Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cryptography / 77c98e3c4ef69d0cfee665cd0835670f4ac44242 / . / tests / test_x509.py
blob: cf3499bf4a66a60e1bbb426cdd210cad020619d0 [file] [log] [blame]
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]1# This file is dual licensed under the terms of the Apache License, Version
2# 2.0, and the BSD License. See the LICENSE file in the root of this repository
3# for complete details.
4
5from __future__ import absolute_import, division, print_function
6
Paul Kehrer0307c372014-11-27 09:49:31 -1000[diff] [blame]7import binascii
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]8import datetime
9import os
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]10
11import pytest
12
Ian Cordascoa908d692015-06-16 21:35:24 -0500[diff] [blame]13import six
14
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]15from cryptography import x509
Paul Kehrer8802a5b2015-02-13 12:06:57 -0600[diff] [blame]16from cryptography.exceptions import UnsupportedAlgorithm
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]17from cryptography.hazmat.backends.interfaces import (
18 DSABackend, EllipticCurveBackend, RSABackend, X509Backend
19)
Andre Caron476c5df2015-05-18 10:23:28 -0400[diff] [blame]20from cryptography.hazmat.primitives import hashes, serialization
Alex Gaynor32c57df2015-02-23 21:51:27 -0800[diff] [blame]21from cryptography.hazmat.primitives.asymmetric import dsa, ec, rsa
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]22
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]23from .hazmat.primitives.test_ec import _skip_curve_unsupported
Paul Kehrera9d78c12014-11-26 10:59:03 -1000[diff] [blame]24from .utils import load_vectors_from_file
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]25
26
Paul Kehrer41120322014-12-02 18:31:14 -1000[diff] [blame]27def _load_cert(filename, loader, backend):
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]28 cert = load_vectors_from_file(
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]29 filename=filename,
30 loader=lambda pemfile: loader(pemfile.read(), backend),
31 mode="rb"
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]32 )
33 return cert
34
35
36@pytest.mark.requires_backend_interface(interface=RSABackend)
37@pytest.mark.requires_backend_interface(interface=X509Backend)
Paul Kehrere76cd272014-12-14 19:00:51 -0600[diff] [blame]38class TestRSACertificate(object):
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]39 def test_load_pem_cert(self, backend):
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]40 cert = _load_cert(
41 os.path.join("x509", "custom", "post2000utctime.pem"),
Paul Kehrer41120322014-12-02 18:31:14 -1000[diff] [blame]42 x509.load_pem_x509_certificate,
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]43 backend
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]44 )
Paul Kehrere76cd272014-12-14 19:00:51 -0600[diff] [blame]45 assert isinstance(cert, x509.Certificate)
46 assert cert.serial == 11559813051657483483
47 fingerprint = binascii.hexlify(cert.fingerprint(hashes.SHA1()))
48 assert fingerprint == b"2b619ed04bfc9c3b08eb677d272192286a0947a8"
Paul Kehrer8802a5b2015-02-13 12:06:57 -0600[diff] [blame]49 assert isinstance(cert.signature_hash_algorithm, hashes.SHA1)
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]50
51 def test_load_der_cert(self, backend):
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]52 cert = _load_cert(
53 os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"),
Paul Kehrer41120322014-12-02 18:31:14 -1000[diff] [blame]54 x509.load_der_x509_certificate,
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]55 backend
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]56 )
Paul Kehrere76cd272014-12-14 19:00:51 -0600[diff] [blame]57 assert isinstance(cert, x509.Certificate)
58 assert cert.serial == 2
59 fingerprint = binascii.hexlify(cert.fingerprint(hashes.SHA1()))
60 assert fingerprint == b"6f49779533d565e8b7c1062503eab41492c38e4d"
Paul Kehrer8802a5b2015-02-13 12:06:57 -0600[diff] [blame]61 assert isinstance(cert.signature_hash_algorithm, hashes.SHA256)
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]62
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]63 def test_issuer(self, backend):
64 cert = _load_cert(
65 os.path.join(
66 "x509", "PKITS_data", "certs",
67 "Validpre2000UTCnotBeforeDateTest3EE.crt"
68 ),
69 x509.load_der_x509_certificate,
70 backend
71 )
72 issuer = cert.issuer
73 assert isinstance(issuer, x509.Name)
Paul Kehrer8b21a4a2015-02-14 07:56:36 -0600[diff] [blame]74 assert list(issuer) == [
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]75 x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]76 x509.NameAttribute(
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]77 x509.OID_ORGANIZATION_NAME, u'Test Certificates 2011'
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]78 ),
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]79 x509.NameAttribute(x509.OID_COMMON_NAME, u'Good CA')
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]80 ]
Paul Kehrere901d642015-02-11 18:50:58 -0600[diff] [blame]81 assert issuer.get_attributes_for_oid(x509.OID_COMMON_NAME) == [
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]82 x509.NameAttribute(x509.OID_COMMON_NAME, u'Good CA')
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]83 ]
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]84
85 def test_all_issuer_name_types(self, backend):
86 cert = _load_cert(
87 os.path.join(
88 "x509", "custom",
89 "all_supported_names.pem"
90 ),
91 x509.load_pem_x509_certificate,
92 backend
93 )
94 issuer = cert.issuer
95
96 assert isinstance(issuer, x509.Name)
Paul Kehrer8b21a4a2015-02-14 07:56:36 -0600[diff] [blame]97 assert list(issuer) == [
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]98 x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
99 x509.NameAttribute(x509.OID_COUNTRY_NAME, u'CA'),
100 x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Texas'),
101 x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Illinois'),
102 x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Chicago'),
103 x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Austin'),
104 x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'Zero, LLC'),
105 x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'One, LLC'),
106 x509.NameAttribute(x509.OID_COMMON_NAME, u'common name 0'),
107 x509.NameAttribute(x509.OID_COMMON_NAME, u'common name 1'),
108 x509.NameAttribute(x509.OID_ORGANIZATIONAL_UNIT_NAME, u'OU 0'),
109 x509.NameAttribute(x509.OID_ORGANIZATIONAL_UNIT_NAME, u'OU 1'),
110 x509.NameAttribute(x509.OID_DN_QUALIFIER, u'dnQualifier0'),
111 x509.NameAttribute(x509.OID_DN_QUALIFIER, u'dnQualifier1'),
112 x509.NameAttribute(x509.OID_SERIAL_NUMBER, u'123'),
113 x509.NameAttribute(x509.OID_SERIAL_NUMBER, u'456'),
114 x509.NameAttribute(x509.OID_TITLE, u'Title 0'),
115 x509.NameAttribute(x509.OID_TITLE, u'Title 1'),
116 x509.NameAttribute(x509.OID_SURNAME, u'Surname 0'),
117 x509.NameAttribute(x509.OID_SURNAME, u'Surname 1'),
118 x509.NameAttribute(x509.OID_GIVEN_NAME, u'Given Name 0'),
119 x509.NameAttribute(x509.OID_GIVEN_NAME, u'Given Name 1'),
120 x509.NameAttribute(x509.OID_PSEUDONYM, u'Incognito 0'),
121 x509.NameAttribute(x509.OID_PSEUDONYM, u'Incognito 1'),
122 x509.NameAttribute(x509.OID_GENERATION_QUALIFIER, u'Last Gen'),
123 x509.NameAttribute(x509.OID_GENERATION_QUALIFIER, u'Next Gen'),
124 x509.NameAttribute(x509.OID_DOMAIN_COMPONENT, u'dc0'),
125 x509.NameAttribute(x509.OID_DOMAIN_COMPONENT, u'dc1'),
126 x509.NameAttribute(x509.OID_EMAIL_ADDRESS, u'test0@test.local'),
127 x509.NameAttribute(x509.OID_EMAIL_ADDRESS, u'test1@test.local'),
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]128 ]
129
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]130 def test_subject(self, backend):
131 cert = _load_cert(
132 os.path.join(
133 "x509", "PKITS_data", "certs",
134 "Validpre2000UTCnotBeforeDateTest3EE.crt"
135 ),
136 x509.load_der_x509_certificate,
137 backend
138 )
139 subject = cert.subject
140 assert isinstance(subject, x509.Name)
Paul Kehrer8b21a4a2015-02-14 07:56:36 -0600[diff] [blame]141 assert list(subject) == [
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]142 x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]143 x509.NameAttribute(
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]144 x509.OID_ORGANIZATION_NAME, u'Test Certificates 2011'
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]145 ),
146 x509.NameAttribute(
147 x509.OID_COMMON_NAME,
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]148 u'Valid pre2000 UTC notBefore Date EE Certificate Test3'
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]149 )
150 ]
Paul Kehrere901d642015-02-11 18:50:58 -0600[diff] [blame]151 assert subject.get_attributes_for_oid(x509.OID_COMMON_NAME) == [
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]152 x509.NameAttribute(
153 x509.OID_COMMON_NAME,
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]154 u'Valid pre2000 UTC notBefore Date EE Certificate Test3'
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]155 )
156 ]
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]157
158 def test_unicode_name(self, backend):
159 cert = _load_cert(
160 os.path.join(
161 "x509", "custom",
162 "utf8_common_name.pem"
163 ),
164 x509.load_pem_x509_certificate,
165 backend
166 )
Paul Kehrere901d642015-02-11 18:50:58 -0600[diff] [blame]167 assert cert.subject.get_attributes_for_oid(x509.OID_COMMON_NAME) == [
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]168 x509.NameAttribute(
169 x509.OID_COMMON_NAME,
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]170 u'We heart UTF8!\u2122'
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]171 )
172 ]
Paul Kehrere901d642015-02-11 18:50:58 -0600[diff] [blame]173 assert cert.issuer.get_attributes_for_oid(x509.OID_COMMON_NAME) == [
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]174 x509.NameAttribute(
175 x509.OID_COMMON_NAME,
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]176 u'We heart UTF8!\u2122'
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]177 )
178 ]
179
180 def test_all_subject_name_types(self, backend):
181 cert = _load_cert(
182 os.path.join(
183 "x509", "custom",
184 "all_supported_names.pem"
185 ),
186 x509.load_pem_x509_certificate,
187 backend
188 )
189 subject = cert.subject
190 assert isinstance(subject, x509.Name)
Paul Kehrer8b21a4a2015-02-14 07:56:36 -0600[diff] [blame]191 assert list(subject) == [
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]192 x509.NameAttribute(x509.OID_COUNTRY_NAME, u'AU'),
193 x509.NameAttribute(x509.OID_COUNTRY_NAME, u'DE'),
194 x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'California'),
195 x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'New York'),
196 x509.NameAttribute(x509.OID_LOCALITY_NAME, u'San Francisco'),
197 x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Ithaca'),
198 x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'Org Zero, LLC'),
199 x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'Org One, LLC'),
200 x509.NameAttribute(x509.OID_COMMON_NAME, u'CN 0'),
201 x509.NameAttribute(x509.OID_COMMON_NAME, u'CN 1'),
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]202 x509.NameAttribute(
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]203 x509.OID_ORGANIZATIONAL_UNIT_NAME, u'Engineering 0'
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]204 ),
205 x509.NameAttribute(
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]206 x509.OID_ORGANIZATIONAL_UNIT_NAME, u'Engineering 1'
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]207 ),
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]208 x509.NameAttribute(x509.OID_DN_QUALIFIER, u'qualified0'),
209 x509.NameAttribute(x509.OID_DN_QUALIFIER, u'qualified1'),
210 x509.NameAttribute(x509.OID_SERIAL_NUMBER, u'789'),
211 x509.NameAttribute(x509.OID_SERIAL_NUMBER, u'012'),
212 x509.NameAttribute(x509.OID_TITLE, u'Title IX'),
213 x509.NameAttribute(x509.OID_TITLE, u'Title X'),
214 x509.NameAttribute(x509.OID_SURNAME, u'Last 0'),
215 x509.NameAttribute(x509.OID_SURNAME, u'Last 1'),
216 x509.NameAttribute(x509.OID_GIVEN_NAME, u'First 0'),
217 x509.NameAttribute(x509.OID_GIVEN_NAME, u'First 1'),
218 x509.NameAttribute(x509.OID_PSEUDONYM, u'Guy Incognito 0'),
219 x509.NameAttribute(x509.OID_PSEUDONYM, u'Guy Incognito 1'),
220 x509.NameAttribute(x509.OID_GENERATION_QUALIFIER, u'32X'),
221 x509.NameAttribute(x509.OID_GENERATION_QUALIFIER, u'Dreamcast'),
222 x509.NameAttribute(x509.OID_DOMAIN_COMPONENT, u'dc2'),
223 x509.NameAttribute(x509.OID_DOMAIN_COMPONENT, u'dc3'),
224 x509.NameAttribute(x509.OID_EMAIL_ADDRESS, u'test2@test.local'),
225 x509.NameAttribute(x509.OID_EMAIL_ADDRESS, u'test3@test.local'),
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]226 ]
227
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]228 def test_load_good_ca_cert(self, backend):
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]229 cert = _load_cert(
230 os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"),
Paul Kehrer41120322014-12-02 18:31:14 -1000[diff] [blame]231 x509.load_der_x509_certificate,
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]232 backend
233 )
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]234
Paul Kehrerd9fc7252014-12-11 12:25:00 -0600[diff] [blame]235 assert cert.not_valid_before == datetime.datetime(2010, 1, 1, 8, 30)
236 assert cert.not_valid_after == datetime.datetime(2030, 12, 31, 8, 30)
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]237 assert cert.serial == 2
238 public_key = cert.public_key()
Alex Gaynor32c57df2015-02-23 21:51:27 -0800[diff] [blame]239 assert isinstance(public_key, rsa.RSAPublicKey)
Paul Kehrere76cd272014-12-14 19:00:51 -0600[diff] [blame]240 assert cert.version is x509.Version.v3
Paul Kehrer0307c372014-11-27 09:49:31 -1000[diff] [blame]241 fingerprint = binascii.hexlify(cert.fingerprint(hashes.SHA1()))
Paul Kehrer4e1db792014-11-27 10:50:55 -1000[diff] [blame]242 assert fingerprint == b"6f49779533d565e8b7c1062503eab41492c38e4d"
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]243
Paul Kehrer1eb5b862014-11-26 11:44:03 -1000[diff] [blame]244 def test_utc_pre_2000_not_before_cert(self, backend):
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]245 cert = _load_cert(
246 os.path.join(
247 "x509", "PKITS_data", "certs",
248 "Validpre2000UTCnotBeforeDateTest3EE.crt"
249 ),
Paul Kehrer41120322014-12-02 18:31:14 -1000[diff] [blame]250 x509.load_der_x509_certificate,
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]251 backend
252 )
253
Paul Kehrerd9fc7252014-12-11 12:25:00 -0600[diff] [blame]254 assert cert.not_valid_before == datetime.datetime(1950, 1, 1, 12, 1)
Paul Kehrer1eb5b862014-11-26 11:44:03 -1000[diff] [blame]255
256 def test_pre_2000_utc_not_after_cert(self, backend):
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]257 cert = _load_cert(
258 os.path.join(
259 "x509", "PKITS_data", "certs",
260 "Invalidpre2000UTCEEnotAfterDateTest7EE.crt"
261 ),
Paul Kehrer41120322014-12-02 18:31:14 -1000[diff] [blame]262 x509.load_der_x509_certificate,
Paul Kehrer1eb5b862014-11-26 11:44:03 -1000[diff] [blame]263 backend
264 )
265
Paul Kehrerd9fc7252014-12-11 12:25:00 -0600[diff] [blame]266 assert cert.not_valid_after == datetime.datetime(1999, 1, 1, 12, 1)
Paul Kehrer1eb5b862014-11-26 11:44:03 -1000[diff] [blame]267
268 def test_post_2000_utc_cert(self, backend):
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]269 cert = _load_cert(
Paul Kehrer1eb5b862014-11-26 11:44:03 -1000[diff] [blame]270 os.path.join("x509", "custom", "post2000utctime.pem"),
Paul Kehrer41120322014-12-02 18:31:14 -1000[diff] [blame]271 x509.load_pem_x509_certificate,
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]272 backend
Paul Kehrer1eb5b862014-11-26 11:44:03 -1000[diff] [blame]273 )
Paul Kehrerd9fc7252014-12-11 12:25:00 -0600[diff] [blame]274 assert cert.not_valid_before == datetime.datetime(
275 2014, 11, 26, 21, 41, 20
276 )
277 assert cert.not_valid_after == datetime.datetime(
278 2014, 12, 26, 21, 41, 20
279 )
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]280
281 def test_generalized_time_not_before_cert(self, backend):
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]282 cert = _load_cert(
283 os.path.join(
284 "x509", "PKITS_data", "certs",
285 "ValidGeneralizedTimenotBeforeDateTest4EE.crt"
286 ),
Paul Kehrer41120322014-12-02 18:31:14 -1000[diff] [blame]287 x509.load_der_x509_certificate,
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]288 backend
289 )
Paul Kehrerd9fc7252014-12-11 12:25:00 -0600[diff] [blame]290 assert cert.not_valid_before == datetime.datetime(2002, 1, 1, 12, 1)
291 assert cert.not_valid_after == datetime.datetime(2030, 12, 31, 8, 30)
Paul Kehrere76cd272014-12-14 19:00:51 -0600[diff] [blame]292 assert cert.version is x509.Version.v3
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]293
294 def test_generalized_time_not_after_cert(self, backend):
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]295 cert = _load_cert(
296 os.path.join(
297 "x509", "PKITS_data", "certs",
298 "ValidGeneralizedTimenotAfterDateTest8EE.crt"
299 ),
Paul Kehrer41120322014-12-02 18:31:14 -1000[diff] [blame]300 x509.load_der_x509_certificate,
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]301 backend
302 )
Paul Kehrerd9fc7252014-12-11 12:25:00 -0600[diff] [blame]303 assert cert.not_valid_before == datetime.datetime(2010, 1, 1, 8, 30)
304 assert cert.not_valid_after == datetime.datetime(2050, 1, 1, 12, 1)
Paul Kehrere76cd272014-12-14 19:00:51 -0600[diff] [blame]305 assert cert.version is x509.Version.v3
Paul Kehrera9d78c12014-11-26 10:59:03 -1000[diff] [blame]306
307 def test_invalid_version_cert(self, backend):
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]308 cert = _load_cert(
Paul Kehrera9d78c12014-11-26 10:59:03 -1000[diff] [blame]309 os.path.join("x509", "custom", "invalid_version.pem"),
Paul Kehrer41120322014-12-02 18:31:14 -1000[diff] [blame]310 x509.load_pem_x509_certificate,
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]311 backend
Paul Kehrera9d78c12014-11-26 10:59:03 -1000[diff] [blame]312 )
Paul Kehrerd5cccf72014-12-15 17:20:33 -0600[diff] [blame]313 with pytest.raises(x509.InvalidVersion) as exc:
Paul Kehrera9d78c12014-11-26 10:59:03 -1000[diff] [blame]314 cert.version
Paul Kehrer30c5ccd2014-11-26 11:10:28 -1000[diff] [blame]315
Paul Kehrerd5cccf72014-12-15 17:20:33 -0600[diff] [blame]316 assert exc.value.parsed_version == 7
317
Paul Kehrer8bbdc6f2015-04-30 16:47:16 -0500[diff] [blame]318 def test_eq(self, backend):
319 cert = _load_cert(
320 os.path.join("x509", "custom", "post2000utctime.pem"),
321 x509.load_pem_x509_certificate,
322 backend
323 )
324 cert2 = _load_cert(
325 os.path.join("x509", "custom", "post2000utctime.pem"),
326 x509.load_pem_x509_certificate,
327 backend
328 )
329 assert cert == cert2
330
331 def test_ne(self, backend):
332 cert = _load_cert(
333 os.path.join("x509", "custom", "post2000utctime.pem"),
334 x509.load_pem_x509_certificate,
335 backend
336 )
337 cert2 = _load_cert(
338 os.path.join(
339 "x509", "PKITS_data", "certs",
340 "ValidGeneralizedTimenotAfterDateTest8EE.crt"
341 ),
342 x509.load_der_x509_certificate,
343 backend
344 )
345 assert cert != cert2
346 assert cert != object()
347
Paul Kehrer30c5ccd2014-11-26 11:10:28 -1000[diff] [blame]348 def test_version_1_cert(self, backend):
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]349 cert = _load_cert(
Paul Kehrer30c5ccd2014-11-26 11:10:28 -1000[diff] [blame]350 os.path.join("x509", "v1_cert.pem"),
Paul Kehrer41120322014-12-02 18:31:14 -1000[diff] [blame]351 x509.load_pem_x509_certificate,
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]352 backend
Paul Kehrer30c5ccd2014-11-26 11:10:28 -1000[diff] [blame]353 )
Paul Kehrere76cd272014-12-14 19:00:51 -0600[diff] [blame]354 assert cert.version is x509.Version.v1
Paul Kehrer7638c312014-11-26 11:13:31 -1000[diff] [blame]355
356 def test_invalid_pem(self, backend):
357 with pytest.raises(ValueError):
358 x509.load_pem_x509_certificate(b"notacert", backend)
359
360 def test_invalid_der(self, backend):
361 with pytest.raises(ValueError):
362 x509.load_der_x509_certificate(b"notacert", backend)
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]363
Paul Kehrer8802a5b2015-02-13 12:06:57 -0600[diff] [blame]364 def test_unsupported_signature_hash_algorithm_cert(self, backend):
365 cert = _load_cert(
366 os.path.join("x509", "verisign_md2_root.pem"),
367 x509.load_pem_x509_certificate,
368 backend
369 )
370 with pytest.raises(UnsupportedAlgorithm):
371 cert.signature_hash_algorithm
372
Andre Carona8aded62015-05-19 20:11:57 -0400[diff] [blame]373 def test_public_bytes_pem(self, backend):
374 # Load an existing certificate.
375 cert = _load_cert(
376 os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"),
377 x509.load_der_x509_certificate,
378 backend
379 )
380
381 # Encode it to PEM and load it back.
382 cert = x509.load_pem_x509_certificate(cert.public_bytes(
383 encoding=serialization.Encoding.PEM,
384 ), backend)
385
386 # We should recover what we had to start with.
387 assert cert.not_valid_before == datetime.datetime(2010, 1, 1, 8, 30)
388 assert cert.not_valid_after == datetime.datetime(2030, 12, 31, 8, 30)
389 assert cert.serial == 2
390 public_key = cert.public_key()
391 assert isinstance(public_key, rsa.RSAPublicKey)
392 assert cert.version is x509.Version.v3
393 fingerprint = binascii.hexlify(cert.fingerprint(hashes.SHA1()))
394 assert fingerprint == b"6f49779533d565e8b7c1062503eab41492c38e4d"
395
396 def test_public_bytes_der(self, backend):
397 # Load an existing certificate.
398 cert = _load_cert(
399 os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"),
400 x509.load_der_x509_certificate,
401 backend
402 )
403
404 # Encode it to DER and load it back.
405 cert = x509.load_der_x509_certificate(cert.public_bytes(
406 encoding=serialization.Encoding.DER,
407 ), backend)
408
409 # We should recover what we had to start with.
410 assert cert.not_valid_before == datetime.datetime(2010, 1, 1, 8, 30)
411 assert cert.not_valid_after == datetime.datetime(2030, 12, 31, 8, 30)
412 assert cert.serial == 2
413 public_key = cert.public_key()
414 assert isinstance(public_key, rsa.RSAPublicKey)
415 assert cert.version is x509.Version.v3
416 fingerprint = binascii.hexlify(cert.fingerprint(hashes.SHA1()))
417 assert fingerprint == b"6f49779533d565e8b7c1062503eab41492c38e4d"
418
419 def test_public_bytes_invalid_encoding(self, backend):
420 cert = _load_cert(
421 os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"),
422 x509.load_der_x509_certificate,
423 backend
424 )
425
426 with pytest.raises(TypeError):
427 cert.public_bytes('NotAnEncoding')
428
429 @pytest.mark.parametrize(
430 ("cert_path", "loader_func", "encoding"),
431 [
432 (
433 os.path.join("x509", "v1_cert.pem"),
434 x509.load_pem_x509_certificate,
435 serialization.Encoding.PEM,
436 ),
437 (
438 os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"),
439 x509.load_der_x509_certificate,
440 serialization.Encoding.DER,
441 ),
442 ]
443 )
444 def test_public_bytes_match(self, cert_path, loader_func, encoding,
445 backend):
446 cert_bytes = load_vectors_from_file(
447 cert_path, lambda pemfile: pemfile.read(), mode="rb"
448 )
449 cert = loader_func(cert_bytes, backend)
450 serialized = cert.public_bytes(encoding)
451 assert serialized == cert_bytes
452
Major Haydenf315af22015-06-17 14:02:26 -0500[diff] [blame]453 def test_certificate_repr(self, backend):
454 cert = _load_cert(
455 os.path.join(
456 "x509", "cryptography.io.pem"
457 ),
458 x509.load_pem_x509_certificate,
459 backend
460 )
461 if six.PY3:
462 assert repr(cert) == (
463 "<Certificate(subject=<Name([<NameAttribute(oid=<ObjectIdentif"
464 "ier(oid=2.5.4.11, name=organizationalUnitName)>, value='GT487"
465 "42965')>, <NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.11, "
466 "name=organizationalUnitName)>, value='See www.rapidssl.com/re"
467 "sources/cps (c)14')>, <NameAttribute(oid=<ObjectIdentifier(oi"
468 "d=2.5.4.11, name=organizationalUnitName)>, value='Domain Cont"
469 "rol Validated - RapidSSL(R)')>, <NameAttribute(oid=<ObjectIde"
470 "ntifier(oid=2.5.4.3, name=commonName)>, value='www.cryptograp"
471 "hy.io')>])>, ...)>"
472 )
473 else:
474 assert repr(cert) == (
475 "<Certificate(subject=<Name([<NameAttribute(oid=<ObjectIdentif"
476 "ier(oid=2.5.4.11, name=organizationalUnitName)>, value=u'GT48"
477 "742965')>, <NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.11,"
478 " name=organizationalUnitName)>, value=u'See www.rapidssl.com/"
479 "resources/cps (c)14')>, <NameAttribute(oid=<ObjectIdentifier("
480 "oid=2.5.4.11, name=organizationalUnitName)>, value=u'Domain C"
481 "ontrol Validated - RapidSSL(R)')>, <NameAttribute(oid=<Object"
482 "Identifier(oid=2.5.4.3, name=commonName)>, value=u'www.crypto"
483 "graphy.io')>])>, ...)>"
484 )
485
Andre Carona8aded62015-05-19 20:11:57 -0400[diff] [blame]486
487@pytest.mark.requires_backend_interface(interface=RSABackend)
488@pytest.mark.requires_backend_interface(interface=X509Backend)
489class TestRSACertificateRequest(object):
Paul Kehrer1effb6e2015-03-30 15:05:59 -0500[diff] [blame]490 @pytest.mark.parametrize(
491 ("path", "loader_func"),
492 [
493 [
494 os.path.join("x509", "requests", "rsa_sha1.pem"),
495 x509.load_pem_x509_csr
496 ],
497 [
498 os.path.join("x509", "requests", "rsa_sha1.der"),
499 x509.load_der_x509_csr
500 ],
501 ]
502 )
503 def test_load_rsa_certificate_request(self, path, loader_func, backend):
504 request = _load_cert(path, loader_func, backend)
Paul Kehrerdc480ad2015-02-23 12:14:54 -0600[diff] [blame]505 assert isinstance(request.signature_hash_algorithm, hashes.SHA1)
506 public_key = request.public_key()
507 assert isinstance(public_key, rsa.RSAPublicKey)
508 subject = request.subject
509 assert isinstance(subject, x509.Name)
510 assert list(subject) == [
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]511 x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
512 x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Texas'),
513 x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Austin'),
514 x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'PyCA'),
515 x509.NameAttribute(x509.OID_COMMON_NAME, u'cryptography.io'),
Paul Kehrerdc480ad2015-02-23 12:14:54 -0600[diff] [blame]516 ]
Andre Caron6e721a92015-05-17 15:08:48 -0400[diff] [blame]517 extensions = request.extensions
518 assert isinstance(extensions, x509.Extensions)
519 assert list(extensions) == []
Paul Kehrerdc480ad2015-02-23 12:14:54 -0600[diff] [blame]520
Paul Kehrer1effb6e2015-03-30 15:05:59 -0500[diff] [blame]521 @pytest.mark.parametrize(
522 "loader_func",
523 [x509.load_pem_x509_csr, x509.load_der_x509_csr]
524 )
525 def test_invalid_certificate_request(self, loader_func, backend):
Paul Kehrerb759e292015-03-17 07:34:41 -0500[diff] [blame]526 with pytest.raises(ValueError):
Paul Kehrer1effb6e2015-03-30 15:05:59 -0500[diff] [blame]527 loader_func(b"notacsr", backend)
Paul Kehrerb759e292015-03-17 07:34:41 -0500[diff] [blame]528
Paul Kehrerdc480ad2015-02-23 12:14:54 -0600[diff] [blame]529 def test_unsupported_signature_hash_algorithm_request(self, backend):
530 request = _load_cert(
531 os.path.join("x509", "requests", "rsa_md4.pem"),
Paul Kehrer31e39882015-03-11 11:37:04 -0500[diff] [blame]532 x509.load_pem_x509_csr,
Paul Kehrerdc480ad2015-02-23 12:14:54 -0600[diff] [blame]533 backend
534 )
535 with pytest.raises(UnsupportedAlgorithm):
536 request.signature_hash_algorithm
537
Andre Caron6e721a92015-05-17 15:08:48 -0400[diff] [blame]538 def test_duplicate_extension(self, backend):
539 request = _load_cert(
540 os.path.join(
541 "x509", "requests", "two_basic_constraints.pem"
542 ),
543 x509.load_pem_x509_csr,
544 backend
545 )
546 with pytest.raises(x509.DuplicateExtension) as exc:
547 request.extensions
548
549 assert exc.value.oid == x509.OID_BASIC_CONSTRAINTS
550
551 def test_unsupported_critical_extension(self, backend):
552 request = _load_cert(
553 os.path.join(
554 "x509", "requests", "unsupported_extension_critical.pem"
555 ),
556 x509.load_pem_x509_csr,
557 backend
558 )
559 with pytest.raises(x509.UnsupportedExtension) as exc:
560 request.extensions
561
562 assert exc.value.oid == x509.ObjectIdentifier('1.2.3.4')
563
564 def test_unsupported_extension(self, backend):
565 request = _load_cert(
566 os.path.join(
567 "x509", "requests", "unsupported_extension.pem"
568 ),
569 x509.load_pem_x509_csr,
570 backend
571 )
572 extensions = request.extensions
573 assert len(extensions) == 0
574
575 def test_request_basic_constraints(self, backend):
576 request = _load_cert(
577 os.path.join(
578 "x509", "requests", "basic_constraints.pem"
579 ),
580 x509.load_pem_x509_csr,
581 backend
582 )
583 extensions = request.extensions
584 assert isinstance(extensions, x509.Extensions)
585 assert list(extensions) == [
586 x509.Extension(
587 x509.OID_BASIC_CONSTRAINTS,
588 True,
589 x509.BasicConstraints(True, 1),
590 ),
591 ]
592
Andre Caronf27e4f42015-05-18 17:54:59 -0400[diff] [blame]593 def test_public_bytes_pem(self, backend):
Andre Caron476c5df2015-05-18 10:23:28 -0400[diff] [blame]594 # Load an existing CSR.
595 request = _load_cert(
596 os.path.join("x509", "requests", "rsa_sha1.pem"),
597 x509.load_pem_x509_csr,
598 backend
599 )
600
601 # Encode it to PEM and load it back.
602 request = x509.load_pem_x509_csr(request.public_bytes(
603 encoding=serialization.Encoding.PEM,
604 ), backend)
605
606 # We should recover what we had to start with.
607 assert isinstance(request.signature_hash_algorithm, hashes.SHA1)
608 public_key = request.public_key()
609 assert isinstance(public_key, rsa.RSAPublicKey)
610 subject = request.subject
611 assert isinstance(subject, x509.Name)
612 assert list(subject) == [
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]613 x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
614 x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Texas'),
615 x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Austin'),
616 x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'PyCA'),
617 x509.NameAttribute(x509.OID_COMMON_NAME, u'cryptography.io'),
Andre Caron476c5df2015-05-18 10:23:28 -0400[diff] [blame]618 ]
619
Andre Caronf27e4f42015-05-18 17:54:59 -0400[diff] [blame]620 def test_public_bytes_der(self, backend):
Andre Caron476c5df2015-05-18 10:23:28 -0400[diff] [blame]621 # Load an existing CSR.
622 request = _load_cert(
623 os.path.join("x509", "requests", "rsa_sha1.pem"),
624 x509.load_pem_x509_csr,
625 backend
626 )
627
628 # Encode it to DER and load it back.
629 request = x509.load_der_x509_csr(request.public_bytes(
630 encoding=serialization.Encoding.DER,
631 ), backend)
632
633 # We should recover what we had to start with.
634 assert isinstance(request.signature_hash_algorithm, hashes.SHA1)
635 public_key = request.public_key()
636 assert isinstance(public_key, rsa.RSAPublicKey)
637 subject = request.subject
638 assert isinstance(subject, x509.Name)
639 assert list(subject) == [
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]640 x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
641 x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Texas'),
642 x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Austin'),
643 x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'PyCA'),
644 x509.NameAttribute(x509.OID_COMMON_NAME, u'cryptography.io'),
Andre Caron476c5df2015-05-18 10:23:28 -0400[diff] [blame]645 ]
646
Andre Caronf27e4f42015-05-18 17:54:59 -0400[diff] [blame]647 def test_public_bytes_invalid_encoding(self, backend):
Andre Caron476c5df2015-05-18 10:23:28 -0400[diff] [blame]648 request = _load_cert(
649 os.path.join("x509", "requests", "rsa_sha1.pem"),
650 x509.load_pem_x509_csr,
651 backend
652 )
653
654 with pytest.raises(TypeError):
655 request.public_bytes('NotAnEncoding')
656
Andre Caronacb18972015-05-18 21:04:15 -0400[diff] [blame]657 @pytest.mark.parametrize(
658 ("request_path", "loader_func", "encoding"),
659 [
660 (
661 os.path.join("x509", "requests", "rsa_sha1.pem"),
662 x509.load_pem_x509_csr,
663 serialization.Encoding.PEM,
664 ),
665 (
666 os.path.join("x509", "requests", "rsa_sha1.der"),
667 x509.load_der_x509_csr,
668 serialization.Encoding.DER,
669 ),
670 ]
671 )
672 def test_public_bytes_match(self, request_path, loader_func, encoding,
673 backend):
674 request_bytes = load_vectors_from_file(
675 request_path, lambda pemfile: pemfile.read(), mode="rb"
676 )
677 request = loader_func(request_bytes, backend)
678 serialized = request.public_bytes(encoding)
679 assert serialized == request_bytes
680
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]681
682@pytest.mark.requires_backend_interface(interface=DSABackend)
683@pytest.mark.requires_backend_interface(interface=X509Backend)
Paul Kehrere76cd272014-12-14 19:00:51 -0600[diff] [blame]684class TestDSACertificate(object):
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]685 def test_load_dsa_cert(self, backend):
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]686 cert = _load_cert(
Paul Kehrer4903adc2014-12-13 16:57:50 -0600[diff] [blame]687 os.path.join("x509", "custom", "dsa_selfsigned_ca.pem"),
Paul Kehrer41120322014-12-02 18:31:14 -1000[diff] [blame]688 x509.load_pem_x509_certificate,
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]689 backend
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]690 )
Paul Kehrer8802a5b2015-02-13 12:06:57 -0600[diff] [blame]691 assert isinstance(cert.signature_hash_algorithm, hashes.SHA1)
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]692 public_key = cert.public_key()
Alex Gaynor32c57df2015-02-23 21:51:27 -0800[diff] [blame]693 assert isinstance(public_key, dsa.DSAPublicKey)
Alex Gaynorfcadda62015-03-10 10:01:18 -0400[diff] [blame]694 if isinstance(public_key, dsa.DSAPublicKeyWithSerialization):
Paul Kehrere76cd272014-12-14 19:00:51 -0600[diff] [blame]695 num = public_key.public_numbers()
696 assert num.y == int(
697 "4c08bfe5f2d76649c80acf7d431f6ae2124b217abc8c9f6aca776ddfa94"
698 "53b6656f13e543684cd5f6431a314377d2abfa068b7080cb8ddc065afc2"
699 "dea559f0b584c97a2b235b9b69b46bc6de1aed422a6f341832618bcaae2"
700 "198aba388099dafb05ff0b5efecb3b0ae169a62e1c72022af50ae68af3b"
701 "033c18e6eec1f7df4692c456ccafb79cc7e08da0a5786e9816ceda651d6"
702 "1b4bb7b81c2783da97cea62df67af5e85991fdc13aff10fc60e06586386"
703 "b96bb78d65750f542f86951e05a6d81baadbcd35a2e5cad4119923ae6a2"
704 "002091a3d17017f93c52970113cdc119970b9074ca506eac91c3dd37632"
705 "5df4af6b3911ef267d26623a5a1c5df4a6d13f1c", 16
706 )
707 assert num.parameter_numbers.g == int(
708 "4b7ced71dc353965ecc10d441a9a06fc24943a32d66429dd5ef44d43e67"
709 "d789d99770aec32c0415dc92970880872da45fef8dd1e115a3e4801387b"
710 "a6d755861f062fd3b6e9ea8e2641152339b828315b1528ee6c7b79458d2"
711 "1f3db973f6fc303f9397174c2799dd2351282aa2d8842c357a73495bbaa"
712 "c4932786414c55e60d73169f5761036fba29e9eebfb049f8a3b1b7cee6f"
713 "3fbfa136205f130bee2cf5b9c38dc1095d4006f2e73335c07352c64130a"
714 "1ab2b89f13b48f628d3cc3868beece9bb7beade9f830eacc6fa241425c0"
715 "b3fcc0df416a0c89f7bf35668d765ec95cdcfbe9caff49cfc156c668c76"
716 "fa6247676a6d3ac945844a083509c6a1b436baca", 16
717 )
718 assert num.parameter_numbers.p == int(
719 "bfade6048e373cd4e48b677e878c8e5b08c02102ae04eb2cb5c46a523a3"
720 "af1c73d16b24f34a4964781ae7e50500e21777754a670bd19a7420d6330"
721 "84e5556e33ca2c0e7d547ea5f46a07a01bf8669ae3bdec042d9b2ae5e6e"
722 "cf49f00ba9dac99ab6eff140d2cedf722ee62c2f9736857971444c25d0a"
723 "33d2017dc36d682a1054fe2a9428dda355a851ce6e6d61e03e419fd4ca4"
724 "e703313743d86caa885930f62ed5bf342d8165627681e9cc3244ba72aa2"
725 "2148400a6bbe80154e855d042c9dc2a3405f1e517be9dea50562f56da93"
726 "f6085f844a7e705c1f043e65751c583b80d29103e590ccb26efdaa0893d"
727 "833e36468f3907cfca788a3cb790f0341c8a31bf", 16
728 )
729 assert num.parameter_numbers.q == int(
730 "822ff5d234e073b901cf5941f58e1f538e71d40d", 16
731 )
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]732
Paul Kehrer1effb6e2015-03-30 15:05:59 -0500[diff] [blame]733 @pytest.mark.parametrize(
734 ("path", "loader_func"),
735 [
736 [
737 os.path.join("x509", "requests", "dsa_sha1.pem"),
738 x509.load_pem_x509_csr
739 ],
740 [
741 os.path.join("x509", "requests", "dsa_sha1.der"),
742 x509.load_der_x509_csr
743 ],
744 ]
745 )
746 def test_load_dsa_request(self, path, loader_func, backend):
747 request = _load_cert(path, loader_func, backend)
Paul Kehrerdc480ad2015-02-23 12:14:54 -0600[diff] [blame]748 assert isinstance(request.signature_hash_algorithm, hashes.SHA1)
749 public_key = request.public_key()
750 assert isinstance(public_key, dsa.DSAPublicKey)
751 subject = request.subject
752 assert isinstance(subject, x509.Name)
753 assert list(subject) == [
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]754 x509.NameAttribute(x509.OID_COMMON_NAME, u'cryptography.io'),
755 x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'PyCA'),
756 x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
757 x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Texas'),
758 x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Austin'),
Paul Kehrerdc480ad2015-02-23 12:14:54 -0600[diff] [blame]759 ]
760
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]761
762@pytest.mark.requires_backend_interface(interface=EllipticCurveBackend)
763@pytest.mark.requires_backend_interface(interface=X509Backend)
Paul Kehrere76cd272014-12-14 19:00:51 -0600[diff] [blame]764class TestECDSACertificate(object):
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]765 def test_load_ecdsa_cert(self, backend):
766 _skip_curve_unsupported(backend, ec.SECP384R1())
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]767 cert = _load_cert(
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]768 os.path.join("x509", "ecdsa_root.pem"),
Paul Kehrer41120322014-12-02 18:31:14 -1000[diff] [blame]769 x509.load_pem_x509_certificate,
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]770 backend
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]771 )
Paul Kehrer8802a5b2015-02-13 12:06:57 -0600[diff] [blame]772 assert isinstance(cert.signature_hash_algorithm, hashes.SHA384)
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]773 public_key = cert.public_key()
Alex Gaynor32c57df2015-02-23 21:51:27 -0800[diff] [blame]774 assert isinstance(public_key, ec.EllipticCurvePublicKey)
Alex Gaynorfcadda62015-03-10 10:01:18 -0400[diff] [blame]775 if isinstance(public_key, ec.EllipticCurvePublicKeyWithSerialization):
Paul Kehrere76cd272014-12-14 19:00:51 -0600[diff] [blame]776 num = public_key.public_numbers()
777 assert num.x == int(
778 "dda7d9bb8ab80bfb0b7f21d2f0bebe73f3335d1abc34eadec69bbcd095f"
779 "6f0ccd00bba615b51467e9e2d9fee8e630c17", 16
780 )
781 assert num.y == int(
782 "ec0770f5cf842e40839ce83f416d3badd3a4145936789d0343ee10136c7"
783 "2deae88a7a16bb543ce67dc23ff031ca3e23e", 16
784 )
785 assert isinstance(num.curve, ec.SECP384R1)
Paul Kehrer6c660a82014-12-12 11:50:44 -0600[diff] [blame]786
787 def test_load_ecdsa_no_named_curve(self, backend):
788 _skip_curve_unsupported(backend, ec.SECP256R1())
789 cert = _load_cert(
790 os.path.join("x509", "custom", "ec_no_named_curve.pem"),
791 x509.load_pem_x509_certificate,
792 backend
793 )
794 with pytest.raises(NotImplementedError):
795 cert.public_key()
Paul Kehrer912d3fb2015-01-29 11:19:22 -0600[diff] [blame]796
Paul Kehrer1effb6e2015-03-30 15:05:59 -0500[diff] [blame]797 @pytest.mark.parametrize(
798 ("path", "loader_func"),
799 [
800 [
801 os.path.join("x509", "requests", "ec_sha256.pem"),
802 x509.load_pem_x509_csr
803 ],
804 [
805 os.path.join("x509", "requests", "ec_sha256.der"),
806 x509.load_der_x509_csr
807 ],
808 ]
809 )
810 def test_load_ecdsa_certificate_request(self, path, loader_func, backend):
Paul Kehrerdc480ad2015-02-23 12:14:54 -0600[diff] [blame]811 _skip_curve_unsupported(backend, ec.SECP384R1())
Paul Kehrer1effb6e2015-03-30 15:05:59 -0500[diff] [blame]812 request = _load_cert(path, loader_func, backend)
Paul Kehrerdc480ad2015-02-23 12:14:54 -0600[diff] [blame]813 assert isinstance(request.signature_hash_algorithm, hashes.SHA256)
814 public_key = request.public_key()
815 assert isinstance(public_key, ec.EllipticCurvePublicKey)
816 subject = request.subject
817 assert isinstance(subject, x509.Name)
818 assert list(subject) == [
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]819 x509.NameAttribute(x509.OID_COMMON_NAME, u'cryptography.io'),
820 x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'PyCA'),
821 x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
822 x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Texas'),
823 x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Austin'),
Paul Kehrerdc480ad2015-02-23 12:14:54 -0600[diff] [blame]824 ]
825
Paul Kehrer912d3fb2015-01-29 11:19:22 -0600[diff] [blame]826
Paul Kehrer806bfb22015-02-02 17:05:24 -0600[diff] [blame]827class TestNameAttribute(object):
Alex Gaynora56ff412015-02-10 17:26:32 -0500[diff] [blame]828 def test_init_bad_oid(self):
829 with pytest.raises(TypeError):
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]830 x509.NameAttribute(None, u'value')
Alex Gaynora56ff412015-02-10 17:26:32 -0500[diff] [blame]831
Ian Cordasco7618fbe2015-06-16 19:12:17 -0500[diff] [blame]832 def test_init_bad_value(self):
833 with pytest.raises(TypeError):
834 x509.NameAttribute(
835 x509.ObjectIdentifier('oid'),
836 b'bytes'
837 )
838
Paul Kehrer912d3fb2015-01-29 11:19:22 -0600[diff] [blame]839 def test_eq(self):
Paul Kehrer806bfb22015-02-02 17:05:24 -0600[diff] [blame]840 assert x509.NameAttribute(
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]841 x509.ObjectIdentifier('oid'), u'value'
Paul Kehrer806bfb22015-02-02 17:05:24 -0600[diff] [blame]842 ) == x509.NameAttribute(
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]843 x509.ObjectIdentifier('oid'), u'value'
Paul Kehrer912d3fb2015-01-29 11:19:22 -0600[diff] [blame]844 )
845
846 def test_ne(self):
Paul Kehrer806bfb22015-02-02 17:05:24 -0600[diff] [blame]847 assert x509.NameAttribute(
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]848 x509.ObjectIdentifier('2.5.4.3'), u'value'
Paul Kehrer806bfb22015-02-02 17:05:24 -0600[diff] [blame]849 ) != x509.NameAttribute(
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]850 x509.ObjectIdentifier('2.5.4.5'), u'value'
Paul Kehrer912d3fb2015-01-29 11:19:22 -0600[diff] [blame]851 )
Paul Kehrer806bfb22015-02-02 17:05:24 -0600[diff] [blame]852 assert x509.NameAttribute(
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]853 x509.ObjectIdentifier('oid'), u'value'
Paul Kehrer806bfb22015-02-02 17:05:24 -0600[diff] [blame]854 ) != x509.NameAttribute(
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]855 x509.ObjectIdentifier('oid'), u'value2'
Paul Kehrer912d3fb2015-01-29 11:19:22 -0600[diff] [blame]856 )
Paul Kehrer806bfb22015-02-02 17:05:24 -0600[diff] [blame]857 assert x509.NameAttribute(
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]858 x509.ObjectIdentifier('oid'), u'value'
Paul Kehrer912d3fb2015-01-29 11:19:22 -0600[diff] [blame]859 ) != object()
860
Paul Kehrera498be82015-02-12 15:00:56 -0600[diff] [blame]861 def test_repr(self):
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]862 na = x509.NameAttribute(x509.ObjectIdentifier('2.5.4.3'), u'value')
Ian Cordascoa908d692015-06-16 21:35:24 -0500[diff] [blame]863 if six.PY3:
864 assert repr(na) == (
865 "<NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.3, name=commo"
866 "nName)>, value='value')>"
867 )
868 else:
869 assert repr(na) == (
870 "<NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.3, name=commo"
871 "nName)>, value=u'value')>"
872 )
Paul Kehrera498be82015-02-12 15:00:56 -0600[diff] [blame]873
Paul Kehrer912d3fb2015-01-29 11:19:22 -0600[diff] [blame]874
875class TestObjectIdentifier(object):
876 def test_eq(self):
Paul Kehrer806bfb22015-02-02 17:05:24 -0600[diff] [blame]877 oid1 = x509.ObjectIdentifier('oid')
878 oid2 = x509.ObjectIdentifier('oid')
Paul Kehrer912d3fb2015-01-29 11:19:22 -0600[diff] [blame]879 assert oid1 == oid2
880
881 def test_ne(self):
Paul Kehrer806bfb22015-02-02 17:05:24 -0600[diff] [blame]882 oid1 = x509.ObjectIdentifier('oid')
883 assert oid1 != x509.ObjectIdentifier('oid1')
Paul Kehrer912d3fb2015-01-29 11:19:22 -0600[diff] [blame]884 assert oid1 != object()
885
886 def test_repr(self):
Paul Kehrer806bfb22015-02-02 17:05:24 -0600[diff] [blame]887 oid = x509.ObjectIdentifier("2.5.4.3")
888 assert repr(oid) == "<ObjectIdentifier(oid=2.5.4.3, name=commonName)>"
889 oid = x509.ObjectIdentifier("oid1")
890 assert repr(oid) == "<ObjectIdentifier(oid=oid1, name=Unknown OID)>"
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]891
892
893class TestName(object):
894 def test_eq(self):
895 name1 = x509.Name([
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]896 x509.NameAttribute(x509.ObjectIdentifier('oid'), u'value1'),
897 x509.NameAttribute(x509.ObjectIdentifier('oid2'), u'value2'),
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]898 ])
899 name2 = x509.Name([
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]900 x509.NameAttribute(x509.ObjectIdentifier('oid'), u'value1'),
901 x509.NameAttribute(x509.ObjectIdentifier('oid2'), u'value2'),
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]902 ])
903 assert name1 == name2
904
905 def test_ne(self):
906 name1 = x509.Name([
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]907 x509.NameAttribute(x509.ObjectIdentifier('oid'), u'value1'),
908 x509.NameAttribute(x509.ObjectIdentifier('oid2'), u'value2'),
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]909 ])
910 name2 = x509.Name([
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]911 x509.NameAttribute(x509.ObjectIdentifier('oid2'), u'value2'),
912 x509.NameAttribute(x509.ObjectIdentifier('oid'), u'value1'),
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]913 ])
914 assert name1 != name2
915 assert name1 != object()
Paul Kehrer1fb35c92015-04-11 15:42:54 -0400[diff] [blame]916
917 def test_repr(self):
918 name = x509.Name([
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]919 x509.NameAttribute(x509.OID_COMMON_NAME, u'cryptography.io'),
920 x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'PyCA'),
Paul Kehrer1fb35c92015-04-11 15:42:54 -0400[diff] [blame]921 ])
922
Ian Cordascoa908d692015-06-16 21:35:24 -0500[diff] [blame]923 if six.PY3:
924 assert repr(name) == (
925 "<Name([<NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.3, name"
926 "=commonName)>, value='cryptography.io')>, <NameAttribute(oid="
927 "<ObjectIdentifier(oid=2.5.4.10, name=organizationName)>, valu"
928 "e='PyCA')>])>"
929 )
930 else:
931 assert repr(name) == (
932 "<Name([<NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.3, name"
933 "=commonName)>, value=u'cryptography.io')>, <NameAttribute(oid"
934 "=<ObjectIdentifier(oid=2.5.4.10, name=organizationName)>, val"
935 "ue=u'PyCA')>])>"
936 )