Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cryptography / cb599d3be59d05ef102759d02069c50466db869c / . / tests / test_x509_ext.py
blob: f07792d51b9be60c7944cd098db03f890b86437c [file] [log] [blame]
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]1# This file is dual licensed under the terms of the Apache License, Version
2# 2.0, and the BSD License. See the LICENSE file in the root of this repository
3# for complete details.
4
5from __future__ import absolute_import, division, print_function
6
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]7import binascii
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]8import ipaddress
Paul Kehrerfbb7ac82015-03-16 19:26:29 -0500[diff] [blame]9import os
10
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]11import pytest
12
Paul Kehrercbfb1012015-04-10 20:57:20 -0400[diff] [blame]13import six
14
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]15from cryptography import x509
Paul Kehrerfbb7ac82015-03-16 19:26:29 -0500[diff] [blame]16from cryptography.hazmat.backends.interfaces import RSABackend, X509Backend
17
18from .test_x509 import _load_cert
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]19
20
Paul Kehrer85894662015-03-22 13:19:31 -0500[diff] [blame]21class TestExtension(object):
22 def test_not_an_oid(self):
Paul Kehrera5c6e9a2015-03-23 19:23:43 -0500[diff] [blame]23 bc = x509.BasicConstraints(ca=False, path_length=None)
Paul Kehrer85894662015-03-22 13:19:31 -0500[diff] [blame]24 with pytest.raises(TypeError):
25 x509.Extension("notanoid", True, bc)
26
27 def test_critical_not_a_bool(self):
Paul Kehrera5c6e9a2015-03-23 19:23:43 -0500[diff] [blame]28 bc = x509.BasicConstraints(ca=False, path_length=None)
Paul Kehrer85894662015-03-22 13:19:31 -0500[diff] [blame]29 with pytest.raises(TypeError):
30 x509.Extension(x509.OID_BASIC_CONSTRAINTS, "notabool", bc)
31
32 def test_repr(self):
Paul Kehrera5c6e9a2015-03-23 19:23:43 -0500[diff] [blame]33 bc = x509.BasicConstraints(ca=False, path_length=None)
Paul Kehrer85894662015-03-22 13:19:31 -0500[diff] [blame]34 ext = x509.Extension(x509.OID_BASIC_CONSTRAINTS, True, bc)
35 assert repr(ext) == (
36 "<Extension(oid=<ObjectIdentifier(oid=2.5.29.19, name=basicConst"
37 "raints)>, critical=True, value=<BasicConstraints(ca=False, path"
38 "_length=None)>)>"
39 )
40
41
Paul Kehrer2b622582015-04-15 11:04:29 -0400[diff] [blame]42class TestNoticeReference(object):
43 def test_notice_numbers_not_all_int(self):
44 with pytest.raises(TypeError):
45 x509.NoticeReference("org", [1, 2, "three"])
46
47 def test_notice_numbers_none(self):
48 nr = x509.NoticeReference("org", None)
49 assert nr.organization == "org"
50 assert nr.notice_numbers is None
51
52 def test_repr(self):
Paul Kehrer73be2ca2015-05-11 21:22:38 -0500[diff] [blame]53 nr = x509.NoticeReference(u"org", [1, 3, 4])
Paul Kehrer2b622582015-04-15 11:04:29 -0400[diff] [blame]54
Paul Kehrer73be2ca2015-05-11 21:22:38 -0500[diff] [blame]55 if six.PY3:
56 assert repr(nr) == (
57 "<NoticeReference(organization='org', notice_numbers=[1, 3, 4"
58 "])>"
59 )
60 else:
61 assert repr(nr) == (
62 "<NoticeReference(organization=u'org', notice_numbers=[1, 3, "
63 "4])>"
64 )
Paul Kehrer2b622582015-04-15 11:04:29 -0400[diff] [blame]65
Paul Kehrerc56ab622015-05-03 09:56:31 -0500[diff] [blame]66 def test_eq(self):
67 nr = x509.NoticeReference("org", [1, 2])
68 nr2 = x509.NoticeReference("org", [1, 2])
69 assert nr == nr2
70
71 def test_ne(self):
72 nr = x509.NoticeReference("org", [1, 2])
73 nr2 = x509.NoticeReference("org", [1])
74 nr3 = x509.NoticeReference(None, [1, 2])
75 assert nr != nr2
76 assert nr != nr3
77 assert nr != object()
78
Paul Kehrer2b622582015-04-15 11:04:29 -0400[diff] [blame]79
80class TestUserNotice(object):
81 def test_notice_reference_invalid(self):
82 with pytest.raises(TypeError):
83 x509.UserNotice("invalid", None)
84
85 def test_notice_reference_none(self):
86 un = x509.UserNotice(None, "text")
87 assert un.notice_reference is None
88 assert un.explicit_text == "text"
89
90 def test_repr(self):
Paul Kehrer73be2ca2015-05-11 21:22:38 -0500[diff] [blame]91 un = x509.UserNotice(x509.NoticeReference(u"org", None), u"text")
92 if six.PY3:
93 assert repr(un) == (
94 "<UserNotice(notice_reference=<NoticeReference(organization='"
95 "org', notice_numbers=None)>, explicit_text='text')>"
96 )
97 else:
98 assert repr(un) == (
99 "<UserNotice(notice_reference=<NoticeReference(organization=u"
100 "'org', notice_numbers=None)>, explicit_text=u'text')>"
101 )
Paul Kehrer2b622582015-04-15 11:04:29 -0400[diff] [blame]102
Paul Kehrerc56ab622015-05-03 09:56:31 -0500[diff] [blame]103 def test_eq(self):
104 nr = x509.NoticeReference("org", [1, 2])
105 nr2 = x509.NoticeReference("org", [1, 2])
106 un = x509.UserNotice(nr, "text")
107 un2 = x509.UserNotice(nr2, "text")
108 assert un == un2
109
110 def test_ne(self):
111 nr = x509.NoticeReference("org", [1, 2])
112 nr2 = x509.NoticeReference("org", [1])
113 un = x509.UserNotice(nr, "text")
114 un2 = x509.UserNotice(nr2, "text")
115 un3 = x509.UserNotice(nr, "text3")
116 assert un != un2
117 assert un != un3
118 assert un != object()
119
Paul Kehrer2b622582015-04-15 11:04:29 -0400[diff] [blame]120
Paul Kehrer2b622582015-04-15 11:04:29 -0400[diff] [blame]121class TestPolicyInformation(object):
122 def test_invalid_policy_identifier(self):
123 with pytest.raises(TypeError):
124 x509.PolicyInformation("notanoid", None)
125
126 def test_none_policy_qualifiers(self):
127 pi = x509.PolicyInformation(x509.ObjectIdentifier("1.2.3"), None)
128 assert pi.policy_identifier == x509.ObjectIdentifier("1.2.3")
129 assert pi.policy_qualifiers is None
130
131 def test_policy_qualifiers(self):
Paul Kehrerba35b3b2015-05-10 13:07:59 -0500[diff] [blame]132 pq = [u"string"]
Paul Kehrer2b622582015-04-15 11:04:29 -0400[diff] [blame]133 pi = x509.PolicyInformation(x509.ObjectIdentifier("1.2.3"), pq)
134 assert pi.policy_identifier == x509.ObjectIdentifier("1.2.3")
135 assert pi.policy_qualifiers == pq
136
137 def test_invalid_policy_identifiers(self):
138 with pytest.raises(TypeError):
139 x509.PolicyInformation(x509.ObjectIdentifier("1.2.3"), [1, 2])
140
141 def test_repr(self):
Paul Kehrer73be2ca2015-05-11 21:22:38 -0500[diff] [blame]142 pq = [u"string", x509.UserNotice(None, u"hi")]
Paul Kehrer2b622582015-04-15 11:04:29 -0400[diff] [blame]143 pi = x509.PolicyInformation(x509.ObjectIdentifier("1.2.3"), pq)
Paul Kehrerba35b3b2015-05-10 13:07:59 -0500[diff] [blame]144 if six.PY3:
145 assert repr(pi) == (
146 "<PolicyInformation(policy_identifier=<ObjectIdentifier(oid=1."
147 "2.3, name=Unknown OID)>, policy_qualifiers=['string', <UserNo"
Paul Kehrer9aaef9e2015-05-11 10:49:20 -0500[diff] [blame]148 "tice(notice_reference=None, explicit_text='hi')>])>"
Paul Kehrerba35b3b2015-05-10 13:07:59 -0500[diff] [blame]149 )
150 else:
151 assert repr(pi) == (
152 "<PolicyInformation(policy_identifier=<ObjectIdentifier(oid=1."
153 "2.3, name=Unknown OID)>, policy_qualifiers=[u'string', <UserN"
Paul Kehrer73be2ca2015-05-11 21:22:38 -0500[diff] [blame]154 "otice(notice_reference=None, explicit_text=u'hi')>])>"
Paul Kehrerba35b3b2015-05-10 13:07:59 -0500[diff] [blame]155 )
Paul Kehrer2b622582015-04-15 11:04:29 -0400[diff] [blame]156
Paul Kehrerc56ab622015-05-03 09:56:31 -0500[diff] [blame]157 def test_eq(self):
158 pi = x509.PolicyInformation(
159 x509.ObjectIdentifier("1.2.3"),
160 [u"string", x509.UserNotice(None, u"hi")]
161 )
162 pi2 = x509.PolicyInformation(
163 x509.ObjectIdentifier("1.2.3"),
164 [u"string", x509.UserNotice(None, u"hi")]
165 )
166 assert pi == pi2
167
168 def test_ne(self):
169 pi = x509.PolicyInformation(
170 x509.ObjectIdentifier("1.2.3"), [u"string"]
171 )
172 pi2 = x509.PolicyInformation(
173 x509.ObjectIdentifier("1.2.3"), [u"string2"]
174 )
175 pi3 = x509.PolicyInformation(
176 x509.ObjectIdentifier("1.2.3.4"), [u"string"]
177 )
178 assert pi != pi2
179 assert pi != pi3
180 assert pi != object()
181
Paul Kehrer2b622582015-04-15 11:04:29 -0400[diff] [blame]182
183class TestCertificatePolicies(object):
184 def test_invalid_policies(self):
Paul Kehrerba35b3b2015-05-10 13:07:59 -0500[diff] [blame]185 pq = [u"string"]
Paul Kehrer2b622582015-04-15 11:04:29 -0400[diff] [blame]186 pi = x509.PolicyInformation(x509.ObjectIdentifier("1.2.3"), pq)
187 with pytest.raises(TypeError):
188 x509.CertificatePolicies([1, pi])
189
190 def test_iter_len(self):
Paul Kehrerba35b3b2015-05-10 13:07:59 -0500[diff] [blame]191 pq = [u"string"]
Paul Kehrer2b622582015-04-15 11:04:29 -0400[diff] [blame]192 pi = x509.PolicyInformation(x509.ObjectIdentifier("1.2.3"), pq)
193 cp = x509.CertificatePolicies([pi])
194 assert len(cp) == 1
195 for policyinfo in cp:
196 assert policyinfo == pi
197
198 def test_repr(self):
Paul Kehrerba35b3b2015-05-10 13:07:59 -0500[diff] [blame]199 pq = [u"string"]
Paul Kehrer2b622582015-04-15 11:04:29 -0400[diff] [blame]200 pi = x509.PolicyInformation(x509.ObjectIdentifier("1.2.3"), pq)
201 cp = x509.CertificatePolicies([pi])
Paul Kehrerba35b3b2015-05-10 13:07:59 -0500[diff] [blame]202 if six.PY3:
203 assert repr(cp) == (
204 "<CertificatePolicies([<PolicyInformation(policy_identifier=<O"
205 "bjectIdentifier(oid=1.2.3, name=Unknown OID)>, policy_qualifi"
206 "ers=['string'])>])>"
207 )
208 else:
209 assert repr(cp) == (
210 "<CertificatePolicies([<PolicyInformation(policy_identifier=<O"
211 "bjectIdentifier(oid=1.2.3, name=Unknown OID)>, policy_qualifi"
212 "ers=[u'string'])>])>"
213 )
Paul Kehrer2b622582015-04-15 11:04:29 -0400[diff] [blame]214
Paul Kehrerc56ab622015-05-03 09:56:31 -0500[diff] [blame]215 def test_eq(self):
216 pi = x509.PolicyInformation(
217 x509.ObjectIdentifier("1.2.3"), [u"string"]
218 )
219 cp = x509.CertificatePolicies([pi])
220 pi2 = x509.PolicyInformation(
221 x509.ObjectIdentifier("1.2.3"), [u"string"]
222 )
223 cp2 = x509.CertificatePolicies([pi2])
224 assert cp == cp2
225
226 def test_ne(self):
227 pi = x509.PolicyInformation(
228 x509.ObjectIdentifier("1.2.3"), [u"string"]
229 )
230 cp = x509.CertificatePolicies([pi])
231 pi2 = x509.PolicyInformation(
232 x509.ObjectIdentifier("1.2.3"), [u"string2"]
233 )
234 cp2 = x509.CertificatePolicies([pi2])
235 assert cp != cp2
236 assert cp != object()
237
Paul Kehrer2b622582015-04-15 11:04:29 -0400[diff] [blame]238
Paul Kehrercecbbba2015-03-30 14:58:38 -0500[diff] [blame]239class TestKeyUsage(object):
240 def test_key_agreement_false_encipher_decipher_true(self):
241 with pytest.raises(ValueError):
242 x509.KeyUsage(
243 digital_signature=False,
244 content_commitment=False,
245 key_encipherment=False,
246 data_encipherment=False,
247 key_agreement=False,
248 key_cert_sign=False,
249 crl_sign=False,
250 encipher_only=True,
251 decipher_only=False
252 )
253
254 with pytest.raises(ValueError):
255 x509.KeyUsage(
256 digital_signature=False,
257 content_commitment=False,
258 key_encipherment=False,
259 data_encipherment=False,
260 key_agreement=False,
261 key_cert_sign=False,
262 crl_sign=False,
263 encipher_only=True,
264 decipher_only=True
265 )
266
267 with pytest.raises(ValueError):
268 x509.KeyUsage(
269 digital_signature=False,
270 content_commitment=False,
271 key_encipherment=False,
272 data_encipherment=False,
273 key_agreement=False,
274 key_cert_sign=False,
275 crl_sign=False,
276 encipher_only=False,
277 decipher_only=True
278 )
279
280 def test_properties_key_agreement_true(self):
281 ku = x509.KeyUsage(
282 digital_signature=True,
283 content_commitment=True,
284 key_encipherment=False,
285 data_encipherment=False,
286 key_agreement=False,
287 key_cert_sign=True,
288 crl_sign=False,
289 encipher_only=False,
290 decipher_only=False
291 )
292 assert ku.digital_signature is True
293 assert ku.content_commitment is True
294 assert ku.key_encipherment is False
295 assert ku.data_encipherment is False
296 assert ku.key_agreement is False
297 assert ku.key_cert_sign is True
298 assert ku.crl_sign is False
299
300 def test_key_agreement_true_properties(self):
301 ku = x509.KeyUsage(
302 digital_signature=False,
303 content_commitment=False,
304 key_encipherment=False,
305 data_encipherment=False,
306 key_agreement=True,
307 key_cert_sign=False,
308 crl_sign=False,
309 encipher_only=False,
310 decipher_only=True
311 )
312 assert ku.key_agreement is True
313 assert ku.encipher_only is False
314 assert ku.decipher_only is True
315
316 def test_key_agreement_false_properties(self):
317 ku = x509.KeyUsage(
318 digital_signature=False,
319 content_commitment=False,
320 key_encipherment=False,
321 data_encipherment=False,
322 key_agreement=False,
323 key_cert_sign=False,
324 crl_sign=False,
325 encipher_only=False,
326 decipher_only=False
327 )
328 assert ku.key_agreement is False
329 with pytest.raises(ValueError):
330 ku.encipher_only
331
332 with pytest.raises(ValueError):
333 ku.decipher_only
334
Paul Kehrerac3e5bb2015-04-02 23:07:10 -0500[diff] [blame]335 def test_repr_key_agreement_false(self):
336 ku = x509.KeyUsage(
337 digital_signature=True,
338 content_commitment=True,
339 key_encipherment=False,
340 data_encipherment=False,
341 key_agreement=False,
342 key_cert_sign=True,
343 crl_sign=False,
344 encipher_only=False,
345 decipher_only=False
346 )
347 assert repr(ku) == (
348 "<KeyUsage(digital_signature=True, content_commitment=True, key_en"
349 "cipherment=False, data_encipherment=False, key_agreement=False, k"
Paul Kehrerb372e672015-04-15 11:05:24 -0400[diff] [blame]350 "ey_cert_sign=True, crl_sign=False, encipher_only=None, decipher_o"
351 "nly=None)>"
Paul Kehrerac3e5bb2015-04-02 23:07:10 -0500[diff] [blame]352 )
353
354 def test_repr_key_agreement_true(self):
355 ku = x509.KeyUsage(
356 digital_signature=True,
357 content_commitment=True,
358 key_encipherment=False,
359 data_encipherment=False,
360 key_agreement=True,
361 key_cert_sign=True,
362 crl_sign=False,
363 encipher_only=False,
364 decipher_only=False
365 )
366 assert repr(ku) == (
367 "<KeyUsage(digital_signature=True, content_commitment=True, key_en"
368 "cipherment=False, data_encipherment=False, key_agreement=True, k"
369 "ey_cert_sign=True, crl_sign=False, encipher_only=False, decipher_"
370 "only=False)>"
371 )
372
Paul Kehrercecbbba2015-03-30 14:58:38 -0500[diff] [blame]373
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]374class TestSubjectKeyIdentifier(object):
375 def test_properties(self):
Paul Kehrercbfb1012015-04-10 20:57:20 -0400[diff] [blame]376 value = binascii.unhexlify(b"092384932230498bc980aa8098456f6ff7ff3ac9")
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]377 ski = x509.SubjectKeyIdentifier(value)
378 assert ski.digest == value
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]379
380 def test_repr(self):
381 ski = x509.SubjectKeyIdentifier(
Paul Kehreree997262015-04-04 12:20:28 -0500[diff] [blame]382 binascii.unhexlify(b"092384932230498bc980aa8098456f6ff7ff3ac9")
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]383 )
384 ext = x509.Extension(x509.OID_SUBJECT_KEY_IDENTIFIER, False, ski)
Paul Kehrercbfb1012015-04-10 20:57:20 -0400[diff] [blame]385 if six.PY3:
386 assert repr(ext) == (
387 "<Extension(oid=<ObjectIdentifier(oid=2.5.29.14, name=subjectK"
388 "eyIdentifier)>, critical=False, value=<SubjectKeyIdentifier(d"
389 "igest=b\'\\t#\\x84\\x93\"0I\\x8b\\xc9\\x80\\xaa\\x80\\x98Eoo"
390 "\\xf7\\xff:\\xc9\')>)>"
391 )
392 else:
393 assert repr(ext) == (
394 "<Extension(oid=<ObjectIdentifier(oid=2.5.29.14, name=subjectK"
395 "eyIdentifier)>, critical=False, value=<SubjectKeyIdentifier(d"
396 "igest=\'\\t#\\x84\\x93\"0I\\x8b\\xc9\\x80\\xaa\\x80\\x98Eoo"
397 "\\xf7\\xff:\\xc9\')>)>"
398 )
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]399
400 def test_eq(self):
401 ski = x509.SubjectKeyIdentifier(
Paul Kehreree997262015-04-04 12:20:28 -0500[diff] [blame]402 binascii.unhexlify(b"092384932230498bc980aa8098456f6ff7ff3ac9")
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]403 )
404 ski2 = x509.SubjectKeyIdentifier(
Paul Kehreree997262015-04-04 12:20:28 -0500[diff] [blame]405 binascii.unhexlify(b"092384932230498bc980aa8098456f6ff7ff3ac9")
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]406 )
407 assert ski == ski2
408
409 def test_ne(self):
410 ski = x509.SubjectKeyIdentifier(
Paul Kehreree997262015-04-04 12:20:28 -0500[diff] [blame]411 binascii.unhexlify(b"092384932230498bc980aa8098456f6ff7ff3ac9")
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]412 )
413 ski2 = x509.SubjectKeyIdentifier(
Paul Kehreree997262015-04-04 12:20:28 -0500[diff] [blame]414 binascii.unhexlify(b"aa8098456f6ff7ff3ac9092384932230498bc980")
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]415 )
416 assert ski != ski2
417 assert ski != object()
418
419
Paul Kehrer2eb4ed92015-04-11 15:33:45 -0400[diff] [blame]420class TestAuthorityKeyIdentifier(object):
Paul Kehrerc6e0f062015-05-03 11:04:34 -0500[diff] [blame]421 def test_authority_cert_issuer_not_generalname(self):
Paul Kehrer2eb4ed92015-04-11 15:33:45 -0400[diff] [blame]422 with pytest.raises(TypeError):
Paul Kehrerc6e0f062015-05-03 11:04:34 -0500[diff] [blame]423 x509.AuthorityKeyIdentifier(b"identifier", ["notname"], 3)
Paul Kehrer2eb4ed92015-04-11 15:33:45 -0400[diff] [blame]424
425 def test_authority_cert_serial_number_not_integer(self):
Paul Kehrerc6e0f062015-05-03 11:04:34 -0500[diff] [blame]426 dirname = x509.DirectoryName(
427 x509.Name([
428 x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value1'),
429 x509.NameAttribute(x509.ObjectIdentifier('oid2'), 'value2'),
430 ])
431 )
Paul Kehrer2eb4ed92015-04-11 15:33:45 -0400[diff] [blame]432 with pytest.raises(TypeError):
Paul Kehrerc6e0f062015-05-03 11:04:34 -0500[diff] [blame]433 x509.AuthorityKeyIdentifier(b"identifier", [dirname], "notanint")
Paul Kehrer2eb4ed92015-04-11 15:33:45 -0400[diff] [blame]434
435 def test_authority_issuer_none_serial_not_none(self):
436 with pytest.raises(ValueError):
437 x509.AuthorityKeyIdentifier(b"identifier", None, 3)
438
439 def test_authority_issuer_not_none_serial_none(self):
Paul Kehrerc6e0f062015-05-03 11:04:34 -0500[diff] [blame]440 dirname = x509.DirectoryName(
441 x509.Name([
442 x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value1'),
443 x509.NameAttribute(x509.ObjectIdentifier('oid2'), 'value2'),
444 ])
445 )
Paul Kehrer2eb4ed92015-04-11 15:33:45 -0400[diff] [blame]446 with pytest.raises(ValueError):
Paul Kehrerc6e0f062015-05-03 11:04:34 -0500[diff] [blame]447 x509.AuthorityKeyIdentifier(b"identifier", [dirname], None)
Paul Kehrer2eb4ed92015-04-11 15:33:45 -0400[diff] [blame]448
449 def test_authority_cert_serial_and_issuer_none(self):
450 aki = x509.AuthorityKeyIdentifier(b"id", None, None)
451 assert aki.key_identifier == b"id"
452 assert aki.authority_cert_issuer is None
453 assert aki.authority_cert_serial_number is None
454
455 def test_repr(self):
Paul Kehrerc6e0f062015-05-03 11:04:34 -0500[diff] [blame]456 dirname = x509.DirectoryName(
457 x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, 'myCN')])
458 )
459 aki = x509.AuthorityKeyIdentifier(b"digest", [dirname], 1234)
Paul Kehrer2eb4ed92015-04-11 15:33:45 -0400[diff] [blame]460
461 if six.PY3:
462 assert repr(aki) == (
463 "<AuthorityKeyIdentifier(key_identifier=b'digest', authority_"
Paul Kehrerc6e0f062015-05-03 11:04:34 -0500[diff] [blame]464 "cert_issuer=[<DirectoryName(value=<Name([<NameAttribute(oid="
465 "<ObjectIdentifier(oid=2.5.4.3, name=commonName)>, value='myC"
466 "N')>])>)>], authority_cert_serial_number=1234)>"
Paul Kehrer2eb4ed92015-04-11 15:33:45 -0400[diff] [blame]467 )
468 else:
469 assert repr(aki) == (
470 "<AuthorityKeyIdentifier(key_identifier='digest', authority_ce"
Paul Kehrerc6e0f062015-05-03 11:04:34 -0500[diff] [blame]471 "rt_issuer=[<DirectoryName(value=<Name([<NameAttribute(oid=<Ob"
472 "jectIdentifier(oid=2.5.4.3, name=commonName)>, value='myCN')>"
473 "])>)>], authority_cert_serial_number=1234)>"
Paul Kehrer2eb4ed92015-04-11 15:33:45 -0400[diff] [blame]474 )
475
476
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]477class TestBasicConstraints(object):
478 def test_ca_not_boolean(self):
479 with pytest.raises(TypeError):
Paul Kehrera5c6e9a2015-03-23 19:23:43 -0500[diff] [blame]480 x509.BasicConstraints(ca="notbool", path_length=None)
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]481
482 def test_path_length_not_ca(self):
483 with pytest.raises(ValueError):
Paul Kehrera5c6e9a2015-03-23 19:23:43 -0500[diff] [blame]484 x509.BasicConstraints(ca=False, path_length=0)
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]485
486 def test_path_length_not_int(self):
487 with pytest.raises(TypeError):
Paul Kehrera5c6e9a2015-03-23 19:23:43 -0500[diff] [blame]488 x509.BasicConstraints(ca=True, path_length=1.1)
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]489
490 with pytest.raises(TypeError):
Paul Kehrera5c6e9a2015-03-23 19:23:43 -0500[diff] [blame]491 x509.BasicConstraints(ca=True, path_length="notint")
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]492
493 def test_path_length_negative(self):
494 with pytest.raises(TypeError):
Paul Kehrera5c6e9a2015-03-23 19:23:43 -0500[diff] [blame]495 x509.BasicConstraints(ca=True, path_length=-1)
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]496
497 def test_repr(self):
Paul Kehrera5c6e9a2015-03-23 19:23:43 -0500[diff] [blame]498 na = x509.BasicConstraints(ca=True, path_length=None)
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]499 assert repr(na) == (
Paul Kehrer85894662015-03-22 13:19:31 -0500[diff] [blame]500 "<BasicConstraints(ca=True, path_length=None)>"
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]501 )
Paul Kehrerfbb7ac82015-03-16 19:26:29 -0500[diff] [blame]502
503
Paul Kehrerffa2a152015-03-31 08:18:25 -0500[diff] [blame]504class TestExtendedKeyUsage(object):
505 def test_not_all_oids(self):
506 with pytest.raises(TypeError):
507 x509.ExtendedKeyUsage(["notoid"])
508
509 def test_iter_len(self):
510 eku = x509.ExtendedKeyUsage([
511 x509.ObjectIdentifier("1.3.6.1.5.5.7.3.1"),
512 x509.ObjectIdentifier("1.3.6.1.5.5.7.3.2"),
513 ])
514 assert len(eku) == 2
515 assert list(eku) == [
516 x509.OID_SERVER_AUTH,
517 x509.OID_CLIENT_AUTH
518 ]
519
Paul Kehrer23d10c32015-04-02 23:12:32 -0500[diff] [blame]520 def test_repr(self):
521 eku = x509.ExtendedKeyUsage([
522 x509.ObjectIdentifier("1.3.6.1.5.5.7.3.1"),
523 x509.ObjectIdentifier("1.3.6.1.5.5.7.3.2"),
524 ])
525 assert repr(eku) == (
526 "<ExtendedKeyUsage([<ObjectIdentifier(oid=1.3.6.1.5.5.7.3.1, name="
527 "serverAuth)>, <ObjectIdentifier(oid=1.3.6.1.5.5.7.3.2, name=clien"
528 "tAuth)>])>"
529 )
530
Paul Kehrerb0476172015-05-02 19:34:51 -0500[diff] [blame]531 def test_eq(self):
532 eku = x509.ExtendedKeyUsage([
533 x509.ObjectIdentifier("1.3.6"), x509.ObjectIdentifier("1.3.7")
534 ])
535 eku2 = x509.ExtendedKeyUsage([
536 x509.ObjectIdentifier("1.3.6"), x509.ObjectIdentifier("1.3.7")
537 ])
538 assert eku == eku2
539
540 def test_ne(self):
541 eku = x509.ExtendedKeyUsage([x509.ObjectIdentifier("1.3.6")])
542 eku2 = x509.ExtendedKeyUsage([x509.ObjectIdentifier("1.3.6.1")])
543 assert eku != eku2
544 assert eku != object()
545
Paul Kehrerffa2a152015-03-31 08:18:25 -0500[diff] [blame]546
Paul Kehrerfbb7ac82015-03-16 19:26:29 -0500[diff] [blame]547@pytest.mark.requires_backend_interface(interface=RSABackend)
548@pytest.mark.requires_backend_interface(interface=X509Backend)
549class TestExtensions(object):
550 def test_no_extensions(self, backend):
551 cert = _load_cert(
552 os.path.join("x509", "verisign_md2_root.pem"),
553 x509.load_pem_x509_certificate,
554 backend
555 )
556 ext = cert.extensions
557 assert len(ext) == 0
558 assert list(ext) == []
Paul Kehrerfa56a232015-03-17 13:14:03 -0500[diff] [blame]559 with pytest.raises(x509.ExtensionNotFound) as exc:
560 ext.get_extension_for_oid(x509.OID_BASIC_CONSTRAINTS)
561
562 assert exc.value.oid == x509.OID_BASIC_CONSTRAINTS
563
564 def test_one_extension(self, backend):
565 cert = _load_cert(
566 os.path.join(
567 "x509", "custom", "basic_constraints_not_critical.pem"
568 ),
569 x509.load_pem_x509_certificate,
570 backend
571 )
572 extensions = cert.extensions
573 ext = extensions.get_extension_for_oid(x509.OID_BASIC_CONSTRAINTS)
574 assert ext is not None
575 assert ext.value.ca is False
Paul Kehrerfbb7ac82015-03-16 19:26:29 -0500[diff] [blame]576
577 def test_duplicate_extension(self, backend):
578 cert = _load_cert(
579 os.path.join(
580 "x509", "custom", "two_basic_constraints.pem"
581 ),
582 x509.load_pem_x509_certificate,
583 backend
584 )
585 with pytest.raises(x509.DuplicateExtension) as exc:
586 cert.extensions
587
588 assert exc.value.oid == x509.OID_BASIC_CONSTRAINTS
589
590 def test_unsupported_critical_extension(self, backend):
591 cert = _load_cert(
592 os.path.join(
593 "x509", "custom", "unsupported_extension_critical.pem"
594 ),
595 x509.load_pem_x509_certificate,
596 backend
597 )
598 with pytest.raises(x509.UnsupportedExtension) as exc:
599 cert.extensions
600
601 assert exc.value.oid == x509.ObjectIdentifier("1.2.3.4")
602
603 def test_unsupported_extension(self, backend):
604 # TODO: this will raise an exception when all extensions are complete
605 cert = _load_cert(
606 os.path.join(
607 "x509", "custom", "unsupported_extension.pem"
608 ),
609 x509.load_pem_x509_certificate,
610 backend
611 )
612 extensions = cert.extensions
613 assert len(extensions) == 0
Paul Kehrerfa56a232015-03-17 13:14:03 -0500[diff] [blame]614
615
616@pytest.mark.requires_backend_interface(interface=RSABackend)
617@pytest.mark.requires_backend_interface(interface=X509Backend)
Paul Kehrerde813ea2015-03-28 12:44:34 -0500[diff] [blame]618class TestBasicConstraintsExtension(object):
Paul Kehrerfa56a232015-03-17 13:14:03 -0500[diff] [blame]619 def test_ca_true_pathlen_6(self, backend):
620 cert = _load_cert(
621 os.path.join(
622 "x509", "PKITS_data", "certs", "pathLenConstraint6CACert.crt"
623 ),
624 x509.load_der_x509_certificate,
625 backend
626 )
627 ext = cert.extensions.get_extension_for_oid(
628 x509.OID_BASIC_CONSTRAINTS
629 )
630 assert ext is not None
631 assert ext.critical is True
632 assert ext.value.ca is True
633 assert ext.value.path_length == 6
634
635 def test_path_length_zero(self, backend):
636 cert = _load_cert(
637 os.path.join("x509", "custom", "bc_path_length_zero.pem"),
638 x509.load_pem_x509_certificate,
639 backend
640 )
641 ext = cert.extensions.get_extension_for_oid(
642 x509.OID_BASIC_CONSTRAINTS
643 )
644 assert ext is not None
645 assert ext.critical is True
646 assert ext.value.ca is True
647 assert ext.value.path_length == 0
648
649 def test_ca_true_no_pathlen(self, backend):
650 cert = _load_cert(
651 os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"),
652 x509.load_der_x509_certificate,
653 backend
654 )
655 ext = cert.extensions.get_extension_for_oid(
656 x509.OID_BASIC_CONSTRAINTS
657 )
658 assert ext is not None
659 assert ext.critical is True
660 assert ext.value.ca is True
661 assert ext.value.path_length is None
662
663 def test_ca_false(self, backend):
664 cert = _load_cert(
665 os.path.join("x509", "cryptography.io.pem"),
666 x509.load_pem_x509_certificate,
667 backend
668 )
669 ext = cert.extensions.get_extension_for_oid(
670 x509.OID_BASIC_CONSTRAINTS
671 )
672 assert ext is not None
673 assert ext.critical is True
674 assert ext.value.ca is False
675 assert ext.value.path_length is None
676
677 def test_no_basic_constraints(self, backend):
678 cert = _load_cert(
679 os.path.join(
680 "x509",
681 "PKITS_data",
682 "certs",
683 "ValidCertificatePathTest1EE.crt"
684 ),
685 x509.load_der_x509_certificate,
686 backend
687 )
688 with pytest.raises(x509.ExtensionNotFound):
689 cert.extensions.get_extension_for_oid(x509.OID_BASIC_CONSTRAINTS)
690
691 def test_basic_constraint_not_critical(self, backend):
692 cert = _load_cert(
693 os.path.join(
694 "x509", "custom", "basic_constraints_not_critical.pem"
695 ),
696 x509.load_pem_x509_certificate,
697 backend
698 )
699 ext = cert.extensions.get_extension_for_oid(
700 x509.OID_BASIC_CONSTRAINTS
701 )
702 assert ext is not None
703 assert ext.critical is False
704 assert ext.value.ca is False
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]705
706
707@pytest.mark.requires_backend_interface(interface=RSABackend)
708@pytest.mark.requires_backend_interface(interface=X509Backend)
709class TestSubjectKeyIdentifierExtension(object):
710 def test_subject_key_identifier(self, backend):
711 cert = _load_cert(
712 os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"),
713 x509.load_der_x509_certificate,
714 backend
715 )
716 ext = cert.extensions.get_extension_for_oid(
717 x509.OID_SUBJECT_KEY_IDENTIFIER
718 )
719 ski = ext.value
720 assert ext is not None
721 assert ext.critical is False
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]722 assert ski.digest == binascii.unhexlify(
Paul Kehreree997262015-04-04 12:20:28 -0500[diff] [blame]723 b"580184241bbc2b52944a3da510721451f5af3ac9"
Paul Kehrer1eb82a62015-03-31 20:00:33 -0500[diff] [blame]724 )
725
726 def test_no_subject_key_identifier(self, backend):
727 cert = _load_cert(
728 os.path.join("x509", "custom", "bc_path_length_zero.pem"),
729 x509.load_pem_x509_certificate,
730 backend
731 )
732 with pytest.raises(x509.ExtensionNotFound):
733 cert.extensions.get_extension_for_oid(
734 x509.OID_SUBJECT_KEY_IDENTIFIER
735 )
Paul Kehrer5508ee22015-04-02 19:31:03 -0500[diff] [blame]736
737
738@pytest.mark.requires_backend_interface(interface=RSABackend)
739@pytest.mark.requires_backend_interface(interface=X509Backend)
740class TestKeyUsageExtension(object):
741 def test_no_key_usage(self, backend):
742 cert = _load_cert(
743 os.path.join("x509", "verisign_md2_root.pem"),
744 x509.load_pem_x509_certificate,
745 backend
746 )
747 ext = cert.extensions
748 with pytest.raises(x509.ExtensionNotFound) as exc:
749 ext.get_extension_for_oid(x509.OID_KEY_USAGE)
750
751 assert exc.value.oid == x509.OID_KEY_USAGE
752
753 def test_all_purposes(self, backend):
754 cert = _load_cert(
755 os.path.join(
756 "x509", "custom", "all_key_usages.pem"
757 ),
758 x509.load_pem_x509_certificate,
759 backend
760 )
761 extensions = cert.extensions
762 ext = extensions.get_extension_for_oid(x509.OID_KEY_USAGE)
763 assert ext is not None
764
765 ku = ext.value
766 assert ku.digital_signature is True
767 assert ku.content_commitment is True
768 assert ku.key_encipherment is True
769 assert ku.data_encipherment is True
770 assert ku.key_agreement is True
771 assert ku.key_cert_sign is True
772 assert ku.crl_sign is True
773 assert ku.encipher_only is True
774 assert ku.decipher_only is True
775
776 def test_key_cert_sign_crl_sign(self, backend):
777 cert = _load_cert(
778 os.path.join(
779 "x509", "PKITS_data", "certs", "pathLenConstraint6CACert.crt"
780 ),
781 x509.load_der_x509_certificate,
782 backend
783 )
784 ext = cert.extensions.get_extension_for_oid(x509.OID_KEY_USAGE)
785 assert ext is not None
786 assert ext.critical is True
787
788 ku = ext.value
789 assert ku.digital_signature is False
790 assert ku.content_commitment is False
791 assert ku.key_encipherment is False
792 assert ku.data_encipherment is False
793 assert ku.key_agreement is False
794 assert ku.key_cert_sign is True
795 assert ku.crl_sign is True
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]796
797
798@pytest.mark.parametrize(
799 "name", [
800 x509.RFC822Name,
801 x509.DNSName,
802 x509.UniformResourceIdentifier
803 ]
804)
805class TestTextGeneralNames(object):
806 def test_not_text(self, name):
807 with pytest.raises(TypeError):
808 name(b"notaunicodestring")
809
810 with pytest.raises(TypeError):
811 name(1.3)
812
813 def test_repr(self, name):
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]814 gn = name(u"string")
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]815 assert repr(gn) == "<{0}(value=string)>".format(name.__name__)
816
817 def test_eq(self, name):
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]818 gn = name(u"string")
819 gn2 = name(u"string")
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]820 assert gn == gn2
821
822 def test_ne(self, name):
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]823 gn = name(u"string")
824 gn2 = name(u"string2")
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]825 assert gn != gn2
826 assert gn != object()
827
828
829class TestDirectoryName(object):
830 def test_not_name(self):
831 with pytest.raises(TypeError):
832 x509.DirectoryName(b"notaname")
833
834 with pytest.raises(TypeError):
835 x509.DirectoryName(1.3)
836
837 def test_repr(self):
838 name = x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, 'value1')])
839 gn = x509.DirectoryName(x509.Name([name]))
840 assert repr(gn) == (
841 "<DirectoryName(value=<Name([<Name([<NameAttribute(oid=<ObjectIden"
842 "tifier(oid=2.5.4.3, name=commonName)>, value='value1')>])>])>)>"
843 )
844
845 def test_eq(self):
846 name = x509.Name([
847 x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value1')
848 ])
849 name2 = x509.Name([
850 x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value1')
851 ])
852 gn = x509.DirectoryName(x509.Name([name]))
853 gn2 = x509.DirectoryName(x509.Name([name2]))
854 assert gn == gn2
855
856 def test_ne(self):
857 name = x509.Name([
858 x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value1')
859 ])
860 name2 = x509.Name([
861 x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value2')
862 ])
863 gn = x509.DirectoryName(x509.Name([name]))
864 gn2 = x509.DirectoryName(x509.Name([name2]))
865 assert gn != gn2
866 assert gn != object()
867
868
869class TestRegisteredID(object):
870 def test_not_oid(self):
871 with pytest.raises(TypeError):
872 x509.RegisteredID(b"notanoid")
873
874 with pytest.raises(TypeError):
875 x509.RegisteredID(1.3)
876
877 def test_repr(self):
878 gn = x509.RegisteredID(x509.OID_COMMON_NAME)
879 assert repr(gn) == (
880 "<RegisteredID(value=<ObjectIdentifier(oid=2.5.4.3, name=commonNam"
881 "e)>)>"
882 )
883
884 def test_eq(self):
885 gn = x509.RegisteredID(x509.OID_COMMON_NAME)
886 gn2 = x509.RegisteredID(x509.OID_COMMON_NAME)
887 assert gn == gn2
888
889 def test_ne(self):
890 gn = x509.RegisteredID(x509.OID_COMMON_NAME)
891 gn2 = x509.RegisteredID(x509.OID_BASIC_CONSTRAINTS)
892 assert gn != gn2
893 assert gn != object()
894
895
896class TestIPAddress(object):
897 def test_not_ipaddress(self):
898 with pytest.raises(TypeError):
899 x509.IPAddress(b"notanipaddress")
900
901 with pytest.raises(TypeError):
902 x509.IPAddress(1.3)
903
904 def test_repr(self):
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]905 gn = x509.IPAddress(ipaddress.IPv4Address(u"127.0.0.1"))
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]906 assert repr(gn) == "<IPAddress(value=127.0.0.1)>"
907
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]908 gn2 = x509.IPAddress(ipaddress.IPv6Address(u"ff::"))
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]909 assert repr(gn2) == "<IPAddress(value=ff::)>"
910
911 def test_eq(self):
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]912 gn = x509.IPAddress(ipaddress.IPv4Address(u"127.0.0.1"))
913 gn2 = x509.IPAddress(ipaddress.IPv4Address(u"127.0.0.1"))
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]914 assert gn == gn2
915
916 def test_ne(self):
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]917 gn = x509.IPAddress(ipaddress.IPv4Address(u"127.0.0.1"))
918 gn2 = x509.IPAddress(ipaddress.IPv4Address(u"127.0.0.2"))
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]919 assert gn != gn2
920 assert gn != object()
921
922
923class TestSubjectAlternativeName(object):
924 def test_get_values_for_type(self):
925 san = x509.SubjectAlternativeName(
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]926 [x509.DNSName(u"cryptography.io")]
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]927 )
928 names = san.get_values_for_type(x509.DNSName)
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]929 assert names == [u"cryptography.io"]
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]930
931 def test_iter_names(self):
932 san = x509.SubjectAlternativeName([
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]933 x509.DNSName(u"cryptography.io"),
934 x509.DNSName(u"crypto.local"),
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]935 ])
936 assert len(san) == 2
937 assert list(san) == [
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]938 x509.DNSName(u"cryptography.io"),
939 x509.DNSName(u"crypto.local"),
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]940 ]
941
Paul Kehrerd04b39b2015-04-21 08:44:17 -0500[diff] [blame]942 def test_invalid_general_names(self):
943 with pytest.raises(TypeError):
944 x509.SubjectAlternativeName(
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]945 [x509.DNSName(u"cryptography.io"), "invalid"]
Paul Kehrerd04b39b2015-04-21 08:44:17 -0500[diff] [blame]946 )
947
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]948 def test_repr(self):
949 san = x509.SubjectAlternativeName(
950 [
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]951 x509.DNSName(u"cryptography.io")
Paul Kehrer31bdf792015-03-25 14:11:00 -0500[diff] [blame]952 ]
953 )
954 assert repr(san) == (
955 "<SubjectAlternativeName([<DNSName(value=cryptography.io)>])>"
956 )
Paul Kehrer40f83382015-04-20 15:00:16 -0500[diff] [blame]957
958
959@pytest.mark.requires_backend_interface(interface=RSABackend)
960@pytest.mark.requires_backend_interface(interface=X509Backend)
961class TestRSASubjectAlternativeNameExtension(object):
962 def test_dns_name(self, backend):
963 cert = _load_cert(
964 os.path.join("x509", "cryptography.io.pem"),
965 x509.load_pem_x509_certificate,
966 backend
967 )
968 ext = cert.extensions.get_extension_for_oid(
969 x509.OID_SUBJECT_ALTERNATIVE_NAME
970 )
971 assert ext is not None
972 assert ext.critical is False
973
974 san = ext.value
975
976 dns = san.get_values_for_type(x509.DNSName)
977 assert dns == [u"www.cryptography.io", u"cryptography.io"]
Paul Kehrer9089c912015-04-20 22:15:20 -0500[diff] [blame]978
979 def test_unsupported_other_name(self, backend):
980 cert = _load_cert(
981 os.path.join(
982 "x509", "custom", "san_other_name.pem"
983 ),
984 x509.load_pem_x509_certificate,
985 backend
986 )
Paul Kehrerbed07352015-04-21 08:31:10 -0500[diff] [blame]987 with pytest.raises(x509.UnsupportedGeneralNameType) as exc:
Paul Kehrer9089c912015-04-20 22:15:20 -0500[diff] [blame]988 cert.extensions
Paul Kehrerbed07352015-04-21 08:31:10 -0500[diff] [blame]989
Paul Kehrer0a621bf2015-04-22 09:22:56 -0500[diff] [blame]990 assert exc.value.type == 0
Paul Kehrer4db96622015-04-20 22:17:39 -0500[diff] [blame]991
992 def test_registered_id(self, backend):
993 cert = _load_cert(
994 os.path.join(
995 "x509", "custom", "san_registered_id.pem"
996 ),
997 x509.load_pem_x509_certificate,
998 backend
999 )
1000 ext = cert.extensions.get_extension_for_oid(
1001 x509.OID_SUBJECT_ALTERNATIVE_NAME
1002 )
1003 assert ext is not None
1004 assert ext.critical is False
1005
1006 san = ext.value
1007 rid = san.get_values_for_type(x509.RegisteredID)
1008 assert rid == [x509.ObjectIdentifier("1.2.3.4")]
Paul Kehrerb8ef82e2015-04-22 16:04:24 -0500[diff] [blame]1009
1010 def test_uri(self, backend):
1011 cert = _load_cert(
1012 os.path.join(
1013 "x509", "custom", "san_uri_with_port.pem"
1014 ),
1015 x509.load_pem_x509_certificate,
1016 backend
1017 )
1018 ext = cert.extensions.get_extension_for_oid(
1019 x509.OID_SUBJECT_ALTERNATIVE_NAME
1020 )
1021 assert ext is not None
1022 uri = ext.value.get_values_for_type(
1023 x509.UniformResourceIdentifier
1024 )
1025 assert uri == [
1026 u"gopher://\u043f\u044b\u043a\u0430.cryptography:70/path?q=s#hel"
1027 u"lo",
1028 u"http://someregulardomain.com",
1029 ]
Paul Kehrera5f030c2015-04-28 08:33:18 -0500[diff] [blame]1030
1031 def test_ipaddress(self, backend):
1032 cert = _load_cert(
1033 os.path.join(
1034 "x509", "custom", "san_ipaddr.pem"
1035 ),
1036 x509.load_pem_x509_certificate,
1037 backend
1038 )
1039 ext = cert.extensions.get_extension_for_oid(
1040 x509.OID_SUBJECT_ALTERNATIVE_NAME
1041 )
1042 assert ext is not None
1043 assert ext.critical is False
1044
1045 san = ext.value
1046
1047 ip = san.get_values_for_type(x509.IPAddress)
1048 assert [
1049 ipaddress.ip_address(u"127.0.0.1"),
1050 ipaddress.ip_address(u"ff::")
1051 ] == ip
Paul Kehrer2187a052015-04-30 08:22:07 -0500[diff] [blame]1052
1053 def test_dirname(self, backend):
1054 cert = _load_cert(
1055 os.path.join(
1056 "x509", "custom", "san_dirname.pem"
1057 ),
1058 x509.load_pem_x509_certificate,
1059 backend
1060 )
1061 ext = cert.extensions.get_extension_for_oid(
1062 x509.OID_SUBJECT_ALTERNATIVE_NAME
1063 )
1064 assert ext is not None
1065 assert ext.critical is False
1066
1067 san = ext.value
1068
1069 dirname = san.get_values_for_type(x509.DirectoryName)
1070 assert [
1071 x509.Name([
1072 x509.NameAttribute(x509.OID_COMMON_NAME, 'test'),
1073 x509.NameAttribute(x509.OID_ORGANIZATION_NAME, 'Org'),
1074 x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, 'Texas'),
1075 ])
1076 ] == dirname
Paul Kehrere06cab42015-04-30 10:23:33 -0500[diff] [blame]1077
1078 def test_rfc822name(self, backend):
1079 cert = _load_cert(
1080 os.path.join(
1081 "x509", "custom", "san_rfc822_idna.pem"
1082 ),
1083 x509.load_pem_x509_certificate,
1084 backend
1085 )
1086 ext = cert.extensions.get_extension_for_oid(
1087 x509.OID_SUBJECT_ALTERNATIVE_NAME
1088 )
1089 assert ext is not None
1090 assert ext.critical is False
1091
1092 san = ext.value
1093
1094 rfc822name = san.get_values_for_type(x509.RFC822Name)
1095 assert [u"email@em\xe5\xefl.com"] == rfc822name
1096
1097 def test_unicode_rfc822_name_dns_name_uri(self, backend):
1098 cert = _load_cert(
1099 os.path.join(
1100 "x509", "custom", "san_idna_names.pem"
1101 ),
1102 x509.load_pem_x509_certificate,
1103 backend
1104 )
1105 ext = cert.extensions.get_extension_for_oid(
1106 x509.OID_SUBJECT_ALTERNATIVE_NAME
1107 )
1108 assert ext is not None
1109 rfc822_name = ext.value.get_values_for_type(x509.RFC822Name)
1110 dns_name = ext.value.get_values_for_type(x509.DNSName)
1111 uri = ext.value.get_values_for_type(x509.UniformResourceIdentifier)
1112 assert rfc822_name == [u"email@\u043f\u044b\u043a\u0430.cryptography"]
1113 assert dns_name == [u"\u043f\u044b\u043a\u0430.cryptography"]
1114 assert uri == [u"https://www.\u043f\u044b\u043a\u0430.cryptography"]
1115
1116 def test_rfc822name_dnsname_ipaddress_directoryname_uri(self, backend):
1117 cert = _load_cert(
1118 os.path.join(
1119 "x509", "custom", "san_email_dns_ip_dirname_uri.pem"
1120 ),
1121 x509.load_pem_x509_certificate,
1122 backend
1123 )
1124 ext = cert.extensions.get_extension_for_oid(
1125 x509.OID_SUBJECT_ALTERNATIVE_NAME
1126 )
1127 assert ext is not None
1128 assert ext.critical is False
1129
1130 san = ext.value
1131
1132 rfc822_name = san.get_values_for_type(x509.RFC822Name)
1133 uri = san.get_values_for_type(x509.UniformResourceIdentifier)
1134 dns = san.get_values_for_type(x509.DNSName)
1135 ip = san.get_values_for_type(x509.IPAddress)
1136 dirname = san.get_values_for_type(x509.DirectoryName)
1137 assert [u"user@cryptography.io"] == rfc822_name
Paul Kehrere3a330c2015-05-02 16:42:52 -0500[diff] [blame]1138 assert [u"https://cryptography.io"] == uri
Paul Kehrere06cab42015-04-30 10:23:33 -0500[diff] [blame]1139 assert [u"cryptography.io"] == dns
1140 assert [
1141 x509.Name([
1142 x509.NameAttribute(x509.OID_COMMON_NAME, 'dirCN'),
1143 x509.NameAttribute(
1144 x509.OID_ORGANIZATION_NAME, 'Cryptographic Authority'
1145 ),
1146 ])
1147 ] == dirname
1148 assert [
1149 ipaddress.ip_address(u"127.0.0.1"),
1150 ipaddress.ip_address(u"ff::")
1151 ] == ip
1152
1153 def test_invalid_rfc822name(self, backend):
1154 cert = _load_cert(
1155 os.path.join(
1156 "x509", "custom", "san_rfc822_names.pem"
1157 ),
1158 x509.load_pem_x509_certificate,
1159 backend
1160 )
1161 with pytest.raises(ValueError) as exc:
1162 cert.extensions
1163
1164 assert 'Invalid rfc822name value' in str(exc.value)
Paul Kehrer94c69602015-05-02 19:29:40 -0500[diff] [blame]1165
1166
1167@pytest.mark.requires_backend_interface(interface=RSABackend)
1168@pytest.mark.requires_backend_interface(interface=X509Backend)
1169class TestExtendedKeyUsageExtension(object):
1170 def test_eku(self, backend):
1171 cert = _load_cert(
1172 os.path.join(
1173 "x509", "custom", "extended_key_usage.pem"
1174 ),
1175 x509.load_pem_x509_certificate,
1176 backend
1177 )
1178 ext = cert.extensions.get_extension_for_oid(
1179 x509.OID_EXTENDED_KEY_USAGE
1180 )
1181 assert ext is not None
1182 assert ext.critical is False
1183
1184 assert [
1185 x509.ObjectIdentifier("1.3.6.1.5.5.7.3.1"),
1186 x509.ObjectIdentifier("1.3.6.1.5.5.7.3.2"),
1187 x509.ObjectIdentifier("1.3.6.1.5.5.7.3.3"),
1188 x509.ObjectIdentifier("1.3.6.1.5.5.7.3.4"),
1189 x509.ObjectIdentifier("1.3.6.1.5.5.7.3.9"),
1190 x509.ObjectIdentifier("1.3.6.1.5.5.7.3.8"),
1191 x509.ObjectIdentifier("2.5.29.37.0"),
1192 x509.ObjectIdentifier("2.16.840.1.113730.4.1"),
1193 ] == list(ext.value)
Paul Kehrer3e6d5582015-05-02 21:57:56 -0500[diff] [blame]1194
1195
1196class TestAccessDescription(object):
1197 def test_invalid_access_method(self):
Paul Kehrerf506bca2015-05-02 22:31:47 -0500[diff] [blame]1198 with pytest.raises(ValueError):
Paul Kehrer3e6d5582015-05-02 21:57:56 -0500[diff] [blame]1199 x509.AccessDescription("notanoid", x509.DNSName(u"test"))
1200
1201 def test_invalid_access_location(self):
1202 with pytest.raises(TypeError):
1203 x509.AccessDescription(x509.OID_CA_ISSUERS, "invalid")
1204
1205 def test_repr(self):
1206 ad = x509.AccessDescription(
1207 x509.OID_OCSP,
1208 x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
1209 )
1210 assert repr(ad) == (
1211 "<AccessDescription(access_method=<ObjectIdentifier(oid=1.3.6.1.5."
1212 "5.7.48.1, name=OCSP)>, access_location=<UniformResourceIdentifier"
1213 "(value=http://ocsp.domain.com)>)>"
1214 )
1215
1216 def test_eq(self):
1217 ad = x509.AccessDescription(
1218 x509.OID_OCSP,
1219 x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
1220 )
1221 ad2 = x509.AccessDescription(
1222 x509.OID_OCSP,
1223 x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
1224 )
1225 assert ad == ad2
1226
1227 def test_ne(self):
1228 ad = x509.AccessDescription(
1229 x509.OID_OCSP,
1230 x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
1231 )
1232 ad2 = x509.AccessDescription(
1233 x509.OID_CA_ISSUERS,
1234 x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
1235 )
1236 ad3 = x509.AccessDescription(
1237 x509.OID_OCSP,
1238 x509.UniformResourceIdentifier(u"http://notthesame")
1239 )
1240 assert ad != ad2
1241 assert ad != ad3
1242 assert ad != object()
1243
1244
1245class TestAuthorityInformationAccess(object):
1246 def test_invalid_descriptions(self):
1247 with pytest.raises(TypeError):
1248 x509.AuthorityInformationAccess(["notanAccessDescription"])
1249
1250 def test_iter_len(self):
1251 aia = x509.AuthorityInformationAccess([
1252 x509.AccessDescription(
1253 x509.OID_OCSP,
1254 x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
1255 ),
1256 x509.AccessDescription(
1257 x509.OID_CA_ISSUERS,
1258 x509.UniformResourceIdentifier(u"http://domain.com/ca.crt")
1259 )
1260 ])
1261 assert len(aia) == 2
1262 assert list(aia) == [
1263 x509.AccessDescription(
1264 x509.OID_OCSP,
1265 x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
1266 ),
1267 x509.AccessDescription(
1268 x509.OID_CA_ISSUERS,
1269 x509.UniformResourceIdentifier(u"http://domain.com/ca.crt")
1270 )
1271 ]
1272
1273 def test_repr(self):
1274 aia = x509.AuthorityInformationAccess([
1275 x509.AccessDescription(
1276 x509.OID_OCSP,
1277 x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
1278 ),
1279 x509.AccessDescription(
1280 x509.OID_CA_ISSUERS,
1281 x509.UniformResourceIdentifier(u"http://domain.com/ca.crt")
1282 )
1283 ])
1284 assert repr(aia) == (
1285 "<AuthorityInformationAccess([<AccessDescription(access_method=<Ob"
1286 "jectIdentifier(oid=1.3.6.1.5.5.7.48.1, name=OCSP)>, access_locati"
1287 "on=<UniformResourceIdentifier(value=http://ocsp.domain.com)>)>, <"
1288 "AccessDescription(access_method=<ObjectIdentifier(oid=1.3.6.1.5.5"
1289 ".7.48.2, name=caIssuers)>, access_location=<UniformResourceIdenti"
1290 "fier(value=http://domain.com/ca.crt)>)>])>"
1291 )
1292
1293 def test_eq(self):
1294 aia = x509.AuthorityInformationAccess([
1295 x509.AccessDescription(
1296 x509.OID_OCSP,
1297 x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
1298 ),
1299 x509.AccessDescription(
1300 x509.OID_CA_ISSUERS,
1301 x509.UniformResourceIdentifier(u"http://domain.com/ca.crt")
1302 )
1303 ])
1304 aia2 = x509.AuthorityInformationAccess([
1305 x509.AccessDescription(
1306 x509.OID_OCSP,
1307 x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
1308 ),
1309 x509.AccessDescription(
1310 x509.OID_CA_ISSUERS,
1311 x509.UniformResourceIdentifier(u"http://domain.com/ca.crt")
1312 )
1313 ])
1314 assert aia == aia2
1315
1316 def test_ne(self):
1317 aia = x509.AuthorityInformationAccess([
1318 x509.AccessDescription(
1319 x509.OID_OCSP,
1320 x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
1321 ),
1322 x509.AccessDescription(
1323 x509.OID_CA_ISSUERS,
1324 x509.UniformResourceIdentifier(u"http://domain.com/ca.crt")
1325 )
1326 ])
1327 aia2 = x509.AuthorityInformationAccess([
1328 x509.AccessDescription(
1329 x509.OID_OCSP,
1330 x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
1331 ),
1332 ])
1333
1334 assert aia != aia2
1335 assert aia != object()
Paul Kehrerd774de92015-05-03 10:52:25 -0500[diff] [blame]1336
1337
1338@pytest.mark.requires_backend_interface(interface=RSABackend)
1339@pytest.mark.requires_backend_interface(interface=X509Backend)
Paul Kehrera1476992015-05-04 17:35:47 -0500[diff] [blame]1340class TestAuthorityInformationAccessExtension(object):
1341 def test_aia_ocsp_ca_issuers(self, backend):
1342 cert = _load_cert(
1343 os.path.join("x509", "cryptography.io.pem"),
1344 x509.load_pem_x509_certificate,
1345 backend
1346 )
1347 ext = cert.extensions.get_extension_for_oid(
1348 x509.OID_AUTHORITY_INFORMATION_ACCESS
1349 )
1350 assert ext is not None
1351 assert ext.critical is False
1352
1353 assert ext.value == x509.AuthorityInformationAccess([
1354 x509.AccessDescription(
1355 x509.OID_OCSP,
1356 x509.UniformResourceIdentifier(u"http://gv.symcd.com")
1357 ),
1358 x509.AccessDescription(
1359 x509.OID_CA_ISSUERS,
1360 x509.UniformResourceIdentifier(u"http://gv.symcb.com/gv.crt")
1361 ),
1362 ])
1363
1364 def test_aia_multiple_ocsp_ca_issuers(self, backend):
1365 cert = _load_cert(
1366 os.path.join("x509", "custom", "aia_ocsp_ca_issuers.pem"),
1367 x509.load_pem_x509_certificate,
1368 backend
1369 )
1370 ext = cert.extensions.get_extension_for_oid(
1371 x509.OID_AUTHORITY_INFORMATION_ACCESS
1372 )
1373 assert ext is not None
1374 assert ext.critical is False
1375
1376 assert ext.value == x509.AuthorityInformationAccess([
1377 x509.AccessDescription(
1378 x509.OID_OCSP,
1379 x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
1380 ),
1381 x509.AccessDescription(
1382 x509.OID_OCSP,
1383 x509.UniformResourceIdentifier(u"http://ocsp2.domain.com")
1384 ),
1385 x509.AccessDescription(
1386 x509.OID_CA_ISSUERS,
1387 x509.DirectoryName(x509.Name([
1388 x509.NameAttribute(x509.OID_COMMON_NAME, "myCN"),
1389 x509.NameAttribute(x509.OID_ORGANIZATION_NAME, "some Org"),
1390 ]))
1391 ),
1392 ])
1393
1394 def test_aia_ocsp_only(self, backend):
1395 cert = _load_cert(
1396 os.path.join("x509", "custom", "aia_ocsp.pem"),
1397 x509.load_pem_x509_certificate,
1398 backend
1399 )
1400 ext = cert.extensions.get_extension_for_oid(
1401 x509.OID_AUTHORITY_INFORMATION_ACCESS
1402 )
1403 assert ext is not None
1404 assert ext.critical is False
1405
1406 assert ext.value == x509.AuthorityInformationAccess([
1407 x509.AccessDescription(
1408 x509.OID_OCSP,
1409 x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
1410 ),
1411 ])
1412
1413 def test_aia_ca_issuers_only(self, backend):
1414 cert = _load_cert(
1415 os.path.join("x509", "custom", "aia_ca_issuers.pem"),
1416 x509.load_pem_x509_certificate,
1417 backend
1418 )
1419 ext = cert.extensions.get_extension_for_oid(
1420 x509.OID_AUTHORITY_INFORMATION_ACCESS
1421 )
1422 assert ext is not None
1423 assert ext.critical is False
1424
1425 assert ext.value == x509.AuthorityInformationAccess([
1426 x509.AccessDescription(
1427 x509.OID_CA_ISSUERS,
1428 x509.DirectoryName(x509.Name([
1429 x509.NameAttribute(x509.OID_COMMON_NAME, "myCN"),
1430 x509.NameAttribute(x509.OID_ORGANIZATION_NAME, "some Org"),
1431 ]))
1432 ),
1433 ])
1434
1435
1436@pytest.mark.requires_backend_interface(interface=RSABackend)
1437@pytest.mark.requires_backend_interface(interface=X509Backend)
Paul Kehrerd774de92015-05-03 10:52:25 -0500[diff] [blame]1438class TestAuthorityKeyIdentifierExtension(object):
1439 def test_aki_keyid(self, backend):
1440 cert = _load_cert(
1441 os.path.join(
1442 "x509", "cryptography.io.pem"
1443 ),
1444 x509.load_pem_x509_certificate,
1445 backend
1446 )
1447 ext = cert.extensions.get_extension_for_oid(
1448 x509.OID_AUTHORITY_KEY_IDENTIFIER
1449 )
1450 assert ext is not None
1451 assert ext.critical is False
1452
1453 assert ext.value.key_identifier == (
1454 b"\xc3\x9c\xf3\xfc\xd3F\x084\xbb\xceF\x7f\xa0|[\xf3\xe2\x08\xcbY"
1455 )
1456 assert ext.value.authority_cert_issuer is None
1457 assert ext.value.authority_cert_serial_number is None
1458
1459 def test_aki_all_fields(self, backend):
1460 cert = _load_cert(
1461 os.path.join(
1462 "x509", "custom", "authority_key_identifier.pem"
1463 ),
1464 x509.load_pem_x509_certificate,
1465 backend
1466 )
1467 ext = cert.extensions.get_extension_for_oid(
1468 x509.OID_AUTHORITY_KEY_IDENTIFIER
1469 )
1470 assert ext is not None
1471 assert ext.critical is False
1472
1473 assert ext.value.key_identifier == (
1474 b"9E>\xca=b\x1d\xea\x86I\xf6Z\xab@\xb7\xa4p\x98\xf1\xec"
1475 )
1476 assert ext.value.authority_cert_issuer == [
1477 x509.DirectoryName(
1478 x509.Name([
1479 x509.NameAttribute(
1480 x509.OID_ORGANIZATION_NAME, u"PyCA"
1481 ),
1482 x509.NameAttribute(
1483 x509.OID_COMMON_NAME, u"cryptography.io"
1484 )
1485 ])
1486 )
1487 ]
1488 assert ext.value.authority_cert_serial_number == 3
1489
1490 def test_aki_no_keyid(self, backend):
1491 cert = _load_cert(
1492 os.path.join(
1493 "x509", "custom", "authority_key_identifier_no_keyid.pem"
1494 ),
1495 x509.load_pem_x509_certificate,
1496 backend
1497 )
1498 ext = cert.extensions.get_extension_for_oid(
1499 x509.OID_AUTHORITY_KEY_IDENTIFIER
1500 )
1501 assert ext is not None
1502 assert ext.critical is False
1503
1504 assert ext.value.key_identifier is None
1505 assert ext.value.authority_cert_issuer == [
1506 x509.DirectoryName(
1507 x509.Name([
1508 x509.NameAttribute(
1509 x509.OID_ORGANIZATION_NAME, u"PyCA"
1510 ),
1511 x509.NameAttribute(
1512 x509.OID_COMMON_NAME, u"cryptography.io"
1513 )
1514 ])
1515 )
1516 ]
1517 assert ext.value.authority_cert_serial_number == 3
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1518
1519
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1520class TestDistributionPoint(object):
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1521 def test_distribution_point_full_name_not_general_names(self):
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1522 with pytest.raises(TypeError):
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1523 x509.DistributionPoint(["notgn"], None, None, None)
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1524
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1525 def test_distribution_point_relative_name_not_name(self):
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1526 with pytest.raises(TypeError):
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1527 x509.DistributionPoint(None, "notname", None, None)
1528
1529 def test_distribution_point_full_and_relative_not_none(self):
1530 with pytest.raises(ValueError):
1531 x509.DistributionPoint("data", "notname", None, None)
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1532
1533 def test_crl_issuer_not_general_names(self):
1534 with pytest.raises(TypeError):
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1535 x509.DistributionPoint(None, None, None, ["notgn"])
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1536
1537 def test_reason_not_reasonflags(self):
1538 with pytest.raises(TypeError):
1539 x509.DistributionPoint(
1540 [x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1541 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1542 frozenset(["notreasonflags"]),
1543 None
1544 )
1545
1546 def test_reason_not_frozenset(self):
1547 with pytest.raises(TypeError):
1548 x509.DistributionPoint(
1549 [x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
1550 None,
1551 [x509.ReasonFlags.ca_compromise],
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1552 None
1553 )
1554
1555 def test_disallowed_reasons(self):
1556 with pytest.raises(ValueError):
1557 x509.DistributionPoint(
1558 [x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
1559 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1560 frozenset([x509.ReasonFlags.unspecified]),
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1561 None
1562 )
1563
1564 with pytest.raises(ValueError):
1565 x509.DistributionPoint(
1566 [x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
1567 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1568 frozenset([x509.ReasonFlags.remove_from_crl]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1569 None
1570 )
1571
1572 def test_reason_only(self):
1573 with pytest.raises(ValueError):
1574 x509.DistributionPoint(
1575 None,
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1576 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1577 frozenset([x509.ReasonFlags.aa_compromise]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1578 None
1579 )
1580
1581 def test_eq(self):
1582 dp = x509.DistributionPoint(
1583 [x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1584 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1585 frozenset([x509.ReasonFlags.superseded]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1586 [
1587 x509.DirectoryName(
1588 x509.Name([
1589 x509.NameAttribute(
1590 x509.OID_COMMON_NAME, "Important CA"
1591 )
1592 ])
1593 )
1594 ],
1595 )
1596 dp2 = x509.DistributionPoint(
1597 [x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1598 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1599 frozenset([x509.ReasonFlags.superseded]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1600 [
1601 x509.DirectoryName(
1602 x509.Name([
1603 x509.NameAttribute(
1604 x509.OID_COMMON_NAME, "Important CA"
1605 )
1606 ])
1607 )
1608 ],
1609 )
1610 assert dp == dp2
1611
1612 def test_ne(self):
1613 dp = x509.DistributionPoint(
1614 [x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1615 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1616 frozenset([x509.ReasonFlags.superseded]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1617 [
1618 x509.DirectoryName(
1619 x509.Name([
1620 x509.NameAttribute(
1621 x509.OID_COMMON_NAME, "Important CA"
1622 )
1623 ])
1624 )
1625 ],
1626 )
1627 dp2 = x509.DistributionPoint(
1628 [x509.UniformResourceIdentifier(u"http://crypt.og/crl")],
1629 None,
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1630 None,
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1631 None
1632 )
1633 assert dp != dp2
1634 assert dp != object()
1635
1636 def test_repr(self):
1637 dp = x509.DistributionPoint(
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1638 None,
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1639 x509.Name([
1640 x509.NameAttribute(x509.OID_COMMON_NAME, "myCN")
1641 ]),
Paul Kehrer96ef63c2015-05-09 21:17:04 -0500[diff] [blame]1642 frozenset([x509.ReasonFlags.ca_compromise]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1643 [
1644 x509.DirectoryName(
1645 x509.Name([
1646 x509.NameAttribute(
1647 x509.OID_COMMON_NAME, "Important CA"
1648 )
1649 ])
1650 )
1651 ],
1652 )
Paul Kehrer749da3b2015-05-10 09:58:29 -0500[diff] [blame]1653 if six.PY3:
1654 assert repr(dp) == (
1655 "<DistributionPoint(full_name=None, relative_name=<Name([<Name"
1656 "Attribute(oid=<ObjectIdentifier(oid=2.5.4.3, name=commonName)"
1657 ">, value='myCN')>])>, reasons=frozenset({<ReasonFlags.ca_comp"
1658 "romise: 'cACompromise'>}), crl_issuer=[<DirectoryName(value=<"
1659 "Name([<NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.3, name="
1660 "commonName)>, value='Important CA')>])>)>])>"
1661 )
1662 else:
1663 assert repr(dp) == (
1664 "<DistributionPoint(full_name=None, relative_name=<Name([<Name"
1665 "Attribute(oid=<ObjectIdentifier(oid=2.5.4.3, name=commonName)"
1666 ">, value='myCN')>])>, reasons=frozenset([<ReasonFlags.ca_comp"
1667 "romise: 'cACompromise'>]), crl_issuer=[<DirectoryName(value=<"
1668 "Name([<NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.3, name="
1669 "commonName)>, value='Important CA')>])>)>])>"
1670 )
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1671
1672
1673class TestCRLDistributionPoints(object):
1674 def test_invalid_distribution_points(self):
1675 with pytest.raises(TypeError):
1676 x509.CRLDistributionPoints(["notadistributionpoint"])
1677
1678 def test_iter_len(self):
1679 cdp = x509.CRLDistributionPoints([
1680 x509.DistributionPoint(
1681 [x509.UniformResourceIdentifier(u"http://domain")],
1682 None,
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1683 None,
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1684 None
1685 ),
1686 x509.DistributionPoint(
1687 [x509.UniformResourceIdentifier(u"ftp://domain")],
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1688 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1689 frozenset([
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1690 x509.ReasonFlags.key_compromise,
1691 x509.ReasonFlags.ca_compromise,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1692 ]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1693 None
1694 ),
1695 ])
1696 assert len(cdp) == 2
1697 assert list(cdp) == [
1698 x509.DistributionPoint(
1699 [x509.UniformResourceIdentifier(u"http://domain")],
1700 None,
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1701 None,
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1702 None
1703 ),
1704 x509.DistributionPoint(
1705 [x509.UniformResourceIdentifier(u"ftp://domain")],
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1706 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1707 frozenset([
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1708 x509.ReasonFlags.key_compromise,
1709 x509.ReasonFlags.ca_compromise,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1710 ]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1711 None
1712 ),
1713 ]
1714
1715 def test_repr(self):
1716 cdp = x509.CRLDistributionPoints([
1717 x509.DistributionPoint(
1718 [x509.UniformResourceIdentifier(u"ftp://domain")],
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1719 None,
Paul Kehrer96ef63c2015-05-09 21:17:04 -0500[diff] [blame]1720 frozenset([x509.ReasonFlags.key_compromise]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1721 None
1722 ),
1723 ])
Paul Kehrer749da3b2015-05-10 09:58:29 -0500[diff] [blame]1724 if six.PY3:
1725 assert repr(cdp) == (
1726 "<CRLDistributionPoints([<DistributionPoint(full_name=[<Unifo"
1727 "rmResourceIdentifier(value=ftp://domain)>], relative_name=No"
1728 "ne, reasons=frozenset({<ReasonFlags.key_compromise: 'keyComp"
1729 "romise'>}), crl_issuer=None)>])>"
1730 )
1731 else:
1732 assert repr(cdp) == (
1733 "<CRLDistributionPoints([<DistributionPoint(full_name=[<Unifo"
1734 "rmResourceIdentifier(value=ftp://domain)>], relative_name=No"
1735 "ne, reasons=frozenset([<ReasonFlags.key_compromise: 'keyComp"
1736 "romise'>]), crl_issuer=None)>])>"
1737 )
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1738
1739 def test_eq(self):
1740 cdp = x509.CRLDistributionPoints([
1741 x509.DistributionPoint(
1742 [x509.UniformResourceIdentifier(u"ftp://domain")],
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1743 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1744 frozenset([
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1745 x509.ReasonFlags.key_compromise,
1746 x509.ReasonFlags.ca_compromise,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1747 ]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1748 [x509.UniformResourceIdentifier(u"uri://thing")],
1749 ),
1750 ])
1751 cdp2 = x509.CRLDistributionPoints([
1752 x509.DistributionPoint(
1753 [x509.UniformResourceIdentifier(u"ftp://domain")],
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1754 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1755 frozenset([
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1756 x509.ReasonFlags.key_compromise,
1757 x509.ReasonFlags.ca_compromise,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1758 ]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1759 [x509.UniformResourceIdentifier(u"uri://thing")],
1760 ),
1761 ])
1762 assert cdp == cdp2
1763
1764 def test_ne(self):
1765 cdp = x509.CRLDistributionPoints([
1766 x509.DistributionPoint(
1767 [x509.UniformResourceIdentifier(u"ftp://domain")],
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1768 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1769 frozenset([
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1770 x509.ReasonFlags.key_compromise,
1771 x509.ReasonFlags.ca_compromise,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1772 ]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1773 [x509.UniformResourceIdentifier(u"uri://thing")],
1774 ),
1775 ])
1776 cdp2 = x509.CRLDistributionPoints([
1777 x509.DistributionPoint(
1778 [x509.UniformResourceIdentifier(u"ftp://domain2")],
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1779 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1780 frozenset([
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1781 x509.ReasonFlags.key_compromise,
1782 x509.ReasonFlags.ca_compromise,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1783 ]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1784 [x509.UniformResourceIdentifier(u"uri://thing")],
1785 ),
1786 ])
1787 cdp3 = x509.CRLDistributionPoints([
1788 x509.DistributionPoint(
1789 [x509.UniformResourceIdentifier(u"ftp://domain")],
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1790 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1791 frozenset([x509.ReasonFlags.key_compromise]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1792 [x509.UniformResourceIdentifier(u"uri://thing")],
1793 ),
1794 ])
1795 cdp4 = x509.CRLDistributionPoints([
1796 x509.DistributionPoint(
1797 [x509.UniformResourceIdentifier(u"ftp://domain")],
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1798 None,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1799 frozenset([
Paul Kehrer4e8dacd2015-05-09 10:38:23 -0500[diff] [blame]1800 x509.ReasonFlags.key_compromise,
1801 x509.ReasonFlags.ca_compromise,
Paul Kehrer3fd02602015-05-09 19:46:13 -0500[diff] [blame]1802 ]),
Paul Kehrer5a485522015-05-06 00:29:12 -0500[diff] [blame]1803 [x509.UniformResourceIdentifier(u"uri://thing2")],
1804 ),
1805 ])
1806 assert cdp != cdp2
1807 assert cdp != cdp3
1808 assert cdp != cdp4
1809 assert cdp != object()