Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cryptography / f1ef351362da9913f53fec73b68e188533036b4e / . / tests / test_x509.py
blob: f50a82ae278e9c4adddcec39576fa2e0e7db8e80 [file] [log] [blame]
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]1# This file is dual licensed under the terms of the Apache License, Version
2# 2.0, and the BSD License. See the LICENSE file in the root of this repository
3# for complete details.
4
5from __future__ import absolute_import, division, print_function
6
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]7import datetime
8import os
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]9
10import pytest
11
12from cryptography import x509
Paul Kehrera9d78c12014-11-26 10:59:03 -1000[diff] [blame]13from cryptography.exceptions import InvalidX509Version
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame^]14from cryptography.hazmat.backends.interfaces import (
15 DSABackend, EllipticCurveBackend, RSABackend, X509Backend
16)
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]17from cryptography.hazmat.primitives import interfaces
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame^]18from cryptography.hazmat.primitives.asymmetric import ec
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]19
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame^]20from .hazmat.primitives.test_ec import _skip_curve_unsupported
Paul Kehrera9d78c12014-11-26 10:59:03 -1000[diff] [blame]21from .utils import load_vectors_from_file
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]22
23
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]24def _load_der_cert(name, backend):
25 cert = load_vectors_from_file(
26 os.path.join(
27 "x509", "PKITS_data", "certs", name),
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame^]28 lambda derfile: x509.load_der_x509_certificate(
29 derfile.read(), backend
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]30 )
31 )
32 return cert
33
34
35@pytest.mark.requires_backend_interface(interface=RSABackend)
36@pytest.mark.requires_backend_interface(interface=X509Backend)
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame^]37class TestRSAX509Certificate(object):
38 def test_load_pem_cert(self, backend):
39 cert = load_vectors_from_file(
40 os.path.join(
41 "x509", "custom", "post2000utctime.pem"),
42 lambda pemfile: x509.load_pem_x509_certificate(
43 pemfile.read(), backend
44 )
45 )
46 assert cert
47
48 def test_load_der_cert(self, backend):
49 cert = load_vectors_from_file(
50 os.path.join(
51 "x509", "PKITS_data", "certs", "GoodCACert.crt"),
52 lambda derfile: x509.load_der_x509_certificate(
53 derfile.read(), backend
54 )
55 )
56 assert cert
57
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]58 def test_load_good_ca_cert(self, backend):
59 cert = _load_der_cert("GoodCACert.crt", backend)
60
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]61 assert cert.not_before == datetime.datetime(2010, 1, 1, 8, 30)
62 assert cert.not_after == datetime.datetime(2030, 12, 31, 8, 30)
63 assert cert.serial == 2
64 public_key = cert.public_key()
65 assert isinstance(public_key, interfaces.RSAPublicKey)
66 assert cert.version == x509.X509Version.v3
67
Paul Kehrer1eb5b862014-11-26 11:44:03 -1000[diff] [blame]68 def test_utc_pre_2000_not_before_cert(self, backend):
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]69 cert = _load_der_cert(
70 "Validpre2000UTCnotBeforeDateTest3EE.crt",
71 backend
72 )
73
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]74 assert cert.not_before == datetime.datetime(1950, 1, 1, 12, 1)
Paul Kehrer1eb5b862014-11-26 11:44:03 -1000[diff] [blame]75
76 def test_pre_2000_utc_not_after_cert(self, backend):
77 cert = _load_der_cert(
78 "Invalidpre2000UTCEEnotAfterDateTest7EE.crt",
79 backend
80 )
81
82 assert cert.not_after == datetime.datetime(1999, 1, 1, 12, 1)
83
84 def test_post_2000_utc_cert(self, backend):
85 cert = load_vectors_from_file(
86 os.path.join("x509", "custom", "post2000utctime.pem"),
87 lambda pemfile: x509.load_pem_x509_certificate(
88 pemfile.read(), backend
89 )
90 )
91 assert cert.not_before == datetime.datetime(2014, 11, 26, 21, 41, 20)
92 assert cert.not_after == datetime.datetime(2014, 12, 26, 21, 41, 20)
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]93
94 def test_generalized_time_not_before_cert(self, backend):
95 cert = _load_der_cert(
96 "ValidGeneralizedTimenotBeforeDateTest4EE.crt",
97 backend
98 )
99
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]100 assert cert.not_before == datetime.datetime(2002, 1, 1, 12, 1)
101 assert cert.not_after == datetime.datetime(2030, 12, 31, 8, 30)
102 assert cert.version == x509.X509Version.v3
103
104 def test_generalized_time_not_after_cert(self, backend):
105 cert = _load_der_cert(
106 "ValidGeneralizedTimenotAfterDateTest8EE.crt",
107 backend
108 )
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]109 assert cert.not_before == datetime.datetime(2010, 1, 1, 8, 30)
110 assert cert.not_after == datetime.datetime(2050, 1, 1, 12, 1)
111 assert cert.version == x509.X509Version.v3
Paul Kehrera9d78c12014-11-26 10:59:03 -1000[diff] [blame]112
113 def test_invalid_version_cert(self, backend):
114 cert = load_vectors_from_file(
115 os.path.join("x509", "custom", "invalid_version.pem"),
116 lambda pemfile: x509.load_pem_x509_certificate(
117 pemfile.read(), backend
118 )
119 )
120 with pytest.raises(InvalidX509Version):
121 cert.version
Paul Kehrer30c5ccd2014-11-26 11:10:28 -1000[diff] [blame]122
123 def test_version_1_cert(self, backend):
124 cert = load_vectors_from_file(
125 os.path.join("x509", "v1_cert.pem"),
126 lambda pemfile: x509.load_pem_x509_certificate(
127 pemfile.read(), backend
128 )
129 )
130 assert cert.version == x509.X509Version.v1
Paul Kehrer7638c312014-11-26 11:13:31 -1000[diff] [blame]131
132 def test_invalid_pem(self, backend):
133 with pytest.raises(ValueError):
134 x509.load_pem_x509_certificate(b"notacert", backend)
135
136 def test_invalid_der(self, backend):
137 with pytest.raises(ValueError):
138 x509.load_der_x509_certificate(b"notacert", backend)
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame^]139
140
141@pytest.mark.requires_backend_interface(interface=DSABackend)
142@pytest.mark.requires_backend_interface(interface=X509Backend)
143class TestDSAX509Certificate(object):
144 def test_load_dsa_cert(self, backend):
145 cert = load_vectors_from_file(
146 os.path.join("x509", "custom", "dsa_root.pem"),
147 lambda pemfile: x509.load_pem_x509_certificate(
148 pemfile.read(), backend
149 )
150 )
151 public_key = cert.public_key()
152 assert isinstance(public_key, interfaces.DSAPublicKey)
153
154
155@pytest.mark.requires_backend_interface(interface=EllipticCurveBackend)
156@pytest.mark.requires_backend_interface(interface=X509Backend)
157class TestECDSAX509Certificate(object):
158 def test_load_ecdsa_cert(self, backend):
159 _skip_curve_unsupported(backend, ec.SECP384R1())
160 cert = load_vectors_from_file(
161 os.path.join("x509", "ecdsa_root.pem"),
162 lambda pemfile: x509.load_pem_x509_certificate(
163 pemfile.read(), backend
164 )
165 )
166 public_key = cert.public_key()
167 assert isinstance(public_key, interfaces.EllipticCurvePublicKey)