Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cryptography / 2e879745596f4d0affec6b65f759a1082eefd040 / . / tests / test_x509_ext.py
blob: c6303432770e325500189086f1fa0697b2aa2260 [file] [log] [blame]
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]1# This file is dual licensed under the terms of the Apache License, Version
2# 2.0, and the BSD License. See the LICENSE file in the root of this repository
3# for complete details.
4
5from __future__ import absolute_import, division, print_function
6
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]7import binascii
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]8import ipaddress
Paul Kehrerfbb7ac82015-03-16 19:26:29 -0500[diff] [blame]9import os
10
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]11import pytest
12
Paul Kehrercbfb1012015-04-10 20:57:20 -0400[diff] [blame]13import six
14
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]15from cryptography import x509
Paul Kehrerfbb7ac82015-03-16 19:26:29 -0500[diff] [blame]16from cryptography.hazmat.backends.interfaces import RSABackend, X509Backend
17
18from .test_x509 import _load_cert
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]19
20
Paul Kehrer85894662015-03-22 13:19:31 -0500[diff] [blame]21class TestExtension(object):
22 def test_not_an_oid(self):
Paul Kehrera5c6e9a2015-03-23 19:23:43 -0500[diff] [blame]23 bc = x509.BasicConstraints(ca=False, path_length=None)
Paul Kehrer85894662015-03-22 13:19:31 -0500[diff] [blame]24 with pytest.raises(TypeError):
25 x509.Extension("notanoid", True, bc)
26
27 def test_critical_not_a_bool(self):
Paul Kehrera5c6e9a2015-03-23 19:23:43 -0500[diff] [blame]28 bc = x509.BasicConstraints(ca=False, path_length=None)
Paul Kehrer85894662015-03-22 13:19:31 -0500[diff] [blame]29 with pytest.raises(TypeError):
30 x509.Extension(x509.OID_BASIC_CONSTRAINTS, "notabool", bc)
31
32 def test_repr(self):
Paul Kehrera5c6e9a2015-03-23 19:23:43 -0500[diff] [blame]33 bc = x509.BasicConstraints(ca=False, path_length=None)
Paul Kehrer85894662015-03-22 13:19:31 -0500[diff] [blame]34 ext = x509.Extension(x509.OID_BASIC_CONSTRAINTS, True, bc)
35 assert repr(ext) == (
36 "<Extension(oid=<ObjectIdentifier(oid=2.5.29.19, name=basicConst"
37 "raints)>, critical=True, value=<BasicConstraints(ca=False, path"
38 "_length=None)>)>"
39 )
40
41
Paul Kehrer2b622582015-04-15 11:04:29 -0400[diff] [blame]42class TestNoticeReference(object):
43 def test_notice_numbers_not_all_int(self):
44 with pytest.raises(TypeError):
45 x509.NoticeReference("org", [1, 2, "three"])
46
47 def test_notice_numbers_none(self):
48 nr = x509.NoticeReference("org", None)
49 assert nr.organization == "org"
50 assert nr.notice_numbers is None
51
52 def test_repr(self):
53 nr = x509.NoticeReference("org", [1, 3, 4])
54
55 assert repr(nr) == (
56 "<NoticeReference(organization=org, notice_numbers=[1, 3, 4])>"
57 )
58
59
60class TestUserNotice(object):
61 def test_notice_reference_invalid(self):
62 with pytest.raises(TypeError):
63 x509.UserNotice("invalid", None)
64
65 def test_notice_reference_none(self):
66 un = x509.UserNotice(None, "text")
67 assert un.notice_reference is None
68 assert un.explicit_text == "text"
69
70 def test_repr(self):
71 un = x509.UserNotice(x509.NoticeReference("org", None), "text")
72 assert repr(un) == (
73 "<UserNotice(notice_reference=<NoticeReference(organization=org, "
74 "notice_numbers=None)>, explicit_text=text)>"
75 )
76
77
78class TestPolicyQualifierInfo(object):
79 def test_invalid_qualifier(self):
80 with pytest.raises(ValueError):
81 x509.PolicyQualifierInfo(None)
82
83 def test_string_qualifier(self):
84 pqi = x509.PolicyQualifierInfo("1.2.3")
85 assert pqi.policy_qualifier_id == x509.OID_CPS_QUALIFIER
86 assert pqi.qualifier == "1.2.3"
87
88 def test_user_notice_qualifier(self):
89 pqi = x509.PolicyQualifierInfo(x509.UserNotice(None, "text"))
90 assert pqi.policy_qualifier_id == x509.OID_CPS_USER_NOTICE
91 assert isinstance(pqi.qualifier, x509.UserNotice)
92
93 def test_repr(self):
94 pqi = x509.PolicyQualifierInfo("1.2.3.4")
95 assert repr(pqi) == (
96 "<PolicyQualifierInfo(policy_qualifier_id=<ObjectIdentifier(oid=1."
97 "3.6.1.5.5.7.2.1, name=id-qt-cps)>, qualifier=1.2.3.4)>"
98 )
99
100
101class TestPolicyInformation(object):
102 def test_invalid_policy_identifier(self):
103 with pytest.raises(TypeError):
104 x509.PolicyInformation("notanoid", None)
105
106 def test_none_policy_qualifiers(self):
107 pi = x509.PolicyInformation(x509.ObjectIdentifier("1.2.3"), None)
108 assert pi.policy_identifier == x509.ObjectIdentifier("1.2.3")
109 assert pi.policy_qualifiers is None
110
111 def test_policy_qualifiers(self):
112 pq = [x509.PolicyQualifierInfo("string")]
113 pi = x509.PolicyInformation(x509.ObjectIdentifier("1.2.3"), pq)
114 assert pi.policy_identifier == x509.ObjectIdentifier("1.2.3")
115 assert pi.policy_qualifiers == pq
116
117 def test_invalid_policy_identifiers(self):
118 with pytest.raises(TypeError):
119 x509.PolicyInformation(x509.ObjectIdentifier("1.2.3"), [1, 2])
120
121 def test_repr(self):
122 pq = [x509.PolicyQualifierInfo("string")]
123 pi = x509.PolicyInformation(x509.ObjectIdentifier("1.2.3"), pq)
124 assert repr(pi) == (
125 "<PolicyInformation(policy_identifier=<ObjectIdentifier(oid=1.2.3,"
126 " name=Unknown OID)>, policy_qualifiers=[<PolicyQualifierInfo(poli"
127 "cy_qualifier_id=<ObjectIdentifier(oid=1.3.6.1.5.5.7.2.1, name=id-"
128 "qt-cps)>, qualifier=string)>])>"
129 )
130
131
132class TestCertificatePolicies(object):
133 def test_invalid_policies(self):
134 pq = [x509.PolicyQualifierInfo("string")]
135 pi = x509.PolicyInformation(x509.ObjectIdentifier("1.2.3"), pq)
136 with pytest.raises(TypeError):
137 x509.CertificatePolicies([1, pi])
138
139 def test_iter_len(self):
140 pq = [x509.PolicyQualifierInfo("string")]
141 pi = x509.PolicyInformation(x509.ObjectIdentifier("1.2.3"), pq)
142 cp = x509.CertificatePolicies([pi])
143 assert len(cp) == 1
144 for policyinfo in cp:
145 assert policyinfo == pi
146
147 def test_repr(self):
148 pq = [x509.PolicyQualifierInfo("string")]
149 pi = x509.PolicyInformation(x509.ObjectIdentifier("1.2.3"), pq)
150 cp = x509.CertificatePolicies([pi])
151 assert repr(cp) == (
152 "<CertificatePolicies([<PolicyInformation(policy_identifier=<Objec"
153 "tIdentifier(oid=1.2.3, name=Unknown OID)>, policy_qualifiers=[<Po"
154 "licyQualifierInfo(policy_qualifier_id=<ObjectIdentifier(oid=1.3.6"
155 ".1.5.5.7.2.1, name=id-qt-cps)>, qualifier=string)>])>])>"
156 )
157
158
Paul Kehrercecbbba2015-03-30 14:58:38 -0500[diff] [blame]159class TestKeyUsage(object):
160 def test_key_agreement_false_encipher_decipher_true(self):
161 with pytest.raises(ValueError):
162 x509.KeyUsage(
163 digital_signature=False,
164 content_commitment=False,
165 key_encipherment=False,
166 data_encipherment=False,
167 key_agreement=False,
168 key_cert_sign=False,
169 crl_sign=False,
170 encipher_only=True,
171 decipher_only=False
172 )
173
174 with pytest.raises(ValueError):
175 x509.KeyUsage(
176 digital_signature=False,
177 content_commitment=False,
178 key_encipherment=False,
179 data_encipherment=False,
180 key_agreement=False,
181 key_cert_sign=False,
182 crl_sign=False,
183 encipher_only=True,
184 decipher_only=True
185 )
186
187 with pytest.raises(ValueError):
188 x509.KeyUsage(
189 digital_signature=False,
190 content_commitment=False,
191 key_encipherment=False,
192 data_encipherment=False,
193 key_agreement=False,
194 key_cert_sign=False,
195 crl_sign=False,
196 encipher_only=False,
197 decipher_only=True
198 )
199
200 def test_properties_key_agreement_true(self):
201 ku = x509.KeyUsage(
202 digital_signature=True,
203 content_commitment=True,
204 key_encipherment=False,
205 data_encipherment=False,
206 key_agreement=False,
207 key_cert_sign=True,
208 crl_sign=False,
209 encipher_only=False,
210 decipher_only=False
211 )
212 assert ku.digital_signature is True
213 assert ku.content_commitment is True
214 assert ku.key_encipherment is False
215 assert ku.data_encipherment is False
216 assert ku.key_agreement is False
217 assert ku.key_cert_sign is True
218 assert ku.crl_sign is False
219
220 def test_key_agreement_true_properties(self):
221 ku = x509.KeyUsage(
222 digital_signature=False,
223 content_commitment=False,
224 key_encipherment=False,
225 data_encipherment=False,
226 key_agreement=True,
227 key_cert_sign=False,
228 crl_sign=False,
229 encipher_only=False,
230 decipher_only=True
231 )
232 assert ku.key_agreement is True
233 assert ku.encipher_only is False
234 assert ku.decipher_only is True
235
236 def test_key_agreement_false_properties(self):
237 ku = x509.KeyUsage(
238 digital_signature=False,
239 content_commitment=False,
240 key_encipherment=False,
241 data_encipherment=False,
242 key_agreement=False,
243 key_cert_sign=False,
244 crl_sign=False,
245 encipher_only=False,
246 decipher_only=False
247 )
248 assert ku.key_agreement is False
249 with pytest.raises(ValueError):
250 ku.encipher_only
251
252 with pytest.raises(ValueError):
253 ku.decipher_only
254
Paul Kehrerac3e5bb2015-04-02 23:07:10 -0500[diff] [blame]255 def test_repr_key_agreement_false(self):
256 ku = x509.KeyUsage(
257 digital_signature=True,
258 content_commitment=True,
259 key_encipherment=False,
260 data_encipherment=False,
261 key_agreement=False,
262 key_cert_sign=True,
263 crl_sign=False,
264 encipher_only=False,
265 decipher_only=False
266 )
267 assert repr(ku) == (
268 "<KeyUsage(digital_signature=True, content_commitment=True, key_en"
269 "cipherment=False, data_encipherment=False, key_agreement=False, k"
Paul Kehrerb372e672015-04-15 11:05:24 -0400[diff] [blame]270 "ey_cert_sign=True, crl_sign=False, encipher_only=None, decipher_o"
271 "nly=None)>"
Paul Kehrerac3e5bb2015-04-02 23:07:10 -0500[diff] [blame]272 )
273
274 def test_repr_key_agreement_true(self):
275 ku = x509.KeyUsage(
276 digital_signature=True,
277 content_commitment=True,
278 key_encipherment=False,
279 data_encipherment=False,
280 key_agreement=True,
281 key_cert_sign=True,
282 crl_sign=False,
283 encipher_only=False,
284 decipher_only=False
285 )
286 assert repr(ku) == (
287 "<KeyUsage(digital_signature=True, content_commitment=True, key_en"
288 "cipherment=False, data_encipherment=False, key_agreement=True, k"
289 "ey_cert_sign=True, crl_sign=False, encipher_only=False, decipher_"
290 "only=False)>"
291 )
292
Paul Kehrercecbbba2015-03-30 14:58:38 -0500[diff] [blame]293
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]294class TestSubjectKeyIdentifier(object):
295 def test_properties(self):
Paul Kehrercbfb1012015-04-10 20:57:20 -0400[diff] [blame]296 value = binascii.unhexlify(b"092384932230498bc980aa8098456f6ff7ff3ac9")
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]297 ski = x509.SubjectKeyIdentifier(value)
298 assert ski.digest == value
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]299
300 def test_repr(self):
301 ski = x509.SubjectKeyIdentifier(
Paul Kehreree997262015-04-04 12:20:28 -0500[diff] [blame]302 binascii.unhexlify(b"092384932230498bc980aa8098456f6ff7ff3ac9")
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]303 )
304 ext = x509.Extension(x509.OID_SUBJECT_KEY_IDENTIFIER, False, ski)
Paul Kehrercbfb1012015-04-10 20:57:20 -0400[diff] [blame]305 if six.PY3:
306 assert repr(ext) == (
307 "<Extension(oid=<ObjectIdentifier(oid=2.5.29.14, name=subjectK"
308 "eyIdentifier)>, critical=False, value=<SubjectKeyIdentifier(d"
309 "igest=b\'\\t#\\x84\\x93\"0I\\x8b\\xc9\\x80\\xaa\\x80\\x98Eoo"
310 "\\xf7\\xff:\\xc9\')>)>"
311 )
312 else:
313 assert repr(ext) == (
314 "<Extension(oid=<ObjectIdentifier(oid=2.5.29.14, name=subjectK"
315 "eyIdentifier)>, critical=False, value=<SubjectKeyIdentifier(d"
316 "igest=\'\\t#\\x84\\x93\"0I\\x8b\\xc9\\x80\\xaa\\x80\\x98Eoo"
317 "\\xf7\\xff:\\xc9\')>)>"
318 )
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]319
320 def test_eq(self):
321 ski = x509.SubjectKeyIdentifier(
Paul Kehreree997262015-04-04 12:20:28 -0500[diff] [blame]322 binascii.unhexlify(b"092384932230498bc980aa8098456f6ff7ff3ac9")
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]323 )
324 ski2 = x509.SubjectKeyIdentifier(
Paul Kehreree997262015-04-04 12:20:28 -0500[diff] [blame]325 binascii.unhexlify(b"092384932230498bc980aa8098456f6ff7ff3ac9")
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]326 )
327 assert ski == ski2
328
329 def test_ne(self):
330 ski = x509.SubjectKeyIdentifier(
Paul Kehreree997262015-04-04 12:20:28 -0500[diff] [blame]331 binascii.unhexlify(b"092384932230498bc980aa8098456f6ff7ff3ac9")
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]332 )
333 ski2 = x509.SubjectKeyIdentifier(
Paul Kehreree997262015-04-04 12:20:28 -0500[diff] [blame]334 binascii.unhexlify(b"aa8098456f6ff7ff3ac9092384932230498bc980")
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]335 )
336 assert ski != ski2
337 assert ski != object()
338
339
Paul Kehrer2eb4ed92015-04-11 15:33:45 -0400[diff] [blame]340class TestAuthorityKeyIdentifier(object):
Paul Kehrerc6e0f062015-05-03 11:04:34 -0500[diff] [blame]341 def test_authority_cert_issuer_not_generalname(self):
Paul Kehrer2eb4ed92015-04-11 15:33:45 -0400[diff] [blame]342 with pytest.raises(TypeError):
Paul Kehrerc6e0f062015-05-03 11:04:34 -0500[diff] [blame]343 x509.AuthorityKeyIdentifier(b"identifier", ["notname"], 3)
Paul Kehrer2eb4ed92015-04-11 15:33:45 -0400[diff] [blame]344
345 def test_authority_cert_serial_number_not_integer(self):
Paul Kehrerc6e0f062015-05-03 11:04:34 -0500[diff] [blame]346 dirname = x509.DirectoryName(
347 x509.Name([
348 x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value1'),
349 x509.NameAttribute(x509.ObjectIdentifier('oid2'), 'value2'),
350 ])
351 )
Paul Kehrer2eb4ed92015-04-11 15:33:45 -0400[diff] [blame]352 with pytest.raises(TypeError):
Paul Kehrerc6e0f062015-05-03 11:04:34 -0500[diff] [blame]353 x509.AuthorityKeyIdentifier(b"identifier", [dirname], "notanint")
Paul Kehrer2eb4ed92015-04-11 15:33:45 -0400[diff] [blame]354
355 def test_authority_issuer_none_serial_not_none(self):
356 with pytest.raises(ValueError):
357 x509.AuthorityKeyIdentifier(b"identifier", None, 3)
358
359 def test_authority_issuer_not_none_serial_none(self):
Paul Kehrerc6e0f062015-05-03 11:04:34 -0500[diff] [blame]360 dirname = x509.DirectoryName(
361 x509.Name([
362 x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value1'),
363 x509.NameAttribute(x509.ObjectIdentifier('oid2'), 'value2'),
364 ])
365 )
Paul Kehrer2eb4ed92015-04-11 15:33:45 -0400[diff] [blame]366 with pytest.raises(ValueError):
Paul Kehrerc6e0f062015-05-03 11:04:34 -0500[diff] [blame]367 x509.AuthorityKeyIdentifier(b"identifier", [dirname], None)
Paul Kehrer2eb4ed92015-04-11 15:33:45 -0400[diff] [blame]368
369 def test_authority_cert_serial_and_issuer_none(self):
370 aki = x509.AuthorityKeyIdentifier(b"id", None, None)
371 assert aki.key_identifier == b"id"
372 assert aki.authority_cert_issuer is None
373 assert aki.authority_cert_serial_number is None
374
375 def test_repr(self):
Paul Kehrerc6e0f062015-05-03 11:04:34 -0500[diff] [blame]376 dirname = x509.DirectoryName(
377 x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, 'myCN')])
378 )
379 aki = x509.AuthorityKeyIdentifier(b"digest", [dirname], 1234)
Paul Kehrer2eb4ed92015-04-11 15:33:45 -0400[diff] [blame]380
381 if six.PY3:
382 assert repr(aki) == (
383 "<AuthorityKeyIdentifier(key_identifier=b'digest', authority_"
Paul Kehrerc6e0f062015-05-03 11:04:34 -0500[diff] [blame]384 "cert_issuer=[<DirectoryName(value=<Name([<NameAttribute(oid="
385 "<ObjectIdentifier(oid=2.5.4.3, name=commonName)>, value='myC"
386 "N')>])>)>], authority_cert_serial_number=1234)>"
Paul Kehrer2eb4ed92015-04-11 15:33:45 -0400[diff] [blame]387 )
388 else:
389 assert repr(aki) == (
390 "<AuthorityKeyIdentifier(key_identifier='digest', authority_ce"
Paul Kehrerc6e0f062015-05-03 11:04:34 -0500[diff] [blame]391 "rt_issuer=[<DirectoryName(value=<Name([<NameAttribute(oid=<Ob"
392 "jectIdentifier(oid=2.5.4.3, name=commonName)>, value='myCN')>"
393 "])>)>], authority_cert_serial_number=1234)>"
Paul Kehrer2eb4ed92015-04-11 15:33:45 -0400[diff] [blame]394 )
395
396
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]397class TestBasicConstraints(object):
398 def test_ca_not_boolean(self):
399 with pytest.raises(TypeError):
Paul Kehrera5c6e9a2015-03-23 19:23:43 -0500[diff] [blame]400 x509.BasicConstraints(ca="notbool", path_length=None)
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]401
402 def test_path_length_not_ca(self):
403 with pytest.raises(ValueError):
Paul Kehrera5c6e9a2015-03-23 19:23:43 -0500[diff] [blame]404 x509.BasicConstraints(ca=False, path_length=0)
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]405
406 def test_path_length_not_int(self):
407 with pytest.raises(TypeError):
Paul Kehrera5c6e9a2015-03-23 19:23:43 -0500[diff] [blame]408 x509.BasicConstraints(ca=True, path_length=1.1)
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]409
410 with pytest.raises(TypeError):
Paul Kehrera5c6e9a2015-03-23 19:23:43 -0500[diff] [blame]411 x509.BasicConstraints(ca=True, path_length="notint")
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]412
413 def test_path_length_negative(self):
414 with pytest.raises(TypeError):
Paul Kehrera5c6e9a2015-03-23 19:23:43 -0500[diff] [blame]415 x509.BasicConstraints(ca=True, path_length=-1)
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]416
417 def test_repr(self):
Paul Kehrera5c6e9a2015-03-23 19:23:43 -0500[diff] [blame]418 na = x509.BasicConstraints(ca=True, path_length=None)
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]419 assert repr(na) == (
Paul Kehrer85894662015-03-22 13:19:31 -0500[diff] [blame]420 "<BasicConstraints(ca=True, path_length=None)>"
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]421 )
Paul Kehrerfbb7ac82015-03-16 19:26:29 -0500[diff] [blame]422
423
Paul Kehrerffa2a152015-03-31 08:18:25 -0500[diff] [blame]424class TestExtendedKeyUsage(object):
425 def test_not_all_oids(self):
426 with pytest.raises(TypeError):
427 x509.ExtendedKeyUsage(["notoid"])
428
429 def test_iter_len(self):
430 eku = x509.ExtendedKeyUsage([
431 x509.ObjectIdentifier("1.3.6.1.5.5.7.3.1"),
432 x509.ObjectIdentifier("1.3.6.1.5.5.7.3.2"),
433 ])
434 assert len(eku) == 2
435 assert list(eku) == [
436 x509.OID_SERVER_AUTH,
437 x509.OID_CLIENT_AUTH
438 ]
439
Paul Kehrer23d10c32015-04-02 23:12:32 -0500[diff] [blame]440 def test_repr(self):
441 eku = x509.ExtendedKeyUsage([
442 x509.ObjectIdentifier("1.3.6.1.5.5.7.3.1"),
443 x509.ObjectIdentifier("1.3.6.1.5.5.7.3.2"),
444 ])
445 assert repr(eku) == (
446 "<ExtendedKeyUsage([<ObjectIdentifier(oid=1.3.6.1.5.5.7.3.1, name="
447 "serverAuth)>, <ObjectIdentifier(oid=1.3.6.1.5.5.7.3.2, name=clien"
448 "tAuth)>])>"
449 )
450
Paul Kehrerb0476172015-05-02 19:34:51 -0500[diff] [blame]451 def test_eq(self):
452 eku = x509.ExtendedKeyUsage([
453 x509.ObjectIdentifier("1.3.6"), x509.ObjectIdentifier("1.3.7")
454 ])
455 eku2 = x509.ExtendedKeyUsage([
456 x509.ObjectIdentifier("1.3.6"), x509.ObjectIdentifier("1.3.7")
457 ])
458 assert eku == eku2
459
460 def test_ne(self):
461 eku = x509.ExtendedKeyUsage([x509.ObjectIdentifier("1.3.6")])
462 eku2 = x509.ExtendedKeyUsage([x509.ObjectIdentifier("1.3.6.1")])
463 assert eku != eku2
464 assert eku != object()
465
Paul Kehrerffa2a152015-03-31 08:18:25 -0500[diff] [blame]466
Paul Kehrerfbb7ac82015-03-16 19:26:29 -0500[diff] [blame]467@pytest.mark.requires_backend_interface(interface=RSABackend)
468@pytest.mark.requires_backend_interface(interface=X509Backend)
469class TestExtensions(object):
470 def test_no_extensions(self, backend):
471 cert = _load_cert(
472 os.path.join("x509", "verisign_md2_root.pem"),
473 x509.load_pem_x509_certificate,
474 backend
475 )
476 ext = cert.extensions
477 assert len(ext) == 0
478 assert list(ext) == []
Paul Kehrerfa56a232015-03-17 13:14:03 -0500[diff] [blame]479 with pytest.raises(x509.ExtensionNotFound) as exc:
480 ext.get_extension_for_oid(x509.OID_BASIC_CONSTRAINTS)
481
482 assert exc.value.oid == x509.OID_BASIC_CONSTRAINTS
483
484 def test_one_extension(self, backend):
485 cert = _load_cert(
486 os.path.join(
487 "x509", "custom", "basic_constraints_not_critical.pem"
488 ),
489 x509.load_pem_x509_certificate,
490 backend
491 )
492 extensions = cert.extensions
493 ext = extensions.get_extension_for_oid(x509.OID_BASIC_CONSTRAINTS)
494 assert ext is not None
495 assert ext.value.ca is False
Paul Kehrerfbb7ac82015-03-16 19:26:29 -0500[diff] [blame]496
497 def test_duplicate_extension(self, backend):
498 cert = _load_cert(
499 os.path.join(
500 "x509", "custom", "two_basic_constraints.pem"
501 ),
502 x509.load_pem_x509_certificate,
503 backend
504 )
505 with pytest.raises(x509.DuplicateExtension) as exc:
506 cert.extensions
507
508 assert exc.value.oid == x509.OID_BASIC_CONSTRAINTS
509
510 def test_unsupported_critical_extension(self, backend):
511 cert = _load_cert(
512 os.path.join(
513 "x509", "custom", "unsupported_extension_critical.pem"
514 ),
515 x509.load_pem_x509_certificate,
516 backend
517 )
518 with pytest.raises(x509.UnsupportedExtension) as exc:
519 cert.extensions
520
521 assert exc.value.oid == x509.ObjectIdentifier("1.2.3.4")
522
523 def test_unsupported_extension(self, backend):
524 # TODO: this will raise an exception when all extensions are complete
525 cert = _load_cert(
526 os.path.join(
527 "x509", "custom", "unsupported_extension.pem"
528 ),
529 x509.load_pem_x509_certificate,
530 backend
531 )
532 extensions = cert.extensions
533 assert len(extensions) == 0
Paul Kehrerfa56a232015-03-17 13:14:03 -0500[diff] [blame]534
535
536@pytest.mark.requires_backend_interface(interface=RSABackend)
537@pytest.mark.requires_backend_interface(interface=X509Backend)
Paul Kehrerde813ea2015-03-28 12:44:34 -0500[diff] [blame]538class TestBasicConstraintsExtension(object):
Paul Kehrerfa56a232015-03-17 13:14:03 -0500[diff] [blame]539 def test_ca_true_pathlen_6(self, backend):
540 cert = _load_cert(
541 os.path.join(
542 "x509", "PKITS_data", "certs", "pathLenConstraint6CACert.crt"
543 ),
544 x509.load_der_x509_certificate,
545 backend
546 )
547 ext = cert.extensions.get_extension_for_oid(
548 x509.OID_BASIC_CONSTRAINTS
549 )
550 assert ext is not None
551 assert ext.critical is True
552 assert ext.value.ca is True
553 assert ext.value.path_length == 6
554
555 def test_path_length_zero(self, backend):
556 cert = _load_cert(
557 os.path.join("x509", "custom", "bc_path_length_zero.pem"),
558 x509.load_pem_x509_certificate,
559 backend
560 )
561 ext = cert.extensions.get_extension_for_oid(
562 x509.OID_BASIC_CONSTRAINTS
563 )
564 assert ext is not None
565 assert ext.critical is True
566 assert ext.value.ca is True
567 assert ext.value.path_length == 0
568
569 def test_ca_true_no_pathlen(self, backend):
570 cert = _load_cert(
571 os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"),
572 x509.load_der_x509_certificate,
573 backend
574 )
575 ext = cert.extensions.get_extension_for_oid(
576 x509.OID_BASIC_CONSTRAINTS
577 )
578 assert ext is not None
579 assert ext.critical is True
580 assert ext.value.ca is True
581 assert ext.value.path_length is None
582
583 def test_ca_false(self, backend):
584 cert = _load_cert(
585 os.path.join("x509", "cryptography.io.pem"),
586 x509.load_pem_x509_certificate,
587 backend
588 )
589 ext = cert.extensions.get_extension_for_oid(
590 x509.OID_BASIC_CONSTRAINTS
591 )
592 assert ext is not None
593 assert ext.critical is True
594 assert ext.value.ca is False
595 assert ext.value.path_length is None
596
597 def test_no_basic_constraints(self, backend):
598 cert = _load_cert(
599 os.path.join(
600 "x509",
601 "PKITS_data",
602 "certs",
603 "ValidCertificatePathTest1EE.crt"
604 ),
605 x509.load_der_x509_certificate,
606 backend
607 )
608 with pytest.raises(x509.ExtensionNotFound):
609 cert.extensions.get_extension_for_oid(x509.OID_BASIC_CONSTRAINTS)
610
611 def test_basic_constraint_not_critical(self, backend):
612 cert = _load_cert(
613 os.path.join(
614 "x509", "custom", "basic_constraints_not_critical.pem"
615 ),
616 x509.load_pem_x509_certificate,
617 backend
618 )
619 ext = cert.extensions.get_extension_for_oid(
620 x509.OID_BASIC_CONSTRAINTS
621 )
622 assert ext is not None
623 assert ext.critical is False
624 assert ext.value.ca is False
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]625
626
627@pytest.mark.requires_backend_interface(interface=RSABackend)
628@pytest.mark.requires_backend_interface(interface=X509Backend)
629class TestSubjectKeyIdentifierExtension(object):
630 def test_subject_key_identifier(self, backend):
631 cert = _load_cert(
632 os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"),
633 x509.load_der_x509_certificate,
634 backend
635 )
636 ext = cert.extensions.get_extension_for_oid(
637 x509.OID_SUBJECT_KEY_IDENTIFIER
638 )
639 ski = ext.value
640 assert ext is not None
641 assert ext.critical is False
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]642 assert ski.digest == binascii.unhexlify(
Paul Kehreree997262015-04-04 12:20:28 -0500[diff] [blame]643 b"580184241bbc2b52944a3da510721451f5af3ac9"
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]644 )
645
646 def test_no_subject_key_identifier(self, backend):
647 cert = _load_cert(
648 os.path.join("x509", "custom", "bc_path_length_zero.pem"),
649 x509.load_pem_x509_certificate,
650 backend
651 )
652 with pytest.raises(x509.ExtensionNotFound):
653 cert.extensions.get_extension_for_oid(
654 x509.OID_SUBJECT_KEY_IDENTIFIER
655 )
Paul Kehrer5508ee22015-04-02 19:31:03 -0500[diff] [blame]656
657
658@pytest.mark.requires_backend_interface(interface=RSABackend)
659@pytest.mark.requires_backend_interface(interface=X509Backend)
660class TestKeyUsageExtension(object):
661 def test_no_key_usage(self, backend):
662 cert = _load_cert(
663 os.path.join("x509", "verisign_md2_root.pem"),
664 x509.load_pem_x509_certificate,
665 backend
666 )
667 ext = cert.extensions
668 with pytest.raises(x509.ExtensionNotFound) as exc:
669 ext.get_extension_for_oid(x509.OID_KEY_USAGE)
670
671 assert exc.value.oid == x509.OID_KEY_USAGE
672
673 def test_all_purposes(self, backend):
674 cert = _load_cert(
675 os.path.join(
676 "x509", "custom", "all_key_usages.pem"
677 ),
678 x509.load_pem_x509_certificate,
679 backend
680 )
681 extensions = cert.extensions
682 ext = extensions.get_extension_for_oid(x509.OID_KEY_USAGE)
683 assert ext is not None
684
685 ku = ext.value
686 assert ku.digital_signature is True
687 assert ku.content_commitment is True
688 assert ku.key_encipherment is True
689 assert ku.data_encipherment is True
690 assert ku.key_agreement is True
691 assert ku.key_cert_sign is True
692 assert ku.crl_sign is True
693 assert ku.encipher_only is True
694 assert ku.decipher_only is True
695
696 def test_key_cert_sign_crl_sign(self, backend):
697 cert = _load_cert(
698 os.path.join(
699 "x509", "PKITS_data", "certs", "pathLenConstraint6CACert.crt"
700 ),
701 x509.load_der_x509_certificate,
702 backend
703 )
704 ext = cert.extensions.get_extension_for_oid(x509.OID_KEY_USAGE)
705 assert ext is not None
706 assert ext.critical is True
707
708 ku = ext.value
709 assert ku.digital_signature is False
710 assert ku.content_commitment is False
711 assert ku.key_encipherment is False
712 assert ku.data_encipherment is False
713 assert ku.key_agreement is False
714 assert ku.key_cert_sign is True
715 assert ku.crl_sign is True
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]716
717
718@pytest.mark.parametrize(
719 "name", [
720 x509.RFC822Name,
721 x509.DNSName,
722 x509.UniformResourceIdentifier
723 ]
724)
725class TestTextGeneralNames(object):
726 def test_not_text(self, name):
727 with pytest.raises(TypeError):
728 name(b"notaunicodestring")
729
730 with pytest.raises(TypeError):
731 name(1.3)
732
733 def test_repr(self, name):
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]734 gn = name(u"string")
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]735 assert repr(gn) == "<{0}(value=string)>".format(name.__name__)
736
737 def test_eq(self, name):
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]738 gn = name(u"string")
739 gn2 = name(u"string")
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]740 assert gn == gn2
741
742 def test_ne(self, name):
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]743 gn = name(u"string")
744 gn2 = name(u"string2")
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]745 assert gn != gn2
746 assert gn != object()
747
748
749class TestDirectoryName(object):
750 def test_not_name(self):
751 with pytest.raises(TypeError):
752 x509.DirectoryName(b"notaname")
753
754 with pytest.raises(TypeError):
755 x509.DirectoryName(1.3)
756
757 def test_repr(self):
758 name = x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, 'value1')])
759 gn = x509.DirectoryName(x509.Name([name]))
760 assert repr(gn) == (
761 "<DirectoryName(value=<Name([<Name([<NameAttribute(oid=<ObjectIden"
762 "tifier(oid=2.5.4.3, name=commonName)>, value='value1')>])>])>)>"
763 )
764
765 def test_eq(self):
766 name = x509.Name([
767 x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value1')
768 ])
769 name2 = x509.Name([
770 x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value1')
771 ])
772 gn = x509.DirectoryName(x509.Name([name]))
773 gn2 = x509.DirectoryName(x509.Name([name2]))
774 assert gn == gn2
775
776 def test_ne(self):
777 name = x509.Name([
778 x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value1')
779 ])
780 name2 = x509.Name([
781 x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value2')
782 ])
783 gn = x509.DirectoryName(x509.Name([name]))
784 gn2 = x509.DirectoryName(x509.Name([name2]))
785 assert gn != gn2
786 assert gn != object()
787
788
789class TestRegisteredID(object):
790 def test_not_oid(self):
791 with pytest.raises(TypeError):
792 x509.RegisteredID(b"notanoid")
793
794 with pytest.raises(TypeError):
795 x509.RegisteredID(1.3)
796
797 def test_repr(self):
798 gn = x509.RegisteredID(x509.OID_COMMON_NAME)
799 assert repr(gn) == (
800 "<RegisteredID(value=<ObjectIdentifier(oid=2.5.4.3, name=commonNam"
801 "e)>)>"
802 )
803
804 def test_eq(self):
805 gn = x509.RegisteredID(x509.OID_COMMON_NAME)
806 gn2 = x509.RegisteredID(x509.OID_COMMON_NAME)
807 assert gn == gn2
808
809 def test_ne(self):
810 gn = x509.RegisteredID(x509.OID_COMMON_NAME)
811 gn2 = x509.RegisteredID(x509.OID_BASIC_CONSTRAINTS)
812 assert gn != gn2
813 assert gn != object()
814
815
816class TestIPAddress(object):
817 def test_not_ipaddress(self):
818 with pytest.raises(TypeError):
819 x509.IPAddress(b"notanipaddress")
820
821 with pytest.raises(TypeError):
822 x509.IPAddress(1.3)
823
824 def test_repr(self):
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]825 gn = x509.IPAddress(ipaddress.IPv4Address(u"127.0.0.1"))
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]826 assert repr(gn) == "<IPAddress(value=127.0.0.1)>"
827
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]828 gn2 = x509.IPAddress(ipaddress.IPv6Address(u"ff::"))
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]829 assert repr(gn2) == "<IPAddress(value=ff::)>"
830
831 def test_eq(self):
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]832 gn = x509.IPAddress(ipaddress.IPv4Address(u"127.0.0.1"))
833 gn2 = x509.IPAddress(ipaddress.IPv4Address(u"127.0.0.1"))
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]834 assert gn == gn2
835
836 def test_ne(self):
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]837 gn = x509.IPAddress(ipaddress.IPv4Address(u"127.0.0.1"))
838 gn2 = x509.IPAddress(ipaddress.IPv4Address(u"127.0.0.2"))
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]839 assert gn != gn2
840 assert gn != object()
841
842
843class TestSubjectAlternativeName(object):
844 def test_get_values_for_type(self):
845 san = x509.SubjectAlternativeName(
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]846 [x509.DNSName(u"cryptography.io")]
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]847 )
848 names = san.get_values_for_type(x509.DNSName)
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]849 assert names == [u"cryptography.io"]
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]850
851 def test_iter_names(self):
852 san = x509.SubjectAlternativeName([
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]853 x509.DNSName(u"cryptography.io"),
854 x509.DNSName(u"crypto.local"),
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]855 ])
856 assert len(san) == 2
857 assert list(san) == [
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]858 x509.DNSName(u"cryptography.io"),
859 x509.DNSName(u"crypto.local"),
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]860 ]
861
Paul Kehrerd04b39b2015-04-21 08:44:17 -0500[diff] [blame]862 def test_invalid_general_names(self):
863 with pytest.raises(TypeError):
864 x509.SubjectAlternativeName(
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]865 [x509.DNSName(u"cryptography.io"), "invalid"]
Paul Kehrerd04b39b2015-04-21 08:44:17 -0500[diff] [blame]866 )
867
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]868 def test_repr(self):
869 san = x509.SubjectAlternativeName(
870 [
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]871 x509.DNSName(u"cryptography.io")
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]872 ]
873 )
874 assert repr(san) == (
875 "<SubjectAlternativeName([<DNSName(value=cryptography.io)>])>"
876 )
Paul Kehrer40f83382015-04-20 15:00:16 -0500[diff] [blame]877
878
879@pytest.mark.requires_backend_interface(interface=RSABackend)
880@pytest.mark.requires_backend_interface(interface=X509Backend)
881class TestRSASubjectAlternativeNameExtension(object):
882 def test_dns_name(self, backend):
883 cert = _load_cert(
884 os.path.join("x509", "cryptography.io.pem"),
885 x509.load_pem_x509_certificate,
886 backend
887 )
888 ext = cert.extensions.get_extension_for_oid(
889 x509.OID_SUBJECT_ALTERNATIVE_NAME
890 )
891 assert ext is not None
892 assert ext.critical is False
893
894 san = ext.value
895
896 dns = san.get_values_for_type(x509.DNSName)
897 assert dns == [u"www.cryptography.io", u"cryptography.io"]
Paul Kehrer9089c912015-04-20 22:15:20 -0500[diff] [blame]898
899 def test_unsupported_other_name(self, backend):
900 cert = _load_cert(
901 os.path.join(
902 "x509", "custom", "san_other_name.pem"
903 ),
904 x509.load_pem_x509_certificate,
905 backend
906 )
Paul Kehrerbed07352015-04-21 08:31:10 -0500[diff] [blame]907 with pytest.raises(x509.UnsupportedGeneralNameType) as exc:
Paul Kehrer9089c912015-04-20 22:15:20 -0500[diff] [blame]908 cert.extensions
Paul Kehrerbed07352015-04-21 08:31:10 -0500[diff] [blame]909
Paul Kehrer0a621bf2015-04-22 09:22:56 -0500[diff] [blame]910 assert exc.value.type == 0
Paul Kehrer4db96622015-04-20 22:17:39 -0500[diff] [blame]911
912 def test_registered_id(self, backend):
913 cert = _load_cert(
914 os.path.join(
915 "x509", "custom", "san_registered_id.pem"
916 ),
917 x509.load_pem_x509_certificate,
918 backend
919 )
920 ext = cert.extensions.get_extension_for_oid(
921 x509.OID_SUBJECT_ALTERNATIVE_NAME
922 )
923 assert ext is not None
924 assert ext.critical is False
925
926 san = ext.value
927 rid = san.get_values_for_type(x509.RegisteredID)
928 assert rid == [x509.ObjectIdentifier("1.2.3.4")]
Paul Kehrerb8ef82e2015-04-22 16:04:24 -0500[diff] [blame]929
930 def test_uri(self, backend):
931 cert = _load_cert(
932 os.path.join(
933 "x509", "custom", "san_uri_with_port.pem"
934 ),
935 x509.load_pem_x509_certificate,
936 backend
937 )
938 ext = cert.extensions.get_extension_for_oid(
939 x509.OID_SUBJECT_ALTERNATIVE_NAME
940 )
941 assert ext is not None
942 uri = ext.value.get_values_for_type(
943 x509.UniformResourceIdentifier
944 )
945 assert uri == [
946 u"gopher://\u043f\u044b\u043a\u0430.cryptography:70/path?q=s#hel"
947 u"lo",
948 u"http://someregulardomain.com",
949 ]
Paul Kehrera5f030c2015-04-28 08:33:18 -0500[diff] [blame]950
951 def test_ipaddress(self, backend):
952 cert = _load_cert(
953 os.path.join(
954 "x509", "custom", "san_ipaddr.pem"
955 ),
956 x509.load_pem_x509_certificate,
957 backend
958 )
959 ext = cert.extensions.get_extension_for_oid(
960 x509.OID_SUBJECT_ALTERNATIVE_NAME
961 )
962 assert ext is not None
963 assert ext.critical is False
964
965 san = ext.value
966
967 ip = san.get_values_for_type(x509.IPAddress)
968 assert [
969 ipaddress.ip_address(u"127.0.0.1"),
970 ipaddress.ip_address(u"ff::")
971 ] == ip
Paul Kehrer2187a052015-04-30 08:22:07 -0500[diff] [blame]972
973 def test_dirname(self, backend):
974 cert = _load_cert(
975 os.path.join(
976 "x509", "custom", "san_dirname.pem"
977 ),
978 x509.load_pem_x509_certificate,
979 backend
980 )
981 ext = cert.extensions.get_extension_for_oid(
982 x509.OID_SUBJECT_ALTERNATIVE_NAME
983 )
984 assert ext is not None
985 assert ext.critical is False
986
987 san = ext.value
988
989 dirname = san.get_values_for_type(x509.DirectoryName)
990 assert [
991 x509.Name([
992 x509.NameAttribute(x509.OID_COMMON_NAME, 'test'),
993 x509.NameAttribute(x509.OID_ORGANIZATION_NAME, 'Org'),
994 x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, 'Texas'),
995 ])
996 ] == dirname
Paul Kehrere06cab42015-04-30 10:23:33 -0500[diff] [blame]997
998 def test_rfc822name(self, backend):
999 cert = _load_cert(
1000 os.path.join(
1001 "x509", "custom", "san_rfc822_idna.pem"
1002 ),
1003 x509.load_pem_x509_certificate,
1004 backend
1005 )
1006 ext = cert.extensions.get_extension_for_oid(
1007 x509.OID_SUBJECT_ALTERNATIVE_NAME
1008 )
1009 assert ext is not None
1010 assert ext.critical is False
1011
1012 san = ext.value
1013
1014 rfc822name = san.get_values_for_type(x509.RFC822Name)
1015 assert [u"email@em\xe5\xefl.com"] == rfc822name
1016
1017 def test_unicode_rfc822_name_dns_name_uri(self, backend):
1018 cert = _load_cert(
1019 os.path.join(
1020 "x509", "custom", "san_idna_names.pem"
1021 ),
1022 x509.load_pem_x509_certificate,
1023 backend
1024 )
1025 ext = cert.extensions.get_extension_for_oid(
1026 x509.OID_SUBJECT_ALTERNATIVE_NAME
1027 )
1028 assert ext is not None
1029 rfc822_name = ext.value.get_values_for_type(x509.RFC822Name)
1030 dns_name = ext.value.get_values_for_type(x509.DNSName)
1031 uri = ext.value.get_values_for_type(x509.UniformResourceIdentifier)
1032 assert rfc822_name == [u"email@\u043f\u044b\u043a\u0430.cryptography"]
1033 assert dns_name == [u"\u043f\u044b\u043a\u0430.cryptography"]
1034 assert uri == [u"https://www.\u043f\u044b\u043a\u0430.cryptography"]
1035
1036 def test_rfc822name_dnsname_ipaddress_directoryname_uri(self, backend):
1037 cert = _load_cert(
1038 os.path.join(
1039 "x509", "custom", "san_email_dns_ip_dirname_uri.pem"
1040 ),
1041 x509.load_pem_x509_certificate,
1042 backend
1043 )
1044 ext = cert.extensions.get_extension_for_oid(
1045 x509.OID_SUBJECT_ALTERNATIVE_NAME
1046 )
1047 assert ext is not None
1048 assert ext.critical is False
1049
1050 san = ext.value
1051
1052 rfc822_name = san.get_values_for_type(x509.RFC822Name)
1053 uri = san.get_values_for_type(x509.UniformResourceIdentifier)
1054 dns = san.get_values_for_type(x509.DNSName)
1055 ip = san.get_values_for_type(x509.IPAddress)
1056 dirname = san.get_values_for_type(x509.DirectoryName)
1057 assert [u"user@cryptography.io"] == rfc822_name
Paul Kehrere3a330c2015-05-02 16:42:52 -0500[diff] [blame]1058 assert [u"https://cryptography.io"] == uri
Paul Kehrere06cab42015-04-30 10:23:33 -0500[diff] [blame]1059 assert [u"cryptography.io"] == dns
1060 assert [
1061 x509.Name([
1062 x509.NameAttribute(x509.OID_COMMON_NAME, 'dirCN'),
1063 x509.NameAttribute(
1064 x509.OID_ORGANIZATION_NAME, 'Cryptographic Authority'
1065 ),
1066 ])
1067 ] == dirname
1068 assert [
1069 ipaddress.ip_address(u"127.0.0.1"),
1070 ipaddress.ip_address(u"ff::")
1071 ] == ip
1072
1073 def test_invalid_rfc822name(self, backend):
1074 cert = _load_cert(
1075 os.path.join(
1076 "x509", "custom", "san_rfc822_names.pem"
1077 ),
1078 x509.load_pem_x509_certificate,
1079 backend
1080 )
1081 with pytest.raises(ValueError) as exc:
1082 cert.extensions
1083
1084 assert 'Invalid rfc822name value' in str(exc.value)
Paul Kehrer94c69602015-05-02 19:29:40 -0500[diff] [blame]1085
1086
1087@pytest.mark.requires_backend_interface(interface=RSABackend)
1088@pytest.mark.requires_backend_interface(interface=X509Backend)
1089class TestExtendedKeyUsageExtension(object):
1090 def test_eku(self, backend):
1091 cert = _load_cert(
1092 os.path.join(
1093 "x509", "custom", "extended_key_usage.pem"
1094 ),
1095 x509.load_pem_x509_certificate,
1096 backend
1097 )
1098 ext = cert.extensions.get_extension_for_oid(
1099 x509.OID_EXTENDED_KEY_USAGE
1100 )
1101 assert ext is not None
1102 assert ext.critical is False
1103
1104 assert [
1105 x509.ObjectIdentifier("1.3.6.1.5.5.7.3.1"),
1106 x509.ObjectIdentifier("1.3.6.1.5.5.7.3.2"),
1107 x509.ObjectIdentifier("1.3.6.1.5.5.7.3.3"),
1108 x509.ObjectIdentifier("1.3.6.1.5.5.7.3.4"),
1109 x509.ObjectIdentifier("1.3.6.1.5.5.7.3.9"),
1110 x509.ObjectIdentifier("1.3.6.1.5.5.7.3.8"),
1111 x509.ObjectIdentifier("2.5.29.37.0"),
1112 x509.ObjectIdentifier("2.16.840.1.113730.4.1"),
1113 ] == list(ext.value)
Paul Kehrer3e6d5582015-05-02 21:57:56 -0500[diff] [blame]1114
1115
1116class TestAccessDescription(object):
1117 def test_invalid_access_method(self):
Paul Kehrerf506bca2015-05-02 22:31:47 -0500[diff] [blame]1118 with pytest.raises(ValueError):
Paul Kehrer3e6d5582015-05-02 21:57:56 -0500[diff] [blame]1119 x509.AccessDescription("notanoid", x509.DNSName(u"test"))
1120
1121 def test_invalid_access_location(self):
1122 with pytest.raises(TypeError):
1123 x509.AccessDescription(x509.OID_CA_ISSUERS, "invalid")
1124
1125 def test_repr(self):
1126 ad = x509.AccessDescription(
1127 x509.OID_OCSP,
1128 x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
1129 )
1130 assert repr(ad) == (
1131 "<AccessDescription(access_method=<ObjectIdentifier(oid=1.3.6.1.5."
1132 "5.7.48.1, name=OCSP)>, access_location=<UniformResourceIdentifier"
1133 "(value=http://ocsp.domain.com)>)>"
1134 )
1135
1136 def test_eq(self):
1137 ad = x509.AccessDescription(
1138 x509.OID_OCSP,
1139 x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
1140 )
1141 ad2 = x509.AccessDescription(
1142 x509.OID_OCSP,
1143 x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
1144 )
1145 assert ad == ad2
1146
1147 def test_ne(self):
1148 ad = x509.AccessDescription(
1149 x509.OID_OCSP,
1150 x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
1151 )
1152 ad2 = x509.AccessDescription(
1153 x509.OID_CA_ISSUERS,
1154 x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
1155 )
1156 ad3 = x509.AccessDescription(
1157 x509.OID_OCSP,
1158 x509.UniformResourceIdentifier(u"http://notthesame")
1159 )
1160 assert ad != ad2
1161 assert ad != ad3
1162 assert ad != object()
1163
1164
1165class TestAuthorityInformationAccess(object):
1166 def test_invalid_descriptions(self):
1167 with pytest.raises(TypeError):
1168 x509.AuthorityInformationAccess(["notanAccessDescription"])
1169
1170 def test_iter_len(self):
1171 aia = x509.AuthorityInformationAccess([
1172 x509.AccessDescription(
1173 x509.OID_OCSP,
1174 x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
1175 ),
1176 x509.AccessDescription(
1177 x509.OID_CA_ISSUERS,
1178 x509.UniformResourceIdentifier(u"http://domain.com/ca.crt")
1179 )
1180 ])
1181 assert len(aia) == 2
1182 assert list(aia) == [
1183 x509.AccessDescription(
1184 x509.OID_OCSP,
1185 x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
1186 ),
1187 x509.AccessDescription(
1188 x509.OID_CA_ISSUERS,
1189 x509.UniformResourceIdentifier(u"http://domain.com/ca.crt")
1190 )
1191 ]
1192
1193 def test_repr(self):
1194 aia = x509.AuthorityInformationAccess([
1195 x509.AccessDescription(
1196 x509.OID_OCSP,
1197 x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
1198 ),
1199 x509.AccessDescription(
1200 x509.OID_CA_ISSUERS,
1201 x509.UniformResourceIdentifier(u"http://domain.com/ca.crt")
1202 )
1203 ])
1204 assert repr(aia) == (
1205 "<AuthorityInformationAccess([<AccessDescription(access_method=<Ob"
1206 "jectIdentifier(oid=1.3.6.1.5.5.7.48.1, name=OCSP)>, access_locati"
1207 "on=<UniformResourceIdentifier(value=http://ocsp.domain.com)>)>, <"
1208 "AccessDescription(access_method=<ObjectIdentifier(oid=1.3.6.1.5.5"
1209 ".7.48.2, name=caIssuers)>, access_location=<UniformResourceIdenti"
1210 "fier(value=http://domain.com/ca.crt)>)>])>"
1211 )
1212
1213 def test_eq(self):
1214 aia = x509.AuthorityInformationAccess([
1215 x509.AccessDescription(
1216 x509.OID_OCSP,
1217 x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
1218 ),
1219 x509.AccessDescription(
1220 x509.OID_CA_ISSUERS,
1221 x509.UniformResourceIdentifier(u"http://domain.com/ca.crt")
1222 )
1223 ])
1224 aia2 = x509.AuthorityInformationAccess([
1225 x509.AccessDescription(
1226 x509.OID_OCSP,
1227 x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
1228 ),
1229 x509.AccessDescription(
1230 x509.OID_CA_ISSUERS,
1231 x509.UniformResourceIdentifier(u"http://domain.com/ca.crt")
1232 )
1233 ])
1234 assert aia == aia2
1235
1236 def test_ne(self):
1237 aia = x509.AuthorityInformationAccess([
1238 x509.AccessDescription(
1239 x509.OID_OCSP,
1240 x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
1241 ),
1242 x509.AccessDescription(
1243 x509.OID_CA_ISSUERS,
1244 x509.UniformResourceIdentifier(u"http://domain.com/ca.crt")
1245 )
1246 ])
1247 aia2 = x509.AuthorityInformationAccess([
1248 x509.AccessDescription(
1249 x509.OID_OCSP,
1250 x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
1251 ),
1252 ])
1253
1254 assert aia != aia2
1255 assert aia != object()
Paul Kehrerd774de92015-05-03 10:52:25 -0500[diff] [blame]1256
1257
1258@pytest.mark.requires_backend_interface(interface=RSABackend)
1259@pytest.mark.requires_backend_interface(interface=X509Backend)
Paul Kehrera1476992015-05-04 17:35:47 -0500[diff] [blame]1260class TestAuthorityInformationAccessExtension(object):
1261 def test_aia_ocsp_ca_issuers(self, backend):
1262 cert = _load_cert(
1263 os.path.join("x509", "cryptography.io.pem"),
1264 x509.load_pem_x509_certificate,
1265 backend
1266 )
1267 ext = cert.extensions.get_extension_for_oid(
1268 x509.OID_AUTHORITY_INFORMATION_ACCESS
1269 )
1270 assert ext is not None
1271 assert ext.critical is False
1272
1273 assert ext.value == x509.AuthorityInformationAccess([
1274 x509.AccessDescription(
1275 x509.OID_OCSP,
1276 x509.UniformResourceIdentifier(u"http://gv.symcd.com")
1277 ),
1278 x509.AccessDescription(
1279 x509.OID_CA_ISSUERS,
1280 x509.UniformResourceIdentifier(u"http://gv.symcb.com/gv.crt")
1281 ),
1282 ])
1283
1284 def test_aia_multiple_ocsp_ca_issuers(self, backend):
1285 cert = _load_cert(
1286 os.path.join("x509", "custom", "aia_ocsp_ca_issuers.pem"),
1287 x509.load_pem_x509_certificate,
1288 backend
1289 )
1290 ext = cert.extensions.get_extension_for_oid(
1291 x509.OID_AUTHORITY_INFORMATION_ACCESS
1292 )
1293 assert ext is not None
1294 assert ext.critical is False
1295
1296 assert ext.value == x509.AuthorityInformationAccess([
1297 x509.AccessDescription(
1298 x509.OID_OCSP,
1299 x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
1300 ),
1301 x509.AccessDescription(
1302 x509.OID_OCSP,
1303 x509.UniformResourceIdentifier(u"http://ocsp2.domain.com")
1304 ),
1305 x509.AccessDescription(
1306 x509.OID_CA_ISSUERS,
1307 x509.DirectoryName(x509.Name([
1308 x509.NameAttribute(x509.OID_COMMON_NAME, "myCN"),
1309 x509.NameAttribute(x509.OID_ORGANIZATION_NAME, "some Org"),
1310 ]))
1311 ),
1312 ])
1313
1314 def test_aia_ocsp_only(self, backend):
1315 cert = _load_cert(
1316 os.path.join("x509", "custom", "aia_ocsp.pem"),
1317 x509.load_pem_x509_certificate,
1318 backend
1319 )
1320 ext = cert.extensions.get_extension_for_oid(
1321 x509.OID_AUTHORITY_INFORMATION_ACCESS
1322 )
1323 assert ext is not None
1324 assert ext.critical is False
1325
1326 assert ext.value == x509.AuthorityInformationAccess([
1327 x509.AccessDescription(
1328 x509.OID_OCSP,
1329 x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
1330 ),
1331 ])
1332
1333 def test_aia_ca_issuers_only(self, backend):
1334 cert = _load_cert(
1335 os.path.join("x509", "custom", "aia_ca_issuers.pem"),
1336 x509.load_pem_x509_certificate,
1337 backend
1338 )
1339 ext = cert.extensions.get_extension_for_oid(
1340 x509.OID_AUTHORITY_INFORMATION_ACCESS
1341 )
1342 assert ext is not None
1343 assert ext.critical is False
1344
1345 assert ext.value == x509.AuthorityInformationAccess([
1346 x509.AccessDescription(
1347 x509.OID_CA_ISSUERS,
1348 x509.DirectoryName(x509.Name([
1349 x509.NameAttribute(x509.OID_COMMON_NAME, "myCN"),
1350 x509.NameAttribute(x509.OID_ORGANIZATION_NAME, "some Org"),
1351 ]))
1352 ),
1353 ])
1354
1355
1356@pytest.mark.requires_backend_interface(interface=RSABackend)
1357@pytest.mark.requires_backend_interface(interface=X509Backend)
Paul Kehrerd774de92015-05-03 10:52:25 -0500[diff] [blame]1358class TestAuthorityKeyIdentifierExtension(object):
1359 def test_aki_keyid(self, backend):
1360 cert = _load_cert(
1361 os.path.join(
1362 "x509", "cryptography.io.pem"
1363 ),
1364 x509.load_pem_x509_certificate,
1365 backend
1366 )
1367 ext = cert.extensions.get_extension_for_oid(
1368 x509.OID_AUTHORITY_KEY_IDENTIFIER
1369 )
1370 assert ext is not None
1371 assert ext.critical is False
1372
1373 assert ext.value.key_identifier == (
1374 b"\xc3\x9c\xf3\xfc\xd3F\x084\xbb\xceF\x7f\xa0|[\xf3\xe2\x08\xcbY"
1375 )
1376 assert ext.value.authority_cert_issuer is None
1377 assert ext.value.authority_cert_serial_number is None
1378
1379 def test_aki_all_fields(self, backend):
1380 cert = _load_cert(
1381 os.path.join(
1382 "x509", "custom", "authority_key_identifier.pem"
1383 ),
1384 x509.load_pem_x509_certificate,
1385 backend
1386 )
1387 ext = cert.extensions.get_extension_for_oid(
1388 x509.OID_AUTHORITY_KEY_IDENTIFIER
1389 )
1390 assert ext is not None
1391 assert ext.critical is False
1392
1393 assert ext.value.key_identifier == (
1394 b"9E>\xca=b\x1d\xea\x86I\xf6Z\xab@\xb7\xa4p\x98\xf1\xec"
1395 )
1396 assert ext.value.authority_cert_issuer == [
1397 x509.DirectoryName(
1398 x509.Name([
1399 x509.NameAttribute(
1400 x509.OID_ORGANIZATION_NAME, u"PyCA"
1401 ),
1402 x509.NameAttribute(
1403 x509.OID_COMMON_NAME, u"cryptography.io"
1404 )
1405 ])
1406 )
1407 ]
1408 assert ext.value.authority_cert_serial_number == 3
1409
1410 def test_aki_no_keyid(self, backend):
1411 cert = _load_cert(
1412 os.path.join(
1413 "x509", "custom", "authority_key_identifier_no_keyid.pem"
1414 ),
1415 x509.load_pem_x509_certificate,
1416 backend
1417 )
1418 ext = cert.extensions.get_extension_for_oid(
1419 x509.OID_AUTHORITY_KEY_IDENTIFIER
1420 )
1421 assert ext is not None
1422 assert ext.critical is False
1423
1424 assert ext.value.key_identifier is None
1425 assert ext.value.authority_cert_issuer == [
1426 x509.DirectoryName(
1427 x509.Name([
1428 x509.NameAttribute(
1429 x509.OID_ORGANIZATION_NAME, u"PyCA"
1430 ),
1431 x509.NameAttribute(
1432 x509.OID_COMMON_NAME, u"cryptography.io"
1433 )
1434 ])
1435 )
1436 ]
1437 assert ext.value.authority_cert_serial_number == 3
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1438
1439
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1440class TestDistributionPoint(object):
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1441 def test_distribution_point_full_name_not_general_names(self):
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1442 with pytest.raises(TypeError):
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1443 x509.DistributionPoint(["notgn"], None, None, None)
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1444
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1445 def test_distribution_point_relative_name_not_name(self):
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1446 with pytest.raises(TypeError):
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1447 x509.DistributionPoint(None, "notname", None, None)
1448
1449 def test_distribution_point_full_and_relative_not_none(self):
1450 with pytest.raises(ValueError):
1451 x509.DistributionPoint("data", "notname", None, None)
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1452
1453 def test_crl_issuer_not_general_names(self):
1454 with pytest.raises(TypeError):
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1455 x509.DistributionPoint(None, None, None, ["notgn"])
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1456
1457 def test_reason_not_reasonflags(self):
1458 with pytest.raises(TypeError):
1459 x509.DistributionPoint(
1460 [x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1461 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1462 frozenset(["notreasonflags"]),
1463 None
1464 )
1465
1466 def test_reason_not_frozenset(self):
1467 with pytest.raises(TypeError):
1468 x509.DistributionPoint(
1469 [x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
1470 None,
1471 [x509.ReasonFlags.ca_compromise],
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1472 None
1473 )
1474
1475 def test_disallowed_reasons(self):
1476 with pytest.raises(ValueError):
1477 x509.DistributionPoint(
1478 [x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
1479 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1480 frozenset([x509.ReasonFlags.unspecified]),
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1481 None
1482 )
1483
1484 with pytest.raises(ValueError):
1485 x509.DistributionPoint(
1486 [x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
1487 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1488 frozenset([x509.ReasonFlags.remove_from_crl]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1489 None
1490 )
1491
1492 def test_reason_only(self):
1493 with pytest.raises(ValueError):
1494 x509.DistributionPoint(
1495 None,
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1496 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1497 frozenset([x509.ReasonFlags.aa_compromise]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1498 None
1499 )
1500
1501 def test_eq(self):
1502 dp = x509.DistributionPoint(
1503 [x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1504 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1505 frozenset([x509.ReasonFlags.superseded]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1506 [
1507 x509.DirectoryName(
1508 x509.Name([
1509 x509.NameAttribute(
1510 x509.OID_COMMON_NAME, "Important CA"
1511 )
1512 ])
1513 )
1514 ],
1515 )
1516 dp2 = x509.DistributionPoint(
1517 [x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1518 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1519 frozenset([x509.ReasonFlags.superseded]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1520 [
1521 x509.DirectoryName(
1522 x509.Name([
1523 x509.NameAttribute(
1524 x509.OID_COMMON_NAME, "Important CA"
1525 )
1526 ])
1527 )
1528 ],
1529 )
1530 assert dp == dp2
1531
1532 def test_ne(self):
1533 dp = x509.DistributionPoint(
1534 [x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1535 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1536 frozenset([x509.ReasonFlags.superseded]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1537 [
1538 x509.DirectoryName(
1539 x509.Name([
1540 x509.NameAttribute(
1541 x509.OID_COMMON_NAME, "Important CA"
1542 )
1543 ])
1544 )
1545 ],
1546 )
1547 dp2 = x509.DistributionPoint(
1548 [x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
1549 None,
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1550 None,
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1551 None
1552 )
1553 assert dp != dp2
1554 assert dp != object()
1555
1556 def test_repr(self):
1557 dp = x509.DistributionPoint(
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1558 None,
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1559 x509.Name([
1560 x509.NameAttribute(x509.OID_COMMON_NAME, "myCN")
1561 ]),
Paul Kehrer96ef63c2015-05-09 21:17:04 -0500[diff] [blame]1562 frozenset([x509.ReasonFlags.ca_compromise]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1563 [
1564 x509.DirectoryName(
1565 x509.Name([
1566 x509.NameAttribute(
1567 x509.OID_COMMON_NAME, "Important CA"
1568 )
1569 ])
1570 )
1571 ],
1572 )
Paul Kehrer749da3b2015-05-10 09:58:29 -0500[diff] [blame]1573 if six.PY3:
1574 assert repr(dp) == (
1575 "<DistributionPoint(full_name=None, relative_name=<Name([<Name"
1576 "Attribute(oid=<ObjectIdentifier(oid=2.5.4.3, name=commonName)"
1577 ">, value='myCN')>])>, reasons=frozenset({<ReasonFlags.ca_comp"
1578 "romise: 'cACompromise'>}), crl_issuer=[<DirectoryName(value=<"
1579 "Name([<NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.3, name="
1580 "commonName)>, value='Important CA')>])>)>])>"
1581 )
1582 else:
1583 assert repr(dp) == (
1584 "<DistributionPoint(full_name=None, relative_name=<Name([<Name"
1585 "Attribute(oid=<ObjectIdentifier(oid=2.5.4.3, name=commonName)"
1586 ">, value='myCN')>])>, reasons=frozenset([<ReasonFlags.ca_comp"
1587 "romise: 'cACompromise'>]), crl_issuer=[<DirectoryName(value=<"
1588 "Name([<NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.3, name="
1589 "commonName)>, value='Important CA')>])>)>])>"
1590 )
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1591
1592
1593class TestCRLDistributionPoints(object):
1594 def test_invalid_distribution_points(self):
1595 with pytest.raises(TypeError):
1596 x509.CRLDistributionPoints(["notadistributionpoint"])
1597
1598 def test_iter_len(self):
1599 cdp = x509.CRLDistributionPoints([
1600 x509.DistributionPoint(
1601 [x509.UniformResourceIdentifier(u"http://domain")],
1602 None,
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1603 None,
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1604 None
1605 ),
1606 x509.DistributionPoint(
1607 [x509.UniformResourceIdentifier(u"ftp://domain")],
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1608 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1609 frozenset([
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1610 x509.ReasonFlags.key_compromise,
1611 x509.ReasonFlags.ca_compromise,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1612 ]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1613 None
1614 ),
1615 ])
1616 assert len(cdp) == 2
1617 assert list(cdp) == [
1618 x509.DistributionPoint(
1619 [x509.UniformResourceIdentifier(u"http://domain")],
1620 None,
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1621 None,
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1622 None
1623 ),
1624 x509.DistributionPoint(
1625 [x509.UniformResourceIdentifier(u"ftp://domain")],
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1626 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1627 frozenset([
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1628 x509.ReasonFlags.key_compromise,
1629 x509.ReasonFlags.ca_compromise,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1630 ]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1631 None
1632 ),
1633 ]
1634
1635 def test_repr(self):
1636 cdp = x509.CRLDistributionPoints([
1637 x509.DistributionPoint(
1638 [x509.UniformResourceIdentifier(u"ftp://domain")],
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1639 None,
Paul Kehrer96ef63c2015-05-09 21:17:04 -0500[diff] [blame]1640 frozenset([x509.ReasonFlags.key_compromise]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1641 None
1642 ),
1643 ])
Paul Kehrer749da3b2015-05-10 09:58:29 -0500[diff] [blame]1644 if six.PY3:
1645 assert repr(cdp) == (
1646 "<CRLDistributionPoints([<DistributionPoint(full_name=[<Unifo"
1647 "rmResourceIdentifier(value=ftp://domain)>], relative_name=No"
1648 "ne, reasons=frozenset({<ReasonFlags.key_compromise: 'keyComp"
1649 "romise'>}), crl_issuer=None)>])>"
1650 )
1651 else:
1652 assert repr(cdp) == (
1653 "<CRLDistributionPoints([<DistributionPoint(full_name=[<Unifo"
1654 "rmResourceIdentifier(value=ftp://domain)>], relative_name=No"
1655 "ne, reasons=frozenset([<ReasonFlags.key_compromise: 'keyComp"
1656 "romise'>]), crl_issuer=None)>])>"
1657 )
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1658
1659 def test_eq(self):
1660 cdp = x509.CRLDistributionPoints([
1661 x509.DistributionPoint(
1662 [x509.UniformResourceIdentifier(u"ftp://domain")],
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1663 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1664 frozenset([
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1665 x509.ReasonFlags.key_compromise,
1666 x509.ReasonFlags.ca_compromise,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1667 ]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1668 [x509.UniformResourceIdentifier(u"uri://thing")],
1669 ),
1670 ])
1671 cdp2 = x509.CRLDistributionPoints([
1672 x509.DistributionPoint(
1673 [x509.UniformResourceIdentifier(u"ftp://domain")],
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1674 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1675 frozenset([
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1676 x509.ReasonFlags.key_compromise,
1677 x509.ReasonFlags.ca_compromise,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1678 ]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1679 [x509.UniformResourceIdentifier(u"uri://thing")],
1680 ),
1681 ])
1682 assert cdp == cdp2
1683
1684 def test_ne(self):
1685 cdp = x509.CRLDistributionPoints([
1686 x509.DistributionPoint(
1687 [x509.UniformResourceIdentifier(u"ftp://domain")],
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1688 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1689 frozenset([
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1690 x509.ReasonFlags.key_compromise,
1691 x509.ReasonFlags.ca_compromise,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1692 ]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1693 [x509.UniformResourceIdentifier(u"uri://thing")],
1694 ),
1695 ])
1696 cdp2 = x509.CRLDistributionPoints([
1697 x509.DistributionPoint(
1698 [x509.UniformResourceIdentifier(u"ftp://domain2")],
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1699 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1700 frozenset([
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1701 x509.ReasonFlags.key_compromise,
1702 x509.ReasonFlags.ca_compromise,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1703 ]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1704 [x509.UniformResourceIdentifier(u"uri://thing")],
1705 ),
1706 ])
1707 cdp3 = x509.CRLDistributionPoints([
1708 x509.DistributionPoint(
1709 [x509.UniformResourceIdentifier(u"ftp://domain")],
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1710 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1711 frozenset([x509.ReasonFlags.key_compromise]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1712 [x509.UniformResourceIdentifier(u"uri://thing")],
1713 ),
1714 ])
1715 cdp4 = x509.CRLDistributionPoints([
1716 x509.DistributionPoint(
1717 [x509.UniformResourceIdentifier(u"ftp://domain")],
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1718 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1719 frozenset([
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1720 x509.ReasonFlags.key_compromise,
1721 x509.ReasonFlags.ca_compromise,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1722 ]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1723 [x509.UniformResourceIdentifier(u"uri://thing2")],
1724 ),
1725 ])
1726 assert cdp != cdp2
1727 assert cdp != cdp3
1728 assert cdp != cdp4
1729 assert cdp != object()