flake8 another file
diff --git a/OpenSSL/test/test_crypto.py b/OpenSSL/test/test_crypto.py
index 5b8ab77..409410a 100644
--- a/OpenSSL/test/test_crypto.py
+++ b/OpenSSL/test/test_crypto.py
@@ -36,6 +36,7 @@
)
from OpenSSL._util import native, lib
+
def normalize_certificate_pem(pem):
return dump_certificate(FILETYPE_PEM, load_certificate(FILETYPE_PEM, pem))
@@ -430,7 +431,6 @@
self.x509.set_notBefore(now)
self.x509.set_notAfter(expire)
-
def tearDown(self):
"""
Forget all of the pyOpenSSL objects so they can be garbage collected,
@@ -439,7 +439,6 @@
self.pkey = self.req = self.x509 = self.subject = None
super(X509ExtTests, self).tearDown()
-
def test_str(self):
"""
The string representation of :py:class:`X509Extension` instances as returned by
@@ -451,7 +450,6 @@
str(X509Extension(b('basicConstraints'), True, b('CA:false'))),
'CA:FALSE')
-
def test_type(self):
"""
:py:class:`X509Extension` and :py:class:`X509ExtensionType` refer to the same type object
@@ -462,7 +460,6 @@
X509Extension,
'X509Extension', b('basicConstraints'), True, b('CA:true'))
-
def test_construction(self):
"""
:py:class:`X509Extension` accepts an extension type name, a critical flag,
@@ -481,7 +478,6 @@
"%r is of type %r, should be %r" % (
comment, type(comment), X509ExtensionType))
-
def test_invalid_extension(self):
"""
:py:class:`X509Extension` raises something if it is passed a bad extension
@@ -500,7 +496,6 @@
Error, X509Extension, b('proxyCertInfo'), True,
b('language:id-ppl-anyLanguage,pathlen:1,policy:text:AB'))
-
def test_get_critical(self):
"""
:py:meth:`X509ExtensionType.get_critical` returns the value of the
@@ -511,7 +506,6 @@
ext = X509Extension(b('basicConstraints'), False, b('CA:true'))
self.assertFalse(ext.get_critical())
-
def test_get_short_name(self):
"""
:py:meth:`X509ExtensionType.get_short_name` returns a string giving the short
@@ -522,7 +516,6 @@
ext = X509Extension(b('nsComment'), True, b('foo bar'))
self.assertEqual(ext.get_short_name(), b('nsComment'))
-
def test_get_data(self):
"""
:py:meth:`X509Extension.get_data` returns a string giving the data of the
@@ -532,7 +525,6 @@
# Expect to get back the DER encoded form of CA:true.
self.assertEqual(ext.get_data(), b('0\x03\x01\x01\xff'))
-
def test_get_data_wrong_args(self):
"""
:py:meth:`X509Extension.get_data` raises :py:exc:`TypeError` if passed any arguments.
@@ -542,7 +534,6 @@
self.assertRaises(TypeError, ext.get_data, "foo")
self.assertRaises(TypeError, ext.get_data, 7)
-
def test_unused_subject(self):
"""
The :py:data:`subject` parameter to :py:class:`X509Extension` may be provided for an
@@ -557,7 +548,6 @@
self.assertTrue(b('X509v3 Basic Constraints:') in text)
self.assertTrue(b('CA:TRUE') in text)
-
def test_subject(self):
"""
If an extension requires a subject, the :py:data:`subject` parameter to
@@ -570,7 +560,6 @@
text = dump_certificate(FILETYPE_TEXT, self.x509)
self.assertTrue(b('X509v3 Subject Key Identifier:') in text)
-
def test_missing_subject(self):
"""
If an extension requires a subject and the :py:data:`subject` parameter is
@@ -579,7 +568,6 @@
self.assertRaises(
Error, X509Extension, b('subjectKeyIdentifier'), False, b('hash'))
-
def test_invalid_subject(self):
"""
If the :py:data:`subject` parameter is given a value which is not an
@@ -591,7 +579,6 @@
X509Extension,
'basicConstraints', False, 'CA:TRUE', subject=badObj)
-
def test_unused_issuer(self):
"""
The :py:data:`issuer` parameter to :py:class:`X509Extension` may be provided for an
@@ -605,7 +592,6 @@
self.assertTrue(b('X509v3 Basic Constraints:') in text)
self.assertTrue(b('CA:TRUE') in text)
-
def test_issuer(self):
"""
If an extension requires an issuer, the :py:data:`issuer` parameter to
@@ -620,7 +606,6 @@
self.assertTrue(b('X509v3 Authority Key Identifier:') in text)
self.assertTrue(b('DirName:/CN=Yoda root CA') in text)
-
def test_missing_issuer(self):
"""
If an extension requires an issue and the :py:data:`issuer` parameter is given
@@ -632,7 +617,6 @@
b('authorityKeyIdentifier'), False,
b('keyid:always,issuer:always'))
-
def test_invalid_issuer(self):
"""
If the :py:data:`issuer` parameter is given a value which is not an
@@ -646,11 +630,11 @@
issuer=badObj)
-
class PKeyTests(TestCase):
"""
Unit tests for :py:class:`OpenSSL.crypto.PKey`.
"""
+
def test_type(self):
"""
:py:class:`PKey` and :py:class:`PKeyType` refer to the same type object
@@ -659,7 +643,6 @@
self.assertIdentical(PKey, PKeyType)
self.assertConsistentType(PKey, 'PKey')
-
def test_construction(self):
"""
:py:class:`PKey` takes no arguments and returns a new :py:class:`PKey` instance.
@@ -670,7 +653,6 @@
isinstance(key, PKeyType),
"%r is of type %r, should be %r" % (key, type(key), PKeyType))
-
def test_pregeneration(self):
"""
:py:attr:`PKeyType.bits` and :py:attr:`PKeyType.type` return :py:data:`0` before the key is
@@ -682,7 +664,6 @@
self.assertEqual(key.bits(), 0)
self.assertRaises(TypeError, key.check)
-
def test_failedGeneration(self):
"""
:py:meth:`PKeyType.generate_key` takes two arguments, the first giving the key
@@ -717,7 +698,6 @@
# self.assertRaises(Error, key.generate_key, TYPE_DSA, -7)
-
def test_rsaGeneration(self):
"""
:py:meth:`PKeyType.generate_key` generates an RSA key when passed
@@ -730,7 +710,6 @@
self.assertEqual(key.bits(), bits)
self.assertTrue(key.check())
-
def test_dsaGeneration(self):
"""
:py:meth:`PKeyType.generate_key` generates a DSA key when passed
@@ -746,7 +725,6 @@
# self.assertEqual(key.bits(), bits)
# self.assertRaises(TypeError, key.check)
-
def test_regeneration(self):
"""
:py:meth:`PKeyType.generate_key` can be called multiple times on the same
@@ -758,7 +736,6 @@
self.assertEqual(key.type(), type)
self.assertEqual(key.bits(), bits)
-
def test_inconsistentKey(self):
"""
:py:`PKeyType.check` returns :py:exc:`Error` if the key is not consistent.
@@ -766,7 +743,6 @@
key = load_privatekey(FILETYPE_PEM, inconsistentPrivateKeyPEM)
self.assertRaises(Error, key.check)
-
def test_check_wrong_args(self):
"""
:py:meth:`PKeyType.check` raises :py:exc:`TypeError` if called with any arguments.
@@ -775,7 +751,6 @@
self.assertRaises(TypeError, PKey().check, object())
self.assertRaises(TypeError, PKey().check, 1)
-
def test_check_public_key(self):
"""
:py:meth:`PKeyType.check` raises :py:exc:`TypeError` if only the public
@@ -790,11 +765,11 @@
self.assertRaises(TypeError, pub.check)
-
class X509NameTests(TestCase):
"""
Unit tests for :py:class:`OpenSSL.crypto.X509Name`.
"""
+
def _x509name(self, **attrs):
# XXX There's no other way to get a new X509Name yet.
name = X509().get_subject()
@@ -807,7 +782,6 @@
setattr(name, k, v)
return name
-
def test_type(self):
"""
The type of X509Name objects is :py:class:`X509NameType`.
@@ -822,7 +796,6 @@
"%r is of type %r, should be %r" % (
name, type(name), X509NameType))
-
def test_onlyStringAttributes(self):
"""
Attempting to set a non-:py:data:`str` attribute name on an :py:class:`X509NameType`
@@ -842,7 +815,6 @@
self.assertRaises(TypeError, setattr, name, None, "hello")
self.assertRaises(TypeError, setattr, name, 30, "hello")
-
def test_setInvalidAttribute(self):
"""
Attempting to set any attribute name on an :py:class:`X509NameType` instance for
@@ -852,7 +824,6 @@
name = self._x509name()
self.assertRaises(AttributeError, setattr, name, "no such thing", None)
-
def test_attributes(self):
"""
:py:class:`X509NameType` instances have attributes for each standard (?)
@@ -872,7 +843,6 @@
self.assertEqual(name.commonName, "quux")
self.assertEqual(name.CN, "quux")
-
def test_copy(self):
"""
:py:class:`X509Name` creates a new :py:class:`X509NameType` instance with all the same
@@ -893,7 +863,6 @@
name.emailAddress = "quux@example.com"
self.assertEqual(copy.emailAddress, "bar@example.com")
-
def test_repr(self):
"""
:py:func:`repr` passed an :py:class:`X509NameType` instance should return a string
@@ -905,7 +874,6 @@
repr(name),
"<X509Name object '/emailAddress=bar/CN=foo'>")
-
def test_comparison(self):
"""
:py:class:`X509NameType` instances should compare based on their NIDs.
@@ -980,7 +948,6 @@
assertGreaterThan(self._x509name(CN="def"),
self._x509name(CN="abc"))
-
def test_hash(self):
"""
:py:meth:`X509Name.hash` returns an integer hash based on the value of the
@@ -992,7 +959,6 @@
a.CN = "bar"
self.assertNotEqual(a.hash(), b.hash())
-
def test_der(self):
"""
:py:meth:`X509Name.der` returns the DER encoded form of the name.
@@ -1003,7 +969,6 @@
b('0\x1b1\x0b0\t\x06\x03U\x04\x06\x13\x02US'
'1\x0c0\n\x06\x03U\x04\x03\x0c\x03foo'))
-
def test_get_components(self):
"""
:py:meth:`X509Name.get_components` returns a :py:data:`list` of
@@ -1019,7 +984,6 @@
a.get_components(),
[(b("CN"), b("foo")), (b("OU"), b("bar"))])
-
def test_load_nul_byte_attribute(self):
"""
An :py:class:`OpenSSL.crypto.X509Name` from an
@@ -1031,7 +995,6 @@
self.assertEqual(
"null.python.org\x00example.org", subject.commonName)
-
def test_setAttributeFailure(self):
"""
If the value of an attribute cannot be set for some reason then
@@ -1042,11 +1005,11 @@
self.assertRaises(Error, setattr, name, "O", b"x" * 512)
-
class _PKeyInteractionTestsMixin:
"""
Tests which involve another thing and a PKey.
"""
+
def signable(self):
"""
Return something with a :py:meth:`set_pubkey`, :py:meth:`set_pubkey`,
@@ -1054,7 +1017,6 @@
"""
raise NotImplementedError()
-
def test_signWithUngenerated(self):
"""
:py:meth:`X509Req.sign` raises :py:exc:`ValueError` when pass a
@@ -1064,7 +1026,6 @@
key = PKey()
self.assertRaises(ValueError, request.sign, key, GOOD_DIGEST)
-
def test_signWithPublicKey(self):
"""
:py:meth:`X509Req.sign` raises :py:exc:`ValueError` when pass a
@@ -1077,7 +1038,6 @@
pub = request.get_pubkey()
self.assertRaises(ValueError, request.sign, pub, GOOD_DIGEST)
-
def test_signWithUnknownDigest(self):
"""
:py:meth:`X509Req.sign` raises :py:exc:`ValueError` when passed a digest name which is
@@ -1088,7 +1048,6 @@
key.generate_key(TYPE_RSA, 512)
self.assertRaises(ValueError, request.sign, key, BAD_DIGEST)
-
def test_sign(self):
"""
:py:meth:`X509Req.sign` succeeds when passed a private key object and a valid
@@ -1109,19 +1068,17 @@
self.assertRaises(Error, request.verify, key)
-
-
class X509ReqTests(TestCase, _PKeyInteractionTestsMixin):
"""
Tests for :py:class:`OpenSSL.crypto.X509Req`.
"""
+
def signable(self):
"""
Create and return a new :py:class:`X509Req`.
"""
return X509Req()
-
def test_type(self):
"""
:py:obj:`X509Req` and :py:obj:`X509ReqType` refer to the same type object and can be
@@ -1130,7 +1087,6 @@
self.assertIdentical(X509Req, X509ReqType)
self.assertConsistentType(X509Req, 'X509Req')
-
def test_construction(self):
"""
:py:obj:`X509Req` takes no arguments and returns an :py:obj:`X509ReqType` instance.
@@ -1140,7 +1096,6 @@
isinstance(request, X509ReqType),
"%r is of type %r, should be %r" % (request, type(request), X509ReqType))
-
def test_version(self):
"""
:py:obj:`X509ReqType.set_version` sets the X.509 version of the certificate
@@ -1154,7 +1109,6 @@
request.set_version(3)
self.assertEqual(request.get_version(), 3)
-
def test_version_wrong_args(self):
"""
:py:obj:`X509ReqType.set_version` raises :py:obj:`TypeError` if called with the wrong
@@ -1168,7 +1122,6 @@
self.assertRaises(TypeError, request.set_version, 1, 2)
self.assertRaises(TypeError, request.get_version, None)
-
def test_get_subject(self):
"""
:py:obj:`X509ReqType.get_subject` returns an :py:obj:`X509Name` for the subject of
@@ -1186,7 +1139,6 @@
subject.commonName = "bar"
self.assertEqual(subject.commonName, "bar")
-
def test_get_subject_wrong_args(self):
"""
:py:obj:`X509ReqType.get_subject` raises :py:obj:`TypeError` if called with any
@@ -1195,7 +1147,6 @@
request = X509Req()
self.assertRaises(TypeError, request.get_subject, None)
-
def test_add_extensions(self):
"""
:py:obj:`X509Req.add_extensions` accepts a :py:obj:`list` of :py:obj:`X509Extension`
@@ -1203,14 +1154,13 @@
"""
request = X509Req()
request.add_extensions([
- X509Extension(b('basicConstraints'), True, b('CA:false'))])
+ X509Extension(b('basicConstraints'), True, b('CA:false'))])
exts = request.get_extensions()
self.assertEqual(len(exts), 1)
self.assertEqual(exts[0].get_short_name(), b('basicConstraints'))
self.assertEqual(exts[0].get_critical(), 1)
self.assertEqual(exts[0].get_data(), b('0\x00'))
-
def test_get_extensions(self):
"""
:py:obj:`X509Req.get_extensions` returns a :py:obj:`list` of
@@ -1220,8 +1170,8 @@
exts = request.get_extensions()
self.assertEqual(exts, [])
request.add_extensions([
- X509Extension(b('basicConstraints'), True, b('CA:true')),
- X509Extension(b('keyUsage'), False, b('digitalSignature'))])
+ X509Extension(b('basicConstraints'), True, b('CA:true')),
+ X509Extension(b('keyUsage'), False, b('digitalSignature'))])
exts = request.get_extensions()
self.assertEqual(len(exts), 2)
self.assertEqual(exts[0].get_short_name(), b('basicConstraints'))
@@ -1231,7 +1181,6 @@
self.assertEqual(exts[1].get_critical(), 0)
self.assertEqual(exts[1].get_data(), b('\x03\x02\x07\x80'))
-
def test_add_extensions_wrong_args(self):
"""
:py:obj:`X509Req.add_extensions` raises :py:obj:`TypeError` if called with the wrong
@@ -1245,7 +1194,6 @@
self.assertRaises(ValueError, request.add_extensions, [object()])
self.assertRaises(TypeError, request.add_extensions, [], None)
-
def test_verify_wrong_args(self):
"""
:py:obj:`X509Req.verify` raises :py:obj:`TypeError` if called with zero
@@ -1257,7 +1205,6 @@
self.assertRaises(TypeError, request.verify, object())
self.assertRaises(TypeError, request.verify, PKey(), object())
-
def test_verify_uninitialized_key(self):
"""
:py:obj:`X509Req.verify` raises :py:obj:`OpenSSL.crypto.Error` if called
@@ -1267,7 +1214,6 @@
pkey = PKey()
self.assertRaises(Error, request.verify, pkey)
-
def test_verify_wrong_key(self):
"""
:py:obj:`X509Req.verify` raises :py:obj:`OpenSSL.crypto.Error` if called
@@ -1280,7 +1226,6 @@
another_pkey = load_privatekey(FILETYPE_PEM, client_key_pem)
self.assertRaises(Error, request.verify, another_pkey)
-
def test_verify_success(self):
"""
:py:obj:`X509Req.verify` returns :py:obj:`True` if called with a
@@ -1293,7 +1238,6 @@
self.assertEqual(True, request.verify(pkey))
-
class X509Tests(TestCase, _PKeyInteractionTestsMixin):
"""
Tests for :py:obj:`OpenSSL.crypto.X509`.
@@ -1320,13 +1264,13 @@
WpOdIpB8KksUTCzV591Nr1wd
-----END CERTIFICATE-----
"""
+
def signable(self):
"""
Create and return a new :py:obj:`X509`.
"""
return X509()
-
def test_type(self):
"""
:py:obj:`X509` and :py:obj:`X509Type` refer to the same type object and can be used
@@ -1335,7 +1279,6 @@
self.assertIdentical(X509, X509Type)
self.assertConsistentType(X509, 'X509')
-
def test_construction(self):
"""
:py:obj:`X509` takes no arguments and returns an instance of :py:obj:`X509Type`.
@@ -1351,7 +1294,6 @@
self.assertEqual(type(certificate), X509Type)
self.assertEqual(type(certificate), X509)
-
def test_get_version_wrong_args(self):
"""
:py:obj:`X509.get_version` raises :py:obj:`TypeError` if invoked with any arguments.
@@ -1359,7 +1301,6 @@
cert = X509()
self.assertRaises(TypeError, cert.get_version, None)
-
def test_set_version_wrong_args(self):
"""
:py:obj:`X509.set_version` raises :py:obj:`TypeError` if invoked with the wrong number
@@ -1370,7 +1311,6 @@
self.assertRaises(TypeError, cert.set_version, None)
self.assertRaises(TypeError, cert.set_version, 1, None)
-
def test_version(self):
"""
:py:obj:`X509.set_version` sets the certificate version number.
@@ -1380,7 +1320,6 @@
cert.set_version(1234)
self.assertEquals(cert.get_version(), 1234)
-
def test_get_serial_number_wrong_args(self):
"""
:py:obj:`X509.get_serial_number` raises :py:obj:`TypeError` if invoked with any
@@ -1389,7 +1328,6 @@
cert = X509()
self.assertRaises(TypeError, cert.get_serial_number, None)
-
def test_serial_number(self):
"""
The serial number of an :py:obj:`X509Type` can be retrieved and modified with
@@ -1410,7 +1348,6 @@
certificate.set_serial_number(2 ** 128 + 1)
self.assertEqual(certificate.get_serial_number(), 2 ** 128 + 1)
-
def _setBoundTest(self, which):
"""
:py:obj:`X509Type.set_notBefore` takes a string in the format of an ASN1
@@ -1447,7 +1384,6 @@
self.assertRaises(TypeError, set, b("20040203040506Z"), b("20040203040506Z"))
self.assertRaises(TypeError, get, b("foo bar"))
-
# XXX ASN1_TIME (not GENERALIZEDTIME)
def test_set_notBefore(self):
@@ -1458,7 +1394,6 @@
"""
self._setBoundTest("Before")
-
def test_set_notAfter(self):
"""
:py:obj:`X509Type.set_notAfter` takes a string in the format of an ASN1
@@ -1467,7 +1402,6 @@
"""
self._setBoundTest("After")
-
def test_get_notBefore(self):
"""
:py:obj:`X509Type.get_notBefore` returns a string in the format of an ASN1
@@ -1477,7 +1411,6 @@
cert = load_certificate(FILETYPE_PEM, self.pemData)
self.assertEqual(cert.get_notBefore(), b("20090325123658Z"))
-
def test_get_notAfter(self):
"""
:py:obj:`X509Type.get_notAfter` returns a string in the format of an ASN1
@@ -1487,7 +1420,6 @@
cert = load_certificate(FILETYPE_PEM, self.pemData)
self.assertEqual(cert.get_notAfter(), b("20170611123658Z"))
-
def test_gmtime_adj_notBefore_wrong_args(self):
"""
:py:obj:`X509Type.gmtime_adj_notBefore` raises :py:obj:`TypeError` if called with the
@@ -1498,7 +1430,6 @@
self.assertRaises(TypeError, cert.gmtime_adj_notBefore, None)
self.assertRaises(TypeError, cert.gmtime_adj_notBefore, 123, None)
-
def test_gmtime_adj_notBefore(self):
"""
:py:obj:`X509Type.gmtime_adj_notBefore` changes the not-before timestamp to be
@@ -1511,7 +1442,6 @@
not_before_max = datetime.utcnow() + timedelta(seconds=100)
self.assertTrue(not_before_min <= not_before <= not_before_max)
-
def test_gmtime_adj_notAfter_wrong_args(self):
"""
:py:obj:`X509Type.gmtime_adj_notAfter` raises :py:obj:`TypeError` if called with the
@@ -1522,7 +1452,6 @@
self.assertRaises(TypeError, cert.gmtime_adj_notAfter, None)
self.assertRaises(TypeError, cert.gmtime_adj_notAfter, 123, None)
-
def test_gmtime_adj_notAfter(self):
"""
:py:obj:`X509Type.gmtime_adj_notAfter` changes the not-after timestamp to be
@@ -1535,7 +1464,6 @@
not_after_max = datetime.utcnow() + timedelta(seconds=100)
self.assertTrue(not_after_min <= not_after <= not_after_max)
-
def test_has_expired_wrong_args(self):
"""
:py:obj:`X509Type.has_expired` raises :py:obj:`TypeError` if called with any
@@ -1544,7 +1472,6 @@
cert = X509()
self.assertRaises(TypeError, cert.has_expired, None)
-
def test_has_expired(self):
"""
:py:obj:`X509Type.has_expired` returns :py:obj:`True` if the certificate's not-after
@@ -1554,7 +1481,6 @@
cert.gmtime_adj_notAfter(-1)
self.assertTrue(cert.has_expired())
-
def test_has_not_expired(self):
"""
:py:obj:`X509Type.has_expired` returns :py:obj:`False` if the certificate's not-after
@@ -1572,7 +1498,6 @@
cert = load_certificate(FILETYPE_PEM, root_cert_pem)
self.assertFalse(cert.has_expired())
-
def test_digest(self):
"""
:py:obj:`X509.digest` returns a string giving ":"-separated hex-encoded words
@@ -1588,7 +1513,6 @@
cert.digest("MD5"),
b("19:B3:05:26:2B:F8:F2:FF:0B:8F:21:07:A8:28:B8:75"))
-
def _extcert(self, pkey, extensions):
cert = X509()
cert.set_pubkey(pkey)
@@ -1603,7 +1527,6 @@
return load_certificate(
FILETYPE_PEM, dump_certificate(FILETYPE_PEM, cert))
-
def test_extension_count(self):
"""
:py:obj:`X509.get_extension_count` returns the number of extensions that are
@@ -1627,7 +1550,6 @@
c = self._extcert(pkey, [ca, key, subjectAltName])
self.assertEqual(c.get_extension_count(), 3)
-
def test_get_extension(self):
"""
:py:obj:`X509.get_extension` takes an integer and returns an :py:obj:`X509Extension`
@@ -1660,7 +1582,6 @@
self.assertRaises(IndexError, cert.get_extension, 4)
self.assertRaises(TypeError, cert.get_extension, "hello")
-
def test_nullbyte_subjectAltName(self):
"""
The fields of a `subjectAltName` extension on an X509 may contain NUL
@@ -1678,7 +1599,6 @@
"IP Address:192.0.2.1, IP Address:2001:DB8:0:0:0:0:0:1\n"),
b(str(ext)))
-
def test_invalid_digest_algorithm(self):
"""
:py:obj:`X509.digest` raises :py:obj:`ValueError` if called with an unrecognized hash
@@ -1687,7 +1607,6 @@
cert = X509()
self.assertRaises(ValueError, cert.digest, BAD_DIGEST)
-
def test_get_subject_wrong_args(self):
"""
:py:obj:`X509.get_subject` raises :py:obj:`TypeError` if called with any arguments.
@@ -1695,7 +1614,6 @@
cert = X509()
self.assertRaises(TypeError, cert.get_subject, None)
-
def test_get_subject(self):
"""
:py:obj:`X509.get_subject` returns an :py:obj:`X509Name` instance.
@@ -1708,7 +1626,6 @@
[(b('C'), b('US')), (b('ST'), b('IL')), (b('L'), b('Chicago')),
(b('O'), b('Testing')), (b('CN'), b('Testing Root CA'))])
-
def test_set_subject_wrong_args(self):
"""
:py:obj:`X509.set_subject` raises a :py:obj:`TypeError` if called with the wrong
@@ -1734,7 +1651,6 @@
cert.get_subject().get_components(),
[(b('C'), b('AU')), (b('O'), b('Unit Tests'))])
-
def test_get_issuer_wrong_args(self):
"""
:py:obj:`X509.get_issuer` raises :py:obj:`TypeError` if called with any arguments.
@@ -1742,7 +1658,6 @@
cert = X509()
self.assertRaises(TypeError, cert.get_issuer, None)
-
def test_get_issuer(self):
"""
:py:obj:`X509.get_issuer` returns an :py:obj:`X509Name` instance.
@@ -1756,7 +1671,6 @@
[(b('C'), b('US')), (b('ST'), b('IL')), (b('L'), b('Chicago')),
(b('O'), b('Testing')), (b('CN'), b('Testing Root CA'))])
-
def test_set_issuer_wrong_args(self):
"""
:py:obj:`X509.set_issuer` raises a :py:obj:`TypeError` if called with the wrong
@@ -1767,7 +1681,6 @@
self.assertRaises(TypeError, cert.set_issuer, None)
self.assertRaises(TypeError, cert.set_issuer, cert.get_issuer(), None)
-
def test_set_issuer(self):
"""
:py:obj:`X509.set_issuer` changes the issuer of the certificate to the one
@@ -1782,7 +1695,6 @@
cert.get_issuer().get_components(),
[(b('C'), b('AU')), (b('O'), b('Unit Tests'))])
-
def test_get_pubkey_uninitialized(self):
"""
When called on a certificate with no public key, :py:obj:`X509.get_pubkey`
@@ -1791,7 +1703,6 @@
cert = X509()
self.assertRaises(Error, cert.get_pubkey)
-
def test_subject_name_hash_wrong_args(self):
"""
:py:obj:`X509.subject_name_hash` raises :py:obj:`TypeError` if called with any
@@ -1800,7 +1711,6 @@
cert = X509()
self.assertRaises(TypeError, cert.subject_name_hash, None)
-
def test_subject_name_hash(self):
"""
:py:obj:`X509.subject_name_hash` returns the hash of the certificate's subject
@@ -1809,11 +1719,10 @@
cert = load_certificate(FILETYPE_PEM, self.pemData)
self.assertIn(
cert.subject_name_hash(),
- [3350047874, # OpenSSL 0.9.8, MD5
- 3278919224, # OpenSSL 1.0.0, SHA1
+ [3350047874, # OpenSSL 0.9.8, MD5
+ 3278919224, # OpenSSL 1.0.0, SHA1
])
-
def test_get_signature_algorithm(self):
"""
:py:obj:`X509Type.get_signature_algorithm` returns a string which means
@@ -1823,7 +1732,6 @@
self.assertEqual(
b("sha1WithRSAEncryption"), cert.get_signature_algorithm())
-
def test_get_undefined_signature_algorithm(self):
"""
:py:obj:`X509Type.get_signature_algorithm` raises :py:obj:`ValueError` if the
@@ -1856,11 +1764,11 @@
self.assertRaises(ValueError, cert.get_signature_algorithm)
-
class X509StoreTests(TestCase):
"""
Test for :py:obj:`OpenSSL.crypto.X509Store`.
"""
+
def test_type(self):
"""
:py:obj:`X509StoreType` is a type object.
@@ -1868,14 +1776,12 @@
self.assertIdentical(X509Store, X509StoreType)
self.assertConsistentType(X509Store, 'X509Store')
-
def test_add_cert_wrong_args(self):
store = X509Store()
self.assertRaises(TypeError, store.add_cert)
self.assertRaises(TypeError, store.add_cert, object())
self.assertRaises(TypeError, store.add_cert, X509(), object())
-
def test_add_cert(self):
"""
:py:obj:`X509Store.add_cert` adds a :py:obj:`X509` instance to the
@@ -1885,7 +1791,6 @@
store = X509Store()
store.add_cert(cert)
-
def test_add_cert_rejects_duplicate(self):
"""
:py:obj:`X509Store.add_cert` raises :py:obj:`OpenSSL.crypto.Error` if an
@@ -1897,7 +1802,6 @@
self.assertRaises(Error, store.add_cert, cert)
-
class PKCS12Tests(TestCase):
"""
Test for :py:obj:`OpenSSL.crypto.PKCS12` and :py:obj:`OpenSSL.crypto.load_pkcs12`.
@@ -1911,7 +1815,6 @@
self.assertIdentical(PKCS12, PKCS12Type)
self.assertConsistentType(PKCS12, 'PKCS12')
-
def test_empty_construction(self):
"""
:py:obj:`PKCS12` returns a new instance of :py:obj:`PKCS12` with no certificate,
@@ -1923,7 +1826,6 @@
self.assertEqual(None, p12.get_ca_certificates())
self.assertEqual(None, p12.get_friendlyname())
-
def test_type_errors(self):
"""
The :py:obj:`PKCS12` setter functions (:py:obj:`set_certificate`, :py:obj:`set_privatekey`,
@@ -1944,7 +1846,6 @@
self.assertRaises(TypeError, p12.set_friendlyname, 6)
self.assertRaises(TypeError, p12.set_friendlyname, ('foo', 'bar'))
-
def test_key_only(self):
"""
A :py:obj:`PKCS12` with only a private key can be exported using
@@ -1971,7 +1872,6 @@
# future this will be improved.
self.assertTrue(isinstance(p12.get_privatekey(), (PKey, type(None))))
-
def test_cert_only(self):
"""
A :py:obj:`PKCS12` with only a certificate can be exported using
@@ -2006,7 +1906,6 @@
cleartextCertificatePEM,
dump_certificate(FILETYPE_PEM, p12.get_ca_certificates()[0]))
-
def gen_pkcs12(self, cert_pem=None, key_pem=None, ca_pem=None, friendly_name=None):
"""
Generate a PKCS12 object with components from PEM. Verify that the set
@@ -2027,7 +1926,6 @@
self.assertEqual(ret, None)
return p12
-
def check_recovery(self, p12_str, key=None, cert=None, ca=None, passwd=b"",
extra=()):
"""
@@ -2050,7 +1948,6 @@
b"pass:" + passwd, b"-nokeys", *extra)
self.assertEqual(recovered_cert[-len(ca):], ca)
-
def verify_pkcs12_container(self, p12):
"""
Verify that the PKCS#12 container contains the correct client
@@ -2065,7 +1962,6 @@
(client_cert_pem, client_key_pem, None),
(cert_pem, key_pem, p12.get_ca_certificates()))
-
def test_load_pkcs12(self):
"""
A PKCS12 string generated using the openssl command line can be loaded
@@ -2078,7 +1974,6 @@
p12 = load_pkcs12(p12_str, passphrase=passwd)
self.verify_pkcs12_container(p12)
-
def test_load_pkcs12_text_passphrase(self):
"""
A PKCS12 string generated using the openssl command line can be loaded
@@ -2103,7 +1998,6 @@
self.verify_pkcs12_container(p12)
-
def test_load_pkcs12_no_passphrase(self):
"""
A PKCS12 string generated using openssl command line can be loaded with
@@ -2116,7 +2010,6 @@
p12 = load_pkcs12(p12_str)
self.verify_pkcs12_container(p12)
-
def _dump_and_load(self, dump_passphrase, load_passphrase):
"""
A helper method to dump and load a PKCS12 object.
@@ -2125,7 +2018,6 @@
dumped_p12 = p12.export(passphrase=dump_passphrase, iter=2, maciter=3)
return load_pkcs12(dumped_p12, passphrase=load_passphrase)
-
def test_load_pkcs12_null_passphrase_load_empty(self):
"""
A PKCS12 string can be dumped with a null passphrase, loaded with an
@@ -2135,7 +2027,6 @@
self.verify_pkcs12_container(
self._dump_and_load(dump_passphrase=None, load_passphrase=b''))
-
def test_load_pkcs12_null_passphrase_load_null(self):
"""
A PKCS12 string can be dumped with a null passphrase, loaded with a
@@ -2145,7 +2036,6 @@
self.verify_pkcs12_container(
self._dump_and_load(dump_passphrase=None, load_passphrase=None))
-
def test_load_pkcs12_empty_passphrase_load_empty(self):
"""
A PKCS12 string can be dumped with an empty passphrase, loaded with an
@@ -2155,7 +2045,6 @@
self.verify_pkcs12_container(
self._dump_and_load(dump_passphrase=b'', load_passphrase=b''))
-
def test_load_pkcs12_empty_passphrase_load_null(self):
"""
A PKCS12 string can be dumped with an empty passphrase, loaded with a
@@ -2165,7 +2054,6 @@
self.verify_pkcs12_container(
self._dump_and_load(dump_passphrase=b'', load_passphrase=None))
-
def test_load_pkcs12_garbage(self):
"""
:py:obj:`load_pkcs12` raises :py:obj:`OpenSSL.crypto.Error` when passed a string
@@ -2176,7 +2064,6 @@
self.assertEqual(e.args[0][0][0], 'asn1 encoding routines')
self.assertEqual(len(e.args[0][0]), 3)
-
def test_replace(self):
"""
:py:obj:`PKCS12.set_certificate` replaces the certificate in a PKCS12 cluster.
@@ -2188,7 +2075,7 @@
p12.set_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))
root_cert = load_certificate(FILETYPE_PEM, root_cert_pem)
client_cert = load_certificate(FILETYPE_PEM, client_cert_pem)
- p12.set_ca_certificates([root_cert]) # not a tuple
+ p12.set_ca_certificates([root_cert]) # not a tuple
self.assertEqual(1, len(p12.get_ca_certificates()))
self.assertEqual(root_cert, p12.get_ca_certificates()[0])
p12.set_ca_certificates([client_cert, root_cert])
@@ -2196,7 +2083,6 @@
self.assertEqual(client_cert, p12.get_ca_certificates()[0])
self.assertEqual(root_cert, p12.get_ca_certificates()[1])
-
def test_friendly_name(self):
"""
The *friendlyName* of a PKCS12 can be set and retrieved via
@@ -2220,7 +2106,6 @@
dumped_p12, key=server_key_pem, cert=server_cert_pem,
ca=root_cert_pem, passwd=passwd)
-
def test_various_empty_passphrases(self):
"""
Test that missing, None, and '' passphrases are identical for PKCS12
@@ -2236,7 +2121,6 @@
dumped_p12, key=client_key_pem, cert=client_cert_pem,
ca=root_cert_pem, passwd=passwd)
-
def test_removing_ca_cert(self):
"""
Passing :py:obj:`None` to :py:obj:`PKCS12.set_ca_certificates` removes all CA
@@ -2246,7 +2130,6 @@
p12.set_ca_certificates(None)
self.assertEqual(None, p12.get_ca_certificates())
-
def test_export_without_mac(self):
"""
Exporting a PKCS12 with a :py:obj:`maciter` of ``-1`` excludes the MAC
@@ -2259,7 +2142,6 @@
dumped_p12, key=server_key_pem, cert=server_cert_pem,
passwd=passwd, extra=(b"-nomacver",))
-
def test_load_without_mac(self):
"""
Loading a PKCS12 without a MAC does something other than crash.
@@ -2280,7 +2162,6 @@
# versions do.
pass
-
def test_zero_len_list_for_ca(self):
"""
A PKCS12 with an empty CA certificates list can be exported.
@@ -2294,7 +2175,6 @@
# dumped_p12, key=server_key_pem, cert=server_cert_pem,
# passwd=passwd)
-
def test_export_without_args(self):
"""
All the arguments to :py:obj:`PKCS12.export` are optional.
@@ -2304,7 +2184,6 @@
self.check_recovery(
dumped_p12, key=server_key_pem, cert=server_cert_pem, passwd=b"")
-
def test_export_without_bytes(self):
"""
Test :py:obj:`PKCS12.export` with text not bytes as passphrase
@@ -2324,7 +2203,6 @@
self.check_recovery(
dumped_p12, key=server_key_pem, cert=server_cert_pem, passwd=b"randomtext")
-
def test_key_cert_mismatch(self):
"""
:py:obj:`PKCS12.export` raises an exception when a key and certificate
@@ -2334,10 +2212,11 @@
self.assertRaises(Error, p12.export)
-
# These quoting functions taken directly from Twisted's twisted.python.win32.
_cmdLineQuoteRe = re.compile(br'(\\*)"')
_cmdLineQuoteRe2 = re.compile(br'(\\+)\Z')
+
+
def cmdLineQuote(s):
"""
Internal method for quoting a single command-line argument.
@@ -2355,7 +2234,6 @@
return b'"' + s + b'"'
-
def quoteArguments(arguments):
"""
Quote an iterable of command-line arguments for passing to CreateProcess or
@@ -2371,7 +2249,6 @@
return b' '.join(map(cmdLineQuote, arguments))
-
def _runopenssl(pem, *args):
"""
Run the command line openssl tool with the given arguments and write
@@ -2392,7 +2269,6 @@
return output
-
class FunctionTests(TestCase):
"""
Tests for free-functions in the :py:obj:`OpenSSL.crypto` module.
@@ -2404,7 +2280,6 @@
"""
self.assertRaises(ValueError, load_privatekey, 100, root_key_pem)
-
def test_load_privatekey_invalid_passphrase_type(self):
"""
:py:obj:`load_privatekey` raises :py:obj:`TypeError` if passed a passphrase that is
@@ -2415,7 +2290,6 @@
load_privatekey,
FILETYPE_PEM, encryptedPrivateKeyPEMPassphrase, object())
-
def test_load_privatekey_wrong_args(self):
"""
:py:obj:`load_privatekey` raises :py:obj:`TypeError` if called with the wrong number
@@ -2423,7 +2297,6 @@
"""
self.assertRaises(TypeError, load_privatekey)
-
def test_load_privatekey_wrongPassphrase(self):
"""
:py:obj:`load_privatekey` raises :py:obj:`OpenSSL.crypto.Error` when it is passed an
@@ -2433,7 +2306,6 @@
Error,
load_privatekey, FILETYPE_PEM, encryptedPrivateKeyPEM, b("quack"))
-
def test_load_privatekey_passphraseWrongType(self):
"""
:py:obj:`load_privatekey` raises :py:obj:`ValueError` when it is passed a passphrase
@@ -2456,7 +2328,6 @@
encryptedPrivateKeyPEMPassphrase)
self.assertTrue(isinstance(key, PKeyType))
-
def test_load_privatekey_passphrase_exception(self):
"""
If the passphrase callback raises an exception, that exception is raised
@@ -2476,6 +2347,7 @@
incorrect passphrase.
"""
called = []
+
def cb(*a):
called.append(None)
return b("quack")
@@ -2484,7 +2356,6 @@
load_privatekey, FILETYPE_PEM, encryptedPrivateKeyPEM, cb)
self.assertTrue(called)
-
def test_load_privatekey_passphraseCallback(self):
"""
:py:obj:`load_privatekey` can create a :py:obj:`PKey` object from an encrypted PEM
@@ -2492,6 +2363,7 @@
password.
"""
called = []
+
def cb(writing):
called.append(writing)
return encryptedPrivateKeyPEMPassphrase
@@ -2499,7 +2371,6 @@
self.assertTrue(isinstance(key, PKeyType))
self.assertEqual(called, [False])
-
def test_load_privatekey_passphrase_wrong_return_type(self):
"""
:py:obj:`load_privatekey` raises :py:obj:`ValueError` if the passphrase
@@ -2510,7 +2381,6 @@
load_privatekey,
FILETYPE_PEM, encryptedPrivateKeyPEM, lambda *args: 3)
-
def test_dump_privatekey_wrong_args(self):
"""
:py:obj:`dump_privatekey` raises :py:obj:`TypeError` if called with the wrong number
@@ -2521,7 +2391,6 @@
self.assertRaises(
TypeError, dump_privatekey, FILETYPE_PEM, PKey(), GOOD_CIPHER)
-
def test_dump_privatekey_unknown_cipher(self):
"""
:py:obj:`dump_privatekey` raises :py:obj:`ValueError` if called with an unrecognized
@@ -2533,7 +2402,6 @@
ValueError, dump_privatekey,
FILETYPE_PEM, key, BAD_CIPHER, "passphrase")
-
def test_dump_privatekey_invalid_passphrase_type(self):
"""
:py:obj:`dump_privatekey` raises :py:obj:`TypeError` if called with a passphrase which
@@ -2545,7 +2413,6 @@
TypeError,
dump_privatekey, FILETYPE_PEM, key, GOOD_CIPHER, object())
-
def test_dump_privatekey_invalid_filetype(self):
"""
:py:obj:`dump_privatekey` raises :py:obj:`ValueError` if called with an unrecognized
@@ -2555,7 +2422,6 @@
key.generate_key(TYPE_RSA, 512)
self.assertRaises(ValueError, dump_privatekey, 100, key)
-
def test_load_privatekey_passphraseCallbackLength(self):
"""
:py:obj:`crypto.load_privatekey` should raise an error when the passphrase
@@ -2581,7 +2447,6 @@
self.assertEqual(loadedKey.type(), key.type())
self.assertEqual(loadedKey.bits(), key.bits())
-
def test_dump_privatekey_passphraseWrongType(self):
"""
:py:obj:`dump_privatekey` raises :py:obj:`ValueError` when it is passed a passphrase
@@ -2611,7 +2476,6 @@
good_text = _runopenssl(dumped_pem, b"x509", b"-noout", b"-text")
self.assertEqual(dumped_text, good_text)
-
def test_dump_privatekey_pem(self):
"""
:py:obj:`dump_privatekey` writes a PEM
@@ -2621,7 +2485,6 @@
dumped_pem = dump_privatekey(FILETYPE_PEM, key)
self.assertEqual(dumped_pem, cleartextPrivateKeyPEM)
-
def test_dump_privatekey_asn1(self):
"""
:py:obj:`dump_privatekey` writes a DER
@@ -2637,7 +2500,6 @@
dumped_pem2 = dump_privatekey(FILETYPE_PEM, key2)
self.assertEqual(dumped_pem2, cleartextPrivateKeyPEM)
-
def test_dump_privatekey_text(self):
"""
:py:obj:`dump_privatekey` writes a text
@@ -2668,7 +2530,6 @@
self.assertEqual(dumped_text, good_text)
self.assertRaises(ValueError, dump_certificate_request, 100, req)
-
def test_dump_privatekey_passphraseCallback(self):
"""
:py:obj:`dump_privatekey` writes an encrypted PEM when given a callback which
@@ -2676,6 +2537,7 @@
"""
passphrase = b("foo")
called = []
+
def cb(writing):
called.append(writing)
return passphrase
@@ -2688,7 +2550,6 @@
self.assertEqual(loadedKey.type(), key.type())
self.assertEqual(loadedKey.bits(), key.bits())
-
def test_dump_privatekey_passphrase_exception(self):
"""
:py:obj:`dump_privatekey` should not overwrite the exception raised
@@ -2723,7 +2584,6 @@
pkcs7 = load_pkcs7_data(FILETYPE_PEM, pkcs7Data)
self.assertTrue(isinstance(pkcs7, PKCS7Type))
-
def test_load_pkcs7_data_asn1(self):
"""
:py:obj:`load_pkcs7_data` accepts a bytes containing ASN1 data
@@ -2732,7 +2592,6 @@
pkcs7 = load_pkcs7_data(FILETYPE_ASN1, pkcs7DataASN1)
self.assertTrue(isinstance(pkcs7, PKCS7Type))
-
def test_load_pkcs7_data_invalid(self):
"""
If the data passed to :py:obj:`load_pkcs7_data` is invalid,
@@ -2741,11 +2600,11 @@
self.assertRaises(Error, load_pkcs7_data, FILETYPE_PEM, b"foo")
-
class LoadCertificateTests(TestCase):
"""
Tests for :py:obj:`load_certificate_request`.
"""
+
def test_badFileType(self):
"""
If the file type passed to :py:obj:`load_certificate_request` is
@@ -2755,11 +2614,11 @@
self.assertRaises(ValueError, load_certificate_request, object(), b"")
-
class PKCS7Tests(TestCase):
"""
Tests for :py:obj:`PKCS7Type`.
"""
+
def test_type(self):
"""
:py:obj:`PKCS7Type` is a type object.
@@ -2770,7 +2629,6 @@
# XXX This doesn't currently work.
# self.assertIdentical(PKCS7, PKCS7Type)
-
# XXX Opposite results for all these following methods
def test_type_is_signed_wrong_args(self):
@@ -2781,7 +2639,6 @@
pkcs7 = load_pkcs7_data(FILETYPE_PEM, pkcs7Data)
self.assertRaises(TypeError, pkcs7.type_is_signed, None)
-
def test_type_is_signed(self):
"""
:py:obj:`PKCS7Type.type_is_signed` returns :py:obj:`True` if the PKCS7 object is of
@@ -2790,7 +2647,6 @@
pkcs7 = load_pkcs7_data(FILETYPE_PEM, pkcs7Data)
self.assertTrue(pkcs7.type_is_signed())
-
def test_type_is_enveloped_wrong_args(self):
"""
:py:obj:`PKCS7Type.type_is_enveloped` raises :py:obj:`TypeError` if called with any
@@ -2799,7 +2655,6 @@
pkcs7 = load_pkcs7_data(FILETYPE_PEM, pkcs7Data)
self.assertRaises(TypeError, pkcs7.type_is_enveloped, None)
-
def test_type_is_enveloped(self):
"""
:py:obj:`PKCS7Type.type_is_enveloped` returns :py:obj:`False` if the PKCS7 object is
@@ -2808,7 +2663,6 @@
pkcs7 = load_pkcs7_data(FILETYPE_PEM, pkcs7Data)
self.assertFalse(pkcs7.type_is_enveloped())
-
def test_type_is_signedAndEnveloped_wrong_args(self):
"""
:py:obj:`PKCS7Type.type_is_signedAndEnveloped` raises :py:obj:`TypeError` if called
@@ -2817,7 +2671,6 @@
pkcs7 = load_pkcs7_data(FILETYPE_PEM, pkcs7Data)
self.assertRaises(TypeError, pkcs7.type_is_signedAndEnveloped, None)
-
def test_type_is_signedAndEnveloped(self):
"""
:py:obj:`PKCS7Type.type_is_signedAndEnveloped` returns :py:obj:`False` if the PKCS7
@@ -2826,7 +2679,6 @@
pkcs7 = load_pkcs7_data(FILETYPE_PEM, pkcs7Data)
self.assertFalse(pkcs7.type_is_signedAndEnveloped())
-
def test_type_is_data(self):
"""
:py:obj:`PKCS7Type.type_is_data` returns :py:obj:`False` if the PKCS7 object is not of
@@ -2835,7 +2687,6 @@
pkcs7 = load_pkcs7_data(FILETYPE_PEM, pkcs7Data)
self.assertFalse(pkcs7.type_is_data())
-
def test_type_is_data_wrong_args(self):
"""
:py:obj:`PKCS7Type.type_is_data` raises :py:obj:`TypeError` if called with any
@@ -2844,7 +2695,6 @@
pkcs7 = load_pkcs7_data(FILETYPE_PEM, pkcs7Data)
self.assertRaises(TypeError, pkcs7.type_is_data, None)
-
def test_get_type_name_wrong_args(self):
"""
:py:obj:`PKCS7Type.get_type_name` raises :py:obj:`TypeError` if called with any
@@ -2853,7 +2703,6 @@
pkcs7 = load_pkcs7_data(FILETYPE_PEM, pkcs7Data)
self.assertRaises(TypeError, pkcs7.get_type_name, None)
-
def test_get_type_name(self):
"""
:py:obj:`PKCS7Type.get_type_name` returns a :py:obj:`str` giving the type name.
@@ -2861,7 +2710,6 @@
pkcs7 = load_pkcs7_data(FILETYPE_PEM, pkcs7Data)
self.assertEquals(pkcs7.get_type_name(), b('pkcs7-signedData'))
-
def test_attribute(self):
"""
If an attribute other than one of the methods tested here is accessed on
@@ -2871,18 +2719,17 @@
self.assertRaises(AttributeError, getattr, pkcs7, "foo")
-
class NetscapeSPKITests(TestCase, _PKeyInteractionTestsMixin):
"""
Tests for :py:obj:`OpenSSL.crypto.NetscapeSPKI`.
"""
+
def signable(self):
"""
Return a new :py:obj:`NetscapeSPKI` for use with signing tests.
"""
return NetscapeSPKI()
-
def test_type(self):
"""
:py:obj:`NetscapeSPKI` and :py:obj:`NetscapeSPKIType` refer to the same type object
@@ -2891,7 +2738,6 @@
self.assertIdentical(NetscapeSPKI, NetscapeSPKIType)
self.assertConsistentType(NetscapeSPKI, 'NetscapeSPKI')
-
def test_construction(self):
"""
:py:obj:`NetscapeSPKI` returns an instance of :py:obj:`NetscapeSPKIType`.
@@ -2899,7 +2745,6 @@
nspki = NetscapeSPKI()
self.assertTrue(isinstance(nspki, NetscapeSPKIType))
-
def test_invalid_attribute(self):
"""
Accessing a non-existent attribute of a :py:obj:`NetscapeSPKI` instance causes
@@ -2908,7 +2753,6 @@
nspki = NetscapeSPKI()
self.assertRaises(AttributeError, lambda: nspki.foo)
-
def test_b64_encode(self):
"""
:py:obj:`NetscapeSPKI.b64_encode` encodes the certificate to a base64 blob.
@@ -2918,11 +2762,11 @@
self.assertTrue(isinstance(blob, binary_type))
-
class RevokedTests(TestCase):
"""
Tests for :py:obj:`OpenSSL.crypto.Revoked`
"""
+
def test_construction(self):
"""
Confirm we can create :py:obj:`OpenSSL.crypto.Revoked`. Check
@@ -2935,7 +2779,6 @@
self.assertEquals(revoked.get_rev_date(), None)
self.assertEquals(revoked.get_reason(), None)
-
def test_construction_wrong_args(self):
"""
Calling :py:obj:`OpenSSL.crypto.Revoked` with any arguments results
@@ -2945,7 +2788,6 @@
self.assertRaises(TypeError, Revoked, 1)
self.assertRaises(TypeError, Revoked, "foo")
-
def test_serial(self):
"""
Confirm we can set and get serial numbers from
@@ -2968,7 +2810,6 @@
self.assertRaises(TypeError, revoked.get_serial, None)
self.assertRaises(TypeError, revoked.get_serial, "")
-
def test_date(self):
"""
Confirm we can set and get revocation dates from
@@ -2985,7 +2826,6 @@
date = revoked.get_rev_date()
self.assertEqual(date, now)
-
def test_reason(self):
"""
Confirm we can set and get revocation reasons from
@@ -3001,12 +2841,11 @@
self.assertEquals(
reason.lower().replace(b(' '), b('')),
r.lower().replace(b(' '), b('')))
- r = reason # again with the resp of get
+ r = reason # again with the resp of get
revoked.set_reason(None)
self.assertEqual(revoked.get_reason(), None)
-
def test_set_reason_wrong_arguments(self):
"""
Calling :py:obj:`OpenSSL.crypto.Revoked.set_reason` with other than
@@ -3017,7 +2856,6 @@
self.assertRaises(TypeError, revoked.set_reason, 100)
self.assertRaises(ValueError, revoked.set_reason, b('blue'))
-
def test_get_reason_wrong_arguments(self):
"""
Calling :py:obj:`OpenSSL.crypto.Revoked.get_reason` with any
@@ -3029,7 +2867,6 @@
self.assertRaises(TypeError, revoked.get_reason, "foo")
-
class CRLTests(TestCase):
"""
Tests for :py:obj:`OpenSSL.crypto.CRL`
@@ -3046,7 +2883,6 @@
self.assertTrue(isinstance(crl, CRL))
self.assertEqual(crl.get_revoked(), None)
-
def test_construction_wrong_args(self):
"""
Calling :py:obj:`OpenSSL.crypto.CRL` with any number of arguments
@@ -3056,7 +2892,6 @@
self.assertRaises(TypeError, CRL, "")
self.assertRaises(TypeError, CRL, None)
-
def _get_crl(self):
"""
Get a new ``CRL`` with a revocation.
@@ -3070,7 +2905,6 @@
crl.add_revoked(revoked)
return crl
-
def test_export_pem(self):
"""
If not passed a format, ``CRL.export`` returns a "PEM" format string
@@ -3090,7 +2924,6 @@
b('Issuer: /C=US/ST=IL/L=Chicago/O=Testing/CN=Testing Root CA')
)
-
def test_export_der(self):
"""
If passed ``FILETYPE_ASN1`` for the format, ``CRL.export`` returns a
@@ -3110,7 +2943,6 @@
b('Issuer: /C=US/ST=IL/L=Chicago/O=Testing/CN=Testing Root CA')
)
-
def test_export_text(self):
"""
If passed ``FILETYPE_TEXT`` for the format, ``CRL.export`` returns a
@@ -3128,7 +2960,6 @@
dumped_text = crl.export(self.cert, self.pkey, type=FILETYPE_TEXT)
self.assertEqual(text, dumped_text)
-
def test_export_custom_digest(self):
"""
If passed the name of a digest function, ``CRL.export`` uses a
@@ -3139,7 +2970,6 @@
text = _runopenssl(dumped_crl, b"crl", b"-noout", b"-text")
text.index(b('Signature Algorithm: sha1'))
-
def test_export_md5_digest(self):
"""
If passed md5 as the digest function, ``CRL.export`` uses md5 and does
@@ -3153,7 +2983,6 @@
text = _runopenssl(dumped_crl, b"crl", b"-noout", b"-text")
text.index(b('Signature Algorithm: md5'))
-
def test_export_default_digest(self):
"""
If not passed the name of a digest function, ``CRL.export`` uses a
@@ -3171,7 +3000,6 @@
text = _runopenssl(dumped_crl, b"crl", b"-noout", b"-text")
text.index(b('Signature Algorithm: md5'))
-
def test_export_invalid(self):
"""
If :py:obj:`CRL.export` is used with an uninitialized :py:obj:`X509`
@@ -3180,7 +3008,6 @@
crl = CRL()
self.assertRaises(Error, crl.export, X509(), PKey())
-
def test_add_revoked_keyword(self):
"""
:py:obj:`OpenSSL.CRL.add_revoked` accepts its single argument as the
@@ -3191,7 +3018,6 @@
crl.add_revoked(revoked=revoked)
self.assertTrue(isinstance(crl.get_revoked()[0], Revoked))
-
def test_export_wrong_args(self):
"""
Calling :py:obj:`OpenSSL.CRL.export` with fewer than two or more than
@@ -3209,7 +3035,6 @@
self.assertRaises(TypeError, crl.export, self.cert, self.pkey, None, 10)
self.assertRaises(TypeError, crl.export, self.cert, FILETYPE_PEM, None)
-
def test_export_unknown_filetype(self):
"""
Calling :py:obj:`OpenSSL.CRL.export` with a file type other than
@@ -3232,7 +3057,6 @@
self.cert, self.pkey, FILETYPE_PEM, 10, b"strange-digest"
)
-
def test_get_revoked(self):
"""
Use python to create a simple CRL with two revocations.
@@ -3259,7 +3083,6 @@
self.assertEqual(revs[0].get_rev_date(), now)
self.assertEqual(revs[1].get_rev_date(), now)
-
def test_get_revoked_wrong_args(self):
"""
Calling :py:obj:`OpenSSL.CRL.get_revoked` with any arguments results
@@ -3271,7 +3094,6 @@
self.assertRaises(TypeError, crl.get_revoked, "")
self.assertRaises(TypeError, crl.get_revoked, "", 1, None)
-
def test_add_revoked_wrong_args(self):
"""
Calling :py:obj:`OpenSSL.CRL.add_revoked` with other than one
@@ -3282,7 +3104,6 @@
self.assertRaises(TypeError, crl.add_revoked, 1, 2)
self.assertRaises(TypeError, crl.add_revoked, "foo", "bar")
-
def test_load_crl(self):
"""
Load a known CRL and inspect its revocations. Both
@@ -3305,7 +3126,6 @@
self.assertEqual(revs[1].get_serial(), b('0100'))
self.assertEqual(revs[1].get_reason(), b('Superseded'))
-
def test_load_crl_wrong_args(self):
"""
Calling :py:obj:`OpenSSL.crypto.load_crl` with other than two
@@ -3315,7 +3135,6 @@
self.assertRaises(TypeError, load_crl, FILETYPE_PEM)
self.assertRaises(TypeError, load_crl, FILETYPE_PEM, crlData, None)
-
def test_load_crl_bad_filetype(self):
"""
Calling :py:obj:`OpenSSL.crypto.load_crl` with an unknown file type
@@ -3323,7 +3142,6 @@
"""
self.assertRaises(ValueError, load_crl, 100, crlData)
-
def test_load_crl_bad_data(self):
"""
Calling :py:obj:`OpenSSL.crypto.load_crl` with file data which can't
@@ -3352,7 +3170,6 @@
store_ctx = X509StoreContext(store, self.intermediate_server_cert)
self.assertEqual(store_ctx.verify_certificate(), None)
-
def test_reuse(self):
"""
:py:obj:`verify_certificate` can be called multiple times with the same
@@ -3365,7 +3182,6 @@
self.assertEqual(store_ctx.verify_certificate(), None)
self.assertEqual(store_ctx.verify_certificate(), None)
-
def test_trusted_self_signed(self):
"""
:py:obj:`verify_certificate` returns ``None`` when called with a self-signed
@@ -3376,7 +3192,6 @@
store_ctx = X509StoreContext(store, self.root_cert)
self.assertEqual(store_ctx.verify_certificate(), None)
-
def test_untrusted_self_signed(self):
"""
:py:obj:`verify_certificate` raises error when a self-signed certificate is
@@ -3388,7 +3203,6 @@
self.assertEqual(e.args[0][2], 'self signed certificate')
self.assertEqual(e.certificate.get_subject().CN, 'Testing Root CA')
-
def test_invalid_chain_no_root(self):
"""
:py:obj:`verify_certificate` raises error when a root certificate is missing
@@ -3401,7 +3215,6 @@
self.assertEqual(e.args[0][2], 'unable to get issuer certificate')
self.assertEqual(e.certificate.get_subject().CN, 'intermediate')
-
def test_invalid_chain_no_intermediate(self):
"""
:py:obj:`verify_certificate` raises error when an intermediate certificate is
@@ -3433,11 +3246,11 @@
self.assertEqual(store_ctx.verify_certificate(), None)
-
class SignVerifyTests(TestCase):
"""
Tests for :py:obj:`OpenSSL.crypto.sign` and :py:obj:`OpenSSL.crypto.verify`.
"""
+
def test_sign_verify(self):
"""
:py:obj:`sign` generates a cryptographic signature which :py:obj:`verify` can check.
@@ -3459,7 +3272,8 @@
for digest in ['md5', 'sha1']:
sig = sign(priv_key, content, digest)
- # Verify the signature of content, will throw an exception if error.
+ # Verify the signature of content, will throw an exception if
+ # error.
verify(good_cert, sig, content, digest)
# This should fail because the certificate doesn't match the
@@ -3478,7 +3292,6 @@
self.assertRaises(
ValueError, verify, good_cert, sig, content, "strange-digest")
-
def test_sign_verify_with_text(self):
"""
:py:obj:`sign` generates a cryptographic signature which :py:obj:`verify` can check.
@@ -3519,7 +3332,6 @@
)
self.assertIs(w[-1].category, DeprecationWarning)
-
def test_sign_nulls(self):
"""
:py:obj:`sign` produces a signature for a string with embedded nulls.
@@ -3531,19 +3343,18 @@
verify(good_cert, sig, content, "sha1")
-
class EllipticCurveTests(TestCase):
"""
Tests for :py:class:`_EllipticCurve`, :py:obj:`get_elliptic_curve`, and
:py:obj:`get_elliptic_curves`.
"""
+
def test_set(self):
"""
:py:obj:`get_elliptic_curves` returns a :py:obj:`set`.
"""
self.assertIsInstance(get_elliptic_curves(), set)
-
def test_some_curves(self):
"""
If :py:mod:`cryptography` has elliptic curve support then the set
@@ -3559,7 +3370,6 @@
else:
self.assertFalse(curves)
-
def test_a_curve(self):
"""
:py:obj:`get_elliptic_curve` can be used to retrieve a particular
@@ -3572,7 +3382,6 @@
else:
self.assertRaises(ValueError, get_elliptic_curve, u("prime256v1"))
-
def test_not_a_curve(self):
"""
:py:obj:`get_elliptic_curve` raises :py:class:`ValueError` if called
@@ -3581,7 +3390,6 @@
self.assertRaises(
ValueError, get_elliptic_curve, u("this curve was just invented"))
-
def test_repr(self):
"""
The string representation of a curve object includes simply states the
@@ -3592,7 +3400,6 @@
curve = next(iter(curves))
self.assertEqual("<Curve %r>" % (curve.name,), repr(curve))
-
def test_to_EC_KEY(self):
"""
The curve object can export a version of itself as an EC_KEY* via the
@@ -3607,11 +3414,11 @@
curve._to_EC_KEY()
-
class EllipticCurveFactory(object):
"""
A helper to get the names of two curves.
"""
+
def __init__(self):
curves = iter(get_elliptic_curves())
try:
@@ -3621,7 +3428,6 @@
self.curve_name = self.another_curve_name = None
-
class EllipticCurveEqualityTests(TestCase, EqualityTestsMixin):
"""
Tests :py:type:`_EllipticCurve`\ 's implementation of ``==`` and ``!=``.
@@ -3631,14 +3437,12 @@
if curve_factory.curve_name is None:
skip = "There are no curves available there can be no curve objects."
-
def anInstance(self):
"""
Get the curve object for an arbitrary curve supported by the system.
"""
return get_elliptic_curve(self.curve_factory.curve_name)
-
def anotherInstance(self):
"""
Get the curve object for an arbitrary curve supported by the system -
@@ -3647,7 +3451,6 @@
return get_elliptic_curve(self.curve_factory.another_curve_name)
-
class EllipticCurveHashTests(TestCase):
"""
Tests for :py:type:`_EllipticCurve`\ 's implementation of hashing (thus use
@@ -3658,7 +3461,6 @@
if curve_factory.curve_name is None:
skip = "There are no curves available there can be no curve objects."
-
def test_contains(self):
"""
The ``in`` operator reports that a :py:type:`set` containing a curve
@@ -3668,7 +3470,6 @@
curves = set([curve])
self.assertIn(curve, curves)
-
def test_does_not_contain(self):
"""
The ``in`` operator reports that a :py:type:`set` not containing a
@@ -3679,6 +3480,5 @@
self.assertNotIn(curve, curves)
-
if __name__ == '__main__':
main()