Blame - tests/test_x509_crlbuilder.py - platform/external/python/cryptography

blob: c6b231747b9c12131cdd61aaf4eec592426ba131 [file] [log] [blame]

Paul Kehrer	bfac2d1	2015-12-19 23:32:08 -0600	[diff] [blame^]	1	# This file is dual licensed under the terms of the Apache License, Version
				2	# 2.0, and the BSD License. See the LICENSE file in the root of this repository
				3	# for complete details.
				4
				5	from __future__ import absolute_import, division, print_function
				6
				7	import datetime
				8
				9	import pytest
				10
				11	from cryptography import x509
				12	from cryptography.hazmat.backends.interfaces import (
				13	DSABackend, EllipticCurveBackend, RSABackend, X509Backend
				14	)
				15	from cryptography.hazmat.primitives import hashes
				16	from cryptography.hazmat.primitives.asymmetric import ec
				17	from cryptography.x509.oid import NameOID
				18
				19	from .hazmat.primitives.fixtures_dsa import DSA_KEY_2048
				20	from .hazmat.primitives.fixtures_rsa import RSA_KEY_2048, RSA_KEY_512
				21	from .hazmat.primitives.test_ec import _skip_curve_unsupported
				22
				23
				24	class TestCertificateRevocationListBuilder(object):
				25	def test_issuer_name_invalid(self):
				26	builder = x509.CertificateRevocationListBuilder()
				27	with pytest.raises(TypeError):
				28	builder.issuer_name("notanx509name")
				29
				30	def test_set_issuer_name_twice(self):
				31	builder = x509.CertificateRevocationListBuilder().issuer_name(
				32	x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, u'US')])
				33	)
				34	with pytest.raises(ValueError):
				35	builder.issuer_name(
				36	x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, u'US')])
				37	)
				38
				39	def test_last_update_invalid(self):
				40	builder = x509.CertificateRevocationListBuilder()
				41	with pytest.raises(TypeError):
				42	builder.last_update("notadatetime")
				43
				44	def test_last_update_before_unix_epoch(self):
				45	builder = x509.CertificateRevocationListBuilder()
				46	with pytest.raises(ValueError):
				47	builder.last_update(datetime.datetime(1960, 8, 10))
				48
				49	def test_set_last_update_twice(self):
				50	builder = x509.CertificateRevocationListBuilder().last_update(
				51	datetime.datetime(2002, 1, 1, 12, 1)
				52	)
				53	with pytest.raises(ValueError):
				54	builder.last_update(datetime.datetime(2002, 1, 1, 12, 1))
				55
				56	def test_next_update_invalid(self):
				57	builder = x509.CertificateRevocationListBuilder()
				58	with pytest.raises(TypeError):
				59	builder.next_update("notadatetime")
				60
				61	def test_next_update_before_unix_epoch(self):
				62	builder = x509.CertificateRevocationListBuilder()
				63	with pytest.raises(ValueError):
				64	builder.next_update(datetime.datetime(1960, 8, 10))
				65
				66	def test_set_next_update_twice(self):
				67	builder = x509.CertificateRevocationListBuilder().next_update(
				68	datetime.datetime(2002, 1, 1, 12, 1)
				69	)
				70	with pytest.raises(ValueError):
				71	builder.next_update(datetime.datetime(2002, 1, 1, 12, 1))
				72
				73	def test_last_update_after_next_update(self):
				74	builder = x509.CertificateRevocationListBuilder()
				75
				76	builder = builder.next_update(
				77	datetime.datetime(2002, 1, 1, 12, 1)
				78	)
				79	with pytest.raises(ValueError):
				80	builder.last_update(datetime.datetime(2003, 1, 1, 12, 1))
				81
				82	def test_next_update_after_last_update(self):
				83	builder = x509.CertificateRevocationListBuilder()
				84
				85	builder = builder.last_update(
				86	datetime.datetime(2002, 1, 1, 12, 1)
				87	)
				88	with pytest.raises(ValueError):
				89	builder.next_update(datetime.datetime(2001, 1, 1, 12, 1))
				90
				91	@pytest.mark.requires_backend_interface(interface=RSABackend)
				92	@pytest.mark.requires_backend_interface(interface=X509Backend)
				93	def test_no_issuer_name(self, backend):
				94	private_key = RSA_KEY_2048.private_key(backend)
				95	builder = x509.CertificateRevocationListBuilder().last_update(
				96	datetime.datetime(2002, 1, 1, 12, 1)
				97	).next_update(
				98	datetime.datetime(2030, 1, 1, 12, 1)
				99	)
				100
				101	with pytest.raises(ValueError):
				102	builder.sign(private_key, hashes.SHA256(), backend)
				103
				104	@pytest.mark.requires_backend_interface(interface=RSABackend)
				105	@pytest.mark.requires_backend_interface(interface=X509Backend)
				106	def test_no_last_update(self, backend):
				107	private_key = RSA_KEY_2048.private_key(backend)
				108	builder = x509.CertificateRevocationListBuilder().issuer_name(
				109	x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, u'US')])
				110	).next_update(
				111	datetime.datetime(2030, 1, 1, 12, 1)
				112	)
				113
				114	with pytest.raises(ValueError):
				115	builder.sign(private_key, hashes.SHA256(), backend)
				116
				117	@pytest.mark.requires_backend_interface(interface=RSABackend)
				118	@pytest.mark.requires_backend_interface(interface=X509Backend)
				119	def test_no_next_update(self, backend):
				120	private_key = RSA_KEY_2048.private_key(backend)
				121	builder = x509.CertificateRevocationListBuilder().issuer_name(
				122	x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, u'US')])
				123	).last_update(
				124	datetime.datetime(2030, 1, 1, 12, 1)
				125	)
				126
				127	with pytest.raises(ValueError):
				128	builder.sign(private_key, hashes.SHA256(), backend)
				129
				130	@pytest.mark.requires_backend_interface(interface=RSABackend)
				131	@pytest.mark.requires_backend_interface(interface=X509Backend)
				132	def test_sign_empty_list(self, backend):
				133	private_key = RSA_KEY_2048.private_key(backend)
				134	last_update = datetime.datetime(2002, 1, 1, 12, 1)
				135	next_update = datetime.datetime(2030, 1, 1, 12, 1)
				136	builder = x509.CertificateRevocationListBuilder().issuer_name(
				137	x509.Name([
				138	x509.NameAttribute(NameOID.COMMON_NAME, u"cryptography.io CA")
				139	])
				140	).last_update(last_update).next_update(next_update)
				141
				142	crl = builder.sign(private_key, hashes.SHA256(), backend)
				143	assert len(crl) == 0
				144	assert crl.last_update == last_update
				145	assert crl.next_update == next_update
				146
				147	@pytest.mark.requires_backend_interface(interface=RSABackend)
				148	@pytest.mark.requires_backend_interface(interface=X509Backend)
				149	def test_sign_rsa_key_too_small(self, backend):
				150	private_key = RSA_KEY_512.private_key(backend)
				151	last_update = datetime.datetime(2002, 1, 1, 12, 1)
				152	next_update = datetime.datetime(2030, 1, 1, 12, 1)
				153	builder = x509.CertificateRevocationListBuilder().issuer_name(
				154	x509.Name([
				155	x509.NameAttribute(NameOID.COMMON_NAME, u"cryptography.io CA")
				156	])
				157	).last_update(
				158	last_update
				159	).next_update(
				160	next_update
				161	)
				162
				163	with pytest.raises(ValueError):
				164	builder.sign(private_key, hashes.SHA512(), backend)
				165
				166	@pytest.mark.requires_backend_interface(interface=RSABackend)
				167	@pytest.mark.requires_backend_interface(interface=X509Backend)
				168	def test_sign_with_invalid_hash(self, backend):
				169	private_key = RSA_KEY_2048.private_key(backend)
				170	last_update = datetime.datetime(2002, 1, 1, 12, 1)
				171	next_update = datetime.datetime(2030, 1, 1, 12, 1)
				172	builder = x509.CertificateRevocationListBuilder().issuer_name(
				173	x509.Name([
				174	x509.NameAttribute(NameOID.COMMON_NAME, u"cryptography.io CA")
				175	])
				176	).last_update(
				177	last_update
				178	).next_update(
				179	next_update
				180	)
				181
				182	with pytest.raises(TypeError):
				183	builder.sign(private_key, object(), backend)
				184
				185	@pytest.mark.requires_backend_interface(interface=DSABackend)
				186	@pytest.mark.requires_backend_interface(interface=X509Backend)
				187	def test_sign_dsa_key_unsupported(self, backend):
				188	private_key = DSA_KEY_2048.private_key(backend)
				189	last_update = datetime.datetime(2002, 1, 1, 12, 1)
				190	next_update = datetime.datetime(2030, 1, 1, 12, 1)
				191	builder = x509.CertificateRevocationListBuilder().issuer_name(
				192	x509.Name([
				193	x509.NameAttribute(NameOID.COMMON_NAME, u"cryptography.io CA")
				194	])
				195	).last_update(
				196	last_update
				197	).next_update(
				198	next_update
				199	)
				200
				201	with pytest.raises(NotImplementedError):
				202	builder.sign(private_key, hashes.SHA256(), backend)
				203
				204	@pytest.mark.requires_backend_interface(interface=EllipticCurveBackend)
				205	@pytest.mark.requires_backend_interface(interface=X509Backend)
				206	def test_sign_ec_key_unsupported(self, backend):
				207	_skip_curve_unsupported(backend, ec.SECP256R1())
				208	private_key = ec.generate_private_key(ec.SECP256R1(), backend)
				209	last_update = datetime.datetime(2002, 1, 1, 12, 1)
				210	next_update = datetime.datetime(2030, 1, 1, 12, 1)
				211	builder = x509.CertificateRevocationListBuilder().issuer_name(
				212	x509.Name([
				213	x509.NameAttribute(NameOID.COMMON_NAME, u"cryptography.io CA")
				214	])
				215	).last_update(
				216	last_update
				217	).next_update(
				218	next_update
				219	)
				220
				221	with pytest.raises(NotImplementedError):
				222	builder.sign(private_key, hashes.SHA256(), backend)