Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cryptography / 30c5ccdfb505e33dcdaa7f248c3479e3050a70da / . / tests / test_x509.py
blob: 0a120ebab244cf3afc436aa5a29e81f4d55b56f4 [file] [log] [blame]
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]1# This file is dual licensed under the terms of the Apache License, Version
2# 2.0, and the BSD License. See the LICENSE file in the root of this repository
3# for complete details.
4
5from __future__ import absolute_import, division, print_function
6
7import base64
8import datetime
9import os
10import textwrap
11
12import pytest
13
14from cryptography import x509
Paul Kehrera9d78c12014-11-26 10:59:03 -1000[diff] [blame]15from cryptography.exceptions import InvalidX509Version
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]16from cryptography.hazmat.backends.interfaces import RSABackend, X509Backend
17from cryptography.hazmat.primitives import interfaces
18
Paul Kehrera9d78c12014-11-26 10:59:03 -1000[diff] [blame]19from .utils import load_vectors_from_file
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]20
21
22def _der_to_pem(data):
23 lines = textwrap.wrap(base64.b64encode(data), 64)
24 return (
25 "-----BEGIN CERTIFICATE-----\n" +
26 "\n".join(lines) +
27 "\n-----END CERTIFICATE-----"
28 )
29
30
31def _load_der_cert(name, backend):
32 cert = load_vectors_from_file(
33 os.path.join(
34 "x509", "PKITS_data", "certs", name),
35 lambda pemfile: x509.load_der_x509_certificate(
36 pemfile.read(), backend
37 )
38 )
39 return cert
40
41
42@pytest.mark.requires_backend_interface(interface=RSABackend)
43@pytest.mark.requires_backend_interface(interface=X509Backend)
44class TestX509Certificate(object):
45 def test_load_good_ca_cert(self, backend):
46 cert = _load_der_cert("GoodCACert.crt", backend)
47
48 assert cert
49 assert cert.not_before == datetime.datetime(2010, 1, 1, 8, 30)
50 assert cert.not_after == datetime.datetime(2030, 12, 31, 8, 30)
51 assert cert.serial == 2
52 public_key = cert.public_key()
53 assert isinstance(public_key, interfaces.RSAPublicKey)
54 assert cert.version == x509.X509Version.v3
55
56 def test_pre_2000_utc_not_before_cert(self, backend):
57 cert = _load_der_cert(
58 "Validpre2000UTCnotBeforeDateTest3EE.crt",
59 backend
60 )
61
62 assert cert
63 assert cert.not_before == datetime.datetime(1950, 1, 1, 12, 1)
64 assert cert.not_after == datetime.datetime(2030, 12, 31, 8, 30)
65 assert cert.version == x509.X509Version.v3
66
67 def test_generalized_time_not_before_cert(self, backend):
68 cert = _load_der_cert(
69 "ValidGeneralizedTimenotBeforeDateTest4EE.crt",
70 backend
71 )
72
73 assert cert
74 assert cert.not_before == datetime.datetime(2002, 1, 1, 12, 1)
75 assert cert.not_after == datetime.datetime(2030, 12, 31, 8, 30)
76 assert cert.version == x509.X509Version.v3
77
78 def test_generalized_time_not_after_cert(self, backend):
79 cert = _load_der_cert(
80 "ValidGeneralizedTimenotAfterDateTest8EE.crt",
81 backend
82 )
83 assert cert
84 assert cert.not_before == datetime.datetime(2010, 1, 1, 8, 30)
85 assert cert.not_after == datetime.datetime(2050, 1, 1, 12, 1)
86 assert cert.version == x509.X509Version.v3
Paul Kehrera9d78c12014-11-26 10:59:03 -1000[diff] [blame]87
88 def test_invalid_version_cert(self, backend):
89 cert = load_vectors_from_file(
90 os.path.join("x509", "custom", "invalid_version.pem"),
91 lambda pemfile: x509.load_pem_x509_certificate(
92 pemfile.read(), backend
93 )
94 )
95 with pytest.raises(InvalidX509Version):
96 cert.version
Paul Kehrer30c5ccd2014-11-26 11:10:28 -1000[diff] [blame^]97
98 def test_version_1_cert(self, backend):
99 cert = load_vectors_from_file(
100 os.path.join("x509", "v1_cert.pem"),
101 lambda pemfile: x509.load_pem_x509_certificate(
102 pemfile.read(), backend
103 )
104 )
105 assert cert.version == x509.X509Version.v1