Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cryptography / 9aaef9e516ae1c54c79f07b0441c21c29f8aeb15 / . / tests / test_x509_ext.py
blob: fa025d9c2d69c2764a1bd2341a69c01c7981de18 [file] [log] [blame]
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]1# This file is dual licensed under the terms of the Apache License, Version
2# 2.0, and the BSD License. See the LICENSE file in the root of this repository
3# for complete details.
4
5from __future__ import absolute_import, division, print_function
6
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]7import binascii
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]8import ipaddress
Paul Kehrerfbb7ac82015-03-16 19:26:29 -0500[diff] [blame]9import os
10
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]11import pytest
12
Paul Kehrercbfb1012015-04-10 20:57:20 -0400[diff] [blame]13import six
14
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]15from cryptography import x509
Paul Kehrerfbb7ac82015-03-16 19:26:29 -0500[diff] [blame]16from cryptography.hazmat.backends.interfaces import RSABackend, X509Backend
17
18from .test_x509 import _load_cert
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]19
20
Paul Kehrer85894662015-03-22 13:19:31 -0500[diff] [blame]21class TestExtension(object):
22 def test_not_an_oid(self):
Paul Kehrera5c6e9a2015-03-23 19:23:43 -0500[diff] [blame]23 bc = x509.BasicConstraints(ca=False, path_length=None)
Paul Kehrer85894662015-03-22 13:19:31 -0500[diff] [blame]24 with pytest.raises(TypeError):
25 x509.Extension("notanoid", True, bc)
26
27 def test_critical_not_a_bool(self):
Paul Kehrera5c6e9a2015-03-23 19:23:43 -0500[diff] [blame]28 bc = x509.BasicConstraints(ca=False, path_length=None)
Paul Kehrer85894662015-03-22 13:19:31 -0500[diff] [blame]29 with pytest.raises(TypeError):
30 x509.Extension(x509.OID_BASIC_CONSTRAINTS, "notabool", bc)
31
32 def test_repr(self):
Paul Kehrera5c6e9a2015-03-23 19:23:43 -0500[diff] [blame]33 bc = x509.BasicConstraints(ca=False, path_length=None)
Paul Kehrer85894662015-03-22 13:19:31 -0500[diff] [blame]34 ext = x509.Extension(x509.OID_BASIC_CONSTRAINTS, True, bc)
35 assert repr(ext) == (
36 "<Extension(oid=<ObjectIdentifier(oid=2.5.29.19, name=basicConst"
37 "raints)>, critical=True, value=<BasicConstraints(ca=False, path"
38 "_length=None)>)>"
39 )
40
41
Paul Kehrer2b622582015-04-15 11:04:29 -0400[diff] [blame]42class TestNoticeReference(object):
43 def test_notice_numbers_not_all_int(self):
44 with pytest.raises(TypeError):
45 x509.NoticeReference("org", [1, 2, "three"])
46
47 def test_notice_numbers_none(self):
48 nr = x509.NoticeReference("org", None)
49 assert nr.organization == "org"
50 assert nr.notice_numbers is None
51
52 def test_repr(self):
53 nr = x509.NoticeReference("org", [1, 3, 4])
54
55 assert repr(nr) == (
56 "<NoticeReference(organization=org, notice_numbers=[1, 3, 4])>"
57 )
58
59
60class TestUserNotice(object):
61 def test_notice_reference_invalid(self):
62 with pytest.raises(TypeError):
63 x509.UserNotice("invalid", None)
64
65 def test_notice_reference_none(self):
66 un = x509.UserNotice(None, "text")
67 assert un.notice_reference is None
68 assert un.explicit_text == "text"
69
70 def test_repr(self):
71 un = x509.UserNotice(x509.NoticeReference("org", None), "text")
72 assert repr(un) == (
73 "<UserNotice(notice_reference=<NoticeReference(organization=org, "
Paul Kehrer9aaef9e2015-05-11 10:49:20 -0500[diff] [blame^]74 "notice_numbers=None)>, explicit_text='text')>"
Paul Kehrer2b622582015-04-15 11:04:29 -0400[diff] [blame]75 )
76
77
Paul Kehrer2b622582015-04-15 11:04:29 -0400[diff] [blame]78class TestPolicyInformation(object):
79 def test_invalid_policy_identifier(self):
80 with pytest.raises(TypeError):
81 x509.PolicyInformation("notanoid", None)
82
83 def test_none_policy_qualifiers(self):
84 pi = x509.PolicyInformation(x509.ObjectIdentifier("1.2.3"), None)
85 assert pi.policy_identifier == x509.ObjectIdentifier("1.2.3")
86 assert pi.policy_qualifiers is None
87
88 def test_policy_qualifiers(self):
Paul Kehrerba35b3b2015-05-10 13:07:59 -0500[diff] [blame]89 pq = [u"string"]
Paul Kehrer2b622582015-04-15 11:04:29 -0400[diff] [blame]90 pi = x509.PolicyInformation(x509.ObjectIdentifier("1.2.3"), pq)
91 assert pi.policy_identifier == x509.ObjectIdentifier("1.2.3")
92 assert pi.policy_qualifiers == pq
93
94 def test_invalid_policy_identifiers(self):
95 with pytest.raises(TypeError):
96 x509.PolicyInformation(x509.ObjectIdentifier("1.2.3"), [1, 2])
97
98 def test_repr(self):
Paul Kehrerba35b3b2015-05-10 13:07:59 -0500[diff] [blame]99 pq = [u"string", x509.UserNotice(None, "hi")]
Paul Kehrer2b622582015-04-15 11:04:29 -0400[diff] [blame]100 pi = x509.PolicyInformation(x509.ObjectIdentifier("1.2.3"), pq)
Paul Kehrerba35b3b2015-05-10 13:07:59 -0500[diff] [blame]101 if six.PY3:
102 assert repr(pi) == (
103 "<PolicyInformation(policy_identifier=<ObjectIdentifier(oid=1."
104 "2.3, name=Unknown OID)>, policy_qualifiers=['string', <UserNo"
Paul Kehrer9aaef9e2015-05-11 10:49:20 -0500[diff] [blame^]105 "tice(notice_reference=None, explicit_text='hi')>])>"
Paul Kehrerba35b3b2015-05-10 13:07:59 -0500[diff] [blame]106 )
107 else:
108 assert repr(pi) == (
109 "<PolicyInformation(policy_identifier=<ObjectIdentifier(oid=1."
110 "2.3, name=Unknown OID)>, policy_qualifiers=[u'string', <UserN"
Paul Kehrer9aaef9e2015-05-11 10:49:20 -0500[diff] [blame^]111 "otice(notice_reference=None, explicit_text='hi')>])>"
Paul Kehrerba35b3b2015-05-10 13:07:59 -0500[diff] [blame]112 )
Paul Kehrer2b622582015-04-15 11:04:29 -0400[diff] [blame]113
114
115class TestCertificatePolicies(object):
116 def test_invalid_policies(self):
Paul Kehrerba35b3b2015-05-10 13:07:59 -0500[diff] [blame]117 pq = [u"string"]
Paul Kehrer2b622582015-04-15 11:04:29 -0400[diff] [blame]118 pi = x509.PolicyInformation(x509.ObjectIdentifier("1.2.3"), pq)
119 with pytest.raises(TypeError):
120 x509.CertificatePolicies([1, pi])
121
122 def test_iter_len(self):
Paul Kehrerba35b3b2015-05-10 13:07:59 -0500[diff] [blame]123 pq = [u"string"]
Paul Kehrer2b622582015-04-15 11:04:29 -0400[diff] [blame]124 pi = x509.PolicyInformation(x509.ObjectIdentifier("1.2.3"), pq)
125 cp = x509.CertificatePolicies([pi])
126 assert len(cp) == 1
127 for policyinfo in cp:
128 assert policyinfo == pi
129
130 def test_repr(self):
Paul Kehrerba35b3b2015-05-10 13:07:59 -0500[diff] [blame]131 pq = [u"string"]
Paul Kehrer2b622582015-04-15 11:04:29 -0400[diff] [blame]132 pi = x509.PolicyInformation(x509.ObjectIdentifier("1.2.3"), pq)
133 cp = x509.CertificatePolicies([pi])
Paul Kehrerba35b3b2015-05-10 13:07:59 -0500[diff] [blame]134 if six.PY3:
135 assert repr(cp) == (
136 "<CertificatePolicies([<PolicyInformation(policy_identifier=<O"
137 "bjectIdentifier(oid=1.2.3, name=Unknown OID)>, policy_qualifi"
138 "ers=['string'])>])>"
139 )
140 else:
141 assert repr(cp) == (
142 "<CertificatePolicies([<PolicyInformation(policy_identifier=<O"
143 "bjectIdentifier(oid=1.2.3, name=Unknown OID)>, policy_qualifi"
144 "ers=[u'string'])>])>"
145 )
Paul Kehrer2b622582015-04-15 11:04:29 -0400[diff] [blame]146
147
Paul Kehrercecbbba2015-03-30 14:58:38 -0500[diff] [blame]148class TestKeyUsage(object):
149 def test_key_agreement_false_encipher_decipher_true(self):
150 with pytest.raises(ValueError):
151 x509.KeyUsage(
152 digital_signature=False,
153 content_commitment=False,
154 key_encipherment=False,
155 data_encipherment=False,
156 key_agreement=False,
157 key_cert_sign=False,
158 crl_sign=False,
159 encipher_only=True,
160 decipher_only=False
161 )
162
163 with pytest.raises(ValueError):
164 x509.KeyUsage(
165 digital_signature=False,
166 content_commitment=False,
167 key_encipherment=False,
168 data_encipherment=False,
169 key_agreement=False,
170 key_cert_sign=False,
171 crl_sign=False,
172 encipher_only=True,
173 decipher_only=True
174 )
175
176 with pytest.raises(ValueError):
177 x509.KeyUsage(
178 digital_signature=False,
179 content_commitment=False,
180 key_encipherment=False,
181 data_encipherment=False,
182 key_agreement=False,
183 key_cert_sign=False,
184 crl_sign=False,
185 encipher_only=False,
186 decipher_only=True
187 )
188
189 def test_properties_key_agreement_true(self):
190 ku = x509.KeyUsage(
191 digital_signature=True,
192 content_commitment=True,
193 key_encipherment=False,
194 data_encipherment=False,
195 key_agreement=False,
196 key_cert_sign=True,
197 crl_sign=False,
198 encipher_only=False,
199 decipher_only=False
200 )
201 assert ku.digital_signature is True
202 assert ku.content_commitment is True
203 assert ku.key_encipherment is False
204 assert ku.data_encipherment is False
205 assert ku.key_agreement is False
206 assert ku.key_cert_sign is True
207 assert ku.crl_sign is False
208
209 def test_key_agreement_true_properties(self):
210 ku = x509.KeyUsage(
211 digital_signature=False,
212 content_commitment=False,
213 key_encipherment=False,
214 data_encipherment=False,
215 key_agreement=True,
216 key_cert_sign=False,
217 crl_sign=False,
218 encipher_only=False,
219 decipher_only=True
220 )
221 assert ku.key_agreement is True
222 assert ku.encipher_only is False
223 assert ku.decipher_only is True
224
225 def test_key_agreement_false_properties(self):
226 ku = x509.KeyUsage(
227 digital_signature=False,
228 content_commitment=False,
229 key_encipherment=False,
230 data_encipherment=False,
231 key_agreement=False,
232 key_cert_sign=False,
233 crl_sign=False,
234 encipher_only=False,
235 decipher_only=False
236 )
237 assert ku.key_agreement is False
238 with pytest.raises(ValueError):
239 ku.encipher_only
240
241 with pytest.raises(ValueError):
242 ku.decipher_only
243
Paul Kehrerac3e5bb2015-04-02 23:07:10 -0500[diff] [blame]244 def test_repr_key_agreement_false(self):
245 ku = x509.KeyUsage(
246 digital_signature=True,
247 content_commitment=True,
248 key_encipherment=False,
249 data_encipherment=False,
250 key_agreement=False,
251 key_cert_sign=True,
252 crl_sign=False,
253 encipher_only=False,
254 decipher_only=False
255 )
256 assert repr(ku) == (
257 "<KeyUsage(digital_signature=True, content_commitment=True, key_en"
258 "cipherment=False, data_encipherment=False, key_agreement=False, k"
Paul Kehrerb372e672015-04-15 11:05:24 -0400[diff] [blame]259 "ey_cert_sign=True, crl_sign=False, encipher_only=None, decipher_o"
260 "nly=None)>"
Paul Kehrerac3e5bb2015-04-02 23:07:10 -0500[diff] [blame]261 )
262
263 def test_repr_key_agreement_true(self):
264 ku = x509.KeyUsage(
265 digital_signature=True,
266 content_commitment=True,
267 key_encipherment=False,
268 data_encipherment=False,
269 key_agreement=True,
270 key_cert_sign=True,
271 crl_sign=False,
272 encipher_only=False,
273 decipher_only=False
274 )
275 assert repr(ku) == (
276 "<KeyUsage(digital_signature=True, content_commitment=True, key_en"
277 "cipherment=False, data_encipherment=False, key_agreement=True, k"
278 "ey_cert_sign=True, crl_sign=False, encipher_only=False, decipher_"
279 "only=False)>"
280 )
281
Paul Kehrercecbbba2015-03-30 14:58:38 -0500[diff] [blame]282
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]283class TestSubjectKeyIdentifier(object):
284 def test_properties(self):
Paul Kehrercbfb1012015-04-10 20:57:20 -0400[diff] [blame]285 value = binascii.unhexlify(b"092384932230498bc980aa8098456f6ff7ff3ac9")
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]286 ski = x509.SubjectKeyIdentifier(value)
287 assert ski.digest == value
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]288
289 def test_repr(self):
290 ski = x509.SubjectKeyIdentifier(
Paul Kehreree997262015-04-04 12:20:28 -0500[diff] [blame]291 binascii.unhexlify(b"092384932230498bc980aa8098456f6ff7ff3ac9")
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]292 )
293 ext = x509.Extension(x509.OID_SUBJECT_KEY_IDENTIFIER, False, ski)
Paul Kehrercbfb1012015-04-10 20:57:20 -0400[diff] [blame]294 if six.PY3:
295 assert repr(ext) == (
296 "<Extension(oid=<ObjectIdentifier(oid=2.5.29.14, name=subjectK"
297 "eyIdentifier)>, critical=False, value=<SubjectKeyIdentifier(d"
298 "igest=b\'\\t#\\x84\\x93\"0I\\x8b\\xc9\\x80\\xaa\\x80\\x98Eoo"
299 "\\xf7\\xff:\\xc9\')>)>"
300 )
301 else:
302 assert repr(ext) == (
303 "<Extension(oid=<ObjectIdentifier(oid=2.5.29.14, name=subjectK"
304 "eyIdentifier)>, critical=False, value=<SubjectKeyIdentifier(d"
305 "igest=\'\\t#\\x84\\x93\"0I\\x8b\\xc9\\x80\\xaa\\x80\\x98Eoo"
306 "\\xf7\\xff:\\xc9\')>)>"
307 )
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]308
309 def test_eq(self):
310 ski = x509.SubjectKeyIdentifier(
Paul Kehreree997262015-04-04 12:20:28 -0500[diff] [blame]311 binascii.unhexlify(b"092384932230498bc980aa8098456f6ff7ff3ac9")
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]312 )
313 ski2 = x509.SubjectKeyIdentifier(
Paul Kehreree997262015-04-04 12:20:28 -0500[diff] [blame]314 binascii.unhexlify(b"092384932230498bc980aa8098456f6ff7ff3ac9")
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]315 )
316 assert ski == ski2
317
318 def test_ne(self):
319 ski = x509.SubjectKeyIdentifier(
Paul Kehreree997262015-04-04 12:20:28 -0500[diff] [blame]320 binascii.unhexlify(b"092384932230498bc980aa8098456f6ff7ff3ac9")
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]321 )
322 ski2 = x509.SubjectKeyIdentifier(
Paul Kehreree997262015-04-04 12:20:28 -0500[diff] [blame]323 binascii.unhexlify(b"aa8098456f6ff7ff3ac9092384932230498bc980")
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]324 )
325 assert ski != ski2
326 assert ski != object()
327
328
Paul Kehrer2eb4ed92015-04-11 15:33:45 -0400[diff] [blame]329class TestAuthorityKeyIdentifier(object):
Paul Kehrerc6e0f062015-05-03 11:04:34 -0500[diff] [blame]330 def test_authority_cert_issuer_not_generalname(self):
Paul Kehrer2eb4ed92015-04-11 15:33:45 -0400[diff] [blame]331 with pytest.raises(TypeError):
Paul Kehrerc6e0f062015-05-03 11:04:34 -0500[diff] [blame]332 x509.AuthorityKeyIdentifier(b"identifier", ["notname"], 3)
Paul Kehrer2eb4ed92015-04-11 15:33:45 -0400[diff] [blame]333
334 def test_authority_cert_serial_number_not_integer(self):
Paul Kehrerc6e0f062015-05-03 11:04:34 -0500[diff] [blame]335 dirname = x509.DirectoryName(
336 x509.Name([
337 x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value1'),
338 x509.NameAttribute(x509.ObjectIdentifier('oid2'), 'value2'),
339 ])
340 )
Paul Kehrer2eb4ed92015-04-11 15:33:45 -0400[diff] [blame]341 with pytest.raises(TypeError):
Paul Kehrerc6e0f062015-05-03 11:04:34 -0500[diff] [blame]342 x509.AuthorityKeyIdentifier(b"identifier", [dirname], "notanint")
Paul Kehrer2eb4ed92015-04-11 15:33:45 -0400[diff] [blame]343
344 def test_authority_issuer_none_serial_not_none(self):
345 with pytest.raises(ValueError):
346 x509.AuthorityKeyIdentifier(b"identifier", None, 3)
347
348 def test_authority_issuer_not_none_serial_none(self):
Paul Kehrerc6e0f062015-05-03 11:04:34 -0500[diff] [blame]349 dirname = x509.DirectoryName(
350 x509.Name([
351 x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value1'),
352 x509.NameAttribute(x509.ObjectIdentifier('oid2'), 'value2'),
353 ])
354 )
Paul Kehrer2eb4ed92015-04-11 15:33:45 -0400[diff] [blame]355 with pytest.raises(ValueError):
Paul Kehrerc6e0f062015-05-03 11:04:34 -0500[diff] [blame]356 x509.AuthorityKeyIdentifier(b"identifier", [dirname], None)
Paul Kehrer2eb4ed92015-04-11 15:33:45 -0400[diff] [blame]357
358 def test_authority_cert_serial_and_issuer_none(self):
359 aki = x509.AuthorityKeyIdentifier(b"id", None, None)
360 assert aki.key_identifier == b"id"
361 assert aki.authority_cert_issuer is None
362 assert aki.authority_cert_serial_number is None
363
364 def test_repr(self):
Paul Kehrerc6e0f062015-05-03 11:04:34 -0500[diff] [blame]365 dirname = x509.DirectoryName(
366 x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, 'myCN')])
367 )
368 aki = x509.AuthorityKeyIdentifier(b"digest", [dirname], 1234)
Paul Kehrer2eb4ed92015-04-11 15:33:45 -0400[diff] [blame]369
370 if six.PY3:
371 assert repr(aki) == (
372 "<AuthorityKeyIdentifier(key_identifier=b'digest', authority_"
Paul Kehrerc6e0f062015-05-03 11:04:34 -0500[diff] [blame]373 "cert_issuer=[<DirectoryName(value=<Name([<NameAttribute(oid="
374 "<ObjectIdentifier(oid=2.5.4.3, name=commonName)>, value='myC"
375 "N')>])>)>], authority_cert_serial_number=1234)>"
Paul Kehrer2eb4ed92015-04-11 15:33:45 -0400[diff] [blame]376 )
377 else:
378 assert repr(aki) == (
379 "<AuthorityKeyIdentifier(key_identifier='digest', authority_ce"
Paul Kehrerc6e0f062015-05-03 11:04:34 -0500[diff] [blame]380 "rt_issuer=[<DirectoryName(value=<Name([<NameAttribute(oid=<Ob"
381 "jectIdentifier(oid=2.5.4.3, name=commonName)>, value='myCN')>"
382 "])>)>], authority_cert_serial_number=1234)>"
Paul Kehrer2eb4ed92015-04-11 15:33:45 -0400[diff] [blame]383 )
384
385
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]386class TestBasicConstraints(object):
387 def test_ca_not_boolean(self):
388 with pytest.raises(TypeError):
Paul Kehrera5c6e9a2015-03-23 19:23:43 -0500[diff] [blame]389 x509.BasicConstraints(ca="notbool", path_length=None)
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]390
391 def test_path_length_not_ca(self):
392 with pytest.raises(ValueError):
Paul Kehrera5c6e9a2015-03-23 19:23:43 -0500[diff] [blame]393 x509.BasicConstraints(ca=False, path_length=0)
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]394
395 def test_path_length_not_int(self):
396 with pytest.raises(TypeError):
Paul Kehrera5c6e9a2015-03-23 19:23:43 -0500[diff] [blame]397 x509.BasicConstraints(ca=True, path_length=1.1)
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]398
399 with pytest.raises(TypeError):
Paul Kehrera5c6e9a2015-03-23 19:23:43 -0500[diff] [blame]400 x509.BasicConstraints(ca=True, path_length="notint")
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]401
402 def test_path_length_negative(self):
403 with pytest.raises(TypeError):
Paul Kehrera5c6e9a2015-03-23 19:23:43 -0500[diff] [blame]404 x509.BasicConstraints(ca=True, path_length=-1)
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]405
406 def test_repr(self):
Paul Kehrera5c6e9a2015-03-23 19:23:43 -0500[diff] [blame]407 na = x509.BasicConstraints(ca=True, path_length=None)
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]408 assert repr(na) == (
Paul Kehrer85894662015-03-22 13:19:31 -0500[diff] [blame]409 "<BasicConstraints(ca=True, path_length=None)>"
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]410 )
Paul Kehrerfbb7ac82015-03-16 19:26:29 -0500[diff] [blame]411
412
Paul Kehrerffa2a152015-03-31 08:18:25 -0500[diff] [blame]413class TestExtendedKeyUsage(object):
414 def test_not_all_oids(self):
415 with pytest.raises(TypeError):
416 x509.ExtendedKeyUsage(["notoid"])
417
418 def test_iter_len(self):
419 eku = x509.ExtendedKeyUsage([
420 x509.ObjectIdentifier("1.3.6.1.5.5.7.3.1"),
421 x509.ObjectIdentifier("1.3.6.1.5.5.7.3.2"),
422 ])
423 assert len(eku) == 2
424 assert list(eku) == [
425 x509.OID_SERVER_AUTH,
426 x509.OID_CLIENT_AUTH
427 ]
428
Paul Kehrer23d10c32015-04-02 23:12:32 -0500[diff] [blame]429 def test_repr(self):
430 eku = x509.ExtendedKeyUsage([
431 x509.ObjectIdentifier("1.3.6.1.5.5.7.3.1"),
432 x509.ObjectIdentifier("1.3.6.1.5.5.7.3.2"),
433 ])
434 assert repr(eku) == (
435 "<ExtendedKeyUsage([<ObjectIdentifier(oid=1.3.6.1.5.5.7.3.1, name="
436 "serverAuth)>, <ObjectIdentifier(oid=1.3.6.1.5.5.7.3.2, name=clien"
437 "tAuth)>])>"
438 )
439
Paul Kehrerb0476172015-05-02 19:34:51 -0500[diff] [blame]440 def test_eq(self):
441 eku = x509.ExtendedKeyUsage([
442 x509.ObjectIdentifier("1.3.6"), x509.ObjectIdentifier("1.3.7")
443 ])
444 eku2 = x509.ExtendedKeyUsage([
445 x509.ObjectIdentifier("1.3.6"), x509.ObjectIdentifier("1.3.7")
446 ])
447 assert eku == eku2
448
449 def test_ne(self):
450 eku = x509.ExtendedKeyUsage([x509.ObjectIdentifier("1.3.6")])
451 eku2 = x509.ExtendedKeyUsage([x509.ObjectIdentifier("1.3.6.1")])
452 assert eku != eku2
453 assert eku != object()
454
Paul Kehrerffa2a152015-03-31 08:18:25 -0500[diff] [blame]455
Paul Kehrerfbb7ac82015-03-16 19:26:29 -0500[diff] [blame]456@pytest.mark.requires_backend_interface(interface=RSABackend)
457@pytest.mark.requires_backend_interface(interface=X509Backend)
458class TestExtensions(object):
459 def test_no_extensions(self, backend):
460 cert = _load_cert(
461 os.path.join("x509", "verisign_md2_root.pem"),
462 x509.load_pem_x509_certificate,
463 backend
464 )
465 ext = cert.extensions
466 assert len(ext) == 0
467 assert list(ext) == []
Paul Kehrerfa56a232015-03-17 13:14:03 -0500[diff] [blame]468 with pytest.raises(x509.ExtensionNotFound) as exc:
469 ext.get_extension_for_oid(x509.OID_BASIC_CONSTRAINTS)
470
471 assert exc.value.oid == x509.OID_BASIC_CONSTRAINTS
472
473 def test_one_extension(self, backend):
474 cert = _load_cert(
475 os.path.join(
476 "x509", "custom", "basic_constraints_not_critical.pem"
477 ),
478 x509.load_pem_x509_certificate,
479 backend
480 )
481 extensions = cert.extensions
482 ext = extensions.get_extension_for_oid(x509.OID_BASIC_CONSTRAINTS)
483 assert ext is not None
484 assert ext.value.ca is False
Paul Kehrerfbb7ac82015-03-16 19:26:29 -0500[diff] [blame]485
486 def test_duplicate_extension(self, backend):
487 cert = _load_cert(
488 os.path.join(
489 "x509", "custom", "two_basic_constraints.pem"
490 ),
491 x509.load_pem_x509_certificate,
492 backend
493 )
494 with pytest.raises(x509.DuplicateExtension) as exc:
495 cert.extensions
496
497 assert exc.value.oid == x509.OID_BASIC_CONSTRAINTS
498
499 def test_unsupported_critical_extension(self, backend):
500 cert = _load_cert(
501 os.path.join(
502 "x509", "custom", "unsupported_extension_critical.pem"
503 ),
504 x509.load_pem_x509_certificate,
505 backend
506 )
507 with pytest.raises(x509.UnsupportedExtension) as exc:
508 cert.extensions
509
510 assert exc.value.oid == x509.ObjectIdentifier("1.2.3.4")
511
512 def test_unsupported_extension(self, backend):
513 # TODO: this will raise an exception when all extensions are complete
514 cert = _load_cert(
515 os.path.join(
516 "x509", "custom", "unsupported_extension.pem"
517 ),
518 x509.load_pem_x509_certificate,
519 backend
520 )
521 extensions = cert.extensions
522 assert len(extensions) == 0
Paul Kehrerfa56a232015-03-17 13:14:03 -0500[diff] [blame]523
524
525@pytest.mark.requires_backend_interface(interface=RSABackend)
526@pytest.mark.requires_backend_interface(interface=X509Backend)
Paul Kehrerde813ea2015-03-28 12:44:34 -0500[diff] [blame]527class TestBasicConstraintsExtension(object):
Paul Kehrerfa56a232015-03-17 13:14:03 -0500[diff] [blame]528 def test_ca_true_pathlen_6(self, backend):
529 cert = _load_cert(
530 os.path.join(
531 "x509", "PKITS_data", "certs", "pathLenConstraint6CACert.crt"
532 ),
533 x509.load_der_x509_certificate,
534 backend
535 )
536 ext = cert.extensions.get_extension_for_oid(
537 x509.OID_BASIC_CONSTRAINTS
538 )
539 assert ext is not None
540 assert ext.critical is True
541 assert ext.value.ca is True
542 assert ext.value.path_length == 6
543
544 def test_path_length_zero(self, backend):
545 cert = _load_cert(
546 os.path.join("x509", "custom", "bc_path_length_zero.pem"),
547 x509.load_pem_x509_certificate,
548 backend
549 )
550 ext = cert.extensions.get_extension_for_oid(
551 x509.OID_BASIC_CONSTRAINTS
552 )
553 assert ext is not None
554 assert ext.critical is True
555 assert ext.value.ca is True
556 assert ext.value.path_length == 0
557
558 def test_ca_true_no_pathlen(self, backend):
559 cert = _load_cert(
560 os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"),
561 x509.load_der_x509_certificate,
562 backend
563 )
564 ext = cert.extensions.get_extension_for_oid(
565 x509.OID_BASIC_CONSTRAINTS
566 )
567 assert ext is not None
568 assert ext.critical is True
569 assert ext.value.ca is True
570 assert ext.value.path_length is None
571
572 def test_ca_false(self, backend):
573 cert = _load_cert(
574 os.path.join("x509", "cryptography.io.pem"),
575 x509.load_pem_x509_certificate,
576 backend
577 )
578 ext = cert.extensions.get_extension_for_oid(
579 x509.OID_BASIC_CONSTRAINTS
580 )
581 assert ext is not None
582 assert ext.critical is True
583 assert ext.value.ca is False
584 assert ext.value.path_length is None
585
586 def test_no_basic_constraints(self, backend):
587 cert = _load_cert(
588 os.path.join(
589 "x509",
590 "PKITS_data",
591 "certs",
592 "ValidCertificatePathTest1EE.crt"
593 ),
594 x509.load_der_x509_certificate,
595 backend
596 )
597 with pytest.raises(x509.ExtensionNotFound):
598 cert.extensions.get_extension_for_oid(x509.OID_BASIC_CONSTRAINTS)
599
600 def test_basic_constraint_not_critical(self, backend):
601 cert = _load_cert(
602 os.path.join(
603 "x509", "custom", "basic_constraints_not_critical.pem"
604 ),
605 x509.load_pem_x509_certificate,
606 backend
607 )
608 ext = cert.extensions.get_extension_for_oid(
609 x509.OID_BASIC_CONSTRAINTS
610 )
611 assert ext is not None
612 assert ext.critical is False
613 assert ext.value.ca is False
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]614
615
616@pytest.mark.requires_backend_interface(interface=RSABackend)
617@pytest.mark.requires_backend_interface(interface=X509Backend)
618class TestSubjectKeyIdentifierExtension(object):
619 def test_subject_key_identifier(self, backend):
620 cert = _load_cert(
621 os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"),
622 x509.load_der_x509_certificate,
623 backend
624 )
625 ext = cert.extensions.get_extension_for_oid(
626 x509.OID_SUBJECT_KEY_IDENTIFIER
627 )
628 ski = ext.value
629 assert ext is not None
630 assert ext.critical is False
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]631 assert ski.digest == binascii.unhexlify(
Paul Kehreree997262015-04-04 12:20:28 -0500[diff] [blame]632 b"580184241bbc2b52944a3da510721451f5af3ac9"
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]633 )
634
635 def test_no_subject_key_identifier(self, backend):
636 cert = _load_cert(
637 os.path.join("x509", "custom", "bc_path_length_zero.pem"),
638 x509.load_pem_x509_certificate,
639 backend
640 )
641 with pytest.raises(x509.ExtensionNotFound):
642 cert.extensions.get_extension_for_oid(
643 x509.OID_SUBJECT_KEY_IDENTIFIER
644 )
Paul Kehrer5508ee22015-04-02 19:31:03 -0500[diff] [blame]645
646
647@pytest.mark.requires_backend_interface(interface=RSABackend)
648@pytest.mark.requires_backend_interface(interface=X509Backend)
649class TestKeyUsageExtension(object):
650 def test_no_key_usage(self, backend):
651 cert = _load_cert(
652 os.path.join("x509", "verisign_md2_root.pem"),
653 x509.load_pem_x509_certificate,
654 backend
655 )
656 ext = cert.extensions
657 with pytest.raises(x509.ExtensionNotFound) as exc:
658 ext.get_extension_for_oid(x509.OID_KEY_USAGE)
659
660 assert exc.value.oid == x509.OID_KEY_USAGE
661
662 def test_all_purposes(self, backend):
663 cert = _load_cert(
664 os.path.join(
665 "x509", "custom", "all_key_usages.pem"
666 ),
667 x509.load_pem_x509_certificate,
668 backend
669 )
670 extensions = cert.extensions
671 ext = extensions.get_extension_for_oid(x509.OID_KEY_USAGE)
672 assert ext is not None
673
674 ku = ext.value
675 assert ku.digital_signature is True
676 assert ku.content_commitment is True
677 assert ku.key_encipherment is True
678 assert ku.data_encipherment is True
679 assert ku.key_agreement is True
680 assert ku.key_cert_sign is True
681 assert ku.crl_sign is True
682 assert ku.encipher_only is True
683 assert ku.decipher_only is True
684
685 def test_key_cert_sign_crl_sign(self, backend):
686 cert = _load_cert(
687 os.path.join(
688 "x509", "PKITS_data", "certs", "pathLenConstraint6CACert.crt"
689 ),
690 x509.load_der_x509_certificate,
691 backend
692 )
693 ext = cert.extensions.get_extension_for_oid(x509.OID_KEY_USAGE)
694 assert ext is not None
695 assert ext.critical is True
696
697 ku = ext.value
698 assert ku.digital_signature is False
699 assert ku.content_commitment is False
700 assert ku.key_encipherment is False
701 assert ku.data_encipherment is False
702 assert ku.key_agreement is False
703 assert ku.key_cert_sign is True
704 assert ku.crl_sign is True
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]705
706
707@pytest.mark.parametrize(
708 "name", [
709 x509.RFC822Name,
710 x509.DNSName,
711 x509.UniformResourceIdentifier
712 ]
713)
714class TestTextGeneralNames(object):
715 def test_not_text(self, name):
716 with pytest.raises(TypeError):
717 name(b"notaunicodestring")
718
719 with pytest.raises(TypeError):
720 name(1.3)
721
722 def test_repr(self, name):
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]723 gn = name(u"string")
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]724 assert repr(gn) == "<{0}(value=string)>".format(name.__name__)
725
726 def test_eq(self, name):
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]727 gn = name(u"string")
728 gn2 = name(u"string")
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]729 assert gn == gn2
730
731 def test_ne(self, name):
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]732 gn = name(u"string")
733 gn2 = name(u"string2")
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]734 assert gn != gn2
735 assert gn != object()
736
737
738class TestDirectoryName(object):
739 def test_not_name(self):
740 with pytest.raises(TypeError):
741 x509.DirectoryName(b"notaname")
742
743 with pytest.raises(TypeError):
744 x509.DirectoryName(1.3)
745
746 def test_repr(self):
747 name = x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, 'value1')])
748 gn = x509.DirectoryName(x509.Name([name]))
749 assert repr(gn) == (
750 "<DirectoryName(value=<Name([<Name([<NameAttribute(oid=<ObjectIden"
751 "tifier(oid=2.5.4.3, name=commonName)>, value='value1')>])>])>)>"
752 )
753
754 def test_eq(self):
755 name = x509.Name([
756 x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value1')
757 ])
758 name2 = x509.Name([
759 x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value1')
760 ])
761 gn = x509.DirectoryName(x509.Name([name]))
762 gn2 = x509.DirectoryName(x509.Name([name2]))
763 assert gn == gn2
764
765 def test_ne(self):
766 name = x509.Name([
767 x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value1')
768 ])
769 name2 = x509.Name([
770 x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value2')
771 ])
772 gn = x509.DirectoryName(x509.Name([name]))
773 gn2 = x509.DirectoryName(x509.Name([name2]))
774 assert gn != gn2
775 assert gn != object()
776
777
778class TestRegisteredID(object):
779 def test_not_oid(self):
780 with pytest.raises(TypeError):
781 x509.RegisteredID(b"notanoid")
782
783 with pytest.raises(TypeError):
784 x509.RegisteredID(1.3)
785
786 def test_repr(self):
787 gn = x509.RegisteredID(x509.OID_COMMON_NAME)
788 assert repr(gn) == (
789 "<RegisteredID(value=<ObjectIdentifier(oid=2.5.4.3, name=commonNam"
790 "e)>)>"
791 )
792
793 def test_eq(self):
794 gn = x509.RegisteredID(x509.OID_COMMON_NAME)
795 gn2 = x509.RegisteredID(x509.OID_COMMON_NAME)
796 assert gn == gn2
797
798 def test_ne(self):
799 gn = x509.RegisteredID(x509.OID_COMMON_NAME)
800 gn2 = x509.RegisteredID(x509.OID_BASIC_CONSTRAINTS)
801 assert gn != gn2
802 assert gn != object()
803
804
805class TestIPAddress(object):
806 def test_not_ipaddress(self):
807 with pytest.raises(TypeError):
808 x509.IPAddress(b"notanipaddress")
809
810 with pytest.raises(TypeError):
811 x509.IPAddress(1.3)
812
813 def test_repr(self):
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]814 gn = x509.IPAddress(ipaddress.IPv4Address(u"127.0.0.1"))
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]815 assert repr(gn) == "<IPAddress(value=127.0.0.1)>"
816
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]817 gn2 = x509.IPAddress(ipaddress.IPv6Address(u"ff::"))
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]818 assert repr(gn2) == "<IPAddress(value=ff::)>"
819
820 def test_eq(self):
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]821 gn = x509.IPAddress(ipaddress.IPv4Address(u"127.0.0.1"))
822 gn2 = x509.IPAddress(ipaddress.IPv4Address(u"127.0.0.1"))
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]823 assert gn == gn2
824
825 def test_ne(self):
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]826 gn = x509.IPAddress(ipaddress.IPv4Address(u"127.0.0.1"))
827 gn2 = x509.IPAddress(ipaddress.IPv4Address(u"127.0.0.2"))
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]828 assert gn != gn2
829 assert gn != object()
830
831
832class TestSubjectAlternativeName(object):
833 def test_get_values_for_type(self):
834 san = x509.SubjectAlternativeName(
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]835 [x509.DNSName(u"cryptography.io")]
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]836 )
837 names = san.get_values_for_type(x509.DNSName)
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]838 assert names == [u"cryptography.io"]
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]839
840 def test_iter_names(self):
841 san = x509.SubjectAlternativeName([
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]842 x509.DNSName(u"cryptography.io"),
843 x509.DNSName(u"crypto.local"),
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]844 ])
845 assert len(san) == 2
846 assert list(san) == [
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]847 x509.DNSName(u"cryptography.io"),
848 x509.DNSName(u"crypto.local"),
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]849 ]
850
Paul Kehrerd04b39b2015-04-21 08:44:17 -0500[diff] [blame]851 def test_invalid_general_names(self):
852 with pytest.raises(TypeError):
853 x509.SubjectAlternativeName(
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]854 [x509.DNSName(u"cryptography.io"), "invalid"]
Paul Kehrerd04b39b2015-04-21 08:44:17 -0500[diff] [blame]855 )
856
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]857 def test_repr(self):
858 san = x509.SubjectAlternativeName(
859 [
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]860 x509.DNSName(u"cryptography.io")
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]861 ]
862 )
863 assert repr(san) == (
864 "<SubjectAlternativeName([<DNSName(value=cryptography.io)>])>"
865 )
Paul Kehrer40f83382015-04-20 15:00:16 -0500[diff] [blame]866
867
868@pytest.mark.requires_backend_interface(interface=RSABackend)
869@pytest.mark.requires_backend_interface(interface=X509Backend)
870class TestRSASubjectAlternativeNameExtension(object):
871 def test_dns_name(self, backend):
872 cert = _load_cert(
873 os.path.join("x509", "cryptography.io.pem"),
874 x509.load_pem_x509_certificate,
875 backend
876 )
877 ext = cert.extensions.get_extension_for_oid(
878 x509.OID_SUBJECT_ALTERNATIVE_NAME
879 )
880 assert ext is not None
881 assert ext.critical is False
882
883 san = ext.value
884
885 dns = san.get_values_for_type(x509.DNSName)
886 assert dns == [u"www.cryptography.io", u"cryptography.io"]
Paul Kehrer9089c912015-04-20 22:15:20 -0500[diff] [blame]887
888 def test_unsupported_other_name(self, backend):
889 cert = _load_cert(
890 os.path.join(
891 "x509", "custom", "san_other_name.pem"
892 ),
893 x509.load_pem_x509_certificate,
894 backend
895 )
Paul Kehrerbed07352015-04-21 08:31:10 -0500[diff] [blame]896 with pytest.raises(x509.UnsupportedGeneralNameType) as exc:
Paul Kehrer9089c912015-04-20 22:15:20 -0500[diff] [blame]897 cert.extensions
Paul Kehrerbed07352015-04-21 08:31:10 -0500[diff] [blame]898
Paul Kehrer0a621bf2015-04-22 09:22:56 -0500[diff] [blame]899 assert exc.value.type == 0
Paul Kehrer4db96622015-04-20 22:17:39 -0500[diff] [blame]900
901 def test_registered_id(self, backend):
902 cert = _load_cert(
903 os.path.join(
904 "x509", "custom", "san_registered_id.pem"
905 ),
906 x509.load_pem_x509_certificate,
907 backend
908 )
909 ext = cert.extensions.get_extension_for_oid(
910 x509.OID_SUBJECT_ALTERNATIVE_NAME
911 )
912 assert ext is not None
913 assert ext.critical is False
914
915 san = ext.value
916 rid = san.get_values_for_type(x509.RegisteredID)
917 assert rid == [x509.ObjectIdentifier("1.2.3.4")]
Paul Kehrerb8ef82e2015-04-22 16:04:24 -0500[diff] [blame]918
919 def test_uri(self, backend):
920 cert = _load_cert(
921 os.path.join(
922 "x509", "custom", "san_uri_with_port.pem"
923 ),
924 x509.load_pem_x509_certificate,
925 backend
926 )
927 ext = cert.extensions.get_extension_for_oid(
928 x509.OID_SUBJECT_ALTERNATIVE_NAME
929 )
930 assert ext is not None
931 uri = ext.value.get_values_for_type(
932 x509.UniformResourceIdentifier
933 )
934 assert uri == [
935 u"gopher://\u043f\u044b\u043a\u0430.cryptography:70/path?q=s#hel"
936 u"lo",
937 u"http://someregulardomain.com",
938 ]
Paul Kehrera5f030c2015-04-28 08:33:18 -0500[diff] [blame]939
940 def test_ipaddress(self, backend):
941 cert = _load_cert(
942 os.path.join(
943 "x509", "custom", "san_ipaddr.pem"
944 ),
945 x509.load_pem_x509_certificate,
946 backend
947 )
948 ext = cert.extensions.get_extension_for_oid(
949 x509.OID_SUBJECT_ALTERNATIVE_NAME
950 )
951 assert ext is not None
952 assert ext.critical is False
953
954 san = ext.value
955
956 ip = san.get_values_for_type(x509.IPAddress)
957 assert [
958 ipaddress.ip_address(u"127.0.0.1"),
959 ipaddress.ip_address(u"ff::")
960 ] == ip
Paul Kehrer2187a052015-04-30 08:22:07 -0500[diff] [blame]961
962 def test_dirname(self, backend):
963 cert = _load_cert(
964 os.path.join(
965 "x509", "custom", "san_dirname.pem"
966 ),
967 x509.load_pem_x509_certificate,
968 backend
969 )
970 ext = cert.extensions.get_extension_for_oid(
971 x509.OID_SUBJECT_ALTERNATIVE_NAME
972 )
973 assert ext is not None
974 assert ext.critical is False
975
976 san = ext.value
977
978 dirname = san.get_values_for_type(x509.DirectoryName)
979 assert [
980 x509.Name([
981 x509.NameAttribute(x509.OID_COMMON_NAME, 'test'),
982 x509.NameAttribute(x509.OID_ORGANIZATION_NAME, 'Org'),
983 x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, 'Texas'),
984 ])
985 ] == dirname
Paul Kehrere06cab42015-04-30 10:23:33 -0500[diff] [blame]986
987 def test_rfc822name(self, backend):
988 cert = _load_cert(
989 os.path.join(
990 "x509", "custom", "san_rfc822_idna.pem"
991 ),
992 x509.load_pem_x509_certificate,
993 backend
994 )
995 ext = cert.extensions.get_extension_for_oid(
996 x509.OID_SUBJECT_ALTERNATIVE_NAME
997 )
998 assert ext is not None
999 assert ext.critical is False
1000
1001 san = ext.value
1002
1003 rfc822name = san.get_values_for_type(x509.RFC822Name)
1004 assert [u"email@em\xe5\xefl.com"] == rfc822name
1005
1006 def test_unicode_rfc822_name_dns_name_uri(self, backend):
1007 cert = _load_cert(
1008 os.path.join(
1009 "x509", "custom", "san_idna_names.pem"
1010 ),
1011 x509.load_pem_x509_certificate,
1012 backend
1013 )
1014 ext = cert.extensions.get_extension_for_oid(
1015 x509.OID_SUBJECT_ALTERNATIVE_NAME
1016 )
1017 assert ext is not None
1018 rfc822_name = ext.value.get_values_for_type(x509.RFC822Name)
1019 dns_name = ext.value.get_values_for_type(x509.DNSName)
1020 uri = ext.value.get_values_for_type(x509.UniformResourceIdentifier)
1021 assert rfc822_name == [u"email@\u043f\u044b\u043a\u0430.cryptography"]
1022 assert dns_name == [u"\u043f\u044b\u043a\u0430.cryptography"]
1023 assert uri == [u"https://www.\u043f\u044b\u043a\u0430.cryptography"]
1024
1025 def test_rfc822name_dnsname_ipaddress_directoryname_uri(self, backend):
1026 cert = _load_cert(
1027 os.path.join(
1028 "x509", "custom", "san_email_dns_ip_dirname_uri.pem"
1029 ),
1030 x509.load_pem_x509_certificate,
1031 backend
1032 )
1033 ext = cert.extensions.get_extension_for_oid(
1034 x509.OID_SUBJECT_ALTERNATIVE_NAME
1035 )
1036 assert ext is not None
1037 assert ext.critical is False
1038
1039 san = ext.value
1040
1041 rfc822_name = san.get_values_for_type(x509.RFC822Name)
1042 uri = san.get_values_for_type(x509.UniformResourceIdentifier)
1043 dns = san.get_values_for_type(x509.DNSName)
1044 ip = san.get_values_for_type(x509.IPAddress)
1045 dirname = san.get_values_for_type(x509.DirectoryName)
1046 assert [u"user@cryptography.io"] == rfc822_name
Paul Kehrere3a330c2015-05-02 16:42:52 -0500[diff] [blame]1047 assert [u"https://cryptography.io"] == uri
Paul Kehrere06cab42015-04-30 10:23:33 -0500[diff] [blame]1048 assert [u"cryptography.io"] == dns
1049 assert [
1050 x509.Name([
1051 x509.NameAttribute(x509.OID_COMMON_NAME, 'dirCN'),
1052 x509.NameAttribute(
1053 x509.OID_ORGANIZATION_NAME, 'Cryptographic Authority'
1054 ),
1055 ])
1056 ] == dirname
1057 assert [
1058 ipaddress.ip_address(u"127.0.0.1"),
1059 ipaddress.ip_address(u"ff::")
1060 ] == ip
1061
1062 def test_invalid_rfc822name(self, backend):
1063 cert = _load_cert(
1064 os.path.join(
1065 "x509", "custom", "san_rfc822_names.pem"
1066 ),
1067 x509.load_pem_x509_certificate,
1068 backend
1069 )
1070 with pytest.raises(ValueError) as exc:
1071 cert.extensions
1072
1073 assert 'Invalid rfc822name value' in str(exc.value)
Paul Kehrer94c69602015-05-02 19:29:40 -0500[diff] [blame]1074
1075
1076@pytest.mark.requires_backend_interface(interface=RSABackend)
1077@pytest.mark.requires_backend_interface(interface=X509Backend)
1078class TestExtendedKeyUsageExtension(object):
1079 def test_eku(self, backend):
1080 cert = _load_cert(
1081 os.path.join(
1082 "x509", "custom", "extended_key_usage.pem"
1083 ),
1084 x509.load_pem_x509_certificate,
1085 backend
1086 )
1087 ext = cert.extensions.get_extension_for_oid(
1088 x509.OID_EXTENDED_KEY_USAGE
1089 )
1090 assert ext is not None
1091 assert ext.critical is False
1092
1093 assert [
1094 x509.ObjectIdentifier("1.3.6.1.5.5.7.3.1"),
1095 x509.ObjectIdentifier("1.3.6.1.5.5.7.3.2"),
1096 x509.ObjectIdentifier("1.3.6.1.5.5.7.3.3"),
1097 x509.ObjectIdentifier("1.3.6.1.5.5.7.3.4"),
1098 x509.ObjectIdentifier("1.3.6.1.5.5.7.3.9"),
1099 x509.ObjectIdentifier("1.3.6.1.5.5.7.3.8"),
1100 x509.ObjectIdentifier("2.5.29.37.0"),
1101 x509.ObjectIdentifier("2.16.840.1.113730.4.1"),
1102 ] == list(ext.value)
Paul Kehrer3e6d5582015-05-02 21:57:56 -0500[diff] [blame]1103
1104
1105class TestAccessDescription(object):
1106 def test_invalid_access_method(self):
Paul Kehrerf506bca2015-05-02 22:31:47 -0500[diff] [blame]1107 with pytest.raises(ValueError):
Paul Kehrer3e6d5582015-05-02 21:57:56 -0500[diff] [blame]1108 x509.AccessDescription("notanoid", x509.DNSName(u"test"))
1109
1110 def test_invalid_access_location(self):
1111 with pytest.raises(TypeError):
1112 x509.AccessDescription(x509.OID_CA_ISSUERS, "invalid")
1113
1114 def test_repr(self):
1115 ad = x509.AccessDescription(
1116 x509.OID_OCSP,
1117 x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
1118 )
1119 assert repr(ad) == (
1120 "<AccessDescription(access_method=<ObjectIdentifier(oid=1.3.6.1.5."
1121 "5.7.48.1, name=OCSP)>, access_location=<UniformResourceIdentifier"
1122 "(value=http://ocsp.domain.com)>)>"
1123 )
1124
1125 def test_eq(self):
1126 ad = x509.AccessDescription(
1127 x509.OID_OCSP,
1128 x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
1129 )
1130 ad2 = x509.AccessDescription(
1131 x509.OID_OCSP,
1132 x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
1133 )
1134 assert ad == ad2
1135
1136 def test_ne(self):
1137 ad = x509.AccessDescription(
1138 x509.OID_OCSP,
1139 x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
1140 )
1141 ad2 = x509.AccessDescription(
1142 x509.OID_CA_ISSUERS,
1143 x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
1144 )
1145 ad3 = x509.AccessDescription(
1146 x509.OID_OCSP,
1147 x509.UniformResourceIdentifier(u"http://notthesame")
1148 )
1149 assert ad != ad2
1150 assert ad != ad3
1151 assert ad != object()
1152
1153
1154class TestAuthorityInformationAccess(object):
1155 def test_invalid_descriptions(self):
1156 with pytest.raises(TypeError):
1157 x509.AuthorityInformationAccess(["notanAccessDescription"])
1158
1159 def test_iter_len(self):
1160 aia = x509.AuthorityInformationAccess([
1161 x509.AccessDescription(
1162 x509.OID_OCSP,
1163 x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
1164 ),
1165 x509.AccessDescription(
1166 x509.OID_CA_ISSUERS,
1167 x509.UniformResourceIdentifier(u"http://domain.com/ca.crt")
1168 )
1169 ])
1170 assert len(aia) == 2
1171 assert list(aia) == [
1172 x509.AccessDescription(
1173 x509.OID_OCSP,
1174 x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
1175 ),
1176 x509.AccessDescription(
1177 x509.OID_CA_ISSUERS,
1178 x509.UniformResourceIdentifier(u"http://domain.com/ca.crt")
1179 )
1180 ]
1181
1182 def test_repr(self):
1183 aia = x509.AuthorityInformationAccess([
1184 x509.AccessDescription(
1185 x509.OID_OCSP,
1186 x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
1187 ),
1188 x509.AccessDescription(
1189 x509.OID_CA_ISSUERS,
1190 x509.UniformResourceIdentifier(u"http://domain.com/ca.crt")
1191 )
1192 ])
1193 assert repr(aia) == (
1194 "<AuthorityInformationAccess([<AccessDescription(access_method=<Ob"
1195 "jectIdentifier(oid=1.3.6.1.5.5.7.48.1, name=OCSP)>, access_locati"
1196 "on=<UniformResourceIdentifier(value=http://ocsp.domain.com)>)>, <"
1197 "AccessDescription(access_method=<ObjectIdentifier(oid=1.3.6.1.5.5"
1198 ".7.48.2, name=caIssuers)>, access_location=<UniformResourceIdenti"
1199 "fier(value=http://domain.com/ca.crt)>)>])>"
1200 )
1201
1202 def test_eq(self):
1203 aia = x509.AuthorityInformationAccess([
1204 x509.AccessDescription(
1205 x509.OID_OCSP,
1206 x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
1207 ),
1208 x509.AccessDescription(
1209 x509.OID_CA_ISSUERS,
1210 x509.UniformResourceIdentifier(u"http://domain.com/ca.crt")
1211 )
1212 ])
1213 aia2 = x509.AuthorityInformationAccess([
1214 x509.AccessDescription(
1215 x509.OID_OCSP,
1216 x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
1217 ),
1218 x509.AccessDescription(
1219 x509.OID_CA_ISSUERS,
1220 x509.UniformResourceIdentifier(u"http://domain.com/ca.crt")
1221 )
1222 ])
1223 assert aia == aia2
1224
1225 def test_ne(self):
1226 aia = x509.AuthorityInformationAccess([
1227 x509.AccessDescription(
1228 x509.OID_OCSP,
1229 x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
1230 ),
1231 x509.AccessDescription(
1232 x509.OID_CA_ISSUERS,
1233 x509.UniformResourceIdentifier(u"http://domain.com/ca.crt")
1234 )
1235 ])
1236 aia2 = x509.AuthorityInformationAccess([
1237 x509.AccessDescription(
1238 x509.OID_OCSP,
1239 x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
1240 ),
1241 ])
1242
1243 assert aia != aia2
1244 assert aia != object()
Paul Kehrerd774de92015-05-03 10:52:25 -0500[diff] [blame]1245
1246
1247@pytest.mark.requires_backend_interface(interface=RSABackend)
1248@pytest.mark.requires_backend_interface(interface=X509Backend)
Paul Kehrera1476992015-05-04 17:35:47 -0500[diff] [blame]1249class TestAuthorityInformationAccessExtension(object):
1250 def test_aia_ocsp_ca_issuers(self, backend):
1251 cert = _load_cert(
1252 os.path.join("x509", "cryptography.io.pem"),
1253 x509.load_pem_x509_certificate,
1254 backend
1255 )
1256 ext = cert.extensions.get_extension_for_oid(
1257 x509.OID_AUTHORITY_INFORMATION_ACCESS
1258 )
1259 assert ext is not None
1260 assert ext.critical is False
1261
1262 assert ext.value == x509.AuthorityInformationAccess([
1263 x509.AccessDescription(
1264 x509.OID_OCSP,
1265 x509.UniformResourceIdentifier(u"http://gv.symcd.com")
1266 ),
1267 x509.AccessDescription(
1268 x509.OID_CA_ISSUERS,
1269 x509.UniformResourceIdentifier(u"http://gv.symcb.com/gv.crt")
1270 ),
1271 ])
1272
1273 def test_aia_multiple_ocsp_ca_issuers(self, backend):
1274 cert = _load_cert(
1275 os.path.join("x509", "custom", "aia_ocsp_ca_issuers.pem"),
1276 x509.load_pem_x509_certificate,
1277 backend
1278 )
1279 ext = cert.extensions.get_extension_for_oid(
1280 x509.OID_AUTHORITY_INFORMATION_ACCESS
1281 )
1282 assert ext is not None
1283 assert ext.critical is False
1284
1285 assert ext.value == x509.AuthorityInformationAccess([
1286 x509.AccessDescription(
1287 x509.OID_OCSP,
1288 x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
1289 ),
1290 x509.AccessDescription(
1291 x509.OID_OCSP,
1292 x509.UniformResourceIdentifier(u"http://ocsp2.domain.com")
1293 ),
1294 x509.AccessDescription(
1295 x509.OID_CA_ISSUERS,
1296 x509.DirectoryName(x509.Name([
1297 x509.NameAttribute(x509.OID_COMMON_NAME, "myCN"),
1298 x509.NameAttribute(x509.OID_ORGANIZATION_NAME, "some Org"),
1299 ]))
1300 ),
1301 ])
1302
1303 def test_aia_ocsp_only(self, backend):
1304 cert = _load_cert(
1305 os.path.join("x509", "custom", "aia_ocsp.pem"),
1306 x509.load_pem_x509_certificate,
1307 backend
1308 )
1309 ext = cert.extensions.get_extension_for_oid(
1310 x509.OID_AUTHORITY_INFORMATION_ACCESS
1311 )
1312 assert ext is not None
1313 assert ext.critical is False
1314
1315 assert ext.value == x509.AuthorityInformationAccess([
1316 x509.AccessDescription(
1317 x509.OID_OCSP,
1318 x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
1319 ),
1320 ])
1321
1322 def test_aia_ca_issuers_only(self, backend):
1323 cert = _load_cert(
1324 os.path.join("x509", "custom", "aia_ca_issuers.pem"),
1325 x509.load_pem_x509_certificate,
1326 backend
1327 )
1328 ext = cert.extensions.get_extension_for_oid(
1329 x509.OID_AUTHORITY_INFORMATION_ACCESS
1330 )
1331 assert ext is not None
1332 assert ext.critical is False
1333
1334 assert ext.value == x509.AuthorityInformationAccess([
1335 x509.AccessDescription(
1336 x509.OID_CA_ISSUERS,
1337 x509.DirectoryName(x509.Name([
1338 x509.NameAttribute(x509.OID_COMMON_NAME, "myCN"),
1339 x509.NameAttribute(x509.OID_ORGANIZATION_NAME, "some Org"),
1340 ]))
1341 ),
1342 ])
1343
1344
1345@pytest.mark.requires_backend_interface(interface=RSABackend)
1346@pytest.mark.requires_backend_interface(interface=X509Backend)
Paul Kehrerd774de92015-05-03 10:52:25 -0500[diff] [blame]1347class TestAuthorityKeyIdentifierExtension(object):
1348 def test_aki_keyid(self, backend):
1349 cert = _load_cert(
1350 os.path.join(
1351 "x509", "cryptography.io.pem"
1352 ),
1353 x509.load_pem_x509_certificate,
1354 backend
1355 )
1356 ext = cert.extensions.get_extension_for_oid(
1357 x509.OID_AUTHORITY_KEY_IDENTIFIER
1358 )
1359 assert ext is not None
1360 assert ext.critical is False
1361
1362 assert ext.value.key_identifier == (
1363 b"\xc3\x9c\xf3\xfc\xd3F\x084\xbb\xceF\x7f\xa0|[\xf3\xe2\x08\xcbY"
1364 )
1365 assert ext.value.authority_cert_issuer is None
1366 assert ext.value.authority_cert_serial_number is None
1367
1368 def test_aki_all_fields(self, backend):
1369 cert = _load_cert(
1370 os.path.join(
1371 "x509", "custom", "authority_key_identifier.pem"
1372 ),
1373 x509.load_pem_x509_certificate,
1374 backend
1375 )
1376 ext = cert.extensions.get_extension_for_oid(
1377 x509.OID_AUTHORITY_KEY_IDENTIFIER
1378 )
1379 assert ext is not None
1380 assert ext.critical is False
1381
1382 assert ext.value.key_identifier == (
1383 b"9E>\xca=b\x1d\xea\x86I\xf6Z\xab@\xb7\xa4p\x98\xf1\xec"
1384 )
1385 assert ext.value.authority_cert_issuer == [
1386 x509.DirectoryName(
1387 x509.Name([
1388 x509.NameAttribute(
1389 x509.OID_ORGANIZATION_NAME, u"PyCA"
1390 ),
1391 x509.NameAttribute(
1392 x509.OID_COMMON_NAME, u"cryptography.io"
1393 )
1394 ])
1395 )
1396 ]
1397 assert ext.value.authority_cert_serial_number == 3
1398
1399 def test_aki_no_keyid(self, backend):
1400 cert = _load_cert(
1401 os.path.join(
1402 "x509", "custom", "authority_key_identifier_no_keyid.pem"
1403 ),
1404 x509.load_pem_x509_certificate,
1405 backend
1406 )
1407 ext = cert.extensions.get_extension_for_oid(
1408 x509.OID_AUTHORITY_KEY_IDENTIFIER
1409 )
1410 assert ext is not None
1411 assert ext.critical is False
1412
1413 assert ext.value.key_identifier is None
1414 assert ext.value.authority_cert_issuer == [
1415 x509.DirectoryName(
1416 x509.Name([
1417 x509.NameAttribute(
1418 x509.OID_ORGANIZATION_NAME, u"PyCA"
1419 ),
1420 x509.NameAttribute(
1421 x509.OID_COMMON_NAME, u"cryptography.io"
1422 )
1423 ])
1424 )
1425 ]
1426 assert ext.value.authority_cert_serial_number == 3
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1427
1428
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1429class TestDistributionPoint(object):
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1430 def test_distribution_point_full_name_not_general_names(self):
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1431 with pytest.raises(TypeError):
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1432 x509.DistributionPoint(["notgn"], None, None, None)
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1433
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1434 def test_distribution_point_relative_name_not_name(self):
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1435 with pytest.raises(TypeError):
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1436 x509.DistributionPoint(None, "notname", None, None)
1437
1438 def test_distribution_point_full_and_relative_not_none(self):
1439 with pytest.raises(ValueError):
1440 x509.DistributionPoint("data", "notname", None, None)
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1441
1442 def test_crl_issuer_not_general_names(self):
1443 with pytest.raises(TypeError):
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1444 x509.DistributionPoint(None, None, None, ["notgn"])
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1445
1446 def test_reason_not_reasonflags(self):
1447 with pytest.raises(TypeError):
1448 x509.DistributionPoint(
1449 [x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1450 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1451 frozenset(["notreasonflags"]),
1452 None
1453 )
1454
1455 def test_reason_not_frozenset(self):
1456 with pytest.raises(TypeError):
1457 x509.DistributionPoint(
1458 [x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
1459 None,
1460 [x509.ReasonFlags.ca_compromise],
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1461 None
1462 )
1463
1464 def test_disallowed_reasons(self):
1465 with pytest.raises(ValueError):
1466 x509.DistributionPoint(
1467 [x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
1468 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1469 frozenset([x509.ReasonFlags.unspecified]),
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1470 None
1471 )
1472
1473 with pytest.raises(ValueError):
1474 x509.DistributionPoint(
1475 [x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
1476 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1477 frozenset([x509.ReasonFlags.remove_from_crl]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1478 None
1479 )
1480
1481 def test_reason_only(self):
1482 with pytest.raises(ValueError):
1483 x509.DistributionPoint(
1484 None,
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1485 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1486 frozenset([x509.ReasonFlags.aa_compromise]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1487 None
1488 )
1489
1490 def test_eq(self):
1491 dp = x509.DistributionPoint(
1492 [x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1493 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1494 frozenset([x509.ReasonFlags.superseded]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1495 [
1496 x509.DirectoryName(
1497 x509.Name([
1498 x509.NameAttribute(
1499 x509.OID_COMMON_NAME, "Important CA"
1500 )
1501 ])
1502 )
1503 ],
1504 )
1505 dp2 = x509.DistributionPoint(
1506 [x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1507 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1508 frozenset([x509.ReasonFlags.superseded]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1509 [
1510 x509.DirectoryName(
1511 x509.Name([
1512 x509.NameAttribute(
1513 x509.OID_COMMON_NAME, "Important CA"
1514 )
1515 ])
1516 )
1517 ],
1518 )
1519 assert dp == dp2
1520
1521 def test_ne(self):
1522 dp = x509.DistributionPoint(
1523 [x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1524 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1525 frozenset([x509.ReasonFlags.superseded]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1526 [
1527 x509.DirectoryName(
1528 x509.Name([
1529 x509.NameAttribute(
1530 x509.OID_COMMON_NAME, "Important CA"
1531 )
1532 ])
1533 )
1534 ],
1535 )
1536 dp2 = x509.DistributionPoint(
1537 [x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
1538 None,
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1539 None,
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1540 None
1541 )
1542 assert dp != dp2
1543 assert dp != object()
1544
1545 def test_repr(self):
1546 dp = x509.DistributionPoint(
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1547 None,
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1548 x509.Name([
1549 x509.NameAttribute(x509.OID_COMMON_NAME, "myCN")
1550 ]),
Paul Kehrer96ef63c2015-05-09 21:17:04 -0500[diff] [blame]1551 frozenset([x509.ReasonFlags.ca_compromise]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1552 [
1553 x509.DirectoryName(
1554 x509.Name([
1555 x509.NameAttribute(
1556 x509.OID_COMMON_NAME, "Important CA"
1557 )
1558 ])
1559 )
1560 ],
1561 )
Paul Kehrer749da3b2015-05-10 09:58:29 -0500[diff] [blame]1562 if six.PY3:
1563 assert repr(dp) == (
1564 "<DistributionPoint(full_name=None, relative_name=<Name([<Name"
1565 "Attribute(oid=<ObjectIdentifier(oid=2.5.4.3, name=commonName)"
1566 ">, value='myCN')>])>, reasons=frozenset({<ReasonFlags.ca_comp"
1567 "romise: 'cACompromise'>}), crl_issuer=[<DirectoryName(value=<"
1568 "Name([<NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.3, name="
1569 "commonName)>, value='Important CA')>])>)>])>"
1570 )
1571 else:
1572 assert repr(dp) == (
1573 "<DistributionPoint(full_name=None, relative_name=<Name([<Name"
1574 "Attribute(oid=<ObjectIdentifier(oid=2.5.4.3, name=commonName)"
1575 ">, value='myCN')>])>, reasons=frozenset([<ReasonFlags.ca_comp"
1576 "romise: 'cACompromise'>]), crl_issuer=[<DirectoryName(value=<"
1577 "Name([<NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.3, name="
1578 "commonName)>, value='Important CA')>])>)>])>"
1579 )
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1580
1581
1582class TestCRLDistributionPoints(object):
1583 def test_invalid_distribution_points(self):
1584 with pytest.raises(TypeError):
1585 x509.CRLDistributionPoints(["notadistributionpoint"])
1586
1587 def test_iter_len(self):
1588 cdp = x509.CRLDistributionPoints([
1589 x509.DistributionPoint(
1590 [x509.UniformResourceIdentifier(u"http://domain")],
1591 None,
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1592 None,
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1593 None
1594 ),
1595 x509.DistributionPoint(
1596 [x509.UniformResourceIdentifier(u"ftp://domain")],
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1597 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1598 frozenset([
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1599 x509.ReasonFlags.key_compromise,
1600 x509.ReasonFlags.ca_compromise,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1601 ]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1602 None
1603 ),
1604 ])
1605 assert len(cdp) == 2
1606 assert list(cdp) == [
1607 x509.DistributionPoint(
1608 [x509.UniformResourceIdentifier(u"http://domain")],
1609 None,
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1610 None,
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1611 None
1612 ),
1613 x509.DistributionPoint(
1614 [x509.UniformResourceIdentifier(u"ftp://domain")],
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1615 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1616 frozenset([
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1617 x509.ReasonFlags.key_compromise,
1618 x509.ReasonFlags.ca_compromise,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1619 ]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1620 None
1621 ),
1622 ]
1623
1624 def test_repr(self):
1625 cdp = x509.CRLDistributionPoints([
1626 x509.DistributionPoint(
1627 [x509.UniformResourceIdentifier(u"ftp://domain")],
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1628 None,
Paul Kehrer96ef63c2015-05-09 21:17:04 -0500[diff] [blame]1629 frozenset([x509.ReasonFlags.key_compromise]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1630 None
1631 ),
1632 ])
Paul Kehrer749da3b2015-05-10 09:58:29 -0500[diff] [blame]1633 if six.PY3:
1634 assert repr(cdp) == (
1635 "<CRLDistributionPoints([<DistributionPoint(full_name=[<Unifo"
1636 "rmResourceIdentifier(value=ftp://domain)>], relative_name=No"
1637 "ne, reasons=frozenset({<ReasonFlags.key_compromise: 'keyComp"
1638 "romise'>}), crl_issuer=None)>])>"
1639 )
1640 else:
1641 assert repr(cdp) == (
1642 "<CRLDistributionPoints([<DistributionPoint(full_name=[<Unifo"
1643 "rmResourceIdentifier(value=ftp://domain)>], relative_name=No"
1644 "ne, reasons=frozenset([<ReasonFlags.key_compromise: 'keyComp"
1645 "romise'>]), crl_issuer=None)>])>"
1646 )
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1647
1648 def test_eq(self):
1649 cdp = x509.CRLDistributionPoints([
1650 x509.DistributionPoint(
1651 [x509.UniformResourceIdentifier(u"ftp://domain")],
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1652 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1653 frozenset([
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1654 x509.ReasonFlags.key_compromise,
1655 x509.ReasonFlags.ca_compromise,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1656 ]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1657 [x509.UniformResourceIdentifier(u"uri://thing")],
1658 ),
1659 ])
1660 cdp2 = x509.CRLDistributionPoints([
1661 x509.DistributionPoint(
1662 [x509.UniformResourceIdentifier(u"ftp://domain")],
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1663 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1664 frozenset([
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1665 x509.ReasonFlags.key_compromise,
1666 x509.ReasonFlags.ca_compromise,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1667 ]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1668 [x509.UniformResourceIdentifier(u"uri://thing")],
1669 ),
1670 ])
1671 assert cdp == cdp2
1672
1673 def test_ne(self):
1674 cdp = x509.CRLDistributionPoints([
1675 x509.DistributionPoint(
1676 [x509.UniformResourceIdentifier(u"ftp://domain")],
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1677 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1678 frozenset([
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1679 x509.ReasonFlags.key_compromise,
1680 x509.ReasonFlags.ca_compromise,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1681 ]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1682 [x509.UniformResourceIdentifier(u"uri://thing")],
1683 ),
1684 ])
1685 cdp2 = x509.CRLDistributionPoints([
1686 x509.DistributionPoint(
1687 [x509.UniformResourceIdentifier(u"ftp://domain2")],
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1688 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1689 frozenset([
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1690 x509.ReasonFlags.key_compromise,
1691 x509.ReasonFlags.ca_compromise,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1692 ]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1693 [x509.UniformResourceIdentifier(u"uri://thing")],
1694 ),
1695 ])
1696 cdp3 = x509.CRLDistributionPoints([
1697 x509.DistributionPoint(
1698 [x509.UniformResourceIdentifier(u"ftp://domain")],
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1699 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1700 frozenset([x509.ReasonFlags.key_compromise]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1701 [x509.UniformResourceIdentifier(u"uri://thing")],
1702 ),
1703 ])
1704 cdp4 = x509.CRLDistributionPoints([
1705 x509.DistributionPoint(
1706 [x509.UniformResourceIdentifier(u"ftp://domain")],
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1707 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1708 frozenset([
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1709 x509.ReasonFlags.key_compromise,
1710 x509.ReasonFlags.ca_compromise,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1711 ]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1712 [x509.UniformResourceIdentifier(u"uri://thing2")],
1713 ),
1714 ])
1715 assert cdp != cdp2
1716 assert cdp != cdp3
1717 assert cdp != cdp4
1718 assert cdp != object()