Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cryptography / ec3cc9bd730b6799424dc3f69b79d490eaa2f07d / . / tests / test_x509.py
blob: df315cc3f6ad4ac38c6ed7f936d5589d8e55e5c6 [file] [log] [blame]
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]1# This file is dual licensed under the terms of the Apache License, Version
2# 2.0, and the BSD License. See the LICENSE file in the root of this repository
3# for complete details.
4
5from __future__ import absolute_import, division, print_function
6
Paul Kehrer0307c372014-11-27 09:49:31 -1000[diff] [blame]7import binascii
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]8import datetime
9import os
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]10
11import pytest
12
Ian Cordascoa908d692015-06-16 21:35:24 -0500[diff] [blame]13import six
14
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]15from cryptography import x509
Paul Kehrer8802a5b2015-02-13 12:06:57 -0600[diff] [blame]16from cryptography.exceptions import UnsupportedAlgorithm
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]17from cryptography.hazmat.backends.interfaces import (
18 DSABackend, EllipticCurveBackend, RSABackend, X509Backend
19)
Andre Caron476c5df2015-05-18 10:23:28 -0400[diff] [blame]20from cryptography.hazmat.primitives import hashes, serialization
Alex Gaynor32c57df2015-02-23 21:51:27 -0800[diff] [blame]21from cryptography.hazmat.primitives.asymmetric import dsa, ec, rsa
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]22
Ian Cordasco8ed8edc2015-06-22 20:11:17 -0500[diff] [blame]23from .hazmat.primitives.fixtures_dsa import DSA_KEY_2048
Ian Cordasco41f51ce2015-06-17 11:49:11 -0500[diff] [blame]24from .hazmat.primitives.fixtures_rsa import RSA_KEY_2048
Ian Cordasco4d46eb72015-06-17 12:08:27 -0500[diff] [blame]25from .hazmat.primitives.test_ec import _skip_curve_unsupported
Paul Kehrera9d78c12014-11-26 10:59:03 -1000[diff] [blame]26from .utils import load_vectors_from_file
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]27
28
Paul Kehrer41120322014-12-02 18:31:14 -1000[diff] [blame]29def _load_cert(filename, loader, backend):
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]30 cert = load_vectors_from_file(
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]31 filename=filename,
32 loader=lambda pemfile: loader(pemfile.read(), backend),
33 mode="rb"
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]34 )
35 return cert
36
37
38@pytest.mark.requires_backend_interface(interface=RSABackend)
39@pytest.mark.requires_backend_interface(interface=X509Backend)
Paul Kehrere76cd272014-12-14 19:00:51 -0600[diff] [blame]40class TestRSACertificate(object):
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]41 def test_load_pem_cert(self, backend):
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]42 cert = _load_cert(
43 os.path.join("x509", "custom", "post2000utctime.pem"),
Paul Kehrer41120322014-12-02 18:31:14 -1000[diff] [blame]44 x509.load_pem_x509_certificate,
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]45 backend
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]46 )
Paul Kehrere76cd272014-12-14 19:00:51 -0600[diff] [blame]47 assert isinstance(cert, x509.Certificate)
48 assert cert.serial == 11559813051657483483
49 fingerprint = binascii.hexlify(cert.fingerprint(hashes.SHA1()))
50 assert fingerprint == b"2b619ed04bfc9c3b08eb677d272192286a0947a8"
Paul Kehrer8802a5b2015-02-13 12:06:57 -0600[diff] [blame]51 assert isinstance(cert.signature_hash_algorithm, hashes.SHA1)
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]52
53 def test_load_der_cert(self, backend):
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]54 cert = _load_cert(
55 os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"),
Paul Kehrer41120322014-12-02 18:31:14 -1000[diff] [blame]56 x509.load_der_x509_certificate,
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]57 backend
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]58 )
Paul Kehrere76cd272014-12-14 19:00:51 -0600[diff] [blame]59 assert isinstance(cert, x509.Certificate)
60 assert cert.serial == 2
61 fingerprint = binascii.hexlify(cert.fingerprint(hashes.SHA1()))
62 assert fingerprint == b"6f49779533d565e8b7c1062503eab41492c38e4d"
Paul Kehrer8802a5b2015-02-13 12:06:57 -0600[diff] [blame]63 assert isinstance(cert.signature_hash_algorithm, hashes.SHA256)
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]64
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]65 def test_issuer(self, backend):
66 cert = _load_cert(
67 os.path.join(
68 "x509", "PKITS_data", "certs",
69 "Validpre2000UTCnotBeforeDateTest3EE.crt"
70 ),
71 x509.load_der_x509_certificate,
72 backend
73 )
74 issuer = cert.issuer
75 assert isinstance(issuer, x509.Name)
Paul Kehrer8b21a4a2015-02-14 07:56:36 -0600[diff] [blame]76 assert list(issuer) == [
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]77 x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]78 x509.NameAttribute(
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]79 x509.OID_ORGANIZATION_NAME, u'Test Certificates 2011'
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]80 ),
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]81 x509.NameAttribute(x509.OID_COMMON_NAME, u'Good CA')
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]82 ]
Paul Kehrere901d642015-02-11 18:50:58 -0600[diff] [blame]83 assert issuer.get_attributes_for_oid(x509.OID_COMMON_NAME) == [
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]84 x509.NameAttribute(x509.OID_COMMON_NAME, u'Good CA')
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]85 ]
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]86
87 def test_all_issuer_name_types(self, backend):
88 cert = _load_cert(
89 os.path.join(
90 "x509", "custom",
91 "all_supported_names.pem"
92 ),
93 x509.load_pem_x509_certificate,
94 backend
95 )
96 issuer = cert.issuer
97
98 assert isinstance(issuer, x509.Name)
Paul Kehrer8b21a4a2015-02-14 07:56:36 -0600[diff] [blame]99 assert list(issuer) == [
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]100 x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
101 x509.NameAttribute(x509.OID_COUNTRY_NAME, u'CA'),
102 x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Texas'),
103 x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Illinois'),
104 x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Chicago'),
105 x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Austin'),
106 x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'Zero, LLC'),
107 x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'One, LLC'),
108 x509.NameAttribute(x509.OID_COMMON_NAME, u'common name 0'),
109 x509.NameAttribute(x509.OID_COMMON_NAME, u'common name 1'),
110 x509.NameAttribute(x509.OID_ORGANIZATIONAL_UNIT_NAME, u'OU 0'),
111 x509.NameAttribute(x509.OID_ORGANIZATIONAL_UNIT_NAME, u'OU 1'),
112 x509.NameAttribute(x509.OID_DN_QUALIFIER, u'dnQualifier0'),
113 x509.NameAttribute(x509.OID_DN_QUALIFIER, u'dnQualifier1'),
114 x509.NameAttribute(x509.OID_SERIAL_NUMBER, u'123'),
115 x509.NameAttribute(x509.OID_SERIAL_NUMBER, u'456'),
116 x509.NameAttribute(x509.OID_TITLE, u'Title 0'),
117 x509.NameAttribute(x509.OID_TITLE, u'Title 1'),
118 x509.NameAttribute(x509.OID_SURNAME, u'Surname 0'),
119 x509.NameAttribute(x509.OID_SURNAME, u'Surname 1'),
120 x509.NameAttribute(x509.OID_GIVEN_NAME, u'Given Name 0'),
121 x509.NameAttribute(x509.OID_GIVEN_NAME, u'Given Name 1'),
122 x509.NameAttribute(x509.OID_PSEUDONYM, u'Incognito 0'),
123 x509.NameAttribute(x509.OID_PSEUDONYM, u'Incognito 1'),
124 x509.NameAttribute(x509.OID_GENERATION_QUALIFIER, u'Last Gen'),
125 x509.NameAttribute(x509.OID_GENERATION_QUALIFIER, u'Next Gen'),
126 x509.NameAttribute(x509.OID_DOMAIN_COMPONENT, u'dc0'),
127 x509.NameAttribute(x509.OID_DOMAIN_COMPONENT, u'dc1'),
128 x509.NameAttribute(x509.OID_EMAIL_ADDRESS, u'test0@test.local'),
129 x509.NameAttribute(x509.OID_EMAIL_ADDRESS, u'test1@test.local'),
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]130 ]
131
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]132 def test_subject(self, backend):
133 cert = _load_cert(
134 os.path.join(
135 "x509", "PKITS_data", "certs",
136 "Validpre2000UTCnotBeforeDateTest3EE.crt"
137 ),
138 x509.load_der_x509_certificate,
139 backend
140 )
141 subject = cert.subject
142 assert isinstance(subject, x509.Name)
Paul Kehrer8b21a4a2015-02-14 07:56:36 -0600[diff] [blame]143 assert list(subject) == [
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]144 x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]145 x509.NameAttribute(
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]146 x509.OID_ORGANIZATION_NAME, u'Test Certificates 2011'
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]147 ),
148 x509.NameAttribute(
149 x509.OID_COMMON_NAME,
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]150 u'Valid pre2000 UTC notBefore Date EE Certificate Test3'
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]151 )
152 ]
Paul Kehrere901d642015-02-11 18:50:58 -0600[diff] [blame]153 assert subject.get_attributes_for_oid(x509.OID_COMMON_NAME) == [
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]154 x509.NameAttribute(
155 x509.OID_COMMON_NAME,
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]156 u'Valid pre2000 UTC notBefore Date EE Certificate Test3'
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]157 )
158 ]
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]159
160 def test_unicode_name(self, backend):
161 cert = _load_cert(
162 os.path.join(
163 "x509", "custom",
164 "utf8_common_name.pem"
165 ),
166 x509.load_pem_x509_certificate,
167 backend
168 )
Paul Kehrere901d642015-02-11 18:50:58 -0600[diff] [blame]169 assert cert.subject.get_attributes_for_oid(x509.OID_COMMON_NAME) == [
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]170 x509.NameAttribute(
171 x509.OID_COMMON_NAME,
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]172 u'We heart UTF8!\u2122'
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]173 )
174 ]
Paul Kehrere901d642015-02-11 18:50:58 -0600[diff] [blame]175 assert cert.issuer.get_attributes_for_oid(x509.OID_COMMON_NAME) == [
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]176 x509.NameAttribute(
177 x509.OID_COMMON_NAME,
Eeshan Gargf1234152015-04-29 18:41:00 +0530[diff] [blame]178 u'We heart UTF8!\u2122'
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]179 )
180 ]
181
182 def test_all_subject_name_types(self, backend):
183 cert = _load_cert(
184 os.path.join(
185 "x509", "custom",
186 "all_supported_names.pem"
187 ),
188 x509.load_pem_x509_certificate,
189 backend
190 )
191 subject = cert.subject
192 assert isinstance(subject, x509.Name)
Paul Kehrer8b21a4a2015-02-14 07:56:36 -0600[diff] [blame]193 assert list(subject) == [
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]194 x509.NameAttribute(x509.OID_COUNTRY_NAME, u'AU'),
195 x509.NameAttribute(x509.OID_COUNTRY_NAME, u'DE'),
196 x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'California'),
197 x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'New York'),
198 x509.NameAttribute(x509.OID_LOCALITY_NAME, u'San Francisco'),
199 x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Ithaca'),
200 x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'Org Zero, LLC'),
201 x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'Org One, LLC'),
202 x509.NameAttribute(x509.OID_COMMON_NAME, u'CN 0'),
203 x509.NameAttribute(x509.OID_COMMON_NAME, u'CN 1'),
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]204 x509.NameAttribute(
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]205 x509.OID_ORGANIZATIONAL_UNIT_NAME, u'Engineering 0'
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]206 ),
207 x509.NameAttribute(
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]208 x509.OID_ORGANIZATIONAL_UNIT_NAME, u'Engineering 1'
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]209 ),
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]210 x509.NameAttribute(x509.OID_DN_QUALIFIER, u'qualified0'),
211 x509.NameAttribute(x509.OID_DN_QUALIFIER, u'qualified1'),
212 x509.NameAttribute(x509.OID_SERIAL_NUMBER, u'789'),
213 x509.NameAttribute(x509.OID_SERIAL_NUMBER, u'012'),
214 x509.NameAttribute(x509.OID_TITLE, u'Title IX'),
215 x509.NameAttribute(x509.OID_TITLE, u'Title X'),
216 x509.NameAttribute(x509.OID_SURNAME, u'Last 0'),
217 x509.NameAttribute(x509.OID_SURNAME, u'Last 1'),
218 x509.NameAttribute(x509.OID_GIVEN_NAME, u'First 0'),
219 x509.NameAttribute(x509.OID_GIVEN_NAME, u'First 1'),
220 x509.NameAttribute(x509.OID_PSEUDONYM, u'Guy Incognito 0'),
221 x509.NameAttribute(x509.OID_PSEUDONYM, u'Guy Incognito 1'),
222 x509.NameAttribute(x509.OID_GENERATION_QUALIFIER, u'32X'),
223 x509.NameAttribute(x509.OID_GENERATION_QUALIFIER, u'Dreamcast'),
224 x509.NameAttribute(x509.OID_DOMAIN_COMPONENT, u'dc2'),
225 x509.NameAttribute(x509.OID_DOMAIN_COMPONENT, u'dc3'),
226 x509.NameAttribute(x509.OID_EMAIL_ADDRESS, u'test2@test.local'),
227 x509.NameAttribute(x509.OID_EMAIL_ADDRESS, u'test3@test.local'),
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]228 ]
229
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]230 def test_load_good_ca_cert(self, backend):
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]231 cert = _load_cert(
232 os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"),
Paul Kehrer41120322014-12-02 18:31:14 -1000[diff] [blame]233 x509.load_der_x509_certificate,
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]234 backend
235 )
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]236
Paul Kehrerd9fc7252014-12-11 12:25:00 -0600[diff] [blame]237 assert cert.not_valid_before == datetime.datetime(2010, 1, 1, 8, 30)
238 assert cert.not_valid_after == datetime.datetime(2030, 12, 31, 8, 30)
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]239 assert cert.serial == 2
240 public_key = cert.public_key()
Alex Gaynor32c57df2015-02-23 21:51:27 -0800[diff] [blame]241 assert isinstance(public_key, rsa.RSAPublicKey)
Paul Kehrere76cd272014-12-14 19:00:51 -0600[diff] [blame]242 assert cert.version is x509.Version.v3
Paul Kehrer0307c372014-11-27 09:49:31 -1000[diff] [blame]243 fingerprint = binascii.hexlify(cert.fingerprint(hashes.SHA1()))
Paul Kehrer4e1db792014-11-27 10:50:55 -1000[diff] [blame]244 assert fingerprint == b"6f49779533d565e8b7c1062503eab41492c38e4d"
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]245
Paul Kehrer1eb5b862014-11-26 11:44:03 -1000[diff] [blame]246 def test_utc_pre_2000_not_before_cert(self, backend):
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]247 cert = _load_cert(
248 os.path.join(
249 "x509", "PKITS_data", "certs",
250 "Validpre2000UTCnotBeforeDateTest3EE.crt"
251 ),
Paul Kehrer41120322014-12-02 18:31:14 -1000[diff] [blame]252 x509.load_der_x509_certificate,
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]253 backend
254 )
255
Paul Kehrerd9fc7252014-12-11 12:25:00 -0600[diff] [blame]256 assert cert.not_valid_before == datetime.datetime(1950, 1, 1, 12, 1)
Paul Kehrer1eb5b862014-11-26 11:44:03 -1000[diff] [blame]257
258 def test_pre_2000_utc_not_after_cert(self, backend):
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]259 cert = _load_cert(
260 os.path.join(
261 "x509", "PKITS_data", "certs",
262 "Invalidpre2000UTCEEnotAfterDateTest7EE.crt"
263 ),
Paul Kehrer41120322014-12-02 18:31:14 -1000[diff] [blame]264 x509.load_der_x509_certificate,
Paul Kehrer1eb5b862014-11-26 11:44:03 -1000[diff] [blame]265 backend
266 )
267
Paul Kehrerd9fc7252014-12-11 12:25:00 -0600[diff] [blame]268 assert cert.not_valid_after == datetime.datetime(1999, 1, 1, 12, 1)
Paul Kehrer1eb5b862014-11-26 11:44:03 -1000[diff] [blame]269
270 def test_post_2000_utc_cert(self, backend):
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]271 cert = _load_cert(
Paul Kehrer1eb5b862014-11-26 11:44:03 -1000[diff] [blame]272 os.path.join("x509", "custom", "post2000utctime.pem"),
Paul Kehrer41120322014-12-02 18:31:14 -1000[diff] [blame]273 x509.load_pem_x509_certificate,
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]274 backend
Paul Kehrer1eb5b862014-11-26 11:44:03 -1000[diff] [blame]275 )
Paul Kehrerd9fc7252014-12-11 12:25:00 -0600[diff] [blame]276 assert cert.not_valid_before == datetime.datetime(
277 2014, 11, 26, 21, 41, 20
278 )
279 assert cert.not_valid_after == datetime.datetime(
280 2014, 12, 26, 21, 41, 20
281 )
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]282
283 def test_generalized_time_not_before_cert(self, backend):
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]284 cert = _load_cert(
285 os.path.join(
286 "x509", "PKITS_data", "certs",
287 "ValidGeneralizedTimenotBeforeDateTest4EE.crt"
288 ),
Paul Kehrer41120322014-12-02 18:31:14 -1000[diff] [blame]289 x509.load_der_x509_certificate,
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]290 backend
291 )
Paul Kehrerd9fc7252014-12-11 12:25:00 -0600[diff] [blame]292 assert cert.not_valid_before == datetime.datetime(2002, 1, 1, 12, 1)
293 assert cert.not_valid_after == datetime.datetime(2030, 12, 31, 8, 30)
Paul Kehrere76cd272014-12-14 19:00:51 -0600[diff] [blame]294 assert cert.version is x509.Version.v3
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]295
296 def test_generalized_time_not_after_cert(self, backend):
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]297 cert = _load_cert(
298 os.path.join(
299 "x509", "PKITS_data", "certs",
300 "ValidGeneralizedTimenotAfterDateTest8EE.crt"
301 ),
Paul Kehrer41120322014-12-02 18:31:14 -1000[diff] [blame]302 x509.load_der_x509_certificate,
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]303 backend
304 )
Paul Kehrerd9fc7252014-12-11 12:25:00 -0600[diff] [blame]305 assert cert.not_valid_before == datetime.datetime(2010, 1, 1, 8, 30)
306 assert cert.not_valid_after == datetime.datetime(2050, 1, 1, 12, 1)
Paul Kehrere76cd272014-12-14 19:00:51 -0600[diff] [blame]307 assert cert.version is x509.Version.v3
Paul Kehrera9d78c12014-11-26 10:59:03 -1000[diff] [blame]308
309 def test_invalid_version_cert(self, backend):
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]310 cert = _load_cert(
Paul Kehrera9d78c12014-11-26 10:59:03 -1000[diff] [blame]311 os.path.join("x509", "custom", "invalid_version.pem"),
Paul Kehrer41120322014-12-02 18:31:14 -1000[diff] [blame]312 x509.load_pem_x509_certificate,
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]313 backend
Paul Kehrera9d78c12014-11-26 10:59:03 -1000[diff] [blame]314 )
Paul Kehrerd5cccf72014-12-15 17:20:33 -0600[diff] [blame]315 with pytest.raises(x509.InvalidVersion) as exc:
Paul Kehrera9d78c12014-11-26 10:59:03 -1000[diff] [blame]316 cert.version
Paul Kehrer30c5ccd2014-11-26 11:10:28 -1000[diff] [blame]317
Paul Kehrerd5cccf72014-12-15 17:20:33 -0600[diff] [blame]318 assert exc.value.parsed_version == 7
319
Paul Kehrer8bbdc6f2015-04-30 16:47:16 -0500[diff] [blame]320 def test_eq(self, backend):
321 cert = _load_cert(
322 os.path.join("x509", "custom", "post2000utctime.pem"),
323 x509.load_pem_x509_certificate,
324 backend
325 )
326 cert2 = _load_cert(
327 os.path.join("x509", "custom", "post2000utctime.pem"),
328 x509.load_pem_x509_certificate,
329 backend
330 )
331 assert cert == cert2
332
333 def test_ne(self, backend):
334 cert = _load_cert(
335 os.path.join("x509", "custom", "post2000utctime.pem"),
336 x509.load_pem_x509_certificate,
337 backend
338 )
339 cert2 = _load_cert(
340 os.path.join(
341 "x509", "PKITS_data", "certs",
342 "ValidGeneralizedTimenotAfterDateTest8EE.crt"
343 ),
344 x509.load_der_x509_certificate,
345 backend
346 )
347 assert cert != cert2
348 assert cert != object()
349
Paul Kehrer30c5ccd2014-11-26 11:10:28 -1000[diff] [blame]350 def test_version_1_cert(self, backend):
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]351 cert = _load_cert(
Paul Kehrer30c5ccd2014-11-26 11:10:28 -1000[diff] [blame]352 os.path.join("x509", "v1_cert.pem"),
Paul Kehrer41120322014-12-02 18:31:14 -1000[diff] [blame]353 x509.load_pem_x509_certificate,
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]354 backend
Paul Kehrer30c5ccd2014-11-26 11:10:28 -1000[diff] [blame]355 )
Paul Kehrere76cd272014-12-14 19:00:51 -0600[diff] [blame]356 assert cert.version is x509.Version.v1
Paul Kehrer7638c312014-11-26 11:13:31 -1000[diff] [blame]357
358 def test_invalid_pem(self, backend):
359 with pytest.raises(ValueError):
360 x509.load_pem_x509_certificate(b"notacert", backend)
361
362 def test_invalid_der(self, backend):
363 with pytest.raises(ValueError):
364 x509.load_der_x509_certificate(b"notacert", backend)
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]365
Paul Kehrer8802a5b2015-02-13 12:06:57 -0600[diff] [blame]366 def test_unsupported_signature_hash_algorithm_cert(self, backend):
367 cert = _load_cert(
368 os.path.join("x509", "verisign_md2_root.pem"),
369 x509.load_pem_x509_certificate,
370 backend
371 )
372 with pytest.raises(UnsupportedAlgorithm):
373 cert.signature_hash_algorithm
374
Andre Carona8aded62015-05-19 20:11:57 -0400[diff] [blame]375 def test_public_bytes_pem(self, backend):
376 # Load an existing certificate.
377 cert = _load_cert(
378 os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"),
379 x509.load_der_x509_certificate,
380 backend
381 )
382
383 # Encode it to PEM and load it back.
384 cert = x509.load_pem_x509_certificate(cert.public_bytes(
385 encoding=serialization.Encoding.PEM,
386 ), backend)
387
388 # We should recover what we had to start with.
389 assert cert.not_valid_before == datetime.datetime(2010, 1, 1, 8, 30)
390 assert cert.not_valid_after == datetime.datetime(2030, 12, 31, 8, 30)
391 assert cert.serial == 2
392 public_key = cert.public_key()
393 assert isinstance(public_key, rsa.RSAPublicKey)
394 assert cert.version is x509.Version.v3
395 fingerprint = binascii.hexlify(cert.fingerprint(hashes.SHA1()))
396 assert fingerprint == b"6f49779533d565e8b7c1062503eab41492c38e4d"
397
398 def test_public_bytes_der(self, backend):
399 # Load an existing certificate.
400 cert = _load_cert(
401 os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"),
402 x509.load_der_x509_certificate,
403 backend
404 )
405
406 # Encode it to DER and load it back.
407 cert = x509.load_der_x509_certificate(cert.public_bytes(
408 encoding=serialization.Encoding.DER,
409 ), backend)
410
411 # We should recover what we had to start with.
412 assert cert.not_valid_before == datetime.datetime(2010, 1, 1, 8, 30)
413 assert cert.not_valid_after == datetime.datetime(2030, 12, 31, 8, 30)
414 assert cert.serial == 2
415 public_key = cert.public_key()
416 assert isinstance(public_key, rsa.RSAPublicKey)
417 assert cert.version is x509.Version.v3
418 fingerprint = binascii.hexlify(cert.fingerprint(hashes.SHA1()))
419 assert fingerprint == b"6f49779533d565e8b7c1062503eab41492c38e4d"
420
421 def test_public_bytes_invalid_encoding(self, backend):
422 cert = _load_cert(
423 os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"),
424 x509.load_der_x509_certificate,
425 backend
426 )
427
428 with pytest.raises(TypeError):
429 cert.public_bytes('NotAnEncoding')
430
431 @pytest.mark.parametrize(
432 ("cert_path", "loader_func", "encoding"),
433 [
434 (
435 os.path.join("x509", "v1_cert.pem"),
436 x509.load_pem_x509_certificate,
437 serialization.Encoding.PEM,
438 ),
439 (
440 os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"),
441 x509.load_der_x509_certificate,
442 serialization.Encoding.DER,
443 ),
444 ]
445 )
446 def test_public_bytes_match(self, cert_path, loader_func, encoding,
447 backend):
448 cert_bytes = load_vectors_from_file(
449 cert_path, lambda pemfile: pemfile.read(), mode="rb"
450 )
451 cert = loader_func(cert_bytes, backend)
452 serialized = cert.public_bytes(encoding)
453 assert serialized == cert_bytes
454
Major Haydenf315af22015-06-17 14:02:26 -0500[diff] [blame]455 def test_certificate_repr(self, backend):
456 cert = _load_cert(
457 os.path.join(
458 "x509", "cryptography.io.pem"
459 ),
460 x509.load_pem_x509_certificate,
461 backend
462 )
463 if six.PY3:
464 assert repr(cert) == (
465 "<Certificate(subject=<Name([<NameAttribute(oid=<ObjectIdentif"
466 "ier(oid=2.5.4.11, name=organizationalUnitName)>, value='GT487"
467 "42965')>, <NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.11, "
468 "name=organizationalUnitName)>, value='See www.rapidssl.com/re"
469 "sources/cps (c)14')>, <NameAttribute(oid=<ObjectIdentifier(oi"
470 "d=2.5.4.11, name=organizationalUnitName)>, value='Domain Cont"
471 "rol Validated - RapidSSL(R)')>, <NameAttribute(oid=<ObjectIde"
472 "ntifier(oid=2.5.4.3, name=commonName)>, value='www.cryptograp"
473 "hy.io')>])>, ...)>"
474 )
475 else:
476 assert repr(cert) == (
477 "<Certificate(subject=<Name([<NameAttribute(oid=<ObjectIdentif"
478 "ier(oid=2.5.4.11, name=organizationalUnitName)>, value=u'GT48"
479 "742965')>, <NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.11,"
480 " name=organizationalUnitName)>, value=u'See www.rapidssl.com/"
481 "resources/cps (c)14')>, <NameAttribute(oid=<ObjectIdentifier("
482 "oid=2.5.4.11, name=organizationalUnitName)>, value=u'Domain C"
483 "ontrol Validated - RapidSSL(R)')>, <NameAttribute(oid=<Object"
484 "Identifier(oid=2.5.4.3, name=commonName)>, value=u'www.crypto"
485 "graphy.io')>])>, ...)>"
486 )
487
Andre Carona8aded62015-05-19 20:11:57 -0400[diff] [blame]488
489@pytest.mark.requires_backend_interface(interface=RSABackend)
490@pytest.mark.requires_backend_interface(interface=X509Backend)
491class TestRSACertificateRequest(object):
Paul Kehrer1effb6e2015-03-30 15:05:59 -0500[diff] [blame]492 @pytest.mark.parametrize(
493 ("path", "loader_func"),
494 [
495 [
496 os.path.join("x509", "requests", "rsa_sha1.pem"),
497 x509.load_pem_x509_csr
498 ],
499 [
500 os.path.join("x509", "requests", "rsa_sha1.der"),
501 x509.load_der_x509_csr
502 ],
503 ]
504 )
505 def test_load_rsa_certificate_request(self, path, loader_func, backend):
506 request = _load_cert(path, loader_func, backend)
Paul Kehrerdc480ad2015-02-23 12:14:54 -0600[diff] [blame]507 assert isinstance(request.signature_hash_algorithm, hashes.SHA1)
508 public_key = request.public_key()
509 assert isinstance(public_key, rsa.RSAPublicKey)
510 subject = request.subject
511 assert isinstance(subject, x509.Name)
512 assert list(subject) == [
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]513 x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
514 x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Texas'),
515 x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Austin'),
516 x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'PyCA'),
517 x509.NameAttribute(x509.OID_COMMON_NAME, u'cryptography.io'),
Paul Kehrerdc480ad2015-02-23 12:14:54 -0600[diff] [blame]518 ]
Andre Caron6e721a92015-05-17 15:08:48 -0400[diff] [blame]519 extensions = request.extensions
520 assert isinstance(extensions, x509.Extensions)
521 assert list(extensions) == []
Paul Kehrerdc480ad2015-02-23 12:14:54 -0600[diff] [blame]522
Paul Kehrer1effb6e2015-03-30 15:05:59 -0500[diff] [blame]523 @pytest.mark.parametrize(
524 "loader_func",
525 [x509.load_pem_x509_csr, x509.load_der_x509_csr]
526 )
527 def test_invalid_certificate_request(self, loader_func, backend):
Paul Kehrerb759e292015-03-17 07:34:41 -0500[diff] [blame]528 with pytest.raises(ValueError):
Paul Kehrer1effb6e2015-03-30 15:05:59 -0500[diff] [blame]529 loader_func(b"notacsr", backend)
Paul Kehrerb759e292015-03-17 07:34:41 -0500[diff] [blame]530
Paul Kehrerdc480ad2015-02-23 12:14:54 -0600[diff] [blame]531 def test_unsupported_signature_hash_algorithm_request(self, backend):
532 request = _load_cert(
533 os.path.join("x509", "requests", "rsa_md4.pem"),
Paul Kehrer31e39882015-03-11 11:37:04 -0500[diff] [blame]534 x509.load_pem_x509_csr,
Paul Kehrerdc480ad2015-02-23 12:14:54 -0600[diff] [blame]535 backend
536 )
537 with pytest.raises(UnsupportedAlgorithm):
538 request.signature_hash_algorithm
539
Andre Caron6e721a92015-05-17 15:08:48 -0400[diff] [blame]540 def test_duplicate_extension(self, backend):
541 request = _load_cert(
542 os.path.join(
543 "x509", "requests", "two_basic_constraints.pem"
544 ),
545 x509.load_pem_x509_csr,
546 backend
547 )
548 with pytest.raises(x509.DuplicateExtension) as exc:
549 request.extensions
550
551 assert exc.value.oid == x509.OID_BASIC_CONSTRAINTS
552
553 def test_unsupported_critical_extension(self, backend):
554 request = _load_cert(
555 os.path.join(
556 "x509", "requests", "unsupported_extension_critical.pem"
557 ),
558 x509.load_pem_x509_csr,
559 backend
560 )
561 with pytest.raises(x509.UnsupportedExtension) as exc:
562 request.extensions
563
564 assert exc.value.oid == x509.ObjectIdentifier('1.2.3.4')
565
566 def test_unsupported_extension(self, backend):
567 request = _load_cert(
568 os.path.join(
569 "x509", "requests", "unsupported_extension.pem"
570 ),
571 x509.load_pem_x509_csr,
572 backend
573 )
574 extensions = request.extensions
575 assert len(extensions) == 0
576
577 def test_request_basic_constraints(self, backend):
578 request = _load_cert(
579 os.path.join(
580 "x509", "requests", "basic_constraints.pem"
581 ),
582 x509.load_pem_x509_csr,
583 backend
584 )
585 extensions = request.extensions
586 assert isinstance(extensions, x509.Extensions)
587 assert list(extensions) == [
588 x509.Extension(
589 x509.OID_BASIC_CONSTRAINTS,
590 True,
Ian Cordasco0112b022015-06-16 17:51:18 -0500[diff] [blame]591 x509.BasicConstraints(ca=True, path_length=1),
Andre Caron6e721a92015-05-17 15:08:48 -0400[diff] [blame]592 ),
593 ]
594
Andre Caronf27e4f42015-05-18 17:54:59 -0400[diff] [blame]595 def test_public_bytes_pem(self, backend):
Andre Caron476c5df2015-05-18 10:23:28 -0400[diff] [blame]596 # Load an existing CSR.
597 request = _load_cert(
598 os.path.join("x509", "requests", "rsa_sha1.pem"),
599 x509.load_pem_x509_csr,
600 backend
601 )
602
603 # Encode it to PEM and load it back.
604 request = x509.load_pem_x509_csr(request.public_bytes(
605 encoding=serialization.Encoding.PEM,
606 ), backend)
607
608 # We should recover what we had to start with.
609 assert isinstance(request.signature_hash_algorithm, hashes.SHA1)
610 public_key = request.public_key()
611 assert isinstance(public_key, rsa.RSAPublicKey)
612 subject = request.subject
613 assert isinstance(subject, x509.Name)
614 assert list(subject) == [
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]615 x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
616 x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Texas'),
617 x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Austin'),
618 x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'PyCA'),
619 x509.NameAttribute(x509.OID_COMMON_NAME, u'cryptography.io'),
Andre Caron476c5df2015-05-18 10:23:28 -0400[diff] [blame]620 ]
621
Andre Caronf27e4f42015-05-18 17:54:59 -0400[diff] [blame]622 def test_public_bytes_der(self, backend):
Andre Caron476c5df2015-05-18 10:23:28 -0400[diff] [blame]623 # Load an existing CSR.
624 request = _load_cert(
625 os.path.join("x509", "requests", "rsa_sha1.pem"),
626 x509.load_pem_x509_csr,
627 backend
628 )
629
630 # Encode it to DER and load it back.
631 request = x509.load_der_x509_csr(request.public_bytes(
632 encoding=serialization.Encoding.DER,
633 ), backend)
634
635 # We should recover what we had to start with.
636 assert isinstance(request.signature_hash_algorithm, hashes.SHA1)
637 public_key = request.public_key()
638 assert isinstance(public_key, rsa.RSAPublicKey)
639 subject = request.subject
640 assert isinstance(subject, x509.Name)
641 assert list(subject) == [
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]642 x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
643 x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Texas'),
644 x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Austin'),
645 x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'PyCA'),
646 x509.NameAttribute(x509.OID_COMMON_NAME, u'cryptography.io'),
Andre Caron476c5df2015-05-18 10:23:28 -0400[diff] [blame]647 ]
648
Andre Caronf27e4f42015-05-18 17:54:59 -0400[diff] [blame]649 def test_public_bytes_invalid_encoding(self, backend):
Andre Caron476c5df2015-05-18 10:23:28 -0400[diff] [blame]650 request = _load_cert(
651 os.path.join("x509", "requests", "rsa_sha1.pem"),
652 x509.load_pem_x509_csr,
653 backend
654 )
655
656 with pytest.raises(TypeError):
657 request.public_bytes('NotAnEncoding')
658
Andre Caronacb18972015-05-18 21:04:15 -0400[diff] [blame]659 @pytest.mark.parametrize(
660 ("request_path", "loader_func", "encoding"),
661 [
662 (
663 os.path.join("x509", "requests", "rsa_sha1.pem"),
664 x509.load_pem_x509_csr,
665 serialization.Encoding.PEM,
666 ),
667 (
668 os.path.join("x509", "requests", "rsa_sha1.der"),
669 x509.load_der_x509_csr,
670 serialization.Encoding.DER,
671 ),
672 ]
673 )
674 def test_public_bytes_match(self, request_path, loader_func, encoding,
675 backend):
676 request_bytes = load_vectors_from_file(
677 request_path, lambda pemfile: pemfile.read(), mode="rb"
678 )
679 request = loader_func(request_bytes, backend)
680 serialized = request.public_bytes(encoding)
681 assert serialized == request_bytes
682
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]683
Andre Caron0ef595f2015-05-18 13:53:43 -0400[diff] [blame]684@pytest.mark.requires_backend_interface(interface=X509Backend)
685class TestCertificateSigningRequestBuilder(object):
Ian Cordasco8ed8edc2015-06-22 20:11:17 -0500[diff] [blame]686 @pytest.mark.requires_backend_interface(interface=RSABackend)
Andre Caron0ef595f2015-05-18 13:53:43 -0400[diff] [blame]687 def test_sign_invalid_hash_algorithm(self, backend):
Ian Cordasco4d46eb72015-06-17 12:08:27 -0500[diff] [blame]688 private_key = RSA_KEY_2048.private_key(backend)
689
Alex Gaynorba19c2e2015-06-27 00:07:09 -0400[diff] [blame]690 builder = x509.CertificateSigningRequestBuilder().subject_name(
691 x509.Name([])
692 )
Andre Caron0ef595f2015-05-18 13:53:43 -0400[diff] [blame]693 with pytest.raises(TypeError):
Alex Gaynorb3b0fbe2015-06-26 19:57:18 -0400[diff] [blame]694 builder.sign(private_key, 'NotAHash', backend)
Andre Caron0ef595f2015-05-18 13:53:43 -0400[diff] [blame]695
Ian Cordasco8ed8edc2015-06-22 20:11:17 -0500[diff] [blame]696 @pytest.mark.requires_backend_interface(interface=RSABackend)
Alex Gaynorba19c2e2015-06-27 00:07:09 -0400[diff] [blame]697 def test_no_subject_name(self, backend):
698 private_key = RSA_KEY_2048.private_key(backend)
699
700 builder = x509.CertificateSigningRequestBuilder()
701 with pytest.raises(ValueError):
702 builder.sign(private_key, hashes.SHA256(), backend)
703
704 @pytest.mark.requires_backend_interface(interface=RSABackend)
Ian Cordasco8ed8edc2015-06-22 20:11:17 -0500[diff] [blame]705 def test_build_ca_request_with_rsa(self, backend):
Ian Cordasco4d46eb72015-06-17 12:08:27 -0500[diff] [blame]706 private_key = RSA_KEY_2048.private_key(backend)
707
Andre Carona9a51172015-06-06 20:18:44 -0400[diff] [blame]708 request = x509.CertificateSigningRequestBuilder().subject_name(
Andre Caron99d0f902015-06-01 08:36:59 -0400[diff] [blame]709 x509.Name([
Ian Cordasco94b34d32015-06-17 10:55:07 -0500[diff] [blame]710 x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'PyCA'),
Andre Caron99d0f902015-06-01 08:36:59 -0400[diff] [blame]711 ])
Andre Caron472fd692015-06-06 20:04:44 -0400[diff] [blame]712 ).add_extension(
Ian Cordasco41f51ce2015-06-17 11:49:11 -0500[diff] [blame]713 x509.BasicConstraints(ca=True, path_length=2), critical=True
Alex Gaynorb3b0fbe2015-06-26 19:57:18 -0400[diff] [blame]714 ).sign(private_key, hashes.SHA1(), backend)
Andre Caron0ef595f2015-05-18 13:53:43 -0400[diff] [blame]715
716 assert isinstance(request.signature_hash_algorithm, hashes.SHA1)
717 public_key = request.public_key()
718 assert isinstance(public_key, rsa.RSAPublicKey)
719 subject = request.subject
720 assert isinstance(subject, x509.Name)
721 assert list(subject) == [
Ian Cordasco94b34d32015-06-17 10:55:07 -0500[diff] [blame]722 x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'PyCA'),
Andre Caron0ef595f2015-05-18 13:53:43 -0400[diff] [blame]723 ]
724 basic_constraints = request.extensions.get_extension_for_oid(
725 x509.OID_BASIC_CONSTRAINTS
726 )
727 assert basic_constraints.value.ca is True
728 assert basic_constraints.value.path_length == 2
729
Ian Cordasco8ed8edc2015-06-22 20:11:17 -0500[diff] [blame]730 @pytest.mark.requires_backend_interface(interface=RSABackend)
Ian Cordasco13cdc7b2015-06-24 21:45:55 -0500[diff] [blame]731 def test_build_ca_request_with_unicode(self, backend):
732 private_key = RSA_KEY_2048.private_key(backend)
733
734 request = x509.CertificateSigningRequestBuilder().subject_name(
735 x509.Name([
Ian Cordasco13cdc7b2015-06-24 21:45:55 -0500[diff] [blame]736 x509.NameAttribute(x509.OID_ORGANIZATION_NAME,
737 u'PyCA\U0001f37a'),
Ian Cordasco13cdc7b2015-06-24 21:45:55 -0500[diff] [blame]738 ])
739 ).add_extension(
740 x509.BasicConstraints(ca=True, path_length=2), critical=True
Alex Gaynorb3b0fbe2015-06-26 19:57:18 -0400[diff] [blame]741 ).sign(private_key, hashes.SHA1(), backend)
Ian Cordasco13cdc7b2015-06-24 21:45:55 -0500[diff] [blame]742
743 loaded_request = x509.load_pem_x509_csr(
744 request.public_bytes(encoding=serialization.Encoding.PEM), backend
745 )
746 subject = loaded_request.subject
747 assert isinstance(subject, x509.Name)
748 assert list(subject) == [
Ian Cordasco13cdc7b2015-06-24 21:45:55 -0500[diff] [blame]749 x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'PyCA\U0001f37a'),
Ian Cordasco13cdc7b2015-06-24 21:45:55 -0500[diff] [blame]750 ]
751
752 @pytest.mark.requires_backend_interface(interface=RSABackend)
Ian Cordasco8ed8edc2015-06-22 20:11:17 -0500[diff] [blame]753 def test_build_nonca_request_with_rsa(self, backend):
Ian Cordasco4d46eb72015-06-17 12:08:27 -0500[diff] [blame]754 private_key = RSA_KEY_2048.private_key(backend)
755
Andre Carona9a51172015-06-06 20:18:44 -0400[diff] [blame]756 request = x509.CertificateSigningRequestBuilder().subject_name(
Andre Caron99d0f902015-06-01 08:36:59 -0400[diff] [blame]757 x509.Name([
Ian Cordasco94b34d32015-06-17 10:55:07 -0500[diff] [blame]758 x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
Andre Caron99d0f902015-06-01 08:36:59 -0400[diff] [blame]759 ])
Andre Caron472fd692015-06-06 20:04:44 -0400[diff] [blame]760 ).add_extension(
Ian Cordasco0112b022015-06-16 17:51:18 -0500[diff] [blame]761 x509.BasicConstraints(ca=False, path_length=None), critical=True,
Alex Gaynorb3b0fbe2015-06-26 19:57:18 -0400[diff] [blame]762 ).sign(private_key, hashes.SHA1(), backend)
Andre Caron0ef595f2015-05-18 13:53:43 -0400[diff] [blame]763
764 assert isinstance(request.signature_hash_algorithm, hashes.SHA1)
765 public_key = request.public_key()
766 assert isinstance(public_key, rsa.RSAPublicKey)
767 subject = request.subject
768 assert isinstance(subject, x509.Name)
769 assert list(subject) == [
Ian Cordasco94b34d32015-06-17 10:55:07 -0500[diff] [blame]770 x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
Andre Caron0ef595f2015-05-18 13:53:43 -0400[diff] [blame]771 ]
772 basic_constraints = request.extensions.get_extension_for_oid(
773 x509.OID_BASIC_CONSTRAINTS
774 )
775 assert basic_constraints.value.ca is False
776 assert basic_constraints.value.path_length is None
777
Ian Cordasco8ed8edc2015-06-22 20:11:17 -0500[diff] [blame]778 @pytest.mark.requires_backend_interface(interface=EllipticCurveBackend)
779 def test_build_ca_request_with_ec(self, backend):
780 if backend._lib.OPENSSL_VERSION_NUMBER < 0x10001000:
781 pytest.skip("Requires a newer OpenSSL. Must be >= 1.0.1")
782
Ian Cordasco8cdcdfc2015-06-24 22:00:26 -0500[diff] [blame]783 _skip_curve_unsupported(backend, ec.SECP256R1())
784 private_key = ec.generate_private_key(ec.SECP256R1(), backend)
Ian Cordasco8ed8edc2015-06-22 20:11:17 -0500[diff] [blame]785
786 request = x509.CertificateSigningRequestBuilder().subject_name(
787 x509.Name([
Ian Cordasco8ed8edc2015-06-22 20:11:17 -0500[diff] [blame]788 x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Texas'),
Ian Cordasco8ed8edc2015-06-22 20:11:17 -0500[diff] [blame]789 ])
790 ).add_extension(
791 x509.BasicConstraints(ca=True, path_length=2), critical=True
Alex Gaynorb3b0fbe2015-06-26 19:57:18 -0400[diff] [blame]792 ).sign(private_key, hashes.SHA1(), backend)
Ian Cordasco8ed8edc2015-06-22 20:11:17 -0500[diff] [blame]793
794 assert isinstance(request.signature_hash_algorithm, hashes.SHA1)
795 public_key = request.public_key()
796 assert isinstance(public_key, ec.EllipticCurvePublicKey)
797 subject = request.subject
798 assert isinstance(subject, x509.Name)
799 assert list(subject) == [
Ian Cordasco8ed8edc2015-06-22 20:11:17 -0500[diff] [blame]800 x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Texas'),
Ian Cordasco8ed8edc2015-06-22 20:11:17 -0500[diff] [blame]801 ]
802 basic_constraints = request.extensions.get_extension_for_oid(
803 x509.OID_BASIC_CONSTRAINTS
804 )
805 assert basic_constraints.value.ca is True
806 assert basic_constraints.value.path_length == 2
807
808 @pytest.mark.requires_backend_interface(interface=DSABackend)
809 def test_build_ca_request_with_dsa(self, backend):
810 if backend._lib.OPENSSL_VERSION_NUMBER < 0x10001000:
811 pytest.skip("Requires a newer OpenSSL. Must be >= 1.0.1")
812
813 private_key = DSA_KEY_2048.private_key(backend)
814
815 request = x509.CertificateSigningRequestBuilder().subject_name(
816 x509.Name([
817 x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
Ian Cordasco8ed8edc2015-06-22 20:11:17 -0500[diff] [blame]818 ])
819 ).add_extension(
820 x509.BasicConstraints(ca=True, path_length=2), critical=True
Alex Gaynorb3b0fbe2015-06-26 19:57:18 -0400[diff] [blame]821 ).sign(private_key, hashes.SHA1(), backend)
Ian Cordasco8ed8edc2015-06-22 20:11:17 -0500[diff] [blame]822
823 assert isinstance(request.signature_hash_algorithm, hashes.SHA1)
824 public_key = request.public_key()
825 assert isinstance(public_key, dsa.DSAPublicKey)
826 subject = request.subject
827 assert isinstance(subject, x509.Name)
828 assert list(subject) == [
829 x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
Ian Cordasco8ed8edc2015-06-22 20:11:17 -0500[diff] [blame]830 ]
831 basic_constraints = request.extensions.get_extension_for_oid(
832 x509.OID_BASIC_CONSTRAINTS
833 )
834 assert basic_constraints.value.ca is True
835 assert basic_constraints.value.path_length == 2
836
Paul Kehrerff917802015-06-26 17:29:04 -0500[diff] [blame]837 def test_add_duplicate_extension(self):
Andre Caronfc164c52015-05-31 17:36:18 -0400[diff] [blame]838 builder = x509.CertificateSigningRequestBuilder().add_extension(
Andre Caron472fd692015-06-06 20:04:44 -0400[diff] [blame]839 x509.BasicConstraints(True, 2), critical=True,
Andre Caronfc164c52015-05-31 17:36:18 -0400[diff] [blame]840 )
Andre Caron0ef595f2015-05-18 13:53:43 -0400[diff] [blame]841 with pytest.raises(ValueError):
Andre Caron472fd692015-06-06 20:04:44 -0400[diff] [blame]842 builder.add_extension(
843 x509.BasicConstraints(True, 2), critical=True,
844 )
Andre Caron0ef595f2015-05-18 13:53:43 -0400[diff] [blame]845
Paul Kehrerff917802015-06-26 17:29:04 -0500[diff] [blame]846 def test_set_invalid_subject(self):
Andre Caron0ef595f2015-05-18 13:53:43 -0400[diff] [blame]847 builder = x509.CertificateSigningRequestBuilder()
848 with pytest.raises(TypeError):
Andre Carona9a51172015-06-06 20:18:44 -0400[diff] [blame]849 builder.subject_name('NotAName')
Andre Caron0ef595f2015-05-18 13:53:43 -0400[diff] [blame]850
Paul Kehrerff917802015-06-26 17:29:04 -0500[diff] [blame]851 def test_add_unsupported_extension(self):
Ian Cordasco34853f32015-06-21 10:50:53 -0500[diff] [blame]852 builder = x509.CertificateSigningRequestBuilder()
Ian Cordascof06b6be2015-06-21 10:09:18 -0500[diff] [blame]853 with pytest.raises(NotImplementedError):
Andre Caron472fd692015-06-06 20:04:44 -0400[diff] [blame]854 builder.add_extension(
Ian Cordascof06b6be2015-06-21 10:09:18 -0500[diff] [blame]855 x509.AuthorityKeyIdentifier('keyid', None, None),
856 critical=False,
Andre Caron472fd692015-06-06 20:04:44 -0400[diff] [blame]857 )
Andre Caron0ef595f2015-05-18 13:53:43 -0400[diff] [blame]858
Paul Kehrer7e2fbe62015-06-26 17:59:05 -0500[diff] [blame]859 def test_add_unsupported_extension_in_backend(self, backend):
860 private_key = RSA_KEY_2048.private_key(backend)
861 builder = x509.CertificateSigningRequestBuilder()
862 builder = builder.subject_name(
863 x509.Name([
864 x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
865 ])
866 ).add_extension(
867 x509.SubjectAlternativeName([x509.DNSName(u"cryptography.io")]),
868 critical=False,
869 )
870 with pytest.raises(NotImplementedError):
Alex Gaynor76a0a642015-06-26 20:26:25 -0400[diff] [blame]871 builder.sign(private_key, hashes.SHA256(), backend)
Paul Kehrer7e2fbe62015-06-26 17:59:05 -0500[diff] [blame]872
Paul Kehrerff917802015-06-26 17:29:04 -0500[diff] [blame]873 def test_set_subject_twice(self):
874 builder = x509.CertificateSigningRequestBuilder()
875 builder = builder.subject_name(
876 x509.Name([
877 x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
878 ])
879 )
880 with pytest.raises(ValueError):
881 builder.subject_name(
882 x509.Name([
883 x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
884 ])
885 )
886
Andre Caron0ef595f2015-05-18 13:53:43 -0400[diff] [blame]887
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]888@pytest.mark.requires_backend_interface(interface=DSABackend)
889@pytest.mark.requires_backend_interface(interface=X509Backend)
Paul Kehrere76cd272014-12-14 19:00:51 -0600[diff] [blame]890class TestDSACertificate(object):
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]891 def test_load_dsa_cert(self, backend):
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]892 cert = _load_cert(
Paul Kehrer4903adc2014-12-13 16:57:50 -0600[diff] [blame]893 os.path.join("x509", "custom", "dsa_selfsigned_ca.pem"),
Paul Kehrer41120322014-12-02 18:31:14 -1000[diff] [blame]894 x509.load_pem_x509_certificate,
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]895 backend
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]896 )
Paul Kehrer8802a5b2015-02-13 12:06:57 -0600[diff] [blame]897 assert isinstance(cert.signature_hash_algorithm, hashes.SHA1)
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]898 public_key = cert.public_key()
Alex Gaynor32c57df2015-02-23 21:51:27 -0800[diff] [blame]899 assert isinstance(public_key, dsa.DSAPublicKey)
Alex Gaynorece38722015-06-27 17:19:30 -0400[diff] [blame]900 num = public_key.public_numbers()
901 assert num.y == int(
902 "4c08bfe5f2d76649c80acf7d431f6ae2124b217abc8c9f6aca776ddfa94"
903 "53b6656f13e543684cd5f6431a314377d2abfa068b7080cb8ddc065afc2"
904 "dea559f0b584c97a2b235b9b69b46bc6de1aed422a6f341832618bcaae2"
905 "198aba388099dafb05ff0b5efecb3b0ae169a62e1c72022af50ae68af3b"
906 "033c18e6eec1f7df4692c456ccafb79cc7e08da0a5786e9816ceda651d6"
907 "1b4bb7b81c2783da97cea62df67af5e85991fdc13aff10fc60e06586386"
908 "b96bb78d65750f542f86951e05a6d81baadbcd35a2e5cad4119923ae6a2"
909 "002091a3d17017f93c52970113cdc119970b9074ca506eac91c3dd37632"
910 "5df4af6b3911ef267d26623a5a1c5df4a6d13f1c", 16
911 )
912 assert num.parameter_numbers.g == int(
913 "4b7ced71dc353965ecc10d441a9a06fc24943a32d66429dd5ef44d43e67"
914 "d789d99770aec32c0415dc92970880872da45fef8dd1e115a3e4801387b"
915 "a6d755861f062fd3b6e9ea8e2641152339b828315b1528ee6c7b79458d2"
916 "1f3db973f6fc303f9397174c2799dd2351282aa2d8842c357a73495bbaa"
917 "c4932786414c55e60d73169f5761036fba29e9eebfb049f8a3b1b7cee6f"
918 "3fbfa136205f130bee2cf5b9c38dc1095d4006f2e73335c07352c64130a"
919 "1ab2b89f13b48f628d3cc3868beece9bb7beade9f830eacc6fa241425c0"
920 "b3fcc0df416a0c89f7bf35668d765ec95cdcfbe9caff49cfc156c668c76"
921 "fa6247676a6d3ac945844a083509c6a1b436baca", 16
922 )
923 assert num.parameter_numbers.p == int(
924 "bfade6048e373cd4e48b677e878c8e5b08c02102ae04eb2cb5c46a523a3"
925 "af1c73d16b24f34a4964781ae7e50500e21777754a670bd19a7420d6330"
926 "84e5556e33ca2c0e7d547ea5f46a07a01bf8669ae3bdec042d9b2ae5e6e"
927 "cf49f00ba9dac99ab6eff140d2cedf722ee62c2f9736857971444c25d0a"
928 "33d2017dc36d682a1054fe2a9428dda355a851ce6e6d61e03e419fd4ca4"
929 "e703313743d86caa885930f62ed5bf342d8165627681e9cc3244ba72aa2"
930 "2148400a6bbe80154e855d042c9dc2a3405f1e517be9dea50562f56da93"
931 "f6085f844a7e705c1f043e65751c583b80d29103e590ccb26efdaa0893d"
932 "833e36468f3907cfca788a3cb790f0341c8a31bf", 16
933 )
934 assert num.parameter_numbers.q == int(
935 "822ff5d234e073b901cf5941f58e1f538e71d40d", 16
936 )
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]937
Paul Kehrer1effb6e2015-03-30 15:05:59 -0500[diff] [blame]938 @pytest.mark.parametrize(
939 ("path", "loader_func"),
940 [
941 [
942 os.path.join("x509", "requests", "dsa_sha1.pem"),
943 x509.load_pem_x509_csr
944 ],
945 [
946 os.path.join("x509", "requests", "dsa_sha1.der"),
947 x509.load_der_x509_csr
948 ],
949 ]
950 )
951 def test_load_dsa_request(self, path, loader_func, backend):
952 request = _load_cert(path, loader_func, backend)
Paul Kehrerdc480ad2015-02-23 12:14:54 -0600[diff] [blame]953 assert isinstance(request.signature_hash_algorithm, hashes.SHA1)
954 public_key = request.public_key()
955 assert isinstance(public_key, dsa.DSAPublicKey)
956 subject = request.subject
957 assert isinstance(subject, x509.Name)
958 assert list(subject) == [
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]959 x509.NameAttribute(x509.OID_COMMON_NAME, u'cryptography.io'),
960 x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'PyCA'),
961 x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
962 x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Texas'),
963 x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Austin'),
Paul Kehrerdc480ad2015-02-23 12:14:54 -0600[diff] [blame]964 ]
965
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]966
967@pytest.mark.requires_backend_interface(interface=EllipticCurveBackend)
968@pytest.mark.requires_backend_interface(interface=X509Backend)
Paul Kehrere76cd272014-12-14 19:00:51 -0600[diff] [blame]969class TestECDSACertificate(object):
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]970 def test_load_ecdsa_cert(self, backend):
971 _skip_curve_unsupported(backend, ec.SECP384R1())
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]972 cert = _load_cert(
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]973 os.path.join("x509", "ecdsa_root.pem"),
Paul Kehrer41120322014-12-02 18:31:14 -1000[diff] [blame]974 x509.load_pem_x509_certificate,
Paul Kehrera693cfd2014-11-27 07:47:58 -1000[diff] [blame]975 backend
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]976 )
Paul Kehrer8802a5b2015-02-13 12:06:57 -0600[diff] [blame]977 assert isinstance(cert.signature_hash_algorithm, hashes.SHA384)
Paul Kehrerf1ef3512014-11-26 17:36:05 -1000[diff] [blame]978 public_key = cert.public_key()
Alex Gaynor32c57df2015-02-23 21:51:27 -0800[diff] [blame]979 assert isinstance(public_key, ec.EllipticCurvePublicKey)
Alex Gaynorece38722015-06-27 17:19:30 -0400[diff] [blame]980 num = public_key.public_numbers()
981 assert num.x == int(
982 "dda7d9bb8ab80bfb0b7f21d2f0bebe73f3335d1abc34eadec69bbcd095f"
983 "6f0ccd00bba615b51467e9e2d9fee8e630c17", 16
984 )
985 assert num.y == int(
986 "ec0770f5cf842e40839ce83f416d3badd3a4145936789d0343ee10136c7"
987 "2deae88a7a16bb543ce67dc23ff031ca3e23e", 16
988 )
989 assert isinstance(num.curve, ec.SECP384R1)
Paul Kehrer6c660a82014-12-12 11:50:44 -0600[diff] [blame]990
991 def test_load_ecdsa_no_named_curve(self, backend):
992 _skip_curve_unsupported(backend, ec.SECP256R1())
993 cert = _load_cert(
994 os.path.join("x509", "custom", "ec_no_named_curve.pem"),
995 x509.load_pem_x509_certificate,
996 backend
997 )
998 with pytest.raises(NotImplementedError):
999 cert.public_key()
Paul Kehrer912d3fb2015-01-29 11:19:22 -0600[diff] [blame]1000
Paul Kehrer1effb6e2015-03-30 15:05:59 -0500[diff] [blame]1001 @pytest.mark.parametrize(
1002 ("path", "loader_func"),
1003 [
1004 [
1005 os.path.join("x509", "requests", "ec_sha256.pem"),
1006 x509.load_pem_x509_csr
1007 ],
1008 [
1009 os.path.join("x509", "requests", "ec_sha256.der"),
1010 x509.load_der_x509_csr
1011 ],
1012 ]
1013 )
1014 def test_load_ecdsa_certificate_request(self, path, loader_func, backend):
Paul Kehrerdc480ad2015-02-23 12:14:54 -0600[diff] [blame]1015 _skip_curve_unsupported(backend, ec.SECP384R1())
Paul Kehrer1effb6e2015-03-30 15:05:59 -0500[diff] [blame]1016 request = _load_cert(path, loader_func, backend)
Paul Kehrerdc480ad2015-02-23 12:14:54 -0600[diff] [blame]1017 assert isinstance(request.signature_hash_algorithm, hashes.SHA256)
1018 public_key = request.public_key()
1019 assert isinstance(public_key, ec.EllipticCurvePublicKey)
1020 subject = request.subject
1021 assert isinstance(subject, x509.Name)
1022 assert list(subject) == [
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]1023 x509.NameAttribute(x509.OID_COMMON_NAME, u'cryptography.io'),
1024 x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'PyCA'),
1025 x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
1026 x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Texas'),
1027 x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Austin'),
Paul Kehrerdc480ad2015-02-23 12:14:54 -0600[diff] [blame]1028 ]
1029
Paul Kehrer912d3fb2015-01-29 11:19:22 -0600[diff] [blame]1030
Paul Kehrer806bfb22015-02-02 17:05:24 -0600[diff] [blame]1031class TestNameAttribute(object):
Alex Gaynora56ff412015-02-10 17:26:32 -0500[diff] [blame]1032 def test_init_bad_oid(self):
1033 with pytest.raises(TypeError):
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]1034 x509.NameAttribute(None, u'value')
Alex Gaynora56ff412015-02-10 17:26:32 -0500[diff] [blame]1035
Ian Cordasco7618fbe2015-06-16 19:12:17 -0500[diff] [blame]1036 def test_init_bad_value(self):
1037 with pytest.raises(TypeError):
1038 x509.NameAttribute(
1039 x509.ObjectIdentifier('oid'),
1040 b'bytes'
1041 )
1042
Paul Kehrer912d3fb2015-01-29 11:19:22 -0600[diff] [blame]1043 def test_eq(self):
Paul Kehrer806bfb22015-02-02 17:05:24 -0600[diff] [blame]1044 assert x509.NameAttribute(
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]1045 x509.ObjectIdentifier('oid'), u'value'
Paul Kehrer806bfb22015-02-02 17:05:24 -0600[diff] [blame]1046 ) == x509.NameAttribute(
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]1047 x509.ObjectIdentifier('oid'), u'value'
Paul Kehrer912d3fb2015-01-29 11:19:22 -0600[diff] [blame]1048 )
1049
1050 def test_ne(self):
Paul Kehrer806bfb22015-02-02 17:05:24 -0600[diff] [blame]1051 assert x509.NameAttribute(
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]1052 x509.ObjectIdentifier('2.5.4.3'), u'value'
Paul Kehrer806bfb22015-02-02 17:05:24 -0600[diff] [blame]1053 ) != x509.NameAttribute(
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]1054 x509.ObjectIdentifier('2.5.4.5'), u'value'
Paul Kehrer912d3fb2015-01-29 11:19:22 -0600[diff] [blame]1055 )
Paul Kehrer806bfb22015-02-02 17:05:24 -0600[diff] [blame]1056 assert x509.NameAttribute(
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]1057 x509.ObjectIdentifier('oid'), u'value'
Paul Kehrer806bfb22015-02-02 17:05:24 -0600[diff] [blame]1058 ) != x509.NameAttribute(
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]1059 x509.ObjectIdentifier('oid'), u'value2'
Paul Kehrer912d3fb2015-01-29 11:19:22 -0600[diff] [blame]1060 )
Paul Kehrer806bfb22015-02-02 17:05:24 -0600[diff] [blame]1061 assert x509.NameAttribute(
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]1062 x509.ObjectIdentifier('oid'), u'value'
Paul Kehrer912d3fb2015-01-29 11:19:22 -0600[diff] [blame]1063 ) != object()
1064
Paul Kehrera498be82015-02-12 15:00:56 -0600[diff] [blame]1065 def test_repr(self):
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]1066 na = x509.NameAttribute(x509.ObjectIdentifier('2.5.4.3'), u'value')
Ian Cordascoa908d692015-06-16 21:35:24 -0500[diff] [blame]1067 if six.PY3:
1068 assert repr(na) == (
1069 "<NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.3, name=commo"
1070 "nName)>, value='value')>"
1071 )
1072 else:
1073 assert repr(na) == (
1074 "<NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.3, name=commo"
1075 "nName)>, value=u'value')>"
1076 )
Paul Kehrera498be82015-02-12 15:00:56 -0600[diff] [blame]1077
Paul Kehrer912d3fb2015-01-29 11:19:22 -0600[diff] [blame]1078
1079class TestObjectIdentifier(object):
1080 def test_eq(self):
Paul Kehrer806bfb22015-02-02 17:05:24 -0600[diff] [blame]1081 oid1 = x509.ObjectIdentifier('oid')
1082 oid2 = x509.ObjectIdentifier('oid')
Paul Kehrer912d3fb2015-01-29 11:19:22 -0600[diff] [blame]1083 assert oid1 == oid2
1084
1085 def test_ne(self):
Paul Kehrer806bfb22015-02-02 17:05:24 -0600[diff] [blame]1086 oid1 = x509.ObjectIdentifier('oid')
1087 assert oid1 != x509.ObjectIdentifier('oid1')
Paul Kehrer912d3fb2015-01-29 11:19:22 -0600[diff] [blame]1088 assert oid1 != object()
1089
1090 def test_repr(self):
Paul Kehrer806bfb22015-02-02 17:05:24 -0600[diff] [blame]1091 oid = x509.ObjectIdentifier("2.5.4.3")
1092 assert repr(oid) == "<ObjectIdentifier(oid=2.5.4.3, name=commonName)>"
1093 oid = x509.ObjectIdentifier("oid1")
1094 assert repr(oid) == "<ObjectIdentifier(oid=oid1, name=Unknown OID)>"
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]1095
1096
1097class TestName(object):
1098 def test_eq(self):
1099 name1 = x509.Name([
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]1100 x509.NameAttribute(x509.ObjectIdentifier('oid'), u'value1'),
1101 x509.NameAttribute(x509.ObjectIdentifier('oid2'), u'value2'),
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]1102 ])
1103 name2 = x509.Name([
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]1104 x509.NameAttribute(x509.ObjectIdentifier('oid'), u'value1'),
1105 x509.NameAttribute(x509.ObjectIdentifier('oid2'), u'value2'),
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]1106 ])
1107 assert name1 == name2
1108
1109 def test_ne(self):
1110 name1 = x509.Name([
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]1111 x509.NameAttribute(x509.ObjectIdentifier('oid'), u'value1'),
1112 x509.NameAttribute(x509.ObjectIdentifier('oid2'), u'value2'),
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]1113 ])
1114 name2 = x509.Name([
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]1115 x509.NameAttribute(x509.ObjectIdentifier('oid2'), u'value2'),
1116 x509.NameAttribute(x509.ObjectIdentifier('oid'), u'value1'),
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]1117 ])
1118 assert name1 != name2
1119 assert name1 != object()
Paul Kehrer1fb35c92015-04-11 15:42:54 -0400[diff] [blame]1120
1121 def test_repr(self):
1122 name = x509.Name([
Ian Cordasco82fc3762015-06-16 20:59:50 -0500[diff] [blame]1123 x509.NameAttribute(x509.OID_COMMON_NAME, u'cryptography.io'),
1124 x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'PyCA'),
Paul Kehrer1fb35c92015-04-11 15:42:54 -0400[diff] [blame]1125 ])
1126
Ian Cordascoa908d692015-06-16 21:35:24 -0500[diff] [blame]1127 if six.PY3:
1128 assert repr(name) == (
1129 "<Name([<NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.3, name"
1130 "=commonName)>, value='cryptography.io')>, <NameAttribute(oid="
1131 "<ObjectIdentifier(oid=2.5.4.10, name=organizationName)>, valu"
1132 "e='PyCA')>])>"
1133 )
1134 else:
1135 assert repr(name) == (
1136 "<Name([<NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.3, name"
1137 "=commonName)>, value=u'cryptography.io')>, <NameAttribute(oid"
1138 "=<ObjectIdentifier(oid=2.5.4.10, name=organizationName)>, val"
1139 "ue=u'PyCA')>])>"
1140 )