Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cryptography / 73be2ca86049fd15f1ab37d7201a9b32264402ab / . / tests / test_x509_ext.py
blob: ae69f5fc76b2caa5f8d3b8c5a4a889bf1371dac9 [file] [log] [blame]
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]1# This file is dual licensed under the terms of the Apache License, Version
2# 2.0, and the BSD License. See the LICENSE file in the root of this repository
3# for complete details.
4
5from __future__ import absolute_import, division, print_function
6
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]7import binascii
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]8import ipaddress
Paul Kehrerfbb7ac82015-03-16 19:26:29 -0500[diff] [blame]9import os
10
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]11import pytest
12
Paul Kehrercbfb1012015-04-10 20:57:20 -0400[diff] [blame]13import six
14
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]15from cryptography import x509
Paul Kehrerfbb7ac82015-03-16 19:26:29 -0500[diff] [blame]16from cryptography.hazmat.backends.interfaces import RSABackend, X509Backend
17
18from .test_x509 import _load_cert
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]19
20
Paul Kehrer85894662015-03-22 13:19:31 -0500[diff] [blame]21class TestExtension(object):
22 def test_not_an_oid(self):
Paul Kehrera5c6e9a2015-03-23 19:23:43 -0500[diff] [blame]23 bc = x509.BasicConstraints(ca=False, path_length=None)
Paul Kehrer85894662015-03-22 13:19:31 -0500[diff] [blame]24 with pytest.raises(TypeError):
25 x509.Extension("notanoid", True, bc)
26
27 def test_critical_not_a_bool(self):
Paul Kehrera5c6e9a2015-03-23 19:23:43 -0500[diff] [blame]28 bc = x509.BasicConstraints(ca=False, path_length=None)
Paul Kehrer85894662015-03-22 13:19:31 -0500[diff] [blame]29 with pytest.raises(TypeError):
30 x509.Extension(x509.OID_BASIC_CONSTRAINTS, "notabool", bc)
31
32 def test_repr(self):
Paul Kehrera5c6e9a2015-03-23 19:23:43 -0500[diff] [blame]33 bc = x509.BasicConstraints(ca=False, path_length=None)
Paul Kehrer85894662015-03-22 13:19:31 -0500[diff] [blame]34 ext = x509.Extension(x509.OID_BASIC_CONSTRAINTS, True, bc)
35 assert repr(ext) == (
36 "<Extension(oid=<ObjectIdentifier(oid=2.5.29.19, name=basicConst"
37 "raints)>, critical=True, value=<BasicConstraints(ca=False, path"
38 "_length=None)>)>"
39 )
40
41
Paul Kehrer2b622582015-04-15 11:04:29 -0400[diff] [blame]42class TestNoticeReference(object):
43 def test_notice_numbers_not_all_int(self):
44 with pytest.raises(TypeError):
45 x509.NoticeReference("org", [1, 2, "three"])
46
47 def test_notice_numbers_none(self):
48 nr = x509.NoticeReference("org", None)
49 assert nr.organization == "org"
50 assert nr.notice_numbers is None
51
52 def test_repr(self):
Paul Kehrer73be2ca2015-05-11 21:22:38 -0500[diff] [blame^]53 nr = x509.NoticeReference(u"org", [1, 3, 4])
Paul Kehrer2b622582015-04-15 11:04:29 -0400[diff] [blame]54
Paul Kehrer73be2ca2015-05-11 21:22:38 -0500[diff] [blame^]55 if six.PY3:
56 assert repr(nr) == (
57 "<NoticeReference(organization='org', notice_numbers=[1, 3, 4"
58 "])>"
59 )
60 else:
61 assert repr(nr) == (
62 "<NoticeReference(organization=u'org', notice_numbers=[1, 3, "
63 "4])>"
64 )
Paul Kehrer2b622582015-04-15 11:04:29 -0400[diff] [blame]65
66
67class TestUserNotice(object):
68 def test_notice_reference_invalid(self):
69 with pytest.raises(TypeError):
70 x509.UserNotice("invalid", None)
71
72 def test_notice_reference_none(self):
73 un = x509.UserNotice(None, "text")
74 assert un.notice_reference is None
75 assert un.explicit_text == "text"
76
77 def test_repr(self):
Paul Kehrer73be2ca2015-05-11 21:22:38 -0500[diff] [blame^]78 un = x509.UserNotice(x509.NoticeReference(u"org", None), u"text")
79 if six.PY3:
80 assert repr(un) == (
81 "<UserNotice(notice_reference=<NoticeReference(organization='"
82 "org', notice_numbers=None)>, explicit_text='text')>"
83 )
84 else:
85 assert repr(un) == (
86 "<UserNotice(notice_reference=<NoticeReference(organization=u"
87 "'org', notice_numbers=None)>, explicit_text=u'text')>"
88 )
Paul Kehrer2b622582015-04-15 11:04:29 -0400[diff] [blame]89
90
Paul Kehrer2b622582015-04-15 11:04:29 -0400[diff] [blame]91class TestPolicyInformation(object):
92 def test_invalid_policy_identifier(self):
93 with pytest.raises(TypeError):
94 x509.PolicyInformation("notanoid", None)
95
96 def test_none_policy_qualifiers(self):
97 pi = x509.PolicyInformation(x509.ObjectIdentifier("1.2.3"), None)
98 assert pi.policy_identifier == x509.ObjectIdentifier("1.2.3")
99 assert pi.policy_qualifiers is None
100
101 def test_policy_qualifiers(self):
Paul Kehrerba35b3b2015-05-10 13:07:59 -0500[diff] [blame]102 pq = [u"string"]
Paul Kehrer2b622582015-04-15 11:04:29 -0400[diff] [blame]103 pi = x509.PolicyInformation(x509.ObjectIdentifier("1.2.3"), pq)
104 assert pi.policy_identifier == x509.ObjectIdentifier("1.2.3")
105 assert pi.policy_qualifiers == pq
106
107 def test_invalid_policy_identifiers(self):
108 with pytest.raises(TypeError):
109 x509.PolicyInformation(x509.ObjectIdentifier("1.2.3"), [1, 2])
110
111 def test_repr(self):
Paul Kehrer73be2ca2015-05-11 21:22:38 -0500[diff] [blame^]112 pq = [u"string", x509.UserNotice(None, u"hi")]
Paul Kehrer2b622582015-04-15 11:04:29 -0400[diff] [blame]113 pi = x509.PolicyInformation(x509.ObjectIdentifier("1.2.3"), pq)
Paul Kehrerba35b3b2015-05-10 13:07:59 -0500[diff] [blame]114 if six.PY3:
115 assert repr(pi) == (
116 "<PolicyInformation(policy_identifier=<ObjectIdentifier(oid=1."
117 "2.3, name=Unknown OID)>, policy_qualifiers=['string', <UserNo"
Paul Kehrer9aaef9e2015-05-11 10:49:20 -0500[diff] [blame]118 "tice(notice_reference=None, explicit_text='hi')>])>"
Paul Kehrerba35b3b2015-05-10 13:07:59 -0500[diff] [blame]119 )
120 else:
121 assert repr(pi) == (
122 "<PolicyInformation(policy_identifier=<ObjectIdentifier(oid=1."
123 "2.3, name=Unknown OID)>, policy_qualifiers=[u'string', <UserN"
Paul Kehrer73be2ca2015-05-11 21:22:38 -0500[diff] [blame^]124 "otice(notice_reference=None, explicit_text=u'hi')>])>"
Paul Kehrerba35b3b2015-05-10 13:07:59 -0500[diff] [blame]125 )
Paul Kehrer2b622582015-04-15 11:04:29 -0400[diff] [blame]126
127
128class TestCertificatePolicies(object):
129 def test_invalid_policies(self):
Paul Kehrerba35b3b2015-05-10 13:07:59 -0500[diff] [blame]130 pq = [u"string"]
Paul Kehrer2b622582015-04-15 11:04:29 -0400[diff] [blame]131 pi = x509.PolicyInformation(x509.ObjectIdentifier("1.2.3"), pq)
132 with pytest.raises(TypeError):
133 x509.CertificatePolicies([1, pi])
134
135 def test_iter_len(self):
Paul Kehrerba35b3b2015-05-10 13:07:59 -0500[diff] [blame]136 pq = [u"string"]
Paul Kehrer2b622582015-04-15 11:04:29 -0400[diff] [blame]137 pi = x509.PolicyInformation(x509.ObjectIdentifier("1.2.3"), pq)
138 cp = x509.CertificatePolicies([pi])
139 assert len(cp) == 1
140 for policyinfo in cp:
141 assert policyinfo == pi
142
143 def test_repr(self):
Paul Kehrerba35b3b2015-05-10 13:07:59 -0500[diff] [blame]144 pq = [u"string"]
Paul Kehrer2b622582015-04-15 11:04:29 -0400[diff] [blame]145 pi = x509.PolicyInformation(x509.ObjectIdentifier("1.2.3"), pq)
146 cp = x509.CertificatePolicies([pi])
Paul Kehrerba35b3b2015-05-10 13:07:59 -0500[diff] [blame]147 if six.PY3:
148 assert repr(cp) == (
149 "<CertificatePolicies([<PolicyInformation(policy_identifier=<O"
150 "bjectIdentifier(oid=1.2.3, name=Unknown OID)>, policy_qualifi"
151 "ers=['string'])>])>"
152 )
153 else:
154 assert repr(cp) == (
155 "<CertificatePolicies([<PolicyInformation(policy_identifier=<O"
156 "bjectIdentifier(oid=1.2.3, name=Unknown OID)>, policy_qualifi"
157 "ers=[u'string'])>])>"
158 )
Paul Kehrer2b622582015-04-15 11:04:29 -0400[diff] [blame]159
160
Paul Kehrercecbbba2015-03-30 14:58:38 -0500[diff] [blame]161class TestKeyUsage(object):
162 def test_key_agreement_false_encipher_decipher_true(self):
163 with pytest.raises(ValueError):
164 x509.KeyUsage(
165 digital_signature=False,
166 content_commitment=False,
167 key_encipherment=False,
168 data_encipherment=False,
169 key_agreement=False,
170 key_cert_sign=False,
171 crl_sign=False,
172 encipher_only=True,
173 decipher_only=False
174 )
175
176 with pytest.raises(ValueError):
177 x509.KeyUsage(
178 digital_signature=False,
179 content_commitment=False,
180 key_encipherment=False,
181 data_encipherment=False,
182 key_agreement=False,
183 key_cert_sign=False,
184 crl_sign=False,
185 encipher_only=True,
186 decipher_only=True
187 )
188
189 with pytest.raises(ValueError):
190 x509.KeyUsage(
191 digital_signature=False,
192 content_commitment=False,
193 key_encipherment=False,
194 data_encipherment=False,
195 key_agreement=False,
196 key_cert_sign=False,
197 crl_sign=False,
198 encipher_only=False,
199 decipher_only=True
200 )
201
202 def test_properties_key_agreement_true(self):
203 ku = x509.KeyUsage(
204 digital_signature=True,
205 content_commitment=True,
206 key_encipherment=False,
207 data_encipherment=False,
208 key_agreement=False,
209 key_cert_sign=True,
210 crl_sign=False,
211 encipher_only=False,
212 decipher_only=False
213 )
214 assert ku.digital_signature is True
215 assert ku.content_commitment is True
216 assert ku.key_encipherment is False
217 assert ku.data_encipherment is False
218 assert ku.key_agreement is False
219 assert ku.key_cert_sign is True
220 assert ku.crl_sign is False
221
222 def test_key_agreement_true_properties(self):
223 ku = x509.KeyUsage(
224 digital_signature=False,
225 content_commitment=False,
226 key_encipherment=False,
227 data_encipherment=False,
228 key_agreement=True,
229 key_cert_sign=False,
230 crl_sign=False,
231 encipher_only=False,
232 decipher_only=True
233 )
234 assert ku.key_agreement is True
235 assert ku.encipher_only is False
236 assert ku.decipher_only is True
237
238 def test_key_agreement_false_properties(self):
239 ku = x509.KeyUsage(
240 digital_signature=False,
241 content_commitment=False,
242 key_encipherment=False,
243 data_encipherment=False,
244 key_agreement=False,
245 key_cert_sign=False,
246 crl_sign=False,
247 encipher_only=False,
248 decipher_only=False
249 )
250 assert ku.key_agreement is False
251 with pytest.raises(ValueError):
252 ku.encipher_only
253
254 with pytest.raises(ValueError):
255 ku.decipher_only
256
Paul Kehrerac3e5bb2015-04-02 23:07:10 -0500[diff] [blame]257 def test_repr_key_agreement_false(self):
258 ku = x509.KeyUsage(
259 digital_signature=True,
260 content_commitment=True,
261 key_encipherment=False,
262 data_encipherment=False,
263 key_agreement=False,
264 key_cert_sign=True,
265 crl_sign=False,
266 encipher_only=False,
267 decipher_only=False
268 )
269 assert repr(ku) == (
270 "<KeyUsage(digital_signature=True, content_commitment=True, key_en"
271 "cipherment=False, data_encipherment=False, key_agreement=False, k"
Paul Kehrerb372e672015-04-15 11:05:24 -0400[diff] [blame]272 "ey_cert_sign=True, crl_sign=False, encipher_only=None, decipher_o"
273 "nly=None)>"
Paul Kehrerac3e5bb2015-04-02 23:07:10 -0500[diff] [blame]274 )
275
276 def test_repr_key_agreement_true(self):
277 ku = x509.KeyUsage(
278 digital_signature=True,
279 content_commitment=True,
280 key_encipherment=False,
281 data_encipherment=False,
282 key_agreement=True,
283 key_cert_sign=True,
284 crl_sign=False,
285 encipher_only=False,
286 decipher_only=False
287 )
288 assert repr(ku) == (
289 "<KeyUsage(digital_signature=True, content_commitment=True, key_en"
290 "cipherment=False, data_encipherment=False, key_agreement=True, k"
291 "ey_cert_sign=True, crl_sign=False, encipher_only=False, decipher_"
292 "only=False)>"
293 )
294
Paul Kehrercecbbba2015-03-30 14:58:38 -0500[diff] [blame]295
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]296class TestSubjectKeyIdentifier(object):
297 def test_properties(self):
Paul Kehrercbfb1012015-04-10 20:57:20 -0400[diff] [blame]298 value = binascii.unhexlify(b"092384932230498bc980aa8098456f6ff7ff3ac9")
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]299 ski = x509.SubjectKeyIdentifier(value)
300 assert ski.digest == value
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]301
302 def test_repr(self):
303 ski = x509.SubjectKeyIdentifier(
Paul Kehreree997262015-04-04 12:20:28 -0500[diff] [blame]304 binascii.unhexlify(b"092384932230498bc980aa8098456f6ff7ff3ac9")
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]305 )
306 ext = x509.Extension(x509.OID_SUBJECT_KEY_IDENTIFIER, False, ski)
Paul Kehrercbfb1012015-04-10 20:57:20 -0400[diff] [blame]307 if six.PY3:
308 assert repr(ext) == (
309 "<Extension(oid=<ObjectIdentifier(oid=2.5.29.14, name=subjectK"
310 "eyIdentifier)>, critical=False, value=<SubjectKeyIdentifier(d"
311 "igest=b\'\\t#\\x84\\x93\"0I\\x8b\\xc9\\x80\\xaa\\x80\\x98Eoo"
312 "\\xf7\\xff:\\xc9\')>)>"
313 )
314 else:
315 assert repr(ext) == (
316 "<Extension(oid=<ObjectIdentifier(oid=2.5.29.14, name=subjectK"
317 "eyIdentifier)>, critical=False, value=<SubjectKeyIdentifier(d"
318 "igest=\'\\t#\\x84\\x93\"0I\\x8b\\xc9\\x80\\xaa\\x80\\x98Eoo"
319 "\\xf7\\xff:\\xc9\')>)>"
320 )
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]321
322 def test_eq(self):
323 ski = x509.SubjectKeyIdentifier(
Paul Kehreree997262015-04-04 12:20:28 -0500[diff] [blame]324 binascii.unhexlify(b"092384932230498bc980aa8098456f6ff7ff3ac9")
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]325 )
326 ski2 = x509.SubjectKeyIdentifier(
Paul Kehreree997262015-04-04 12:20:28 -0500[diff] [blame]327 binascii.unhexlify(b"092384932230498bc980aa8098456f6ff7ff3ac9")
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]328 )
329 assert ski == ski2
330
331 def test_ne(self):
332 ski = x509.SubjectKeyIdentifier(
Paul Kehreree997262015-04-04 12:20:28 -0500[diff] [blame]333 binascii.unhexlify(b"092384932230498bc980aa8098456f6ff7ff3ac9")
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]334 )
335 ski2 = x509.SubjectKeyIdentifier(
Paul Kehreree997262015-04-04 12:20:28 -0500[diff] [blame]336 binascii.unhexlify(b"aa8098456f6ff7ff3ac9092384932230498bc980")
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]337 )
338 assert ski != ski2
339 assert ski != object()
340
341
Paul Kehrer2eb4ed92015-04-11 15:33:45 -0400[diff] [blame]342class TestAuthorityKeyIdentifier(object):
Paul Kehrerc6e0f062015-05-03 11:04:34 -0500[diff] [blame]343 def test_authority_cert_issuer_not_generalname(self):
Paul Kehrer2eb4ed92015-04-11 15:33:45 -0400[diff] [blame]344 with pytest.raises(TypeError):
Paul Kehrerc6e0f062015-05-03 11:04:34 -0500[diff] [blame]345 x509.AuthorityKeyIdentifier(b"identifier", ["notname"], 3)
Paul Kehrer2eb4ed92015-04-11 15:33:45 -0400[diff] [blame]346
347 def test_authority_cert_serial_number_not_integer(self):
Paul Kehrerc6e0f062015-05-03 11:04:34 -0500[diff] [blame]348 dirname = x509.DirectoryName(
349 x509.Name([
350 x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value1'),
351 x509.NameAttribute(x509.ObjectIdentifier('oid2'), 'value2'),
352 ])
353 )
Paul Kehrer2eb4ed92015-04-11 15:33:45 -0400[diff] [blame]354 with pytest.raises(TypeError):
Paul Kehrerc6e0f062015-05-03 11:04:34 -0500[diff] [blame]355 x509.AuthorityKeyIdentifier(b"identifier", [dirname], "notanint")
Paul Kehrer2eb4ed92015-04-11 15:33:45 -0400[diff] [blame]356
357 def test_authority_issuer_none_serial_not_none(self):
358 with pytest.raises(ValueError):
359 x509.AuthorityKeyIdentifier(b"identifier", None, 3)
360
361 def test_authority_issuer_not_none_serial_none(self):
Paul Kehrerc6e0f062015-05-03 11:04:34 -0500[diff] [blame]362 dirname = x509.DirectoryName(
363 x509.Name([
364 x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value1'),
365 x509.NameAttribute(x509.ObjectIdentifier('oid2'), 'value2'),
366 ])
367 )
Paul Kehrer2eb4ed92015-04-11 15:33:45 -0400[diff] [blame]368 with pytest.raises(ValueError):
Paul Kehrerc6e0f062015-05-03 11:04:34 -0500[diff] [blame]369 x509.AuthorityKeyIdentifier(b"identifier", [dirname], None)
Paul Kehrer2eb4ed92015-04-11 15:33:45 -0400[diff] [blame]370
371 def test_authority_cert_serial_and_issuer_none(self):
372 aki = x509.AuthorityKeyIdentifier(b"id", None, None)
373 assert aki.key_identifier == b"id"
374 assert aki.authority_cert_issuer is None
375 assert aki.authority_cert_serial_number is None
376
377 def test_repr(self):
Paul Kehrerc6e0f062015-05-03 11:04:34 -0500[diff] [blame]378 dirname = x509.DirectoryName(
379 x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, 'myCN')])
380 )
381 aki = x509.AuthorityKeyIdentifier(b"digest", [dirname], 1234)
Paul Kehrer2eb4ed92015-04-11 15:33:45 -0400[diff] [blame]382
383 if six.PY3:
384 assert repr(aki) == (
385 "<AuthorityKeyIdentifier(key_identifier=b'digest', authority_"
Paul Kehrerc6e0f062015-05-03 11:04:34 -0500[diff] [blame]386 "cert_issuer=[<DirectoryName(value=<Name([<NameAttribute(oid="
387 "<ObjectIdentifier(oid=2.5.4.3, name=commonName)>, value='myC"
388 "N')>])>)>], authority_cert_serial_number=1234)>"
Paul Kehrer2eb4ed92015-04-11 15:33:45 -0400[diff] [blame]389 )
390 else:
391 assert repr(aki) == (
392 "<AuthorityKeyIdentifier(key_identifier='digest', authority_ce"
Paul Kehrerc6e0f062015-05-03 11:04:34 -0500[diff] [blame]393 "rt_issuer=[<DirectoryName(value=<Name([<NameAttribute(oid=<Ob"
394 "jectIdentifier(oid=2.5.4.3, name=commonName)>, value='myCN')>"
395 "])>)>], authority_cert_serial_number=1234)>"
Paul Kehrer2eb4ed92015-04-11 15:33:45 -0400[diff] [blame]396 )
397
398
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]399class TestBasicConstraints(object):
400 def test_ca_not_boolean(self):
401 with pytest.raises(TypeError):
Paul Kehrera5c6e9a2015-03-23 19:23:43 -0500[diff] [blame]402 x509.BasicConstraints(ca="notbool", path_length=None)
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]403
404 def test_path_length_not_ca(self):
405 with pytest.raises(ValueError):
Paul Kehrera5c6e9a2015-03-23 19:23:43 -0500[diff] [blame]406 x509.BasicConstraints(ca=False, path_length=0)
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]407
408 def test_path_length_not_int(self):
409 with pytest.raises(TypeError):
Paul Kehrera5c6e9a2015-03-23 19:23:43 -0500[diff] [blame]410 x509.BasicConstraints(ca=True, path_length=1.1)
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]411
412 with pytest.raises(TypeError):
Paul Kehrera5c6e9a2015-03-23 19:23:43 -0500[diff] [blame]413 x509.BasicConstraints(ca=True, path_length="notint")
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]414
415 def test_path_length_negative(self):
416 with pytest.raises(TypeError):
Paul Kehrera5c6e9a2015-03-23 19:23:43 -0500[diff] [blame]417 x509.BasicConstraints(ca=True, path_length=-1)
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]418
419 def test_repr(self):
Paul Kehrera5c6e9a2015-03-23 19:23:43 -0500[diff] [blame]420 na = x509.BasicConstraints(ca=True, path_length=None)
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]421 assert repr(na) == (
Paul Kehrer85894662015-03-22 13:19:31 -0500[diff] [blame]422 "<BasicConstraints(ca=True, path_length=None)>"
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]423 )
Paul Kehrerfbb7ac82015-03-16 19:26:29 -0500[diff] [blame]424
425
Paul Kehrerffa2a152015-03-31 08:18:25 -0500[diff] [blame]426class TestExtendedKeyUsage(object):
427 def test_not_all_oids(self):
428 with pytest.raises(TypeError):
429 x509.ExtendedKeyUsage(["notoid"])
430
431 def test_iter_len(self):
432 eku = x509.ExtendedKeyUsage([
433 x509.ObjectIdentifier("1.3.6.1.5.5.7.3.1"),
434 x509.ObjectIdentifier("1.3.6.1.5.5.7.3.2"),
435 ])
436 assert len(eku) == 2
437 assert list(eku) == [
438 x509.OID_SERVER_AUTH,
439 x509.OID_CLIENT_AUTH
440 ]
441
Paul Kehrer23d10c32015-04-02 23:12:32 -0500[diff] [blame]442 def test_repr(self):
443 eku = x509.ExtendedKeyUsage([
444 x509.ObjectIdentifier("1.3.6.1.5.5.7.3.1"),
445 x509.ObjectIdentifier("1.3.6.1.5.5.7.3.2"),
446 ])
447 assert repr(eku) == (
448 "<ExtendedKeyUsage([<ObjectIdentifier(oid=1.3.6.1.5.5.7.3.1, name="
449 "serverAuth)>, <ObjectIdentifier(oid=1.3.6.1.5.5.7.3.2, name=clien"
450 "tAuth)>])>"
451 )
452
Paul Kehrerb0476172015-05-02 19:34:51 -0500[diff] [blame]453 def test_eq(self):
454 eku = x509.ExtendedKeyUsage([
455 x509.ObjectIdentifier("1.3.6"), x509.ObjectIdentifier("1.3.7")
456 ])
457 eku2 = x509.ExtendedKeyUsage([
458 x509.ObjectIdentifier("1.3.6"), x509.ObjectIdentifier("1.3.7")
459 ])
460 assert eku == eku2
461
462 def test_ne(self):
463 eku = x509.ExtendedKeyUsage([x509.ObjectIdentifier("1.3.6")])
464 eku2 = x509.ExtendedKeyUsage([x509.ObjectIdentifier("1.3.6.1")])
465 assert eku != eku2
466 assert eku != object()
467
Paul Kehrerffa2a152015-03-31 08:18:25 -0500[diff] [blame]468
Paul Kehrerfbb7ac82015-03-16 19:26:29 -0500[diff] [blame]469@pytest.mark.requires_backend_interface(interface=RSABackend)
470@pytest.mark.requires_backend_interface(interface=X509Backend)
471class TestExtensions(object):
472 def test_no_extensions(self, backend):
473 cert = _load_cert(
474 os.path.join("x509", "verisign_md2_root.pem"),
475 x509.load_pem_x509_certificate,
476 backend
477 )
478 ext = cert.extensions
479 assert len(ext) == 0
480 assert list(ext) == []
Paul Kehrerfa56a232015-03-17 13:14:03 -0500[diff] [blame]481 with pytest.raises(x509.ExtensionNotFound) as exc:
482 ext.get_extension_for_oid(x509.OID_BASIC_CONSTRAINTS)
483
484 assert exc.value.oid == x509.OID_BASIC_CONSTRAINTS
485
486 def test_one_extension(self, backend):
487 cert = _load_cert(
488 os.path.join(
489 "x509", "custom", "basic_constraints_not_critical.pem"
490 ),
491 x509.load_pem_x509_certificate,
492 backend
493 )
494 extensions = cert.extensions
495 ext = extensions.get_extension_for_oid(x509.OID_BASIC_CONSTRAINTS)
496 assert ext is not None
497 assert ext.value.ca is False
Paul Kehrerfbb7ac82015-03-16 19:26:29 -0500[diff] [blame]498
499 def test_duplicate_extension(self, backend):
500 cert = _load_cert(
501 os.path.join(
502 "x509", "custom", "two_basic_constraints.pem"
503 ),
504 x509.load_pem_x509_certificate,
505 backend
506 )
507 with pytest.raises(x509.DuplicateExtension) as exc:
508 cert.extensions
509
510 assert exc.value.oid == x509.OID_BASIC_CONSTRAINTS
511
512 def test_unsupported_critical_extension(self, backend):
513 cert = _load_cert(
514 os.path.join(
515 "x509", "custom", "unsupported_extension_critical.pem"
516 ),
517 x509.load_pem_x509_certificate,
518 backend
519 )
520 with pytest.raises(x509.UnsupportedExtension) as exc:
521 cert.extensions
522
523 assert exc.value.oid == x509.ObjectIdentifier("1.2.3.4")
524
525 def test_unsupported_extension(self, backend):
526 # TODO: this will raise an exception when all extensions are complete
527 cert = _load_cert(
528 os.path.join(
529 "x509", "custom", "unsupported_extension.pem"
530 ),
531 x509.load_pem_x509_certificate,
532 backend
533 )
534 extensions = cert.extensions
535 assert len(extensions) == 0
Paul Kehrerfa56a232015-03-17 13:14:03 -0500[diff] [blame]536
537
538@pytest.mark.requires_backend_interface(interface=RSABackend)
539@pytest.mark.requires_backend_interface(interface=X509Backend)
Paul Kehrerde813ea2015-03-28 12:44:34 -0500[diff] [blame]540class TestBasicConstraintsExtension(object):
Paul Kehrerfa56a232015-03-17 13:14:03 -0500[diff] [blame]541 def test_ca_true_pathlen_6(self, backend):
542 cert = _load_cert(
543 os.path.join(
544 "x509", "PKITS_data", "certs", "pathLenConstraint6CACert.crt"
545 ),
546 x509.load_der_x509_certificate,
547 backend
548 )
549 ext = cert.extensions.get_extension_for_oid(
550 x509.OID_BASIC_CONSTRAINTS
551 )
552 assert ext is not None
553 assert ext.critical is True
554 assert ext.value.ca is True
555 assert ext.value.path_length == 6
556
557 def test_path_length_zero(self, backend):
558 cert = _load_cert(
559 os.path.join("x509", "custom", "bc_path_length_zero.pem"),
560 x509.load_pem_x509_certificate,
561 backend
562 )
563 ext = cert.extensions.get_extension_for_oid(
564 x509.OID_BASIC_CONSTRAINTS
565 )
566 assert ext is not None
567 assert ext.critical is True
568 assert ext.value.ca is True
569 assert ext.value.path_length == 0
570
571 def test_ca_true_no_pathlen(self, backend):
572 cert = _load_cert(
573 os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"),
574 x509.load_der_x509_certificate,
575 backend
576 )
577 ext = cert.extensions.get_extension_for_oid(
578 x509.OID_BASIC_CONSTRAINTS
579 )
580 assert ext is not None
581 assert ext.critical is True
582 assert ext.value.ca is True
583 assert ext.value.path_length is None
584
585 def test_ca_false(self, backend):
586 cert = _load_cert(
587 os.path.join("x509", "cryptography.io.pem"),
588 x509.load_pem_x509_certificate,
589 backend
590 )
591 ext = cert.extensions.get_extension_for_oid(
592 x509.OID_BASIC_CONSTRAINTS
593 )
594 assert ext is not None
595 assert ext.critical is True
596 assert ext.value.ca is False
597 assert ext.value.path_length is None
598
599 def test_no_basic_constraints(self, backend):
600 cert = _load_cert(
601 os.path.join(
602 "x509",
603 "PKITS_data",
604 "certs",
605 "ValidCertificatePathTest1EE.crt"
606 ),
607 x509.load_der_x509_certificate,
608 backend
609 )
610 with pytest.raises(x509.ExtensionNotFound):
611 cert.extensions.get_extension_for_oid(x509.OID_BASIC_CONSTRAINTS)
612
613 def test_basic_constraint_not_critical(self, backend):
614 cert = _load_cert(
615 os.path.join(
616 "x509", "custom", "basic_constraints_not_critical.pem"
617 ),
618 x509.load_pem_x509_certificate,
619 backend
620 )
621 ext = cert.extensions.get_extension_for_oid(
622 x509.OID_BASIC_CONSTRAINTS
623 )
624 assert ext is not None
625 assert ext.critical is False
626 assert ext.value.ca is False
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]627
628
629@pytest.mark.requires_backend_interface(interface=RSABackend)
630@pytest.mark.requires_backend_interface(interface=X509Backend)
631class TestSubjectKeyIdentifierExtension(object):
632 def test_subject_key_identifier(self, backend):
633 cert = _load_cert(
634 os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"),
635 x509.load_der_x509_certificate,
636 backend
637 )
638 ext = cert.extensions.get_extension_for_oid(
639 x509.OID_SUBJECT_KEY_IDENTIFIER
640 )
641 ski = ext.value
642 assert ext is not None
643 assert ext.critical is False
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]644 assert ski.digest == binascii.unhexlify(
Paul Kehreree997262015-04-04 12:20:28 -0500[diff] [blame]645 b"580184241bbc2b52944a3da510721451f5af3ac9"
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]646 )
647
648 def test_no_subject_key_identifier(self, backend):
649 cert = _load_cert(
650 os.path.join("x509", "custom", "bc_path_length_zero.pem"),
651 x509.load_pem_x509_certificate,
652 backend
653 )
654 with pytest.raises(x509.ExtensionNotFound):
655 cert.extensions.get_extension_for_oid(
656 x509.OID_SUBJECT_KEY_IDENTIFIER
657 )
Paul Kehrer5508ee22015-04-02 19:31:03 -0500[diff] [blame]658
659
660@pytest.mark.requires_backend_interface(interface=RSABackend)
661@pytest.mark.requires_backend_interface(interface=X509Backend)
662class TestKeyUsageExtension(object):
663 def test_no_key_usage(self, backend):
664 cert = _load_cert(
665 os.path.join("x509", "verisign_md2_root.pem"),
666 x509.load_pem_x509_certificate,
667 backend
668 )
669 ext = cert.extensions
670 with pytest.raises(x509.ExtensionNotFound) as exc:
671 ext.get_extension_for_oid(x509.OID_KEY_USAGE)
672
673 assert exc.value.oid == x509.OID_KEY_USAGE
674
675 def test_all_purposes(self, backend):
676 cert = _load_cert(
677 os.path.join(
678 "x509", "custom", "all_key_usages.pem"
679 ),
680 x509.load_pem_x509_certificate,
681 backend
682 )
683 extensions = cert.extensions
684 ext = extensions.get_extension_for_oid(x509.OID_KEY_USAGE)
685 assert ext is not None
686
687 ku = ext.value
688 assert ku.digital_signature is True
689 assert ku.content_commitment is True
690 assert ku.key_encipherment is True
691 assert ku.data_encipherment is True
692 assert ku.key_agreement is True
693 assert ku.key_cert_sign is True
694 assert ku.crl_sign is True
695 assert ku.encipher_only is True
696 assert ku.decipher_only is True
697
698 def test_key_cert_sign_crl_sign(self, backend):
699 cert = _load_cert(
700 os.path.join(
701 "x509", "PKITS_data", "certs", "pathLenConstraint6CACert.crt"
702 ),
703 x509.load_der_x509_certificate,
704 backend
705 )
706 ext = cert.extensions.get_extension_for_oid(x509.OID_KEY_USAGE)
707 assert ext is not None
708 assert ext.critical is True
709
710 ku = ext.value
711 assert ku.digital_signature is False
712 assert ku.content_commitment is False
713 assert ku.key_encipherment is False
714 assert ku.data_encipherment is False
715 assert ku.key_agreement is False
716 assert ku.key_cert_sign is True
717 assert ku.crl_sign is True
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]718
719
720@pytest.mark.parametrize(
721 "name", [
722 x509.RFC822Name,
723 x509.DNSName,
724 x509.UniformResourceIdentifier
725 ]
726)
727class TestTextGeneralNames(object):
728 def test_not_text(self, name):
729 with pytest.raises(TypeError):
730 name(b"notaunicodestring")
731
732 with pytest.raises(TypeError):
733 name(1.3)
734
735 def test_repr(self, name):
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]736 gn = name(u"string")
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]737 assert repr(gn) == "<{0}(value=string)>".format(name.__name__)
738
739 def test_eq(self, name):
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]740 gn = name(u"string")
741 gn2 = name(u"string")
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]742 assert gn == gn2
743
744 def test_ne(self, name):
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]745 gn = name(u"string")
746 gn2 = name(u"string2")
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]747 assert gn != gn2
748 assert gn != object()
749
750
751class TestDirectoryName(object):
752 def test_not_name(self):
753 with pytest.raises(TypeError):
754 x509.DirectoryName(b"notaname")
755
756 with pytest.raises(TypeError):
757 x509.DirectoryName(1.3)
758
759 def test_repr(self):
760 name = x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, 'value1')])
761 gn = x509.DirectoryName(x509.Name([name]))
762 assert repr(gn) == (
763 "<DirectoryName(value=<Name([<Name([<NameAttribute(oid=<ObjectIden"
764 "tifier(oid=2.5.4.3, name=commonName)>, value='value1')>])>])>)>"
765 )
766
767 def test_eq(self):
768 name = x509.Name([
769 x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value1')
770 ])
771 name2 = x509.Name([
772 x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value1')
773 ])
774 gn = x509.DirectoryName(x509.Name([name]))
775 gn2 = x509.DirectoryName(x509.Name([name2]))
776 assert gn == gn2
777
778 def test_ne(self):
779 name = x509.Name([
780 x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value1')
781 ])
782 name2 = x509.Name([
783 x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value2')
784 ])
785 gn = x509.DirectoryName(x509.Name([name]))
786 gn2 = x509.DirectoryName(x509.Name([name2]))
787 assert gn != gn2
788 assert gn != object()
789
790
791class TestRegisteredID(object):
792 def test_not_oid(self):
793 with pytest.raises(TypeError):
794 x509.RegisteredID(b"notanoid")
795
796 with pytest.raises(TypeError):
797 x509.RegisteredID(1.3)
798
799 def test_repr(self):
800 gn = x509.RegisteredID(x509.OID_COMMON_NAME)
801 assert repr(gn) == (
802 "<RegisteredID(value=<ObjectIdentifier(oid=2.5.4.3, name=commonNam"
803 "e)>)>"
804 )
805
806 def test_eq(self):
807 gn = x509.RegisteredID(x509.OID_COMMON_NAME)
808 gn2 = x509.RegisteredID(x509.OID_COMMON_NAME)
809 assert gn == gn2
810
811 def test_ne(self):
812 gn = x509.RegisteredID(x509.OID_COMMON_NAME)
813 gn2 = x509.RegisteredID(x509.OID_BASIC_CONSTRAINTS)
814 assert gn != gn2
815 assert gn != object()
816
817
818class TestIPAddress(object):
819 def test_not_ipaddress(self):
820 with pytest.raises(TypeError):
821 x509.IPAddress(b"notanipaddress")
822
823 with pytest.raises(TypeError):
824 x509.IPAddress(1.3)
825
826 def test_repr(self):
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]827 gn = x509.IPAddress(ipaddress.IPv4Address(u"127.0.0.1"))
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]828 assert repr(gn) == "<IPAddress(value=127.0.0.1)>"
829
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]830 gn2 = x509.IPAddress(ipaddress.IPv6Address(u"ff::"))
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]831 assert repr(gn2) == "<IPAddress(value=ff::)>"
832
833 def test_eq(self):
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]834 gn = x509.IPAddress(ipaddress.IPv4Address(u"127.0.0.1"))
835 gn2 = x509.IPAddress(ipaddress.IPv4Address(u"127.0.0.1"))
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]836 assert gn == gn2
837
838 def test_ne(self):
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]839 gn = x509.IPAddress(ipaddress.IPv4Address(u"127.0.0.1"))
840 gn2 = x509.IPAddress(ipaddress.IPv4Address(u"127.0.0.2"))
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]841 assert gn != gn2
842 assert gn != object()
843
844
845class TestSubjectAlternativeName(object):
846 def test_get_values_for_type(self):
847 san = x509.SubjectAlternativeName(
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]848 [x509.DNSName(u"cryptography.io")]
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]849 )
850 names = san.get_values_for_type(x509.DNSName)
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]851 assert names == [u"cryptography.io"]
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]852
853 def test_iter_names(self):
854 san = x509.SubjectAlternativeName([
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]855 x509.DNSName(u"cryptography.io"),
856 x509.DNSName(u"crypto.local"),
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]857 ])
858 assert len(san) == 2
859 assert list(san) == [
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]860 x509.DNSName(u"cryptography.io"),
861 x509.DNSName(u"crypto.local"),
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]862 ]
863
Paul Kehrerd04b39b2015-04-21 08:44:17 -0500[diff] [blame]864 def test_invalid_general_names(self):
865 with pytest.raises(TypeError):
866 x509.SubjectAlternativeName(
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]867 [x509.DNSName(u"cryptography.io"), "invalid"]
Paul Kehrerd04b39b2015-04-21 08:44:17 -0500[diff] [blame]868 )
869
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]870 def test_repr(self):
871 san = x509.SubjectAlternativeName(
872 [
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]873 x509.DNSName(u"cryptography.io")
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]874 ]
875 )
876 assert repr(san) == (
877 "<SubjectAlternativeName([<DNSName(value=cryptography.io)>])>"
878 )
Paul Kehrer40f83382015-04-20 15:00:16 -0500[diff] [blame]879
880
881@pytest.mark.requires_backend_interface(interface=RSABackend)
882@pytest.mark.requires_backend_interface(interface=X509Backend)
883class TestRSASubjectAlternativeNameExtension(object):
884 def test_dns_name(self, backend):
885 cert = _load_cert(
886 os.path.join("x509", "cryptography.io.pem"),
887 x509.load_pem_x509_certificate,
888 backend
889 )
890 ext = cert.extensions.get_extension_for_oid(
891 x509.OID_SUBJECT_ALTERNATIVE_NAME
892 )
893 assert ext is not None
894 assert ext.critical is False
895
896 san = ext.value
897
898 dns = san.get_values_for_type(x509.DNSName)
899 assert dns == [u"www.cryptography.io", u"cryptography.io"]
Paul Kehrer9089c912015-04-20 22:15:20 -0500[diff] [blame]900
901 def test_unsupported_other_name(self, backend):
902 cert = _load_cert(
903 os.path.join(
904 "x509", "custom", "san_other_name.pem"
905 ),
906 x509.load_pem_x509_certificate,
907 backend
908 )
Paul Kehrerbed07352015-04-21 08:31:10 -0500[diff] [blame]909 with pytest.raises(x509.UnsupportedGeneralNameType) as exc:
Paul Kehrer9089c912015-04-20 22:15:20 -0500[diff] [blame]910 cert.extensions
Paul Kehrerbed07352015-04-21 08:31:10 -0500[diff] [blame]911
Paul Kehrer0a621bf2015-04-22 09:22:56 -0500[diff] [blame]912 assert exc.value.type == 0
Paul Kehrer4db96622015-04-20 22:17:39 -0500[diff] [blame]913
914 def test_registered_id(self, backend):
915 cert = _load_cert(
916 os.path.join(
917 "x509", "custom", "san_registered_id.pem"
918 ),
919 x509.load_pem_x509_certificate,
920 backend
921 )
922 ext = cert.extensions.get_extension_for_oid(
923 x509.OID_SUBJECT_ALTERNATIVE_NAME
924 )
925 assert ext is not None
926 assert ext.critical is False
927
928 san = ext.value
929 rid = san.get_values_for_type(x509.RegisteredID)
930 assert rid == [x509.ObjectIdentifier("1.2.3.4")]
Paul Kehrerb8ef82e2015-04-22 16:04:24 -0500[diff] [blame]931
932 def test_uri(self, backend):
933 cert = _load_cert(
934 os.path.join(
935 "x509", "custom", "san_uri_with_port.pem"
936 ),
937 x509.load_pem_x509_certificate,
938 backend
939 )
940 ext = cert.extensions.get_extension_for_oid(
941 x509.OID_SUBJECT_ALTERNATIVE_NAME
942 )
943 assert ext is not None
944 uri = ext.value.get_values_for_type(
945 x509.UniformResourceIdentifier
946 )
947 assert uri == [
948 u"gopher://\u043f\u044b\u043a\u0430.cryptography:70/path?q=s#hel"
949 u"lo",
950 u"http://someregulardomain.com",
951 ]
Paul Kehrera5f030c2015-04-28 08:33:18 -0500[diff] [blame]952
953 def test_ipaddress(self, backend):
954 cert = _load_cert(
955 os.path.join(
956 "x509", "custom", "san_ipaddr.pem"
957 ),
958 x509.load_pem_x509_certificate,
959 backend
960 )
961 ext = cert.extensions.get_extension_for_oid(
962 x509.OID_SUBJECT_ALTERNATIVE_NAME
963 )
964 assert ext is not None
965 assert ext.critical is False
966
967 san = ext.value
968
969 ip = san.get_values_for_type(x509.IPAddress)
970 assert [
971 ipaddress.ip_address(u"127.0.0.1"),
972 ipaddress.ip_address(u"ff::")
973 ] == ip
Paul Kehrer2187a052015-04-30 08:22:07 -0500[diff] [blame]974
975 def test_dirname(self, backend):
976 cert = _load_cert(
977 os.path.join(
978 "x509", "custom", "san_dirname.pem"
979 ),
980 x509.load_pem_x509_certificate,
981 backend
982 )
983 ext = cert.extensions.get_extension_for_oid(
984 x509.OID_SUBJECT_ALTERNATIVE_NAME
985 )
986 assert ext is not None
987 assert ext.critical is False
988
989 san = ext.value
990
991 dirname = san.get_values_for_type(x509.DirectoryName)
992 assert [
993 x509.Name([
994 x509.NameAttribute(x509.OID_COMMON_NAME, 'test'),
995 x509.NameAttribute(x509.OID_ORGANIZATION_NAME, 'Org'),
996 x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, 'Texas'),
997 ])
998 ] == dirname
Paul Kehrere06cab42015-04-30 10:23:33 -0500[diff] [blame]999
1000 def test_rfc822name(self, backend):
1001 cert = _load_cert(
1002 os.path.join(
1003 "x509", "custom", "san_rfc822_idna.pem"
1004 ),
1005 x509.load_pem_x509_certificate,
1006 backend
1007 )
1008 ext = cert.extensions.get_extension_for_oid(
1009 x509.OID_SUBJECT_ALTERNATIVE_NAME
1010 )
1011 assert ext is not None
1012 assert ext.critical is False
1013
1014 san = ext.value
1015
1016 rfc822name = san.get_values_for_type(x509.RFC822Name)
1017 assert [u"email@em\xe5\xefl.com"] == rfc822name
1018
1019 def test_unicode_rfc822_name_dns_name_uri(self, backend):
1020 cert = _load_cert(
1021 os.path.join(
1022 "x509", "custom", "san_idna_names.pem"
1023 ),
1024 x509.load_pem_x509_certificate,
1025 backend
1026 )
1027 ext = cert.extensions.get_extension_for_oid(
1028 x509.OID_SUBJECT_ALTERNATIVE_NAME
1029 )
1030 assert ext is not None
1031 rfc822_name = ext.value.get_values_for_type(x509.RFC822Name)
1032 dns_name = ext.value.get_values_for_type(x509.DNSName)
1033 uri = ext.value.get_values_for_type(x509.UniformResourceIdentifier)
1034 assert rfc822_name == [u"email@\u043f\u044b\u043a\u0430.cryptography"]
1035 assert dns_name == [u"\u043f\u044b\u043a\u0430.cryptography"]
1036 assert uri == [u"https://www.\u043f\u044b\u043a\u0430.cryptography"]
1037
1038 def test_rfc822name_dnsname_ipaddress_directoryname_uri(self, backend):
1039 cert = _load_cert(
1040 os.path.join(
1041 "x509", "custom", "san_email_dns_ip_dirname_uri.pem"
1042 ),
1043 x509.load_pem_x509_certificate,
1044 backend
1045 )
1046 ext = cert.extensions.get_extension_for_oid(
1047 x509.OID_SUBJECT_ALTERNATIVE_NAME
1048 )
1049 assert ext is not None
1050 assert ext.critical is False
1051
1052 san = ext.value
1053
1054 rfc822_name = san.get_values_for_type(x509.RFC822Name)
1055 uri = san.get_values_for_type(x509.UniformResourceIdentifier)
1056 dns = san.get_values_for_type(x509.DNSName)
1057 ip = san.get_values_for_type(x509.IPAddress)
1058 dirname = san.get_values_for_type(x509.DirectoryName)
1059 assert [u"user@cryptography.io"] == rfc822_name
Paul Kehrere3a330c2015-05-02 16:42:52 -0500[diff] [blame]1060 assert [u"https://cryptography.io"] == uri
Paul Kehrere06cab42015-04-30 10:23:33 -0500[diff] [blame]1061 assert [u"cryptography.io"] == dns
1062 assert [
1063 x509.Name([
1064 x509.NameAttribute(x509.OID_COMMON_NAME, 'dirCN'),
1065 x509.NameAttribute(
1066 x509.OID_ORGANIZATION_NAME, 'Cryptographic Authority'
1067 ),
1068 ])
1069 ] == dirname
1070 assert [
1071 ipaddress.ip_address(u"127.0.0.1"),
1072 ipaddress.ip_address(u"ff::")
1073 ] == ip
1074
1075 def test_invalid_rfc822name(self, backend):
1076 cert = _load_cert(
1077 os.path.join(
1078 "x509", "custom", "san_rfc822_names.pem"
1079 ),
1080 x509.load_pem_x509_certificate,
1081 backend
1082 )
1083 with pytest.raises(ValueError) as exc:
1084 cert.extensions
1085
1086 assert 'Invalid rfc822name value' in str(exc.value)
Paul Kehrer94c69602015-05-02 19:29:40 -0500[diff] [blame]1087
1088
1089@pytest.mark.requires_backend_interface(interface=RSABackend)
1090@pytest.mark.requires_backend_interface(interface=X509Backend)
1091class TestExtendedKeyUsageExtension(object):
1092 def test_eku(self, backend):
1093 cert = _load_cert(
1094 os.path.join(
1095 "x509", "custom", "extended_key_usage.pem"
1096 ),
1097 x509.load_pem_x509_certificate,
1098 backend
1099 )
1100 ext = cert.extensions.get_extension_for_oid(
1101 x509.OID_EXTENDED_KEY_USAGE
1102 )
1103 assert ext is not None
1104 assert ext.critical is False
1105
1106 assert [
1107 x509.ObjectIdentifier("1.3.6.1.5.5.7.3.1"),
1108 x509.ObjectIdentifier("1.3.6.1.5.5.7.3.2"),
1109 x509.ObjectIdentifier("1.3.6.1.5.5.7.3.3"),
1110 x509.ObjectIdentifier("1.3.6.1.5.5.7.3.4"),
1111 x509.ObjectIdentifier("1.3.6.1.5.5.7.3.9"),
1112 x509.ObjectIdentifier("1.3.6.1.5.5.7.3.8"),
1113 x509.ObjectIdentifier("2.5.29.37.0"),
1114 x509.ObjectIdentifier("2.16.840.1.113730.4.1"),
1115 ] == list(ext.value)
Paul Kehrer3e6d5582015-05-02 21:57:56 -0500[diff] [blame]1116
1117
1118class TestAccessDescription(object):
1119 def test_invalid_access_method(self):
Paul Kehrerf506bca2015-05-02 22:31:47 -0500[diff] [blame]1120 with pytest.raises(ValueError):
Paul Kehrer3e6d5582015-05-02 21:57:56 -0500[diff] [blame]1121 x509.AccessDescription("notanoid", x509.DNSName(u"test"))
1122
1123 def test_invalid_access_location(self):
1124 with pytest.raises(TypeError):
1125 x509.AccessDescription(x509.OID_CA_ISSUERS, "invalid")
1126
1127 def test_repr(self):
1128 ad = x509.AccessDescription(
1129 x509.OID_OCSP,
1130 x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
1131 )
1132 assert repr(ad) == (
1133 "<AccessDescription(access_method=<ObjectIdentifier(oid=1.3.6.1.5."
1134 "5.7.48.1, name=OCSP)>, access_location=<UniformResourceIdentifier"
1135 "(value=http://ocsp.domain.com)>)>"
1136 )
1137
1138 def test_eq(self):
1139 ad = x509.AccessDescription(
1140 x509.OID_OCSP,
1141 x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
1142 )
1143 ad2 = x509.AccessDescription(
1144 x509.OID_OCSP,
1145 x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
1146 )
1147 assert ad == ad2
1148
1149 def test_ne(self):
1150 ad = x509.AccessDescription(
1151 x509.OID_OCSP,
1152 x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
1153 )
1154 ad2 = x509.AccessDescription(
1155 x509.OID_CA_ISSUERS,
1156 x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
1157 )
1158 ad3 = x509.AccessDescription(
1159 x509.OID_OCSP,
1160 x509.UniformResourceIdentifier(u"http://notthesame")
1161 )
1162 assert ad != ad2
1163 assert ad != ad3
1164 assert ad != object()
1165
1166
1167class TestAuthorityInformationAccess(object):
1168 def test_invalid_descriptions(self):
1169 with pytest.raises(TypeError):
1170 x509.AuthorityInformationAccess(["notanAccessDescription"])
1171
1172 def test_iter_len(self):
1173 aia = x509.AuthorityInformationAccess([
1174 x509.AccessDescription(
1175 x509.OID_OCSP,
1176 x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
1177 ),
1178 x509.AccessDescription(
1179 x509.OID_CA_ISSUERS,
1180 x509.UniformResourceIdentifier(u"http://domain.com/ca.crt")
1181 )
1182 ])
1183 assert len(aia) == 2
1184 assert list(aia) == [
1185 x509.AccessDescription(
1186 x509.OID_OCSP,
1187 x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
1188 ),
1189 x509.AccessDescription(
1190 x509.OID_CA_ISSUERS,
1191 x509.UniformResourceIdentifier(u"http://domain.com/ca.crt")
1192 )
1193 ]
1194
1195 def test_repr(self):
1196 aia = x509.AuthorityInformationAccess([
1197 x509.AccessDescription(
1198 x509.OID_OCSP,
1199 x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
1200 ),
1201 x509.AccessDescription(
1202 x509.OID_CA_ISSUERS,
1203 x509.UniformResourceIdentifier(u"http://domain.com/ca.crt")
1204 )
1205 ])
1206 assert repr(aia) == (
1207 "<AuthorityInformationAccess([<AccessDescription(access_method=<Ob"
1208 "jectIdentifier(oid=1.3.6.1.5.5.7.48.1, name=OCSP)>, access_locati"
1209 "on=<UniformResourceIdentifier(value=http://ocsp.domain.com)>)>, <"
1210 "AccessDescription(access_method=<ObjectIdentifier(oid=1.3.6.1.5.5"
1211 ".7.48.2, name=caIssuers)>, access_location=<UniformResourceIdenti"
1212 "fier(value=http://domain.com/ca.crt)>)>])>"
1213 )
1214
1215 def test_eq(self):
1216 aia = x509.AuthorityInformationAccess([
1217 x509.AccessDescription(
1218 x509.OID_OCSP,
1219 x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
1220 ),
1221 x509.AccessDescription(
1222 x509.OID_CA_ISSUERS,
1223 x509.UniformResourceIdentifier(u"http://domain.com/ca.crt")
1224 )
1225 ])
1226 aia2 = x509.AuthorityInformationAccess([
1227 x509.AccessDescription(
1228 x509.OID_OCSP,
1229 x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
1230 ),
1231 x509.AccessDescription(
1232 x509.OID_CA_ISSUERS,
1233 x509.UniformResourceIdentifier(u"http://domain.com/ca.crt")
1234 )
1235 ])
1236 assert aia == aia2
1237
1238 def test_ne(self):
1239 aia = x509.AuthorityInformationAccess([
1240 x509.AccessDescription(
1241 x509.OID_OCSP,
1242 x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
1243 ),
1244 x509.AccessDescription(
1245 x509.OID_CA_ISSUERS,
1246 x509.UniformResourceIdentifier(u"http://domain.com/ca.crt")
1247 )
1248 ])
1249 aia2 = x509.AuthorityInformationAccess([
1250 x509.AccessDescription(
1251 x509.OID_OCSP,
1252 x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
1253 ),
1254 ])
1255
1256 assert aia != aia2
1257 assert aia != object()
Paul Kehrerd774de92015-05-03 10:52:25 -0500[diff] [blame]1258
1259
1260@pytest.mark.requires_backend_interface(interface=RSABackend)
1261@pytest.mark.requires_backend_interface(interface=X509Backend)
Paul Kehrera1476992015-05-04 17:35:47 -0500[diff] [blame]1262class TestAuthorityInformationAccessExtension(object):
1263 def test_aia_ocsp_ca_issuers(self, backend):
1264 cert = _load_cert(
1265 os.path.join("x509", "cryptography.io.pem"),
1266 x509.load_pem_x509_certificate,
1267 backend
1268 )
1269 ext = cert.extensions.get_extension_for_oid(
1270 x509.OID_AUTHORITY_INFORMATION_ACCESS
1271 )
1272 assert ext is not None
1273 assert ext.critical is False
1274
1275 assert ext.value == x509.AuthorityInformationAccess([
1276 x509.AccessDescription(
1277 x509.OID_OCSP,
1278 x509.UniformResourceIdentifier(u"http://gv.symcd.com")
1279 ),
1280 x509.AccessDescription(
1281 x509.OID_CA_ISSUERS,
1282 x509.UniformResourceIdentifier(u"http://gv.symcb.com/gv.crt")
1283 ),
1284 ])
1285
1286 def test_aia_multiple_ocsp_ca_issuers(self, backend):
1287 cert = _load_cert(
1288 os.path.join("x509", "custom", "aia_ocsp_ca_issuers.pem"),
1289 x509.load_pem_x509_certificate,
1290 backend
1291 )
1292 ext = cert.extensions.get_extension_for_oid(
1293 x509.OID_AUTHORITY_INFORMATION_ACCESS
1294 )
1295 assert ext is not None
1296 assert ext.critical is False
1297
1298 assert ext.value == x509.AuthorityInformationAccess([
1299 x509.AccessDescription(
1300 x509.OID_OCSP,
1301 x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
1302 ),
1303 x509.AccessDescription(
1304 x509.OID_OCSP,
1305 x509.UniformResourceIdentifier(u"http://ocsp2.domain.com")
1306 ),
1307 x509.AccessDescription(
1308 x509.OID_CA_ISSUERS,
1309 x509.DirectoryName(x509.Name([
1310 x509.NameAttribute(x509.OID_COMMON_NAME, "myCN"),
1311 x509.NameAttribute(x509.OID_ORGANIZATION_NAME, "some Org"),
1312 ]))
1313 ),
1314 ])
1315
1316 def test_aia_ocsp_only(self, backend):
1317 cert = _load_cert(
1318 os.path.join("x509", "custom", "aia_ocsp.pem"),
1319 x509.load_pem_x509_certificate,
1320 backend
1321 )
1322 ext = cert.extensions.get_extension_for_oid(
1323 x509.OID_AUTHORITY_INFORMATION_ACCESS
1324 )
1325 assert ext is not None
1326 assert ext.critical is False
1327
1328 assert ext.value == x509.AuthorityInformationAccess([
1329 x509.AccessDescription(
1330 x509.OID_OCSP,
1331 x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
1332 ),
1333 ])
1334
1335 def test_aia_ca_issuers_only(self, backend):
1336 cert = _load_cert(
1337 os.path.join("x509", "custom", "aia_ca_issuers.pem"),
1338 x509.load_pem_x509_certificate,
1339 backend
1340 )
1341 ext = cert.extensions.get_extension_for_oid(
1342 x509.OID_AUTHORITY_INFORMATION_ACCESS
1343 )
1344 assert ext is not None
1345 assert ext.critical is False
1346
1347 assert ext.value == x509.AuthorityInformationAccess([
1348 x509.AccessDescription(
1349 x509.OID_CA_ISSUERS,
1350 x509.DirectoryName(x509.Name([
1351 x509.NameAttribute(x509.OID_COMMON_NAME, "myCN"),
1352 x509.NameAttribute(x509.OID_ORGANIZATION_NAME, "some Org"),
1353 ]))
1354 ),
1355 ])
1356
1357
1358@pytest.mark.requires_backend_interface(interface=RSABackend)
1359@pytest.mark.requires_backend_interface(interface=X509Backend)
Paul Kehrerd774de92015-05-03 10:52:25 -0500[diff] [blame]1360class TestAuthorityKeyIdentifierExtension(object):
1361 def test_aki_keyid(self, backend):
1362 cert = _load_cert(
1363 os.path.join(
1364 "x509", "cryptography.io.pem"
1365 ),
1366 x509.load_pem_x509_certificate,
1367 backend
1368 )
1369 ext = cert.extensions.get_extension_for_oid(
1370 x509.OID_AUTHORITY_KEY_IDENTIFIER
1371 )
1372 assert ext is not None
1373 assert ext.critical is False
1374
1375 assert ext.value.key_identifier == (
1376 b"\xc3\x9c\xf3\xfc\xd3F\x084\xbb\xceF\x7f\xa0|[\xf3\xe2\x08\xcbY"
1377 )
1378 assert ext.value.authority_cert_issuer is None
1379 assert ext.value.authority_cert_serial_number is None
1380
1381 def test_aki_all_fields(self, backend):
1382 cert = _load_cert(
1383 os.path.join(
1384 "x509", "custom", "authority_key_identifier.pem"
1385 ),
1386 x509.load_pem_x509_certificate,
1387 backend
1388 )
1389 ext = cert.extensions.get_extension_for_oid(
1390 x509.OID_AUTHORITY_KEY_IDENTIFIER
1391 )
1392 assert ext is not None
1393 assert ext.critical is False
1394
1395 assert ext.value.key_identifier == (
1396 b"9E>\xca=b\x1d\xea\x86I\xf6Z\xab@\xb7\xa4p\x98\xf1\xec"
1397 )
1398 assert ext.value.authority_cert_issuer == [
1399 x509.DirectoryName(
1400 x509.Name([
1401 x509.NameAttribute(
1402 x509.OID_ORGANIZATION_NAME, u"PyCA"
1403 ),
1404 x509.NameAttribute(
1405 x509.OID_COMMON_NAME, u"cryptography.io"
1406 )
1407 ])
1408 )
1409 ]
1410 assert ext.value.authority_cert_serial_number == 3
1411
1412 def test_aki_no_keyid(self, backend):
1413 cert = _load_cert(
1414 os.path.join(
1415 "x509", "custom", "authority_key_identifier_no_keyid.pem"
1416 ),
1417 x509.load_pem_x509_certificate,
1418 backend
1419 )
1420 ext = cert.extensions.get_extension_for_oid(
1421 x509.OID_AUTHORITY_KEY_IDENTIFIER
1422 )
1423 assert ext is not None
1424 assert ext.critical is False
1425
1426 assert ext.value.key_identifier is None
1427 assert ext.value.authority_cert_issuer == [
1428 x509.DirectoryName(
1429 x509.Name([
1430 x509.NameAttribute(
1431 x509.OID_ORGANIZATION_NAME, u"PyCA"
1432 ),
1433 x509.NameAttribute(
1434 x509.OID_COMMON_NAME, u"cryptography.io"
1435 )
1436 ])
1437 )
1438 ]
1439 assert ext.value.authority_cert_serial_number == 3
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1440
1441
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1442class TestDistributionPoint(object):
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1443 def test_distribution_point_full_name_not_general_names(self):
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1444 with pytest.raises(TypeError):
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1445 x509.DistributionPoint(["notgn"], None, None, None)
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1446
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1447 def test_distribution_point_relative_name_not_name(self):
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1448 with pytest.raises(TypeError):
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1449 x509.DistributionPoint(None, "notname", None, None)
1450
1451 def test_distribution_point_full_and_relative_not_none(self):
1452 with pytest.raises(ValueError):
1453 x509.DistributionPoint("data", "notname", None, None)
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1454
1455 def test_crl_issuer_not_general_names(self):
1456 with pytest.raises(TypeError):
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1457 x509.DistributionPoint(None, None, None, ["notgn"])
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1458
1459 def test_reason_not_reasonflags(self):
1460 with pytest.raises(TypeError):
1461 x509.DistributionPoint(
1462 [x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1463 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1464 frozenset(["notreasonflags"]),
1465 None
1466 )
1467
1468 def test_reason_not_frozenset(self):
1469 with pytest.raises(TypeError):
1470 x509.DistributionPoint(
1471 [x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
1472 None,
1473 [x509.ReasonFlags.ca_compromise],
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1474 None
1475 )
1476
1477 def test_disallowed_reasons(self):
1478 with pytest.raises(ValueError):
1479 x509.DistributionPoint(
1480 [x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
1481 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1482 frozenset([x509.ReasonFlags.unspecified]),
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1483 None
1484 )
1485
1486 with pytest.raises(ValueError):
1487 x509.DistributionPoint(
1488 [x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
1489 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1490 frozenset([x509.ReasonFlags.remove_from_crl]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1491 None
1492 )
1493
1494 def test_reason_only(self):
1495 with pytest.raises(ValueError):
1496 x509.DistributionPoint(
1497 None,
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1498 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1499 frozenset([x509.ReasonFlags.aa_compromise]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1500 None
1501 )
1502
1503 def test_eq(self):
1504 dp = x509.DistributionPoint(
1505 [x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1506 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1507 frozenset([x509.ReasonFlags.superseded]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1508 [
1509 x509.DirectoryName(
1510 x509.Name([
1511 x509.NameAttribute(
1512 x509.OID_COMMON_NAME, "Important CA"
1513 )
1514 ])
1515 )
1516 ],
1517 )
1518 dp2 = x509.DistributionPoint(
1519 [x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1520 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1521 frozenset([x509.ReasonFlags.superseded]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1522 [
1523 x509.DirectoryName(
1524 x509.Name([
1525 x509.NameAttribute(
1526 x509.OID_COMMON_NAME, "Important CA"
1527 )
1528 ])
1529 )
1530 ],
1531 )
1532 assert dp == dp2
1533
1534 def test_ne(self):
1535 dp = x509.DistributionPoint(
1536 [x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1537 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1538 frozenset([x509.ReasonFlags.superseded]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1539 [
1540 x509.DirectoryName(
1541 x509.Name([
1542 x509.NameAttribute(
1543 x509.OID_COMMON_NAME, "Important CA"
1544 )
1545 ])
1546 )
1547 ],
1548 )
1549 dp2 = x509.DistributionPoint(
1550 [x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
1551 None,
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1552 None,
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1553 None
1554 )
1555 assert dp != dp2
1556 assert dp != object()
1557
1558 def test_repr(self):
1559 dp = x509.DistributionPoint(
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1560 None,
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1561 x509.Name([
1562 x509.NameAttribute(x509.OID_COMMON_NAME, "myCN")
1563 ]),
Paul Kehrer96ef63c2015-05-09 21:17:04 -0500[diff] [blame]1564 frozenset([x509.ReasonFlags.ca_compromise]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1565 [
1566 x509.DirectoryName(
1567 x509.Name([
1568 x509.NameAttribute(
1569 x509.OID_COMMON_NAME, "Important CA"
1570 )
1571 ])
1572 )
1573 ],
1574 )
Paul Kehrer749da3b2015-05-10 09:58:29 -0500[diff] [blame]1575 if six.PY3:
1576 assert repr(dp) == (
1577 "<DistributionPoint(full_name=None, relative_name=<Name([<Name"
1578 "Attribute(oid=<ObjectIdentifier(oid=2.5.4.3, name=commonName)"
1579 ">, value='myCN')>])>, reasons=frozenset({<ReasonFlags.ca_comp"
1580 "romise: 'cACompromise'>}), crl_issuer=[<DirectoryName(value=<"
1581 "Name([<NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.3, name="
1582 "commonName)>, value='Important CA')>])>)>])>"
1583 )
1584 else:
1585 assert repr(dp) == (
1586 "<DistributionPoint(full_name=None, relative_name=<Name([<Name"
1587 "Attribute(oid=<ObjectIdentifier(oid=2.5.4.3, name=commonName)"
1588 ">, value='myCN')>])>, reasons=frozenset([<ReasonFlags.ca_comp"
1589 "romise: 'cACompromise'>]), crl_issuer=[<DirectoryName(value=<"
1590 "Name([<NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.3, name="
1591 "commonName)>, value='Important CA')>])>)>])>"
1592 )
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1593
1594
1595class TestCRLDistributionPoints(object):
1596 def test_invalid_distribution_points(self):
1597 with pytest.raises(TypeError):
1598 x509.CRLDistributionPoints(["notadistributionpoint"])
1599
1600 def test_iter_len(self):
1601 cdp = x509.CRLDistributionPoints([
1602 x509.DistributionPoint(
1603 [x509.UniformResourceIdentifier(u"http://domain")],
1604 None,
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1605 None,
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1606 None
1607 ),
1608 x509.DistributionPoint(
1609 [x509.UniformResourceIdentifier(u"ftp://domain")],
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1610 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1611 frozenset([
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1612 x509.ReasonFlags.key_compromise,
1613 x509.ReasonFlags.ca_compromise,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1614 ]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1615 None
1616 ),
1617 ])
1618 assert len(cdp) == 2
1619 assert list(cdp) == [
1620 x509.DistributionPoint(
1621 [x509.UniformResourceIdentifier(u"http://domain")],
1622 None,
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1623 None,
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1624 None
1625 ),
1626 x509.DistributionPoint(
1627 [x509.UniformResourceIdentifier(u"ftp://domain")],
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1628 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1629 frozenset([
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1630 x509.ReasonFlags.key_compromise,
1631 x509.ReasonFlags.ca_compromise,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1632 ]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1633 None
1634 ),
1635 ]
1636
1637 def test_repr(self):
1638 cdp = x509.CRLDistributionPoints([
1639 x509.DistributionPoint(
1640 [x509.UniformResourceIdentifier(u"ftp://domain")],
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1641 None,
Paul Kehrer96ef63c2015-05-09 21:17:04 -0500[diff] [blame]1642 frozenset([x509.ReasonFlags.key_compromise]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1643 None
1644 ),
1645 ])
Paul Kehrer749da3b2015-05-10 09:58:29 -0500[diff] [blame]1646 if six.PY3:
1647 assert repr(cdp) == (
1648 "<CRLDistributionPoints([<DistributionPoint(full_name=[<Unifo"
1649 "rmResourceIdentifier(value=ftp://domain)>], relative_name=No"
1650 "ne, reasons=frozenset({<ReasonFlags.key_compromise: 'keyComp"
1651 "romise'>}), crl_issuer=None)>])>"
1652 )
1653 else:
1654 assert repr(cdp) == (
1655 "<CRLDistributionPoints([<DistributionPoint(full_name=[<Unifo"
1656 "rmResourceIdentifier(value=ftp://domain)>], relative_name=No"
1657 "ne, reasons=frozenset([<ReasonFlags.key_compromise: 'keyComp"
1658 "romise'>]), crl_issuer=None)>])>"
1659 )
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1660
1661 def test_eq(self):
1662 cdp = x509.CRLDistributionPoints([
1663 x509.DistributionPoint(
1664 [x509.UniformResourceIdentifier(u"ftp://domain")],
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1665 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1666 frozenset([
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1667 x509.ReasonFlags.key_compromise,
1668 x509.ReasonFlags.ca_compromise,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1669 ]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1670 [x509.UniformResourceIdentifier(u"uri://thing")],
1671 ),
1672 ])
1673 cdp2 = x509.CRLDistributionPoints([
1674 x509.DistributionPoint(
1675 [x509.UniformResourceIdentifier(u"ftp://domain")],
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1676 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1677 frozenset([
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1678 x509.ReasonFlags.key_compromise,
1679 x509.ReasonFlags.ca_compromise,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1680 ]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1681 [x509.UniformResourceIdentifier(u"uri://thing")],
1682 ),
1683 ])
1684 assert cdp == cdp2
1685
1686 def test_ne(self):
1687 cdp = x509.CRLDistributionPoints([
1688 x509.DistributionPoint(
1689 [x509.UniformResourceIdentifier(u"ftp://domain")],
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1690 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1691 frozenset([
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1692 x509.ReasonFlags.key_compromise,
1693 x509.ReasonFlags.ca_compromise,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1694 ]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1695 [x509.UniformResourceIdentifier(u"uri://thing")],
1696 ),
1697 ])
1698 cdp2 = x509.CRLDistributionPoints([
1699 x509.DistributionPoint(
1700 [x509.UniformResourceIdentifier(u"ftp://domain2")],
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1701 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1702 frozenset([
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1703 x509.ReasonFlags.key_compromise,
1704 x509.ReasonFlags.ca_compromise,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1705 ]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1706 [x509.UniformResourceIdentifier(u"uri://thing")],
1707 ),
1708 ])
1709 cdp3 = x509.CRLDistributionPoints([
1710 x509.DistributionPoint(
1711 [x509.UniformResourceIdentifier(u"ftp://domain")],
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1712 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1713 frozenset([x509.ReasonFlags.key_compromise]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1714 [x509.UniformResourceIdentifier(u"uri://thing")],
1715 ),
1716 ])
1717 cdp4 = x509.CRLDistributionPoints([
1718 x509.DistributionPoint(
1719 [x509.UniformResourceIdentifier(u"ftp://domain")],
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1720 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1721 frozenset([
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1722 x509.ReasonFlags.key_compromise,
1723 x509.ReasonFlags.ca_compromise,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1724 ]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1725 [x509.UniformResourceIdentifier(u"uri://thing2")],
1726 ),
1727 ])
1728 assert cdp != cdp2
1729 assert cdp != cdp3
1730 assert cdp != cdp4
1731 assert cdp != object()