Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cryptography / a68fd33ca8518a734b655457eca9ab28ccbcb7bb / . / tests / test_x509.py
blob: df27f8d01947556ffb9d24a43bc637d66cd93952 [file] [log] [blame]
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]1# This file is dual licensed under the terms of the Apache License, Version
2# 2.0, and the BSD License. See the LICENSE file in the root of this repository
3# for complete details.
4
5from __future__ import absolute_import, division, print_function
6
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]7import datetime
8import os
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]9
10import pytest
11
12from cryptography import x509
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]13from cryptography.hazmat.backends.interfaces import (
14 DSABackend, EllipticCurveBackend, RSABackend, X509Backend
15)
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]16from cryptography.hazmat.primitives import interfaces
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]17from cryptography.hazmat.primitives.asymmetric import ec
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]18
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]19from .hazmat.primitives.test_ec import _skip_curve_unsupported
Paul Kehrera9d78c12014-11-26 10:59:03 -1000[diff] [blame]20from .utils import load_vectors_from_file
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]21
22
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]23def _load_der_cert(name, backend):
24 cert = load_vectors_from_file(
25 os.path.join(
26 "x509", "PKITS_data", "certs", name),
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]27 lambda derfile: x509.load_der_x509_certificate(
28 derfile.read(), backend
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]29 )
30 )
31 return cert
32
33
34@pytest.mark.requires_backend_interface(interface=RSABackend)
35@pytest.mark.requires_backend_interface(interface=X509Backend)
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]36class TestRSAX509Certificate(object):
37 def test_load_pem_cert(self, backend):
38 cert = load_vectors_from_file(
39 os.path.join(
40 "x509", "custom", "post2000utctime.pem"),
41 lambda pemfile: x509.load_pem_x509_certificate(
42 pemfile.read(), backend
43 )
44 )
Paul Kehrera68fd332014-11-27 07:08:40 -1000[diff] [blame^]45 assert isinstance(cert, interfaces.X509Certificate)
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]46
47 def test_load_der_cert(self, backend):
48 cert = load_vectors_from_file(
49 os.path.join(
50 "x509", "PKITS_data", "certs", "GoodCACert.crt"),
51 lambda derfile: x509.load_der_x509_certificate(
52 derfile.read(), backend
53 )
54 )
Paul Kehrera68fd332014-11-27 07:08:40 -1000[diff] [blame^]55 assert isinstance(cert, interfaces.X509Certificate)
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]56
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]57 def test_load_good_ca_cert(self, backend):
58 cert = _load_der_cert("GoodCACert.crt", backend)
59
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]60 assert cert.not_before == datetime.datetime(2010, 1, 1, 8, 30)
61 assert cert.not_after == datetime.datetime(2030, 12, 31, 8, 30)
62 assert cert.serial == 2
63 public_key = cert.public_key()
64 assert isinstance(public_key, interfaces.RSAPublicKey)
65 assert cert.version == x509.X509Version.v3
66
Paul Kehrer1eb5b862014-11-26 11:44:03 -1000[diff] [blame]67 def test_utc_pre_2000_not_before_cert(self, backend):
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]68 cert = _load_der_cert(
69 "Validpre2000UTCnotBeforeDateTest3EE.crt",
70 backend
71 )
72
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]73 assert cert.not_before == datetime.datetime(1950, 1, 1, 12, 1)
Paul Kehrer1eb5b862014-11-26 11:44:03 -1000[diff] [blame]74
75 def test_pre_2000_utc_not_after_cert(self, backend):
76 cert = _load_der_cert(
77 "Invalidpre2000UTCEEnotAfterDateTest7EE.crt",
78 backend
79 )
80
81 assert cert.not_after == datetime.datetime(1999, 1, 1, 12, 1)
82
83 def test_post_2000_utc_cert(self, backend):
84 cert = load_vectors_from_file(
85 os.path.join("x509", "custom", "post2000utctime.pem"),
86 lambda pemfile: x509.load_pem_x509_certificate(
87 pemfile.read(), backend
88 )
89 )
90 assert cert.not_before == datetime.datetime(2014, 11, 26, 21, 41, 20)
91 assert cert.not_after == datetime.datetime(2014, 12, 26, 21, 41, 20)
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]92
93 def test_generalized_time_not_before_cert(self, backend):
94 cert = _load_der_cert(
95 "ValidGeneralizedTimenotBeforeDateTest4EE.crt",
96 backend
97 )
98
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]99 assert cert.not_before == datetime.datetime(2002, 1, 1, 12, 1)
100 assert cert.not_after == datetime.datetime(2030, 12, 31, 8, 30)
101 assert cert.version == x509.X509Version.v3
102
103 def test_generalized_time_not_after_cert(self, backend):
104 cert = _load_der_cert(
105 "ValidGeneralizedTimenotAfterDateTest8EE.crt",
106 backend
107 )
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]108 assert cert.not_before == datetime.datetime(2010, 1, 1, 8, 30)
109 assert cert.not_after == datetime.datetime(2050, 1, 1, 12, 1)
110 assert cert.version == x509.X509Version.v3
Paul Kehrera9d78c12014-11-26 10:59:03 -1000[diff] [blame]111
112 def test_invalid_version_cert(self, backend):
113 cert = load_vectors_from_file(
114 os.path.join("x509", "custom", "invalid_version.pem"),
115 lambda pemfile: x509.load_pem_x509_certificate(
116 pemfile.read(), backend
117 )
118 )
Paul Kehrera68fd332014-11-27 07:08:40 -1000[diff] [blame^]119 with pytest.raises(x509.InvalidX509Version):
Paul Kehrera9d78c12014-11-26 10:59:03 -1000[diff] [blame]120 cert.version
Paul Kehrer30c5ccd2014-11-26 11:10:28 -1000[diff] [blame]121
122 def test_version_1_cert(self, backend):
123 cert = load_vectors_from_file(
124 os.path.join("x509", "v1_cert.pem"),
125 lambda pemfile: x509.load_pem_x509_certificate(
126 pemfile.read(), backend
127 )
128 )
129 assert cert.version == x509.X509Version.v1
Paul Kehrer7638c312014-11-26 11:13:31 -1000[diff] [blame]130
131 def test_invalid_pem(self, backend):
132 with pytest.raises(ValueError):
133 x509.load_pem_x509_certificate(b"notacert", backend)
134
135 def test_invalid_der(self, backend):
136 with pytest.raises(ValueError):
137 x509.load_der_x509_certificate(b"notacert", backend)
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]138
139
140@pytest.mark.requires_backend_interface(interface=DSABackend)
141@pytest.mark.requires_backend_interface(interface=X509Backend)
142class TestDSAX509Certificate(object):
143 def test_load_dsa_cert(self, backend):
144 cert = load_vectors_from_file(
145 os.path.join("x509", "custom", "dsa_root.pem"),
146 lambda pemfile: x509.load_pem_x509_certificate(
147 pemfile.read(), backend
148 )
149 )
150 public_key = cert.public_key()
151 assert isinstance(public_key, interfaces.DSAPublicKey)
152
153
154@pytest.mark.requires_backend_interface(interface=EllipticCurveBackend)
155@pytest.mark.requires_backend_interface(interface=X509Backend)
156class TestECDSAX509Certificate(object):
157 def test_load_ecdsa_cert(self, backend):
158 _skip_curve_unsupported(backend, ec.SECP384R1())
159 cert = load_vectors_from_file(
160 os.path.join("x509", "ecdsa_root.pem"),
161 lambda pemfile: x509.load_pem_x509_certificate(
162 pemfile.read(), backend
163 )
164 )
165 public_key = cert.public_key()
166 assert isinstance(public_key, interfaces.EllipticCurvePublicKey)