Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cryptography / de813eab6dcd19372fe7aade302f90fe2dac9d03 / . / tests / test_x509_ext.py
blob: af13f27aae0482fefa72a42f17003269dfe23b3a [file] [log] [blame]
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]1# This file is dual licensed under the terms of the Apache License, Version
2# 2.0, and the BSD License. See the LICENSE file in the root of this repository
3# for complete details.
4
5from __future__ import absolute_import, division, print_function
6
Paul Kehrerfbb7ac82015-03-16 19:26:29 -0500[diff] [blame]7import os
8
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]9import pytest
10
11from cryptography import x509
Paul Kehrerfbb7ac82015-03-16 19:26:29 -0500[diff] [blame]12from cryptography.hazmat.backends.interfaces import RSABackend, X509Backend
13
14from .test_x509 import _load_cert
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]15
16
Paul Kehrer85894662015-03-22 13:19:31 -0500[diff] [blame]17class TestExtension(object):
18 def test_not_an_oid(self):
Paul Kehrera5c6e9a2015-03-23 19:23:43 -0500[diff] [blame]19 bc = x509.BasicConstraints(ca=False, path_length=None)
Paul Kehrer85894662015-03-22 13:19:31 -0500[diff] [blame]20 with pytest.raises(TypeError):
21 x509.Extension("notanoid", True, bc)
22
23 def test_critical_not_a_bool(self):
Paul Kehrera5c6e9a2015-03-23 19:23:43 -0500[diff] [blame]24 bc = x509.BasicConstraints(ca=False, path_length=None)
Paul Kehrer85894662015-03-22 13:19:31 -0500[diff] [blame]25 with pytest.raises(TypeError):
26 x509.Extension(x509.OID_BASIC_CONSTRAINTS, "notabool", bc)
27
28 def test_repr(self):
Paul Kehrera5c6e9a2015-03-23 19:23:43 -0500[diff] [blame]29 bc = x509.BasicConstraints(ca=False, path_length=None)
Paul Kehrer85894662015-03-22 13:19:31 -0500[diff] [blame]30 ext = x509.Extension(x509.OID_BASIC_CONSTRAINTS, True, bc)
31 assert repr(ext) == (
32 "<Extension(oid=<ObjectIdentifier(oid=2.5.29.19, name=basicConst"
33 "raints)>, critical=True, value=<BasicConstraints(ca=False, path"
34 "_length=None)>)>"
35 )
36
37
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]38class TestBasicConstraints(object):
39 def test_ca_not_boolean(self):
40 with pytest.raises(TypeError):
Paul Kehrera5c6e9a2015-03-23 19:23:43 -0500[diff] [blame]41 x509.BasicConstraints(ca="notbool", path_length=None)
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]42
43 def test_path_length_not_ca(self):
44 with pytest.raises(ValueError):
Paul Kehrera5c6e9a2015-03-23 19:23:43 -0500[diff] [blame]45 x509.BasicConstraints(ca=False, path_length=0)
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]46
47 def test_path_length_not_int(self):
48 with pytest.raises(TypeError):
Paul Kehrera5c6e9a2015-03-23 19:23:43 -0500[diff] [blame]49 x509.BasicConstraints(ca=True, path_length=1.1)
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]50
51 with pytest.raises(TypeError):
Paul Kehrera5c6e9a2015-03-23 19:23:43 -0500[diff] [blame]52 x509.BasicConstraints(ca=True, path_length="notint")
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]53
54 def test_path_length_negative(self):
55 with pytest.raises(TypeError):
Paul Kehrera5c6e9a2015-03-23 19:23:43 -0500[diff] [blame]56 x509.BasicConstraints(ca=True, path_length=-1)
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]57
58 def test_repr(self):
Paul Kehrera5c6e9a2015-03-23 19:23:43 -0500[diff] [blame]59 na = x509.BasicConstraints(ca=True, path_length=None)
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]60 assert repr(na) == (
Paul Kehrer85894662015-03-22 13:19:31 -0500[diff] [blame]61 "<BasicConstraints(ca=True, path_length=None)>"
Paul Kehrer8cf26422015-03-21 09:50:24 -0500[diff] [blame]62 )
Paul Kehrerfbb7ac82015-03-16 19:26:29 -0500[diff] [blame]63
64
65@pytest.mark.requires_backend_interface(interface=RSABackend)
66@pytest.mark.requires_backend_interface(interface=X509Backend)
67class TestExtensions(object):
68 def test_no_extensions(self, backend):
69 cert = _load_cert(
70 os.path.join("x509", "verisign_md2_root.pem"),
71 x509.load_pem_x509_certificate,
72 backend
73 )
74 ext = cert.extensions
75 assert len(ext) == 0
76 assert list(ext) == []
Paul Kehrerfa56a232015-03-17 13:14:03 -0500[diff] [blame]77 with pytest.raises(x509.ExtensionNotFound) as exc:
78 ext.get_extension_for_oid(x509.OID_BASIC_CONSTRAINTS)
79
80 assert exc.value.oid == x509.OID_BASIC_CONSTRAINTS
81
82 def test_one_extension(self, backend):
83 cert = _load_cert(
84 os.path.join(
85 "x509", "custom", "basic_constraints_not_critical.pem"
86 ),
87 x509.load_pem_x509_certificate,
88 backend
89 )
90 extensions = cert.extensions
91 ext = extensions.get_extension_for_oid(x509.OID_BASIC_CONSTRAINTS)
92 assert ext is not None
93 assert ext.value.ca is False
Paul Kehrerfbb7ac82015-03-16 19:26:29 -0500[diff] [blame]94
95 def test_duplicate_extension(self, backend):
96 cert = _load_cert(
97 os.path.join(
98 "x509", "custom", "two_basic_constraints.pem"
99 ),
100 x509.load_pem_x509_certificate,
101 backend
102 )
103 with pytest.raises(x509.DuplicateExtension) as exc:
104 cert.extensions
105
106 assert exc.value.oid == x509.OID_BASIC_CONSTRAINTS
107
108 def test_unsupported_critical_extension(self, backend):
109 cert = _load_cert(
110 os.path.join(
111 "x509", "custom", "unsupported_extension_critical.pem"
112 ),
113 x509.load_pem_x509_certificate,
114 backend
115 )
116 with pytest.raises(x509.UnsupportedExtension) as exc:
117 cert.extensions
118
119 assert exc.value.oid == x509.ObjectIdentifier("1.2.3.4")
120
121 def test_unsupported_extension(self, backend):
122 # TODO: this will raise an exception when all extensions are complete
123 cert = _load_cert(
124 os.path.join(
125 "x509", "custom", "unsupported_extension.pem"
126 ),
127 x509.load_pem_x509_certificate,
128 backend
129 )
130 extensions = cert.extensions
131 assert len(extensions) == 0
Paul Kehrerfa56a232015-03-17 13:14:03 -0500[diff] [blame]132
133
134@pytest.mark.requires_backend_interface(interface=RSABackend)
135@pytest.mark.requires_backend_interface(interface=X509Backend)
Paul Kehrerde813ea2015-03-28 12:44:34 -0500[diff] [blame^]136class TestBasicConstraintsExtension(object):
Paul Kehrerfa56a232015-03-17 13:14:03 -0500[diff] [blame]137 def test_ca_true_pathlen_6(self, backend):
138 cert = _load_cert(
139 os.path.join(
140 "x509", "PKITS_data", "certs", "pathLenConstraint6CACert.crt"
141 ),
142 x509.load_der_x509_certificate,
143 backend
144 )
145 ext = cert.extensions.get_extension_for_oid(
146 x509.OID_BASIC_CONSTRAINTS
147 )
148 assert ext is not None
149 assert ext.critical is True
150 assert ext.value.ca is True
151 assert ext.value.path_length == 6
152
153 def test_path_length_zero(self, backend):
154 cert = _load_cert(
155 os.path.join("x509", "custom", "bc_path_length_zero.pem"),
156 x509.load_pem_x509_certificate,
157 backend
158 )
159 ext = cert.extensions.get_extension_for_oid(
160 x509.OID_BASIC_CONSTRAINTS
161 )
162 assert ext is not None
163 assert ext.critical is True
164 assert ext.value.ca is True
165 assert ext.value.path_length == 0
166
167 def test_ca_true_no_pathlen(self, backend):
168 cert = _load_cert(
169 os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"),
170 x509.load_der_x509_certificate,
171 backend
172 )
173 ext = cert.extensions.get_extension_for_oid(
174 x509.OID_BASIC_CONSTRAINTS
175 )
176 assert ext is not None
177 assert ext.critical is True
178 assert ext.value.ca is True
179 assert ext.value.path_length is None
180
181 def test_ca_false(self, backend):
182 cert = _load_cert(
183 os.path.join("x509", "cryptography.io.pem"),
184 x509.load_pem_x509_certificate,
185 backend
186 )
187 ext = cert.extensions.get_extension_for_oid(
188 x509.OID_BASIC_CONSTRAINTS
189 )
190 assert ext is not None
191 assert ext.critical is True
192 assert ext.value.ca is False
193 assert ext.value.path_length is None
194
195 def test_no_basic_constraints(self, backend):
196 cert = _load_cert(
197 os.path.join(
198 "x509",
199 "PKITS_data",
200 "certs",
201 "ValidCertificatePathTest1EE.crt"
202 ),
203 x509.load_der_x509_certificate,
204 backend
205 )
206 with pytest.raises(x509.ExtensionNotFound):
207 cert.extensions.get_extension_for_oid(x509.OID_BASIC_CONSTRAINTS)
208
209 def test_basic_constraint_not_critical(self, backend):
210 cert = _load_cert(
211 os.path.join(
212 "x509", "custom", "basic_constraints_not_critical.pem"
213 ),
214 x509.load_pem_x509_certificate,
215 backend
216 )
217 ext = cert.extensions.get_extension_for_oid(
218 x509.OID_BASIC_CONSTRAINTS
219 )
220 assert ext is not None
221 assert ext.critical is False
222 assert ext.value.ca is False