Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cryptography / 1eb5b86f86758a8247b742c580cc7163b89a1e7a / . / tests / test_x509.py
blob: fe14758bd5e8a37b5da548dd88202ece97adb442 [file] [log] [blame]
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]1# This file is dual licensed under the terms of the Apache License, Version
2# 2.0, and the BSD License. See the LICENSE file in the root of this repository
3# for complete details.
4
5from __future__ import absolute_import, division, print_function
6
7import base64
8import datetime
9import os
10import textwrap
11
12import pytest
13
14from cryptography import x509
Paul Kehrera9d78c12014-11-26 10:59:03 -1000[diff] [blame]15from cryptography.exceptions import InvalidX509Version
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]16from cryptography.hazmat.backends.interfaces import RSABackend, X509Backend
17from cryptography.hazmat.primitives import interfaces
18
Paul Kehrera9d78c12014-11-26 10:59:03 -1000[diff] [blame]19from .utils import load_vectors_from_file
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]20
21
22def _der_to_pem(data):
23 lines = textwrap.wrap(base64.b64encode(data), 64)
24 return (
25 "-----BEGIN CERTIFICATE-----\n" +
26 "\n".join(lines) +
27 "\n-----END CERTIFICATE-----"
28 )
29
30
31def _load_der_cert(name, backend):
32 cert = load_vectors_from_file(
33 os.path.join(
34 "x509", "PKITS_data", "certs", name),
35 lambda pemfile: x509.load_der_x509_certificate(
36 pemfile.read(), backend
37 )
38 )
39 return cert
40
41
42@pytest.mark.requires_backend_interface(interface=RSABackend)
43@pytest.mark.requires_backend_interface(interface=X509Backend)
44class TestX509Certificate(object):
45 def test_load_good_ca_cert(self, backend):
46 cert = _load_der_cert("GoodCACert.crt", backend)
47
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]48 assert cert.not_before == datetime.datetime(2010, 1, 1, 8, 30)
49 assert cert.not_after == datetime.datetime(2030, 12, 31, 8, 30)
50 assert cert.serial == 2
51 public_key = cert.public_key()
52 assert isinstance(public_key, interfaces.RSAPublicKey)
53 assert cert.version == x509.X509Version.v3
54
Paul Kehrer1eb5b862014-11-26 11:44:03 -1000[diff] [blame^]55 def test_utc_pre_2000_not_before_cert(self, backend):
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]56 cert = _load_der_cert(
57 "Validpre2000UTCnotBeforeDateTest3EE.crt",
58 backend
59 )
60
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]61 assert cert.not_before == datetime.datetime(1950, 1, 1, 12, 1)
Paul Kehrer1eb5b862014-11-26 11:44:03 -1000[diff] [blame^]62
63 def test_pre_2000_utc_not_after_cert(self, backend):
64 cert = _load_der_cert(
65 "Invalidpre2000UTCEEnotAfterDateTest7EE.crt",
66 backend
67 )
68
69 assert cert.not_after == datetime.datetime(1999, 1, 1, 12, 1)
70
71 def test_post_2000_utc_cert(self, backend):
72 cert = load_vectors_from_file(
73 os.path.join("x509", "custom", "post2000utctime.pem"),
74 lambda pemfile: x509.load_pem_x509_certificate(
75 pemfile.read(), backend
76 )
77 )
78 assert cert.not_before == datetime.datetime(2014, 11, 26, 21, 41, 20)
79 assert cert.not_after == datetime.datetime(2014, 12, 26, 21, 41, 20)
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]80
81 def test_generalized_time_not_before_cert(self, backend):
82 cert = _load_der_cert(
83 "ValidGeneralizedTimenotBeforeDateTest4EE.crt",
84 backend
85 )
86
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]87 assert cert.not_before == datetime.datetime(2002, 1, 1, 12, 1)
88 assert cert.not_after == datetime.datetime(2030, 12, 31, 8, 30)
89 assert cert.version == x509.X509Version.v3
90
91 def test_generalized_time_not_after_cert(self, backend):
92 cert = _load_der_cert(
93 "ValidGeneralizedTimenotAfterDateTest8EE.crt",
94 backend
95 )
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]96 assert cert.not_before == datetime.datetime(2010, 1, 1, 8, 30)
97 assert cert.not_after == datetime.datetime(2050, 1, 1, 12, 1)
98 assert cert.version == x509.X509Version.v3
Paul Kehrera9d78c12014-11-26 10:59:03 -1000[diff] [blame]99
100 def test_invalid_version_cert(self, backend):
101 cert = load_vectors_from_file(
102 os.path.join("x509", "custom", "invalid_version.pem"),
103 lambda pemfile: x509.load_pem_x509_certificate(
104 pemfile.read(), backend
105 )
106 )
107 with pytest.raises(InvalidX509Version):
108 cert.version
Paul Kehrer30c5ccd2014-11-26 11:10:28 -1000[diff] [blame]109
110 def test_version_1_cert(self, backend):
111 cert = load_vectors_from_file(
112 os.path.join("x509", "v1_cert.pem"),
113 lambda pemfile: x509.load_pem_x509_certificate(
114 pemfile.read(), backend
115 )
116 )
117 assert cert.version == x509.X509Version.v1
Paul Kehrer7638c312014-11-26 11:13:31 -1000[diff] [blame]118
119 def test_invalid_pem(self, backend):
120 with pytest.raises(ValueError):
121 x509.load_pem_x509_certificate(b"notacert", backend)
122
123 def test_invalid_der(self, backend):
124 with pytest.raises(ValueError):
125 x509.load_der_x509_certificate(b"notacert", backend)