| Paul Kehrer | c33ffd7 | 2015-12-25 10:59:22 -0600 | [diff] [blame^] | 1 | # This file is dual licensed under the terms of the Apache License, Version |
| 2 | # 2.0, and the BSD License. See the LICENSE file in the root of this repository |
| 3 | # for complete details. |
| 4 | |
| 5 | from __future__ import absolute_import, division, print_function |
| 6 | |
| 7 | import datetime |
| 8 | |
| 9 | import pytest |
| 10 | |
| 11 | from cryptography import x509 |
| 12 | from cryptography.hazmat.backends.interfaces import X509Backend |
| 13 | |
| 14 | |
| 15 | class TestRevokedCertificateBuilder(object): |
| 16 | def test_serial_number_must_be_integer(self): |
| 17 | with pytest.raises(TypeError): |
| 18 | x509.RevokedCertificateBuilder().serial_number("notanx509name") |
| 19 | |
| 20 | def test_serial_number_must_be_non_negative(self): |
| 21 | with pytest.raises(ValueError): |
| 22 | x509.RevokedCertificateBuilder().serial_number(-1) |
| 23 | |
| 24 | def test_serial_number_must_be_less_than_160_bits_long(self): |
| 25 | with pytest.raises(ValueError): |
| 26 | # 2 raised to the 160th power is actually 161 bits |
| 27 | x509.RevokedCertificateBuilder().serial_number(2 ** 160) |
| 28 | |
| 29 | def test_set_serial_number_twice(self): |
| 30 | builder = x509.RevokedCertificateBuilder().serial_number(3) |
| 31 | with pytest.raises(ValueError): |
| 32 | builder.serial_number(4) |
| 33 | |
| 34 | def test_revocation_date_invalid(self): |
| 35 | with pytest.raises(TypeError): |
| 36 | x509.RevokedCertificateBuilder().revocation_date("notadatetime") |
| 37 | |
| 38 | def test_revocation_date_before_unix_epoch(self): |
| 39 | with pytest.raises(ValueError): |
| 40 | x509.RevokedCertificateBuilder().revocation_date( |
| 41 | datetime.datetime(1960, 8, 10) |
| 42 | ) |
| 43 | |
| 44 | def test_set_revocation_date_twice(self): |
| 45 | builder = x509.RevokedCertificateBuilder().revocation_date( |
| 46 | datetime.datetime(2002, 1, 1, 12, 1) |
| 47 | ) |
| 48 | with pytest.raises(ValueError): |
| 49 | builder.revocation_date(datetime.datetime(2002, 1, 1, 12, 1)) |
| 50 | |
| 51 | @pytest.mark.requires_backend_interface(interface=X509Backend) |
| 52 | def test_no_serial_number(self, backend): |
| 53 | builder = x509.RevokedCertificateBuilder().revocation_date( |
| 54 | datetime.datetime(2002, 1, 1, 12, 1) |
| 55 | ) |
| 56 | |
| 57 | with pytest.raises(ValueError): |
| 58 | builder.build(backend) |
| 59 | |
| 60 | @pytest.mark.requires_backend_interface(interface=X509Backend) |
| 61 | def test_no_revocation_date(self, backend): |
| 62 | builder = x509.RevokedCertificateBuilder().serial_number(3) |
| 63 | |
| 64 | with pytest.raises(ValueError): |
| 65 | builder.build(backend) |
| 66 | |
| 67 | @pytest.mark.requires_backend_interface(interface=X509Backend) |
| 68 | def test_create_revoked(self, backend): |
| 69 | serial_number = 333 |
| 70 | revocation_date = datetime.datetime(2002, 1, 1, 12, 1) |
| 71 | builder = x509.RevokedCertificateBuilder().serial_number( |
| 72 | serial_number |
| 73 | ).revocation_date( |
| 74 | revocation_date |
| 75 | ) |
| 76 | |
| 77 | revoked_certificate = builder.build(backend) |
| 78 | assert revoked_certificate.serial_number == serial_number |
| 79 | assert revoked_certificate.revocation_date == revocation_date |
| 80 | assert len(revoked_certificate.extensions) == 0 |