| Paul Kehrer | 016e08a | 2014-11-26 09:41:18 -1000 | [diff] [blame^] | 1 | # This file is dual licensed under the terms of the Apache License, Version |
| 2 | # 2.0, and the BSD License. See the LICENSE file in the root of this repository |
| 3 | # for complete details. |
| 4 | |
| 5 | from __future__ import absolute_import, division, print_function |
| 6 | |
| 7 | import base64 |
| 8 | import datetime |
| 9 | import os |
| 10 | import textwrap |
| 11 | |
| 12 | import pytest |
| 13 | |
| 14 | from cryptography import x509 |
| 15 | from cryptography.hazmat.backends.interfaces import RSABackend, X509Backend |
| 16 | from cryptography.hazmat.primitives import interfaces |
| 17 | |
| 18 | from .hazmat.primitives.utils import load_vectors_from_file |
| 19 | |
| 20 | |
| 21 | def _der_to_pem(data): |
| 22 | lines = textwrap.wrap(base64.b64encode(data), 64) |
| 23 | return ( |
| 24 | "-----BEGIN CERTIFICATE-----\n" + |
| 25 | "\n".join(lines) + |
| 26 | "\n-----END CERTIFICATE-----" |
| 27 | ) |
| 28 | |
| 29 | |
| 30 | def _load_der_cert(name, backend): |
| 31 | cert = load_vectors_from_file( |
| 32 | os.path.join( |
| 33 | "x509", "PKITS_data", "certs", name), |
| 34 | lambda pemfile: x509.load_der_x509_certificate( |
| 35 | pemfile.read(), backend |
| 36 | ) |
| 37 | ) |
| 38 | return cert |
| 39 | |
| 40 | |
| 41 | @pytest.mark.requires_backend_interface(interface=RSABackend) |
| 42 | @pytest.mark.requires_backend_interface(interface=X509Backend) |
| 43 | class TestX509Certificate(object): |
| 44 | def test_load_good_ca_cert(self, backend): |
| 45 | cert = _load_der_cert("GoodCACert.crt", backend) |
| 46 | |
| 47 | assert cert |
| 48 | assert cert.not_before == datetime.datetime(2010, 1, 1, 8, 30) |
| 49 | assert cert.not_after == datetime.datetime(2030, 12, 31, 8, 30) |
| 50 | assert cert.serial == 2 |
| 51 | public_key = cert.public_key() |
| 52 | assert isinstance(public_key, interfaces.RSAPublicKey) |
| 53 | assert cert.version == x509.X509Version.v3 |
| 54 | |
| 55 | def test_pre_2000_utc_not_before_cert(self, backend): |
| 56 | cert = _load_der_cert( |
| 57 | "Validpre2000UTCnotBeforeDateTest3EE.crt", |
| 58 | backend |
| 59 | ) |
| 60 | |
| 61 | assert cert |
| 62 | assert cert.not_before == datetime.datetime(1950, 1, 1, 12, 1) |
| 63 | assert cert.not_after == datetime.datetime(2030, 12, 31, 8, 30) |
| 64 | assert cert.version == x509.X509Version.v3 |
| 65 | |
| 66 | def test_generalized_time_not_before_cert(self, backend): |
| 67 | cert = _load_der_cert( |
| 68 | "ValidGeneralizedTimenotBeforeDateTest4EE.crt", |
| 69 | backend |
| 70 | ) |
| 71 | |
| 72 | assert cert |
| 73 | assert cert.not_before == datetime.datetime(2002, 1, 1, 12, 1) |
| 74 | assert cert.not_after == datetime.datetime(2030, 12, 31, 8, 30) |
| 75 | assert cert.version == x509.X509Version.v3 |
| 76 | |
| 77 | def test_generalized_time_not_after_cert(self, backend): |
| 78 | cert = _load_der_cert( |
| 79 | "ValidGeneralizedTimenotAfterDateTest8EE.crt", |
| 80 | backend |
| 81 | ) |
| 82 | assert cert |
| 83 | assert cert.not_before == datetime.datetime(2010, 1, 1, 8, 30) |
| 84 | assert cert.not_after == datetime.datetime(2050, 1, 1, 12, 1) |
| 85 | assert cert.version == x509.X509Version.v3 |