Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cryptography / 7209d3e2071d4e66e1da0c4c99e71c9bf5601b1a / . / tests / test_x509_ext.py
blob: 87580a0d7bf8b04ef84909eab135478b9be88103 [file] [log] [blame]
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]1# This file is dual licensed under the terms of the Apache License, Version
2# 2.0, and the BSD License. See the LICENSE file in the root of this repository
3# for complete details.
4
5from __future__ import absolute_import, division, print_function
6
Paul Kehrerfbb7ac82015-03-16 19:26:29 -0500[diff] [blame]7import os
8
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]9import pytest
10
11from cryptography import x509
Paul Kehrerfbb7ac82015-03-16 19:26:29 -0500[diff] [blame]12from cryptography.hazmat.backends.interfaces import RSABackend, X509Backend
13
14from .test_x509 import _load_cert
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]15
16
Paul Kehrer85894662015-03-22 13:19:31 -0500[diff] [blame]17class TestExtension(object):
18 def test_not_an_oid(self):
Paul Kehrera5c6e9a2015-03-23 19:23:43 -0500[diff] [blame]19 bc = x509.BasicConstraints(ca=False, path_length=None)
Paul Kehrer85894662015-03-22 13:19:31 -0500[diff] [blame]20 with pytest.raises(TypeError):
21 x509.Extension("notanoid", True, bc)
22
23 def test_critical_not_a_bool(self):
Paul Kehrera5c6e9a2015-03-23 19:23:43 -0500[diff] [blame]24 bc = x509.BasicConstraints(ca=False, path_length=None)
Paul Kehrer85894662015-03-22 13:19:31 -0500[diff] [blame]25 with pytest.raises(TypeError):
26 x509.Extension(x509.OID_BASIC_CONSTRAINTS, "notabool", bc)
27
28 def test_repr(self):
Paul Kehrera5c6e9a2015-03-23 19:23:43 -0500[diff] [blame]29 bc = x509.BasicConstraints(ca=False, path_length=None)
Paul Kehrer85894662015-03-22 13:19:31 -0500[diff] [blame]30 ext = x509.Extension(x509.OID_BASIC_CONSTRAINTS, True, bc)
31 assert repr(ext) == (
32 "<Extension(oid=<ObjectIdentifier(oid=2.5.29.19, name=basicConst"
33 "raints)>, critical=True, value=<BasicConstraints(ca=False, path"
34 "_length=None)>)>"
35 )
36
37
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]38class TestBasicConstraints(object):
39 def test_ca_not_boolean(self):
40 with pytest.raises(TypeError):
Paul Kehrera5c6e9a2015-03-23 19:23:43 -0500[diff] [blame]41 x509.BasicConstraints(ca="notbool", path_length=None)
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]42
43 def test_path_length_not_ca(self):
44 with pytest.raises(ValueError):
Paul Kehrera5c6e9a2015-03-23 19:23:43 -0500[diff] [blame]45 x509.BasicConstraints(ca=False, path_length=0)
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]46
47 def test_path_length_not_int(self):
48 with pytest.raises(TypeError):
Paul Kehrera5c6e9a2015-03-23 19:23:43 -0500[diff] [blame]49 x509.BasicConstraints(ca=True, path_length=1.1)
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]50
51 with pytest.raises(TypeError):
Paul Kehrera5c6e9a2015-03-23 19:23:43 -0500[diff] [blame]52 x509.BasicConstraints(ca=True, path_length="notint")
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]53
54 def test_path_length_negative(self):
55 with pytest.raises(TypeError):
Paul Kehrera5c6e9a2015-03-23 19:23:43 -0500[diff] [blame]56 x509.BasicConstraints(ca=True, path_length=-1)
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]57
58 def test_repr(self):
Paul Kehrera5c6e9a2015-03-23 19:23:43 -0500[diff] [blame]59 na = x509.BasicConstraints(ca=True, path_length=None)
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]60 assert repr(na) == (
Paul Kehrer85894662015-03-22 13:19:31 -0500[diff] [blame]61 "<BasicConstraints(ca=True, path_length=None)>"
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]62 )
Paul Kehrerfbb7ac82015-03-16 19:26:29 -0500[diff] [blame]63
64
Paul Kehrerffa2a152015-03-31 08:18:25 -0500[diff] [blame]65class TestExtendedKeyUsage(object):
66 def test_not_all_oids(self):
67 with pytest.raises(TypeError):
68 x509.ExtendedKeyUsage(["notoid"])
69
70 def test_iter_len(self):
71 eku = x509.ExtendedKeyUsage([
72 x509.ObjectIdentifier("1.3.6.1.5.5.7.3.1"),
73 x509.ObjectIdentifier("1.3.6.1.5.5.7.3.2"),
74 ])
75 assert len(eku) == 2
76 assert list(eku) == [
77 x509.OID_SERVER_AUTH,
78 x509.OID_CLIENT_AUTH
79 ]
80
81
Paul Kehrerfbb7ac82015-03-16 19:26:29 -0500[diff] [blame]82@pytest.mark.requires_backend_interface(interface=RSABackend)
83@pytest.mark.requires_backend_interface(interface=X509Backend)
84class TestExtensions(object):
85 def test_no_extensions(self, backend):
86 cert = _load_cert(
87 os.path.join("x509", "verisign_md2_root.pem"),
88 x509.load_pem_x509_certificate,
89 backend
90 )
91 ext = cert.extensions
92 assert len(ext) == 0
93 assert list(ext) == []
Paul Kehrerfa56a232015-03-17 13:14:03 -0500[diff] [blame]94 with pytest.raises(x509.ExtensionNotFound) as exc:
95 ext.get_extension_for_oid(x509.OID_BASIC_CONSTRAINTS)
96
97 assert exc.value.oid == x509.OID_BASIC_CONSTRAINTS
98
99 def test_one_extension(self, backend):
100 cert = _load_cert(
101 os.path.join(
102 "x509", "custom", "basic_constraints_not_critical.pem"
103 ),
104 x509.load_pem_x509_certificate,
105 backend
106 )
107 extensions = cert.extensions
108 ext = extensions.get_extension_for_oid(x509.OID_BASIC_CONSTRAINTS)
109 assert ext is not None
110 assert ext.value.ca is False
Paul Kehrerfbb7ac82015-03-16 19:26:29 -0500[diff] [blame]111
112 def test_duplicate_extension(self, backend):
113 cert = _load_cert(
114 os.path.join(
115 "x509", "custom", "two_basic_constraints.pem"
116 ),
117 x509.load_pem_x509_certificate,
118 backend
119 )
120 with pytest.raises(x509.DuplicateExtension) as exc:
121 cert.extensions
122
123 assert exc.value.oid == x509.OID_BASIC_CONSTRAINTS
124
125 def test_unsupported_critical_extension(self, backend):
126 cert = _load_cert(
127 os.path.join(
128 "x509", "custom", "unsupported_extension_critical.pem"
129 ),
130 x509.load_pem_x509_certificate,
131 backend
132 )
133 with pytest.raises(x509.UnsupportedExtension) as exc:
134 cert.extensions
135
136 assert exc.value.oid == x509.ObjectIdentifier("1.2.3.4")
137
138 def test_unsupported_extension(self, backend):
139 # TODO: this will raise an exception when all extensions are complete
140 cert = _load_cert(
141 os.path.join(
142 "x509", "custom", "unsupported_extension.pem"
143 ),
144 x509.load_pem_x509_certificate,
145 backend
146 )
147 extensions = cert.extensions
148 assert len(extensions) == 0
Paul Kehrerfa56a232015-03-17 13:14:03 -0500[diff] [blame]149
150
151@pytest.mark.requires_backend_interface(interface=RSABackend)
152@pytest.mark.requires_backend_interface(interface=X509Backend)
Paul Kehrerde813ea2015-03-28 12:44:34 -0500[diff] [blame]153class TestBasicConstraintsExtension(object):
Paul Kehrerfa56a232015-03-17 13:14:03 -0500[diff] [blame]154 def test_ca_true_pathlen_6(self, backend):
155 cert = _load_cert(
156 os.path.join(
157 "x509", "PKITS_data", "certs", "pathLenConstraint6CACert.crt"
158 ),
159 x509.load_der_x509_certificate,
160 backend
161 )
162 ext = cert.extensions.get_extension_for_oid(
163 x509.OID_BASIC_CONSTRAINTS
164 )
165 assert ext is not None
166 assert ext.critical is True
167 assert ext.value.ca is True
168 assert ext.value.path_length == 6
169
170 def test_path_length_zero(self, backend):
171 cert = _load_cert(
172 os.path.join("x509", "custom", "bc_path_length_zero.pem"),
173 x509.load_pem_x509_certificate,
174 backend
175 )
176 ext = cert.extensions.get_extension_for_oid(
177 x509.OID_BASIC_CONSTRAINTS
178 )
179 assert ext is not None
180 assert ext.critical is True
181 assert ext.value.ca is True
182 assert ext.value.path_length == 0
183
184 def test_ca_true_no_pathlen(self, backend):
185 cert = _load_cert(
186 os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"),
187 x509.load_der_x509_certificate,
188 backend
189 )
190 ext = cert.extensions.get_extension_for_oid(
191 x509.OID_BASIC_CONSTRAINTS
192 )
193 assert ext is not None
194 assert ext.critical is True
195 assert ext.value.ca is True
196 assert ext.value.path_length is None
197
198 def test_ca_false(self, backend):
199 cert = _load_cert(
200 os.path.join("x509", "cryptography.io.pem"),
201 x509.load_pem_x509_certificate,
202 backend
203 )
204 ext = cert.extensions.get_extension_for_oid(
205 x509.OID_BASIC_CONSTRAINTS
206 )
207 assert ext is not None
208 assert ext.critical is True
209 assert ext.value.ca is False
210 assert ext.value.path_length is None
211
212 def test_no_basic_constraints(self, backend):
213 cert = _load_cert(
214 os.path.join(
215 "x509",
216 "PKITS_data",
217 "certs",
218 "ValidCertificatePathTest1EE.crt"
219 ),
220 x509.load_der_x509_certificate,
221 backend
222 )
223 with pytest.raises(x509.ExtensionNotFound):
224 cert.extensions.get_extension_for_oid(x509.OID_BASIC_CONSTRAINTS)
225
226 def test_basic_constraint_not_critical(self, backend):
227 cert = _load_cert(
228 os.path.join(
229 "x509", "custom", "basic_constraints_not_critical.pem"
230 ),
231 x509.load_pem_x509_certificate,
232 backend
233 )
234 ext = cert.extensions.get_extension_for_oid(
235 x509.OID_BASIC_CONSTRAINTS
236 )
237 assert ext is not None
238 assert ext.critical is False
239 assert ext.value.ca is False