1589	ext = cert.extensions.get_extension_for_oid(
				1590	x509.OID_AUTHORITY_KEY_IDENTIFIER
				1591	)
				1592	assert ext is not None
				1593	assert ext.critical is False
				1594
				1595	assert ext.value.key_identifier == (
				1596	b"9E>\xca=b\x1d\xea\x86I\xf6Z\xab@\xb7\xa4p\x98\xf1\xec"
				1597	)
				1598	assert ext.value.authority_cert_issuer == [
				1599	x509.DirectoryName(
				1600	x509.Name([
				1601	x509.NameAttribute(
				1602	x509.OID_ORGANIZATION_NAME, u"PyCA"
				1603	),
				1604	x509.NameAttribute(
				1605	x509.OID_COMMON_NAME, u"cryptography.io"
				1606	)
				1607	])
				1608	)
				1609	]
				1610	assert ext.value.authority_cert_serial_number == 3
				1611
				1612	def test_aki_no_keyid(self, backend):
				1613	cert = _load_cert(
				1614	os.path.join(
				1615	"x509", "custom", "authority_key_identifier_no_keyid.pem"
				1616	),
				1617	x509.load_pem_x509_certificate,
				1618	backend
				1619	)
				1620	ext = cert.extensions.get_extension_for_oid(
				1621	x509.OID_AUTHORITY_KEY_IDENTIFIER
				1622	)
				1623	assert ext is not None
				1624	assert ext.critical is False
				1625
				1626	assert ext.value.key_identifier is None
				1627	assert ext.value.authority_cert_issuer == [
				1628	x509.DirectoryName(
				1629	x509.Name([
				1630	x509.NameAttribute(
				1631	x509.OID_ORGANIZATION_NAME, u"PyCA"
				1632	),
				1633	x509.NameAttribute(
				1634	x509.OID_COMMON_NAME, u"cryptography.io"
				1635	)
				1636	])
				1637	)
				1638	]
				1639	assert ext.value.authority_cert_serial_number == 3
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1640
				1641
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1642	class TestDistributionPoint(object):
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1643	def test_distribution_point_full_name_not_general_names(self):
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1644	with pytest.raises(TypeError):
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1645	x509.DistributionPoint(["notgn"], None, None, None)
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1646
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1647	def test_distribution_point_relative_name_not_name(self):
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1648	with pytest.raises(TypeError):
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1649	x509.DistributionPoint(None, "notname", None, None)
				1650
				1651	def test_distribution_point_full_and_relative_not_none(self):
				1652	with pytest.raises(ValueError):
				1653	x509.DistributionPoint("data", "notname", None, None)
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1654
				1655	def test_crl_issuer_not_general_names(self):
				1656	with pytest.raises(TypeError):
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1657	x509.DistributionPoint(None, None, None, ["notgn"])
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1658
				1659	def test_reason_not_reasonflags(self):
				1660	with pytest.raises(TypeError):
				1661	x509.DistributionPoint(
				1662	[x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1663	None,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1664	frozenset(["notreasonflags"]),
				1665	None
				1666	)
				1667
				1668	def test_reason_not_frozenset(self):
				1669	with pytest.raises(TypeError):
				1670	x509.DistributionPoint(
				1671	[x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
				1672	None,
				1673	[x509.ReasonFlags.ca_compromise],
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1674	None
				1675	)
				1676
				1677	def test_disallowed_reasons(self):
				1678	with pytest.raises(ValueError):
				1679	x509.DistributionPoint(
				1680	[x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
				1681	None,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1682	frozenset([x509.ReasonFlags.unspecified]),
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1683	None
				1684	)
				1685
				1686	with pytest.raises(ValueError):
				1687	x509.DistributionPoint(
				1688	[x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
				1689	None,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1690	frozenset([x509.ReasonFlags.remove_from_crl]),
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1691	None
				1692	)
				1693
				1694	def test_reason_only(self):
				1695	with pytest.raises(ValueError):
				1696	x509.DistributionPoint(
				1697	None,
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1698	None,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1699	frozenset([x509.ReasonFlags.aa_compromise]),
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1700	None
				1701	)
				1702
				1703	def test_eq(self):
				1704	dp = x509.DistributionPoint(
				1705	[x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1706	None,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1707	frozenset([x509.ReasonFlags.superseded]),
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1708	[
				1709	x509.DirectoryName(
				1710	x509.Name([
				1711	x509.NameAttribute(
				1712	x509.OID_COMMON_NAME, "Important CA"
				1713	)
				1714	])
				1715	)
				1716	],
				1717	)
				1718	dp2 = x509.DistributionPoint(
				1719	[x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1720	None,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1721	frozenset([x509.ReasonFlags.superseded]),
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1722	[
				1723	x509.DirectoryName(
				1724	x509.Name([
				1725	x509.NameAttribute(
				1726	x509.OID_COMMON_NAME, "Important CA"
				1727	)
				1728	])
				1729	)
				1730	],
				1731	)
				1732	assert dp == dp2
				1733
				1734	def test_ne(self):
				1735	dp = x509.DistributionPoint(
				1736	[x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1737	None,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1738	frozenset([x509.ReasonFlags.superseded]),
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1739	[
				1740	x509.DirectoryName(
				1741	x509.Name([
				1742	x509.NameAttribute(
				1743	x509.OID_COMMON_NAME, "Important CA"
				1744	)
				1745	])
				1746	)
				1747	],
				1748	)
				1749	dp2 = x509.DistributionPoint(
				1750	[x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
				1751	None,
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1752	None,
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1753	None
				1754	)
				1755	assert dp != dp2
				1756	assert dp != object()
				1757
				1758	def test_repr(self):
				1759	dp = x509.DistributionPoint(
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1760	None,
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1761	x509.Name([
				1762	x509.NameAttribute(x509.OID_COMMON_NAME, "myCN")
				1763	]),
Paul Kehrer	96ef63c	2015-05-09 21:17:04 -0500	[diff] [blame]	1764	frozenset([x509.ReasonFlags.ca_compromise]),
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1765	[
				1766	x509.DirectoryName(
				1767	x509.Name([
				1768	x509.NameAttribute(
				1769	x509.OID_COMMON_NAME, "Important CA"
				1770	)
				1771	])
				1772	)
				1773	],
				1774	)
Paul Kehrer	749da3b	2015-05-10 09:58:29 -0500	[diff] [blame]	1775	if six.PY3:
				1776	assert repr(dp) == (
				1777	"<DistributionPoint(full_name=None, relative_name=<Name([<Name"
				1778	"Attribute(oid=<ObjectIdentifier(oid=2.5.4.3, name=commonName)"
				1779	">, value='myCN')>])>, reasons=frozenset({<ReasonFlags.ca_comp"
				1780	"romise: 'cACompromise'>}), crl_issuer=[<DirectoryName(value=<"
				1781	"Name([<NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.3, name="
				1782	"commonName)>, value='Important CA')>])>)>])>"
				1783	)
				1784	else:
				1785	assert repr(dp) == (
				1786	"<DistributionPoint(full_name=None, relative_name=<Name([<Name"
				1787	"Attribute(oid=<ObjectIdentifier(oid=2.5.4.3, name=commonName)"
				1788	">, value='myCN')>])>, reasons=frozenset([<ReasonFlags.ca_comp"
				1789	"romise: 'cACompromise'>]), crl_issuer=[<DirectoryName(value=<"
				1790	"Name([<NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.3, name="
				1791	"commonName)>, value='Important CA')>])>)>])>"
				1792	)
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1793
				1794
				1795	class TestCRLDistributionPoints(object):
				1796	def test_invalid_distribution_points(self):
				1797	with pytest.raises(TypeError):
				1798	x509.CRLDistributionPoints(["notadistributionpoint"])
				1799
				1800	def test_iter_len(self):
				1801	cdp = x509.CRLDistributionPoints([
				1802	x509.DistributionPoint(
				1803	[x509.UniformResourceIdentifier(u"http://domain")],
				1804	None,
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1805	None,
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1806	None
				1807	),
				1808	x509.DistributionPoint(
				1809	[x509.UniformResourceIdentifier(u"ftp://domain")],
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1810	None,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1811	frozenset([
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1812	x509.ReasonFlags.key_compromise,
				1813	x509.ReasonFlags.ca_compromise,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1814	]),
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1815	None
				1816	),
				1817	])
				1818	assert len(cdp) == 2
				1819	assert list(cdp) == [
				1820	x509.DistributionPoint(
				1821	[x509.UniformResourceIdentifier(u"http://domain")],
				1822	None,
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1823	None,
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1824	None
				1825	),
				1826	x509.DistributionPoint(
				1827	[x509.UniformResourceIdentifier(u"ftp://domain")],
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1828	None,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1829	frozenset([
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1830	x509.ReasonFlags.key_compromise,
				1831	x509.ReasonFlags.ca_compromise,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1832	]),
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1833	None
				1834	),
				1835	]
				1836
				1837	def test_repr(self):
				1838	cdp = x509.CRLDistributionPoints([
				1839	x509.DistributionPoint(
				1840	[x509.UniformResourceIdentifier(u"ftp://domain")],
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1841	None,
Paul Kehrer	96ef63c	2015-05-09 21:17:04 -0500	[diff] [blame]	1842	frozenset([x509.ReasonFlags.key_compromise]),
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1843	None
				1844	),
				1845	])
Paul Kehrer	749da3b	2015-05-10 09:58:29 -0500	[diff] [blame]	1846	if six.PY3:
				1847	assert repr(cdp) == (
				1848	"<CRLDistributionPoints([<DistributionPoint(full_name=[<Unifo"
				1849	"rmResourceIdentifier(value=ftp://domain)>], relative_name=No"
				1850	"ne, reasons=frozenset({<ReasonFlags.key_compromise: 'keyComp"
				1851	"romise'>}), crl_issuer=None)>])>"
				1852	)
				1853	else:
				1854	assert repr(cdp) == (
				1855	"<CRLDistributionPoints([<DistributionPoint(full_name=[<Unifo"
				1856	"rmResourceIdentifier(value=ftp://domain)>], relative_name=No"
				1857	"ne, reasons=frozenset([<ReasonFlags.key_compromise: 'keyComp"
				1858	"romise'>]), crl_issuer=None)>])>"
				1859	)
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1860
				1861	def test_eq(self):
				1862	cdp = x509.CRLDistributionPoints([
				1863	x509.DistributionPoint(
				1864	[x509.UniformResourceIdentifier(u"ftp://domain")],
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1865	None,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1866	frozenset([
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1867	x509.ReasonFlags.key_compromise,
				1868	x509.ReasonFlags.ca_compromise,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1869	]),
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1870	[x509.UniformResourceIdentifier(u"uri://thing")],
				1871	),
				1872	])
				1873	cdp2 = x509.CRLDistributionPoints([
				1874	x509.DistributionPoint(
				1875	[x509.UniformResourceIdentifier(u"ftp://domain")],
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1876	None,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1877	frozenset([
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1878	x509.ReasonFlags.key_compromise,
				1879	x509.ReasonFlags.ca_compromise,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1880	]),
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1881	[x509.UniformResourceIdentifier(u"uri://thing")],
				1882	),
				1883	])
				1884	assert cdp == cdp2
				1885
				1886	def test_ne(self):
				1887	cdp = x509.CRLDistributionPoints([
				1888	x509.DistributionPoint(
				1889	[x509.UniformResourceIdentifier(u"ftp://domain")],
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1890	None,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1891	frozenset([
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1892	x509.ReasonFlags.key_compromise,
				1893	x509.ReasonFlags.ca_compromise,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1894	]),
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1895	[x509.UniformResourceIdentifier(u"uri://thing")],
				1896	),
				1897	])
				1898	cdp2 = x509.CRLDistributionPoints([
				1899	x509.DistributionPoint(
				1900	[x509.UniformResourceIdentifier(u"ftp://domain2")],
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1901	None,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1902	frozenset([
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1903	x509.ReasonFlags.key_compromise,
				1904	x509.ReasonFlags.ca_compromise,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1905	]),
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1906	[x509.UniformResourceIdentifier(u"uri://thing")],
				1907	),
				1908	])
				1909	cdp3 = x509.CRLDistributionPoints([
				1910	x509.DistributionPoint(
				1911	[x509.UniformResourceIdentifier(u"ftp://domain")],
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1912	None,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1913	frozenset([x509.ReasonFlags.key_compromise]),
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1914	[x509.UniformResourceIdentifier(u"uri://thing")],
				1915	),
				1916	])
				1917	cdp4 = x509.CRLDistributionPoints([
				1918	x509.DistributionPoint(
				1919	[x509.UniformResourceIdentifier(u"ftp://domain")],
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1920	None,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1921	frozenset([
Paul Kehrer	4e8dacd	2015-05-09 10:38:23 -0500	[diff] [blame]	1922	x509.ReasonFlags.key_compromise,
				1923	x509.ReasonFlags.ca_compromise,
Paul Kehrer	3fd0260	2015-05-09 19:46:13 -0500	[diff] [blame]	1924	]),
Paul Kehrer	5a48552	2015-05-06 00:29:12 -0500	[diff] [blame]	1925	[x509.UniformResourceIdentifier(u"uri://thing2")],
				1926	),
				1927	])
				1928	assert cdp != cdp2
				1929	assert cdp != cdp3
				1930	assert cdp != cdp4
				1931	assert cdp != object()
Paul Kehrer	9a10d59	2015-05-10 14:55:51 -0500	[diff] [blame^]	1932
				1933
				1934	@pytest.mark.requires_backend_interface(interface=RSABackend)
				1935	@pytest.mark.requires_backend_interface(interface=X509Backend)
				1936	class TestCRLDistributionPointsExtension(object):
				1937	def test_fullname_and_crl_issuer(self, backend):
				1938	cert = _load_cert(
				1939	os.path.join(
				1940	"x509", "PKITS_data", "certs", "ValidcRLIssuerTest28EE.crt"
				1941	),
				1942	x509.load_der_x509_certificate,
				1943	backend
				1944	)
				1945
				1946	cdps = cert.extensions.get_extension_for_oid(
				1947	x509.OID_CRL_DISTRIBUTION_POINTS
				1948	).value
				1949
				1950	assert cdps == x509.CRLDistributionPoints([
				1951	x509.DistributionPoint(
				1952	full_name=[x509.DirectoryName(
				1953	x509.Name([
				1954	x509.NameAttribute(x509.OID_COUNTRY_NAME, "US"),
				1955	x509.NameAttribute(
				1956	x509.OID_ORGANIZATION_NAME,
				1957	"Test Certificates 2011"
				1958	),
				1959	x509.NameAttribute(
				1960	x509.OID_ORGANIZATIONAL_UNIT_NAME,
				1961	"indirectCRL CA3 cRLIssuer"
				1962	),
				1963	x509.NameAttribute(
				1964	x509.OID_COMMON_NAME,
				1965	"indirect CRL for indirectCRL CA3"
				1966	),
				1967	])
				1968	)],
				1969	relative_name=None,
				1970	reasons=None,
				1971	crl_issuer=[x509.DirectoryName(
				1972	x509.Name([
				1973	x509.NameAttribute(x509.OID_COUNTRY_NAME, "US"),
				1974	x509.NameAttribute(
				1975	x509.OID_ORGANIZATION_NAME,
				1976	"Test Certificates 2011"
				1977	),
				1978	x509.NameAttribute(
				1979	x509.OID_ORGANIZATIONAL_UNIT_NAME,
				1980	"indirectCRL CA3 cRLIssuer"
				1981	),
				1982	])
				1983	)],
				1984	)
				1985	])
				1986
				1987	def test_relativename_and_crl_issuer(self, backend):
				1988	cert = _load_cert(
				1989	os.path.join(
				1990	"x509", "PKITS_data", "certs", "ValidcRLIssuerTest29EE.crt"
				1991	),
				1992	x509.load_der_x509_certificate,
				1993	backend
				1994	)
				1995
				1996	cdps = cert.extensions.get_extension_for_oid(
				1997	x509.OID_CRL_DISTRIBUTION_POINTS
				1998	).value
				1999
				2000	assert cdps == x509.CRLDistributionPoints([
				2001	x509.DistributionPoint(
				2002	full_name=None,
				2003	relative_name=x509.Name([
				2004	x509.NameAttribute(
				2005	x509.OID_COMMON_NAME,
				2006	"indirect CRL for indirectCRL CA3"
				2007	),
				2008	]),
				2009	reasons=None,
				2010	crl_issuer=[x509.DirectoryName(
				2011	x509.Name([
				2012	x509.NameAttribute(x509.OID_COUNTRY_NAME, "US"),
				2013	x509.NameAttribute(
				2014	x509.OID_ORGANIZATION_NAME,
				2015	"Test Certificates 2011"
				2016	),
				2017	x509.NameAttribute(
				2018	x509.OID_ORGANIZATIONAL_UNIT_NAME,
				2019	"indirectCRL CA3 cRLIssuer"
				2020	),
				2021	])
				2022	)],
				2023	)
				2024	])
				2025
				2026	def test_fullname_crl_issuer_reasons(self, backend):
				2027	cert = _load_cert(
				2028	os.path.join(
				2029	"x509", "custom", "cdp_fullname_reasons_crl_issuer.pem"
				2030	),
				2031	x509.load_pem_x509_certificate,
				2032	backend
				2033	)
				2034
				2035	cdps = cert.extensions.get_extension_for_oid(
				2036	x509.OID_CRL_DISTRIBUTION_POINTS
				2037	).value
				2038
				2039	assert cdps == x509.CRLDistributionPoints([
				2040	x509.DistributionPoint(
				2041	full_name=[x509.UniformResourceIdentifier(
				2042	u"http://myhost.com/myca.crl"
				2043	)],
				2044	relative_name=None,
				2045	reasons=frozenset([
				2046	x509.ReasonFlags.key_compromise,
				2047	x509.ReasonFlags.ca_compromise
				2048	]),
				2049	crl_issuer=[x509.DirectoryName(
				2050	x509.Name([
				2051	x509.NameAttribute(x509.OID_COUNTRY_NAME, "US"),
				2052	x509.NameAttribute(
				2053	x509.OID_ORGANIZATION_NAME, "PyCA"
				2054	),
				2055	x509.NameAttribute(
				2056	x509.OID_COMMON_NAME, "cryptography CA"
				2057	),
				2058	])
				2059	)],
				2060	)
				2061	])
				2062
				2063	def test_crl_issuer_only(self, backend):
				2064	cert = _load_cert(
				2065	os.path.join(
				2066	"x509", "custom", "cdp_crl_issuer.pem"
				2067	),
				2068	x509.load_pem_x509_certificate,
				2069	backend
				2070	)
				2071
				2072	cdps = cert.extensions.get_extension_for_oid(
				2073	x509.OID_CRL_DISTRIBUTION_POINTS
				2074	).value
				2075
				2076	assert cdps == x509.CRLDistributionPoints([
				2077	x509.DistributionPoint(
				2078	full_name=None,
				2079	relative_name=None,
				2080	reasons=None,
				2081	crl_issuer=[x509.DirectoryName(
				2082	x509.Name([
				2083	x509.NameAttribute(
				2084	x509.OID_COMMON_NAME, "cryptography CA"
				2085	),
				2086	])
				2087	)],
				2088	)
				2089	])