Some more tests, fix some issues with NetscapeSPKI
diff --git a/OpenSSL/crypto/netscape_spki.c b/OpenSSL/crypto/netscape_spki.c
index 4fa9d8d..ada5ef6 100644
--- a/OpenSSL/crypto/netscape_spki.c
+++ b/OpenSSL/crypto/netscape_spki.c
@@ -99,6 +99,16 @@
&digest_name))
return NULL;
+ if (pkey->only_public) {
+ PyErr_SetString(PyExc_ValueError, "Key has only public part");
+ return NULL;
+ }
+
+ if (!pkey->initialized) {
+ PyErr_SetString(PyExc_ValueError, "Key is uninitialized");
+ return NULL;
+ }
+
if ((digest = EVP_get_digestbyname(digest_name)) == NULL)
{
PyErr_SetString(PyExc_ValueError, "No such digest method");
@@ -119,7 +129,9 @@
Verifies a certificate request using the supplied public key\n\
\n\
@param key: a public key\n\
-@return: True if the signature is correct, False otherwise.\n\
+@return: True if the signature is correct.\n\
+@raise OpenSSL.crypto.Error: If the signature is invalid or there is a\n\
+ problem verifying the signature.\n\
";
PyObject *
@@ -128,11 +140,11 @@
crypto_PKeyObj *pkey;
int answer;
- if (!PyArg_ParseTuple(args, "O!:verify", &crypto_PKey_Type, &pkey))
+ if (!PyArg_ParseTuple(args, "O!:verify", &crypto_PKey_Type, &pkey)) {
return NULL;
+ }
- if ((answer = NETSCAPE_SPKI_verify(self->netscape_spki, pkey->pkey)) < 0)
- {
+ if ((answer = NETSCAPE_SPKI_verify(self->netscape_spki, pkey->pkey)) <= 0) {
exception_from_error_queue(crypto_Error);
return NULL;
}
@@ -170,6 +182,7 @@
{
crypto_PKeyObj *crypto_PKey_New(EVP_PKEY *, int);
EVP_PKEY *pkey;
+ crypto_PKeyObj *py_pkey;
if (!PyArg_ParseTuple(args, ":get_pubkey"))
return NULL;
@@ -180,7 +193,11 @@
return NULL;
}
- return (PyObject *)crypto_PKey_New(pkey, 0);
+ py_pkey = crypto_PKey_New(pkey, 1);
+ if (py_pkey != NULL) {
+ py_pkey->only_public = 1;
+ }
+ return (PyObject *)py_pkey;
}
static char crypto_NetscapeSPKI_set_pubkey_doc[] = "\n\
diff --git a/OpenSSL/test/test_crypto.py b/OpenSSL/test/test_crypto.py
index 168596e..8f4db2c 100644
--- a/OpenSSL/test/test_crypto.py
+++ b/OpenSSL/test/test_crypto.py
@@ -788,6 +788,27 @@
self.assertRaises(ValueError, request.sign, pub, 'MD5')
+ def test_sign(self):
+ """
+ L{X509Req.sign} succeeds when passed a private key object and a valid
+ digest function. C{X509Req.verify} can be used to check the signature.
+ """
+ request = self.signable()
+ key = PKey()
+ key.generate_key(TYPE_RSA, 512)
+ request.set_pubkey(key)
+ request.sign(key, 'MD5')
+ # If the type has a verify method, cover that too.
+ if getattr(request, 'verify', None) is not None:
+ pub = request.get_pubkey()
+ self.assertTrue(request.verify(pub))
+ # Make another key that won't verify.
+ key = PKey()
+ key.generate_key(TYPE_RSA, 512)
+ self.assertRaises(Error, request.verify, key)
+
+
+
class X509ReqTests(TestCase, _PKeyInteractionTestsMixin):
"""
@@ -889,25 +910,6 @@
self.assertRaises(TypeError, request.add_extensions, [], None)
- def test_sign(self):
- """
- L{X509Req.sign} succeeds when passed a private key object and a valid
- digest function. C{X509Req.verify} can be used to check the signature.
- """
- request = self.signable()
- key = PKey()
- key.generate_key(TYPE_RSA, 512)
- request.set_pubkey(key)
- request.sign(key, 'MD5')
- pub = request.get_pubkey()
- self.assertTrue(request.verify(pub))
-
- # Make another key that won't verify.
- key = PKey()
- key.generate_key(TYPE_RSA, 512)
- self.assertRaises(Error, request.verify, key)
-
-
class X509Tests(TestCase, _PKeyInteractionTestsMixin):
"""
@@ -1968,10 +1970,17 @@
-class NetscapeSPKITests(TestCase):
+class NetscapeSPKITests(TestCase, _PKeyInteractionTestsMixin):
"""
Tests for L{OpenSSL.crypto.NetscapeSPKI}.
"""
+ def signable(self):
+ """
+ Return a new L{NetscapeSPKI} for use with signing tests.
+ """
+ return NetscapeSPKI()
+
+
def test_type(self):
"""
L{NetscapeSPKI} and L{NetscapeSPKIType} refer to the same type object
@@ -1988,6 +1997,7 @@
nspki = NetscapeSPKI()
self.assertTrue(isinstance(nspki, NetscapeSPKIType))
+
# XXX sign
# XXX verify
# XXX get_pubkey