Jean-Paul Calderone | 8671c85 | 2011-03-02 19:26:20 -0500 | [diff] [blame] | 1 | # Copyright (c) Jean-Paul Calderone |
| 2 | # See LICENSE file for details. |
Jean-Paul Calderone | 8b63d45 | 2008-03-21 18:31:12 -0400 | [diff] [blame] | 3 | |
Jean-Paul Calderone | d8782ad | 2008-03-04 23:39:59 -0500 | [diff] [blame] | 4 | """ |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 5 | Unit tests for :py:mod:`OpenSSL.crypto`. |
Jean-Paul Calderone | d8782ad | 2008-03-04 23:39:59 -0500 | [diff] [blame] | 6 | """ |
| 7 | |
Jean-Paul Calderone | 0b88b6a | 2009-07-05 12:44:41 -0400 | [diff] [blame] | 8 | from unittest import main |
Jean-Paul Calderone | 6043279 | 2015-04-13 12:26:07 -0400 | [diff] [blame] | 9 | from warnings import catch_warnings, simplefilter |
Jean-Paul Calderone | 0b88b6a | 2009-07-05 12:44:41 -0400 | [diff] [blame] | 10 | |
Alex Gaynor | 4b9c96a | 2014-08-14 09:51:48 -0700 | [diff] [blame] | 11 | import base64 |
| 12 | import os |
| 13 | import re |
Jean-Paul Calderone | 62ca8da | 2010-08-11 19:58:08 -0400 | [diff] [blame] | 14 | from subprocess import PIPE, Popen |
Rick Dean | 47262da | 2009-07-08 16:17:17 -0500 | [diff] [blame] | 15 | from datetime import datetime, timedelta |
Jean-Paul Calderone | d8782ad | 2008-03-04 23:39:59 -0500 | [diff] [blame] | 16 | |
Alex Gaynor | 791212d | 2015-09-05 15:46:08 -0400 | [diff] [blame] | 17 | import pytest |
| 18 | |
Alex Gaynor | b8e3899 | 2015-09-04 08:14:04 -0400 | [diff] [blame] | 19 | from six import u, b, binary_type |
Jean-Paul Calderone | 4f0467a | 2014-01-11 11:58:41 -0500 | [diff] [blame] | 20 | |
Jean-Paul Calderone | d8782ad | 2008-03-04 23:39:59 -0500 | [diff] [blame] | 21 | from OpenSSL.crypto import TYPE_RSA, TYPE_DSA, Error, PKey, PKeyType |
Jean-Paul Calderone | 78381d2 | 2008-03-06 23:35:22 -0500 | [diff] [blame] | 22 | from OpenSSL.crypto import X509, X509Type, X509Name, X509NameType |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 23 | from OpenSSL.crypto import ( |
Dan Sully | 44e767a | 2016-06-04 18:05:27 -0700 | [diff] [blame] | 24 | X509Store, |
| 25 | X509StoreFlags, |
| 26 | X509StoreType, |
| 27 | X509StoreContext, |
| 28 | X509StoreContextError |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 29 | ) |
Stephen Holsapple | 0d9815f | 2014-08-27 19:36:53 -0700 | [diff] [blame] | 30 | from OpenSSL.crypto import X509Req, X509ReqType |
Jean-Paul Calderone | e7db4b4 | 2008-12-31 13:39:24 -0500 | [diff] [blame] | 31 | from OpenSSL.crypto import X509Extension, X509ExtensionType |
Rick Dean | 5b7b637 | 2009-04-01 11:34:06 -0500 | [diff] [blame] | 32 | from OpenSSL.crypto import load_certificate, load_privatekey |
Cory Benfield | 6492f7c | 2015-10-27 16:57:58 +0900 | [diff] [blame] | 33 | from OpenSSL.crypto import load_publickey, dump_publickey |
Jean-Paul Calderone | f17e421 | 2009-04-01 14:21:40 -0400 | [diff] [blame] | 34 | from OpenSSL.crypto import FILETYPE_PEM, FILETYPE_ASN1, FILETYPE_TEXT |
Jean-Paul Calderone | 7191986 | 2009-04-01 13:01:19 -0400 | [diff] [blame] | 35 | from OpenSSL.crypto import dump_certificate, load_certificate_request |
| 36 | from OpenSSL.crypto import dump_certificate_request, dump_privatekey |
Jean-Paul Calderone | dc138fa | 2009-06-27 14:32:07 -0400 | [diff] [blame] | 37 | from OpenSSL.crypto import PKCS7Type, load_pkcs7_data |
Jean-Paul Calderone | 9178ee6 | 2010-01-25 17:55:30 -0500 | [diff] [blame] | 38 | from OpenSSL.crypto import PKCS12, PKCS12Type, load_pkcs12 |
Dominic Chen | f05b212 | 2015-10-13 16:32:35 +0000 | [diff] [blame] | 39 | from OpenSSL.crypto import CRL, Revoked, dump_crl, load_crl |
Jean-Paul Calderone | dc138fa | 2009-06-27 14:32:07 -0400 | [diff] [blame] | 40 | from OpenSSL.crypto import NetscapeSPKI, NetscapeSPKIType |
Jean-Paul Calderone | c09fd58 | 2014-04-18 22:00:10 -0400 | [diff] [blame] | 41 | from OpenSSL.crypto import ( |
| 42 | sign, verify, get_elliptic_curve, get_elliptic_curves) |
Hynek Schlawack | f0e6685 | 2015-10-16 20:18:38 +0200 | [diff] [blame] | 43 | from OpenSSL._util import native, lib |
| 44 | |
| 45 | from .util import ( |
Jean-Paul Calderone | 6462b07 | 2015-03-29 07:03:11 -0400 | [diff] [blame] | 46 | EqualityTestsMixin, TestCase, WARNING_TYPE_EXPECTED |
| 47 | ) |
Jean-Paul Calderone | add7bf0 | 2010-08-22 17:38:30 -0400 | [diff] [blame] | 48 | |
Alex Gaynor | aceb3e2 | 2015-09-05 12:00:22 -0400 | [diff] [blame] | 49 | |
Jean-Paul Calderone | 9da338d | 2011-05-04 11:40:54 -0400 | [diff] [blame] | 50 | def normalize_certificate_pem(pem): |
| 51 | return dump_certificate(FILETYPE_PEM, load_certificate(FILETYPE_PEM, pem)) |
| 52 | |
| 53 | |
| 54 | def normalize_privatekey_pem(pem): |
| 55 | return dump_privatekey(FILETYPE_PEM, load_privatekey(FILETYPE_PEM, pem)) |
| 56 | |
Jean-Paul Calderone | add7bf0 | 2010-08-22 17:38:30 -0400 | [diff] [blame] | 57 | |
Jean-Paul Calderone | 4f0467a | 2014-01-11 11:58:41 -0500 | [diff] [blame] | 58 | GOOD_CIPHER = "blowfish" |
| 59 | BAD_CIPHER = "zippers" |
| 60 | |
Anthony Alba | 2ce737f | 2015-12-04 11:04:56 +0800 | [diff] [blame] | 61 | GOOD_DIGEST = "SHA1" |
Jean-Paul Calderone | 4f0467a | 2014-01-11 11:58:41 -0500 | [diff] [blame] | 62 | BAD_DIGEST = "monkeys" |
| 63 | |
Jean-Paul Calderone | add7bf0 | 2010-08-22 17:38:30 -0400 | [diff] [blame] | 64 | root_cert_pem = b("""-----BEGIN CERTIFICATE----- |
Rick Dean | 94e46fd | 2009-07-18 14:51:24 -0500 | [diff] [blame] | 65 | MIIC7TCCAlagAwIBAgIIPQzE4MbeufQwDQYJKoZIhvcNAQEFBQAwWDELMAkGA1UE |
| 66 | BhMCVVMxCzAJBgNVBAgTAklMMRAwDgYDVQQHEwdDaGljYWdvMRAwDgYDVQQKEwdU |
| 67 | ZXN0aW5nMRgwFgYDVQQDEw9UZXN0aW5nIFJvb3QgQ0EwIhgPMjAwOTAzMjUxMjM2 |
| 68 | NThaGA8yMDE3MDYxMTEyMzY1OFowWDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAklM |
| 69 | MRAwDgYDVQQHEwdDaGljYWdvMRAwDgYDVQQKEwdUZXN0aW5nMRgwFgYDVQQDEw9U |
| 70 | ZXN0aW5nIFJvb3QgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPmaQumL |
| 71 | urpE527uSEHdL1pqcDRmWzu+98Y6YHzT/J7KWEamyMCNZ6fRW1JCR782UQ8a07fy |
| 72 | 2xXsKy4WdKaxyG8CcatwmXvpvRQ44dSANMihHELpANTdyVp6DCysED6wkQFurHlF |
| 73 | 1dshEaJw8b/ypDhmbVIo6Ci1xvCJqivbLFnbAgMBAAGjgbswgbgwHQYDVR0OBBYE |
| 74 | FINVdy1eIfFJDAkk51QJEo3IfgSuMIGIBgNVHSMEgYAwfoAUg1V3LV4h8UkMCSTn |
| 75 | VAkSjch+BK6hXKRaMFgxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJJTDEQMA4GA1UE |
| 76 | BxMHQ2hpY2FnbzEQMA4GA1UEChMHVGVzdGluZzEYMBYGA1UEAxMPVGVzdGluZyBS |
| 77 | b290IENBggg9DMTgxt659DAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GB |
| 78 | AGGCDazMJGoWNBpc03u6+smc95dEead2KlZXBATOdFT1VesY3+nUOqZhEhTGlDMi |
| 79 | hkgaZnzoIq/Uamidegk4hirsCT/R+6vsKAAxNTcBjUeZjlykCJWy5ojShGftXIKY |
| 80 | w/njVbKMXrvc83qmTdGl3TAM0fxQIpqgcglFLveEBgzn |
| 81 | -----END CERTIFICATE----- |
Jean-Paul Calderone | add7bf0 | 2010-08-22 17:38:30 -0400 | [diff] [blame] | 82 | """) |
Rick Dean | 94e46fd | 2009-07-18 14:51:24 -0500 | [diff] [blame] | 83 | |
Jean-Paul Calderone | add7bf0 | 2010-08-22 17:38:30 -0400 | [diff] [blame] | 84 | root_key_pem = b("""-----BEGIN RSA PRIVATE KEY----- |
Rick Dean | 94e46fd | 2009-07-18 14:51:24 -0500 | [diff] [blame] | 85 | MIICXQIBAAKBgQD5mkLpi7q6ROdu7khB3S9aanA0Zls7vvfGOmB80/yeylhGpsjA |
| 86 | jWen0VtSQke/NlEPGtO38tsV7CsuFnSmschvAnGrcJl76b0UOOHUgDTIoRxC6QDU |
| 87 | 3claegwsrBA+sJEBbqx5RdXbIRGicPG/8qQ4Zm1SKOgotcbwiaor2yxZ2wIDAQAB |
| 88 | AoGBAPCgMpmLxzwDaUmcFbTJUvlLW1hoxNNYSu2jIZm1k/hRAcE60JYwvBkgz3UB |
| 89 | yMEh0AtLxYe0bFk6EHah11tMUPgscbCq73snJ++8koUw+csk22G65hOs51bVb7Aa |
| 90 | 6JBe67oLzdtvgCUFAA2qfrKzWRZzAdhUirQUZgySZk+Xq1pBAkEA/kZG0A6roTSM |
| 91 | BVnx7LnPfsycKUsTumorpXiylZJjTi9XtmzxhrYN6wgZlDOOwOLgSQhszGpxVoMD |
| 92 | u3gByT1b2QJBAPtL3mSKdvwRu/+40zaZLwvSJRxaj0mcE4BJOS6Oqs/hS1xRlrNk |
| 93 | PpQ7WJ4yM6ZOLnXzm2mKyxm50Mv64109FtMCQQDOqS2KkjHaLowTGVxwC0DijMfr |
| 94 | I9Lf8sSQk32J5VWCySWf5gGTfEnpmUa41gKTMJIbqZZLucNuDcOtzUaeWZlZAkA8 |
| 95 | ttXigLnCqR486JDPTi9ZscoZkZ+w7y6e/hH8t6d5Vjt48JVyfjPIaJY+km58LcN3 |
| 96 | 6AWSeGAdtRFHVzR7oHjVAkB4hutvxiOeiIVQNBhM6RSI9aBPMI21DoX2JRoxvNW2 |
| 97 | cbvAhow217X9V0dVerEOKxnNYspXRrh36h7k4mQA+sDq |
| 98 | -----END RSA PRIVATE KEY----- |
Jean-Paul Calderone | add7bf0 | 2010-08-22 17:38:30 -0400 | [diff] [blame] | 99 | """) |
Rick Dean | 94e46fd | 2009-07-18 14:51:24 -0500 | [diff] [blame] | 100 | |
Stephen Holsapple | 0d9815f | 2014-08-27 19:36:53 -0700 | [diff] [blame] | 101 | intermediate_cert_pem = b("""-----BEGIN CERTIFICATE----- |
| 102 | MIICVzCCAcCgAwIBAgIRAMPzhm6//0Y/g2pmnHR2C4cwDQYJKoZIhvcNAQENBQAw |
| 103 | WDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAklMMRAwDgYDVQQHEwdDaGljYWdvMRAw |
| 104 | DgYDVQQKEwdUZXN0aW5nMRgwFgYDVQQDEw9UZXN0aW5nIFJvb3QgQ0EwHhcNMTQw |
| 105 | ODI4MDIwNDA4WhcNMjQwODI1MDIwNDA4WjBmMRUwEwYDVQQDEwxpbnRlcm1lZGlh |
| 106 | dGUxDDAKBgNVBAoTA29yZzERMA8GA1UECxMIb3JnLXVuaXQxCzAJBgNVBAYTAlVT |
| 107 | MQswCQYDVQQIEwJDQTESMBAGA1UEBxMJU2FuIERpZWdvMIGfMA0GCSqGSIb3DQEB |
| 108 | AQUAA4GNADCBiQKBgQDYcEQw5lfbEQRjr5Yy4yxAHGV0b9Al+Lmu7wLHMkZ/ZMmK |
| 109 | FGIbljbviiD1Nz97Oh2cpB91YwOXOTN2vXHq26S+A5xe8z/QJbBsyghMur88CjdT |
| 110 | 21H2qwMa+r5dCQwEhuGIiZ3KbzB/n4DTMYI5zy4IYPv0pjxShZn4aZTCCK2IUwID |
| 111 | AQABoxMwETAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAPIWSkLX |
| 112 | QRMApOjjyC+tMxumT5e2pMqChHmxobQK4NMdrf2VCx+cRT6EmY8sK3/Xl/X8UBQ+ |
| 113 | 9n5zXb1ZwhW/sTWgUvmOceJ4/XVs9FkdWOOn1J0XBch9ZIiFe/s5ASIgG7fUdcUF |
| 114 | 9mAWS6FK2ca3xIh5kIupCXOFa0dPvlw/YUFT |
| 115 | -----END CERTIFICATE----- |
| 116 | """) |
| 117 | |
| 118 | intermediate_key_pem = b("""-----BEGIN RSA PRIVATE KEY----- |
| 119 | MIICWwIBAAKBgQDYcEQw5lfbEQRjr5Yy4yxAHGV0b9Al+Lmu7wLHMkZ/ZMmKFGIb |
| 120 | ljbviiD1Nz97Oh2cpB91YwOXOTN2vXHq26S+A5xe8z/QJbBsyghMur88CjdT21H2 |
| 121 | qwMa+r5dCQwEhuGIiZ3KbzB/n4DTMYI5zy4IYPv0pjxShZn4aZTCCK2IUwIDAQAB |
| 122 | AoGAfSZVV80pSeOKHTYfbGdNY/jHdU9eFUa/33YWriXU+77EhpIItJjkRRgivIfo |
| 123 | rhFJpBSGmDLblaqepm8emsXMeH4+2QzOYIf0QGGP6E6scjTt1PLqdqKfVJ1a2REN |
| 124 | 147cujNcmFJb/5VQHHMpaPTgttEjlzuww4+BCDPsVRABWrkCQQD3loH36nLoQTtf |
| 125 | +kQq0T6Bs9/UWkTAGo0ND81ALj0F8Ie1oeZg6RNT96RxZ3aVuFTESTv6/TbjWywO |
| 126 | wdzlmV1vAkEA38rTJ6PTwaJlw5OttdDzAXGPB9tDmzh9oSi7cHwQQXizYd8MBYx4 |
| 127 | sjHUKD3dCQnb1dxJFhd3BT5HsnkRMbVZXQJAbXduH17ZTzcIOXc9jHDXYiFVZV5D |
| 128 | 52vV0WCbLzVCZc3jMrtSUKa8lPN5EWrdU3UchWybyG0MR5mX8S5lrF4SoQJAIyUD |
| 129 | DBKaSqpqONCUUx1BTFS9FYrFjzbL4+c1qHCTTPTblt8kUCrDOZjBrKAqeiTmNSum |
| 130 | /qUot9YUBF8m6BuGsQJATHHmdFy/fG1VLkyBp49CAa8tN3Z5r/CgTznI4DfMTf4C |
| 131 | NbRHn2UmYlwQBa+L5lg9phewNe8aEwpPyPLoV85U8Q== |
| 132 | -----END RSA PRIVATE KEY----- |
| 133 | """) |
| 134 | |
Jean-Paul Calderone | add7bf0 | 2010-08-22 17:38:30 -0400 | [diff] [blame] | 135 | server_cert_pem = b("""-----BEGIN CERTIFICATE----- |
Rick Dean | 94e46fd | 2009-07-18 14:51:24 -0500 | [diff] [blame] | 136 | MIICKDCCAZGgAwIBAgIJAJn/HpR21r/8MA0GCSqGSIb3DQEBBQUAMFgxCzAJBgNV |
| 137 | BAYTAlVTMQswCQYDVQQIEwJJTDEQMA4GA1UEBxMHQ2hpY2FnbzEQMA4GA1UEChMH |
| 138 | VGVzdGluZzEYMBYGA1UEAxMPVGVzdGluZyBSb290IENBMCIYDzIwMDkwMzI1MTIz |
| 139 | NzUzWhgPMjAxNzA2MTExMjM3NTNaMBgxFjAUBgNVBAMTDWxvdmVseSBzZXJ2ZXIw |
| 140 | gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL6m+G653V0tpBC/OKl22VxOi2Cv |
| 141 | lK4TYu9LHSDP9uDVTe7V5D5Tl6qzFoRRx5pfmnkqT5B+W9byp2NU3FC5hLm5zSAr |
| 142 | b45meUhjEJ/ifkZgbNUjHdBIGP9MAQUHZa5WKdkGIJvGAvs8UzUqlr4TBWQIB24+ |
| 143 | lJ+Ukk/CRgasrYwdAgMBAAGjNjA0MB0GA1UdDgQWBBS4kC7Ij0W1TZXZqXQFAM2e |
| 144 | gKEG2DATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQUFAAOBgQBh30Li |
| 145 | dJ+NlxIOx5343WqIBka3UbsOb2kxWrbkVCrvRapCMLCASO4FqiKWM+L0VDBprqIp |
| 146 | 2mgpFQ6FHpoIENGvJhdEKpptQ5i7KaGhnDNTfdy3x1+h852G99f1iyj0RmbuFcM8 |
| 147 | uzujnS8YXWvM7DM1Ilozk4MzPug8jzFp5uhKCQ== |
| 148 | -----END CERTIFICATE----- |
Jean-Paul Calderone | add7bf0 | 2010-08-22 17:38:30 -0400 | [diff] [blame] | 149 | """) |
Rick Dean | 94e46fd | 2009-07-18 14:51:24 -0500 | [diff] [blame] | 150 | |
Jean-Paul Calderone | 9da338d | 2011-05-04 11:40:54 -0400 | [diff] [blame] | 151 | server_key_pem = normalize_privatekey_pem(b("""-----BEGIN RSA PRIVATE KEY----- |
Rick Dean | 94e46fd | 2009-07-18 14:51:24 -0500 | [diff] [blame] | 152 | MIICWwIBAAKBgQC+pvhuud1dLaQQvzipdtlcTotgr5SuE2LvSx0gz/bg1U3u1eQ+ |
| 153 | U5eqsxaEUceaX5p5Kk+QflvW8qdjVNxQuYS5uc0gK2+OZnlIYxCf4n5GYGzVIx3Q |
| 154 | SBj/TAEFB2WuVinZBiCbxgL7PFM1Kpa+EwVkCAduPpSflJJPwkYGrK2MHQIDAQAB |
| 155 | AoGAbwuZ0AR6JveahBaczjfnSpiFHf+mve2UxoQdpyr6ROJ4zg/PLW5K/KXrC48G |
| 156 | j6f3tXMrfKHcpEoZrQWUfYBRCUsGD5DCazEhD8zlxEHahIsqpwA0WWssJA2VOLEN |
| 157 | j6DuV2pCFbw67rfTBkTSo32ahfXxEKev5KswZk0JIzH3ooECQQDgzS9AI89h0gs8 |
| 158 | Dt+1m11Rzqo3vZML7ZIyGApUzVan+a7hbc33nbGRkAXjHaUBJO31it/H6dTO+uwX |
| 159 | msWwNG5ZAkEA2RyFKs5xR5USTFaKLWCgpH/ydV96KPOpBND7TKQx62snDenFNNbn |
| 160 | FwwOhpahld+vqhYk+pfuWWUpQciE+Bu7ZQJASjfT4sQv4qbbKK/scePicnDdx9th |
| 161 | 4e1EeB9xwb+tXXXUo/6Bor/AcUNwfiQ6Zt9PZOK9sR3lMZSsP7rMi7kzuQJABie6 |
| 162 | 1sXXjFH7nNJvRG4S39cIxq8YRYTy68II/dlB2QzGpKxV/POCxbJ/zu0CU79tuYK7 |
| 163 | NaeNCFfH3aeTrX0LyQJAMBWjWmeKM2G2sCExheeQK0ROnaBC8itCECD4Jsve4nqf |
| 164 | r50+LF74iLXFwqysVCebPKMOpDWp/qQ1BbJQIPs7/A== |
| 165 | -----END RSA PRIVATE KEY----- |
Jean-Paul Calderone | 9da338d | 2011-05-04 11:40:54 -0400 | [diff] [blame] | 166 | """)) |
Rick Dean | 94e46fd | 2009-07-18 14:51:24 -0500 | [diff] [blame] | 167 | |
Stephen Holsapple | 0d9815f | 2014-08-27 19:36:53 -0700 | [diff] [blame] | 168 | intermediate_server_cert_pem = b("""-----BEGIN CERTIFICATE----- |
| 169 | MIICWDCCAcGgAwIBAgIRAPQFY9jfskSihdiNSNdt6GswDQYJKoZIhvcNAQENBQAw |
| 170 | ZjEVMBMGA1UEAxMMaW50ZXJtZWRpYXRlMQwwCgYDVQQKEwNvcmcxETAPBgNVBAsT |
| 171 | CG9yZy11bml0MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEjAQBgNVBAcTCVNh |
| 172 | biBEaWVnbzAeFw0xNDA4MjgwMjEwNDhaFw0yNDA4MjUwMjEwNDhaMG4xHTAbBgNV |
| 173 | BAMTFGludGVybWVkaWF0ZS1zZXJ2aWNlMQwwCgYDVQQKEwNvcmcxETAPBgNVBAsT |
| 174 | CG9yZy11bml0MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEjAQBgNVBAcTCVNh |
| 175 | biBEaWVnbzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqpJZygd+w1faLOr1 |
| 176 | iOAmbBhx5SZWcTCZ/ZjHQTJM7GuPT624QkqsixFghRKdDROwpwnAP7gMRukLqiy4 |
| 177 | +kRuGT5OfyGggL95i2xqA+zehjj08lSTlvGHpePJgCyTavIy5+Ljsj4DKnKyuhxm |
| 178 | biXTRrH83NDgixVkObTEmh/OVK0CAwEAATANBgkqhkiG9w0BAQ0FAAOBgQBa0Npw |
| 179 | UkzjaYEo1OUE1sTI6Mm4riTIHMak4/nswKh9hYup//WVOlr/RBSBtZ7Q/BwbjobN |
| 180 | 3bfAtV7eSAqBsfxYXyof7G1ALANQERkq3+oyLP1iVt08W1WOUlIMPhdCF/QuCwy6 |
| 181 | x9MJLhUCGLJPM+O2rAPWVD9wCmvq10ALsiH3yA== |
| 182 | -----END CERTIFICATE----- |
| 183 | """) |
| 184 | |
| 185 | intermediate_server_key_pem = b("""-----BEGIN RSA PRIVATE KEY----- |
| 186 | MIICXAIBAAKBgQCqklnKB37DV9os6vWI4CZsGHHlJlZxMJn9mMdBMkzsa49PrbhC |
| 187 | SqyLEWCFEp0NE7CnCcA/uAxG6QuqLLj6RG4ZPk5/IaCAv3mLbGoD7N6GOPTyVJOW |
| 188 | 8Yel48mALJNq8jLn4uOyPgMqcrK6HGZuJdNGsfzc0OCLFWQ5tMSaH85UrQIDAQAB |
| 189 | AoGAIQ594j5zna3/9WaPsTgnmhlesVctt4AAx/n827DA4ayyuHFlXUuVhtoWR5Pk |
| 190 | 5ezj9mtYW8DyeCegABnsu2vZni/CdvU6uiS1Hv6qM1GyYDm9KWgovIP9rQCDSGaz |
| 191 | d57IWVGxx7ODFkm3gN5nxnSBOFVHytuW1J7FBRnEsehRroECQQDXHFOv82JuXDcz |
| 192 | z3+4c74IEURdOHcbycxlppmK9kFqm5lsUdydnnGW+mvwDk0APOB7Wg7vyFyr393e |
| 193 | dpmBDCzNAkEAyv6tVbTKUYhSjW+QhabJo896/EqQEYUmtMXxk4cQnKeR/Ao84Rkf |
| 194 | EqD5IykMUfUI0jJU4DGX+gWZ10a7kNbHYQJAVFCuHNFxS4Cpwo0aqtnzKoZaHY/8 |
| 195 | X9ABZfafSHCtw3Op92M+7ikkrOELXdS9KdKyyqbKJAKNEHF3LbOfB44WIQJAA2N4 |
| 196 | 9UNNVUsXRbElEnYUS529CdUczo4QdVgQjkvk5RiPAUwSdBd9Q0xYnFOlFwEmIowg |
| 197 | ipWJWe0aAlP18ZcEQQJBAL+5lekZ/GUdQoZ4HAsN5a9syrzavJ9VvU1KOOPorPZK |
| 198 | nMRZbbQgP+aSB7yl6K0gaLaZ8XaK0pjxNBh6ASqg9f4= |
| 199 | -----END RSA PRIVATE KEY----- |
| 200 | """) |
| 201 | |
Jean-Paul Calderone | add7bf0 | 2010-08-22 17:38:30 -0400 | [diff] [blame] | 202 | client_cert_pem = b("""-----BEGIN CERTIFICATE----- |
Rick Dean | 94e46fd | 2009-07-18 14:51:24 -0500 | [diff] [blame] | 203 | MIICJjCCAY+gAwIBAgIJAKxpFI5lODkjMA0GCSqGSIb3DQEBBQUAMFgxCzAJBgNV |
| 204 | BAYTAlVTMQswCQYDVQQIEwJJTDEQMA4GA1UEBxMHQ2hpY2FnbzEQMA4GA1UEChMH |
| 205 | VGVzdGluZzEYMBYGA1UEAxMPVGVzdGluZyBSb290IENBMCIYDzIwMDkwMzI1MTIz |
| 206 | ODA1WhgPMjAxNzA2MTExMjM4MDVaMBYxFDASBgNVBAMTC3VnbHkgY2xpZW50MIGf |
| 207 | MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDAZh/SRtNm5ntMT4qb6YzEpTroMlq2 |
| 208 | rn+GrRHRiZ+xkCw/CGNhbtPir7/QxaUj26BSmQrHw1bGKEbPsWiW7bdXSespl+xK |
| 209 | iku4G/KvnnmWdeJHqsiXeUZtqurMELcPQAw9xPHEuhqqUJvvEoMTsnCEqGM+7Dtb |
| 210 | oCRajYyHfluARQIDAQABozYwNDAdBgNVHQ4EFgQUNQB+qkaOaEVecf1J3TTUtAff |
| 211 | 0fAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQEFBQADgYEAyv/Jh7gM |
| 212 | Q3OHvmsFEEvRI+hsW8y66zK4K5de239Y44iZrFYkt7Q5nBPMEWDj4F2hLYWL/qtI |
| 213 | 9Zdr0U4UDCU9SmmGYh4o7R4TZ5pGFvBYvjhHbkSFYFQXZxKUi+WUxplP6I0wr2KJ |
| 214 | PSTJCjJOn3xo2NTKRgV1gaoTf2EhL+RG8TQ= |
| 215 | -----END CERTIFICATE----- |
Jean-Paul Calderone | add7bf0 | 2010-08-22 17:38:30 -0400 | [diff] [blame] | 216 | """) |
Rick Dean | 94e46fd | 2009-07-18 14:51:24 -0500 | [diff] [blame] | 217 | |
Jean-Paul Calderone | 22cbe50 | 2011-05-04 17:01:43 -0400 | [diff] [blame] | 218 | client_key_pem = normalize_privatekey_pem(b("""-----BEGIN RSA PRIVATE KEY----- |
Rick Dean | 94e46fd | 2009-07-18 14:51:24 -0500 | [diff] [blame] | 219 | MIICXgIBAAKBgQDAZh/SRtNm5ntMT4qb6YzEpTroMlq2rn+GrRHRiZ+xkCw/CGNh |
| 220 | btPir7/QxaUj26BSmQrHw1bGKEbPsWiW7bdXSespl+xKiku4G/KvnnmWdeJHqsiX |
| 221 | eUZtqurMELcPQAw9xPHEuhqqUJvvEoMTsnCEqGM+7DtboCRajYyHfluARQIDAQAB |
| 222 | AoGATkZ+NceY5Glqyl4mD06SdcKfV65814vg2EL7V9t8+/mi9rYL8KztSXGlQWPX |
| 223 | zuHgtRoMl78yQ4ZJYOBVo+nsx8KZNRCEBlE19bamSbQLCeQMenWnpeYyQUZ908gF |
| 224 | h6L9qsFVJepgA9RDgAjyDoS5CaWCdCCPCH2lDkdcqC54SVUCQQDseuduc4wi8h4t |
| 225 | V8AahUn9fn9gYfhoNuM0gdguTA0nPLVWz4hy1yJiWYQe0H7NLNNTmCKiLQaJpAbb |
| 226 | TC6vE8C7AkEA0Ee8CMJUc20BnGEmxwgWcVuqFWaKCo8jTH1X38FlATUsyR3krjW2 |
| 227 | dL3yDD9NwHxsYP7nTKp/U8MV7U9IBn4y/wJBAJl7H0/BcLeRmuJk7IqJ7b635iYB |
| 228 | D/9beFUw3MUXmQXZUfyYz39xf6CDZsu1GEdEC5haykeln3Of4M9d/4Kj+FcCQQCY |
| 229 | si6xwT7GzMDkk/ko684AV3KPc/h6G0yGtFIrMg7J3uExpR/VdH2KgwMkZXisSMvw |
| 230 | JJEQjOMCVsEJlRk54WWjAkEAzoZNH6UhDdBK5F38rVt/y4SEHgbSfJHIAmPS32Kq |
| 231 | f6GGcfNpip0Uk7q7udTKuX7Q/buZi/C4YW7u3VKAquv9NA== |
| 232 | -----END RSA PRIVATE KEY----- |
Jean-Paul Calderone | 22cbe50 | 2011-05-04 17:01:43 -0400 | [diff] [blame] | 233 | """)) |
Jean-Paul Calderone | 828c9cb | 2008-04-26 18:06:54 -0400 | [diff] [blame] | 234 | |
Jean-Paul Calderone | add7bf0 | 2010-08-22 17:38:30 -0400 | [diff] [blame] | 235 | cleartextCertificatePEM = b("""-----BEGIN CERTIFICATE----- |
Jean-Paul Calderone | 20131f5 | 2009-04-01 12:05:45 -0400 | [diff] [blame] | 236 | MIIC7TCCAlagAwIBAgIIPQzE4MbeufQwDQYJKoZIhvcNAQEFBQAwWDELMAkGA1UE |
| 237 | BhMCVVMxCzAJBgNVBAgTAklMMRAwDgYDVQQHEwdDaGljYWdvMRAwDgYDVQQKEwdU |
| 238 | ZXN0aW5nMRgwFgYDVQQDEw9UZXN0aW5nIFJvb3QgQ0EwIhgPMjAwOTAzMjUxMjM2 |
| 239 | NThaGA8yMDE3MDYxMTEyMzY1OFowWDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAklM |
| 240 | MRAwDgYDVQQHEwdDaGljYWdvMRAwDgYDVQQKEwdUZXN0aW5nMRgwFgYDVQQDEw9U |
| 241 | ZXN0aW5nIFJvb3QgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPmaQumL |
| 242 | urpE527uSEHdL1pqcDRmWzu+98Y6YHzT/J7KWEamyMCNZ6fRW1JCR782UQ8a07fy |
| 243 | 2xXsKy4WdKaxyG8CcatwmXvpvRQ44dSANMihHELpANTdyVp6DCysED6wkQFurHlF |
| 244 | 1dshEaJw8b/ypDhmbVIo6Ci1xvCJqivbLFnbAgMBAAGjgbswgbgwHQYDVR0OBBYE |
| 245 | FINVdy1eIfFJDAkk51QJEo3IfgSuMIGIBgNVHSMEgYAwfoAUg1V3LV4h8UkMCSTn |
| 246 | VAkSjch+BK6hXKRaMFgxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJJTDEQMA4GA1UE |
| 247 | BxMHQ2hpY2FnbzEQMA4GA1UEChMHVGVzdGluZzEYMBYGA1UEAxMPVGVzdGluZyBS |
| 248 | b290IENBggg9DMTgxt659DAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GB |
| 249 | AGGCDazMJGoWNBpc03u6+smc95dEead2KlZXBATOdFT1VesY3+nUOqZhEhTGlDMi |
| 250 | hkgaZnzoIq/Uamidegk4hirsCT/R+6vsKAAxNTcBjUeZjlykCJWy5ojShGftXIKY |
| 251 | w/njVbKMXrvc83qmTdGl3TAM0fxQIpqgcglFLveEBgzn |
| 252 | -----END CERTIFICATE----- |
Jean-Paul Calderone | add7bf0 | 2010-08-22 17:38:30 -0400 | [diff] [blame] | 253 | """) |
Jean-Paul Calderone | 828c9cb | 2008-04-26 18:06:54 -0400 | [diff] [blame] | 254 | |
Jean-Paul Calderone | d50d204 | 2011-05-04 17:00:49 -0400 | [diff] [blame] | 255 | cleartextPrivateKeyPEM = normalize_privatekey_pem(b("""\ |
| 256 | -----BEGIN RSA PRIVATE KEY----- |
Jean-Paul Calderone | 20131f5 | 2009-04-01 12:05:45 -0400 | [diff] [blame] | 257 | MIICXQIBAAKBgQD5mkLpi7q6ROdu7khB3S9aanA0Zls7vvfGOmB80/yeylhGpsjA |
| 258 | jWen0VtSQke/NlEPGtO38tsV7CsuFnSmschvAnGrcJl76b0UOOHUgDTIoRxC6QDU |
| 259 | 3claegwsrBA+sJEBbqx5RdXbIRGicPG/8qQ4Zm1SKOgotcbwiaor2yxZ2wIDAQAB |
| 260 | AoGBAPCgMpmLxzwDaUmcFbTJUvlLW1hoxNNYSu2jIZm1k/hRAcE60JYwvBkgz3UB |
| 261 | yMEh0AtLxYe0bFk6EHah11tMUPgscbCq73snJ++8koUw+csk22G65hOs51bVb7Aa |
| 262 | 6JBe67oLzdtvgCUFAA2qfrKzWRZzAdhUirQUZgySZk+Xq1pBAkEA/kZG0A6roTSM |
| 263 | BVnx7LnPfsycKUsTumorpXiylZJjTi9XtmzxhrYN6wgZlDOOwOLgSQhszGpxVoMD |
| 264 | u3gByT1b2QJBAPtL3mSKdvwRu/+40zaZLwvSJRxaj0mcE4BJOS6Oqs/hS1xRlrNk |
| 265 | PpQ7WJ4yM6ZOLnXzm2mKyxm50Mv64109FtMCQQDOqS2KkjHaLowTGVxwC0DijMfr |
| 266 | I9Lf8sSQk32J5VWCySWf5gGTfEnpmUa41gKTMJIbqZZLucNuDcOtzUaeWZlZAkA8 |
| 267 | ttXigLnCqR486JDPTi9ZscoZkZ+w7y6e/hH8t6d5Vjt48JVyfjPIaJY+km58LcN3 |
| 268 | 6AWSeGAdtRFHVzR7oHjVAkB4hutvxiOeiIVQNBhM6RSI9aBPMI21DoX2JRoxvNW2 |
| 269 | cbvAhow217X9V0dVerEOKxnNYspXRrh36h7k4mQA+sDq |
| 270 | -----END RSA PRIVATE KEY----- |
Jean-Paul Calderone | d50d204 | 2011-05-04 17:00:49 -0400 | [diff] [blame] | 271 | """)) |
Jean-Paul Calderone | 828c9cb | 2008-04-26 18:06:54 -0400 | [diff] [blame] | 272 | |
Jean-Paul Calderone | add7bf0 | 2010-08-22 17:38:30 -0400 | [diff] [blame] | 273 | cleartextCertificateRequestPEM = b("""-----BEGIN CERTIFICATE REQUEST----- |
| 274 | MIIBnjCCAQcCAQAwXjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAklMMRAwDgYDVQQH |
| 275 | EwdDaGljYWdvMRcwFQYDVQQKEw5NeSBDb21wYW55IEx0ZDEXMBUGA1UEAxMORnJl |
| 276 | ZGVyaWNrIERlYW4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANp6Y17WzKSw |
| 277 | BsUWkXdqg6tnXy8H8hA1msCMWpc+/2KJ4mbv5NyD6UD+/SqagQqulPbF/DFea9nA |
| 278 | E0zhmHJELcM8gUTIlXv/cgDWnmK4xj8YkjVUiCdqKRAKeuzLG1pGmwwF5lGeJpXN |
| 279 | xQn5ecR0UYSOWj6TTGXB9VyUMQzCClcBAgMBAAGgADANBgkqhkiG9w0BAQUFAAOB |
| 280 | gQAAJGuF/R/GGbeC7FbFW+aJgr9ee0Xbl6nlhu7pTe67k+iiKT2dsl2ti68MVTnu |
| 281 | Vrb3HUNqOkiwsJf6kCtq5oPn3QVYzTa76Dt2y3Rtzv6boRSlmlfrgS92GNma8JfR |
| 282 | oICQk3nAudi6zl1Dix3BCv1pUp5KMtGn3MeDEi6QFGy2rA== |
| 283 | -----END CERTIFICATE REQUEST----- |
| 284 | """) |
Rick Dean | 5b7b637 | 2009-04-01 11:34:06 -0500 | [diff] [blame] | 285 | |
Jean-Paul Calderone | add7bf0 | 2010-08-22 17:38:30 -0400 | [diff] [blame] | 286 | encryptedPrivateKeyPEM = b("""-----BEGIN RSA PRIVATE KEY----- |
Jean-Paul Calderone | 20131f5 | 2009-04-01 12:05:45 -0400 | [diff] [blame] | 287 | Proc-Type: 4,ENCRYPTED |
| 288 | DEK-Info: DES-EDE3-CBC,9573604A18579E9E |
Jean-Paul Calderone | 5ef8651 | 2008-04-26 19:06:28 -0400 | [diff] [blame] | 289 | |
Jean-Paul Calderone | 20131f5 | 2009-04-01 12:05:45 -0400 | [diff] [blame] | 290 | SHOho56WxDkT0ht10UTeKc0F5u8cqIa01kzFAmETw0MAs8ezYtK15NPdCXUm3X/2 |
| 291 | a17G7LSF5bkxOgZ7vpXyMzun/owrj7CzvLxyncyEFZWvtvzaAhPhvTJtTIB3kf8B |
| 292 | 8+qRcpTGK7NgXEgYBW5bj1y4qZkD4zCL9o9NQzsKI3Ie8i0239jsDOWR38AxjXBH |
| 293 | mGwAQ4Z6ZN5dnmM4fhMIWsmFf19sNyAML4gHenQCHhmXbjXeVq47aC2ProInJbrm |
| 294 | +00TcisbAQ40V9aehVbcDKtS4ZbMVDwncAjpXpcncC54G76N6j7F7wL7L/FuXa3A |
| 295 | fvSVy9n2VfF/pJ3kYSflLHH2G/DFxjF7dl0GxhKPxJjp3IJi9VtuvmN9R2jZWLQF |
| 296 | tfC8dXgy/P9CfFQhlinqBTEwgH0oZ/d4k4NVFDSdEMaSdmBAjlHpc+Vfdty3HVnV |
| 297 | rKXj//wslsFNm9kIwJGIgKUa/n2jsOiydrsk1mgH7SmNCb3YHgZhbbnq0qLat/HC |
| 298 | gHDt3FHpNQ31QzzL3yrenFB2L9osIsnRsDTPFNi4RX4SpDgNroxOQmyzCCV6H+d4 |
| 299 | o1mcnNiZSdxLZxVKccq0AfRpHqpPAFnJcQHP6xyT9MZp6fBa0XkxDnt9kNU8H3Qw |
| 300 | 7SJWZ69VXjBUzMlQViLuaWMgTnL+ZVyFZf9hTF7U/ef4HMLMAVNdiaGG+G+AjCV/ |
| 301 | MbzjS007Oe4qqBnCWaFPSnJX6uLApeTbqAxAeyCql56ULW5x6vDMNC3dwjvS/CEh |
| 302 | 11n8RkgFIQA0AhuKSIg3CbuartRsJnWOLwgLTzsrKYL4yRog1RJrtw== |
| 303 | -----END RSA PRIVATE KEY----- |
Jean-Paul Calderone | add7bf0 | 2010-08-22 17:38:30 -0400 | [diff] [blame] | 304 | """) |
Jean-Paul Calderone | 55ec171 | 2009-05-13 14:14:30 -0400 | [diff] [blame] | 305 | |
Jean-Paul Calderone | add7bf0 | 2010-08-22 17:38:30 -0400 | [diff] [blame] | 306 | encryptedPrivateKeyPEMPassphrase = b("foobar") |
Jean-Paul Calderone | 828c9cb | 2008-04-26 18:06:54 -0400 | [diff] [blame] | 307 | |
Cory Benfield | 6492f7c | 2015-10-27 16:57:58 +0900 | [diff] [blame] | 308 | |
| 309 | cleartextPublicKeyPEM = b("""-----BEGIN PUBLIC KEY----- |
| 310 | MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxszlc+b71LvlLS0ypt/l |
| 311 | gT/JzSVJtnEqw9WUNGeiChywX2mmQLHEt7KP0JikqUFZOtPclNY823Q4pErMTSWC |
| 312 | 90qlUxI47vNJbXGRfmO2q6Zfw6SE+E9iUb74xezbOJLjBuUIkQzEKEFV+8taiRV+ |
| 313 | ceg1v01yCT2+OjhQW3cxG42zxyRFmqesbQAUWgS3uhPrUQqYQUEiTmVhh4FBUKZ5 |
| 314 | XIneGUpX1S7mXRxTLH6YzRoGFqRoc9A0BBNcoXHTWnxV215k4TeHMFYE5RG0KYAS |
| 315 | 8Xk5iKICEXwnZreIt3jyygqoOKsKZMK/Zl2VhMGhJR6HXRpQCyASzEG7bgtROLhL |
| 316 | ywIDAQAB |
| 317 | -----END PUBLIC KEY----- |
| 318 | """) |
| 319 | |
Jean-Paul Calderone | dc138fa | 2009-06-27 14:32:07 -0400 | [diff] [blame] | 320 | # Some PKCS#7 stuff. Generated with the openssl command line: |
| 321 | # |
| 322 | # openssl crl2pkcs7 -inform pem -outform pem -certfile s.pem -nocrl |
| 323 | # |
| 324 | # with a certificate and key (but the key should be irrelevant) in s.pem |
Jean-Paul Calderone | add7bf0 | 2010-08-22 17:38:30 -0400 | [diff] [blame] | 325 | pkcs7Data = b("""\ |
Jean-Paul Calderone | dc138fa | 2009-06-27 14:32:07 -0400 | [diff] [blame] | 326 | -----BEGIN PKCS7----- |
| 327 | MIIDNwYJKoZIhvcNAQcCoIIDKDCCAyQCAQExADALBgkqhkiG9w0BBwGgggMKMIID |
| 328 | BjCCAm+gAwIBAgIBATANBgkqhkiG9w0BAQQFADB7MQswCQYDVQQGEwJTRzERMA8G |
| 329 | A1UEChMITTJDcnlwdG8xFDASBgNVBAsTC00yQ3J5cHRvIENBMSQwIgYDVQQDExtN |
| 330 | MkNyeXB0byBDZXJ0aWZpY2F0ZSBNYXN0ZXIxHTAbBgkqhkiG9w0BCQEWDm5ncHNA |
| 331 | cG9zdDEuY29tMB4XDTAwMDkxMDA5NTEzMFoXDTAyMDkxMDA5NTEzMFowUzELMAkG |
| 332 | A1UEBhMCU0cxETAPBgNVBAoTCE0yQ3J5cHRvMRIwEAYDVQQDEwlsb2NhbGhvc3Qx |
| 333 | HTAbBgkqhkiG9w0BCQEWDm5ncHNAcG9zdDEuY29tMFwwDQYJKoZIhvcNAQEBBQAD |
| 334 | SwAwSAJBAKy+e3dulvXzV7zoTZWc5TzgApr8DmeQHTYC8ydfzH7EECe4R1Xh5kwI |
| 335 | zOuuFfn178FBiS84gngaNcrFi0Z5fAkCAwEAAaOCAQQwggEAMAkGA1UdEwQCMAAw |
| 336 | LAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0G |
| 337 | A1UdDgQWBBTPhIKSvnsmYsBVNWjj0m3M2z0qVTCBpQYDVR0jBIGdMIGagBT7hyNp |
| 338 | 65w6kxXlxb8pUU/+7Sg4AaF/pH0wezELMAkGA1UEBhMCU0cxETAPBgNVBAoTCE0y |
| 339 | Q3J5cHRvMRQwEgYDVQQLEwtNMkNyeXB0byBDQTEkMCIGA1UEAxMbTTJDcnlwdG8g |
| 340 | Q2VydGlmaWNhdGUgTWFzdGVyMR0wGwYJKoZIhvcNAQkBFg5uZ3BzQHBvc3QxLmNv |
| 341 | bYIBADANBgkqhkiG9w0BAQQFAAOBgQA7/CqT6PoHycTdhEStWNZde7M/2Yc6BoJu |
| 342 | VwnW8YxGO8Sn6UJ4FeffZNcYZddSDKosw8LtPOeWoK3JINjAk5jiPQ2cww++7QGG |
| 343 | /g5NDjxFZNDJP1dGiLAxPW6JXwov4v0FmdzfLOZ01jDcgQQZqEpYlgpuI5JEWUQ9 |
| 344 | Ho4EzbYCOaEAMQA= |
| 345 | -----END PKCS7----- |
Jean-Paul Calderone | add7bf0 | 2010-08-22 17:38:30 -0400 | [diff] [blame] | 346 | """) |
Jean-Paul Calderone | dc138fa | 2009-06-27 14:32:07 -0400 | [diff] [blame] | 347 | |
Alex Gaynor | 8fa1dd6 | 2014-08-14 09:57:51 -0700 | [diff] [blame] | 348 | pkcs7DataASN1 = base64.b64decode(b""" |
Alex Gaynor | 4b9c96a | 2014-08-14 09:51:48 -0700 | [diff] [blame] | 349 | MIIDNwYJKoZIhvcNAQcCoIIDKDCCAyQCAQExADALBgkqhkiG9w0BBwGgggMKMIID |
| 350 | BjCCAm+gAwIBAgIBATANBgkqhkiG9w0BAQQFADB7MQswCQYDVQQGEwJTRzERMA8G |
| 351 | A1UEChMITTJDcnlwdG8xFDASBgNVBAsTC00yQ3J5cHRvIENBMSQwIgYDVQQDExtN |
| 352 | MkNyeXB0byBDZXJ0aWZpY2F0ZSBNYXN0ZXIxHTAbBgkqhkiG9w0BCQEWDm5ncHNA |
| 353 | cG9zdDEuY29tMB4XDTAwMDkxMDA5NTEzMFoXDTAyMDkxMDA5NTEzMFowUzELMAkG |
| 354 | A1UEBhMCU0cxETAPBgNVBAoTCE0yQ3J5cHRvMRIwEAYDVQQDEwlsb2NhbGhvc3Qx |
| 355 | HTAbBgkqhkiG9w0BCQEWDm5ncHNAcG9zdDEuY29tMFwwDQYJKoZIhvcNAQEBBQAD |
| 356 | SwAwSAJBAKy+e3dulvXzV7zoTZWc5TzgApr8DmeQHTYC8ydfzH7EECe4R1Xh5kwI |
| 357 | zOuuFfn178FBiS84gngaNcrFi0Z5fAkCAwEAAaOCAQQwggEAMAkGA1UdEwQCMAAw |
| 358 | LAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0G |
| 359 | A1UdDgQWBBTPhIKSvnsmYsBVNWjj0m3M2z0qVTCBpQYDVR0jBIGdMIGagBT7hyNp |
| 360 | 65w6kxXlxb8pUU/+7Sg4AaF/pH0wezELMAkGA1UEBhMCU0cxETAPBgNVBAoTCE0y |
| 361 | Q3J5cHRvMRQwEgYDVQQLEwtNMkNyeXB0byBDQTEkMCIGA1UEAxMbTTJDcnlwdG8g |
| 362 | Q2VydGlmaWNhdGUgTWFzdGVyMR0wGwYJKoZIhvcNAQkBFg5uZ3BzQHBvc3QxLmNv |
| 363 | bYIBADANBgkqhkiG9w0BAQQFAAOBgQA7/CqT6PoHycTdhEStWNZde7M/2Yc6BoJu |
| 364 | VwnW8YxGO8Sn6UJ4FeffZNcYZddSDKosw8LtPOeWoK3JINjAk5jiPQ2cww++7QGG |
| 365 | /g5NDjxFZNDJP1dGiLAxPW6JXwov4v0FmdzfLOZ01jDcgQQZqEpYlgpuI5JEWUQ9 |
| 366 | Ho4EzbYCOaEAMQA= |
Alex Gaynor | 8fa1dd6 | 2014-08-14 09:57:51 -0700 | [diff] [blame] | 367 | """) |
Alex Gaynor | 4b9c96a | 2014-08-14 09:51:48 -0700 | [diff] [blame] | 368 | |
Jean-Paul Calderone | add7bf0 | 2010-08-22 17:38:30 -0400 | [diff] [blame] | 369 | crlData = b("""\ |
Jean-Paul Calderone | 3eb5cc7 | 2010-01-30 15:24:40 -0500 | [diff] [blame] | 370 | -----BEGIN X509 CRL----- |
| 371 | MIIBWzCBxTANBgkqhkiG9w0BAQQFADBYMQswCQYDVQQGEwJVUzELMAkGA1UECBMC |
| 372 | SUwxEDAOBgNVBAcTB0NoaWNhZ28xEDAOBgNVBAoTB1Rlc3RpbmcxGDAWBgNVBAMT |
| 373 | D1Rlc3RpbmcgUm9vdCBDQRcNMDkwNzI2MDQzNDU2WhcNMTIwOTI3MDI0MTUyWjA8 |
| 374 | MBUCAgOrGA8yMDA5MDcyNTIzMzQ1NlowIwICAQAYDzIwMDkwNzI1MjMzNDU2WjAM |
| 375 | MAoGA1UdFQQDCgEEMA0GCSqGSIb3DQEBBAUAA4GBAEBt7xTs2htdD3d4ErrcGAw1 |
| 376 | 4dKcVnIWTutoI7xxen26Wwvh8VCsT7i/UeP+rBl9rC/kfjWjzQk3/zleaarGTpBT |
| 377 | 0yp4HXRFFoRhhSE/hP+eteaPXRgrsNRLHe9ZDd69wmh7J1wMDb0m81RG7kqcbsid |
| 378 | vrzEeLDRiiPl92dyyWmu |
| 379 | -----END X509 CRL----- |
Jean-Paul Calderone | add7bf0 | 2010-08-22 17:38:30 -0400 | [diff] [blame] | 380 | """) |
Jean-Paul Calderone | e890db3 | 2010-08-22 16:55:15 -0400 | [diff] [blame] | 381 | |
Paul Kehrer | 5e3dd4c | 2016-03-11 09:58:28 -0400 | [diff] [blame] | 382 | crlDataUnsupportedExtension = b("""\ |
| 383 | -----BEGIN X509 CRL----- |
| 384 | MIIGRzCCBS8CAQIwDQYJKoZIhvcNAQELBQAwJzELMAkGA1UEBhMCVVMxGDAWBgNV |
| 385 | BAMMD2NyeXB0b2dyYXBoeS5pbxgPMjAxNTAxMDEwMDAwMDBaGA8yMDE2MDEwMTAw |
| 386 | MDAwMFowggTOMBQCAQAYDzIwMTUwMTAxMDAwMDAwWjByAgEBGA8yMDE1MDEwMTAw |
| 387 | MDAwMFowXDAYBgNVHRgEERgPMjAxNTAxMDEwMDAwMDBaMDQGA1UdHQQtMCukKTAn |
| 388 | MQswCQYDVQQGEwJVUzEYMBYGA1UEAwwPY3J5cHRvZ3JhcGh5LmlvMAoGA1UdFQQD |
| 389 | CgEAMHICAQIYDzIwMTUwMTAxMDAwMDAwWjBcMBgGA1UdGAQRGA8yMDE1MDEwMTAw |
| 390 | MDAwMFowNAYDVR0dBC0wK6QpMCcxCzAJBgNVBAYTAlVTMRgwFgYDVQQDDA9jcnlw |
| 391 | dG9ncmFwaHkuaW8wCgYDVR0VBAMKAQEwcgIBAxgPMjAxNTAxMDEwMDAwMDBaMFww |
| 392 | GAYDVR0YBBEYDzIwMTUwMTAxMDAwMDAwWjA0BgNVHR0ELTArpCkwJzELMAkGA1UE |
| 393 | BhMCVVMxGDAWBgNVBAMMD2NyeXB0b2dyYXBoeS5pbzAKBgNVHRUEAwoBAjByAgEE |
| 394 | GA8yMDE1MDEwMTAwMDAwMFowXDAYBgNVHRgEERgPMjAxNTAxMDEwMDAwMDBaMDQG |
| 395 | A1UdHQQtMCukKTAnMQswCQYDVQQGEwJVUzEYMBYGA1UEAwwPY3J5cHRvZ3JhcGh5 |
| 396 | LmlvMAoGA1UdFQQDCgEDMHICAQUYDzIwMTUwMTAxMDAwMDAwWjBcMBgGA1UdGAQR |
| 397 | GA8yMDE1MDEwMTAwMDAwMFowNAYDVR0dBC0wK6QpMCcxCzAJBgNVBAYTAlVTMRgw |
| 398 | FgYDVQQDDA9jcnlwdG9ncmFwaHkuaW8wCgYDVR0VBAMKAQQwcgIBBhgPMjAxNTAx |
| 399 | MDEwMDAwMDBaMFwwGAYDVR0YBBEYDzIwMTUwMTAxMDAwMDAwWjA0BgNVHR0ELTAr |
| 400 | pCkwJzELMAkGA1UEBhMCVVMxGDAWBgNVBAMMD2NyeXB0b2dyYXBoeS5pbzAKBgNV |
| 401 | HRUEAwoBBTByAgEHGA8yMDE1MDEwMTAwMDAwMFowXDAYBgNVHRgEERgPMjAxNTAx |
| 402 | MDEwMDAwMDBaMDQGA1UdHQQtMCukKTAnMQswCQYDVQQGEwJVUzEYMBYGA1UEAwwP |
| 403 | Y3J5cHRvZ3JhcGh5LmlvMAoGA1UdFQQDCgEGMHICAQgYDzIwMTUwMTAxMDAwMDAw |
| 404 | WjBcMBgGA1UdGAQRGA8yMDE1MDEwMTAwMDAwMFowNAYDVR0dBC0wK6QpMCcxCzAJ |
| 405 | BgNVBAYTAlVTMRgwFgYDVQQDDA9jcnlwdG9ncmFwaHkuaW8wCgYDVR0VBAMKAQgw |
| 406 | cgIBCRgPMjAxNTAxMDEwMDAwMDBaMFwwGAYDVR0YBBEYDzIwMTUwMTAxMDAwMDAw |
| 407 | WjA0BgNVHR0ELTArpCkwJzELMAkGA1UEBhMCVVMxGDAWBgNVBAMMD2NyeXB0b2dy |
| 408 | YXBoeS5pbzAKBgNVHRUEAwoBCTByAgEKGA8yMDE1MDEwMTAwMDAwMFowXDAYBgNV |
| 409 | HRgEERgPMjAxNTAxMDEwMDAwMDBaMDQGA1UdHQQtMCukKTAnMQswCQYDVQQGEwJV |
| 410 | UzEYMBYGA1UEAwwPY3J5cHRvZ3JhcGh5LmlvMAoGA1UdFQQDCgEKMC4CAQsYDzIw |
| 411 | MTUwMTAxMDAwMDAwWjAYMAoGA1UdFQQDCgEBMAoGAyoDBAQDCgEAMA0GCSqGSIb3 |
| 412 | DQEBCwUAA4IBAQBTaloHlPaCZzYee8LxkWej5meiqxQVNWFoVdjesroa+f1FRrH+ |
| 413 | drRU60Nq97KCKf7f9GNN/J3ZIlQmYhmuDqh12f+XLpotoj1ZRfBz2hjFCkJlv+2c |
| 414 | oWWGNHgA70ndFoVtcmX088SYpX8E3ARATivS4q2h9WlwV6rO93mhg3HGIe3JpcK4 |
| 415 | 7BcW6Poi/ut/zsDOkVbI00SqaujRpdmdCTht82MH3ztjyDkI9KYaD/YEweKSrWOz |
| 416 | SdEILd164bfBeLuplVI+xpmTEMVNpXBlSXl7+xIw9Vk7p7Q1Pa3k/SvhOldYCm6y |
| 417 | C1xAg/AAq6w78yzYt18j5Mj0s6eeHi1YpHKw |
| 418 | -----END X509 CRL----- |
| 419 | """) |
| 420 | |
Jean-Paul Calderone | 55ec171 | 2009-05-13 14:14:30 -0400 | [diff] [blame] | 421 | |
| 422 | # A broken RSA private key which can be used to test the error path through |
| 423 | # PKey.check. |
| 424 | inconsistentPrivateKeyPEM = b("""-----BEGIN RSA PRIVATE KEY----- |
| 425 | MIIBPAIBAAJBAKy+e3dulvXzV7zoTZWc5TzgApr8DmeQHTYC8ydfzH7EECe4R1Xh |
| 426 | 5kwIzOuuFfn178FBiS84gngaNcrFi0Z5fAkCAwEaAQJBAIqm/bz4NA1H++Vx5Ewx |
| 427 | OcKp3w19QSaZAwlGRtsUxrP7436QjnREM3Bm8ygU11BjkPVmtrKm6AayQfCHqJoT |
| 428 | zIECIQDW0BoMoL0HOYM/mrTLhaykYAVqgIeJsPjvkEhTFXWBuQIhAM3deFAvWNu4 |
| 429 | nklUQ37XsCT2c9tmNt1LAT+slG2JOTTRAiAuXDtC/m3NYVwyHfFm+zKHRzHkClk2 |
| 430 | HjubeEgjpj32AQIhAJqMGTaZVOwevTXvvHwNeH+vRWsAYU/gbx+OQB+7VOcBAiEA |
| 431 | oolb6NMg/R3enNPvS1O4UU1H8wpaF77L4yiSWlE0p4w= |
| 432 | -----END RSA PRIVATE KEY----- |
| 433 | """) |
| 434 | |
Jean-Paul Calderone | ff83cdd | 2013-08-12 18:05:51 -0400 | [diff] [blame] | 435 | # certificate with NULL bytes in subjectAltName and common name |
| 436 | |
Jean-Paul Calderone | 4bf75c6 | 2013-08-23 15:39:53 -0400 | [diff] [blame] | 437 | nulbyteSubjectAltNamePEM = b("""-----BEGIN CERTIFICATE----- |
Jean-Paul Calderone | ff83cdd | 2013-08-12 18:05:51 -0400 | [diff] [blame] | 438 | MIIE2DCCA8CgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBxTELMAkGA1UEBhMCVVMx |
| 439 | DzANBgNVBAgMBk9yZWdvbjESMBAGA1UEBwwJQmVhdmVydG9uMSMwIQYDVQQKDBpQ |
| 440 | eXRob24gU29mdHdhcmUgRm91bmRhdGlvbjEgMB4GA1UECwwXUHl0aG9uIENvcmUg |
| 441 | RGV2ZWxvcG1lbnQxJDAiBgNVBAMMG251bGwucHl0aG9uLm9yZwBleGFtcGxlLm9y |
| 442 | ZzEkMCIGCSqGSIb3DQEJARYVcHl0aG9uLWRldkBweXRob24ub3JnMB4XDTEzMDgw |
| 443 | NzEzMTE1MloXDTEzMDgwNzEzMTI1MlowgcUxCzAJBgNVBAYTAlVTMQ8wDQYDVQQI |
| 444 | DAZPcmVnb24xEjAQBgNVBAcMCUJlYXZlcnRvbjEjMCEGA1UECgwaUHl0aG9uIFNv |
| 445 | ZnR3YXJlIEZvdW5kYXRpb24xIDAeBgNVBAsMF1B5dGhvbiBDb3JlIERldmVsb3Bt |
| 446 | ZW50MSQwIgYDVQQDDBtudWxsLnB5dGhvbi5vcmcAZXhhbXBsZS5vcmcxJDAiBgkq |
| 447 | hkiG9w0BCQEWFXB5dGhvbi1kZXZAcHl0aG9uLm9yZzCCASIwDQYJKoZIhvcNAQEB |
| 448 | BQADggEPADCCAQoCggEBALXq7cn7Rn1vO3aA3TrzA5QLp6bb7B3f/yN0CJ2XFj+j |
| 449 | pHs+Gw6WWSUDpybiiKnPec33BFawq3kyblnBMjBU61ioy5HwQqVkJ8vUVjGIUq3P |
| 450 | vX/wBmQfzCe4o4uM89gpHyUL9UYGG8oCRa17dgqcv7u5rg0Wq2B1rgY+nHwx3JIv |
| 451 | KRrgSwyRkGzpN8WQ1yrXlxWjgI9de0mPVDDUlywcWze1q2kwaEPTM3hLAmD1PESA |
| 452 | oY/n8A/RXoeeRs9i/Pm/DGUS8ZPINXk/yOzsR/XvvkTVroIeLZqfmFpnZeF0cHzL |
| 453 | 08LODkVJJ9zjLdT7SA4vnne4FEbAxDbKAq5qkYzaL4UCAwEAAaOB0DCBzTAMBgNV |
| 454 | HRMBAf8EAjAAMB0GA1UdDgQWBBSIWlXAUv9hzVKjNQ/qWpwkOCL3XDALBgNVHQ8E |
| 455 | BAMCBeAwgZAGA1UdEQSBiDCBhYIeYWx0bnVsbC5weXRob24ub3JnAGV4YW1wbGUu |
| 456 | Y29tgSBudWxsQHB5dGhvbi5vcmcAdXNlckBleGFtcGxlLm9yZ4YpaHR0cDovL251 |
| 457 | bGwucHl0aG9uLm9yZwBodHRwOi8vZXhhbXBsZS5vcmeHBMAAAgGHECABDbgAAAAA |
| 458 | AAAAAAAAAAEwDQYJKoZIhvcNAQEFBQADggEBAKxPRe99SaghcI6IWT7UNkJw9aO9 |
| 459 | i9eo0Fj2MUqxpKbdb9noRDy2CnHWf7EIYZ1gznXPdwzSN4YCjV5d+Q9xtBaowT0j |
| 460 | HPERs1ZuytCNNJTmhyqZ8q6uzMLoht4IqH/FBfpvgaeC5tBTnTT0rD5A/olXeimk |
| 461 | kX4LxlEx5RAvpGB2zZVRGr6LobD9rVK91xuHYNIxxxfEGE8tCCWjp0+3ksri9SXx |
| 462 | VHWBnbM9YaL32u3hxm8sYB/Yb8WSBavJCWJJqRStVRHM1koZlJmXNx2BX4vPo6iW |
| 463 | RFEIPQsFZRLrtnCAiEhyT8bC2s/Njlu6ly9gtJZWSV46Q3ZjBL4q9sHKqZQ= |
| 464 | -----END CERTIFICATE-----""") |
| 465 | |
Colleen Murphy | e09399b | 2016-03-01 17:40:49 -0800 | [diff] [blame] | 466 | large_key_pem = b("""-----BEGIN RSA PRIVATE KEY----- |
| 467 | MIIJYgIBAAKCAg4AtRua8eIeevRfsj+fkcHr1vmse7Kgb+oX1ssJAvCb1R7JQMnH |
| 468 | hNDjDP6b3vEkZuPUzlDHymP+cNkXvvi4wJ4miVbO3+SeU4Sh+jmsHeHzGIXat9xW |
| 469 | 9PFtuPM5FQq8zvkY8aDeRYmYwN9JKu4/neMBCBqostYlTEWg+bSytO/qWnyHTHKh |
| 470 | g0GfaDdqUQPsGQw+J0MgaYIjQOCVASHAPlzbDQLCtuOb587rwTLkZA2GwoHB/LyJ |
| 471 | BwT0HHgBaiObE12Vs6wi2en0Uu11CiwEuK1KIBcZ2XbE6eApaZa6VH9ysEmUxPt7 |
| 472 | TqyZ4E2oMIYaLPNRxuvozdwTlj1svI1k1FrkaXGc5MTjbgigPMKjIb0T7b/4GNzt |
| 473 | DhP1LvAeUMnrEi3hJJrcJPXHPqS8/RiytR9xQQW6Sdh4LaA3f9MQm3WSevWage3G |
| 474 | P8YcCLssOVKsArDjuA52NF5LmYuAeUzXprm4ITDi2oO+0iFBpFW6VPEK4A9vO0Yk |
| 475 | M/6Wt6tG8zyWhaSH1zFUTwfQ9Yvjyt5w1lrUaAJuoTpwbMVZaDJaEhjOaXU0dyPQ |
| 476 | jOsePDOQcU6dkeTWsQ3LsHPEEug/X6819TLG5mb3V7bvV9nPFBfTJSCEG794kr90 |
| 477 | XgZfIN71FrdByxLerlbuJI21pPs/nZi9SXi9jAWeiS45/azUxMsyYgJArui+gjq7 |
| 478 | sV1pWiBm6/orAgMBAAECggINQp5L6Yu+oIXBqcSjgq8tfF9M5hd30pLuf/EheHZf |
| 479 | LA7uAqn2fVGFI2OInIJhXIOT5OxsAXO0xXfltzawZxIFpOFMqajj4F7aYjvSpw9V |
| 480 | J4EdSiJ/zgv8y1qUdbwEZbHVThRZjoSlrtSzilonBoHZAE0mHtqMz7iRFSk1zz6t |
| 481 | GunRrvo/lROPentf3TsvHquVNUYI5yaapyO1S7xJhecMIIYSb8nbsHI54FBDGNas |
| 482 | 6mFmpPwI/47/6HTwOEWupnn3NicsjrHzUInOUpaMig4cRR+aP5bjqg/ty8xI8AoN |
| 483 | evEmCytiWTc+Rvbp1ieN+1jpjN18PjUk80/W7qioHUDt4ieLic8uxWH2VD9SCEnX |
| 484 | Mpi9tA/FqoZ+2A/3m1OfrY6jiZVE2g+asi9lCK7QVWL39eK82H4rPvtp0/dyo1/i |
| 485 | ZZz68TXg+m8IgEZcp88hngbkuoTTzpGE73QuPKhGA1uMIimDdqPPB5WP76q+03Oi |
| 486 | IRR5DfZnqPERed49by0enJ7tKa/gFPZizOV8ALKr0Dp+vfAkxGDLPLBLd2A3//tw |
| 487 | xg0Q/wltihHSBujv4nYlDXdc5oYyMYZ+Lhc/VuOghHfBq3tgEQ1ECM/ofqXEIdy7 |
| 488 | nVcpZn3Eeq8Jl5CrqxE1ee3NxlzsJHn99yGQpr7mOhW/psJF3XNz80Meg3L4m1T8 |
| 489 | sMBK0GbaassuJhdzb5whAoIBBw48sx1b1WR4XxQc5O/HjHva+l16i2pjUnOUTcDF |
| 490 | RWmSbIhBm2QQ2rVhO8+fak0tkl6ZnMWW4i0U/X5LOEBbC7+IS8bO3j3Revi+Vw5x |
| 491 | j96LMlIe9XEub5i/saEWgiz7maCvfzLFU08e1OpT4qPDpP293V400ubA6R7WQTCv |
| 492 | pBkskGwHeu0l/TuKkVqBFFUTu7KEbps8Gjg7MkJaFriAOv1zis/umK8pVS3ZAM6e |
| 493 | 8w5jfpRccn8Xzta2fRwTB5kCmfxdDsY0oYGxPLRAbW72bORoLGuyyPp/ojeGwoik |
| 494 | JX9RttErc6FjyZtks370Pa8UL5QskyhMbDhrZW2jFD+RXYM1BrvmZRjbAoIBBwy4 |
| 495 | iFJpuDfytJfz1MWtaL5DqEL/kmiZYAXl6hifNhGu5GAipVIIGsDqEYW4i+VC15aa |
| 496 | 7kOCwz/I5zsB3vSDW96IRs4wXtqEZSibc2W/bqfVi+xcvPPl1ZhQ2EAwa4D/x035 |
| 497 | kyf20ffWOU+1yf2cnijzqs3IzlveUm+meLw5s3Rc+iG7DPWWeCoe1hVwANI1euNc |
| 498 | pqKwKY905yFyjOje2OgiEU2kS4YME4zGeBys8yo7E42hNnN2EPK6xkkUqzdudLLQ |
| 499 | 8OUlKRTc8AbIf3XG1rpA4VUpTv3hhxGGwCRy6If8zgZQsNYchgNztRGk72Gcb8Dm |
| 500 | vFSEN3ZtwxU64G3YZzntdcr2WPzxAoIBBw30g6Fgdb/gmVnOpL0//T0ePNDKIMPs |
| 501 | jVJLaRduhoZgB1Bb9qPUPX0SzRzLZtg1tkZSDjBDoHmOHJfhxUaXt+FLCPPbrE4t |
| 502 | +nq9n/nBaMM779w9ClqhqLOyGrwKoxjSmhi+TVEHyIxCbXMvPHVHfX9WzxjbcGrN |
| 503 | ZvRaEVZWo+QlIX8yqdSwqxLk1WtAIRzvlcj7NKum8xBxPed6BNFep/PtgIAmoLT5 |
| 504 | L8wb7EWb2iUdc2KbZ4OaY51lDScqpATgXu3WjXfM+Q52G0mX6Wyd0cjlL711Zrjb |
| 505 | yLbiueZT94lgIHHRRKtKc8CEqcjkQV5OzABS3P/gQSfgZXBdLKjOpTnKDUq7IBeH |
| 506 | AoIBBweAOEIAPLQg1QRUrr3xRrYKRwlakgZDii9wJt1l5AgBTICzbTA1vzDJ1JM5 |
| 507 | AqSpCV6w9JWyYVcXK+HLdKBRZLaPPNEQDJ5lOxD6uMziWGl2rg8tj+1xNMWfxiPz |
| 508 | aTCjoe4EoBUMoTq2gwzRcM2usEQNikXVhnj9Wzaivsaeb4bJ3GRPW5DkrO6JSEtT |
| 509 | w+gvyMqQM2Hy5k7E7BT46sXVwaj/jZxuqGnebRixXtnp0WixdRIqYWUr1UqLf6hQ |
| 510 | G7WP2BgoxCMaCmNW8+HMD/xuxucEotoIhZ+GgJKBFoNnjl3BX+qxYdSe9RbL/5Tr |
| 511 | 4It6Jxtj8uETJXEbv9Cg6v1agWPS9YY8RLTBAoIBBwrU2AsAUts6h1LgGLKK3UWZ |
| 512 | oLH5E+4o+7HqSGRcRodVeN9NBXIYdHHOLeEG6YNGJiJ3bFP5ZQEu9iDsyoFVKJ9O |
| 513 | Mw/y6dKZuxOCZ+X8FopSROg3yWfdOpAm6cnQZp3WqLNX4n/Q6WvKojfyEiPphjwT |
| 514 | 0ymrUJELXLWJmjUyPoAk6HgC0Gs28ZnEXbyhx7CSbZNFyCU/PNUDZwto3GisIPD3 |
| 515 | le7YjqHugezmjMGlA0sDw5aCXjfbl74vowRFYMO6e3ItApfSRgNV86CDoX74WI/5 |
| 516 | AYU/QVM4wGt8XGT2KwDFJaxYGKsGDMWmXY04dS+WPuetCbouWUusyFwRb9SzFave |
| 517 | vYeU7Ab/ |
| 518 | -----END RSA PRIVATE KEY-----""") |
| 519 | |
Jean-Paul Calderone | 55ec171 | 2009-05-13 14:14:30 -0400 | [diff] [blame] | 520 | |
Jean-Paul Calderone | 1880865 | 2009-07-05 12:54:05 -0400 | [diff] [blame] | 521 | class X509ExtTests(TestCase): |
Jean-Paul Calderone | f0179c7 | 2009-07-17 15:48:22 -0400 | [diff] [blame] | 522 | """ |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 523 | Tests for :py:class:`OpenSSL.crypto.X509Extension`. |
Jean-Paul Calderone | f0179c7 | 2009-07-17 15:48:22 -0400 | [diff] [blame] | 524 | """ |
| 525 | |
| 526 | def setUp(self): |
| 527 | """ |
| 528 | Create a new private key and start a certificate request (for a test |
| 529 | method to finish in one way or another). |
| 530 | """ |
Jean-Paul Calderone | ef9a3dc | 2013-03-02 16:33:32 -0800 | [diff] [blame] | 531 | super(X509ExtTests, self).setUp() |
Jean-Paul Calderone | f0179c7 | 2009-07-17 15:48:22 -0400 | [diff] [blame] | 532 | # Basic setup stuff to generate a certificate |
| 533 | self.pkey = PKey() |
| 534 | self.pkey.generate_key(TYPE_RSA, 384) |
| 535 | self.req = X509Req() |
| 536 | self.req.set_pubkey(self.pkey) |
| 537 | # Authority good you have. |
| 538 | self.req.get_subject().commonName = "Yoda root CA" |
| 539 | self.x509 = X509() |
| 540 | self.subject = self.x509.get_subject() |
| 541 | self.subject.commonName = self.req.get_subject().commonName |
| 542 | self.x509.set_issuer(self.subject) |
| 543 | self.x509.set_pubkey(self.pkey) |
Alex Gaynor | 85b4970 | 2015-09-05 16:30:59 -0400 | [diff] [blame] | 544 | now = datetime.now() |
| 545 | expire = datetime.now() + timedelta(days=100) |
| 546 | self.x509.set_notBefore(now.strftime("%Y%m%d%H%M%SZ").encode()) |
| 547 | self.x509.set_notAfter(expire.strftime("%Y%m%d%H%M%SZ").encode()) |
Jean-Paul Calderone | f0179c7 | 2009-07-17 15:48:22 -0400 | [diff] [blame] | 548 | |
Jean-Paul Calderone | ef9a3dc | 2013-03-02 16:33:32 -0800 | [diff] [blame] | 549 | def tearDown(self): |
| 550 | """ |
| 551 | Forget all of the pyOpenSSL objects so they can be garbage collected, |
| 552 | their memory released, and not interfere with the leak detection code. |
| 553 | """ |
| 554 | self.pkey = self.req = self.x509 = self.subject = None |
| 555 | super(X509ExtTests, self).tearDown() |
| 556 | |
Jean-Paul Calderone | fe1b9bd | 2010-08-03 18:00:21 -0400 | [diff] [blame] | 557 | def test_str(self): |
| 558 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 559 | The string representation of :py:class:`X509Extension` instances as |
| 560 | returned by :py:data:`str` includes stuff. |
Jean-Paul Calderone | fe1b9bd | 2010-08-03 18:00:21 -0400 | [diff] [blame] | 561 | """ |
| 562 | # This isn't necessarily the best string representation. Perhaps it |
| 563 | # will be changed/improved in the future. |
| 564 | self.assertEquals( |
Jean-Paul Calderone | 40dd099 | 2010-08-22 17:52:07 -0400 | [diff] [blame] | 565 | str(X509Extension(b('basicConstraints'), True, b('CA:false'))), |
Jean-Paul Calderone | fe1b9bd | 2010-08-03 18:00:21 -0400 | [diff] [blame] | 566 | 'CA:FALSE') |
| 567 | |
Jean-Paul Calderone | 6864905 | 2009-07-17 21:14:27 -0400 | [diff] [blame] | 568 | def test_type(self): |
| 569 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 570 | :py:class:`X509Extension` and :py:class:`X509ExtensionType` refer to |
| 571 | the same type object and can be used to create instances of that type. |
Jean-Paul Calderone | 6864905 | 2009-07-17 21:14:27 -0400 | [diff] [blame] | 572 | """ |
| 573 | self.assertIdentical(X509Extension, X509ExtensionType) |
| 574 | self.assertConsistentType( |
Jean-Paul Calderone | 40dd099 | 2010-08-22 17:52:07 -0400 | [diff] [blame] | 575 | X509Extension, |
| 576 | 'X509Extension', b('basicConstraints'), True, b('CA:true')) |
Jean-Paul Calderone | 6864905 | 2009-07-17 21:14:27 -0400 | [diff] [blame] | 577 | |
Jean-Paul Calderone | e7db4b4 | 2008-12-31 13:39:24 -0500 | [diff] [blame] | 578 | def test_construction(self): |
| 579 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 580 | :py:class:`X509Extension` accepts an extension type name, a critical |
| 581 | flag, and an extension value and returns an |
| 582 | :py:class:`X509ExtensionType` instance. |
Jean-Paul Calderone | e7db4b4 | 2008-12-31 13:39:24 -0500 | [diff] [blame] | 583 | """ |
Jean-Paul Calderone | 40dd099 | 2010-08-22 17:52:07 -0400 | [diff] [blame] | 584 | basic = X509Extension(b('basicConstraints'), True, b('CA:true')) |
Jean-Paul Calderone | e7db4b4 | 2008-12-31 13:39:24 -0500 | [diff] [blame] | 585 | self.assertTrue( |
| 586 | isinstance(basic, X509ExtensionType), |
| 587 | "%r is of type %r, should be %r" % ( |
| 588 | basic, type(basic), X509ExtensionType)) |
| 589 | |
Jean-Paul Calderone | 40dd099 | 2010-08-22 17:52:07 -0400 | [diff] [blame] | 590 | comment = X509Extension( |
| 591 | b('nsComment'), False, b('pyOpenSSL unit test')) |
Jean-Paul Calderone | e7db4b4 | 2008-12-31 13:39:24 -0500 | [diff] [blame] | 592 | self.assertTrue( |
| 593 | isinstance(comment, X509ExtensionType), |
| 594 | "%r is of type %r, should be %r" % ( |
| 595 | comment, type(comment), X509ExtensionType)) |
| 596 | |
Jean-Paul Calderone | 391585f | 2008-12-31 14:36:31 -0500 | [diff] [blame] | 597 | def test_invalid_extension(self): |
| 598 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 599 | :py:class:`X509Extension` raises something if it is passed a bad |
| 600 | extension name or value. |
Jean-Paul Calderone | 391585f | 2008-12-31 14:36:31 -0500 | [diff] [blame] | 601 | """ |
| 602 | self.assertRaises( |
Jean-Paul Calderone | 40dd099 | 2010-08-22 17:52:07 -0400 | [diff] [blame] | 603 | Error, X509Extension, b('thisIsMadeUp'), False, b('hi')) |
Jean-Paul Calderone | 391585f | 2008-12-31 14:36:31 -0500 | [diff] [blame] | 604 | self.assertRaises( |
Jean-Paul Calderone | 40dd099 | 2010-08-22 17:52:07 -0400 | [diff] [blame] | 605 | Error, X509Extension, b('basicConstraints'), False, b('blah blah')) |
Jean-Paul Calderone | 391585f | 2008-12-31 14:36:31 -0500 | [diff] [blame] | 606 | |
Jean-Paul Calderone | 2ee1e7c | 2008-12-31 14:58:38 -0500 | [diff] [blame] | 607 | # Exercise a weird one (an extension which uses the r2i method). This |
| 608 | # exercises the codepath that requires a non-NULL ctx to be passed to |
| 609 | # X509V3_EXT_nconf. It can't work now because we provide no |
| 610 | # configuration database. It might be made to work in the future. |
| 611 | self.assertRaises( |
Jean-Paul Calderone | 40dd099 | 2010-08-22 17:52:07 -0400 | [diff] [blame] | 612 | Error, X509Extension, b('proxyCertInfo'), True, |
| 613 | b('language:id-ppl-anyLanguage,pathlen:1,policy:text:AB')) |
Jean-Paul Calderone | 2ee1e7c | 2008-12-31 14:58:38 -0500 | [diff] [blame] | 614 | |
Jean-Paul Calderone | e7db4b4 | 2008-12-31 13:39:24 -0500 | [diff] [blame] | 615 | def test_get_critical(self): |
| 616 | """ |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 617 | :py:meth:`X509ExtensionType.get_critical` returns the value of the |
Jean-Paul Calderone | e7db4b4 | 2008-12-31 13:39:24 -0500 | [diff] [blame] | 618 | extension's critical flag. |
| 619 | """ |
Jean-Paul Calderone | 40dd099 | 2010-08-22 17:52:07 -0400 | [diff] [blame] | 620 | ext = X509Extension(b('basicConstraints'), True, b('CA:true')) |
Jean-Paul Calderone | e7db4b4 | 2008-12-31 13:39:24 -0500 | [diff] [blame] | 621 | self.assertTrue(ext.get_critical()) |
Jean-Paul Calderone | 40dd099 | 2010-08-22 17:52:07 -0400 | [diff] [blame] | 622 | ext = X509Extension(b('basicConstraints'), False, b('CA:true')) |
Jean-Paul Calderone | e7db4b4 | 2008-12-31 13:39:24 -0500 | [diff] [blame] | 623 | self.assertFalse(ext.get_critical()) |
| 624 | |
Jean-Paul Calderone | f8c5fab | 2008-12-31 15:53:48 -0500 | [diff] [blame] | 625 | def test_get_short_name(self): |
| 626 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 627 | :py:meth:`X509ExtensionType.get_short_name` returns a string giving the |
| 628 | short type name of the extension. |
Jean-Paul Calderone | f8c5fab | 2008-12-31 15:53:48 -0500 | [diff] [blame] | 629 | """ |
Jean-Paul Calderone | 40dd099 | 2010-08-22 17:52:07 -0400 | [diff] [blame] | 630 | ext = X509Extension(b('basicConstraints'), True, b('CA:true')) |
| 631 | self.assertEqual(ext.get_short_name(), b('basicConstraints')) |
| 632 | ext = X509Extension(b('nsComment'), True, b('foo bar')) |
| 633 | self.assertEqual(ext.get_short_name(), b('nsComment')) |
Jean-Paul Calderone | f8c5fab | 2008-12-31 15:53:48 -0500 | [diff] [blame] | 634 | |
Jean-Paul Calderone | 5a9e461 | 2011-04-01 18:27:45 -0400 | [diff] [blame] | 635 | def test_get_data(self): |
| 636 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 637 | :py:meth:`X509Extension.get_data` returns a string giving the data of |
| 638 | the extension. |
Jean-Paul Calderone | 5a9e461 | 2011-04-01 18:27:45 -0400 | [diff] [blame] | 639 | """ |
| 640 | ext = X509Extension(b('basicConstraints'), True, b('CA:true')) |
| 641 | # Expect to get back the DER encoded form of CA:true. |
| 642 | self.assertEqual(ext.get_data(), b('0\x03\x01\x01\xff')) |
| 643 | |
Jean-Paul Calderone | 5a9e461 | 2011-04-01 18:27:45 -0400 | [diff] [blame] | 644 | def test_get_data_wrong_args(self): |
| 645 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 646 | :py:meth:`X509Extension.get_data` raises :py:exc:`TypeError` if passed |
| 647 | any arguments. |
Jean-Paul Calderone | 5a9e461 | 2011-04-01 18:27:45 -0400 | [diff] [blame] | 648 | """ |
| 649 | ext = X509Extension(b('basicConstraints'), True, b('CA:true')) |
| 650 | self.assertRaises(TypeError, ext.get_data, None) |
| 651 | self.assertRaises(TypeError, ext.get_data, "foo") |
| 652 | self.assertRaises(TypeError, ext.get_data, 7) |
| 653 | |
Jean-Paul Calderone | f0179c7 | 2009-07-17 15:48:22 -0400 | [diff] [blame] | 654 | def test_unused_subject(self): |
Rick Dean | 47262da | 2009-07-08 16:17:17 -0500 | [diff] [blame] | 655 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 656 | The :py:data:`subject` parameter to :py:class:`X509Extension` may be |
| 657 | provided for an extension which does not use it and is ignored in this |
| 658 | case. |
Rick Dean | 47262da | 2009-07-08 16:17:17 -0500 | [diff] [blame] | 659 | """ |
Jean-Paul Calderone | 40dd099 | 2010-08-22 17:52:07 -0400 | [diff] [blame] | 660 | ext1 = X509Extension( |
| 661 | b('basicConstraints'), False, b('CA:TRUE'), subject=self.x509) |
Jean-Paul Calderone | f0179c7 | 2009-07-17 15:48:22 -0400 | [diff] [blame] | 662 | self.x509.add_extensions([ext1]) |
| 663 | self.x509.sign(self.pkey, 'sha1') |
| 664 | # This is a little lame. Can we think of a better way? |
| 665 | text = dump_certificate(FILETYPE_TEXT, self.x509) |
Jean-Paul Calderone | 40dd099 | 2010-08-22 17:52:07 -0400 | [diff] [blame] | 666 | self.assertTrue(b('X509v3 Basic Constraints:') in text) |
| 667 | self.assertTrue(b('CA:TRUE') in text) |
Jean-Paul Calderone | f0179c7 | 2009-07-17 15:48:22 -0400 | [diff] [blame] | 668 | |
Jean-Paul Calderone | f0179c7 | 2009-07-17 15:48:22 -0400 | [diff] [blame] | 669 | def test_subject(self): |
| 670 | """ |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 671 | If an extension requires a subject, the :py:data:`subject` parameter to |
| 672 | :py:class:`X509Extension` provides its value. |
Jean-Paul Calderone | f0179c7 | 2009-07-17 15:48:22 -0400 | [diff] [blame] | 673 | """ |
Jean-Paul Calderone | 40dd099 | 2010-08-22 17:52:07 -0400 | [diff] [blame] | 674 | ext3 = X509Extension( |
| 675 | b('subjectKeyIdentifier'), False, b('hash'), subject=self.x509) |
Jean-Paul Calderone | f0179c7 | 2009-07-17 15:48:22 -0400 | [diff] [blame] | 676 | self.x509.add_extensions([ext3]) |
| 677 | self.x509.sign(self.pkey, 'sha1') |
| 678 | text = dump_certificate(FILETYPE_TEXT, self.x509) |
Jean-Paul Calderone | 40dd099 | 2010-08-22 17:52:07 -0400 | [diff] [blame] | 679 | self.assertTrue(b('X509v3 Subject Key Identifier:') in text) |
Jean-Paul Calderone | f0179c7 | 2009-07-17 15:48:22 -0400 | [diff] [blame] | 680 | |
Jean-Paul Calderone | f0179c7 | 2009-07-17 15:48:22 -0400 | [diff] [blame] | 681 | def test_missing_subject(self): |
| 682 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 683 | If an extension requires a subject and the :py:data:`subject` parameter |
| 684 | is given no value, something happens. |
Jean-Paul Calderone | f0179c7 | 2009-07-17 15:48:22 -0400 | [diff] [blame] | 685 | """ |
| 686 | self.assertRaises( |
Jean-Paul Calderone | 40dd099 | 2010-08-22 17:52:07 -0400 | [diff] [blame] | 687 | Error, X509Extension, b('subjectKeyIdentifier'), False, b('hash')) |
Jean-Paul Calderone | f0179c7 | 2009-07-17 15:48:22 -0400 | [diff] [blame] | 688 | |
Jean-Paul Calderone | f0179c7 | 2009-07-17 15:48:22 -0400 | [diff] [blame] | 689 | def test_invalid_subject(self): |
| 690 | """ |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 691 | If the :py:data:`subject` parameter is given a value which is not an |
| 692 | :py:class:`X509` instance, :py:exc:`TypeError` is raised. |
Jean-Paul Calderone | f0179c7 | 2009-07-17 15:48:22 -0400 | [diff] [blame] | 693 | """ |
| 694 | for badObj in [True, object(), "hello", [], self]: |
| 695 | self.assertRaises( |
| 696 | TypeError, |
| 697 | X509Extension, |
| 698 | 'basicConstraints', False, 'CA:TRUE', subject=badObj) |
| 699 | |
Jean-Paul Calderone | f0179c7 | 2009-07-17 15:48:22 -0400 | [diff] [blame] | 700 | def test_unused_issuer(self): |
| 701 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 702 | The :py:data:`issuer` parameter to :py:class:`X509Extension` may be |
| 703 | provided for an extension which does not use it and is ignored in this |
| 704 | case. |
Jean-Paul Calderone | f0179c7 | 2009-07-17 15:48:22 -0400 | [diff] [blame] | 705 | """ |
Jean-Paul Calderone | 40dd099 | 2010-08-22 17:52:07 -0400 | [diff] [blame] | 706 | ext1 = X509Extension( |
| 707 | b('basicConstraints'), False, b('CA:TRUE'), issuer=self.x509) |
Jean-Paul Calderone | f0179c7 | 2009-07-17 15:48:22 -0400 | [diff] [blame] | 708 | self.x509.add_extensions([ext1]) |
| 709 | self.x509.sign(self.pkey, 'sha1') |
| 710 | text = dump_certificate(FILETYPE_TEXT, self.x509) |
Jean-Paul Calderone | 40dd099 | 2010-08-22 17:52:07 -0400 | [diff] [blame] | 711 | self.assertTrue(b('X509v3 Basic Constraints:') in text) |
| 712 | self.assertTrue(b('CA:TRUE') in text) |
Jean-Paul Calderone | f0179c7 | 2009-07-17 15:48:22 -0400 | [diff] [blame] | 713 | |
Jean-Paul Calderone | f0179c7 | 2009-07-17 15:48:22 -0400 | [diff] [blame] | 714 | def test_issuer(self): |
| 715 | """ |
Alex Gaynor | 3b0ee97 | 2014-11-15 09:17:33 -0800 | [diff] [blame] | 716 | If an extension requires an issuer, the :py:data:`issuer` parameter to |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 717 | :py:class:`X509Extension` provides its value. |
Jean-Paul Calderone | f0179c7 | 2009-07-17 15:48:22 -0400 | [diff] [blame] | 718 | """ |
| 719 | ext2 = X509Extension( |
Jean-Paul Calderone | 40dd099 | 2010-08-22 17:52:07 -0400 | [diff] [blame] | 720 | b('authorityKeyIdentifier'), False, b('issuer:always'), |
Jean-Paul Calderone | f0179c7 | 2009-07-17 15:48:22 -0400 | [diff] [blame] | 721 | issuer=self.x509) |
| 722 | self.x509.add_extensions([ext2]) |
| 723 | self.x509.sign(self.pkey, 'sha1') |
| 724 | text = dump_certificate(FILETYPE_TEXT, self.x509) |
Jean-Paul Calderone | 40dd099 | 2010-08-22 17:52:07 -0400 | [diff] [blame] | 725 | self.assertTrue(b('X509v3 Authority Key Identifier:') in text) |
| 726 | self.assertTrue(b('DirName:/CN=Yoda root CA') in text) |
Jean-Paul Calderone | f0179c7 | 2009-07-17 15:48:22 -0400 | [diff] [blame] | 727 | |
Jean-Paul Calderone | f0179c7 | 2009-07-17 15:48:22 -0400 | [diff] [blame] | 728 | def test_missing_issuer(self): |
| 729 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 730 | If an extension requires an issue and the :py:data:`issuer` parameter |
| 731 | is given no value, something happens. |
Jean-Paul Calderone | f0179c7 | 2009-07-17 15:48:22 -0400 | [diff] [blame] | 732 | """ |
| 733 | self.assertRaises( |
| 734 | Error, |
| 735 | X509Extension, |
Jean-Paul Calderone | 40dd099 | 2010-08-22 17:52:07 -0400 | [diff] [blame] | 736 | b('authorityKeyIdentifier'), False, |
| 737 | b('keyid:always,issuer:always')) |
Jean-Paul Calderone | f0179c7 | 2009-07-17 15:48:22 -0400 | [diff] [blame] | 738 | |
Jean-Paul Calderone | f0179c7 | 2009-07-17 15:48:22 -0400 | [diff] [blame] | 739 | def test_invalid_issuer(self): |
| 740 | """ |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 741 | If the :py:data:`issuer` parameter is given a value which is not an |
| 742 | :py:class:`X509` instance, :py:exc:`TypeError` is raised. |
Jean-Paul Calderone | f0179c7 | 2009-07-17 15:48:22 -0400 | [diff] [blame] | 743 | """ |
| 744 | for badObj in [True, object(), "hello", [], self]: |
| 745 | self.assertRaises( |
| 746 | TypeError, |
| 747 | X509Extension, |
| 748 | 'authorityKeyIdentifier', False, 'keyid:always,issuer:always', |
| 749 | issuer=badObj) |
Rick Dean | 47262da | 2009-07-08 16:17:17 -0500 | [diff] [blame] | 750 | |
| 751 | |
Jean-Paul Calderone | 1880865 | 2009-07-05 12:54:05 -0400 | [diff] [blame] | 752 | class PKeyTests(TestCase): |
Jean-Paul Calderone | ac930e1 | 2008-03-06 18:50:51 -0500 | [diff] [blame] | 753 | """ |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 754 | Unit tests for :py:class:`OpenSSL.crypto.PKey`. |
Jean-Paul Calderone | ac930e1 | 2008-03-06 18:50:51 -0500 | [diff] [blame] | 755 | """ |
Alex Gaynor | aceb3e2 | 2015-09-05 12:00:22 -0400 | [diff] [blame] | 756 | |
Jean-Paul Calderone | 6864905 | 2009-07-17 21:14:27 -0400 | [diff] [blame] | 757 | def test_type(self): |
| 758 | """ |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 759 | :py:class:`PKey` and :py:class:`PKeyType` refer to the same type object |
| 760 | and can be used to create instances of that type. |
Jean-Paul Calderone | 6864905 | 2009-07-17 21:14:27 -0400 | [diff] [blame] | 761 | """ |
| 762 | self.assertIdentical(PKey, PKeyType) |
| 763 | self.assertConsistentType(PKey, 'PKey') |
| 764 | |
Jean-Paul Calderone | d8782ad | 2008-03-04 23:39:59 -0500 | [diff] [blame] | 765 | def test_construction(self): |
| 766 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 767 | :py:class:`PKey` takes no arguments and returns a new :py:class:`PKey` |
| 768 | instance. |
Jean-Paul Calderone | d8782ad | 2008-03-04 23:39:59 -0500 | [diff] [blame] | 769 | """ |
| 770 | self.assertRaises(TypeError, PKey, None) |
| 771 | key = PKey() |
| 772 | self.assertTrue( |
| 773 | isinstance(key, PKeyType), |
| 774 | "%r is of type %r, should be %r" % (key, type(key), PKeyType)) |
| 775 | |
Jean-Paul Calderone | d8782ad | 2008-03-04 23:39:59 -0500 | [diff] [blame] | 776 | def test_pregeneration(self): |
| 777 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 778 | :py:attr:`PKeyType.bits` and :py:attr:`PKeyType.type` return |
| 779 | :py:data:`0` before the key is generated. :py:attr:`PKeyType.check` |
| 780 | raises :py:exc:`TypeError` before the key is generated. |
Jean-Paul Calderone | d8782ad | 2008-03-04 23:39:59 -0500 | [diff] [blame] | 781 | """ |
| 782 | key = PKey() |
| 783 | self.assertEqual(key.type(), 0) |
| 784 | self.assertEqual(key.bits(), 0) |
Jean-Paul Calderone | 55ec171 | 2009-05-13 14:14:30 -0400 | [diff] [blame] | 785 | self.assertRaises(TypeError, key.check) |
Jean-Paul Calderone | d8782ad | 2008-03-04 23:39:59 -0500 | [diff] [blame] | 786 | |
Jean-Paul Calderone | d8782ad | 2008-03-04 23:39:59 -0500 | [diff] [blame] | 787 | def test_failedGeneration(self): |
| 788 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 789 | :py:meth:`PKeyType.generate_key` takes two arguments, the first giving |
| 790 | the key type as one of :py:data:`TYPE_RSA` or :py:data:`TYPE_DSA` and |
| 791 | the second giving the number of bits to generate. If an invalid type |
| 792 | is specified or generation fails, :py:exc:`Error` is raised. If an |
| 793 | invalid number of bits is specified, :py:exc:`ValueError` or |
| 794 | :py:exc:`Error` is raised. |
Jean-Paul Calderone | d8782ad | 2008-03-04 23:39:59 -0500 | [diff] [blame] | 795 | """ |
| 796 | key = PKey() |
| 797 | self.assertRaises(TypeError, key.generate_key) |
| 798 | self.assertRaises(TypeError, key.generate_key, 1, 2, 3) |
| 799 | self.assertRaises(TypeError, key.generate_key, "foo", "bar") |
| 800 | self.assertRaises(Error, key.generate_key, -1, 0) |
Jean-Paul Calderone | ab82db7 | 2008-03-06 00:09:31 -0500 | [diff] [blame] | 801 | |
Jean-Paul Calderone | ab82db7 | 2008-03-06 00:09:31 -0500 | [diff] [blame] | 802 | self.assertRaises(ValueError, key.generate_key, TYPE_RSA, -1) |
| 803 | self.assertRaises(ValueError, key.generate_key, TYPE_RSA, 0) |
Jean-Paul Calderone | d71fe98 | 2008-03-06 00:31:50 -0500 | [diff] [blame] | 804 | |
Alex Gaynor | 5bb2bd1 | 2016-07-03 10:48:32 -0400 | [diff] [blame^] | 805 | with pytest.raises(TypeError): |
| 806 | key.generate_key(TYPE_RSA, object()) |
| 807 | |
Jean-Paul Calderone | d71fe98 | 2008-03-06 00:31:50 -0500 | [diff] [blame] | 808 | # XXX RSA generation for small values of bits is fairly buggy in a wide |
| 809 | # range of OpenSSL versions. I need to figure out what the safe lower |
| 810 | # bound for a reasonable number of OpenSSL versions is and explicitly |
| 811 | # check for that in the wrapper. The failure behavior is typically an |
| 812 | # infinite loop inside OpenSSL. |
| 813 | |
| 814 | # self.assertRaises(Error, key.generate_key, TYPE_RSA, 2) |
Jean-Paul Calderone | d8782ad | 2008-03-04 23:39:59 -0500 | [diff] [blame] | 815 | |
| 816 | # XXX DSA generation seems happy with any number of bits. The DSS |
| 817 | # says bits must be between 512 and 1024 inclusive. OpenSSL's DSA |
| 818 | # generator doesn't seem to care about the upper limit at all. For |
Jean-Paul Calderone | eff3cd9 | 2008-03-05 22:35:26 -0500 | [diff] [blame] | 819 | # the lower limit, it uses 512 if anything smaller is specified. |
Jean-Paul Calderone | d8782ad | 2008-03-04 23:39:59 -0500 | [diff] [blame] | 820 | # So, it doesn't seem possible to make generate_key fail for |
| 821 | # TYPE_DSA with a bits argument which is at least an int. |
| 822 | |
| 823 | # self.assertRaises(Error, key.generate_key, TYPE_DSA, -7) |
| 824 | |
Jean-Paul Calderone | d8782ad | 2008-03-04 23:39:59 -0500 | [diff] [blame] | 825 | def test_rsaGeneration(self): |
| 826 | """ |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 827 | :py:meth:`PKeyType.generate_key` generates an RSA key when passed |
| 828 | :py:data:`TYPE_RSA` as a type and a reasonable number of bits. |
Jean-Paul Calderone | d8782ad | 2008-03-04 23:39:59 -0500 | [diff] [blame] | 829 | """ |
| 830 | bits = 128 |
| 831 | key = PKey() |
| 832 | key.generate_key(TYPE_RSA, bits) |
| 833 | self.assertEqual(key.type(), TYPE_RSA) |
| 834 | self.assertEqual(key.bits(), bits) |
Jean-Paul Calderone | 8e6ce97 | 2009-05-13 12:32:49 -0400 | [diff] [blame] | 835 | self.assertTrue(key.check()) |
Jean-Paul Calderone | d8782ad | 2008-03-04 23:39:59 -0500 | [diff] [blame] | 836 | |
Jean-Paul Calderone | d8782ad | 2008-03-04 23:39:59 -0500 | [diff] [blame] | 837 | def test_dsaGeneration(self): |
| 838 | """ |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 839 | :py:meth:`PKeyType.generate_key` generates a DSA key when passed |
| 840 | :py:data:`TYPE_DSA` as a type and a reasonable number of bits. |
Jean-Paul Calderone | d8782ad | 2008-03-04 23:39:59 -0500 | [diff] [blame] | 841 | """ |
| 842 | # 512 is a magic number. The DSS (Digital Signature Standard) |
| 843 | # allows a minimum of 512 bits for DSA. DSA_generate_parameters |
| 844 | # will silently promote any value below 512 to 512. |
| 845 | bits = 512 |
| 846 | key = PKey() |
| 847 | key.generate_key(TYPE_DSA, bits) |
Jean-Paul Calderone | f6745b3 | 2013-03-01 15:08:46 -0800 | [diff] [blame] | 848 | # self.assertEqual(key.type(), TYPE_DSA) |
| 849 | # self.assertEqual(key.bits(), bits) |
| 850 | # self.assertRaises(TypeError, key.check) |
Jean-Paul Calderone | d8782ad | 2008-03-04 23:39:59 -0500 | [diff] [blame] | 851 | |
Jean-Paul Calderone | d8782ad | 2008-03-04 23:39:59 -0500 | [diff] [blame] | 852 | def test_regeneration(self): |
| 853 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 854 | :py:meth:`PKeyType.generate_key` can be called multiple times on the |
| 855 | same key to generate new keys. |
Jean-Paul Calderone | d8782ad | 2008-03-04 23:39:59 -0500 | [diff] [blame] | 856 | """ |
| 857 | key = PKey() |
| 858 | for type, bits in [(TYPE_RSA, 512), (TYPE_DSA, 576)]: |
Alex Gaynor | 7f63649 | 2015-09-04 13:26:52 -0400 | [diff] [blame] | 859 | key.generate_key(type, bits) |
| 860 | self.assertEqual(key.type(), type) |
| 861 | self.assertEqual(key.bits(), bits) |
Jean-Paul Calderone | eff3cd9 | 2008-03-05 22:35:26 -0500 | [diff] [blame] | 862 | |
Jean-Paul Calderone | 55ec171 | 2009-05-13 14:14:30 -0400 | [diff] [blame] | 863 | def test_inconsistentKey(self): |
| 864 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 865 | :py:`PKeyType.check` returns :py:exc:`Error` if the key is not |
| 866 | consistent. |
Jean-Paul Calderone | 55ec171 | 2009-05-13 14:14:30 -0400 | [diff] [blame] | 867 | """ |
| 868 | key = load_privatekey(FILETYPE_PEM, inconsistentPrivateKeyPEM) |
Jean-Paul Calderone | d338e4e | 2009-05-13 15:45:07 -0400 | [diff] [blame] | 869 | self.assertRaises(Error, key.check) |
Jean-Paul Calderone | 55ec171 | 2009-05-13 14:14:30 -0400 | [diff] [blame] | 870 | |
Jean-Paul Calderone | e81020e | 2011-06-12 21:48:57 -0400 | [diff] [blame] | 871 | def test_check_wrong_args(self): |
| 872 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 873 | :py:meth:`PKeyType.check` raises :py:exc:`TypeError` if called with any |
| 874 | arguments. |
Jean-Paul Calderone | e81020e | 2011-06-12 21:48:57 -0400 | [diff] [blame] | 875 | """ |
| 876 | self.assertRaises(TypeError, PKey().check, None) |
| 877 | self.assertRaises(TypeError, PKey().check, object()) |
| 878 | self.assertRaises(TypeError, PKey().check, 1) |
| 879 | |
Jean-Paul Calderone | 02d0197 | 2011-10-31 10:39:29 -0400 | [diff] [blame] | 880 | def test_check_public_key(self): |
| 881 | """ |
| 882 | :py:meth:`PKeyType.check` raises :py:exc:`TypeError` if only the public |
| 883 | part of the key is available. |
| 884 | """ |
| 885 | # A trick to get a public-only key |
| 886 | key = PKey() |
| 887 | key.generate_key(TYPE_RSA, 512) |
| 888 | cert = X509() |
| 889 | cert.set_pubkey(key) |
| 890 | pub = cert.get_pubkey() |
| 891 | self.assertRaises(TypeError, pub.check) |
| 892 | |
| 893 | |
Jean-Paul Calderone | 1880865 | 2009-07-05 12:54:05 -0400 | [diff] [blame] | 894 | class X509NameTests(TestCase): |
Jean-Paul Calderone | eff3cd9 | 2008-03-05 22:35:26 -0500 | [diff] [blame] | 895 | """ |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 896 | Unit tests for :py:class:`OpenSSL.crypto.X509Name`. |
Jean-Paul Calderone | eff3cd9 | 2008-03-05 22:35:26 -0500 | [diff] [blame] | 897 | """ |
Alex Gaynor | aceb3e2 | 2015-09-05 12:00:22 -0400 | [diff] [blame] | 898 | |
Jean-Paul Calderone | e098dc7 | 2008-03-06 18:36:19 -0500 | [diff] [blame] | 899 | def _x509name(self, **attrs): |
| 900 | # XXX There's no other way to get a new X509Name yet. |
| 901 | name = X509().get_subject() |
Jean-Paul Calderone | 40dd099 | 2010-08-22 17:52:07 -0400 | [diff] [blame] | 902 | attrs = list(attrs.items()) |
Alex Gaynor | 85b4970 | 2015-09-05 16:30:59 -0400 | [diff] [blame] | 903 | |
Jean-Paul Calderone | e098dc7 | 2008-03-06 18:36:19 -0500 | [diff] [blame] | 904 | # Make the order stable - order matters! |
Jean-Paul Calderone | 40dd099 | 2010-08-22 17:52:07 -0400 | [diff] [blame] | 905 | def key(attr): |
| 906 | return attr[1] |
| 907 | attrs.sort(key=key) |
Jean-Paul Calderone | e098dc7 | 2008-03-06 18:36:19 -0500 | [diff] [blame] | 908 | for k, v in attrs: |
| 909 | setattr(name, k, v) |
| 910 | return name |
| 911 | |
Rick Dean | e15b147 | 2009-07-09 15:53:42 -0500 | [diff] [blame] | 912 | def test_type(self): |
| 913 | """ |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 914 | The type of X509Name objects is :py:class:`X509NameType`. |
Rick Dean | e15b147 | 2009-07-09 15:53:42 -0500 | [diff] [blame] | 915 | """ |
Jean-Paul Calderone | 6864905 | 2009-07-17 21:14:27 -0400 | [diff] [blame] | 916 | self.assertIdentical(X509Name, X509NameType) |
| 917 | self.assertEqual(X509NameType.__name__, 'X509Name') |
| 918 | self.assertTrue(isinstance(X509NameType, type)) |
| 919 | |
Rick Dean | e15b147 | 2009-07-09 15:53:42 -0500 | [diff] [blame] | 920 | name = self._x509name() |
| 921 | self.assertTrue( |
| 922 | isinstance(name, X509NameType), |
| 923 | "%r is of type %r, should be %r" % ( |
| 924 | name, type(name), X509NameType)) |
Rick Dean | e15b147 | 2009-07-09 15:53:42 -0500 | [diff] [blame] | 925 | |
Jean-Paul Calderone | 9ce9afb | 2011-04-22 18:16:22 -0400 | [diff] [blame] | 926 | def test_onlyStringAttributes(self): |
| 927 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 928 | Attempting to set a non-:py:data:`str` attribute name on an |
| 929 | :py:class:`X509NameType` instance causes :py:exc:`TypeError` to be |
| 930 | raised. |
Jean-Paul Calderone | 9ce9afb | 2011-04-22 18:16:22 -0400 | [diff] [blame] | 931 | """ |
| 932 | name = self._x509name() |
| 933 | # Beyond these cases, you may also think that unicode should be |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 934 | # rejected. Sorry, you're wrong. unicode is automatically converted |
| 935 | # to str outside of the control of X509Name, so there's no way to |
| 936 | # reject it. |
Jean-Paul Calderone | ff363be | 2013-03-03 10:21:23 -0800 | [diff] [blame] | 937 | |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 938 | # Also, this used to test str subclasses, but that test is less |
| 939 | # relevant now that the implementation is in Python instead of C. Also |
| 940 | # PyPy automatically converts str subclasses to str when they are |
| 941 | # passed to setattr, so we can't test it on PyPy. Apparently CPython |
| 942 | # does this sometimes as well. |
Jean-Paul Calderone | 9ce9afb | 2011-04-22 18:16:22 -0400 | [diff] [blame] | 943 | self.assertRaises(TypeError, setattr, name, None, "hello") |
| 944 | self.assertRaises(TypeError, setattr, name, 30, "hello") |
Jean-Paul Calderone | 9ce9afb | 2011-04-22 18:16:22 -0400 | [diff] [blame] | 945 | |
| 946 | def test_setInvalidAttribute(self): |
| 947 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 948 | Attempting to set any attribute name on an :py:class:`X509NameType` |
| 949 | instance for which no corresponding NID is defined causes |
| 950 | :py:exc:`AttributeError` to be raised. |
Jean-Paul Calderone | 9ce9afb | 2011-04-22 18:16:22 -0400 | [diff] [blame] | 951 | """ |
| 952 | name = self._x509name() |
| 953 | self.assertRaises(AttributeError, setattr, name, "no such thing", None) |
| 954 | |
Jean-Paul Calderone | eff3cd9 | 2008-03-05 22:35:26 -0500 | [diff] [blame] | 955 | def test_attributes(self): |
| 956 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 957 | :py:class:`X509NameType` instances have attributes for each standard |
| 958 | (?) X509Name field. |
Jean-Paul Calderone | eff3cd9 | 2008-03-05 22:35:26 -0500 | [diff] [blame] | 959 | """ |
Jean-Paul Calderone | e098dc7 | 2008-03-06 18:36:19 -0500 | [diff] [blame] | 960 | name = self._x509name() |
Jean-Paul Calderone | eff3cd9 | 2008-03-05 22:35:26 -0500 | [diff] [blame] | 961 | name.commonName = "foo" |
| 962 | self.assertEqual(name.commonName, "foo") |
| 963 | self.assertEqual(name.CN, "foo") |
| 964 | name.CN = "baz" |
| 965 | self.assertEqual(name.commonName, "baz") |
| 966 | self.assertEqual(name.CN, "baz") |
| 967 | name.commonName = "bar" |
| 968 | self.assertEqual(name.commonName, "bar") |
| 969 | self.assertEqual(name.CN, "bar") |
| 970 | name.CN = "quux" |
| 971 | self.assertEqual(name.commonName, "quux") |
| 972 | self.assertEqual(name.CN, "quux") |
| 973 | |
Jean-Paul Calderone | eff3cd9 | 2008-03-05 22:35:26 -0500 | [diff] [blame] | 974 | def test_copy(self): |
| 975 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 976 | :py:class:`X509Name` creates a new :py:class:`X509NameType` instance |
| 977 | with all the same attributes as an existing :py:class:`X509NameType` |
| 978 | instance when called with one. |
Jean-Paul Calderone | eff3cd9 | 2008-03-05 22:35:26 -0500 | [diff] [blame] | 979 | """ |
Jean-Paul Calderone | e098dc7 | 2008-03-06 18:36:19 -0500 | [diff] [blame] | 980 | name = self._x509name(commonName="foo", emailAddress="bar@example.com") |
Jean-Paul Calderone | eff3cd9 | 2008-03-05 22:35:26 -0500 | [diff] [blame] | 981 | |
| 982 | copy = X509Name(name) |
| 983 | self.assertEqual(copy.commonName, "foo") |
| 984 | self.assertEqual(copy.emailAddress, "bar@example.com") |
Jean-Paul Calderone | e098dc7 | 2008-03-06 18:36:19 -0500 | [diff] [blame] | 985 | |
| 986 | # Mutate the copy and ensure the original is unmodified. |
Jean-Paul Calderone | eff3cd9 | 2008-03-05 22:35:26 -0500 | [diff] [blame] | 987 | copy.commonName = "baz" |
| 988 | self.assertEqual(name.commonName, "foo") |
Jean-Paul Calderone | e098dc7 | 2008-03-06 18:36:19 -0500 | [diff] [blame] | 989 | |
| 990 | # Mutate the original and ensure the copy is unmodified. |
Jean-Paul Calderone | eff3cd9 | 2008-03-05 22:35:26 -0500 | [diff] [blame] | 991 | name.emailAddress = "quux@example.com" |
| 992 | self.assertEqual(copy.emailAddress, "bar@example.com") |
| 993 | |
Jean-Paul Calderone | e098dc7 | 2008-03-06 18:36:19 -0500 | [diff] [blame] | 994 | def test_repr(self): |
| 995 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 996 | :py:func:`repr` passed an :py:class:`X509NameType` instance should |
| 997 | return a string containing a description of the type and the NIDs which |
| 998 | have been set on it. |
Jean-Paul Calderone | e098dc7 | 2008-03-06 18:36:19 -0500 | [diff] [blame] | 999 | """ |
| 1000 | name = self._x509name(commonName="foo", emailAddress="bar") |
| 1001 | self.assertEqual( |
| 1002 | repr(name), |
| 1003 | "<X509Name object '/emailAddress=bar/CN=foo'>") |
| 1004 | |
Jean-Paul Calderone | e098dc7 | 2008-03-06 18:36:19 -0500 | [diff] [blame] | 1005 | def test_comparison(self): |
| 1006 | """ |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 1007 | :py:class:`X509NameType` instances should compare based on their NIDs. |
Jean-Paul Calderone | e098dc7 | 2008-03-06 18:36:19 -0500 | [diff] [blame] | 1008 | """ |
| 1009 | def _equality(a, b, assertTrue, assertFalse): |
| 1010 | assertTrue(a == b, "(%r == %r) --> False" % (a, b)) |
| 1011 | assertFalse(a != b) |
| 1012 | assertTrue(b == a) |
| 1013 | assertFalse(b != a) |
| 1014 | |
| 1015 | def assertEqual(a, b): |
| 1016 | _equality(a, b, self.assertTrue, self.assertFalse) |
| 1017 | |
| 1018 | # Instances compare equal to themselves. |
| 1019 | name = self._x509name() |
| 1020 | assertEqual(name, name) |
| 1021 | |
| 1022 | # Empty instances should compare equal to each other. |
| 1023 | assertEqual(self._x509name(), self._x509name()) |
| 1024 | |
| 1025 | # Instances with equal NIDs should compare equal to each other. |
| 1026 | assertEqual(self._x509name(commonName="foo"), |
| 1027 | self._x509name(commonName="foo")) |
| 1028 | |
| 1029 | # Instance with equal NIDs set using different aliases should compare |
| 1030 | # equal to each other. |
| 1031 | assertEqual(self._x509name(commonName="foo"), |
| 1032 | self._x509name(CN="foo")) |
| 1033 | |
| 1034 | # Instances with more than one NID with the same values should compare |
| 1035 | # equal to each other. |
| 1036 | assertEqual(self._x509name(CN="foo", organizationalUnitName="bar"), |
| 1037 | self._x509name(commonName="foo", OU="bar")) |
| 1038 | |
| 1039 | def assertNotEqual(a, b): |
| 1040 | _equality(a, b, self.assertFalse, self.assertTrue) |
| 1041 | |
| 1042 | # Instances with different values for the same NID should not compare |
| 1043 | # equal to each other. |
| 1044 | assertNotEqual(self._x509name(CN="foo"), |
| 1045 | self._x509name(CN="bar")) |
| 1046 | |
| 1047 | # Instances with different NIDs should not compare equal to each other. |
| 1048 | assertNotEqual(self._x509name(CN="foo"), |
| 1049 | self._x509name(OU="foo")) |
| 1050 | |
| 1051 | def _inequality(a, b, assertTrue, assertFalse): |
| 1052 | assertTrue(a < b) |
| 1053 | assertTrue(a <= b) |
| 1054 | assertTrue(b > a) |
| 1055 | assertTrue(b >= a) |
| 1056 | assertFalse(a > b) |
| 1057 | assertFalse(a >= b) |
| 1058 | assertFalse(b < a) |
| 1059 | assertFalse(b <= a) |
| 1060 | |
| 1061 | def assertLessThan(a, b): |
| 1062 | _inequality(a, b, self.assertTrue, self.assertFalse) |
| 1063 | |
| 1064 | # An X509Name with a NID with a value which sorts less than the value |
| 1065 | # of the same NID on another X509Name compares less than the other |
| 1066 | # X509Name. |
| 1067 | assertLessThan(self._x509name(CN="abc"), |
| 1068 | self._x509name(CN="def")) |
| 1069 | |
| 1070 | def assertGreaterThan(a, b): |
| 1071 | _inequality(a, b, self.assertFalse, self.assertTrue) |
| 1072 | |
| 1073 | # An X509Name with a NID with a value which sorts greater than the |
| 1074 | # value of the same NID on another X509Name compares greater than the |
| 1075 | # other X509Name. |
| 1076 | assertGreaterThan(self._x509name(CN="def"), |
| 1077 | self._x509name(CN="abc")) |
Jean-Paul Calderone | 2aa2b33 | 2008-03-06 21:43:14 -0500 | [diff] [blame] | 1078 | |
Jean-Paul Calderone | 110cd09 | 2008-03-24 17:27:42 -0400 | [diff] [blame] | 1079 | def test_hash(self): |
| 1080 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 1081 | :py:meth:`X509Name.hash` returns an integer hash based on the value of |
| 1082 | the name. |
Jean-Paul Calderone | 110cd09 | 2008-03-24 17:27:42 -0400 | [diff] [blame] | 1083 | """ |
| 1084 | a = self._x509name(CN="foo") |
| 1085 | b = self._x509name(CN="foo") |
| 1086 | self.assertEqual(a.hash(), b.hash()) |
| 1087 | a.CN = "bar" |
| 1088 | self.assertNotEqual(a.hash(), b.hash()) |
| 1089 | |
Jean-Paul Calderone | e957a00 | 2008-03-25 15:16:51 -0400 | [diff] [blame] | 1090 | def test_der(self): |
| 1091 | """ |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 1092 | :py:meth:`X509Name.der` returns the DER encoded form of the name. |
Jean-Paul Calderone | e957a00 | 2008-03-25 15:16:51 -0400 | [diff] [blame] | 1093 | """ |
| 1094 | a = self._x509name(CN="foo", C="US") |
| 1095 | self.assertEqual( |
| 1096 | a.der(), |
Jean-Paul Calderone | 2ac721b | 2010-08-22 19:20:00 -0400 | [diff] [blame] | 1097 | b('0\x1b1\x0b0\t\x06\x03U\x04\x06\x13\x02US' |
D.S. Ljungmark | 5533e25 | 2014-05-31 13:18:41 +0200 | [diff] [blame] | 1098 | '1\x0c0\n\x06\x03U\x04\x03\x0c\x03foo')) |
Jean-Paul Calderone | e957a00 | 2008-03-25 15:16:51 -0400 | [diff] [blame] | 1099 | |
Jean-Paul Calderone | c54cc18 | 2008-03-26 21:11:07 -0400 | [diff] [blame] | 1100 | def test_get_components(self): |
| 1101 | """ |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 1102 | :py:meth:`X509Name.get_components` returns a :py:data:`list` of |
| 1103 | two-tuples of :py:data:`str` |
Jean-Paul Calderone | c54cc18 | 2008-03-26 21:11:07 -0400 | [diff] [blame] | 1104 | giving the NIDs and associated values which make up the name. |
| 1105 | """ |
| 1106 | a = self._x509name() |
| 1107 | self.assertEqual(a.get_components(), []) |
| 1108 | a.CN = "foo" |
Jean-Paul Calderone | 2ac721b | 2010-08-22 19:20:00 -0400 | [diff] [blame] | 1109 | self.assertEqual(a.get_components(), [(b("CN"), b("foo"))]) |
Jean-Paul Calderone | c54cc18 | 2008-03-26 21:11:07 -0400 | [diff] [blame] | 1110 | a.organizationalUnitName = "bar" |
| 1111 | self.assertEqual( |
| 1112 | a.get_components(), |
Jean-Paul Calderone | 2ac721b | 2010-08-22 19:20:00 -0400 | [diff] [blame] | 1113 | [(b("CN"), b("foo")), (b("OU"), b("bar"))]) |
Jean-Paul Calderone | c54cc18 | 2008-03-26 21:11:07 -0400 | [diff] [blame] | 1114 | |
Jean-Paul Calderone | 4bf75c6 | 2013-08-23 15:39:53 -0400 | [diff] [blame] | 1115 | def test_load_nul_byte_attribute(self): |
| 1116 | """ |
Jean-Paul Calderone | 9af07b0 | 2013-08-23 16:07:31 -0400 | [diff] [blame] | 1117 | An :py:class:`OpenSSL.crypto.X509Name` from an |
| 1118 | :py:class:`OpenSSL.crypto.X509` instance loaded from a file can have a |
Jean-Paul Calderone | 4bf75c6 | 2013-08-23 15:39:53 -0400 | [diff] [blame] | 1119 | NUL byte in the value of one of its attributes. |
| 1120 | """ |
| 1121 | cert = load_certificate(FILETYPE_PEM, nulbyteSubjectAltNamePEM) |
| 1122 | subject = cert.get_subject() |
| 1123 | self.assertEqual( |
Jean-Paul Calderone | 06754fc | 2013-08-23 15:47:47 -0400 | [diff] [blame] | 1124 | "null.python.org\x00example.org", subject.commonName) |
Jean-Paul Calderone | 4bf75c6 | 2013-08-23 15:39:53 -0400 | [diff] [blame] | 1125 | |
Jean-Paul Calderone | 5300d6a | 2013-12-29 16:36:50 -0500 | [diff] [blame] | 1126 | def test_setAttributeFailure(self): |
| 1127 | """ |
| 1128 | If the value of an attribute cannot be set for some reason then |
| 1129 | :py:class:`OpenSSL.crypto.Error` is raised. |
| 1130 | """ |
| 1131 | name = self._x509name() |
| 1132 | # This value is too long |
| 1133 | self.assertRaises(Error, setattr, name, "O", b"x" * 512) |
| 1134 | |
| 1135 | |
Jean-Paul Calderone | ac0d95f | 2008-03-10 00:00:42 -0400 | [diff] [blame] | 1136 | class _PKeyInteractionTestsMixin: |
| 1137 | """ |
| 1138 | Tests which involve another thing and a PKey. |
| 1139 | """ |
Alex Gaynor | aceb3e2 | 2015-09-05 12:00:22 -0400 | [diff] [blame] | 1140 | |
Jean-Paul Calderone | ac0d95f | 2008-03-10 00:00:42 -0400 | [diff] [blame] | 1141 | def signable(self): |
| 1142 | """ |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 1143 | Return something with a :py:meth:`set_pubkey`, :py:meth:`set_pubkey`, |
| 1144 | and :py:meth:`sign` method. |
Jean-Paul Calderone | ac0d95f | 2008-03-10 00:00:42 -0400 | [diff] [blame] | 1145 | """ |
| 1146 | raise NotImplementedError() |
| 1147 | |
Jean-Paul Calderone | ac0d95f | 2008-03-10 00:00:42 -0400 | [diff] [blame] | 1148 | def test_signWithUngenerated(self): |
| 1149 | """ |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 1150 | :py:meth:`X509Req.sign` raises :py:exc:`ValueError` when pass a |
| 1151 | :py:class:`PKey` with no parts. |
Jean-Paul Calderone | ac0d95f | 2008-03-10 00:00:42 -0400 | [diff] [blame] | 1152 | """ |
| 1153 | request = self.signable() |
| 1154 | key = PKey() |
Jean-Paul Calderone | 4f0467a | 2014-01-11 11:58:41 -0500 | [diff] [blame] | 1155 | self.assertRaises(ValueError, request.sign, key, GOOD_DIGEST) |
Jean-Paul Calderone | ac0d95f | 2008-03-10 00:00:42 -0400 | [diff] [blame] | 1156 | |
Jean-Paul Calderone | ac0d95f | 2008-03-10 00:00:42 -0400 | [diff] [blame] | 1157 | def test_signWithPublicKey(self): |
| 1158 | """ |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 1159 | :py:meth:`X509Req.sign` raises :py:exc:`ValueError` when pass a |
| 1160 | :py:class:`PKey` with no private part as the signing key. |
Jean-Paul Calderone | ac0d95f | 2008-03-10 00:00:42 -0400 | [diff] [blame] | 1161 | """ |
| 1162 | request = self.signable() |
| 1163 | key = PKey() |
| 1164 | key.generate_key(TYPE_RSA, 512) |
| 1165 | request.set_pubkey(key) |
| 1166 | pub = request.get_pubkey() |
Jean-Paul Calderone | 4f0467a | 2014-01-11 11:58:41 -0500 | [diff] [blame] | 1167 | self.assertRaises(ValueError, request.sign, pub, GOOD_DIGEST) |
Jean-Paul Calderone | ac0d95f | 2008-03-10 00:00:42 -0400 | [diff] [blame] | 1168 | |
Jean-Paul Calderone | cc05a91 | 2010-08-03 18:24:19 -0400 | [diff] [blame] | 1169 | def test_signWithUnknownDigest(self): |
| 1170 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 1171 | :py:meth:`X509Req.sign` raises :py:exc:`ValueError` when passed a |
| 1172 | digest name which is not known. |
Jean-Paul Calderone | cc05a91 | 2010-08-03 18:24:19 -0400 | [diff] [blame] | 1173 | """ |
| 1174 | request = self.signable() |
| 1175 | key = PKey() |
| 1176 | key.generate_key(TYPE_RSA, 512) |
Jean-Paul Calderone | 4f0467a | 2014-01-11 11:58:41 -0500 | [diff] [blame] | 1177 | self.assertRaises(ValueError, request.sign, key, BAD_DIGEST) |
Jean-Paul Calderone | cc05a91 | 2010-08-03 18:24:19 -0400 | [diff] [blame] | 1178 | |
Jean-Paul Calderone | b972559 | 2010-08-03 18:17:22 -0400 | [diff] [blame] | 1179 | def test_sign(self): |
| 1180 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 1181 | :py:meth:`X509Req.sign` succeeds when passed a private key object and a |
| 1182 | valid digest function. :py:meth:`X509Req.verify` can be used to check |
| 1183 | the signature. |
Jean-Paul Calderone | b972559 | 2010-08-03 18:17:22 -0400 | [diff] [blame] | 1184 | """ |
| 1185 | request = self.signable() |
| 1186 | key = PKey() |
| 1187 | key.generate_key(TYPE_RSA, 512) |
| 1188 | request.set_pubkey(key) |
Jean-Paul Calderone | 4f0467a | 2014-01-11 11:58:41 -0500 | [diff] [blame] | 1189 | request.sign(key, GOOD_DIGEST) |
Jean-Paul Calderone | b972559 | 2010-08-03 18:17:22 -0400 | [diff] [blame] | 1190 | # If the type has a verify method, cover that too. |
| 1191 | if getattr(request, 'verify', None) is not None: |
| 1192 | pub = request.get_pubkey() |
| 1193 | self.assertTrue(request.verify(pub)) |
| 1194 | # Make another key that won't verify. |
| 1195 | key = PKey() |
| 1196 | key.generate_key(TYPE_RSA, 512) |
| 1197 | self.assertRaises(Error, request.verify, key) |
| 1198 | |
| 1199 | |
Jean-Paul Calderone | 1880865 | 2009-07-05 12:54:05 -0400 | [diff] [blame] | 1200 | class X509ReqTests(TestCase, _PKeyInteractionTestsMixin): |
Jean-Paul Calderone | 2aa2b33 | 2008-03-06 21:43:14 -0500 | [diff] [blame] | 1201 | """ |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 1202 | Tests for :py:class:`OpenSSL.crypto.X509Req`. |
Jean-Paul Calderone | 2aa2b33 | 2008-03-06 21:43:14 -0500 | [diff] [blame] | 1203 | """ |
Alex Gaynor | aceb3e2 | 2015-09-05 12:00:22 -0400 | [diff] [blame] | 1204 | |
Jean-Paul Calderone | ac0d95f | 2008-03-10 00:00:42 -0400 | [diff] [blame] | 1205 | def signable(self): |
| 1206 | """ |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 1207 | Create and return a new :py:class:`X509Req`. |
Jean-Paul Calderone | ac0d95f | 2008-03-10 00:00:42 -0400 | [diff] [blame] | 1208 | """ |
| 1209 | return X509Req() |
| 1210 | |
Jean-Paul Calderone | 6864905 | 2009-07-17 21:14:27 -0400 | [diff] [blame] | 1211 | def test_type(self): |
| 1212 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 1213 | :py:obj:`X509Req` and :py:obj:`X509ReqType` refer to the same type |
| 1214 | object and can be used to create instances of that type. |
Jean-Paul Calderone | 6864905 | 2009-07-17 21:14:27 -0400 | [diff] [blame] | 1215 | """ |
| 1216 | self.assertIdentical(X509Req, X509ReqType) |
| 1217 | self.assertConsistentType(X509Req, 'X509Req') |
Jean-Paul Calderone | ac0d95f | 2008-03-10 00:00:42 -0400 | [diff] [blame] | 1218 | |
Jean-Paul Calderone | 2aa2b33 | 2008-03-06 21:43:14 -0500 | [diff] [blame] | 1219 | def test_construction(self): |
| 1220 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 1221 | :py:obj:`X509Req` takes no arguments and returns an |
| 1222 | :py:obj:`X509ReqType` instance. |
Jean-Paul Calderone | 2aa2b33 | 2008-03-06 21:43:14 -0500 | [diff] [blame] | 1223 | """ |
| 1224 | request = X509Req() |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 1225 | assert isinstance(request, X509ReqType) |
Jean-Paul Calderone | 2aa2b33 | 2008-03-06 21:43:14 -0500 | [diff] [blame] | 1226 | |
Jean-Paul Calderone | 8dd19b8 | 2008-12-28 20:41:16 -0500 | [diff] [blame] | 1227 | def test_version(self): |
| 1228 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 1229 | :py:obj:`X509ReqType.set_version` sets the X.509 version of the |
| 1230 | certificate request. :py:obj:`X509ReqType.get_version` returns the |
| 1231 | X.509 version of the certificate request. The initial value of the |
| 1232 | version is 0. |
Jean-Paul Calderone | 8dd19b8 | 2008-12-28 20:41:16 -0500 | [diff] [blame] | 1233 | """ |
| 1234 | request = X509Req() |
| 1235 | self.assertEqual(request.get_version(), 0) |
| 1236 | request.set_version(1) |
| 1237 | self.assertEqual(request.get_version(), 1) |
| 1238 | request.set_version(3) |
| 1239 | self.assertEqual(request.get_version(), 3) |
| 1240 | |
Jean-Paul Calderone | 54e49e9 | 2010-07-30 11:04:46 -0400 | [diff] [blame] | 1241 | def test_version_wrong_args(self): |
Jean-Paul Calderone | aa6c069 | 2010-09-08 22:43:09 -0400 | [diff] [blame] | 1242 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 1243 | :py:obj:`X509ReqType.set_version` raises :py:obj:`TypeError` if called |
| 1244 | with the wrong number of arguments or with a non-:py:obj:`int` |
| 1245 | argument. :py:obj:`X509ReqType.get_version` raises :py:obj:`TypeError` |
| 1246 | if called with any arguments. |
Jean-Paul Calderone | aa6c069 | 2010-09-08 22:43:09 -0400 | [diff] [blame] | 1247 | """ |
Jean-Paul Calderone | 54e49e9 | 2010-07-30 11:04:46 -0400 | [diff] [blame] | 1248 | request = X509Req() |
| 1249 | self.assertRaises(TypeError, request.set_version) |
| 1250 | self.assertRaises(TypeError, request.set_version, "foo") |
| 1251 | self.assertRaises(TypeError, request.set_version, 1, 2) |
| 1252 | self.assertRaises(TypeError, request.get_version, None) |
| 1253 | |
Jean-Paul Calderone | 2aa2b33 | 2008-03-06 21:43:14 -0500 | [diff] [blame] | 1254 | def test_get_subject(self): |
| 1255 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 1256 | :py:obj:`X509ReqType.get_subject` returns an :py:obj:`X509Name` for the |
| 1257 | subject of the request and which is valid even after the request object |
| 1258 | is otherwise dead. |
Jean-Paul Calderone | 2aa2b33 | 2008-03-06 21:43:14 -0500 | [diff] [blame] | 1259 | """ |
| 1260 | request = X509Req() |
| 1261 | subject = request.get_subject() |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 1262 | assert isinstance(subject, X509NameType) |
Jean-Paul Calderone | 2aa2b33 | 2008-03-06 21:43:14 -0500 | [diff] [blame] | 1263 | subject.commonName = "foo" |
| 1264 | self.assertEqual(request.get_subject().commonName, "foo") |
| 1265 | del request |
| 1266 | subject.commonName = "bar" |
| 1267 | self.assertEqual(subject.commonName, "bar") |
Jean-Paul Calderone | 78381d2 | 2008-03-06 23:35:22 -0500 | [diff] [blame] | 1268 | |
Jean-Paul Calderone | 54e49e9 | 2010-07-30 11:04:46 -0400 | [diff] [blame] | 1269 | def test_get_subject_wrong_args(self): |
Jean-Paul Calderone | aa6c069 | 2010-09-08 22:43:09 -0400 | [diff] [blame] | 1270 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 1271 | :py:obj:`X509ReqType.get_subject` raises :py:obj:`TypeError` if called |
| 1272 | with any arguments. |
Jean-Paul Calderone | aa6c069 | 2010-09-08 22:43:09 -0400 | [diff] [blame] | 1273 | """ |
Jean-Paul Calderone | 54e49e9 | 2010-07-30 11:04:46 -0400 | [diff] [blame] | 1274 | request = X509Req() |
| 1275 | self.assertRaises(TypeError, request.get_subject, None) |
| 1276 | |
Jean-Paul Calderone | fe1b9bd | 2010-08-03 18:00:21 -0400 | [diff] [blame] | 1277 | def test_add_extensions(self): |
| 1278 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 1279 | :py:obj:`X509Req.add_extensions` accepts a :py:obj:`list` of |
| 1280 | :py:obj:`X509Extension` instances and adds them to the X509 request. |
Jean-Paul Calderone | fe1b9bd | 2010-08-03 18:00:21 -0400 | [diff] [blame] | 1281 | """ |
| 1282 | request = X509Req() |
| 1283 | request.add_extensions([ |
Alex Gaynor | aceb3e2 | 2015-09-05 12:00:22 -0400 | [diff] [blame] | 1284 | X509Extension(b('basicConstraints'), True, b('CA:false'))]) |
Stephen Holsapple | ca545b7 | 2014-01-28 21:43:25 -0800 | [diff] [blame] | 1285 | exts = request.get_extensions() |
Stephen Holsapple | 7fbdf64 | 2014-03-01 20:05:47 -0800 | [diff] [blame] | 1286 | self.assertEqual(len(exts), 1) |
| 1287 | self.assertEqual(exts[0].get_short_name(), b('basicConstraints')) |
| 1288 | self.assertEqual(exts[0].get_critical(), 1) |
| 1289 | self.assertEqual(exts[0].get_data(), b('0\x00')) |
| 1290 | |
Stephen Holsapple | 7fbdf64 | 2014-03-01 20:05:47 -0800 | [diff] [blame] | 1291 | def test_get_extensions(self): |
| 1292 | """ |
| 1293 | :py:obj:`X509Req.get_extensions` returns a :py:obj:`list` of |
| 1294 | extensions added to this X509 request. |
| 1295 | """ |
| 1296 | request = X509Req() |
| 1297 | exts = request.get_extensions() |
| 1298 | self.assertEqual(exts, []) |
| 1299 | request.add_extensions([ |
Alex Gaynor | aceb3e2 | 2015-09-05 12:00:22 -0400 | [diff] [blame] | 1300 | X509Extension(b('basicConstraints'), True, b('CA:true')), |
| 1301 | X509Extension(b('keyUsage'), False, b('digitalSignature'))]) |
Stephen Holsapple | 7fbdf64 | 2014-03-01 20:05:47 -0800 | [diff] [blame] | 1302 | exts = request.get_extensions() |
| 1303 | self.assertEqual(len(exts), 2) |
| 1304 | self.assertEqual(exts[0].get_short_name(), b('basicConstraints')) |
| 1305 | self.assertEqual(exts[0].get_critical(), 1) |
| 1306 | self.assertEqual(exts[0].get_data(), b('0\x03\x01\x01\xff')) |
| 1307 | self.assertEqual(exts[1].get_short_name(), b('keyUsage')) |
| 1308 | self.assertEqual(exts[1].get_critical(), 0) |
| 1309 | self.assertEqual(exts[1].get_data(), b('\x03\x02\x07\x80')) |
Jean-Paul Calderone | fe1b9bd | 2010-08-03 18:00:21 -0400 | [diff] [blame] | 1310 | |
Jean-Paul Calderone | fe1b9bd | 2010-08-03 18:00:21 -0400 | [diff] [blame] | 1311 | def test_add_extensions_wrong_args(self): |
| 1312 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 1313 | :py:obj:`X509Req.add_extensions` raises :py:obj:`TypeError` if called |
| 1314 | with the wrong number of arguments or with a non-:py:obj:`list`. Or it |
| 1315 | raises :py:obj:`ValueError` if called with a :py:obj:`list` containing |
| 1316 | objects other than :py:obj:`X509Extension` instances. |
Jean-Paul Calderone | fe1b9bd | 2010-08-03 18:00:21 -0400 | [diff] [blame] | 1317 | """ |
| 1318 | request = X509Req() |
| 1319 | self.assertRaises(TypeError, request.add_extensions) |
| 1320 | self.assertRaises(TypeError, request.add_extensions, object()) |
| 1321 | self.assertRaises(ValueError, request.add_extensions, [object()]) |
| 1322 | self.assertRaises(TypeError, request.add_extensions, [], None) |
| 1323 | |
Jean-Paul Calderone | 5565f0f | 2013-03-06 11:10:20 -0800 | [diff] [blame] | 1324 | def test_verify_wrong_args(self): |
| 1325 | """ |
| 1326 | :py:obj:`X509Req.verify` raises :py:obj:`TypeError` if called with zero |
| 1327 | arguments or more than one argument or if passed anything other than a |
| 1328 | :py:obj:`PKey` instance as its single argument. |
| 1329 | """ |
| 1330 | request = X509Req() |
| 1331 | self.assertRaises(TypeError, request.verify) |
| 1332 | self.assertRaises(TypeError, request.verify, object()) |
| 1333 | self.assertRaises(TypeError, request.verify, PKey(), object()) |
| 1334 | |
Jean-Paul Calderone | 5565f0f | 2013-03-06 11:10:20 -0800 | [diff] [blame] | 1335 | def test_verify_uninitialized_key(self): |
| 1336 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 1337 | :py:obj:`X509Req.verify` raises :py:obj:`OpenSSL.crypto.Error` if |
| 1338 | called with a :py:obj:`OpenSSL.crypto.PKey` which contains no key data. |
Jean-Paul Calderone | 5565f0f | 2013-03-06 11:10:20 -0800 | [diff] [blame] | 1339 | """ |
| 1340 | request = X509Req() |
| 1341 | pkey = PKey() |
| 1342 | self.assertRaises(Error, request.verify, pkey) |
| 1343 | |
Jean-Paul Calderone | 5565f0f | 2013-03-06 11:10:20 -0800 | [diff] [blame] | 1344 | def test_verify_wrong_key(self): |
| 1345 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 1346 | :py:obj:`X509Req.verify` raises :py:obj:`OpenSSL.crypto.Error` if |
| 1347 | called with a :py:obj:`OpenSSL.crypto.PKey` which does not represent |
| 1348 | the public part of the key which signed the request. |
Jean-Paul Calderone | 5565f0f | 2013-03-06 11:10:20 -0800 | [diff] [blame] | 1349 | """ |
| 1350 | request = X509Req() |
| 1351 | pkey = load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM) |
Jean-Paul Calderone | 4f0467a | 2014-01-11 11:58:41 -0500 | [diff] [blame] | 1352 | request.sign(pkey, GOOD_DIGEST) |
Jean-Paul Calderone | 5565f0f | 2013-03-06 11:10:20 -0800 | [diff] [blame] | 1353 | another_pkey = load_privatekey(FILETYPE_PEM, client_key_pem) |
| 1354 | self.assertRaises(Error, request.verify, another_pkey) |
| 1355 | |
Jean-Paul Calderone | 5565f0f | 2013-03-06 11:10:20 -0800 | [diff] [blame] | 1356 | def test_verify_success(self): |
| 1357 | """ |
| 1358 | :py:obj:`X509Req.verify` returns :py:obj:`True` if called with a |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 1359 | :py:obj:`OpenSSL.crypto.PKey` which represents the public part of the |
| 1360 | key which signed the request. |
Jean-Paul Calderone | 5565f0f | 2013-03-06 11:10:20 -0800 | [diff] [blame] | 1361 | """ |
| 1362 | request = X509Req() |
| 1363 | pkey = load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM) |
Jean-Paul Calderone | 4f0467a | 2014-01-11 11:58:41 -0500 | [diff] [blame] | 1364 | request.sign(pkey, GOOD_DIGEST) |
Jean-Paul Calderone | 5565f0f | 2013-03-06 11:10:20 -0800 | [diff] [blame] | 1365 | self.assertEqual(True, request.verify(pkey)) |
| 1366 | |
| 1367 | |
Jean-Paul Calderone | 1880865 | 2009-07-05 12:54:05 -0400 | [diff] [blame] | 1368 | class X509Tests(TestCase, _PKeyInteractionTestsMixin): |
Jean-Paul Calderone | 78381d2 | 2008-03-06 23:35:22 -0500 | [diff] [blame] | 1369 | """ |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 1370 | Tests for :py:obj:`OpenSSL.crypto.X509`. |
Jean-Paul Calderone | 78381d2 | 2008-03-06 23:35:22 -0500 | [diff] [blame] | 1371 | """ |
Jean-Paul Calderone | 5ef8651 | 2008-04-26 19:06:28 -0400 | [diff] [blame] | 1372 | pemData = cleartextCertificatePEM + cleartextPrivateKeyPEM |
Jean-Paul Calderone | 8114b45 | 2008-03-25 15:27:59 -0400 | [diff] [blame] | 1373 | |
Roland Hedberg | 7e4930e | 2008-04-22 22:58:50 +0200 | [diff] [blame] | 1374 | extpem = """ |
| 1375 | -----BEGIN CERTIFICATE----- |
| 1376 | MIIC3jCCAkegAwIBAgIJAJHFjlcCgnQzMA0GCSqGSIb3DQEBBQUAMEcxCzAJBgNV |
| 1377 | BAYTAlNFMRUwEwYDVQQIEwxXZXN0ZXJib3R0b20xEjAQBgNVBAoTCUNhdGFsb2dp |
| 1378 | eDENMAsGA1UEAxMEUm9vdDAeFw0wODA0MjIxNDQ1MzhaFw0wOTA0MjIxNDQ1Mzha |
| 1379 | MFQxCzAJBgNVBAYTAlNFMQswCQYDVQQIEwJXQjEUMBIGA1UEChMLT3Blbk1ldGFk |
| 1380 | aXIxIjAgBgNVBAMTGW5vZGUxLm9tMi5vcGVubWV0YWRpci5vcmcwgZ8wDQYJKoZI |
| 1381 | hvcNAQEBBQADgY0AMIGJAoGBAPIcQMrwbk2nESF/0JKibj9i1x95XYAOwP+LarwT |
| 1382 | Op4EQbdlI9SY+uqYqlERhF19w7CS+S6oyqx0DRZSk4Y9dZ9j9/xgm2u/f136YS1u |
| 1383 | zgYFPvfUs6PqYLPSM8Bw+SjJ+7+2+TN+Tkiof9WP1cMjodQwOmdsiRbR0/J7+b1B |
| 1384 | hec1AgMBAAGjgcQwgcEwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNT |
| 1385 | TCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFIdHsBcMVVMbAO7j6NCj |
| 1386 | 03HgLnHaMB8GA1UdIwQYMBaAFL2h9Bf9Mre4vTdOiHTGAt7BRY/8MEYGA1UdEQQ/ |
| 1387 | MD2CDSouZXhhbXBsZS5vcmeCESoub20yLmV4bWFwbGUuY29thwSC7wgKgRNvbTJA |
| 1388 | b3Blbm1ldGFkaXIub3JnMA0GCSqGSIb3DQEBBQUAA4GBALd7WdXkp2KvZ7/PuWZA |
| 1389 | MPlIxyjS+Ly11+BNE0xGQRp9Wz+2lABtpgNqssvU156+HkKd02rGheb2tj7MX9hG |
| 1390 | uZzbwDAZzJPjzDQDD7d3cWsrVcfIdqVU7epHqIadnOF+X0ghJ39pAm6VVadnSXCt |
| 1391 | WpOdIpB8KksUTCzV591Nr1wd |
| 1392 | -----END CERTIFICATE----- |
| 1393 | """ |
Alex Gaynor | aceb3e2 | 2015-09-05 12:00:22 -0400 | [diff] [blame] | 1394 | |
Jean-Paul Calderone | ac0d95f | 2008-03-10 00:00:42 -0400 | [diff] [blame] | 1395 | def signable(self): |
| 1396 | """ |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 1397 | Create and return a new :py:obj:`X509`. |
Jean-Paul Calderone | ac0d95f | 2008-03-10 00:00:42 -0400 | [diff] [blame] | 1398 | """ |
| 1399 | return X509() |
| 1400 | |
Jean-Paul Calderone | 6864905 | 2009-07-17 21:14:27 -0400 | [diff] [blame] | 1401 | def test_type(self): |
| 1402 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 1403 | :py:obj:`X509` and :py:obj:`X509Type` refer to the same type object and |
| 1404 | can be used to create instances of that type. |
Jean-Paul Calderone | 6864905 | 2009-07-17 21:14:27 -0400 | [diff] [blame] | 1405 | """ |
| 1406 | self.assertIdentical(X509, X509Type) |
| 1407 | self.assertConsistentType(X509, 'X509') |
| 1408 | |
Jean-Paul Calderone | 78381d2 | 2008-03-06 23:35:22 -0500 | [diff] [blame] | 1409 | def test_construction(self): |
| 1410 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 1411 | :py:obj:`X509` takes no arguments and returns an instance of |
| 1412 | :py:obj:`X509Type`. |
Jean-Paul Calderone | 78381d2 | 2008-03-06 23:35:22 -0500 | [diff] [blame] | 1413 | """ |
| 1414 | certificate = X509() |
| 1415 | self.assertTrue( |
| 1416 | isinstance(certificate, X509Type), |
| 1417 | "%r is of type %r, should be %r" % (certificate, |
| 1418 | type(certificate), |
| 1419 | X509Type)) |
Rick Dean | e15b147 | 2009-07-09 15:53:42 -0500 | [diff] [blame] | 1420 | self.assertEqual(type(X509Type).__name__, 'type') |
| 1421 | self.assertEqual(type(certificate).__name__, 'X509') |
| 1422 | self.assertEqual(type(certificate), X509Type) |
Rick Dean | 04113e7 | 2009-07-16 12:06:35 -0500 | [diff] [blame] | 1423 | self.assertEqual(type(certificate), X509) |
Jean-Paul Calderone | 78381d2 | 2008-03-06 23:35:22 -0500 | [diff] [blame] | 1424 | |
Jean-Paul Calderone | 3544eb4 | 2010-07-30 22:09:47 -0400 | [diff] [blame] | 1425 | def test_get_version_wrong_args(self): |
| 1426 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 1427 | :py:obj:`X509.get_version` raises :py:obj:`TypeError` if invoked with |
| 1428 | any arguments. |
Jean-Paul Calderone | 3544eb4 | 2010-07-30 22:09:47 -0400 | [diff] [blame] | 1429 | """ |
| 1430 | cert = X509() |
| 1431 | self.assertRaises(TypeError, cert.get_version, None) |
| 1432 | |
Jean-Paul Calderone | 3544eb4 | 2010-07-30 22:09:47 -0400 | [diff] [blame] | 1433 | def test_set_version_wrong_args(self): |
| 1434 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 1435 | :py:obj:`X509.set_version` raises :py:obj:`TypeError` if invoked with |
| 1436 | the wrong number of arguments or an argument not of type :py:obj:`int`. |
Jean-Paul Calderone | 3544eb4 | 2010-07-30 22:09:47 -0400 | [diff] [blame] | 1437 | """ |
| 1438 | cert = X509() |
| 1439 | self.assertRaises(TypeError, cert.set_version) |
| 1440 | self.assertRaises(TypeError, cert.set_version, None) |
| 1441 | self.assertRaises(TypeError, cert.set_version, 1, None) |
| 1442 | |
Jean-Paul Calderone | 3544eb4 | 2010-07-30 22:09:47 -0400 | [diff] [blame] | 1443 | def test_version(self): |
| 1444 | """ |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 1445 | :py:obj:`X509.set_version` sets the certificate version number. |
| 1446 | :py:obj:`X509.get_version` retrieves it. |
Jean-Paul Calderone | 3544eb4 | 2010-07-30 22:09:47 -0400 | [diff] [blame] | 1447 | """ |
| 1448 | cert = X509() |
| 1449 | cert.set_version(1234) |
| 1450 | self.assertEquals(cert.get_version(), 1234) |
| 1451 | |
Jean-Paul Calderone | 3544eb4 | 2010-07-30 22:09:47 -0400 | [diff] [blame] | 1452 | def test_get_serial_number_wrong_args(self): |
| 1453 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 1454 | :py:obj:`X509.get_serial_number` raises :py:obj:`TypeError` if invoked |
| 1455 | with any arguments. |
Jean-Paul Calderone | 3544eb4 | 2010-07-30 22:09:47 -0400 | [diff] [blame] | 1456 | """ |
| 1457 | cert = X509() |
| 1458 | self.assertRaises(TypeError, cert.get_serial_number, None) |
| 1459 | |
Jean-Paul Calderone | 78381d2 | 2008-03-06 23:35:22 -0500 | [diff] [blame] | 1460 | def test_serial_number(self): |
| 1461 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 1462 | The serial number of an :py:obj:`X509Type` can be retrieved and |
| 1463 | modified with :py:obj:`X509Type.get_serial_number` and |
| 1464 | :py:obj:`X509Type.set_serial_number`. |
Jean-Paul Calderone | 78381d2 | 2008-03-06 23:35:22 -0500 | [diff] [blame] | 1465 | """ |
| 1466 | certificate = X509() |
| 1467 | self.assertRaises(TypeError, certificate.set_serial_number) |
| 1468 | self.assertRaises(TypeError, certificate.set_serial_number, 1, 2) |
| 1469 | self.assertRaises(TypeError, certificate.set_serial_number, "1") |
| 1470 | self.assertRaises(TypeError, certificate.set_serial_number, 5.5) |
| 1471 | self.assertEqual(certificate.get_serial_number(), 0) |
| 1472 | certificate.set_serial_number(1) |
| 1473 | self.assertEqual(certificate.get_serial_number(), 1) |
| 1474 | certificate.set_serial_number(2 ** 32 + 1) |
| 1475 | self.assertEqual(certificate.get_serial_number(), 2 ** 32 + 1) |
| 1476 | certificate.set_serial_number(2 ** 64 + 1) |
| 1477 | self.assertEqual(certificate.get_serial_number(), 2 ** 64 + 1) |
Jean-Paul Calderone | 525ef80 | 2008-03-09 20:39:42 -0400 | [diff] [blame] | 1478 | certificate.set_serial_number(2 ** 128 + 1) |
| 1479 | self.assertEqual(certificate.get_serial_number(), 2 ** 128 + 1) |
| 1480 | |
Jean-Paul Calderone | 525ef80 | 2008-03-09 20:39:42 -0400 | [diff] [blame] | 1481 | def _setBoundTest(self, which): |
| 1482 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 1483 | :py:obj:`X509Type.set_notBefore` takes a string in the format of an |
| 1484 | ASN1 GENERALIZEDTIME and sets the beginning of the certificate's |
| 1485 | validity period to it. |
Jean-Paul Calderone | 525ef80 | 2008-03-09 20:39:42 -0400 | [diff] [blame] | 1486 | """ |
| 1487 | certificate = X509() |
| 1488 | set = getattr(certificate, 'set_not' + which) |
| 1489 | get = getattr(certificate, 'get_not' + which) |
| 1490 | |
Jean-Paul Calderone | e0615b5 | 2008-03-09 21:44:46 -0400 | [diff] [blame] | 1491 | # Starts with no value. |
| 1492 | self.assertEqual(get(), None) |
| 1493 | |
Jean-Paul Calderone | 525ef80 | 2008-03-09 20:39:42 -0400 | [diff] [blame] | 1494 | # GMT (Or is it UTC?) -exarkun |
Jean-Paul Calderone | e890db3 | 2010-08-22 16:55:15 -0400 | [diff] [blame] | 1495 | when = b("20040203040506Z") |
Jean-Paul Calderone | 525ef80 | 2008-03-09 20:39:42 -0400 | [diff] [blame] | 1496 | set(when) |
| 1497 | self.assertEqual(get(), when) |
| 1498 | |
| 1499 | # A plus two hours and thirty minutes offset |
Jean-Paul Calderone | e890db3 | 2010-08-22 16:55:15 -0400 | [diff] [blame] | 1500 | when = b("20040203040506+0530") |
Jean-Paul Calderone | 525ef80 | 2008-03-09 20:39:42 -0400 | [diff] [blame] | 1501 | set(when) |
| 1502 | self.assertEqual(get(), when) |
| 1503 | |
| 1504 | # A minus one hour fifteen minutes offset |
Jean-Paul Calderone | e890db3 | 2010-08-22 16:55:15 -0400 | [diff] [blame] | 1505 | when = b("20040203040506-0115") |
Jean-Paul Calderone | 525ef80 | 2008-03-09 20:39:42 -0400 | [diff] [blame] | 1506 | set(when) |
| 1507 | self.assertEqual(get(), when) |
| 1508 | |
| 1509 | # An invalid string results in a ValueError |
Jean-Paul Calderone | e890db3 | 2010-08-22 16:55:15 -0400 | [diff] [blame] | 1510 | self.assertRaises(ValueError, set, b("foo bar")) |
Jean-Paul Calderone | 525ef80 | 2008-03-09 20:39:42 -0400 | [diff] [blame] | 1511 | |
Jean-Paul Calderone | 31ca200 | 2010-01-30 15:14:43 -0500 | [diff] [blame] | 1512 | # The wrong number of arguments results in a TypeError. |
| 1513 | self.assertRaises(TypeError, set) |
Alex Gaynor | 85b4970 | 2015-09-05 16:30:59 -0400 | [diff] [blame] | 1514 | with pytest.raises(TypeError): |
| 1515 | set(b"20040203040506Z", b"20040203040506Z") |
Jean-Paul Calderone | e890db3 | 2010-08-22 16:55:15 -0400 | [diff] [blame] | 1516 | self.assertRaises(TypeError, get, b("foo bar")) |
| 1517 | |
Jean-Paul Calderone | fe1b9bd | 2010-08-03 18:00:21 -0400 | [diff] [blame] | 1518 | # XXX ASN1_TIME (not GENERALIZEDTIME) |
Jean-Paul Calderone | 525ef80 | 2008-03-09 20:39:42 -0400 | [diff] [blame] | 1519 | |
| 1520 | def test_set_notBefore(self): |
| 1521 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 1522 | :py:obj:`X509Type.set_notBefore` takes a string in the format of an |
| 1523 | ASN1 GENERALIZEDTIME and sets the beginning of the certificate's |
| 1524 | validity period to it. |
Jean-Paul Calderone | 525ef80 | 2008-03-09 20:39:42 -0400 | [diff] [blame] | 1525 | """ |
| 1526 | self._setBoundTest("Before") |
| 1527 | |
Jean-Paul Calderone | 525ef80 | 2008-03-09 20:39:42 -0400 | [diff] [blame] | 1528 | def test_set_notAfter(self): |
| 1529 | """ |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 1530 | :py:obj:`X509Type.set_notAfter` takes a string in the format of an ASN1 |
Jean-Paul Calderone | 525ef80 | 2008-03-09 20:39:42 -0400 | [diff] [blame] | 1531 | GENERALIZEDTIME and sets the end of the certificate's validity period |
| 1532 | to it. |
| 1533 | """ |
| 1534 | self._setBoundTest("After") |
Jean-Paul Calderone | 76576d5 | 2008-03-24 16:04:46 -0400 | [diff] [blame] | 1535 | |
Jean-Paul Calderone | 38a646d | 2008-03-25 15:16:18 -0400 | [diff] [blame] | 1536 | def test_get_notBefore(self): |
| 1537 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 1538 | :py:obj:`X509Type.get_notBefore` returns a string in the format of an |
| 1539 | ASN1 GENERALIZEDTIME even for certificates which store it as UTCTIME |
Jean-Paul Calderone | 38a646d | 2008-03-25 15:16:18 -0400 | [diff] [blame] | 1540 | internally. |
| 1541 | """ |
Jean-Paul Calderone | 8114b45 | 2008-03-25 15:27:59 -0400 | [diff] [blame] | 1542 | cert = load_certificate(FILETYPE_PEM, self.pemData) |
Jean-Paul Calderone | e890db3 | 2010-08-22 16:55:15 -0400 | [diff] [blame] | 1543 | self.assertEqual(cert.get_notBefore(), b("20090325123658Z")) |
Jean-Paul Calderone | 38a646d | 2008-03-25 15:16:18 -0400 | [diff] [blame] | 1544 | |
Rick Dean | 38a05c8 | 2009-07-18 01:41:30 -0500 | [diff] [blame] | 1545 | def test_get_notAfter(self): |
| 1546 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 1547 | :py:obj:`X509Type.get_notAfter` returns a string in the format of an |
| 1548 | ASN1 GENERALIZEDTIME even for certificates which store it as UTCTIME |
Rick Dean | 38a05c8 | 2009-07-18 01:41:30 -0500 | [diff] [blame] | 1549 | internally. |
| 1550 | """ |
| 1551 | cert = load_certificate(FILETYPE_PEM, self.pemData) |
Jean-Paul Calderone | e890db3 | 2010-08-22 16:55:15 -0400 | [diff] [blame] | 1552 | self.assertEqual(cert.get_notAfter(), b("20170611123658Z")) |
Rick Dean | 38a05c8 | 2009-07-18 01:41:30 -0500 | [diff] [blame] | 1553 | |
Jean-Paul Calderone | ccf9d48 | 2010-07-30 22:36:42 -0400 | [diff] [blame] | 1554 | def test_gmtime_adj_notBefore_wrong_args(self): |
| 1555 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 1556 | :py:obj:`X509Type.gmtime_adj_notBefore` raises :py:obj:`TypeError` if |
| 1557 | called with the wrong number of arguments or a non-:py:obj:`int` |
| 1558 | argument. |
Jean-Paul Calderone | ccf9d48 | 2010-07-30 22:36:42 -0400 | [diff] [blame] | 1559 | """ |
| 1560 | cert = X509() |
| 1561 | self.assertRaises(TypeError, cert.gmtime_adj_notBefore) |
| 1562 | self.assertRaises(TypeError, cert.gmtime_adj_notBefore, None) |
| 1563 | self.assertRaises(TypeError, cert.gmtime_adj_notBefore, 123, None) |
| 1564 | |
Jean-Paul Calderone | 4f237b2 | 2010-07-30 22:29:39 -0400 | [diff] [blame] | 1565 | def test_gmtime_adj_notBefore(self): |
| 1566 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 1567 | :py:obj:`X509Type.gmtime_adj_notBefore` changes the not-before |
| 1568 | timestamp to be the current time plus the number of seconds passed in. |
Jean-Paul Calderone | 4f237b2 | 2010-07-30 22:29:39 -0400 | [diff] [blame] | 1569 | """ |
| 1570 | cert = load_certificate(FILETYPE_PEM, self.pemData) |
Alex Gaynor | 85b4970 | 2015-09-05 16:30:59 -0400 | [diff] [blame] | 1571 | not_before_min = ( |
| 1572 | datetime.utcnow().replace(microsecond=0) + timedelta(seconds=100) |
| 1573 | ) |
Jean-Paul Calderone | 4f237b2 | 2010-07-30 22:29:39 -0400 | [diff] [blame] | 1574 | cert.gmtime_adj_notBefore(100) |
Alex Gaynor | 85b4970 | 2015-09-05 16:30:59 -0400 | [diff] [blame] | 1575 | not_before = datetime.strptime( |
| 1576 | cert.get_notBefore().decode(), "%Y%m%d%H%M%SZ" |
| 1577 | ) |
Maximilian Hils | bed25c9 | 2015-07-25 12:58:07 +0200 | [diff] [blame] | 1578 | not_before_max = datetime.utcnow() + timedelta(seconds=100) |
| 1579 | self.assertTrue(not_before_min <= not_before <= not_before_max) |
Jean-Paul Calderone | 4f237b2 | 2010-07-30 22:29:39 -0400 | [diff] [blame] | 1580 | |
Jean-Paul Calderone | ccf9d48 | 2010-07-30 22:36:42 -0400 | [diff] [blame] | 1581 | def test_gmtime_adj_notAfter_wrong_args(self): |
| 1582 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 1583 | :py:obj:`X509Type.gmtime_adj_notAfter` raises :py:obj:`TypeError` if |
| 1584 | called with the wrong number of arguments or a non-:py:obj:`int` |
| 1585 | argument. |
Jean-Paul Calderone | ccf9d48 | 2010-07-30 22:36:42 -0400 | [diff] [blame] | 1586 | """ |
| 1587 | cert = X509() |
| 1588 | self.assertRaises(TypeError, cert.gmtime_adj_notAfter) |
| 1589 | self.assertRaises(TypeError, cert.gmtime_adj_notAfter, None) |
| 1590 | self.assertRaises(TypeError, cert.gmtime_adj_notAfter, 123, None) |
| 1591 | |
Jean-Paul Calderone | 4f237b2 | 2010-07-30 22:29:39 -0400 | [diff] [blame] | 1592 | def test_gmtime_adj_notAfter(self): |
| 1593 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 1594 | :py:obj:`X509Type.gmtime_adj_notAfter` changes the not-after timestamp |
| 1595 | to be the current time plus the number of seconds passed in. |
Jean-Paul Calderone | 4f237b2 | 2010-07-30 22:29:39 -0400 | [diff] [blame] | 1596 | """ |
| 1597 | cert = load_certificate(FILETYPE_PEM, self.pemData) |
Alex Gaynor | 85b4970 | 2015-09-05 16:30:59 -0400 | [diff] [blame] | 1598 | not_after_min = ( |
| 1599 | datetime.utcnow().replace(microsecond=0) + timedelta(seconds=100) |
| 1600 | ) |
Jean-Paul Calderone | 4f237b2 | 2010-07-30 22:29:39 -0400 | [diff] [blame] | 1601 | cert.gmtime_adj_notAfter(100) |
Alex Gaynor | 85b4970 | 2015-09-05 16:30:59 -0400 | [diff] [blame] | 1602 | not_after = datetime.strptime( |
| 1603 | cert.get_notAfter().decode(), "%Y%m%d%H%M%SZ" |
| 1604 | ) |
Maximilian Hils | bed25c9 | 2015-07-25 12:58:07 +0200 | [diff] [blame] | 1605 | not_after_max = datetime.utcnow() + timedelta(seconds=100) |
| 1606 | self.assertTrue(not_after_min <= not_after <= not_after_max) |
Jean-Paul Calderone | 4f237b2 | 2010-07-30 22:29:39 -0400 | [diff] [blame] | 1607 | |
Jean-Paul Calderone | ccf9d48 | 2010-07-30 22:36:42 -0400 | [diff] [blame] | 1608 | def test_has_expired_wrong_args(self): |
| 1609 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 1610 | :py:obj:`X509Type.has_expired` raises :py:obj:`TypeError` if called |
| 1611 | with any arguments. |
Jean-Paul Calderone | ccf9d48 | 2010-07-30 22:36:42 -0400 | [diff] [blame] | 1612 | """ |
| 1613 | cert = X509() |
| 1614 | self.assertRaises(TypeError, cert.has_expired, None) |
| 1615 | |
Jean-Paul Calderone | ccf9d48 | 2010-07-30 22:36:42 -0400 | [diff] [blame] | 1616 | def test_has_expired(self): |
| 1617 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 1618 | :py:obj:`X509Type.has_expired` returns :py:obj:`True` if the |
| 1619 | certificate's not-after time is in the past. |
Jean-Paul Calderone | ccf9d48 | 2010-07-30 22:36:42 -0400 | [diff] [blame] | 1620 | """ |
| 1621 | cert = X509() |
| 1622 | cert.gmtime_adj_notAfter(-1) |
| 1623 | self.assertTrue(cert.has_expired()) |
| 1624 | |
Jean-Paul Calderone | ccf9d48 | 2010-07-30 22:36:42 -0400 | [diff] [blame] | 1625 | def test_has_not_expired(self): |
| 1626 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 1627 | :py:obj:`X509Type.has_expired` returns :py:obj:`False` if the |
| 1628 | certificate's not-after time is in the future. |
Jean-Paul Calderone | ccf9d48 | 2010-07-30 22:36:42 -0400 | [diff] [blame] | 1629 | """ |
| 1630 | cert = X509() |
| 1631 | cert.gmtime_adj_notAfter(2) |
| 1632 | self.assertFalse(cert.has_expired()) |
| 1633 | |
Jeff Tang | fc18f7b | 2015-04-15 17:42:33 -0400 | [diff] [blame] | 1634 | def test_root_has_not_expired(self): |
| 1635 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 1636 | :py:obj:`X509Type.has_expired` returns :py:obj:`False` if the |
| 1637 | certificate's not-after time is in the future. |
Jeff Tang | fc18f7b | 2015-04-15 17:42:33 -0400 | [diff] [blame] | 1638 | """ |
| 1639 | cert = load_certificate(FILETYPE_PEM, root_cert_pem) |
| 1640 | self.assertFalse(cert.has_expired()) |
| 1641 | |
Rick Dean | 38a05c8 | 2009-07-18 01:41:30 -0500 | [diff] [blame] | 1642 | def test_digest(self): |
| 1643 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 1644 | :py:obj:`X509.digest` returns a string giving ":"-separated hex-encoded |
| 1645 | words of the digest of the certificate. |
Rick Dean | 38a05c8 | 2009-07-18 01:41:30 -0500 | [diff] [blame] | 1646 | """ |
Jeff Tang | fc18f7b | 2015-04-15 17:42:33 -0400 | [diff] [blame] | 1647 | cert = load_certificate(FILETYPE_PEM, root_cert_pem) |
Rick Dean | 38a05c8 | 2009-07-18 01:41:30 -0500 | [diff] [blame] | 1648 | self.assertEqual( |
Jean-Paul Calderone | 4f0467a | 2014-01-11 11:58:41 -0500 | [diff] [blame] | 1649 | # This is MD5 instead of GOOD_DIGEST because the digest algorithm |
| 1650 | # actually matters to the assertion (ie, another arbitrary, good |
| 1651 | # digest will not product the same digest). |
Jeff Tang | fc18f7b | 2015-04-15 17:42:33 -0400 | [diff] [blame] | 1652 | # Digest verified with the command: |
| 1653 | # openssl x509 -in root_cert.pem -noout -fingerprint -md5 |
Jean-Paul Calderone | 4f0467a | 2014-01-11 11:58:41 -0500 | [diff] [blame] | 1654 | cert.digest("MD5"), |
Jeff Tang | fc18f7b | 2015-04-15 17:42:33 -0400 | [diff] [blame] | 1655 | b("19:B3:05:26:2B:F8:F2:FF:0B:8F:21:07:A8:28:B8:75")) |
Rick Dean | 38a05c8 | 2009-07-18 01:41:30 -0500 | [diff] [blame] | 1656 | |
Jean-Paul Calderone | 83a593d | 2011-04-01 17:45:07 -0400 | [diff] [blame] | 1657 | def _extcert(self, pkey, extensions): |
| 1658 | cert = X509() |
| 1659 | cert.set_pubkey(pkey) |
| 1660 | cert.get_subject().commonName = "Unit Tests" |
| 1661 | cert.get_issuer().commonName = "Unit Tests" |
| 1662 | when = b(datetime.now().strftime("%Y%m%d%H%M%SZ")) |
| 1663 | cert.set_notBefore(when) |
| 1664 | cert.set_notAfter(when) |
| 1665 | |
| 1666 | cert.add_extensions(extensions) |
Jeff Tang | fc18f7b | 2015-04-15 17:42:33 -0400 | [diff] [blame] | 1667 | cert.sign(pkey, 'sha1') |
Jean-Paul Calderone | 83a593d | 2011-04-01 17:45:07 -0400 | [diff] [blame] | 1668 | return load_certificate( |
| 1669 | FILETYPE_PEM, dump_certificate(FILETYPE_PEM, cert)) |
| 1670 | |
Roland Hedberg | 7e4930e | 2008-04-22 22:58:50 +0200 | [diff] [blame] | 1671 | def test_extension_count(self): |
| 1672 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 1673 | :py:obj:`X509.get_extension_count` returns the number of extensions |
| 1674 | that are present in the certificate. |
Roland Hedberg | 7e4930e | 2008-04-22 22:58:50 +0200 | [diff] [blame] | 1675 | """ |
Jean-Paul Calderone | f7b3ee6 | 2011-04-01 17:36:24 -0400 | [diff] [blame] | 1676 | pkey = load_privatekey(FILETYPE_PEM, client_key_pem) |
Jean-Paul Calderone | 90abbc0 | 2011-04-06 18:20:22 -0400 | [diff] [blame] | 1677 | ca = X509Extension(b('basicConstraints'), True, b('CA:FALSE')) |
| 1678 | key = X509Extension(b('keyUsage'), True, b('digitalSignature')) |
Jean-Paul Calderone | f7b3ee6 | 2011-04-01 17:36:24 -0400 | [diff] [blame] | 1679 | subjectAltName = X509Extension( |
Jean-Paul Calderone | 90abbc0 | 2011-04-06 18:20:22 -0400 | [diff] [blame] | 1680 | b('subjectAltName'), True, b('DNS:example.com')) |
Jean-Paul Calderone | f7b3ee6 | 2011-04-01 17:36:24 -0400 | [diff] [blame] | 1681 | |
| 1682 | # Try a certificate with no extensions at all. |
Jean-Paul Calderone | 83a593d | 2011-04-01 17:45:07 -0400 | [diff] [blame] | 1683 | c = self._extcert(pkey, []) |
Jean-Paul Calderone | f7b3ee6 | 2011-04-01 17:36:24 -0400 | [diff] [blame] | 1684 | self.assertEqual(c.get_extension_count(), 0) |
| 1685 | |
| 1686 | # And a certificate with one |
Jean-Paul Calderone | 83a593d | 2011-04-01 17:45:07 -0400 | [diff] [blame] | 1687 | c = self._extcert(pkey, [ca]) |
Jean-Paul Calderone | f7b3ee6 | 2011-04-01 17:36:24 -0400 | [diff] [blame] | 1688 | self.assertEqual(c.get_extension_count(), 1) |
| 1689 | |
| 1690 | # And a certificate with several |
Jean-Paul Calderone | 83a593d | 2011-04-01 17:45:07 -0400 | [diff] [blame] | 1691 | c = self._extcert(pkey, [ca, key, subjectAltName]) |
Jean-Paul Calderone | f7b3ee6 | 2011-04-01 17:36:24 -0400 | [diff] [blame] | 1692 | self.assertEqual(c.get_extension_count(), 3) |
Roland Hedberg | 7e4930e | 2008-04-22 22:58:50 +0200 | [diff] [blame] | 1693 | |
Jean-Paul Calderone | 83a593d | 2011-04-01 17:45:07 -0400 | [diff] [blame] | 1694 | def test_get_extension(self): |
| 1695 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 1696 | :py:obj:`X509.get_extension` takes an integer and returns an |
| 1697 | :py:obj:`X509Extension` corresponding to the extension at that index. |
Jean-Paul Calderone | 83a593d | 2011-04-01 17:45:07 -0400 | [diff] [blame] | 1698 | """ |
| 1699 | pkey = load_privatekey(FILETYPE_PEM, client_key_pem) |
Jean-Paul Calderone | 90abbc0 | 2011-04-06 18:20:22 -0400 | [diff] [blame] | 1700 | ca = X509Extension(b('basicConstraints'), True, b('CA:FALSE')) |
| 1701 | key = X509Extension(b('keyUsage'), True, b('digitalSignature')) |
Jean-Paul Calderone | 83a593d | 2011-04-01 17:45:07 -0400 | [diff] [blame] | 1702 | subjectAltName = X509Extension( |
Jean-Paul Calderone | 90abbc0 | 2011-04-06 18:20:22 -0400 | [diff] [blame] | 1703 | b('subjectAltName'), False, b('DNS:example.com')) |
Jean-Paul Calderone | 83a593d | 2011-04-01 17:45:07 -0400 | [diff] [blame] | 1704 | |
| 1705 | cert = self._extcert(pkey, [ca, key, subjectAltName]) |
| 1706 | |
| 1707 | ext = cert.get_extension(0) |
| 1708 | self.assertTrue(isinstance(ext, X509Extension)) |
| 1709 | self.assertTrue(ext.get_critical()) |
Jean-Paul Calderone | 90abbc0 | 2011-04-06 18:20:22 -0400 | [diff] [blame] | 1710 | self.assertEqual(ext.get_short_name(), b('basicConstraints')) |
Jean-Paul Calderone | 83a593d | 2011-04-01 17:45:07 -0400 | [diff] [blame] | 1711 | |
| 1712 | ext = cert.get_extension(1) |
| 1713 | self.assertTrue(isinstance(ext, X509Extension)) |
| 1714 | self.assertTrue(ext.get_critical()) |
Jean-Paul Calderone | 90abbc0 | 2011-04-06 18:20:22 -0400 | [diff] [blame] | 1715 | self.assertEqual(ext.get_short_name(), b('keyUsage')) |
Jean-Paul Calderone | 83a593d | 2011-04-01 17:45:07 -0400 | [diff] [blame] | 1716 | |
| 1717 | ext = cert.get_extension(2) |
| 1718 | self.assertTrue(isinstance(ext, X509Extension)) |
| 1719 | self.assertFalse(ext.get_critical()) |
Jean-Paul Calderone | 90abbc0 | 2011-04-06 18:20:22 -0400 | [diff] [blame] | 1720 | self.assertEqual(ext.get_short_name(), b('subjectAltName')) |
Jean-Paul Calderone | 83a593d | 2011-04-01 17:45:07 -0400 | [diff] [blame] | 1721 | |
| 1722 | self.assertRaises(IndexError, cert.get_extension, -1) |
| 1723 | self.assertRaises(IndexError, cert.get_extension, 4) |
| 1724 | self.assertRaises(TypeError, cert.get_extension, "hello") |
| 1725 | |
Jean-Paul Calderone | 4bf75c6 | 2013-08-23 15:39:53 -0400 | [diff] [blame] | 1726 | def test_nullbyte_subjectAltName(self): |
Jean-Paul Calderone | ff83cdd | 2013-08-12 18:05:51 -0400 | [diff] [blame] | 1727 | """ |
Jean-Paul Calderone | 9af07b0 | 2013-08-23 16:07:31 -0400 | [diff] [blame] | 1728 | The fields of a `subjectAltName` extension on an X509 may contain NUL |
Jean-Paul Calderone | 4bf75c6 | 2013-08-23 15:39:53 -0400 | [diff] [blame] | 1729 | bytes and this value is reflected in the string representation of the |
| 1730 | extension object. |
Jean-Paul Calderone | ff83cdd | 2013-08-12 18:05:51 -0400 | [diff] [blame] | 1731 | """ |
Jean-Paul Calderone | 4bf75c6 | 2013-08-23 15:39:53 -0400 | [diff] [blame] | 1732 | cert = load_certificate(FILETYPE_PEM, nulbyteSubjectAltNamePEM) |
Jean-Paul Calderone | ff83cdd | 2013-08-12 18:05:51 -0400 | [diff] [blame] | 1733 | |
| 1734 | ext = cert.get_extension(3) |
| 1735 | self.assertEqual(ext.get_short_name(), b('subjectAltName')) |
Jean-Paul Calderone | 4bf75c6 | 2013-08-23 15:39:53 -0400 | [diff] [blame] | 1736 | self.assertEqual( |
| 1737 | b("DNS:altnull.python.org\x00example.com, " |
| 1738 | "email:null@python.org\x00user@example.org, " |
| 1739 | "URI:http://null.python.org\x00http://example.org, " |
| 1740 | "IP Address:192.0.2.1, IP Address:2001:DB8:0:0:0:0:0:1\n"), |
| 1741 | b(str(ext))) |
| 1742 | |
Jean-Paul Calderone | fe1b9bd | 2010-08-03 18:00:21 -0400 | [diff] [blame] | 1743 | def test_invalid_digest_algorithm(self): |
| 1744 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 1745 | :py:obj:`X509.digest` raises :py:obj:`ValueError` if called with an |
| 1746 | unrecognized hash algorithm. |
Jean-Paul Calderone | fe1b9bd | 2010-08-03 18:00:21 -0400 | [diff] [blame] | 1747 | """ |
| 1748 | cert = X509() |
Jean-Paul Calderone | 4f0467a | 2014-01-11 11:58:41 -0500 | [diff] [blame] | 1749 | self.assertRaises(ValueError, cert.digest, BAD_DIGEST) |
Jean-Paul Calderone | fe1b9bd | 2010-08-03 18:00:21 -0400 | [diff] [blame] | 1750 | |
Jean-Paul Calderone | 4f237b2 | 2010-07-30 22:29:39 -0400 | [diff] [blame] | 1751 | def test_get_subject_wrong_args(self): |
| 1752 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 1753 | :py:obj:`X509.get_subject` raises :py:obj:`TypeError` if called with |
| 1754 | any arguments. |
Jean-Paul Calderone | 4f237b2 | 2010-07-30 22:29:39 -0400 | [diff] [blame] | 1755 | """ |
| 1756 | cert = X509() |
| 1757 | self.assertRaises(TypeError, cert.get_subject, None) |
| 1758 | |
Jean-Paul Calderone | 4f237b2 | 2010-07-30 22:29:39 -0400 | [diff] [blame] | 1759 | def test_get_subject(self): |
| 1760 | """ |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 1761 | :py:obj:`X509.get_subject` returns an :py:obj:`X509Name` instance. |
Jean-Paul Calderone | 4f237b2 | 2010-07-30 22:29:39 -0400 | [diff] [blame] | 1762 | """ |
| 1763 | cert = load_certificate(FILETYPE_PEM, self.pemData) |
| 1764 | subj = cert.get_subject() |
| 1765 | self.assertTrue(isinstance(subj, X509Name)) |
| 1766 | self.assertEquals( |
| 1767 | subj.get_components(), |
Jean-Paul Calderone | dc3275f | 2010-08-22 17:04:09 -0400 | [diff] [blame] | 1768 | [(b('C'), b('US')), (b('ST'), b('IL')), (b('L'), b('Chicago')), |
| 1769 | (b('O'), b('Testing')), (b('CN'), b('Testing Root CA'))]) |
Jean-Paul Calderone | 4f237b2 | 2010-07-30 22:29:39 -0400 | [diff] [blame] | 1770 | |
Jean-Paul Calderone | 4f237b2 | 2010-07-30 22:29:39 -0400 | [diff] [blame] | 1771 | def test_set_subject_wrong_args(self): |
| 1772 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 1773 | :py:obj:`X509.set_subject` raises a :py:obj:`TypeError` if called with |
| 1774 | the wrong number of arguments or an argument not of type |
| 1775 | :py:obj:`X509Name`. |
Jean-Paul Calderone | 4f237b2 | 2010-07-30 22:29:39 -0400 | [diff] [blame] | 1776 | """ |
| 1777 | cert = X509() |
| 1778 | self.assertRaises(TypeError, cert.set_subject) |
| 1779 | self.assertRaises(TypeError, cert.set_subject, None) |
Alex Gaynor | 85b4970 | 2015-09-05 16:30:59 -0400 | [diff] [blame] | 1780 | with pytest.raises(TypeError): |
| 1781 | cert.set_subject(cert.get_subject(), None) |
Jean-Paul Calderone | 4f237b2 | 2010-07-30 22:29:39 -0400 | [diff] [blame] | 1782 | |
| 1783 | def test_set_subject(self): |
| 1784 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 1785 | :py:obj:`X509.set_subject` changes the subject of the certificate to |
| 1786 | the one passed in. |
Jean-Paul Calderone | 4f237b2 | 2010-07-30 22:29:39 -0400 | [diff] [blame] | 1787 | """ |
| 1788 | cert = X509() |
| 1789 | name = cert.get_subject() |
| 1790 | name.C = 'AU' |
| 1791 | name.O = 'Unit Tests' |
| 1792 | cert.set_subject(name) |
| 1793 | self.assertEquals( |
| 1794 | cert.get_subject().get_components(), |
Jean-Paul Calderone | dc3275f | 2010-08-22 17:04:09 -0400 | [diff] [blame] | 1795 | [(b('C'), b('AU')), (b('O'), b('Unit Tests'))]) |
Jean-Paul Calderone | 4f237b2 | 2010-07-30 22:29:39 -0400 | [diff] [blame] | 1796 | |
Jean-Paul Calderone | 4f237b2 | 2010-07-30 22:29:39 -0400 | [diff] [blame] | 1797 | def test_get_issuer_wrong_args(self): |
| 1798 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 1799 | :py:obj:`X509.get_issuer` raises :py:obj:`TypeError` if called with any |
| 1800 | arguments. |
Jean-Paul Calderone | 4f237b2 | 2010-07-30 22:29:39 -0400 | [diff] [blame] | 1801 | """ |
| 1802 | cert = X509() |
| 1803 | self.assertRaises(TypeError, cert.get_issuer, None) |
| 1804 | |
Jean-Paul Calderone | 4f237b2 | 2010-07-30 22:29:39 -0400 | [diff] [blame] | 1805 | def test_get_issuer(self): |
| 1806 | """ |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 1807 | :py:obj:`X509.get_issuer` returns an :py:obj:`X509Name` instance. |
Jean-Paul Calderone | 4f237b2 | 2010-07-30 22:29:39 -0400 | [diff] [blame] | 1808 | """ |
| 1809 | cert = load_certificate(FILETYPE_PEM, self.pemData) |
| 1810 | subj = cert.get_issuer() |
| 1811 | self.assertTrue(isinstance(subj, X509Name)) |
Jean-Paul Calderone | 30a4cb3 | 2010-08-11 23:54:12 -0400 | [diff] [blame] | 1812 | comp = subj.get_components() |
Jean-Paul Calderone | 4f237b2 | 2010-07-30 22:29:39 -0400 | [diff] [blame] | 1813 | self.assertEquals( |
Jean-Paul Calderone | 30a4cb3 | 2010-08-11 23:54:12 -0400 | [diff] [blame] | 1814 | comp, |
Jean-Paul Calderone | dc3275f | 2010-08-22 17:04:09 -0400 | [diff] [blame] | 1815 | [(b('C'), b('US')), (b('ST'), b('IL')), (b('L'), b('Chicago')), |
| 1816 | (b('O'), b('Testing')), (b('CN'), b('Testing Root CA'))]) |
Jean-Paul Calderone | 4f237b2 | 2010-07-30 22:29:39 -0400 | [diff] [blame] | 1817 | |
Jean-Paul Calderone | 4f237b2 | 2010-07-30 22:29:39 -0400 | [diff] [blame] | 1818 | def test_set_issuer_wrong_args(self): |
| 1819 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 1820 | :py:obj:`X509.set_issuer` raises a :py:obj:`TypeError` if called with |
| 1821 | the wrong number of arguments or an argument not of type |
| 1822 | :py:obj:`X509Name`. |
Jean-Paul Calderone | 4f237b2 | 2010-07-30 22:29:39 -0400 | [diff] [blame] | 1823 | """ |
| 1824 | cert = X509() |
| 1825 | self.assertRaises(TypeError, cert.set_issuer) |
| 1826 | self.assertRaises(TypeError, cert.set_issuer, None) |
| 1827 | self.assertRaises(TypeError, cert.set_issuer, cert.get_issuer(), None) |
| 1828 | |
Jean-Paul Calderone | 4f237b2 | 2010-07-30 22:29:39 -0400 | [diff] [blame] | 1829 | def test_set_issuer(self): |
| 1830 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 1831 | :py:obj:`X509.set_issuer` changes the issuer of the certificate to the |
| 1832 | one passed in. |
Jean-Paul Calderone | 4f237b2 | 2010-07-30 22:29:39 -0400 | [diff] [blame] | 1833 | """ |
| 1834 | cert = X509() |
| 1835 | name = cert.get_issuer() |
| 1836 | name.C = 'AU' |
| 1837 | name.O = 'Unit Tests' |
| 1838 | cert.set_issuer(name) |
| 1839 | self.assertEquals( |
| 1840 | cert.get_issuer().get_components(), |
Jean-Paul Calderone | dc3275f | 2010-08-22 17:04:09 -0400 | [diff] [blame] | 1841 | [(b('C'), b('AU')), (b('O'), b('Unit Tests'))]) |
Jean-Paul Calderone | 4f237b2 | 2010-07-30 22:29:39 -0400 | [diff] [blame] | 1842 | |
Jean-Paul Calderone | 4f237b2 | 2010-07-30 22:29:39 -0400 | [diff] [blame] | 1843 | def test_get_pubkey_uninitialized(self): |
| 1844 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 1845 | When called on a certificate with no public key, |
| 1846 | :py:obj:`X509.get_pubkey` raises :py:obj:`OpenSSL.crypto.Error`. |
Jean-Paul Calderone | 4f237b2 | 2010-07-30 22:29:39 -0400 | [diff] [blame] | 1847 | """ |
| 1848 | cert = X509() |
| 1849 | self.assertRaises(Error, cert.get_pubkey) |
| 1850 | |
Jean-Paul Calderone | ccf9d48 | 2010-07-30 22:36:42 -0400 | [diff] [blame] | 1851 | def test_subject_name_hash_wrong_args(self): |
| 1852 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 1853 | :py:obj:`X509.subject_name_hash` raises :py:obj:`TypeError` if called |
| 1854 | with any arguments. |
Jean-Paul Calderone | ccf9d48 | 2010-07-30 22:36:42 -0400 | [diff] [blame] | 1855 | """ |
| 1856 | cert = X509() |
| 1857 | self.assertRaises(TypeError, cert.subject_name_hash, None) |
| 1858 | |
Jean-Paul Calderone | ccf9d48 | 2010-07-30 22:36:42 -0400 | [diff] [blame] | 1859 | def test_subject_name_hash(self): |
| 1860 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 1861 | :py:obj:`X509.subject_name_hash` returns the hash of the certificate's |
| 1862 | subject name. |
Jean-Paul Calderone | ccf9d48 | 2010-07-30 22:36:42 -0400 | [diff] [blame] | 1863 | """ |
| 1864 | cert = load_certificate(FILETYPE_PEM, self.pemData) |
Jean-Paul Calderone | 060a57e | 2011-05-04 18:02:49 -0400 | [diff] [blame] | 1865 | self.assertIn( |
Jean-Paul Calderone | 2755fa5 | 2011-05-18 19:42:10 -0400 | [diff] [blame] | 1866 | cert.subject_name_hash(), |
Alex Gaynor | aceb3e2 | 2015-09-05 12:00:22 -0400 | [diff] [blame] | 1867 | [3350047874, # OpenSSL 0.9.8, MD5 |
| 1868 | 3278919224, # OpenSSL 1.0.0, SHA1 |
Jean-Paul Calderone | 060a57e | 2011-05-04 18:02:49 -0400 | [diff] [blame] | 1869 | ]) |
Jean-Paul Calderone | ccf9d48 | 2010-07-30 22:36:42 -0400 | [diff] [blame] | 1870 | |
Jean-Paul Calderone | 2755fa5 | 2011-05-18 19:42:10 -0400 | [diff] [blame] | 1871 | def test_get_signature_algorithm(self): |
| 1872 | """ |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 1873 | :py:obj:`X509Type.get_signature_algorithm` returns a string which means |
Jean-Paul Calderone | 2755fa5 | 2011-05-18 19:42:10 -0400 | [diff] [blame] | 1874 | the algorithm used to sign the certificate. |
| 1875 | """ |
| 1876 | cert = load_certificate(FILETYPE_PEM, self.pemData) |
Jean-Paul Calderone | 5d8e405 | 2011-05-19 17:51:43 -0400 | [diff] [blame] | 1877 | self.assertEqual( |
| 1878 | b("sha1WithRSAEncryption"), cert.get_signature_algorithm()) |
Jean-Paul Calderone | 2755fa5 | 2011-05-18 19:42:10 -0400 | [diff] [blame] | 1879 | |
Jean-Paul Calderone | 2755fa5 | 2011-05-18 19:42:10 -0400 | [diff] [blame] | 1880 | def test_get_undefined_signature_algorithm(self): |
Jean-Paul Calderone | 5d8e405 | 2011-05-19 17:51:43 -0400 | [diff] [blame] | 1881 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 1882 | :py:obj:`X509Type.get_signature_algorithm` raises :py:obj:`ValueError` |
| 1883 | if the signature algorithm is undefined or unknown. |
Jean-Paul Calderone | 5d8e405 | 2011-05-19 17:51:43 -0400 | [diff] [blame] | 1884 | """ |
| 1885 | # This certificate has been modified to indicate a bogus OID in the |
| 1886 | # signature algorithm field so that OpenSSL does not recognize it. |
Jean-Paul Calderone | 4f0467a | 2014-01-11 11:58:41 -0500 | [diff] [blame] | 1887 | certPEM = b("""\ |
Jean-Paul Calderone | 2755fa5 | 2011-05-18 19:42:10 -0400 | [diff] [blame] | 1888 | -----BEGIN CERTIFICATE----- |
| 1889 | MIIC/zCCAmigAwIBAgIBATAGBgJ8BQUAMHsxCzAJBgNVBAYTAlNHMREwDwYDVQQK |
| 1890 | EwhNMkNyeXB0bzEUMBIGA1UECxMLTTJDcnlwdG8gQ0ExJDAiBgNVBAMTG00yQ3J5 |
| 1891 | cHRvIENlcnRpZmljYXRlIE1hc3RlcjEdMBsGCSqGSIb3DQEJARYObmdwc0Bwb3N0 |
| 1892 | MS5jb20wHhcNMDAwOTEwMDk1MTMwWhcNMDIwOTEwMDk1MTMwWjBTMQswCQYDVQQG |
| 1893 | EwJTRzERMA8GA1UEChMITTJDcnlwdG8xEjAQBgNVBAMTCWxvY2FsaG9zdDEdMBsG |
| 1894 | CSqGSIb3DQEJARYObmdwc0Bwb3N0MS5jb20wXDANBgkqhkiG9w0BAQEFAANLADBI |
| 1895 | AkEArL57d26W9fNXvOhNlZzlPOACmvwOZ5AdNgLzJ1/MfsQQJ7hHVeHmTAjM664V |
| 1896 | +fXvwUGJLziCeBo1ysWLRnl8CQIDAQABo4IBBDCCAQAwCQYDVR0TBAIwADAsBglg |
| 1897 | hkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0O |
| 1898 | BBYEFM+EgpK+eyZiwFU1aOPSbczbPSpVMIGlBgNVHSMEgZ0wgZqAFPuHI2nrnDqT |
| 1899 | FeXFvylRT/7tKDgBoX+kfTB7MQswCQYDVQQGEwJTRzERMA8GA1UEChMITTJDcnlw |
| 1900 | dG8xFDASBgNVBAsTC00yQ3J5cHRvIENBMSQwIgYDVQQDExtNMkNyeXB0byBDZXJ0 |
| 1901 | aWZpY2F0ZSBNYXN0ZXIxHTAbBgkqhkiG9w0BCQEWDm5ncHNAcG9zdDEuY29tggEA |
| 1902 | MA0GCSqGSIb3DQEBBAUAA4GBADv8KpPo+gfJxN2ERK1Y1l17sz/ZhzoGgm5XCdbx |
| 1903 | jEY7xKfpQngV599k1xhl11IMqizDwu0855agrckg2MCTmOI9DZzDD77tAYb+Dk0O |
| 1904 | PEVk0Mk/V0aIsDE9bolfCi/i/QWZ3N8s5nTWMNyBBBmoSliWCm4jkkRZRD0ejgTN |
| 1905 | tgI5 |
| 1906 | -----END CERTIFICATE----- |
Jean-Paul Calderone | 4f0467a | 2014-01-11 11:58:41 -0500 | [diff] [blame] | 1907 | """) |
Jean-Paul Calderone | 2755fa5 | 2011-05-18 19:42:10 -0400 | [diff] [blame] | 1908 | cert = load_certificate(FILETYPE_PEM, certPEM) |
| 1909 | self.assertRaises(ValueError, cert.get_signature_algorithm) |
Jean-Paul Calderone | ccf9d48 | 2010-07-30 22:36:42 -0400 | [diff] [blame] | 1910 | |
| 1911 | |
Jean-Paul Calderone | a63714c | 2013-03-05 17:02:26 -0800 | [diff] [blame] | 1912 | class X509StoreTests(TestCase): |
| 1913 | """ |
| 1914 | Test for :py:obj:`OpenSSL.crypto.X509Store`. |
| 1915 | """ |
Alex Gaynor | aceb3e2 | 2015-09-05 12:00:22 -0400 | [diff] [blame] | 1916 | |
Jean-Paul Calderone | a63714c | 2013-03-05 17:02:26 -0800 | [diff] [blame] | 1917 | def test_type(self): |
| 1918 | """ |
| 1919 | :py:obj:`X509StoreType` is a type object. |
| 1920 | """ |
| 1921 | self.assertIdentical(X509Store, X509StoreType) |
| 1922 | self.assertConsistentType(X509Store, 'X509Store') |
| 1923 | |
Jean-Paul Calderone | a63714c | 2013-03-05 17:02:26 -0800 | [diff] [blame] | 1924 | def test_add_cert_wrong_args(self): |
| 1925 | store = X509Store() |
| 1926 | self.assertRaises(TypeError, store.add_cert) |
| 1927 | self.assertRaises(TypeError, store.add_cert, object()) |
| 1928 | self.assertRaises(TypeError, store.add_cert, X509(), object()) |
| 1929 | |
Jean-Paul Calderone | a63714c | 2013-03-05 17:02:26 -0800 | [diff] [blame] | 1930 | def test_add_cert(self): |
Jean-Paul Calderone | e6f32b8 | 2013-03-06 10:27:57 -0800 | [diff] [blame] | 1931 | """ |
| 1932 | :py:obj:`X509Store.add_cert` adds a :py:obj:`X509` instance to the |
| 1933 | certificate store. |
| 1934 | """ |
| 1935 | cert = load_certificate(FILETYPE_PEM, cleartextCertificatePEM) |
Jean-Paul Calderone | a63714c | 2013-03-05 17:02:26 -0800 | [diff] [blame] | 1936 | store = X509Store() |
Jean-Paul Calderone | e6f32b8 | 2013-03-06 10:27:57 -0800 | [diff] [blame] | 1937 | store.add_cert(cert) |
| 1938 | |
Jean-Paul Calderone | e6f32b8 | 2013-03-06 10:27:57 -0800 | [diff] [blame] | 1939 | def test_add_cert_rejects_duplicate(self): |
| 1940 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 1941 | :py:obj:`X509Store.add_cert` raises :py:obj:`OpenSSL.crypto.Error` if |
| 1942 | an attempt is made to add the same certificate to the store more than |
| 1943 | once. |
Jean-Paul Calderone | e6f32b8 | 2013-03-06 10:27:57 -0800 | [diff] [blame] | 1944 | """ |
| 1945 | cert = load_certificate(FILETYPE_PEM, cleartextCertificatePEM) |
| 1946 | store = X509Store() |
| 1947 | store.add_cert(cert) |
| 1948 | self.assertRaises(Error, store.add_cert, cert) |
Jean-Paul Calderone | a63714c | 2013-03-05 17:02:26 -0800 | [diff] [blame] | 1949 | |
| 1950 | |
Rick Dean | 623ee36 | 2009-07-17 12:22:16 -0500 | [diff] [blame] | 1951 | class PKCS12Tests(TestCase): |
| 1952 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 1953 | Test for :py:obj:`OpenSSL.crypto.PKCS12` and |
| 1954 | :py:obj:`OpenSSL.crypto.load_pkcs12`. |
Rick Dean | 623ee36 | 2009-07-17 12:22:16 -0500 | [diff] [blame] | 1955 | """ |
| 1956 | pemData = cleartextCertificatePEM + cleartextPrivateKeyPEM |
| 1957 | |
Jean-Paul Calderone | c3a41f7 | 2009-07-25 12:36:02 -0400 | [diff] [blame] | 1958 | def test_type(self): |
| 1959 | """ |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 1960 | :py:obj:`PKCS12Type` is a type object. |
Jean-Paul Calderone | c3a41f7 | 2009-07-25 12:36:02 -0400 | [diff] [blame] | 1961 | """ |
| 1962 | self.assertIdentical(PKCS12, PKCS12Type) |
| 1963 | self.assertConsistentType(PKCS12, 'PKCS12') |
| 1964 | |
Rick Dean | f94096c | 2009-07-18 14:23:06 -0500 | [diff] [blame] | 1965 | def test_empty_construction(self): |
Rick Dean | 38a05c8 | 2009-07-18 01:41:30 -0500 | [diff] [blame] | 1966 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 1967 | :py:obj:`PKCS12` returns a new instance of :py:obj:`PKCS12` with no |
| 1968 | certificate, private key, CA certificates, or friendly name. |
Rick Dean | 38a05c8 | 2009-07-18 01:41:30 -0500 | [diff] [blame] | 1969 | """ |
Jean-Paul Calderone | a202edb | 2009-07-25 12:22:12 -0400 | [diff] [blame] | 1970 | p12 = PKCS12() |
Rick Dean | 623ee36 | 2009-07-17 12:22:16 -0500 | [diff] [blame] | 1971 | self.assertEqual(None, p12.get_certificate()) |
| 1972 | self.assertEqual(None, p12.get_privatekey()) |
| 1973 | self.assertEqual(None, p12.get_ca_certificates()) |
Rick Dean | 42d69e1 | 2009-07-20 11:36:08 -0500 | [diff] [blame] | 1974 | self.assertEqual(None, p12.get_friendlyname()) |
Rick Dean | 623ee36 | 2009-07-17 12:22:16 -0500 | [diff] [blame] | 1975 | |
| 1976 | def test_type_errors(self): |
Rick Dean | 38a05c8 | 2009-07-18 01:41:30 -0500 | [diff] [blame] | 1977 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 1978 | The :py:obj:`PKCS12` setter functions (:py:obj:`set_certificate`, |
| 1979 | :py:obj:`set_privatekey`, :py:obj:`set_ca_certificates`, and |
| 1980 | :py:obj:`set_friendlyname`) raise :py:obj:`TypeError` when passed |
| 1981 | objects of types other than those expected. |
Rick Dean | 38a05c8 | 2009-07-18 01:41:30 -0500 | [diff] [blame] | 1982 | """ |
Jean-Paul Calderone | a202edb | 2009-07-25 12:22:12 -0400 | [diff] [blame] | 1983 | p12 = PKCS12() |
Rick Dean | 623ee36 | 2009-07-17 12:22:16 -0500 | [diff] [blame] | 1984 | self.assertRaises(TypeError, p12.set_certificate, 3) |
Rick Dean | f94096c | 2009-07-18 14:23:06 -0500 | [diff] [blame] | 1985 | self.assertRaises(TypeError, p12.set_certificate, PKey()) |
| 1986 | self.assertRaises(TypeError, p12.set_certificate, X509) |
Rick Dean | 623ee36 | 2009-07-17 12:22:16 -0500 | [diff] [blame] | 1987 | self.assertRaises(TypeError, p12.set_privatekey, 3) |
Rick Dean | f94096c | 2009-07-18 14:23:06 -0500 | [diff] [blame] | 1988 | self.assertRaises(TypeError, p12.set_privatekey, 'legbone') |
| 1989 | self.assertRaises(TypeError, p12.set_privatekey, X509()) |
Rick Dean | 623ee36 | 2009-07-17 12:22:16 -0500 | [diff] [blame] | 1990 | self.assertRaises(TypeError, p12.set_ca_certificates, 3) |
| 1991 | self.assertRaises(TypeError, p12.set_ca_certificates, X509()) |
| 1992 | self.assertRaises(TypeError, p12.set_ca_certificates, (3, 4)) |
Alex Gaynor | 7f63649 | 2015-09-04 13:26:52 -0400 | [diff] [blame] | 1993 | self.assertRaises(TypeError, p12.set_ca_certificates, (PKey(),)) |
Rick Dean | 42d69e1 | 2009-07-20 11:36:08 -0500 | [diff] [blame] | 1994 | self.assertRaises(TypeError, p12.set_friendlyname, 6) |
| 1995 | self.assertRaises(TypeError, p12.set_friendlyname, ('foo', 'bar')) |
Rick Dean | 623ee36 | 2009-07-17 12:22:16 -0500 | [diff] [blame] | 1996 | |
| 1997 | def test_key_only(self): |
| 1998 | """ |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 1999 | A :py:obj:`PKCS12` with only a private key can be exported using |
| 2000 | :py:obj:`PKCS12.export` and loaded again using :py:obj:`load_pkcs12`. |
Rick Dean | 623ee36 | 2009-07-17 12:22:16 -0500 | [diff] [blame] | 2001 | """ |
Jean-Paul Calderone | 4f0467a | 2014-01-11 11:58:41 -0500 | [diff] [blame] | 2002 | passwd = b"blah" |
Rick Dean | 623ee36 | 2009-07-17 12:22:16 -0500 | [diff] [blame] | 2003 | p12 = PKCS12() |
Jean-Paul Calderone | a202edb | 2009-07-25 12:22:12 -0400 | [diff] [blame] | 2004 | pkey = load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM) |
Jean-Paul Calderone | 7426ed8 | 2009-07-25 21:19:23 -0400 | [diff] [blame] | 2005 | p12.set_privatekey(pkey) |
Rick Dean | 623ee36 | 2009-07-17 12:22:16 -0500 | [diff] [blame] | 2006 | self.assertEqual(None, p12.get_certificate()) |
| 2007 | self.assertEqual(pkey, p12.get_privatekey()) |
Rick Dean | 321a051 | 2009-08-13 17:21:29 -0500 | [diff] [blame] | 2008 | try: |
| 2009 | dumped_p12 = p12.export(passphrase=passwd, iter=2, maciter=3) |
| 2010 | except Error: |
| 2011 | # Some versions of OpenSSL will throw an exception |
| 2012 | # for this nearly useless PKCS12 we tried to generate: |
| 2013 | # [('PKCS12 routines', 'PKCS12_create', 'invalid null argument')] |
| 2014 | return |
Rick Dean | 623ee36 | 2009-07-17 12:22:16 -0500 | [diff] [blame] | 2015 | p12 = load_pkcs12(dumped_p12, passwd) |
| 2016 | self.assertEqual(None, p12.get_ca_certificates()) |
| 2017 | self.assertEqual(None, p12.get_certificate()) |
Jean-Paul Calderone | 7426ed8 | 2009-07-25 21:19:23 -0400 | [diff] [blame] | 2018 | |
| 2019 | # OpenSSL fails to bring the key back to us. So sad. Perhaps in the |
| 2020 | # future this will be improved. |
| 2021 | self.assertTrue(isinstance(p12.get_privatekey(), (PKey, type(None)))) |
Rick Dean | 623ee36 | 2009-07-17 12:22:16 -0500 | [diff] [blame] | 2022 | |
| 2023 | def test_cert_only(self): |
| 2024 | """ |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 2025 | A :py:obj:`PKCS12` with only a certificate can be exported using |
| 2026 | :py:obj:`PKCS12.export` and loaded again using :py:obj:`load_pkcs12`. |
Rick Dean | 623ee36 | 2009-07-17 12:22:16 -0500 | [diff] [blame] | 2027 | """ |
Jean-Paul Calderone | 4f0467a | 2014-01-11 11:58:41 -0500 | [diff] [blame] | 2028 | passwd = b"blah" |
Rick Dean | 623ee36 | 2009-07-17 12:22:16 -0500 | [diff] [blame] | 2029 | p12 = PKCS12() |
Jean-Paul Calderone | a202edb | 2009-07-25 12:22:12 -0400 | [diff] [blame] | 2030 | cert = load_certificate(FILETYPE_PEM, cleartextCertificatePEM) |
Jean-Paul Calderone | 7426ed8 | 2009-07-25 21:19:23 -0400 | [diff] [blame] | 2031 | p12.set_certificate(cert) |
Rick Dean | 623ee36 | 2009-07-17 12:22:16 -0500 | [diff] [blame] | 2032 | self.assertEqual(cert, p12.get_certificate()) |
| 2033 | self.assertEqual(None, p12.get_privatekey()) |
Rick Dean | 321a051 | 2009-08-13 17:21:29 -0500 | [diff] [blame] | 2034 | try: |
| 2035 | dumped_p12 = p12.export(passphrase=passwd, iter=2, maciter=3) |
| 2036 | except Error: |
| 2037 | # Some versions of OpenSSL will throw an exception |
| 2038 | # for this nearly useless PKCS12 we tried to generate: |
| 2039 | # [('PKCS12 routines', 'PKCS12_create', 'invalid null argument')] |
| 2040 | return |
Rick Dean | 623ee36 | 2009-07-17 12:22:16 -0500 | [diff] [blame] | 2041 | p12 = load_pkcs12(dumped_p12, passwd) |
| 2042 | self.assertEqual(None, p12.get_privatekey()) |
Jean-Paul Calderone | 7426ed8 | 2009-07-25 21:19:23 -0400 | [diff] [blame] | 2043 | |
| 2044 | # OpenSSL fails to bring the cert back to us. Groany mcgroan. |
| 2045 | self.assertTrue(isinstance(p12.get_certificate(), (X509, type(None)))) |
| 2046 | |
| 2047 | # Oh ho. It puts the certificate into the ca certificates list, in |
| 2048 | # fact. Totally bogus, I would think. Nevertheless, let's exploit |
| 2049 | # that to check to see if it reconstructed the certificate we expected |
| 2050 | # it to. At some point, hopefully this will change so that |
| 2051 | # p12.get_certificate() is actually what returns the loaded |
| 2052 | # certificate. |
| 2053 | self.assertEqual( |
| 2054 | cleartextCertificatePEM, |
| 2055 | dump_certificate(FILETYPE_PEM, p12.get_ca_certificates()[0])) |
Rick Dean | 623ee36 | 2009-07-17 12:22:16 -0500 | [diff] [blame] | 2056 | |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 2057 | def gen_pkcs12(self, cert_pem=None, key_pem=None, ca_pem=None, |
| 2058 | friendly_name=None): |
Rick Dean | 623ee36 | 2009-07-17 12:22:16 -0500 | [diff] [blame] | 2059 | """ |
Jean-Paul Calderone | 7426ed8 | 2009-07-25 21:19:23 -0400 | [diff] [blame] | 2060 | Generate a PKCS12 object with components from PEM. Verify that the set |
| 2061 | functions return None. |
Rick Dean | 623ee36 | 2009-07-17 12:22:16 -0500 | [diff] [blame] | 2062 | """ |
Rick Dean | f94096c | 2009-07-18 14:23:06 -0500 | [diff] [blame] | 2063 | p12 = PKCS12() |
| 2064 | if cert_pem: |
| 2065 | ret = p12.set_certificate(load_certificate(FILETYPE_PEM, cert_pem)) |
| 2066 | self.assertEqual(ret, None) |
| 2067 | if key_pem: |
Jean-Paul Calderone | 7426ed8 | 2009-07-25 21:19:23 -0400 | [diff] [blame] | 2068 | ret = p12.set_privatekey(load_privatekey(FILETYPE_PEM, key_pem)) |
Rick Dean | f94096c | 2009-07-18 14:23:06 -0500 | [diff] [blame] | 2069 | self.assertEqual(ret, None) |
| 2070 | if ca_pem: |
Alex Gaynor | 85b4970 | 2015-09-05 16:30:59 -0400 | [diff] [blame] | 2071 | ret = p12.set_ca_certificates( |
| 2072 | (load_certificate(FILETYPE_PEM, ca_pem),) |
| 2073 | ) |
Rick Dean | f94096c | 2009-07-18 14:23:06 -0500 | [diff] [blame] | 2074 | self.assertEqual(ret, None) |
Jean-Paul Calderone | 7426ed8 | 2009-07-25 21:19:23 -0400 | [diff] [blame] | 2075 | if friendly_name: |
| 2076 | ret = p12.set_friendlyname(friendly_name) |
Rick Dean | 42d69e1 | 2009-07-20 11:36:08 -0500 | [diff] [blame] | 2077 | self.assertEqual(ret, None) |
Rick Dean | f94096c | 2009-07-18 14:23:06 -0500 | [diff] [blame] | 2078 | return p12 |
| 2079 | |
Jean-Paul Calderone | 4f0467a | 2014-01-11 11:58:41 -0500 | [diff] [blame] | 2080 | def check_recovery(self, p12_str, key=None, cert=None, ca=None, passwd=b"", |
Jean-Paul Calderone | 7426ed8 | 2009-07-25 21:19:23 -0400 | [diff] [blame] | 2081 | extra=()): |
Rick Dean | f94096c | 2009-07-18 14:23:06 -0500 | [diff] [blame] | 2082 | """ |
Jean-Paul Calderone | 7426ed8 | 2009-07-25 21:19:23 -0400 | [diff] [blame] | 2083 | Use openssl program to confirm three components are recoverable from a |
| 2084 | PKCS12 string. |
Rick Dean | f94096c | 2009-07-18 14:23:06 -0500 | [diff] [blame] | 2085 | """ |
| 2086 | if key: |
Jean-Paul Calderone | 7426ed8 | 2009-07-25 21:19:23 -0400 | [diff] [blame] | 2087 | recovered_key = _runopenssl( |
Jean-Paul Calderone | 4f0467a | 2014-01-11 11:58:41 -0500 | [diff] [blame] | 2088 | p12_str, b"pkcs12", b"-nocerts", b"-nodes", b"-passin", |
| 2089 | b"pass:" + passwd, *extra) |
Rick Dean | f94096c | 2009-07-18 14:23:06 -0500 | [diff] [blame] | 2090 | self.assertEqual(recovered_key[-len(key):], key) |
| 2091 | if cert: |
Jean-Paul Calderone | 7426ed8 | 2009-07-25 21:19:23 -0400 | [diff] [blame] | 2092 | recovered_cert = _runopenssl( |
Jean-Paul Calderone | 4f0467a | 2014-01-11 11:58:41 -0500 | [diff] [blame] | 2093 | p12_str, b"pkcs12", b"-clcerts", b"-nodes", b"-passin", |
| 2094 | b"pass:" + passwd, b"-nokeys", *extra) |
Rick Dean | f94096c | 2009-07-18 14:23:06 -0500 | [diff] [blame] | 2095 | self.assertEqual(recovered_cert[-len(cert):], cert) |
| 2096 | if ca: |
Jean-Paul Calderone | 7426ed8 | 2009-07-25 21:19:23 -0400 | [diff] [blame] | 2097 | recovered_cert = _runopenssl( |
Jean-Paul Calderone | 4f0467a | 2014-01-11 11:58:41 -0500 | [diff] [blame] | 2098 | p12_str, b"pkcs12", b"-cacerts", b"-nodes", b"-passin", |
| 2099 | b"pass:" + passwd, b"-nokeys", *extra) |
Rick Dean | f94096c | 2009-07-18 14:23:06 -0500 | [diff] [blame] | 2100 | self.assertEqual(recovered_cert[-len(ca):], ca) |
| 2101 | |
Stephen Holsapple | 3848262 | 2014-04-05 20:29:34 -0700 | [diff] [blame] | 2102 | def verify_pkcs12_container(self, p12): |
| 2103 | """ |
| 2104 | Verify that the PKCS#12 container contains the correct client |
| 2105 | certificate and private key. |
Jean-Paul Calderone | f0ff13b | 2014-05-05 12:48:33 -0400 | [diff] [blame] | 2106 | |
| 2107 | :param p12: The PKCS12 instance to verify. |
| 2108 | :type p12: :py:class:`PKCS12` |
Stephen Holsapple | 3848262 | 2014-04-05 20:29:34 -0700 | [diff] [blame] | 2109 | """ |
| 2110 | cert_pem = dump_certificate(FILETYPE_PEM, p12.get_certificate()) |
| 2111 | key_pem = dump_privatekey(FILETYPE_PEM, p12.get_privatekey()) |
Jean-Paul Calderone | f0ff13b | 2014-05-05 12:48:33 -0400 | [diff] [blame] | 2112 | self.assertEqual( |
| 2113 | (client_cert_pem, client_key_pem, None), |
| 2114 | (cert_pem, key_pem, p12.get_ca_certificates())) |
Stephen Holsapple | 3848262 | 2014-04-05 20:29:34 -0700 | [diff] [blame] | 2115 | |
Rick Dean | f94096c | 2009-07-18 14:23:06 -0500 | [diff] [blame] | 2116 | def test_load_pkcs12(self): |
| 2117 | """ |
Jean-Paul Calderone | 7426ed8 | 2009-07-25 21:19:23 -0400 | [diff] [blame] | 2118 | A PKCS12 string generated using the openssl command line can be loaded |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 2119 | with :py:obj:`load_pkcs12` and its components extracted and examined. |
Rick Dean | f94096c | 2009-07-18 14:23:06 -0500 | [diff] [blame] | 2120 | """ |
Jean-Paul Calderone | 4f0467a | 2014-01-11 11:58:41 -0500 | [diff] [blame] | 2121 | passwd = b"whatever" |
Rick Dean | 623ee36 | 2009-07-17 12:22:16 -0500 | [diff] [blame] | 2122 | pem = client_key_pem + client_cert_pem |
Jean-Paul Calderone | 7426ed8 | 2009-07-25 21:19:23 -0400 | [diff] [blame] | 2123 | p12_str = _runopenssl( |
Alex Gaynor | 85b4970 | 2015-09-05 16:30:59 -0400 | [diff] [blame] | 2124 | pem, |
| 2125 | b"pkcs12", |
| 2126 | b"-export", |
| 2127 | b"-clcerts", |
| 2128 | b"-passout", |
| 2129 | b"pass:" + passwd |
| 2130 | ) |
Stephen Holsapple | 3848262 | 2014-04-05 20:29:34 -0700 | [diff] [blame] | 2131 | p12 = load_pkcs12(p12_str, passphrase=passwd) |
| 2132 | self.verify_pkcs12_container(p12) |
| 2133 | |
Abraham Martin | c5484ba | 2015-03-25 15:33:05 +0000 | [diff] [blame] | 2134 | def test_load_pkcs12_text_passphrase(self): |
| 2135 | """ |
| 2136 | A PKCS12 string generated using the openssl command line can be loaded |
| 2137 | with :py:obj:`load_pkcs12` and its components extracted and examined. |
| 2138 | Using text as passphrase instead of bytes. DeprecationWarning expected. |
| 2139 | """ |
| 2140 | pem = client_key_pem + client_cert_pem |
| 2141 | passwd = b"whatever" |
| 2142 | p12_str = _runopenssl(pem, b"pkcs12", b"-export", b"-clcerts", |
| 2143 | b"-passout", b"pass:" + passwd) |
| 2144 | with catch_warnings(record=True) as w: |
| 2145 | simplefilter("always") |
Jean-Paul Calderone | 13a0e65 | 2015-03-29 07:58:51 -0400 | [diff] [blame] | 2146 | p12 = load_pkcs12(p12_str, passphrase=b"whatever".decode("ascii")) |
Jean-Paul Calderone | 6462b07 | 2015-03-29 07:03:11 -0400 | [diff] [blame] | 2147 | |
| 2148 | self.assertEqual( |
Jean-Paul Calderone | 13a0e65 | 2015-03-29 07:58:51 -0400 | [diff] [blame] | 2149 | "{0} for passphrase is no longer accepted, use bytes".format( |
Jean-Paul Calderone | 6462b07 | 2015-03-29 07:03:11 -0400 | [diff] [blame] | 2150 | WARNING_TYPE_EXPECTED |
| 2151 | ), |
| 2152 | str(w[-1].message) |
| 2153 | ) |
| 2154 | self.assertIs(w[-1].category, DeprecationWarning) |
| 2155 | |
Abraham Martin | c5484ba | 2015-03-25 15:33:05 +0000 | [diff] [blame] | 2156 | self.verify_pkcs12_container(p12) |
| 2157 | |
Stephen Holsapple | 3848262 | 2014-04-05 20:29:34 -0700 | [diff] [blame] | 2158 | def test_load_pkcs12_no_passphrase(self): |
| 2159 | """ |
Jean-Paul Calderone | f0ff13b | 2014-05-05 12:48:33 -0400 | [diff] [blame] | 2160 | A PKCS12 string generated using openssl command line can be loaded with |
| 2161 | :py:obj:`load_pkcs12` without a passphrase and its components extracted |
| 2162 | and examined. |
Stephen Holsapple | 3848262 | 2014-04-05 20:29:34 -0700 | [diff] [blame] | 2163 | """ |
| 2164 | pem = client_key_pem + client_cert_pem |
| 2165 | p12_str = _runopenssl( |
| 2166 | pem, b"pkcs12", b"-export", b"-clcerts", b"-passout", b"pass:") |
| 2167 | p12 = load_pkcs12(p12_str) |
| 2168 | self.verify_pkcs12_container(p12) |
| 2169 | |
Stephen Holsapple | 3848262 | 2014-04-05 20:29:34 -0700 | [diff] [blame] | 2170 | def _dump_and_load(self, dump_passphrase, load_passphrase): |
| 2171 | """ |
| 2172 | A helper method to dump and load a PKCS12 object. |
| 2173 | """ |
| 2174 | p12 = self.gen_pkcs12(client_cert_pem, client_key_pem) |
| 2175 | dumped_p12 = p12.export(passphrase=dump_passphrase, iter=2, maciter=3) |
| 2176 | return load_pkcs12(dumped_p12, passphrase=load_passphrase) |
| 2177 | |
Stephen Holsapple | 3848262 | 2014-04-05 20:29:34 -0700 | [diff] [blame] | 2178 | def test_load_pkcs12_null_passphrase_load_empty(self): |
| 2179 | """ |
| 2180 | A PKCS12 string can be dumped with a null passphrase, loaded with an |
Jean-Paul Calderone | f0ff13b | 2014-05-05 12:48:33 -0400 | [diff] [blame] | 2181 | empty passphrase with :py:obj:`load_pkcs12`, and its components |
Stephen Holsapple | 3848262 | 2014-04-05 20:29:34 -0700 | [diff] [blame] | 2182 | extracted and examined. |
| 2183 | """ |
Jean-Paul Calderone | f0ff13b | 2014-05-05 12:48:33 -0400 | [diff] [blame] | 2184 | self.verify_pkcs12_container( |
| 2185 | self._dump_and_load(dump_passphrase=None, load_passphrase=b'')) |
Stephen Holsapple | 3848262 | 2014-04-05 20:29:34 -0700 | [diff] [blame] | 2186 | |
Stephen Holsapple | 3848262 | 2014-04-05 20:29:34 -0700 | [diff] [blame] | 2187 | def test_load_pkcs12_null_passphrase_load_null(self): |
| 2188 | """ |
| 2189 | A PKCS12 string can be dumped with a null passphrase, loaded with a |
Jean-Paul Calderone | f0ff13b | 2014-05-05 12:48:33 -0400 | [diff] [blame] | 2190 | null passphrase with :py:obj:`load_pkcs12`, and its components |
Stephen Holsapple | 3848262 | 2014-04-05 20:29:34 -0700 | [diff] [blame] | 2191 | extracted and examined. |
| 2192 | """ |
Jean-Paul Calderone | f0ff13b | 2014-05-05 12:48:33 -0400 | [diff] [blame] | 2193 | self.verify_pkcs12_container( |
| 2194 | self._dump_and_load(dump_passphrase=None, load_passphrase=None)) |
Stephen Holsapple | 3848262 | 2014-04-05 20:29:34 -0700 | [diff] [blame] | 2195 | |
Stephen Holsapple | 3848262 | 2014-04-05 20:29:34 -0700 | [diff] [blame] | 2196 | def test_load_pkcs12_empty_passphrase_load_empty(self): |
| 2197 | """ |
| 2198 | A PKCS12 string can be dumped with an empty passphrase, loaded with an |
Jean-Paul Calderone | f0ff13b | 2014-05-05 12:48:33 -0400 | [diff] [blame] | 2199 | empty passphrase with :py:obj:`load_pkcs12`, and its components |
Stephen Holsapple | 3848262 | 2014-04-05 20:29:34 -0700 | [diff] [blame] | 2200 | extracted and examined. |
| 2201 | """ |
Jean-Paul Calderone | f0ff13b | 2014-05-05 12:48:33 -0400 | [diff] [blame] | 2202 | self.verify_pkcs12_container( |
| 2203 | self._dump_and_load(dump_passphrase=b'', load_passphrase=b'')) |
Stephen Holsapple | 3848262 | 2014-04-05 20:29:34 -0700 | [diff] [blame] | 2204 | |
Stephen Holsapple | 3848262 | 2014-04-05 20:29:34 -0700 | [diff] [blame] | 2205 | def test_load_pkcs12_empty_passphrase_load_null(self): |
| 2206 | """ |
| 2207 | A PKCS12 string can be dumped with an empty passphrase, loaded with a |
Jean-Paul Calderone | f0ff13b | 2014-05-05 12:48:33 -0400 | [diff] [blame] | 2208 | null passphrase with :py:obj:`load_pkcs12`, and its components |
Stephen Holsapple | 3848262 | 2014-04-05 20:29:34 -0700 | [diff] [blame] | 2209 | extracted and examined. |
| 2210 | """ |
Jean-Paul Calderone | f0ff13b | 2014-05-05 12:48:33 -0400 | [diff] [blame] | 2211 | self.verify_pkcs12_container( |
| 2212 | self._dump_and_load(dump_passphrase=b'', load_passphrase=None)) |
Rick Dean | f94096c | 2009-07-18 14:23:06 -0500 | [diff] [blame] | 2213 | |
Rick Dean | ee56830 | 2009-07-24 09:56:29 -0500 | [diff] [blame] | 2214 | def test_load_pkcs12_garbage(self): |
| 2215 | """ |
Alex Gaynor | 85b4970 | 2015-09-05 16:30:59 -0400 | [diff] [blame] | 2216 | :py:obj:`load_pkcs12` raises :py:obj:`OpenSSL.crypto.Error` when passed |
| 2217 | a string which is not a PKCS12 dump. |
Rick Dean | ee56830 | 2009-07-24 09:56:29 -0500 | [diff] [blame] | 2218 | """ |
| 2219 | passwd = 'whatever' |
Jean-Paul Calderone | 4f0467a | 2014-01-11 11:58:41 -0500 | [diff] [blame] | 2220 | e = self.assertRaises(Error, load_pkcs12, b'fruit loops', passwd) |
Alex Gaynor | 7f63649 | 2015-09-04 13:26:52 -0400 | [diff] [blame] | 2221 | self.assertEqual(e.args[0][0][0], 'asn1 encoding routines') |
| 2222 | self.assertEqual(len(e.args[0][0]), 3) |
Rick Dean | ee56830 | 2009-07-24 09:56:29 -0500 | [diff] [blame] | 2223 | |
Rick Dean | f94096c | 2009-07-18 14:23:06 -0500 | [diff] [blame] | 2224 | def test_replace(self): |
| 2225 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 2226 | :py:obj:`PKCS12.set_certificate` replaces the certificate in a PKCS12 |
| 2227 | cluster. :py:obj:`PKCS12.set_privatekey` replaces the private key. |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 2228 | :py:obj:`PKCS12.set_ca_certificates` replaces the CA certificates. |
Rick Dean | f94096c | 2009-07-18 14:23:06 -0500 | [diff] [blame] | 2229 | """ |
Jean-Paul Calderone | 7426ed8 | 2009-07-25 21:19:23 -0400 | [diff] [blame] | 2230 | p12 = self.gen_pkcs12(client_cert_pem, client_key_pem, root_cert_pem) |
| 2231 | p12.set_certificate(load_certificate(FILETYPE_PEM, server_cert_pem)) |
| 2232 | p12.set_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem)) |
Jean-Paul Calderone | a202edb | 2009-07-25 12:22:12 -0400 | [diff] [blame] | 2233 | root_cert = load_certificate(FILETYPE_PEM, root_cert_pem) |
Rick Dean | f94096c | 2009-07-18 14:23:06 -0500 | [diff] [blame] | 2234 | client_cert = load_certificate(FILETYPE_PEM, client_cert_pem) |
Alex Gaynor | aceb3e2 | 2015-09-05 12:00:22 -0400 | [diff] [blame] | 2235 | p12.set_ca_certificates([root_cert]) # not a tuple |
Rick Dean | 623ee36 | 2009-07-17 12:22:16 -0500 | [diff] [blame] | 2236 | self.assertEqual(1, len(p12.get_ca_certificates())) |
| 2237 | self.assertEqual(root_cert, p12.get_ca_certificates()[0]) |
Jean-Paul Calderone | 7426ed8 | 2009-07-25 21:19:23 -0400 | [diff] [blame] | 2238 | p12.set_ca_certificates([client_cert, root_cert]) |
Rick Dean | f94096c | 2009-07-18 14:23:06 -0500 | [diff] [blame] | 2239 | self.assertEqual(2, len(p12.get_ca_certificates())) |
| 2240 | self.assertEqual(client_cert, p12.get_ca_certificates()[0]) |
| 2241 | self.assertEqual(root_cert, p12.get_ca_certificates()[1]) |
| 2242 | |
Rick Dean | f94096c | 2009-07-18 14:23:06 -0500 | [diff] [blame] | 2243 | def test_friendly_name(self): |
| 2244 | """ |
Jean-Paul Calderone | 64efa2c | 2011-09-11 10:00:09 -0400 | [diff] [blame] | 2245 | The *friendlyName* of a PKCS12 can be set and retrieved via |
Alex Gaynor | 85b4970 | 2015-09-05 16:30:59 -0400 | [diff] [blame] | 2246 | :py:obj:`PKCS12.get_friendlyname` and |
| 2247 | :py:obj:`PKCS12_set_friendlyname`, and a :py:obj:`PKCS12` with a |
| 2248 | friendly name set can be dumped with :py:obj:`PKCS12.export`. |
Rick Dean | f94096c | 2009-07-18 14:23:06 -0500 | [diff] [blame] | 2249 | """ |
Jean-Paul Calderone | 4f0467a | 2014-01-11 11:58:41 -0500 | [diff] [blame] | 2250 | passwd = b'Dogmeat[]{}!@#$%^&*()~`?/.,<>-_+=";:' |
Jean-Paul Calderone | 7426ed8 | 2009-07-25 21:19:23 -0400 | [diff] [blame] | 2251 | p12 = self.gen_pkcs12(server_cert_pem, server_key_pem, root_cert_pem) |
Jean-Paul Calderone | add7bf0 | 2010-08-22 17:38:30 -0400 | [diff] [blame] | 2252 | for friendly_name in [b('Serverlicious'), None, b('###')]: |
Rick Dean | 42d69e1 | 2009-07-20 11:36:08 -0500 | [diff] [blame] | 2253 | p12.set_friendlyname(friendly_name) |
| 2254 | self.assertEqual(p12.get_friendlyname(), friendly_name) |
Jean-Paul Calderone | a202edb | 2009-07-25 12:22:12 -0400 | [diff] [blame] | 2255 | dumped_p12 = p12.export(passphrase=passwd, iter=2, maciter=3) |
Rick Dean | 42d69e1 | 2009-07-20 11:36:08 -0500 | [diff] [blame] | 2256 | reloaded_p12 = load_pkcs12(dumped_p12, passwd) |
Jean-Paul Calderone | 7426ed8 | 2009-07-25 21:19:23 -0400 | [diff] [blame] | 2257 | self.assertEqual( |
Jean-Paul Calderone | 9da338d | 2011-05-04 11:40:54 -0400 | [diff] [blame] | 2258 | p12.get_friendlyname(), reloaded_p12.get_friendlyname()) |
Jean-Paul Calderone | a202edb | 2009-07-25 12:22:12 -0400 | [diff] [blame] | 2259 | # We would use the openssl program to confirm the friendly |
| 2260 | # name, but it is not possible. The pkcs12 command |
| 2261 | # does not store the friendly name in the cert's |
Rick Dean | 42d69e1 | 2009-07-20 11:36:08 -0500 | [diff] [blame] | 2262 | # alias, which we could then extract. |
Jean-Paul Calderone | 7426ed8 | 2009-07-25 21:19:23 -0400 | [diff] [blame] | 2263 | self.check_recovery( |
| 2264 | dumped_p12, key=server_key_pem, cert=server_cert_pem, |
| 2265 | ca=root_cert_pem, passwd=passwd) |
Rick Dean | f94096c | 2009-07-18 14:23:06 -0500 | [diff] [blame] | 2266 | |
Rick Dean | f94096c | 2009-07-18 14:23:06 -0500 | [diff] [blame] | 2267 | def test_various_empty_passphrases(self): |
| 2268 | """ |
Jean-Paul Calderone | 7426ed8 | 2009-07-25 21:19:23 -0400 | [diff] [blame] | 2269 | Test that missing, None, and '' passphrases are identical for PKCS12 |
| 2270 | export. |
Rick Dean | f94096c | 2009-07-18 14:23:06 -0500 | [diff] [blame] | 2271 | """ |
Jean-Paul Calderone | 7426ed8 | 2009-07-25 21:19:23 -0400 | [diff] [blame] | 2272 | p12 = self.gen_pkcs12(client_cert_pem, client_key_pem, root_cert_pem) |
Jean-Paul Calderone | 4f0467a | 2014-01-11 11:58:41 -0500 | [diff] [blame] | 2273 | passwd = b"" |
Jean-Paul Calderone | 7426ed8 | 2009-07-25 21:19:23 -0400 | [diff] [blame] | 2274 | dumped_p12_empty = p12.export(iter=2, maciter=0, passphrase=passwd) |
| 2275 | dumped_p12_none = p12.export(iter=3, maciter=2, passphrase=None) |
| 2276 | dumped_p12_nopw = p12.export(iter=9, maciter=4) |
| 2277 | for dumped_p12 in [dumped_p12_empty, dumped_p12_none, dumped_p12_nopw]: |
| 2278 | self.check_recovery( |
| 2279 | dumped_p12, key=client_key_pem, cert=client_cert_pem, |
| 2280 | ca=root_cert_pem, passwd=passwd) |
Rick Dean | f94096c | 2009-07-18 14:23:06 -0500 | [diff] [blame] | 2281 | |
Rick Dean | f94096c | 2009-07-18 14:23:06 -0500 | [diff] [blame] | 2282 | def test_removing_ca_cert(self): |
| 2283 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 2284 | Passing :py:obj:`None` to :py:obj:`PKCS12.set_ca_certificates` removes |
| 2285 | all CA certificates. |
Rick Dean | f94096c | 2009-07-18 14:23:06 -0500 | [diff] [blame] | 2286 | """ |
Jean-Paul Calderone | 7426ed8 | 2009-07-25 21:19:23 -0400 | [diff] [blame] | 2287 | p12 = self.gen_pkcs12(server_cert_pem, server_key_pem, root_cert_pem) |
| 2288 | p12.set_ca_certificates(None) |
Rick Dean | 623ee36 | 2009-07-17 12:22:16 -0500 | [diff] [blame] | 2289 | self.assertEqual(None, p12.get_ca_certificates()) |
Rick Dean | f94096c | 2009-07-18 14:23:06 -0500 | [diff] [blame] | 2290 | |
Rick Dean | f94096c | 2009-07-18 14:23:06 -0500 | [diff] [blame] | 2291 | def test_export_without_mac(self): |
| 2292 | """ |
Jean-Paul Calderone | 64efa2c | 2011-09-11 10:00:09 -0400 | [diff] [blame] | 2293 | Exporting a PKCS12 with a :py:obj:`maciter` of ``-1`` excludes the MAC |
Jean-Paul Calderone | 7426ed8 | 2009-07-25 21:19:23 -0400 | [diff] [blame] | 2294 | entirely. |
Rick Dean | f94096c | 2009-07-18 14:23:06 -0500 | [diff] [blame] | 2295 | """ |
Jean-Paul Calderone | 4f0467a | 2014-01-11 11:58:41 -0500 | [diff] [blame] | 2296 | passwd = b"Lake Michigan" |
Jean-Paul Calderone | 7426ed8 | 2009-07-25 21:19:23 -0400 | [diff] [blame] | 2297 | p12 = self.gen_pkcs12(server_cert_pem, server_key_pem, root_cert_pem) |
Rick Dean | 623ee36 | 2009-07-17 12:22:16 -0500 | [diff] [blame] | 2298 | dumped_p12 = p12.export(maciter=-1, passphrase=passwd, iter=2) |
Jean-Paul Calderone | 7426ed8 | 2009-07-25 21:19:23 -0400 | [diff] [blame] | 2299 | self.check_recovery( |
| 2300 | dumped_p12, key=server_key_pem, cert=server_cert_pem, |
Jean-Paul Calderone | 4f0467a | 2014-01-11 11:58:41 -0500 | [diff] [blame] | 2301 | passwd=passwd, extra=(b"-nomacver",)) |
Jean-Paul Calderone | 7426ed8 | 2009-07-25 21:19:23 -0400 | [diff] [blame] | 2302 | |
Jean-Paul Calderone | 7426ed8 | 2009-07-25 21:19:23 -0400 | [diff] [blame] | 2303 | def test_load_without_mac(self): |
| 2304 | """ |
| 2305 | Loading a PKCS12 without a MAC does something other than crash. |
| 2306 | """ |
Jean-Paul Calderone | 4f0467a | 2014-01-11 11:58:41 -0500 | [diff] [blame] | 2307 | passwd = b"Lake Michigan" |
Jean-Paul Calderone | 7426ed8 | 2009-07-25 21:19:23 -0400 | [diff] [blame] | 2308 | p12 = self.gen_pkcs12(server_cert_pem, server_key_pem, root_cert_pem) |
| 2309 | dumped_p12 = p12.export(maciter=-1, passphrase=passwd, iter=2) |
Rick Dean | 321a051 | 2009-08-13 17:21:29 -0500 | [diff] [blame] | 2310 | try: |
| 2311 | recovered_p12 = load_pkcs12(dumped_p12, passwd) |
| 2312 | # The person who generated this PCKS12 should be flogged, |
| 2313 | # or better yet we should have a means to determine |
| 2314 | # whether a PCKS12 had a MAC that was verified. |
| 2315 | # Anyway, libopenssl chooses to allow it, so the |
| 2316 | # pyopenssl binding does as well. |
| 2317 | self.assertTrue(isinstance(recovered_p12, PKCS12)) |
| 2318 | except Error: |
| 2319 | # Failing here with an exception is preferred as some openssl |
| 2320 | # versions do. |
| 2321 | pass |
Rick Dean | 623ee36 | 2009-07-17 12:22:16 -0500 | [diff] [blame] | 2322 | |
Rick Dean | 25bcc1f | 2009-07-20 11:53:13 -0500 | [diff] [blame] | 2323 | def test_zero_len_list_for_ca(self): |
| 2324 | """ |
Jean-Paul Calderone | da1ffa7 | 2009-07-25 21:24:34 -0400 | [diff] [blame] | 2325 | A PKCS12 with an empty CA certificates list can be exported. |
Rick Dean | 25bcc1f | 2009-07-20 11:53:13 -0500 | [diff] [blame] | 2326 | """ |
Alex Gaynor | 6575bd1 | 2015-09-05 16:44:36 -0400 | [diff] [blame] | 2327 | passwd = b'Hobie 18' |
Jean-Paul Calderone | da1ffa7 | 2009-07-25 21:24:34 -0400 | [diff] [blame] | 2328 | p12 = self.gen_pkcs12(server_cert_pem, server_key_pem) |
Alex Gaynor | 85b4970 | 2015-09-05 16:30:59 -0400 | [diff] [blame] | 2329 | p12.set_ca_certificates([]) |
| 2330 | self.assertEqual((), p12.get_ca_certificates()) |
| 2331 | dumped_p12 = p12.export(passphrase=passwd, iter=3) |
| 2332 | self.check_recovery( |
| 2333 | dumped_p12, key=server_key_pem, cert=server_cert_pem, |
| 2334 | passwd=passwd) |
Rick Dean | 25bcc1f | 2009-07-20 11:53:13 -0500 | [diff] [blame] | 2335 | |
Rick Dean | f94096c | 2009-07-18 14:23:06 -0500 | [diff] [blame] | 2336 | def test_export_without_args(self): |
Jean-Paul Calderone | 38a646d | 2008-03-25 15:16:18 -0400 | [diff] [blame] | 2337 | """ |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 2338 | All the arguments to :py:obj:`PKCS12.export` are optional. |
Jean-Paul Calderone | 38a646d | 2008-03-25 15:16:18 -0400 | [diff] [blame] | 2339 | """ |
Jean-Paul Calderone | da1ffa7 | 2009-07-25 21:24:34 -0400 | [diff] [blame] | 2340 | p12 = self.gen_pkcs12(server_cert_pem, server_key_pem, root_cert_pem) |
Rick Dean | f94096c | 2009-07-18 14:23:06 -0500 | [diff] [blame] | 2341 | dumped_p12 = p12.export() # no args |
Jean-Paul Calderone | da1ffa7 | 2009-07-25 21:24:34 -0400 | [diff] [blame] | 2342 | self.check_recovery( |
Jean-Paul Calderone | 4f0467a | 2014-01-11 11:58:41 -0500 | [diff] [blame] | 2343 | dumped_p12, key=server_key_pem, cert=server_cert_pem, passwd=b"") |
Rick Dean | f94096c | 2009-07-18 14:23:06 -0500 | [diff] [blame] | 2344 | |
Abraham Martin | c5484ba | 2015-03-25 15:33:05 +0000 | [diff] [blame] | 2345 | def test_export_without_bytes(self): |
| 2346 | """ |
| 2347 | Test :py:obj:`PKCS12.export` with text not bytes as passphrase |
| 2348 | """ |
| 2349 | p12 = self.gen_pkcs12(server_cert_pem, server_key_pem, root_cert_pem) |
| 2350 | |
| 2351 | with catch_warnings(record=True) as w: |
| 2352 | simplefilter("always") |
Jean-Paul Calderone | 13a0e65 | 2015-03-29 07:58:51 -0400 | [diff] [blame] | 2353 | dumped_p12 = p12.export(passphrase=b"randomtext".decode("ascii")) |
Jean-Paul Calderone | 6462b07 | 2015-03-29 07:03:11 -0400 | [diff] [blame] | 2354 | self.assertEqual( |
Jean-Paul Calderone | 13a0e65 | 2015-03-29 07:58:51 -0400 | [diff] [blame] | 2355 | "{0} for passphrase is no longer accepted, use bytes".format( |
Jean-Paul Calderone | 6462b07 | 2015-03-29 07:03:11 -0400 | [diff] [blame] | 2356 | WARNING_TYPE_EXPECTED |
| 2357 | ), |
| 2358 | str(w[-1].message) |
| 2359 | ) |
| 2360 | self.assertIs(w[-1].category, DeprecationWarning) |
Abraham Martin | c5484ba | 2015-03-25 15:33:05 +0000 | [diff] [blame] | 2361 | self.check_recovery( |
Alex Gaynor | 791212d | 2015-09-05 15:46:08 -0400 | [diff] [blame] | 2362 | dumped_p12, |
| 2363 | key=server_key_pem, |
| 2364 | cert=server_cert_pem, |
| 2365 | passwd=b"randomtext" |
| 2366 | ) |
Abraham Martin | c5484ba | 2015-03-25 15:33:05 +0000 | [diff] [blame] | 2367 | |
Rick Dean | f94096c | 2009-07-18 14:23:06 -0500 | [diff] [blame] | 2368 | def test_key_cert_mismatch(self): |
| 2369 | """ |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 2370 | :py:obj:`PKCS12.export` raises an exception when a key and certificate |
Jean-Paul Calderone | da1ffa7 | 2009-07-25 21:24:34 -0400 | [diff] [blame] | 2371 | mismatch. |
Rick Dean | f94096c | 2009-07-18 14:23:06 -0500 | [diff] [blame] | 2372 | """ |
Jean-Paul Calderone | da1ffa7 | 2009-07-25 21:24:34 -0400 | [diff] [blame] | 2373 | p12 = self.gen_pkcs12(server_cert_pem, client_key_pem, root_cert_pem) |
| 2374 | self.assertRaises(Error, p12.export) |
Jean-Paul Calderone | 828c9cb | 2008-04-26 18:06:54 -0400 | [diff] [blame] | 2375 | |
| 2376 | |
Jean-Paul Calderone | 7b874db | 2009-08-27 12:32:47 -0400 | [diff] [blame] | 2377 | # These quoting functions taken directly from Twisted's twisted.python.win32. |
Jean-Paul Calderone | 4f0467a | 2014-01-11 11:58:41 -0500 | [diff] [blame] | 2378 | _cmdLineQuoteRe = re.compile(br'(\\*)"') |
| 2379 | _cmdLineQuoteRe2 = re.compile(br'(\\+)\Z') |
Alex Gaynor | aceb3e2 | 2015-09-05 12:00:22 -0400 | [diff] [blame] | 2380 | |
| 2381 | |
Jean-Paul Calderone | 7b874db | 2009-08-27 12:32:47 -0400 | [diff] [blame] | 2382 | def cmdLineQuote(s): |
| 2383 | """ |
| 2384 | Internal method for quoting a single command-line argument. |
| 2385 | |
Jean-Paul Calderone | 64efa2c | 2011-09-11 10:00:09 -0400 | [diff] [blame] | 2386 | See http://www.perlmonks.org/?node_id=764004 |
| 2387 | |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 2388 | :type: :py:obj:`str` |
Jonathan Ballet | 78b92a2 | 2011-07-16 08:07:26 +0900 | [diff] [blame] | 2389 | :param s: A single unquoted string to quote for something that is expecting |
Jean-Paul Calderone | 7b874db | 2009-08-27 12:32:47 -0400 | [diff] [blame] | 2390 | cmd.exe-style quoting |
| 2391 | |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 2392 | :rtype: :py:obj:`str` |
Jonathan Ballet | 78b92a2 | 2011-07-16 08:07:26 +0900 | [diff] [blame] | 2393 | :return: A cmd.exe-style quoted string |
Jean-Paul Calderone | 7b874db | 2009-08-27 12:32:47 -0400 | [diff] [blame] | 2394 | """ |
Jean-Paul Calderone | 4f0467a | 2014-01-11 11:58:41 -0500 | [diff] [blame] | 2395 | s = _cmdLineQuoteRe2.sub(br"\1\1", _cmdLineQuoteRe.sub(br'\1\1\\"', s)) |
| 2396 | return b'"' + s + b'"' |
Jean-Paul Calderone | 7b874db | 2009-08-27 12:32:47 -0400 | [diff] [blame] | 2397 | |
| 2398 | |
Jean-Paul Calderone | 7b874db | 2009-08-27 12:32:47 -0400 | [diff] [blame] | 2399 | def quoteArguments(arguments): |
| 2400 | """ |
| 2401 | Quote an iterable of command-line arguments for passing to CreateProcess or |
Alex Gaynor | 791212d | 2015-09-05 15:46:08 -0400 | [diff] [blame] | 2402 | a similar API. This allows the list passed to |
| 2403 | :py:obj:`reactor.spawnProcess` to match the child process's |
| 2404 | :py:obj:`sys.argv` properly. |
Jean-Paul Calderone | 7b874db | 2009-08-27 12:32:47 -0400 | [diff] [blame] | 2405 | |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 2406 | :type arguments: :py:obj:`iterable` of :py:obj:`str` |
Jonathan Ballet | 78b92a2 | 2011-07-16 08:07:26 +0900 | [diff] [blame] | 2407 | :param arguments: An iterable of unquoted arguments to quote |
Jean-Paul Calderone | 7b874db | 2009-08-27 12:32:47 -0400 | [diff] [blame] | 2408 | |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 2409 | :rtype: :py:obj:`str` |
Alex Gaynor | 791212d | 2015-09-05 15:46:08 -0400 | [diff] [blame] | 2410 | :return: A space-delimited string containing quoted versions of |
| 2411 | :py:obj:`arguments` |
Jean-Paul Calderone | 7b874db | 2009-08-27 12:32:47 -0400 | [diff] [blame] | 2412 | """ |
Jean-Paul Calderone | 4f0467a | 2014-01-11 11:58:41 -0500 | [diff] [blame] | 2413 | return b' '.join(map(cmdLineQuote, arguments)) |
Jean-Paul Calderone | 7b874db | 2009-08-27 12:32:47 -0400 | [diff] [blame] | 2414 | |
| 2415 | |
Rick Dean | 4c9ad61 | 2009-07-17 15:05:22 -0500 | [diff] [blame] | 2416 | def _runopenssl(pem, *args): |
| 2417 | """ |
| 2418 | Run the command line openssl tool with the given arguments and write |
Rick Dean | 55d1ce6 | 2009-08-13 17:40:24 -0500 | [diff] [blame] | 2419 | the given PEM to its stdin. Not safe for quotes. |
Rick Dean | 4c9ad61 | 2009-07-17 15:05:22 -0500 | [diff] [blame] | 2420 | """ |
Jean-Paul Calderone | 038de95 | 2009-08-21 12:16:06 -0400 | [diff] [blame] | 2421 | if os.name == 'posix': |
Jean-Paul Calderone | 4f0467a | 2014-01-11 11:58:41 -0500 | [diff] [blame] | 2422 | command = b"openssl " + b" ".join([ |
Alex Gaynor | 85b4970 | 2015-09-05 16:30:59 -0400 | [diff] [blame] | 2423 | (b"'" + arg.replace(b"'", b"'\\''") + b"'") |
| 2424 | for arg in args |
| 2425 | ]) |
Rick Dean | 55d1ce6 | 2009-08-13 17:40:24 -0500 | [diff] [blame] | 2426 | else: |
Jean-Paul Calderone | 4f0467a | 2014-01-11 11:58:41 -0500 | [diff] [blame] | 2427 | command = b"openssl " + quoteArguments(args) |
| 2428 | proc = Popen(native(command), shell=True, stdin=PIPE, stdout=PIPE) |
Jean-Paul Calderone | 62ca8da | 2010-08-11 19:58:08 -0400 | [diff] [blame] | 2429 | proc.stdin.write(pem) |
| 2430 | proc.stdin.close() |
Jean-Paul Calderone | e82e325 | 2013-03-03 10:14:10 -0800 | [diff] [blame] | 2431 | output = proc.stdout.read() |
| 2432 | proc.stdout.close() |
| 2433 | proc.wait() |
| 2434 | return output |
Rick Dean | 4c9ad61 | 2009-07-17 15:05:22 -0500 | [diff] [blame] | 2435 | |
| 2436 | |
Hynek Schlawack | 40d448f | 2016-06-03 16:15:14 -0700 | [diff] [blame] | 2437 | class TestLoadPublicKey(object): |
Paul Kehrer | 32fc4e6 | 2016-06-03 15:21:44 -0700 | [diff] [blame] | 2438 | """ |
Hynek Schlawack | 40d448f | 2016-06-03 16:15:14 -0700 | [diff] [blame] | 2439 | Tests for :func:`load_publickey`. |
Paul Kehrer | 32fc4e6 | 2016-06-03 15:21:44 -0700 | [diff] [blame] | 2440 | """ |
Hynek Schlawack | 40d448f | 2016-06-03 16:15:14 -0700 | [diff] [blame] | 2441 | def test_loading_works(self): |
Paul Kehrer | 32fc4e6 | 2016-06-03 15:21:44 -0700 | [diff] [blame] | 2442 | """ |
Hynek Schlawack | 40d448f | 2016-06-03 16:15:14 -0700 | [diff] [blame] | 2443 | load_publickey loads public keys and sets correct attributes. |
Paul Kehrer | 32fc4e6 | 2016-06-03 15:21:44 -0700 | [diff] [blame] | 2444 | """ |
| 2445 | key = load_publickey(FILETYPE_PEM, cleartextPublicKeyPEM) |
Hynek Schlawack | 40d448f | 2016-06-03 16:15:14 -0700 | [diff] [blame] | 2446 | |
| 2447 | assert True is key._only_public |
| 2448 | assert 2048 == key.bits() |
| 2449 | assert TYPE_RSA == key.type() |
| 2450 | |
| 2451 | def test_invalid_type(self): |
| 2452 | """ |
| 2453 | load_publickey doesn't support FILETYPE_TEXT. |
| 2454 | """ |
| 2455 | with pytest.raises(ValueError): |
| 2456 | load_publickey(FILETYPE_TEXT, cleartextPublicKeyPEM) |
| 2457 | |
| 2458 | def test_invalid_key_format(self): |
| 2459 | """ |
| 2460 | load_publickey explodes on incorrect keys. |
| 2461 | """ |
| 2462 | with pytest.raises(Error): |
| 2463 | load_publickey(FILETYPE_ASN1, cleartextPublicKeyPEM) |
| 2464 | |
| 2465 | def test_tolerates_unicode_strings(self): |
| 2466 | """ |
| 2467 | load_publickey works with text strings, not just bytes. |
| 2468 | """ |
| 2469 | serialized = cleartextPublicKeyPEM.decode('ascii') |
| 2470 | key = load_publickey(FILETYPE_PEM, serialized) |
| 2471 | dumped_pem = dump_publickey(FILETYPE_PEM, key) |
| 2472 | |
| 2473 | assert dumped_pem == cleartextPublicKeyPEM |
Paul Kehrer | 32fc4e6 | 2016-06-03 15:21:44 -0700 | [diff] [blame] | 2474 | |
| 2475 | |
Jean-Paul Calderone | 1880865 | 2009-07-05 12:54:05 -0400 | [diff] [blame] | 2476 | class FunctionTests(TestCase): |
Jean-Paul Calderone | 828c9cb | 2008-04-26 18:06:54 -0400 | [diff] [blame] | 2477 | """ |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 2478 | Tests for free-functions in the :py:obj:`OpenSSL.crypto` module. |
Hynek Schlawack | 40d448f | 2016-06-03 16:15:14 -0700 | [diff] [blame] | 2479 | |
| 2480 | Add new tests to `TestFunctions` above. |
Jean-Paul Calderone | 828c9cb | 2008-04-26 18:06:54 -0400 | [diff] [blame] | 2481 | """ |
Jean-Paul Calderone | fe1b9bd | 2010-08-03 18:00:21 -0400 | [diff] [blame] | 2482 | |
| 2483 | def test_load_privatekey_invalid_format(self): |
| 2484 | """ |
Alex Gaynor | 791212d | 2015-09-05 15:46:08 -0400 | [diff] [blame] | 2485 | :py:obj:`load_privatekey` raises :py:obj:`ValueError` if passed an |
| 2486 | unknown filetype. |
Jean-Paul Calderone | fe1b9bd | 2010-08-03 18:00:21 -0400 | [diff] [blame] | 2487 | """ |
| 2488 | self.assertRaises(ValueError, load_privatekey, 100, root_key_pem) |
| 2489 | |
Jean-Paul Calderone | fe1b9bd | 2010-08-03 18:00:21 -0400 | [diff] [blame] | 2490 | def test_load_privatekey_invalid_passphrase_type(self): |
| 2491 | """ |
Alex Gaynor | 791212d | 2015-09-05 15:46:08 -0400 | [diff] [blame] | 2492 | :py:obj:`load_privatekey` raises :py:obj:`TypeError` if passed a |
| 2493 | passphrase that is neither a :py:obj:`str` nor a callable. |
Jean-Paul Calderone | fe1b9bd | 2010-08-03 18:00:21 -0400 | [diff] [blame] | 2494 | """ |
| 2495 | self.assertRaises( |
| 2496 | TypeError, |
| 2497 | load_privatekey, |
| 2498 | FILETYPE_PEM, encryptedPrivateKeyPEMPassphrase, object()) |
| 2499 | |
Jean-Paul Calderone | fe1b9bd | 2010-08-03 18:00:21 -0400 | [diff] [blame] | 2500 | def test_load_privatekey_wrong_args(self): |
| 2501 | """ |
Alex Gaynor | 791212d | 2015-09-05 15:46:08 -0400 | [diff] [blame] | 2502 | :py:obj:`load_privatekey` raises :py:obj:`TypeError` if called with the |
| 2503 | wrong number of arguments. |
Jean-Paul Calderone | fe1b9bd | 2010-08-03 18:00:21 -0400 | [diff] [blame] | 2504 | """ |
| 2505 | self.assertRaises(TypeError, load_privatekey) |
| 2506 | |
Jean-Paul Calderone | 828c9cb | 2008-04-26 18:06:54 -0400 | [diff] [blame] | 2507 | def test_load_privatekey_wrongPassphrase(self): |
| 2508 | """ |
Alex Gaynor | 791212d | 2015-09-05 15:46:08 -0400 | [diff] [blame] | 2509 | :py:obj:`load_privatekey` raises :py:obj:`OpenSSL.crypto.Error` when it |
| 2510 | is passed an encrypted PEM and an incorrect passphrase. |
Jean-Paul Calderone | 828c9cb | 2008-04-26 18:06:54 -0400 | [diff] [blame] | 2511 | """ |
| 2512 | self.assertRaises( |
| 2513 | Error, |
Jean-Paul Calderone | 5be230f | 2010-08-22 19:27:58 -0400 | [diff] [blame] | 2514 | load_privatekey, FILETYPE_PEM, encryptedPrivateKeyPEM, b("quack")) |
Jean-Paul Calderone | 828c9cb | 2008-04-26 18:06:54 -0400 | [diff] [blame] | 2515 | |
Ziga Seilnacht | 376cf97 | 2009-12-22 16:04:10 +0100 | [diff] [blame] | 2516 | def test_load_privatekey_passphraseWrongType(self): |
| 2517 | """ |
Alex Gaynor | 791212d | 2015-09-05 15:46:08 -0400 | [diff] [blame] | 2518 | :py:obj:`load_privatekey` raises :py:obj:`ValueError` when it is passed |
| 2519 | a passphrase with a private key encoded in a format, that doesn't |
| 2520 | support encryption. |
Ziga Seilnacht | 376cf97 | 2009-12-22 16:04:10 +0100 | [diff] [blame] | 2521 | """ |
| 2522 | key = load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM) |
| 2523 | blob = dump_privatekey(FILETYPE_ASN1, key) |
| 2524 | self.assertRaises(ValueError, |
Alex Gaynor | 791212d | 2015-09-05 15:46:08 -0400 | [diff] [blame] | 2525 | load_privatekey, FILETYPE_ASN1, blob, "secret") |
Ziga Seilnacht | 376cf97 | 2009-12-22 16:04:10 +0100 | [diff] [blame] | 2526 | |
Jean-Paul Calderone | 828c9cb | 2008-04-26 18:06:54 -0400 | [diff] [blame] | 2527 | def test_load_privatekey_passphrase(self): |
| 2528 | """ |
Alex Gaynor | 791212d | 2015-09-05 15:46:08 -0400 | [diff] [blame] | 2529 | :py:obj:`load_privatekey` can create a :py:obj:`PKey` object from an |
| 2530 | encrypted PEM string if given the passphrase. |
Jean-Paul Calderone | 828c9cb | 2008-04-26 18:06:54 -0400 | [diff] [blame] | 2531 | """ |
| 2532 | key = load_privatekey( |
| 2533 | FILETYPE_PEM, encryptedPrivateKeyPEM, |
| 2534 | encryptedPrivateKeyPEMPassphrase) |
| 2535 | self.assertTrue(isinstance(key, PKeyType)) |
| 2536 | |
Ziga Seilnacht | 6b90a40 | 2009-12-22 14:33:47 +0100 | [diff] [blame] | 2537 | def test_load_privatekey_passphrase_exception(self): |
| 2538 | """ |
Alex Gaynor | 791212d | 2015-09-05 15:46:08 -0400 | [diff] [blame] | 2539 | If the passphrase callback raises an exception, that exception is |
| 2540 | raised by :py:obj:`load_privatekey`. |
Ziga Seilnacht | 6b90a40 | 2009-12-22 14:33:47 +0100 | [diff] [blame] | 2541 | """ |
| 2542 | def cb(ignored): |
| 2543 | raise ArithmeticError |
| 2544 | |
Alex Gaynor | 791212d | 2015-09-05 15:46:08 -0400 | [diff] [blame] | 2545 | with pytest.raises(ArithmeticError): |
| 2546 | load_privatekey(FILETYPE_PEM, encryptedPrivateKeyPEM, cb) |
Ziga Seilnacht | 6b90a40 | 2009-12-22 14:33:47 +0100 | [diff] [blame] | 2547 | |
Jean-Paul Calderone | 828c9cb | 2008-04-26 18:06:54 -0400 | [diff] [blame] | 2548 | def test_load_privatekey_wrongPassphraseCallback(self): |
| 2549 | """ |
Jean-Paul Calderone | d440a08 | 2011-09-14 11:02:05 -0400 | [diff] [blame] | 2550 | :py:obj:`load_privatekey` raises :py:obj:`OpenSSL.crypto.Error` when it |
| 2551 | is passed an encrypted PEM and a passphrase callback which returns an |
| 2552 | incorrect passphrase. |
Jean-Paul Calderone | 828c9cb | 2008-04-26 18:06:54 -0400 | [diff] [blame] | 2553 | """ |
| 2554 | called = [] |
Alex Gaynor | aceb3e2 | 2015-09-05 12:00:22 -0400 | [diff] [blame] | 2555 | |
Jean-Paul Calderone | 828c9cb | 2008-04-26 18:06:54 -0400 | [diff] [blame] | 2556 | def cb(*a): |
| 2557 | called.append(None) |
Jean-Paul Calderone | d440a08 | 2011-09-14 11:02:05 -0400 | [diff] [blame] | 2558 | return b("quack") |
Jean-Paul Calderone | 828c9cb | 2008-04-26 18:06:54 -0400 | [diff] [blame] | 2559 | self.assertRaises( |
| 2560 | Error, |
| 2561 | load_privatekey, FILETYPE_PEM, encryptedPrivateKeyPEM, cb) |
| 2562 | self.assertTrue(called) |
| 2563 | |
| 2564 | def test_load_privatekey_passphraseCallback(self): |
| 2565 | """ |
Alex Gaynor | 791212d | 2015-09-05 15:46:08 -0400 | [diff] [blame] | 2566 | :py:obj:`load_privatekey` can create a :py:obj:`PKey` object from an |
| 2567 | encrypted PEM string if given a passphrase callback which returns the |
| 2568 | correct password. |
Jean-Paul Calderone | 828c9cb | 2008-04-26 18:06:54 -0400 | [diff] [blame] | 2569 | """ |
| 2570 | called = [] |
Alex Gaynor | aceb3e2 | 2015-09-05 12:00:22 -0400 | [diff] [blame] | 2571 | |
Jean-Paul Calderone | 828c9cb | 2008-04-26 18:06:54 -0400 | [diff] [blame] | 2572 | def cb(writing): |
| 2573 | called.append(writing) |
| 2574 | return encryptedPrivateKeyPEMPassphrase |
| 2575 | key = load_privatekey(FILETYPE_PEM, encryptedPrivateKeyPEM, cb) |
| 2576 | self.assertTrue(isinstance(key, PKeyType)) |
| 2577 | self.assertEqual(called, [False]) |
| 2578 | |
Jean-Paul Calderone | 105cb95 | 2011-09-14 10:16:46 -0400 | [diff] [blame] | 2579 | def test_load_privatekey_passphrase_wrong_return_type(self): |
| 2580 | """ |
| 2581 | :py:obj:`load_privatekey` raises :py:obj:`ValueError` if the passphrase |
| 2582 | callback returns something other than a byte string. |
| 2583 | """ |
| 2584 | self.assertRaises( |
| 2585 | ValueError, |
| 2586 | load_privatekey, |
| 2587 | FILETYPE_PEM, encryptedPrivateKeyPEM, lambda *args: 3) |
| 2588 | |
Jean-Paul Calderone | fe1b9bd | 2010-08-03 18:00:21 -0400 | [diff] [blame] | 2589 | def test_dump_privatekey_wrong_args(self): |
| 2590 | """ |
Alex Gaynor | 791212d | 2015-09-05 15:46:08 -0400 | [diff] [blame] | 2591 | :py:obj:`dump_privatekey` raises :py:obj:`TypeError` if called with the |
| 2592 | wrong number of arguments. |
Jean-Paul Calderone | fe1b9bd | 2010-08-03 18:00:21 -0400 | [diff] [blame] | 2593 | """ |
| 2594 | self.assertRaises(TypeError, dump_privatekey) |
Jean-Paul Calderone | 1eeccd8 | 2011-09-14 10:18:52 -0400 | [diff] [blame] | 2595 | # If cipher name is given, password is required. |
| 2596 | self.assertRaises( |
Jean-Paul Calderone | 4f0467a | 2014-01-11 11:58:41 -0500 | [diff] [blame] | 2597 | TypeError, dump_privatekey, FILETYPE_PEM, PKey(), GOOD_CIPHER) |
Jean-Paul Calderone | fe1b9bd | 2010-08-03 18:00:21 -0400 | [diff] [blame] | 2598 | |
Jean-Paul Calderone | fe1b9bd | 2010-08-03 18:00:21 -0400 | [diff] [blame] | 2599 | def test_dump_privatekey_unknown_cipher(self): |
| 2600 | """ |
Alex Gaynor | 791212d | 2015-09-05 15:46:08 -0400 | [diff] [blame] | 2601 | :py:obj:`dump_privatekey` raises :py:obj:`ValueError` if called with an |
| 2602 | unrecognized cipher name. |
Jean-Paul Calderone | fe1b9bd | 2010-08-03 18:00:21 -0400 | [diff] [blame] | 2603 | """ |
| 2604 | key = PKey() |
| 2605 | key.generate_key(TYPE_RSA, 512) |
| 2606 | self.assertRaises( |
| 2607 | ValueError, dump_privatekey, |
Jean-Paul Calderone | 4f0467a | 2014-01-11 11:58:41 -0500 | [diff] [blame] | 2608 | FILETYPE_PEM, key, BAD_CIPHER, "passphrase") |
Jean-Paul Calderone | fe1b9bd | 2010-08-03 18:00:21 -0400 | [diff] [blame] | 2609 | |
Jean-Paul Calderone | fe1b9bd | 2010-08-03 18:00:21 -0400 | [diff] [blame] | 2610 | def test_dump_privatekey_invalid_passphrase_type(self): |
| 2611 | """ |
Alex Gaynor | 791212d | 2015-09-05 15:46:08 -0400 | [diff] [blame] | 2612 | :py:obj:`dump_privatekey` raises :py:obj:`TypeError` if called with a |
| 2613 | passphrase which is neither a :py:obj:`str` nor a callable. |
Jean-Paul Calderone | fe1b9bd | 2010-08-03 18:00:21 -0400 | [diff] [blame] | 2614 | """ |
| 2615 | key = PKey() |
| 2616 | key.generate_key(TYPE_RSA, 512) |
| 2617 | self.assertRaises( |
| 2618 | TypeError, |
Jean-Paul Calderone | 4f0467a | 2014-01-11 11:58:41 -0500 | [diff] [blame] | 2619 | dump_privatekey, FILETYPE_PEM, key, GOOD_CIPHER, object()) |
Jean-Paul Calderone | fe1b9bd | 2010-08-03 18:00:21 -0400 | [diff] [blame] | 2620 | |
Jean-Paul Calderone | fe1b9bd | 2010-08-03 18:00:21 -0400 | [diff] [blame] | 2621 | def test_dump_privatekey_invalid_filetype(self): |
| 2622 | """ |
Alex Gaynor | 791212d | 2015-09-05 15:46:08 -0400 | [diff] [blame] | 2623 | :py:obj:`dump_privatekey` raises :py:obj:`ValueError` if called with an |
| 2624 | unrecognized filetype. |
Jean-Paul Calderone | fe1b9bd | 2010-08-03 18:00:21 -0400 | [diff] [blame] | 2625 | """ |
| 2626 | key = PKey() |
| 2627 | key.generate_key(TYPE_RSA, 512) |
| 2628 | self.assertRaises(ValueError, dump_privatekey, 100, key) |
| 2629 | |
Ziga Seilnacht | 781295a | 2009-12-22 14:58:01 +0100 | [diff] [blame] | 2630 | def test_load_privatekey_passphraseCallbackLength(self): |
| 2631 | """ |
Alex Gaynor | 791212d | 2015-09-05 15:46:08 -0400 | [diff] [blame] | 2632 | :py:obj:`crypto.load_privatekey` should raise an error when the |
| 2633 | passphrase provided by the callback is too long, not silently truncate |
| 2634 | it. |
Ziga Seilnacht | 781295a | 2009-12-22 14:58:01 +0100 | [diff] [blame] | 2635 | """ |
| 2636 | def cb(ignored): |
| 2637 | return "a" * 1025 |
| 2638 | |
Alex Gaynor | 791212d | 2015-09-05 15:46:08 -0400 | [diff] [blame] | 2639 | with pytest.raises(ValueError): |
| 2640 | load_privatekey(FILETYPE_PEM, encryptedPrivateKeyPEM, cb) |
Ziga Seilnacht | 781295a | 2009-12-22 14:58:01 +0100 | [diff] [blame] | 2641 | |
Jean-Paul Calderone | 828c9cb | 2008-04-26 18:06:54 -0400 | [diff] [blame] | 2642 | def test_dump_privatekey_passphrase(self): |
| 2643 | """ |
Alex Gaynor | 791212d | 2015-09-05 15:46:08 -0400 | [diff] [blame] | 2644 | :py:obj:`dump_privatekey` writes an encrypted PEM when given a |
| 2645 | passphrase. |
Jean-Paul Calderone | 828c9cb | 2008-04-26 18:06:54 -0400 | [diff] [blame] | 2646 | """ |
Jean-Paul Calderone | 5be230f | 2010-08-22 19:27:58 -0400 | [diff] [blame] | 2647 | passphrase = b("foo") |
Jean-Paul Calderone | 828c9cb | 2008-04-26 18:06:54 -0400 | [diff] [blame] | 2648 | key = load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM) |
Jean-Paul Calderone | 4f0467a | 2014-01-11 11:58:41 -0500 | [diff] [blame] | 2649 | pem = dump_privatekey(FILETYPE_PEM, key, GOOD_CIPHER, passphrase) |
| 2650 | self.assertTrue(isinstance(pem, binary_type)) |
Jean-Paul Calderone | 828c9cb | 2008-04-26 18:06:54 -0400 | [diff] [blame] | 2651 | loadedKey = load_privatekey(FILETYPE_PEM, pem, passphrase) |
| 2652 | self.assertTrue(isinstance(loadedKey, PKeyType)) |
| 2653 | self.assertEqual(loadedKey.type(), key.type()) |
| 2654 | self.assertEqual(loadedKey.bits(), key.bits()) |
| 2655 | |
Ziga Seilnacht | 376cf97 | 2009-12-22 16:04:10 +0100 | [diff] [blame] | 2656 | def test_dump_privatekey_passphraseWrongType(self): |
| 2657 | """ |
Alex Gaynor | 791212d | 2015-09-05 15:46:08 -0400 | [diff] [blame] | 2658 | :py:obj:`dump_privatekey` raises :py:obj:`ValueError` when it is passed |
| 2659 | a passphrase with a private key encoded in a format, that doesn't |
| 2660 | support encryption. |
Ziga Seilnacht | 376cf97 | 2009-12-22 16:04:10 +0100 | [diff] [blame] | 2661 | """ |
| 2662 | key = load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM) |
Alex Gaynor | 791212d | 2015-09-05 15:46:08 -0400 | [diff] [blame] | 2663 | with pytest.raises(ValueError): |
| 2664 | dump_privatekey(FILETYPE_ASN1, key, GOOD_CIPHER, "secret") |
Ziga Seilnacht | 376cf97 | 2009-12-22 16:04:10 +0100 | [diff] [blame] | 2665 | |
Rick Dean | 5b7b637 | 2009-04-01 11:34:06 -0500 | [diff] [blame] | 2666 | def test_dump_certificate(self): |
| 2667 | """ |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 2668 | :py:obj:`dump_certificate` writes PEM, DER, and text. |
Rick Dean | 5b7b637 | 2009-04-01 11:34:06 -0500 | [diff] [blame] | 2669 | """ |
Jean-Paul Calderone | f17e421 | 2009-04-01 14:21:40 -0400 | [diff] [blame] | 2670 | pemData = cleartextCertificatePEM + cleartextPrivateKeyPEM |
Rick Dean | 5b7b637 | 2009-04-01 11:34:06 -0500 | [diff] [blame] | 2671 | cert = load_certificate(FILETYPE_PEM, pemData) |
| 2672 | dumped_pem = dump_certificate(FILETYPE_PEM, cert) |
| 2673 | self.assertEqual(dumped_pem, cleartextCertificatePEM) |
| 2674 | dumped_der = dump_certificate(FILETYPE_ASN1, cert) |
Jean-Paul Calderone | 4f0467a | 2014-01-11 11:58:41 -0500 | [diff] [blame] | 2675 | good_der = _runopenssl(dumped_pem, b"x509", b"-outform", b"DER") |
Rick Dean | 5b7b637 | 2009-04-01 11:34:06 -0500 | [diff] [blame] | 2676 | self.assertEqual(dumped_der, good_der) |
| 2677 | cert2 = load_certificate(FILETYPE_ASN1, dumped_der) |
| 2678 | dumped_pem2 = dump_certificate(FILETYPE_PEM, cert2) |
| 2679 | self.assertEqual(dumped_pem2, cleartextCertificatePEM) |
| 2680 | dumped_text = dump_certificate(FILETYPE_TEXT, cert) |
Jean-Paul Calderone | 4f0467a | 2014-01-11 11:58:41 -0500 | [diff] [blame] | 2681 | good_text = _runopenssl(dumped_pem, b"x509", b"-noout", b"-text") |
Rick Dean | 5b7b637 | 2009-04-01 11:34:06 -0500 | [diff] [blame] | 2682 | self.assertEqual(dumped_text, good_text) |
| 2683 | |
Jean-Paul Calderone | e82e325 | 2013-03-03 10:14:10 -0800 | [diff] [blame] | 2684 | def test_dump_privatekey_pem(self): |
Rick Dean | 5b7b637 | 2009-04-01 11:34:06 -0500 | [diff] [blame] | 2685 | """ |
Jean-Paul Calderone | e82e325 | 2013-03-03 10:14:10 -0800 | [diff] [blame] | 2686 | :py:obj:`dump_privatekey` writes a PEM |
Rick Dean | 5b7b637 | 2009-04-01 11:34:06 -0500 | [diff] [blame] | 2687 | """ |
| 2688 | key = load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM) |
Jean-Paul Calderone | 8e6ce97 | 2009-05-13 12:32:49 -0400 | [diff] [blame] | 2689 | self.assertTrue(key.check()) |
Rick Dean | 5b7b637 | 2009-04-01 11:34:06 -0500 | [diff] [blame] | 2690 | dumped_pem = dump_privatekey(FILETYPE_PEM, key) |
| 2691 | self.assertEqual(dumped_pem, cleartextPrivateKeyPEM) |
Jean-Paul Calderone | e82e325 | 2013-03-03 10:14:10 -0800 | [diff] [blame] | 2692 | |
Jean-Paul Calderone | e82e325 | 2013-03-03 10:14:10 -0800 | [diff] [blame] | 2693 | def test_dump_privatekey_asn1(self): |
| 2694 | """ |
| 2695 | :py:obj:`dump_privatekey` writes a DER |
| 2696 | """ |
| 2697 | key = load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM) |
| 2698 | dumped_pem = dump_privatekey(FILETYPE_PEM, key) |
| 2699 | |
Rick Dean | 5b7b637 | 2009-04-01 11:34:06 -0500 | [diff] [blame] | 2700 | dumped_der = dump_privatekey(FILETYPE_ASN1, key) |
Jean-Paul Calderone | f17e421 | 2009-04-01 14:21:40 -0400 | [diff] [blame] | 2701 | # XXX This OpenSSL call writes "writing RSA key" to standard out. Sad. |
Jean-Paul Calderone | 4f0467a | 2014-01-11 11:58:41 -0500 | [diff] [blame] | 2702 | good_der = _runopenssl(dumped_pem, b"rsa", b"-outform", b"DER") |
Rick Dean | 5b7b637 | 2009-04-01 11:34:06 -0500 | [diff] [blame] | 2703 | self.assertEqual(dumped_der, good_der) |
| 2704 | key2 = load_privatekey(FILETYPE_ASN1, dumped_der) |
| 2705 | dumped_pem2 = dump_privatekey(FILETYPE_PEM, key2) |
| 2706 | self.assertEqual(dumped_pem2, cleartextPrivateKeyPEM) |
Jean-Paul Calderone | e82e325 | 2013-03-03 10:14:10 -0800 | [diff] [blame] | 2707 | |
Jean-Paul Calderone | e82e325 | 2013-03-03 10:14:10 -0800 | [diff] [blame] | 2708 | def test_dump_privatekey_text(self): |
| 2709 | """ |
| 2710 | :py:obj:`dump_privatekey` writes a text |
| 2711 | """ |
| 2712 | key = load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM) |
| 2713 | dumped_pem = dump_privatekey(FILETYPE_PEM, key) |
| 2714 | |
Rick Dean | 5b7b637 | 2009-04-01 11:34:06 -0500 | [diff] [blame] | 2715 | dumped_text = dump_privatekey(FILETYPE_TEXT, key) |
Jean-Paul Calderone | 4f0467a | 2014-01-11 11:58:41 -0500 | [diff] [blame] | 2716 | good_text = _runopenssl(dumped_pem, b"rsa", b"-noout", b"-text") |
Rick Dean | 5b7b637 | 2009-04-01 11:34:06 -0500 | [diff] [blame] | 2717 | self.assertEqual(dumped_text, good_text) |
| 2718 | |
Cory Benfield | 6492f7c | 2015-10-27 16:57:58 +0900 | [diff] [blame] | 2719 | def test_dump_publickey_pem(self): |
| 2720 | """ |
Cory Benfield | 11c1019 | 2015-10-27 17:23:03 +0900 | [diff] [blame] | 2721 | dump_publickey writes a PEM. |
Cory Benfield | 6492f7c | 2015-10-27 16:57:58 +0900 | [diff] [blame] | 2722 | """ |
| 2723 | key = load_publickey(FILETYPE_PEM, cleartextPublicKeyPEM) |
| 2724 | dumped_pem = dump_publickey(FILETYPE_PEM, key) |
Cory Benfield | d86f1d8 | 2015-10-27 17:25:17 +0900 | [diff] [blame] | 2725 | assert dumped_pem == cleartextPublicKeyPEM |
Cory Benfield | 6492f7c | 2015-10-27 16:57:58 +0900 | [diff] [blame] | 2726 | |
| 2727 | def test_dump_publickey_asn1(self): |
| 2728 | """ |
Cory Benfield | 11c1019 | 2015-10-27 17:23:03 +0900 | [diff] [blame] | 2729 | dump_publickey writes a DER. |
Cory Benfield | 6492f7c | 2015-10-27 16:57:58 +0900 | [diff] [blame] | 2730 | """ |
| 2731 | key = load_publickey(FILETYPE_PEM, cleartextPublicKeyPEM) |
| 2732 | dumped_der = dump_publickey(FILETYPE_ASN1, key) |
| 2733 | key2 = load_publickey(FILETYPE_ASN1, dumped_der) |
| 2734 | dumped_pem2 = dump_publickey(FILETYPE_PEM, key2) |
Cory Benfield | d86f1d8 | 2015-10-27 17:25:17 +0900 | [diff] [blame] | 2735 | assert dumped_pem2 == cleartextPublicKeyPEM |
Cory Benfield | 6492f7c | 2015-10-27 16:57:58 +0900 | [diff] [blame] | 2736 | |
Cory Benfield | e02c7d8 | 2015-10-27 17:34:49 +0900 | [diff] [blame] | 2737 | def test_dump_publickey_invalid_type(self): |
| 2738 | """ |
| 2739 | dump_publickey doesn't support FILETYPE_TEXT. |
| 2740 | """ |
| 2741 | key = load_publickey(FILETYPE_PEM, cleartextPublicKeyPEM) |
| 2742 | |
| 2743 | with pytest.raises(ValueError): |
| 2744 | dump_publickey(FILETYPE_TEXT, key) |
| 2745 | |
Rick Dean | 5b7b637 | 2009-04-01 11:34:06 -0500 | [diff] [blame] | 2746 | def test_dump_certificate_request(self): |
| 2747 | """ |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 2748 | :py:obj:`dump_certificate_request` writes a PEM, DER, and text. |
Rick Dean | 5b7b637 | 2009-04-01 11:34:06 -0500 | [diff] [blame] | 2749 | """ |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 2750 | req = load_certificate_request( |
| 2751 | FILETYPE_PEM, cleartextCertificateRequestPEM) |
Rick Dean | 5b7b637 | 2009-04-01 11:34:06 -0500 | [diff] [blame] | 2752 | dumped_pem = dump_certificate_request(FILETYPE_PEM, req) |
| 2753 | self.assertEqual(dumped_pem, cleartextCertificateRequestPEM) |
| 2754 | dumped_der = dump_certificate_request(FILETYPE_ASN1, req) |
Jean-Paul Calderone | 4f0467a | 2014-01-11 11:58:41 -0500 | [diff] [blame] | 2755 | good_der = _runopenssl(dumped_pem, b"req", b"-outform", b"DER") |
Rick Dean | 5b7b637 | 2009-04-01 11:34:06 -0500 | [diff] [blame] | 2756 | self.assertEqual(dumped_der, good_der) |
| 2757 | req2 = load_certificate_request(FILETYPE_ASN1, dumped_der) |
| 2758 | dumped_pem2 = dump_certificate_request(FILETYPE_PEM, req2) |
| 2759 | self.assertEqual(dumped_pem2, cleartextCertificateRequestPEM) |
| 2760 | dumped_text = dump_certificate_request(FILETYPE_TEXT, req) |
Jean-Paul Calderone | 4f0467a | 2014-01-11 11:58:41 -0500 | [diff] [blame] | 2761 | good_text = _runopenssl(dumped_pem, b"req", b"-noout", b"-text") |
Rick Dean | 5b7b637 | 2009-04-01 11:34:06 -0500 | [diff] [blame] | 2762 | self.assertEqual(dumped_text, good_text) |
Jean-Paul Calderone | af43cdf | 2010-08-03 18:40:52 -0400 | [diff] [blame] | 2763 | self.assertRaises(ValueError, dump_certificate_request, 100, req) |
Rick Dean | 5b7b637 | 2009-04-01 11:34:06 -0500 | [diff] [blame] | 2764 | |
Jean-Paul Calderone | 828c9cb | 2008-04-26 18:06:54 -0400 | [diff] [blame] | 2765 | def test_dump_privatekey_passphraseCallback(self): |
| 2766 | """ |
Alex Gaynor | 791212d | 2015-09-05 15:46:08 -0400 | [diff] [blame] | 2767 | :py:obj:`dump_privatekey` writes an encrypted PEM when given a callback |
| 2768 | which returns the correct passphrase. |
Jean-Paul Calderone | 828c9cb | 2008-04-26 18:06:54 -0400 | [diff] [blame] | 2769 | """ |
Jean-Paul Calderone | 5be230f | 2010-08-22 19:27:58 -0400 | [diff] [blame] | 2770 | passphrase = b("foo") |
Jean-Paul Calderone | 828c9cb | 2008-04-26 18:06:54 -0400 | [diff] [blame] | 2771 | called = [] |
Alex Gaynor | aceb3e2 | 2015-09-05 12:00:22 -0400 | [diff] [blame] | 2772 | |
Jean-Paul Calderone | 828c9cb | 2008-04-26 18:06:54 -0400 | [diff] [blame] | 2773 | def cb(writing): |
| 2774 | called.append(writing) |
| 2775 | return passphrase |
| 2776 | key = load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM) |
Jean-Paul Calderone | 4f0467a | 2014-01-11 11:58:41 -0500 | [diff] [blame] | 2777 | pem = dump_privatekey(FILETYPE_PEM, key, GOOD_CIPHER, cb) |
| 2778 | self.assertTrue(isinstance(pem, binary_type)) |
Jean-Paul Calderone | 828c9cb | 2008-04-26 18:06:54 -0400 | [diff] [blame] | 2779 | self.assertEqual(called, [True]) |
| 2780 | loadedKey = load_privatekey(FILETYPE_PEM, pem, passphrase) |
| 2781 | self.assertTrue(isinstance(loadedKey, PKeyType)) |
| 2782 | self.assertEqual(loadedKey.type(), key.type()) |
| 2783 | self.assertEqual(loadedKey.bits(), key.bits()) |
Rick Dean | 5b7b637 | 2009-04-01 11:34:06 -0500 | [diff] [blame] | 2784 | |
Ziga Seilnacht | 6b90a40 | 2009-12-22 14:33:47 +0100 | [diff] [blame] | 2785 | def test_dump_privatekey_passphrase_exception(self): |
| 2786 | """ |
Jean-Paul Calderone | 5d9d7f1 | 2011-09-14 09:48:58 -0400 | [diff] [blame] | 2787 | :py:obj:`dump_privatekey` should not overwrite the exception raised |
Ziga Seilnacht | 6b90a40 | 2009-12-22 14:33:47 +0100 | [diff] [blame] | 2788 | by the passphrase callback. |
| 2789 | """ |
| 2790 | def cb(ignored): |
| 2791 | raise ArithmeticError |
| 2792 | |
| 2793 | key = load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM) |
Alex Gaynor | 85b4970 | 2015-09-05 16:30:59 -0400 | [diff] [blame] | 2794 | with pytest.raises(ArithmeticError): |
| 2795 | dump_privatekey(FILETYPE_PEM, key, GOOD_CIPHER, cb) |
Ziga Seilnacht | 6b90a40 | 2009-12-22 14:33:47 +0100 | [diff] [blame] | 2796 | |
Ziga Seilnacht | 781295a | 2009-12-22 14:58:01 +0100 | [diff] [blame] | 2797 | def test_dump_privatekey_passphraseCallbackLength(self): |
| 2798 | """ |
Alex Gaynor | 791212d | 2015-09-05 15:46:08 -0400 | [diff] [blame] | 2799 | :py:obj:`crypto.dump_privatekey` should raise an error when the |
| 2800 | passphrase provided by the callback is too long, not silently truncate |
| 2801 | it. |
Ziga Seilnacht | 781295a | 2009-12-22 14:58:01 +0100 | [diff] [blame] | 2802 | """ |
| 2803 | def cb(ignored): |
| 2804 | return "a" * 1025 |
| 2805 | |
| 2806 | key = load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM) |
Alex Gaynor | 85b4970 | 2015-09-05 16:30:59 -0400 | [diff] [blame] | 2807 | with pytest.raises(ValueError): |
| 2808 | dump_privatekey(FILETYPE_PEM, key, GOOD_CIPHER, cb) |
Ziga Seilnacht | 781295a | 2009-12-22 14:58:01 +0100 | [diff] [blame] | 2809 | |
Alex Gaynor | 4b9c96a | 2014-08-14 09:51:48 -0700 | [diff] [blame] | 2810 | def test_load_pkcs7_data_pem(self): |
Jean-Paul Calderone | dc138fa | 2009-06-27 14:32:07 -0400 | [diff] [blame] | 2811 | """ |
Alex Gaynor | 791212d | 2015-09-05 15:46:08 -0400 | [diff] [blame] | 2812 | :py:obj:`load_pkcs7_data` accepts a PKCS#7 string and returns an |
| 2813 | instance of :py:obj:`PKCS7Type`. |
Jean-Paul Calderone | dc138fa | 2009-06-27 14:32:07 -0400 | [diff] [blame] | 2814 | """ |
| 2815 | pkcs7 = load_pkcs7_data(FILETYPE_PEM, pkcs7Data) |
| 2816 | self.assertTrue(isinstance(pkcs7, PKCS7Type)) |
| 2817 | |
Alex Gaynor | 4b9c96a | 2014-08-14 09:51:48 -0700 | [diff] [blame] | 2818 | def test_load_pkcs7_data_asn1(self): |
Alex Gaynor | 9875a91 | 2014-08-14 13:35:05 -0700 | [diff] [blame] | 2819 | """ |
| 2820 | :py:obj:`load_pkcs7_data` accepts a bytes containing ASN1 data |
| 2821 | representing PKCS#7 and returns an instance of :py:obj`PKCS7Type`. |
| 2822 | """ |
Alex Gaynor | 4b9c96a | 2014-08-14 09:51:48 -0700 | [diff] [blame] | 2823 | pkcs7 = load_pkcs7_data(FILETYPE_ASN1, pkcs7DataASN1) |
| 2824 | self.assertTrue(isinstance(pkcs7, PKCS7Type)) |
| 2825 | |
Jean-Paul Calderone | e82e325 | 2013-03-03 10:14:10 -0800 | [diff] [blame] | 2826 | def test_load_pkcs7_data_invalid(self): |
| 2827 | """ |
| 2828 | If the data passed to :py:obj:`load_pkcs7_data` is invalid, |
| 2829 | :py:obj:`Error` is raised. |
| 2830 | """ |
Jean-Paul Calderone | 4f0467a | 2014-01-11 11:58:41 -0500 | [diff] [blame] | 2831 | self.assertRaises(Error, load_pkcs7_data, FILETYPE_PEM, b"foo") |
Jean-Paul Calderone | e82e325 | 2013-03-03 10:14:10 -0800 | [diff] [blame] | 2832 | |
Alex Gaynor | 09a386e | 2016-07-03 09:32:44 -0400 | [diff] [blame] | 2833 | def test_load_pkcs7_type_invalid(self): |
| 2834 | """ |
| 2835 | If the type passed to :obj:`load_pkcs7_data`, :obj:`ValueError` is |
| 2836 | raised. |
| 2837 | """ |
| 2838 | with pytest.raises(ValueError): |
| 2839 | load_pkcs7_data(object(), b"foo") |
| 2840 | |
Jean-Paul Calderone | e82e325 | 2013-03-03 10:14:10 -0800 | [diff] [blame] | 2841 | |
Jean-Paul Calderone | 4a68b40 | 2013-12-29 16:54:58 -0500 | [diff] [blame] | 2842 | class LoadCertificateTests(TestCase): |
| 2843 | """ |
| 2844 | Tests for :py:obj:`load_certificate_request`. |
| 2845 | """ |
Alex Gaynor | aceb3e2 | 2015-09-05 12:00:22 -0400 | [diff] [blame] | 2846 | |
Jean-Paul Calderone | 4a68b40 | 2013-12-29 16:54:58 -0500 | [diff] [blame] | 2847 | def test_badFileType(self): |
| 2848 | """ |
| 2849 | If the file type passed to :py:obj:`load_certificate_request` is |
| 2850 | neither :py:obj:`FILETYPE_PEM` nor :py:obj:`FILETYPE_ASN1` then |
| 2851 | :py:class:`ValueError` is raised. |
| 2852 | """ |
| 2853 | self.assertRaises(ValueError, load_certificate_request, object(), b"") |
| 2854 | |
| 2855 | |
Jean-Paul Calderone | 6864905 | 2009-07-17 21:14:27 -0400 | [diff] [blame] | 2856 | class PKCS7Tests(TestCase): |
| 2857 | """ |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 2858 | Tests for :py:obj:`PKCS7Type`. |
Jean-Paul Calderone | 6864905 | 2009-07-17 21:14:27 -0400 | [diff] [blame] | 2859 | """ |
Alex Gaynor | aceb3e2 | 2015-09-05 12:00:22 -0400 | [diff] [blame] | 2860 | |
Jean-Paul Calderone | 6864905 | 2009-07-17 21:14:27 -0400 | [diff] [blame] | 2861 | def test_type(self): |
| 2862 | """ |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 2863 | :py:obj:`PKCS7Type` is a type object. |
Jean-Paul Calderone | 6864905 | 2009-07-17 21:14:27 -0400 | [diff] [blame] | 2864 | """ |
| 2865 | self.assertTrue(isinstance(PKCS7Type, type)) |
| 2866 | self.assertEqual(PKCS7Type.__name__, 'PKCS7') |
| 2867 | |
| 2868 | # XXX This doesn't currently work. |
| 2869 | # self.assertIdentical(PKCS7, PKCS7Type) |
| 2870 | |
Jean-Paul Calderone | fe1b9bd | 2010-08-03 18:00:21 -0400 | [diff] [blame] | 2871 | # XXX Opposite results for all these following methods |
| 2872 | |
Jean-Paul Calderone | 07c9374 | 2010-07-30 10:53:41 -0400 | [diff] [blame] | 2873 | def test_type_is_signed_wrong_args(self): |
Jean-Paul Calderone | aa6c069 | 2010-09-08 22:43:09 -0400 | [diff] [blame] | 2874 | """ |
Alex Gaynor | 791212d | 2015-09-05 15:46:08 -0400 | [diff] [blame] | 2875 | :py:obj:`PKCS7Type.type_is_signed` raises :py:obj:`TypeError` if called |
| 2876 | with any arguments. |
Jean-Paul Calderone | aa6c069 | 2010-09-08 22:43:09 -0400 | [diff] [blame] | 2877 | """ |
Jean-Paul Calderone | 07c9374 | 2010-07-30 10:53:41 -0400 | [diff] [blame] | 2878 | pkcs7 = load_pkcs7_data(FILETYPE_PEM, pkcs7Data) |
| 2879 | self.assertRaises(TypeError, pkcs7.type_is_signed, None) |
| 2880 | |
Jean-Paul Calderone | 07c9374 | 2010-07-30 10:53:41 -0400 | [diff] [blame] | 2881 | def test_type_is_signed(self): |
Jean-Paul Calderone | aa6c069 | 2010-09-08 22:43:09 -0400 | [diff] [blame] | 2882 | """ |
Alex Gaynor | 791212d | 2015-09-05 15:46:08 -0400 | [diff] [blame] | 2883 | :py:obj:`PKCS7Type.type_is_signed` returns :py:obj:`True` if the PKCS7 |
| 2884 | object is of the type *signed*. |
Jean-Paul Calderone | aa6c069 | 2010-09-08 22:43:09 -0400 | [diff] [blame] | 2885 | """ |
Jean-Paul Calderone | 07c9374 | 2010-07-30 10:53:41 -0400 | [diff] [blame] | 2886 | pkcs7 = load_pkcs7_data(FILETYPE_PEM, pkcs7Data) |
| 2887 | self.assertTrue(pkcs7.type_is_signed()) |
| 2888 | |
Jean-Paul Calderone | 07c9374 | 2010-07-30 10:53:41 -0400 | [diff] [blame] | 2889 | def test_type_is_enveloped_wrong_args(self): |
Jean-Paul Calderone | aa6c069 | 2010-09-08 22:43:09 -0400 | [diff] [blame] | 2890 | """ |
Alex Gaynor | 791212d | 2015-09-05 15:46:08 -0400 | [diff] [blame] | 2891 | :py:obj:`PKCS7Type.type_is_enveloped` raises :py:obj:`TypeError` if |
| 2892 | called with any arguments. |
Jean-Paul Calderone | aa6c069 | 2010-09-08 22:43:09 -0400 | [diff] [blame] | 2893 | """ |
Jean-Paul Calderone | 07c9374 | 2010-07-30 10:53:41 -0400 | [diff] [blame] | 2894 | pkcs7 = load_pkcs7_data(FILETYPE_PEM, pkcs7Data) |
| 2895 | self.assertRaises(TypeError, pkcs7.type_is_enveloped, None) |
| 2896 | |
Jean-Paul Calderone | 07c9374 | 2010-07-30 10:53:41 -0400 | [diff] [blame] | 2897 | def test_type_is_enveloped(self): |
Jean-Paul Calderone | aa6c069 | 2010-09-08 22:43:09 -0400 | [diff] [blame] | 2898 | """ |
Alex Gaynor | 791212d | 2015-09-05 15:46:08 -0400 | [diff] [blame] | 2899 | :py:obj:`PKCS7Type.type_is_enveloped` returns :py:obj:`False` if the |
| 2900 | PKCS7 object is not of the type *enveloped*. |
Jean-Paul Calderone | aa6c069 | 2010-09-08 22:43:09 -0400 | [diff] [blame] | 2901 | """ |
Jean-Paul Calderone | 07c9374 | 2010-07-30 10:53:41 -0400 | [diff] [blame] | 2902 | pkcs7 = load_pkcs7_data(FILETYPE_PEM, pkcs7Data) |
| 2903 | self.assertFalse(pkcs7.type_is_enveloped()) |
| 2904 | |
Jean-Paul Calderone | 07c9374 | 2010-07-30 10:53:41 -0400 | [diff] [blame] | 2905 | def test_type_is_signedAndEnveloped_wrong_args(self): |
Jean-Paul Calderone | aa6c069 | 2010-09-08 22:43:09 -0400 | [diff] [blame] | 2906 | """ |
Alex Gaynor | 791212d | 2015-09-05 15:46:08 -0400 | [diff] [blame] | 2907 | :py:obj:`PKCS7Type.type_is_signedAndEnveloped` raises |
| 2908 | :py:obj:`TypeError` if called with any arguments. |
Jean-Paul Calderone | aa6c069 | 2010-09-08 22:43:09 -0400 | [diff] [blame] | 2909 | """ |
Jean-Paul Calderone | 07c9374 | 2010-07-30 10:53:41 -0400 | [diff] [blame] | 2910 | pkcs7 = load_pkcs7_data(FILETYPE_PEM, pkcs7Data) |
| 2911 | self.assertRaises(TypeError, pkcs7.type_is_signedAndEnveloped, None) |
| 2912 | |
Jean-Paul Calderone | 07c9374 | 2010-07-30 10:53:41 -0400 | [diff] [blame] | 2913 | def test_type_is_signedAndEnveloped(self): |
Jean-Paul Calderone | aa6c069 | 2010-09-08 22:43:09 -0400 | [diff] [blame] | 2914 | """ |
Alex Gaynor | 791212d | 2015-09-05 15:46:08 -0400 | [diff] [blame] | 2915 | :py:obj:`PKCS7Type.type_is_signedAndEnveloped` returns :py:obj:`False` |
| 2916 | if the PKCS7 object is not of the type *signed and enveloped*. |
Jean-Paul Calderone | aa6c069 | 2010-09-08 22:43:09 -0400 | [diff] [blame] | 2917 | """ |
Jean-Paul Calderone | 07c9374 | 2010-07-30 10:53:41 -0400 | [diff] [blame] | 2918 | pkcs7 = load_pkcs7_data(FILETYPE_PEM, pkcs7Data) |
| 2919 | self.assertFalse(pkcs7.type_is_signedAndEnveloped()) |
| 2920 | |
Jean-Paul Calderone | b4754b9 | 2010-07-30 11:00:08 -0400 | [diff] [blame] | 2921 | def test_type_is_data(self): |
Jean-Paul Calderone | aa6c069 | 2010-09-08 22:43:09 -0400 | [diff] [blame] | 2922 | """ |
Alex Gaynor | 791212d | 2015-09-05 15:46:08 -0400 | [diff] [blame] | 2923 | :py:obj:`PKCS7Type.type_is_data` returns :py:obj:`False` if the PKCS7 |
| 2924 | object is not of the type data. |
Jean-Paul Calderone | aa6c069 | 2010-09-08 22:43:09 -0400 | [diff] [blame] | 2925 | """ |
Jean-Paul Calderone | b4754b9 | 2010-07-30 11:00:08 -0400 | [diff] [blame] | 2926 | pkcs7 = load_pkcs7_data(FILETYPE_PEM, pkcs7Data) |
| 2927 | self.assertFalse(pkcs7.type_is_data()) |
| 2928 | |
Jean-Paul Calderone | b4754b9 | 2010-07-30 11:00:08 -0400 | [diff] [blame] | 2929 | def test_type_is_data_wrong_args(self): |
Jean-Paul Calderone | aa6c069 | 2010-09-08 22:43:09 -0400 | [diff] [blame] | 2930 | """ |
Alex Gaynor | 791212d | 2015-09-05 15:46:08 -0400 | [diff] [blame] | 2931 | :py:obj:`PKCS7Type.type_is_data` raises :py:obj:`TypeError` if called |
| 2932 | with any arguments. |
Jean-Paul Calderone | aa6c069 | 2010-09-08 22:43:09 -0400 | [diff] [blame] | 2933 | """ |
Jean-Paul Calderone | b4754b9 | 2010-07-30 11:00:08 -0400 | [diff] [blame] | 2934 | pkcs7 = load_pkcs7_data(FILETYPE_PEM, pkcs7Data) |
| 2935 | self.assertRaises(TypeError, pkcs7.type_is_data, None) |
| 2936 | |
Jean-Paul Calderone | 97b28ca | 2010-07-30 10:56:07 -0400 | [diff] [blame] | 2937 | def test_get_type_name_wrong_args(self): |
Jean-Paul Calderone | aa6c069 | 2010-09-08 22:43:09 -0400 | [diff] [blame] | 2938 | """ |
Alex Gaynor | 791212d | 2015-09-05 15:46:08 -0400 | [diff] [blame] | 2939 | :py:obj:`PKCS7Type.get_type_name` raises :py:obj:`TypeError` if called |
| 2940 | with any arguments. |
Jean-Paul Calderone | aa6c069 | 2010-09-08 22:43:09 -0400 | [diff] [blame] | 2941 | """ |
Jean-Paul Calderone | 97b28ca | 2010-07-30 10:56:07 -0400 | [diff] [blame] | 2942 | pkcs7 = load_pkcs7_data(FILETYPE_PEM, pkcs7Data) |
| 2943 | self.assertRaises(TypeError, pkcs7.get_type_name, None) |
| 2944 | |
Jean-Paul Calderone | 4cbe05e | 2010-07-30 10:55:30 -0400 | [diff] [blame] | 2945 | def test_get_type_name(self): |
Jean-Paul Calderone | aa6c069 | 2010-09-08 22:43:09 -0400 | [diff] [blame] | 2946 | """ |
Alex Gaynor | 791212d | 2015-09-05 15:46:08 -0400 | [diff] [blame] | 2947 | :py:obj:`PKCS7Type.get_type_name` returns a :py:obj:`str` giving the |
| 2948 | type name. |
Jean-Paul Calderone | aa6c069 | 2010-09-08 22:43:09 -0400 | [diff] [blame] | 2949 | """ |
Jean-Paul Calderone | 4cbe05e | 2010-07-30 10:55:30 -0400 | [diff] [blame] | 2950 | pkcs7 = load_pkcs7_data(FILETYPE_PEM, pkcs7Data) |
Jean-Paul Calderone | 07640f1 | 2010-08-22 17:14:43 -0400 | [diff] [blame] | 2951 | self.assertEquals(pkcs7.get_type_name(), b('pkcs7-signedData')) |
Jean-Paul Calderone | 4cbe05e | 2010-07-30 10:55:30 -0400 | [diff] [blame] | 2952 | |
Jean-Paul Calderone | 4cbe05e | 2010-07-30 10:55:30 -0400 | [diff] [blame] | 2953 | def test_attribute(self): |
Jean-Paul Calderone | aa6c069 | 2010-09-08 22:43:09 -0400 | [diff] [blame] | 2954 | """ |
Alex Gaynor | 791212d | 2015-09-05 15:46:08 -0400 | [diff] [blame] | 2955 | If an attribute other than one of the methods tested here is accessed |
| 2956 | on an instance of :py:obj:`PKCS7Type`, :py:obj:`AttributeError` is |
| 2957 | raised. |
Jean-Paul Calderone | aa6c069 | 2010-09-08 22:43:09 -0400 | [diff] [blame] | 2958 | """ |
Jean-Paul Calderone | 4cbe05e | 2010-07-30 10:55:30 -0400 | [diff] [blame] | 2959 | pkcs7 = load_pkcs7_data(FILETYPE_PEM, pkcs7Data) |
| 2960 | self.assertRaises(AttributeError, getattr, pkcs7, "foo") |
| 2961 | |
| 2962 | |
Jean-Paul Calderone | b972559 | 2010-08-03 18:17:22 -0400 | [diff] [blame] | 2963 | class NetscapeSPKITests(TestCase, _PKeyInteractionTestsMixin): |
Jean-Paul Calderone | dc138fa | 2009-06-27 14:32:07 -0400 | [diff] [blame] | 2964 | """ |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 2965 | Tests for :py:obj:`OpenSSL.crypto.NetscapeSPKI`. |
Jean-Paul Calderone | dc138fa | 2009-06-27 14:32:07 -0400 | [diff] [blame] | 2966 | """ |
Alex Gaynor | aceb3e2 | 2015-09-05 12:00:22 -0400 | [diff] [blame] | 2967 | |
Jean-Paul Calderone | b972559 | 2010-08-03 18:17:22 -0400 | [diff] [blame] | 2968 | def signable(self): |
| 2969 | """ |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 2970 | Return a new :py:obj:`NetscapeSPKI` for use with signing tests. |
Jean-Paul Calderone | b972559 | 2010-08-03 18:17:22 -0400 | [diff] [blame] | 2971 | """ |
| 2972 | return NetscapeSPKI() |
| 2973 | |
Jean-Paul Calderone | 6864905 | 2009-07-17 21:14:27 -0400 | [diff] [blame] | 2974 | def test_type(self): |
| 2975 | """ |
Alex Gaynor | 791212d | 2015-09-05 15:46:08 -0400 | [diff] [blame] | 2976 | :py:obj:`NetscapeSPKI` and :py:obj:`NetscapeSPKIType` refer to the same |
| 2977 | type object and can be used to create instances of that type. |
Jean-Paul Calderone | 6864905 | 2009-07-17 21:14:27 -0400 | [diff] [blame] | 2978 | """ |
| 2979 | self.assertIdentical(NetscapeSPKI, NetscapeSPKIType) |
| 2980 | self.assertConsistentType(NetscapeSPKI, 'NetscapeSPKI') |
| 2981 | |
Jean-Paul Calderone | dc138fa | 2009-06-27 14:32:07 -0400 | [diff] [blame] | 2982 | def test_construction(self): |
| 2983 | """ |
Alex Gaynor | 791212d | 2015-09-05 15:46:08 -0400 | [diff] [blame] | 2984 | :py:obj:`NetscapeSPKI` returns an instance of |
| 2985 | :py:obj:`NetscapeSPKIType`. |
Jean-Paul Calderone | dc138fa | 2009-06-27 14:32:07 -0400 | [diff] [blame] | 2986 | """ |
| 2987 | nspki = NetscapeSPKI() |
| 2988 | self.assertTrue(isinstance(nspki, NetscapeSPKIType)) |
| 2989 | |
Jean-Paul Calderone | 969efaa | 2010-08-03 18:19:19 -0400 | [diff] [blame] | 2990 | def test_invalid_attribute(self): |
| 2991 | """ |
Alex Gaynor | 791212d | 2015-09-05 15:46:08 -0400 | [diff] [blame] | 2992 | Accessing a non-existent attribute of a :py:obj:`NetscapeSPKI` instance |
| 2993 | causes an :py:obj:`AttributeError` to be raised. |
Jean-Paul Calderone | 969efaa | 2010-08-03 18:19:19 -0400 | [diff] [blame] | 2994 | """ |
| 2995 | nspki = NetscapeSPKI() |
| 2996 | self.assertRaises(AttributeError, lambda: nspki.foo) |
| 2997 | |
Jean-Paul Calderone | 06ada9f | 2010-08-03 18:26:52 -0400 | [diff] [blame] | 2998 | def test_b64_encode(self): |
| 2999 | """ |
Alex Gaynor | 791212d | 2015-09-05 15:46:08 -0400 | [diff] [blame] | 3000 | :py:obj:`NetscapeSPKI.b64_encode` encodes the certificate to a base64 |
| 3001 | blob. |
Jean-Paul Calderone | 06ada9f | 2010-08-03 18:26:52 -0400 | [diff] [blame] | 3002 | """ |
| 3003 | nspki = NetscapeSPKI() |
| 3004 | blob = nspki.b64_encode() |
Jean-Paul Calderone | 4f0467a | 2014-01-11 11:58:41 -0500 | [diff] [blame] | 3005 | self.assertTrue(isinstance(blob, binary_type)) |
Jean-Paul Calderone | 06ada9f | 2010-08-03 18:26:52 -0400 | [diff] [blame] | 3006 | |
| 3007 | |
Paul Kehrer | 2c605ba | 2016-03-11 11:17:26 -0400 | [diff] [blame] | 3008 | class TestRevoked(object): |
| 3009 | """ |
| 3010 | Please add test cases for the Revoked class here if possible. This class |
| 3011 | holds the new py.test style tests. |
| 3012 | """ |
| 3013 | def test_ignores_unsupported_revoked_cert_extension_get_reason(self): |
| 3014 | """ |
| 3015 | The get_reason method on the Revoked class checks to see if the |
| 3016 | extension is NID_crl_reason and should skip it otherwise. This test |
| 3017 | loads a CRL with extensions it should ignore. |
| 3018 | """ |
| 3019 | crl = load_crl(FILETYPE_PEM, crlDataUnsupportedExtension) |
| 3020 | revoked = crl.get_revoked() |
| 3021 | reason = revoked[1].get_reason() |
| 3022 | assert reason == b'Unspecified' |
| 3023 | |
| 3024 | def test_ignores_unsupported_revoked_cert_extension_set_new_reason(self): |
| 3025 | crl = load_crl(FILETYPE_PEM, crlDataUnsupportedExtension) |
| 3026 | revoked = crl.get_revoked() |
| 3027 | revoked[1].set_reason(None) |
| 3028 | reason = revoked[1].get_reason() |
| 3029 | assert reason is None |
| 3030 | |
| 3031 | |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 3032 | class RevokedTests(TestCase): |
| 3033 | """ |
Paul Kehrer | 2c605ba | 2016-03-11 11:17:26 -0400 | [diff] [blame] | 3034 | Tests for :py:obj:`OpenSSL.crypto.Revoked`. Please add test cases to |
| 3035 | TestRevoked above if possible. |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 3036 | """ |
Alex Gaynor | aceb3e2 | 2015-09-05 12:00:22 -0400 | [diff] [blame] | 3037 | |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 3038 | def test_construction(self): |
| 3039 | """ |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 3040 | Confirm we can create :py:obj:`OpenSSL.crypto.Revoked`. Check |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 3041 | that it is empty. |
| 3042 | """ |
| 3043 | revoked = Revoked() |
Jean-Paul Calderone | eacad4a | 2010-08-22 17:12:55 -0400 | [diff] [blame] | 3044 | self.assertTrue(isinstance(revoked, Revoked)) |
| 3045 | self.assertEquals(type(revoked), Revoked) |
| 3046 | self.assertEquals(revoked.get_serial(), b('00')) |
| 3047 | self.assertEquals(revoked.get_rev_date(), None) |
| 3048 | self.assertEquals(revoked.get_reason(), None) |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 3049 | |
Jean-Paul Calderone | 4f74bfe | 2010-01-30 14:32:49 -0500 | [diff] [blame] | 3050 | def test_construction_wrong_args(self): |
| 3051 | """ |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 3052 | Calling :py:obj:`OpenSSL.crypto.Revoked` with any arguments results |
| 3053 | in a :py:obj:`TypeError` being raised. |
Jean-Paul Calderone | 4f74bfe | 2010-01-30 14:32:49 -0500 | [diff] [blame] | 3054 | """ |
| 3055 | self.assertRaises(TypeError, Revoked, None) |
| 3056 | self.assertRaises(TypeError, Revoked, 1) |
| 3057 | self.assertRaises(TypeError, Revoked, "foo") |
| 3058 | |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 3059 | def test_serial(self): |
| 3060 | """ |
Jean-Paul Calderone | b98eae0 | 2010-01-30 13:18:04 -0500 | [diff] [blame] | 3061 | Confirm we can set and get serial numbers from |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 3062 | :py:obj:`OpenSSL.crypto.Revoked`. Confirm errors are handled |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 3063 | with grace. |
| 3064 | """ |
| 3065 | revoked = Revoked() |
Jean-Paul Calderone | eacad4a | 2010-08-22 17:12:55 -0400 | [diff] [blame] | 3066 | ret = revoked.set_serial(b('10b')) |
| 3067 | self.assertEquals(ret, None) |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 3068 | ser = revoked.get_serial() |
Jean-Paul Calderone | eacad4a | 2010-08-22 17:12:55 -0400 | [diff] [blame] | 3069 | self.assertEquals(ser, b('010B')) |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 3070 | |
Jean-Paul Calderone | eacad4a | 2010-08-22 17:12:55 -0400 | [diff] [blame] | 3071 | revoked.set_serial(b('31ppp')) # a type error would be nice |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 3072 | ser = revoked.get_serial() |
Jean-Paul Calderone | eacad4a | 2010-08-22 17:12:55 -0400 | [diff] [blame] | 3073 | self.assertEquals(ser, b('31')) |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 3074 | |
Jean-Paul Calderone | eacad4a | 2010-08-22 17:12:55 -0400 | [diff] [blame] | 3075 | self.assertRaises(ValueError, revoked.set_serial, b('pqrst')) |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 3076 | self.assertRaises(TypeError, revoked.set_serial, 100) |
Jean-Paul Calderone | 4f74bfe | 2010-01-30 14:32:49 -0500 | [diff] [blame] | 3077 | self.assertRaises(TypeError, revoked.get_serial, 1) |
| 3078 | self.assertRaises(TypeError, revoked.get_serial, None) |
| 3079 | self.assertRaises(TypeError, revoked.get_serial, "") |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 3080 | |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 3081 | def test_date(self): |
| 3082 | """ |
Jean-Paul Calderone | b98eae0 | 2010-01-30 13:18:04 -0500 | [diff] [blame] | 3083 | Confirm we can set and get revocation dates from |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 3084 | :py:obj:`OpenSSL.crypto.Revoked`. Confirm errors are handled |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 3085 | with grace. |
| 3086 | """ |
| 3087 | revoked = Revoked() |
| 3088 | date = revoked.get_rev_date() |
Jean-Paul Calderone | eacad4a | 2010-08-22 17:12:55 -0400 | [diff] [blame] | 3089 | self.assertEquals(date, None) |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 3090 | |
Jean-Paul Calderone | eacad4a | 2010-08-22 17:12:55 -0400 | [diff] [blame] | 3091 | now = b(datetime.now().strftime("%Y%m%d%H%M%SZ")) |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 3092 | ret = revoked.set_rev_date(now) |
Jean-Paul Calderone | eacad4a | 2010-08-22 17:12:55 -0400 | [diff] [blame] | 3093 | self.assertEqual(ret, None) |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 3094 | date = revoked.get_rev_date() |
Jean-Paul Calderone | eacad4a | 2010-08-22 17:12:55 -0400 | [diff] [blame] | 3095 | self.assertEqual(date, now) |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 3096 | |
Rick Dean | 6385faf | 2009-07-26 00:07:47 -0500 | [diff] [blame] | 3097 | def test_reason(self): |
| 3098 | """ |
Jean-Paul Calderone | b98eae0 | 2010-01-30 13:18:04 -0500 | [diff] [blame] | 3099 | Confirm we can set and get revocation reasons from |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 3100 | :py:obj:`OpenSSL.crypto.Revoked`. The "get" need to work |
Rick Dean | 6385faf | 2009-07-26 00:07:47 -0500 | [diff] [blame] | 3101 | as "set". Likewise, each reason of all_reasons() must work. |
| 3102 | """ |
| 3103 | revoked = Revoked() |
| 3104 | for r in revoked.all_reasons(): |
Jean-Paul Calderone | eacad4a | 2010-08-22 17:12:55 -0400 | [diff] [blame] | 3105 | for x in range(2): |
Rick Dean | 6385faf | 2009-07-26 00:07:47 -0500 | [diff] [blame] | 3106 | ret = revoked.set_reason(r) |
Jean-Paul Calderone | eacad4a | 2010-08-22 17:12:55 -0400 | [diff] [blame] | 3107 | self.assertEquals(ret, None) |
Rick Dean | 6385faf | 2009-07-26 00:07:47 -0500 | [diff] [blame] | 3108 | reason = revoked.get_reason() |
Jean-Paul Calderone | eacad4a | 2010-08-22 17:12:55 -0400 | [diff] [blame] | 3109 | self.assertEquals( |
| 3110 | reason.lower().replace(b(' '), b('')), |
| 3111 | r.lower().replace(b(' '), b(''))) |
Alex Gaynor | aceb3e2 | 2015-09-05 12:00:22 -0400 | [diff] [blame] | 3112 | r = reason # again with the resp of get |
Rick Dean | 6385faf | 2009-07-26 00:07:47 -0500 | [diff] [blame] | 3113 | |
| 3114 | revoked.set_reason(None) |
| 3115 | self.assertEqual(revoked.get_reason(), None) |
| 3116 | |
Jean-Paul Calderone | 4f74bfe | 2010-01-30 14:32:49 -0500 | [diff] [blame] | 3117 | def test_set_reason_wrong_arguments(self): |
Rick Dean | 6385faf | 2009-07-26 00:07:47 -0500 | [diff] [blame] | 3118 | """ |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 3119 | Calling :py:obj:`OpenSSL.crypto.Revoked.set_reason` with other than |
Jean-Paul Calderone | 4f74bfe | 2010-01-30 14:32:49 -0500 | [diff] [blame] | 3120 | one argument, or an argument which isn't a valid reason, |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 3121 | results in :py:obj:`TypeError` or :py:obj:`ValueError` being raised. |
Rick Dean | 6385faf | 2009-07-26 00:07:47 -0500 | [diff] [blame] | 3122 | """ |
| 3123 | revoked = Revoked() |
| 3124 | self.assertRaises(TypeError, revoked.set_reason, 100) |
Jean-Paul Calderone | 281b62b | 2010-08-28 14:22:29 -0400 | [diff] [blame] | 3125 | self.assertRaises(ValueError, revoked.set_reason, b('blue')) |
Rick Dean | 6385faf | 2009-07-26 00:07:47 -0500 | [diff] [blame] | 3126 | |
Jean-Paul Calderone | 4f74bfe | 2010-01-30 14:32:49 -0500 | [diff] [blame] | 3127 | def test_get_reason_wrong_arguments(self): |
| 3128 | """ |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 3129 | Calling :py:obj:`OpenSSL.crypto.Revoked.get_reason` with any |
| 3130 | arguments results in :py:obj:`TypeError` being raised. |
Jean-Paul Calderone | 4f74bfe | 2010-01-30 14:32:49 -0500 | [diff] [blame] | 3131 | """ |
| 3132 | revoked = Revoked() |
| 3133 | self.assertRaises(TypeError, revoked.get_reason, None) |
| 3134 | self.assertRaises(TypeError, revoked.get_reason, 1) |
| 3135 | self.assertRaises(TypeError, revoked.get_reason, "foo") |
| 3136 | |
| 3137 | |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 3138 | class CRLTests(TestCase): |
| 3139 | """ |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 3140 | Tests for :py:obj:`OpenSSL.crypto.CRL` |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 3141 | """ |
| 3142 | cert = load_certificate(FILETYPE_PEM, cleartextCertificatePEM) |
| 3143 | pkey = load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM) |
| 3144 | |
Dan Sully | 44e767a | 2016-06-04 18:05:27 -0700 | [diff] [blame] | 3145 | root_cert = load_certificate(FILETYPE_PEM, root_cert_pem) |
| 3146 | root_key = load_privatekey(FILETYPE_PEM, root_key_pem) |
| 3147 | intermediate_cert = load_certificate(FILETYPE_PEM, intermediate_cert_pem) |
| 3148 | intermediate_key = load_privatekey(FILETYPE_PEM, intermediate_key_pem) |
| 3149 | intermediate_server_cert = load_certificate( |
| 3150 | FILETYPE_PEM, intermediate_server_cert_pem) |
| 3151 | intermediate_server_key = load_privatekey( |
| 3152 | FILETYPE_PEM, intermediate_server_key_pem) |
| 3153 | |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 3154 | def test_construction(self): |
| 3155 | """ |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 3156 | Confirm we can create :py:obj:`OpenSSL.crypto.CRL`. Check |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 3157 | that it is empty |
| 3158 | """ |
| 3159 | crl = CRL() |
Alex Gaynor | 7f63649 | 2015-09-04 13:26:52 -0400 | [diff] [blame] | 3160 | self.assertTrue(isinstance(crl, CRL)) |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 3161 | self.assertEqual(crl.get_revoked(), None) |
| 3162 | |
Jean-Paul Calderone | 2efd03e | 2010-01-30 13:59:55 -0500 | [diff] [blame] | 3163 | def test_construction_wrong_args(self): |
| 3164 | """ |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 3165 | Calling :py:obj:`OpenSSL.crypto.CRL` with any number of arguments |
| 3166 | results in a :py:obj:`TypeError` being raised. |
Jean-Paul Calderone | 2efd03e | 2010-01-30 13:59:55 -0500 | [diff] [blame] | 3167 | """ |
| 3168 | self.assertRaises(TypeError, CRL, 1) |
| 3169 | self.assertRaises(TypeError, CRL, "") |
| 3170 | self.assertRaises(TypeError, CRL, None) |
| 3171 | |
Jean-Paul Calderone | 6043279 | 2015-04-13 12:26:07 -0400 | [diff] [blame] | 3172 | def _get_crl(self): |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 3173 | """ |
Jean-Paul Calderone | 6043279 | 2015-04-13 12:26:07 -0400 | [diff] [blame] | 3174 | Get a new ``CRL`` with a revocation. |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 3175 | """ |
| 3176 | crl = CRL() |
| 3177 | revoked = Revoked() |
Jean-Paul Calderone | b894fe1 | 2010-08-22 19:30:19 -0400 | [diff] [blame] | 3178 | now = b(datetime.now().strftime("%Y%m%d%H%M%SZ")) |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 3179 | revoked.set_rev_date(now) |
Jean-Paul Calderone | b894fe1 | 2010-08-22 19:30:19 -0400 | [diff] [blame] | 3180 | revoked.set_serial(b('3ab')) |
| 3181 | revoked.set_reason(b('sUpErSeDEd')) |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 3182 | crl.add_revoked(revoked) |
Jean-Paul Calderone | 6043279 | 2015-04-13 12:26:07 -0400 | [diff] [blame] | 3183 | return crl |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 3184 | |
Jean-Paul Calderone | 6043279 | 2015-04-13 12:26:07 -0400 | [diff] [blame] | 3185 | def test_export_pem(self): |
| 3186 | """ |
| 3187 | If not passed a format, ``CRL.export`` returns a "PEM" format string |
| 3188 | representing a serial number, a revoked reason, and certificate issuer |
| 3189 | information. |
| 3190 | """ |
| 3191 | crl = self._get_crl() |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 3192 | # PEM format |
| 3193 | dumped_crl = crl.export(self.cert, self.pkey, days=20) |
Jean-Paul Calderone | 4f0467a | 2014-01-11 11:58:41 -0500 | [diff] [blame] | 3194 | text = _runopenssl(dumped_crl, b"crl", b"-noout", b"-text") |
Jean-Paul Calderone | 6043279 | 2015-04-13 12:26:07 -0400 | [diff] [blame] | 3195 | |
| 3196 | # These magic values are based on the way the CRL above was constructed |
| 3197 | # and with what certificate it was exported. |
Jean-Paul Calderone | b894fe1 | 2010-08-22 19:30:19 -0400 | [diff] [blame] | 3198 | text.index(b('Serial Number: 03AB')) |
| 3199 | text.index(b('Superseded')) |
Jean-Paul Calderone | 6043279 | 2015-04-13 12:26:07 -0400 | [diff] [blame] | 3200 | text.index( |
| 3201 | b('Issuer: /C=US/ST=IL/L=Chicago/O=Testing/CN=Testing Root CA') |
| 3202 | ) |
| 3203 | |
Jean-Paul Calderone | 6043279 | 2015-04-13 12:26:07 -0400 | [diff] [blame] | 3204 | def test_export_der(self): |
| 3205 | """ |
| 3206 | If passed ``FILETYPE_ASN1`` for the format, ``CRL.export`` returns a |
| 3207 | "DER" format string representing a serial number, a revoked reason, and |
| 3208 | certificate issuer information. |
| 3209 | """ |
| 3210 | crl = self._get_crl() |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 3211 | |
| 3212 | # DER format |
| 3213 | dumped_crl = crl.export(self.cert, self.pkey, FILETYPE_ASN1) |
Jean-Paul Calderone | 6043279 | 2015-04-13 12:26:07 -0400 | [diff] [blame] | 3214 | text = _runopenssl( |
| 3215 | dumped_crl, b"crl", b"-noout", b"-text", b"-inform", b"DER" |
| 3216 | ) |
Jean-Paul Calderone | b894fe1 | 2010-08-22 19:30:19 -0400 | [diff] [blame] | 3217 | text.index(b('Serial Number: 03AB')) |
| 3218 | text.index(b('Superseded')) |
Jean-Paul Calderone | 6043279 | 2015-04-13 12:26:07 -0400 | [diff] [blame] | 3219 | text.index( |
| 3220 | b('Issuer: /C=US/ST=IL/L=Chicago/O=Testing/CN=Testing Root CA') |
| 3221 | ) |
| 3222 | |
Jean-Paul Calderone | 6043279 | 2015-04-13 12:26:07 -0400 | [diff] [blame] | 3223 | def test_export_text(self): |
| 3224 | """ |
| 3225 | If passed ``FILETYPE_TEXT`` for the format, ``CRL.export`` returns a |
| 3226 | text format string like the one produced by the openssl command line |
| 3227 | tool. |
| 3228 | """ |
| 3229 | crl = self._get_crl() |
| 3230 | |
| 3231 | dumped_crl = crl.export(self.cert, self.pkey, FILETYPE_ASN1) |
| 3232 | text = _runopenssl( |
| 3233 | dumped_crl, b"crl", b"-noout", b"-text", b"-inform", b"DER" |
| 3234 | ) |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 3235 | |
| 3236 | # text format |
| 3237 | dumped_text = crl.export(self.cert, self.pkey, type=FILETYPE_TEXT) |
| 3238 | self.assertEqual(text, dumped_text) |
| 3239 | |
Jean-Paul Calderone | 6043279 | 2015-04-13 12:26:07 -0400 | [diff] [blame] | 3240 | def test_export_custom_digest(self): |
| 3241 | """ |
| 3242 | If passed the name of a digest function, ``CRL.export`` uses a |
| 3243 | signature algorithm based on that digest function. |
| 3244 | """ |
| 3245 | crl = self._get_crl() |
Jean-Paul Calderone | cce22d0 | 2015-04-13 13:56:09 -0400 | [diff] [blame] | 3246 | dumped_crl = crl.export(self.cert, self.pkey, digest=b"sha1") |
Bulat Gaifullin | 1966c97 | 2014-09-22 09:47:20 +0400 | [diff] [blame] | 3247 | text = _runopenssl(dumped_crl, b"crl", b"-noout", b"-text") |
| 3248 | text.index(b('Signature Algorithm: sha1')) |
| 3249 | |
Jean-Paul Calderone | cce22d0 | 2015-04-13 13:56:09 -0400 | [diff] [blame] | 3250 | def test_export_md5_digest(self): |
| 3251 | """ |
| 3252 | If passed md5 as the digest function, ``CRL.export`` uses md5 and does |
| 3253 | not emit a deprecation warning. |
| 3254 | """ |
| 3255 | crl = self._get_crl() |
| 3256 | with catch_warnings(record=True) as catcher: |
| 3257 | simplefilter("always") |
| 3258 | self.assertEqual(0, len(catcher)) |
| 3259 | dumped_crl = crl.export(self.cert, self.pkey, digest=b"md5") |
| 3260 | text = _runopenssl(dumped_crl, b"crl", b"-noout", b"-text") |
| 3261 | text.index(b('Signature Algorithm: md5')) |
| 3262 | |
Jean-Paul Calderone | 6043279 | 2015-04-13 12:26:07 -0400 | [diff] [blame] | 3263 | def test_export_default_digest(self): |
| 3264 | """ |
| 3265 | If not passed the name of a digest function, ``CRL.export`` uses a |
| 3266 | signature algorithm based on MD5 and emits a deprecation warning. |
| 3267 | """ |
| 3268 | crl = self._get_crl() |
| 3269 | with catch_warnings(record=True) as catcher: |
| 3270 | simplefilter("always") |
| 3271 | dumped_crl = crl.export(self.cert, self.pkey) |
| 3272 | self.assertEqual( |
| 3273 | "The default message digest (md5) is deprecated. " |
| 3274 | "Pass the name of a message digest explicitly.", |
| 3275 | str(catcher[0].message), |
| 3276 | ) |
Bulat Gaifullin | 1966c97 | 2014-09-22 09:47:20 +0400 | [diff] [blame] | 3277 | text = _runopenssl(dumped_crl, b"crl", b"-noout", b"-text") |
| 3278 | text.index(b('Signature Algorithm: md5')) |
| 3279 | |
Jean-Paul Calderone | c7293bc | 2011-09-13 15:24:38 -0400 | [diff] [blame] | 3280 | def test_export_invalid(self): |
| 3281 | """ |
| 3282 | If :py:obj:`CRL.export` is used with an uninitialized :py:obj:`X509` |
Jean-Paul Calderone | b587107 | 2012-03-09 14:58:00 -0800 | [diff] [blame] | 3283 | instance, :py:obj:`OpenSSL.crypto.Error` is raised. |
Jean-Paul Calderone | c7293bc | 2011-09-13 15:24:38 -0400 | [diff] [blame] | 3284 | """ |
| 3285 | crl = CRL() |
| 3286 | self.assertRaises(Error, crl.export, X509(), PKey()) |
| 3287 | |
Jean-Paul Calderone | 5651534 | 2010-01-30 13:49:38 -0500 | [diff] [blame] | 3288 | def test_add_revoked_keyword(self): |
| 3289 | """ |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 3290 | :py:obj:`OpenSSL.CRL.add_revoked` accepts its single argument as the |
Jean-Paul Calderone | 64efa2c | 2011-09-11 10:00:09 -0400 | [diff] [blame] | 3291 | ``revoked`` keyword argument. |
Jean-Paul Calderone | 5651534 | 2010-01-30 13:49:38 -0500 | [diff] [blame] | 3292 | """ |
| 3293 | crl = CRL() |
| 3294 | revoked = Revoked() |
Paul Kehrer | b11bffc | 2016-03-10 18:30:29 -0400 | [diff] [blame] | 3295 | revoked.set_serial(b"01") |
Paul Kehrer | 2fe23b0 | 2016-03-09 22:02:15 -0400 | [diff] [blame] | 3296 | revoked.set_rev_date(b"20160310020145Z") |
Jean-Paul Calderone | 5651534 | 2010-01-30 13:49:38 -0500 | [diff] [blame] | 3297 | crl.add_revoked(revoked=revoked) |
| 3298 | self.assertTrue(isinstance(crl.get_revoked()[0], Revoked)) |
| 3299 | |
Jean-Paul Calderone | 883ca4b | 2010-01-30 13:55:13 -0500 | [diff] [blame] | 3300 | def test_export_wrong_args(self): |
| 3301 | """ |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 3302 | Calling :py:obj:`OpenSSL.CRL.export` with fewer than two or more than |
Jean-Paul Calderone | f151586 | 2010-01-30 13:57:03 -0500 | [diff] [blame] | 3303 | four arguments, or with arguments other than the certificate, |
| 3304 | private key, integer file type, and integer number of days it |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 3305 | expects, results in a :py:obj:`TypeError` being raised. |
Jean-Paul Calderone | 883ca4b | 2010-01-30 13:55:13 -0500 | [diff] [blame] | 3306 | """ |
| 3307 | crl = CRL() |
| 3308 | self.assertRaises(TypeError, crl.export) |
| 3309 | self.assertRaises(TypeError, crl.export, self.cert) |
Alex Gaynor | 85b4970 | 2015-09-05 16:30:59 -0400 | [diff] [blame] | 3310 | with pytest.raises(TypeError): |
| 3311 | crl.export(self.cert, self.pkey, FILETYPE_PEM, 10, "md5", "foo") |
| 3312 | with pytest.raises(TypeError): |
| 3313 | crl.export(None, self.pkey, FILETYPE_PEM, 10) |
| 3314 | with pytest.raises(TypeError): |
| 3315 | crl.export(self.cert, None, FILETYPE_PEM, 10) |
| 3316 | with pytest.raises(TypeError): |
| 3317 | crl.export(self.cert, self.pkey, None, 10) |
Jean-Paul Calderone | f151586 | 2010-01-30 13:57:03 -0500 | [diff] [blame] | 3318 | self.assertRaises(TypeError, crl.export, self.cert, FILETYPE_PEM, None) |
| 3319 | |
Jean-Paul Calderone | ea19842 | 2010-01-30 13:58:23 -0500 | [diff] [blame] | 3320 | def test_export_unknown_filetype(self): |
| 3321 | """ |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 3322 | Calling :py:obj:`OpenSSL.CRL.export` with a file type other than |
Alex Gaynor | 791212d | 2015-09-05 15:46:08 -0400 | [diff] [blame] | 3323 | :py:obj:`FILETYPE_PEM`, :py:obj:`FILETYPE_ASN1`, or |
| 3324 | :py:obj:`FILETYPE_TEXT` results in a :py:obj:`ValueError` being raised. |
Jean-Paul Calderone | ea19842 | 2010-01-30 13:58:23 -0500 | [diff] [blame] | 3325 | """ |
| 3326 | crl = CRL() |
Alex Gaynor | 85b4970 | 2015-09-05 16:30:59 -0400 | [diff] [blame] | 3327 | with pytest.raises(ValueError): |
| 3328 | crl.export(self.cert, self.pkey, 100, 10) |
Jean-Paul Calderone | ea19842 | 2010-01-30 13:58:23 -0500 | [diff] [blame] | 3329 | |
Bulat Gaifullin | 925f786 | 2014-09-22 10:10:44 +0400 | [diff] [blame] | 3330 | def test_export_unknown_digest(self): |
Bulat Gaifullin | 5f9eea4 | 2014-09-23 19:35:15 +0400 | [diff] [blame] | 3331 | """ |
Alex Gaynor | ca87ff6 | 2015-09-04 23:31:03 -0400 | [diff] [blame] | 3332 | Calling :py:obj:`OpenSSL.CRL.export` with an unsupported digest results |
Bulat Gaifullin | 5f9eea4 | 2014-09-23 19:35:15 +0400 | [diff] [blame] | 3333 | in a :py:obj:`ValueError` being raised. |
| 3334 | """ |
Bulat Gaifullin | 925f786 | 2014-09-22 10:10:44 +0400 | [diff] [blame] | 3335 | crl = CRL() |
Jean-Paul Calderone | 9be8519 | 2015-04-13 21:20:51 -0400 | [diff] [blame] | 3336 | self.assertRaises( |
| 3337 | ValueError, |
| 3338 | crl.export, |
| 3339 | self.cert, self.pkey, FILETYPE_PEM, 10, b"strange-digest" |
| 3340 | ) |
Bulat Gaifullin | 925f786 | 2014-09-22 10:10:44 +0400 | [diff] [blame] | 3341 | |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 3342 | def test_get_revoked(self): |
| 3343 | """ |
Jean-Paul Calderone | b98eae0 | 2010-01-30 13:18:04 -0500 | [diff] [blame] | 3344 | Use python to create a simple CRL with two revocations. |
Alex Gaynor | 791212d | 2015-09-05 15:46:08 -0400 | [diff] [blame] | 3345 | Get back the :py:obj:`Revoked` using :py:obj:`OpenSSL.CRL.get_revoked` |
| 3346 | and verify them. |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 3347 | """ |
| 3348 | crl = CRL() |
| 3349 | |
| 3350 | revoked = Revoked() |
Jean-Paul Calderone | b894fe1 | 2010-08-22 19:30:19 -0400 | [diff] [blame] | 3351 | now = b(datetime.now().strftime("%Y%m%d%H%M%SZ")) |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 3352 | revoked.set_rev_date(now) |
Jean-Paul Calderone | b894fe1 | 2010-08-22 19:30:19 -0400 | [diff] [blame] | 3353 | revoked.set_serial(b('3ab')) |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 3354 | crl.add_revoked(revoked) |
Jean-Paul Calderone | b894fe1 | 2010-08-22 19:30:19 -0400 | [diff] [blame] | 3355 | revoked.set_serial(b('100')) |
| 3356 | revoked.set_reason(b('sUpErSeDEd')) |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 3357 | crl.add_revoked(revoked) |
| 3358 | |
| 3359 | revs = crl.get_revoked() |
| 3360 | self.assertEqual(len(revs), 2) |
| 3361 | self.assertEqual(type(revs[0]), Revoked) |
| 3362 | self.assertEqual(type(revs[1]), Revoked) |
Jean-Paul Calderone | b894fe1 | 2010-08-22 19:30:19 -0400 | [diff] [blame] | 3363 | self.assertEqual(revs[0].get_serial(), b('03AB')) |
| 3364 | self.assertEqual(revs[1].get_serial(), b('0100')) |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 3365 | self.assertEqual(revs[0].get_rev_date(), now) |
| 3366 | self.assertEqual(revs[1].get_rev_date(), now) |
| 3367 | |
Jean-Paul Calderone | 46bdce4 | 2010-01-30 13:44:16 -0500 | [diff] [blame] | 3368 | def test_get_revoked_wrong_args(self): |
| 3369 | """ |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 3370 | Calling :py:obj:`OpenSSL.CRL.get_revoked` with any arguments results |
| 3371 | in a :py:obj:`TypeError` being raised. |
Jean-Paul Calderone | 46bdce4 | 2010-01-30 13:44:16 -0500 | [diff] [blame] | 3372 | """ |
| 3373 | crl = CRL() |
| 3374 | self.assertRaises(TypeError, crl.get_revoked, None) |
| 3375 | self.assertRaises(TypeError, crl.get_revoked, 1) |
| 3376 | self.assertRaises(TypeError, crl.get_revoked, "") |
| 3377 | self.assertRaises(TypeError, crl.get_revoked, "", 1, None) |
| 3378 | |
Jean-Paul Calderone | ecef6fa | 2010-01-30 13:47:18 -0500 | [diff] [blame] | 3379 | def test_add_revoked_wrong_args(self): |
| 3380 | """ |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 3381 | Calling :py:obj:`OpenSSL.CRL.add_revoked` with other than one |
| 3382 | argument results in a :py:obj:`TypeError` being raised. |
Jean-Paul Calderone | ecef6fa | 2010-01-30 13:47:18 -0500 | [diff] [blame] | 3383 | """ |
| 3384 | crl = CRL() |
| 3385 | self.assertRaises(TypeError, crl.add_revoked) |
| 3386 | self.assertRaises(TypeError, crl.add_revoked, 1, 2) |
| 3387 | self.assertRaises(TypeError, crl.add_revoked, "foo", "bar") |
| 3388 | |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 3389 | def test_load_crl(self): |
| 3390 | """ |
| 3391 | Load a known CRL and inspect its revocations. Both |
| 3392 | PEM and DER formats are loaded. |
| 3393 | """ |
Jean-Paul Calderone | 3eb5cc7 | 2010-01-30 15:24:40 -0500 | [diff] [blame] | 3394 | crl = load_crl(FILETYPE_PEM, crlData) |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 3395 | revs = crl.get_revoked() |
| 3396 | self.assertEqual(len(revs), 2) |
Jean-Paul Calderone | b894fe1 | 2010-08-22 19:30:19 -0400 | [diff] [blame] | 3397 | self.assertEqual(revs[0].get_serial(), b('03AB')) |
Rick Dean | 6385faf | 2009-07-26 00:07:47 -0500 | [diff] [blame] | 3398 | self.assertEqual(revs[0].get_reason(), None) |
Jean-Paul Calderone | b894fe1 | 2010-08-22 19:30:19 -0400 | [diff] [blame] | 3399 | self.assertEqual(revs[1].get_serial(), b('0100')) |
| 3400 | self.assertEqual(revs[1].get_reason(), b('Superseded')) |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 3401 | |
Jean-Paul Calderone | 4f0467a | 2014-01-11 11:58:41 -0500 | [diff] [blame] | 3402 | der = _runopenssl(crlData, b"crl", b"-outform", b"DER") |
Jean-Paul Calderone | b98eae0 | 2010-01-30 13:18:04 -0500 | [diff] [blame] | 3403 | crl = load_crl(FILETYPE_ASN1, der) |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 3404 | revs = crl.get_revoked() |
| 3405 | self.assertEqual(len(revs), 2) |
Jean-Paul Calderone | b894fe1 | 2010-08-22 19:30:19 -0400 | [diff] [blame] | 3406 | self.assertEqual(revs[0].get_serial(), b('03AB')) |
Rick Dean | 6385faf | 2009-07-26 00:07:47 -0500 | [diff] [blame] | 3407 | self.assertEqual(revs[0].get_reason(), None) |
Jean-Paul Calderone | b894fe1 | 2010-08-22 19:30:19 -0400 | [diff] [blame] | 3408 | self.assertEqual(revs[1].get_serial(), b('0100')) |
| 3409 | self.assertEqual(revs[1].get_reason(), b('Superseded')) |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 3410 | |
Jean-Paul Calderone | 3eb5cc7 | 2010-01-30 15:24:40 -0500 | [diff] [blame] | 3411 | def test_load_crl_wrong_args(self): |
| 3412 | """ |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 3413 | Calling :py:obj:`OpenSSL.crypto.load_crl` with other than two |
| 3414 | arguments results in a :py:obj:`TypeError` being raised. |
Jean-Paul Calderone | 3eb5cc7 | 2010-01-30 15:24:40 -0500 | [diff] [blame] | 3415 | """ |
| 3416 | self.assertRaises(TypeError, load_crl) |
| 3417 | self.assertRaises(TypeError, load_crl, FILETYPE_PEM) |
| 3418 | self.assertRaises(TypeError, load_crl, FILETYPE_PEM, crlData, None) |
| 3419 | |
Jean-Paul Calderone | 3eb5cc7 | 2010-01-30 15:24:40 -0500 | [diff] [blame] | 3420 | def test_load_crl_bad_filetype(self): |
| 3421 | """ |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 3422 | Calling :py:obj:`OpenSSL.crypto.load_crl` with an unknown file type |
| 3423 | raises a :py:obj:`ValueError`. |
Jean-Paul Calderone | 3eb5cc7 | 2010-01-30 15:24:40 -0500 | [diff] [blame] | 3424 | """ |
| 3425 | self.assertRaises(ValueError, load_crl, 100, crlData) |
| 3426 | |
Jean-Paul Calderone | 3eb5cc7 | 2010-01-30 15:24:40 -0500 | [diff] [blame] | 3427 | def test_load_crl_bad_data(self): |
| 3428 | """ |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 3429 | Calling :py:obj:`OpenSSL.crypto.load_crl` with file data which can't |
| 3430 | be loaded raises a :py:obj:`OpenSSL.crypto.Error`. |
Jean-Paul Calderone | 3eb5cc7 | 2010-01-30 15:24:40 -0500 | [diff] [blame] | 3431 | """ |
Jean-Paul Calderone | 4f0467a | 2014-01-11 11:58:41 -0500 | [diff] [blame] | 3432 | self.assertRaises(Error, load_crl, FILETYPE_PEM, b"hello, world") |
Jean-Paul Calderone | 3eb5cc7 | 2010-01-30 15:24:40 -0500 | [diff] [blame] | 3433 | |
Dan Sully | 44e767a | 2016-06-04 18:05:27 -0700 | [diff] [blame] | 3434 | def test_get_issuer(self): |
| 3435 | """ |
| 3436 | Load a known CRL and assert its issuer's common name is |
| 3437 | what we expect from the encoded crlData string. |
| 3438 | """ |
| 3439 | crl = load_crl(FILETYPE_PEM, crlData) |
| 3440 | self.assertTrue(isinstance(crl.get_issuer(), X509Name)) |
| 3441 | self.assertEqual(crl.get_issuer().CN, 'Testing Root CA') |
| 3442 | |
Dominic Chen | f05b212 | 2015-10-13 16:32:35 +0000 | [diff] [blame] | 3443 | def test_dump_crl(self): |
| 3444 | """ |
| 3445 | The dumped CRL matches the original input. |
| 3446 | """ |
| 3447 | crl = load_crl(FILETYPE_PEM, crlData) |
| 3448 | buf = dump_crl(FILETYPE_PEM, crl) |
| 3449 | assert buf == crlData |
| 3450 | |
Dan Sully | 44e767a | 2016-06-04 18:05:27 -0700 | [diff] [blame] | 3451 | def _make_test_crl(self, issuer_cert, issuer_key, certs=()): |
| 3452 | """ |
| 3453 | Create a CRL. |
| 3454 | |
| 3455 | :param list[X509] certs: A list of certificates to revoke. |
| 3456 | :rtype: CRL |
| 3457 | """ |
| 3458 | crl = CRL() |
| 3459 | for cert in certs: |
| 3460 | revoked = Revoked() |
| 3461 | # FIXME: This string splicing is an unfortunate implementation |
| 3462 | # detail that has been reported in |
| 3463 | # https://github.com/pyca/pyopenssl/issues/258 |
| 3464 | serial = hex(cert.get_serial_number())[2:].encode('utf-8') |
| 3465 | revoked.set_serial(serial) |
| 3466 | revoked.set_reason(b'unspecified') |
| 3467 | revoked.set_rev_date(b'20140601000000Z') |
| 3468 | crl.add_revoked(revoked) |
| 3469 | crl.set_version(1) |
| 3470 | crl.set_lastUpdate(b'20140601000000Z') |
| 3471 | crl.set_nextUpdate(b'20180601000000Z') |
| 3472 | crl.sign(issuer_cert, issuer_key, digest=b'sha512') |
| 3473 | return crl |
| 3474 | |
| 3475 | def test_verify_with_revoked(self): |
| 3476 | """ |
| 3477 | :func:`verify_certificate` raises error when an intermediate |
| 3478 | certificate is revoked. |
| 3479 | """ |
| 3480 | store = X509Store() |
| 3481 | store.add_cert(self.root_cert) |
| 3482 | store.add_cert(self.intermediate_cert) |
| 3483 | root_crl = self._make_test_crl( |
| 3484 | self.root_cert, self.root_key, certs=[self.intermediate_cert]) |
| 3485 | intermediate_crl = self._make_test_crl( |
| 3486 | self.intermediate_cert, self.intermediate_key, certs=[]) |
| 3487 | store.add_crl(root_crl) |
| 3488 | store.add_crl(intermediate_crl) |
| 3489 | store.set_flags( |
| 3490 | X509StoreFlags.CRL_CHECK | X509StoreFlags.CRL_CHECK_ALL) |
| 3491 | store_ctx = X509StoreContext(store, self.intermediate_server_cert) |
| 3492 | e = self.assertRaises( |
| 3493 | X509StoreContextError, store_ctx.verify_certificate) |
| 3494 | self.assertEqual(e.args[0][2], 'certificate revoked') |
| 3495 | |
| 3496 | def test_verify_with_missing_crl(self): |
| 3497 | """ |
| 3498 | :func:`verify_certificate` raises error when an intermediate |
| 3499 | certificate's CRL is missing. |
| 3500 | """ |
| 3501 | store = X509Store() |
| 3502 | store.add_cert(self.root_cert) |
| 3503 | store.add_cert(self.intermediate_cert) |
| 3504 | root_crl = self._make_test_crl( |
| 3505 | self.root_cert, self.root_key, certs=[self.intermediate_cert]) |
| 3506 | store.add_crl(root_crl) |
| 3507 | store.set_flags( |
| 3508 | X509StoreFlags.CRL_CHECK | X509StoreFlags.CRL_CHECK_ALL) |
| 3509 | store_ctx = X509StoreContext(store, self.intermediate_server_cert) |
| 3510 | e = self.assertRaises( |
| 3511 | X509StoreContextError, store_ctx.verify_certificate) |
| 3512 | self.assertEqual(e.args[0][2], 'unable to get certificate CRL') |
| 3513 | self.assertEqual( |
| 3514 | e.certificate.get_subject().CN, 'intermediate-service') |
| 3515 | |
Jean-Paul Calderone | dc138fa | 2009-06-27 14:32:07 -0400 | [diff] [blame] | 3516 | |
Stephen Holsapple | 08ffaa6 | 2015-01-30 17:18:40 -0800 | [diff] [blame] | 3517 | class X509StoreContextTests(TestCase): |
Stephen Holsapple | 0d9815f | 2014-08-27 19:36:53 -0700 | [diff] [blame] | 3518 | """ |
Stephen Holsapple | 08ffaa6 | 2015-01-30 17:18:40 -0800 | [diff] [blame] | 3519 | Tests for :py:obj:`OpenSSL.crypto.X509StoreContext`. |
Stephen Holsapple | 0d9815f | 2014-08-27 19:36:53 -0700 | [diff] [blame] | 3520 | """ |
| 3521 | root_cert = load_certificate(FILETYPE_PEM, root_cert_pem) |
| 3522 | intermediate_cert = load_certificate(FILETYPE_PEM, intermediate_cert_pem) |
Alex Gaynor | 3128750 | 2015-09-05 16:11:27 -0400 | [diff] [blame] | 3523 | intermediate_server_cert = load_certificate( |
| 3524 | FILETYPE_PEM, intermediate_server_cert_pem) |
Stephen Holsapple | 0d9815f | 2014-08-27 19:36:53 -0700 | [diff] [blame] | 3525 | |
| 3526 | def test_valid(self): |
| 3527 | """ |
Alex Gaynor | 791212d | 2015-09-05 15:46:08 -0400 | [diff] [blame] | 3528 | :py:obj:`verify_certificate` returns ``None`` when called with a |
| 3529 | certificate and valid chain. |
Stephen Holsapple | 0d9815f | 2014-08-27 19:36:53 -0700 | [diff] [blame] | 3530 | """ |
| 3531 | store = X509Store() |
| 3532 | store.add_cert(self.root_cert) |
| 3533 | store.add_cert(self.intermediate_cert) |
| 3534 | store_ctx = X509StoreContext(store, self.intermediate_server_cert) |
Stephen Holsapple | 08ffaa6 | 2015-01-30 17:18:40 -0800 | [diff] [blame] | 3535 | self.assertEqual(store_ctx.verify_certificate(), None) |
Stephen Holsapple | 0d9815f | 2014-08-27 19:36:53 -0700 | [diff] [blame] | 3536 | |
| 3537 | def test_reuse(self): |
| 3538 | """ |
Stephen Holsapple | 08ffaa6 | 2015-01-30 17:18:40 -0800 | [diff] [blame] | 3539 | :py:obj:`verify_certificate` can be called multiple times with the same |
Jean-Paul Calderone | 06e01b9 | 2015-01-18 15:43:13 -0500 | [diff] [blame] | 3540 | ``X509StoreContext`` instance to produce the same result. |
Stephen Holsapple | 0d9815f | 2014-08-27 19:36:53 -0700 | [diff] [blame] | 3541 | """ |
| 3542 | store = X509Store() |
| 3543 | store.add_cert(self.root_cert) |
| 3544 | store.add_cert(self.intermediate_cert) |
| 3545 | store_ctx = X509StoreContext(store, self.intermediate_server_cert) |
Stephen Holsapple | 08ffaa6 | 2015-01-30 17:18:40 -0800 | [diff] [blame] | 3546 | self.assertEqual(store_ctx.verify_certificate(), None) |
| 3547 | self.assertEqual(store_ctx.verify_certificate(), None) |
Stephen Holsapple | 0d9815f | 2014-08-27 19:36:53 -0700 | [diff] [blame] | 3548 | |
| 3549 | def test_trusted_self_signed(self): |
| 3550 | """ |
Alex Gaynor | 791212d | 2015-09-05 15:46:08 -0400 | [diff] [blame] | 3551 | :py:obj:`verify_certificate` returns ``None`` when called with a |
| 3552 | self-signed certificate and itself in the chain. |
Stephen Holsapple | 0d9815f | 2014-08-27 19:36:53 -0700 | [diff] [blame] | 3553 | """ |
| 3554 | store = X509Store() |
| 3555 | store.add_cert(self.root_cert) |
| 3556 | store_ctx = X509StoreContext(store, self.root_cert) |
Stephen Holsapple | 08ffaa6 | 2015-01-30 17:18:40 -0800 | [diff] [blame] | 3557 | self.assertEqual(store_ctx.verify_certificate(), None) |
Stephen Holsapple | 0d9815f | 2014-08-27 19:36:53 -0700 | [diff] [blame] | 3558 | |
| 3559 | def test_untrusted_self_signed(self): |
| 3560 | """ |
Alex Gaynor | 791212d | 2015-09-05 15:46:08 -0400 | [diff] [blame] | 3561 | :py:obj:`verify_certificate` raises error when a self-signed |
| 3562 | certificate is verified without itself in the chain. |
Stephen Holsapple | 0d9815f | 2014-08-27 19:36:53 -0700 | [diff] [blame] | 3563 | """ |
| 3564 | store = X509Store() |
| 3565 | store_ctx = X509StoreContext(store, self.root_cert) |
Alex Gaynor | 85b4970 | 2015-09-05 16:30:59 -0400 | [diff] [blame] | 3566 | with pytest.raises(X509StoreContextError) as exc: |
| 3567 | store_ctx.verify_certificate() |
| 3568 | |
| 3569 | assert exc.value.args[0][2] == 'self signed certificate' |
| 3570 | assert exc.value.certificate.get_subject().CN == 'Testing Root CA' |
Jean-Paul Calderone | 517816e | 2015-01-18 15:39:26 -0500 | [diff] [blame] | 3571 | |
Stephen Holsapple | 0d9815f | 2014-08-27 19:36:53 -0700 | [diff] [blame] | 3572 | def test_invalid_chain_no_root(self): |
| 3573 | """ |
Alex Gaynor | 791212d | 2015-09-05 15:46:08 -0400 | [diff] [blame] | 3574 | :py:obj:`verify_certificate` raises error when a root certificate is |
| 3575 | missing from the chain. |
Stephen Holsapple | 0d9815f | 2014-08-27 19:36:53 -0700 | [diff] [blame] | 3576 | """ |
| 3577 | store = X509Store() |
| 3578 | store.add_cert(self.intermediate_cert) |
| 3579 | store_ctx = X509StoreContext(store, self.intermediate_server_cert) |
Alex Gaynor | 85b4970 | 2015-09-05 16:30:59 -0400 | [diff] [blame] | 3580 | |
| 3581 | with pytest.raises(X509StoreContextError) as exc: |
| 3582 | store_ctx.verify_certificate() |
| 3583 | |
| 3584 | assert exc.value.args[0][2] == 'unable to get issuer certificate' |
| 3585 | assert exc.value.certificate.get_subject().CN == 'intermediate' |
Jean-Paul Calderone | 517816e | 2015-01-18 15:39:26 -0500 | [diff] [blame] | 3586 | |
Stephen Holsapple | 0d9815f | 2014-08-27 19:36:53 -0700 | [diff] [blame] | 3587 | def test_invalid_chain_no_intermediate(self): |
| 3588 | """ |
Alex Gaynor | 791212d | 2015-09-05 15:46:08 -0400 | [diff] [blame] | 3589 | :py:obj:`verify_certificate` raises error when an intermediate |
| 3590 | certificate is missing from the chain. |
Stephen Holsapple | 0d9815f | 2014-08-27 19:36:53 -0700 | [diff] [blame] | 3591 | """ |
| 3592 | store = X509Store() |
| 3593 | store.add_cert(self.root_cert) |
| 3594 | store_ctx = X509StoreContext(store, self.intermediate_server_cert) |
Jean-Paul Calderone | 517816e | 2015-01-18 15:39:26 -0500 | [diff] [blame] | 3595 | |
Alex Gaynor | 85b4970 | 2015-09-05 16:30:59 -0400 | [diff] [blame] | 3596 | with pytest.raises(X509StoreContextError) as exc: |
| 3597 | store_ctx.verify_certificate() |
| 3598 | |
| 3599 | assert exc.value.args[0][2] == 'unable to get local issuer certificate' |
| 3600 | assert exc.value.certificate.get_subject().CN == 'intermediate-service' |
Stephen Holsapple | 0d9815f | 2014-08-27 19:36:53 -0700 | [diff] [blame] | 3601 | |
Stephen Holsapple | 46a0925 | 2015-02-12 14:45:43 -0800 | [diff] [blame] | 3602 | def test_modification_pre_verify(self): |
| 3603 | """ |
| 3604 | :py:obj:`verify_certificate` can use a store context modified after |
| 3605 | instantiation. |
| 3606 | """ |
| 3607 | store_bad = X509Store() |
| 3608 | store_bad.add_cert(self.intermediate_cert) |
| 3609 | store_good = X509Store() |
| 3610 | store_good.add_cert(self.root_cert) |
| 3611 | store_good.add_cert(self.intermediate_cert) |
| 3612 | store_ctx = X509StoreContext(store_bad, self.intermediate_server_cert) |
Alex Gaynor | 85b4970 | 2015-09-05 16:30:59 -0400 | [diff] [blame] | 3613 | |
| 3614 | with pytest.raises(X509StoreContextError) as exc: |
| 3615 | store_ctx.verify_certificate() |
| 3616 | |
| 3617 | assert exc.value.args[0][2] == 'unable to get issuer certificate' |
| 3618 | assert exc.value.certificate.get_subject().CN == 'intermediate' |
| 3619 | |
Stephen Holsapple | 46a0925 | 2015-02-12 14:45:43 -0800 | [diff] [blame] | 3620 | store_ctx.set_store(store_good) |
| 3621 | self.assertEqual(store_ctx.verify_certificate(), None) |
| 3622 | |
| 3623 | |
James Yonan | 7c2e5d3 | 2010-02-27 05:45:50 -0700 | [diff] [blame] | 3624 | class SignVerifyTests(TestCase): |
| 3625 | """ |
Alex Gaynor | 791212d | 2015-09-05 15:46:08 -0400 | [diff] [blame] | 3626 | Tests for :py:obj:`OpenSSL.crypto.sign` and |
| 3627 | :py:obj:`OpenSSL.crypto.verify`. |
James Yonan | 7c2e5d3 | 2010-02-27 05:45:50 -0700 | [diff] [blame] | 3628 | """ |
Alex Gaynor | aceb3e2 | 2015-09-05 12:00:22 -0400 | [diff] [blame] | 3629 | |
James Yonan | 7c2e5d3 | 2010-02-27 05:45:50 -0700 | [diff] [blame] | 3630 | def test_sign_verify(self): |
Jean-Paul Calderone | f3cb9d8 | 2010-06-22 10:29:33 -0400 | [diff] [blame] | 3631 | """ |
Alex Gaynor | 791212d | 2015-09-05 15:46:08 -0400 | [diff] [blame] | 3632 | :py:obj:`sign` generates a cryptographic signature which |
| 3633 | :py:obj:`verify` can check. |
Jean-Paul Calderone | f3cb9d8 | 2010-06-22 10:29:33 -0400 | [diff] [blame] | 3634 | """ |
Jean-Paul Calderone | ea305c5 | 2010-08-28 14:41:07 -0400 | [diff] [blame] | 3635 | content = b( |
Jean-Paul Calderone | b98ce21 | 2010-06-22 09:46:27 -0400 | [diff] [blame] | 3636 | "It was a bright cold day in April, and the clocks were striking " |
| 3637 | "thirteen. Winston Smith, his chin nuzzled into his breast in an " |
| 3638 | "effort to escape the vile wind, slipped quickly through the " |
| 3639 | "glass doors of Victory Mansions, though not quickly enough to " |
| 3640 | "prevent a swirl of gritty dust from entering along with him.") |
| 3641 | |
| 3642 | # sign the content with this private key |
Jean-Paul Calderone | f3cb9d8 | 2010-06-22 10:29:33 -0400 | [diff] [blame] | 3643 | priv_key = load_privatekey(FILETYPE_PEM, root_key_pem) |
Jean-Paul Calderone | b98ce21 | 2010-06-22 09:46:27 -0400 | [diff] [blame] | 3644 | # verify the content with this cert |
| 3645 | good_cert = load_certificate(FILETYPE_PEM, root_cert_pem) |
| 3646 | # certificate unrelated to priv_key, used to trigger an error |
| 3647 | bad_cert = load_certificate(FILETYPE_PEM, server_cert_pem) |
James Yonan | 7c2e5d3 | 2010-02-27 05:45:50 -0700 | [diff] [blame] | 3648 | |
Jean-Paul Calderone | d08feb0 | 2010-10-12 21:53:24 -0400 | [diff] [blame] | 3649 | for digest in ['md5', 'sha1']: |
James Yonan | 7c2e5d3 | 2010-02-27 05:45:50 -0700 | [diff] [blame] | 3650 | sig = sign(priv_key, content, digest) |
| 3651 | |
Alex Gaynor | aceb3e2 | 2015-09-05 12:00:22 -0400 | [diff] [blame] | 3652 | # Verify the signature of content, will throw an exception if |
| 3653 | # error. |
James Yonan | 7c2e5d3 | 2010-02-27 05:45:50 -0700 | [diff] [blame] | 3654 | verify(good_cert, sig, content, digest) |
| 3655 | |
| 3656 | # This should fail because the certificate doesn't match the |
| 3657 | # private key that was used to sign the content. |
| 3658 | self.assertRaises(Error, verify, bad_cert, sig, content, digest) |
| 3659 | |
| 3660 | # This should fail because we've "tainted" the content after |
| 3661 | # signing it. |
Jean-Paul Calderone | ea305c5 | 2010-08-28 14:41:07 -0400 | [diff] [blame] | 3662 | self.assertRaises( |
| 3663 | Error, verify, |
| 3664 | good_cert, sig, content + b("tainted"), digest) |
James Yonan | 7c2e5d3 | 2010-02-27 05:45:50 -0700 | [diff] [blame] | 3665 | |
| 3666 | # test that unknown digest types fail |
Jean-Paul Calderone | ea305c5 | 2010-08-28 14:41:07 -0400 | [diff] [blame] | 3667 | self.assertRaises( |
Jean-Paul Calderone | 9538f14 | 2010-10-13 22:13:40 -0400 | [diff] [blame] | 3668 | ValueError, sign, priv_key, content, "strange-digest") |
Jean-Paul Calderone | ea305c5 | 2010-08-28 14:41:07 -0400 | [diff] [blame] | 3669 | self.assertRaises( |
Jean-Paul Calderone | 9538f14 | 2010-10-13 22:13:40 -0400 | [diff] [blame] | 3670 | ValueError, verify, good_cert, sig, content, "strange-digest") |
James Yonan | 7c2e5d3 | 2010-02-27 05:45:50 -0700 | [diff] [blame] | 3671 | |
Abraham Martin | c5484ba | 2015-03-25 15:33:05 +0000 | [diff] [blame] | 3672 | def test_sign_verify_with_text(self): |
| 3673 | """ |
Alex Gaynor | 791212d | 2015-09-05 15:46:08 -0400 | [diff] [blame] | 3674 | :py:obj:`sign` generates a cryptographic signature which |
| 3675 | :py:obj:`verify` can check. Deprecation warnings raised because using |
| 3676 | text instead of bytes as content |
Abraham Martin | c5484ba | 2015-03-25 15:33:05 +0000 | [diff] [blame] | 3677 | """ |
Jean-Paul Calderone | 6462b07 | 2015-03-29 07:03:11 -0400 | [diff] [blame] | 3678 | content = ( |
Jean-Paul Calderone | 362c1f5 | 2015-03-29 08:01:39 -0400 | [diff] [blame] | 3679 | b"It was a bright cold day in April, and the clocks were striking " |
| 3680 | b"thirteen. Winston Smith, his chin nuzzled into his breast in an " |
| 3681 | b"effort to escape the vile wind, slipped quickly through the " |
| 3682 | b"glass doors of Victory Mansions, though not quickly enough to " |
| 3683 | b"prevent a swirl of gritty dust from entering along with him." |
Jean-Paul Calderone | 13a0e65 | 2015-03-29 07:58:51 -0400 | [diff] [blame] | 3684 | ).decode("ascii") |
Abraham Martin | c5484ba | 2015-03-25 15:33:05 +0000 | [diff] [blame] | 3685 | |
| 3686 | priv_key = load_privatekey(FILETYPE_PEM, root_key_pem) |
| 3687 | cert = load_certificate(FILETYPE_PEM, root_cert_pem) |
| 3688 | for digest in ['md5', 'sha1']: |
| 3689 | with catch_warnings(record=True) as w: |
| 3690 | simplefilter("always") |
| 3691 | sig = sign(priv_key, content, digest) |
Jean-Paul Calderone | 6462b07 | 2015-03-29 07:03:11 -0400 | [diff] [blame] | 3692 | |
| 3693 | self.assertEqual( |
Jean-Paul Calderone | 13a0e65 | 2015-03-29 07:58:51 -0400 | [diff] [blame] | 3694 | "{0} for data is no longer accepted, use bytes".format( |
Jean-Paul Calderone | 6462b07 | 2015-03-29 07:03:11 -0400 | [diff] [blame] | 3695 | WARNING_TYPE_EXPECTED |
| 3696 | ), |
| 3697 | str(w[-1].message) |
| 3698 | ) |
| 3699 | self.assertIs(w[-1].category, DeprecationWarning) |
| 3700 | |
Abraham Martin | c5484ba | 2015-03-25 15:33:05 +0000 | [diff] [blame] | 3701 | with catch_warnings(record=True) as w: |
| 3702 | simplefilter("always") |
| 3703 | verify(cert, sig, content, digest) |
Jean-Paul Calderone | 6462b07 | 2015-03-29 07:03:11 -0400 | [diff] [blame] | 3704 | |
| 3705 | self.assertEqual( |
Jean-Paul Calderone | 13a0e65 | 2015-03-29 07:58:51 -0400 | [diff] [blame] | 3706 | "{0} for data is no longer accepted, use bytes".format( |
Jean-Paul Calderone | 6462b07 | 2015-03-29 07:03:11 -0400 | [diff] [blame] | 3707 | WARNING_TYPE_EXPECTED |
| 3708 | ), |
| 3709 | str(w[-1].message) |
| 3710 | ) |
| 3711 | self.assertIs(w[-1].category, DeprecationWarning) |
Abraham Martin | c5484ba | 2015-03-25 15:33:05 +0000 | [diff] [blame] | 3712 | |
Jean-Paul Calderone | 9828f66 | 2010-12-08 22:57:26 -0500 | [diff] [blame] | 3713 | def test_sign_nulls(self): |
| 3714 | """ |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 3715 | :py:obj:`sign` produces a signature for a string with embedded nulls. |
Jean-Paul Calderone | 9828f66 | 2010-12-08 22:57:26 -0500 | [diff] [blame] | 3716 | """ |
| 3717 | content = b("Watch out! \0 Did you see it?") |
| 3718 | priv_key = load_privatekey(FILETYPE_PEM, root_key_pem) |
| 3719 | good_cert = load_certificate(FILETYPE_PEM, root_cert_pem) |
| 3720 | sig = sign(priv_key, content, "sha1") |
| 3721 | verify(good_cert, sig, content, "sha1") |
| 3722 | |
Colleen Murphy | e09399b | 2016-03-01 17:40:49 -0800 | [diff] [blame] | 3723 | def test_sign_with_large_key(self): |
| 3724 | """ |
| 3725 | :py:obj:`sign` produces a signature for a string when using a long key. |
| 3726 | """ |
| 3727 | content = b( |
| 3728 | "It was a bright cold day in April, and the clocks were striking " |
| 3729 | "thirteen. Winston Smith, his chin nuzzled into his breast in an " |
| 3730 | "effort to escape the vile wind, slipped quickly through the " |
| 3731 | "glass doors of Victory Mansions, though not quickly enough to " |
| 3732 | "prevent a swirl of gritty dust from entering along with him.") |
| 3733 | |
| 3734 | priv_key = load_privatekey(FILETYPE_PEM, large_key_pem) |
| 3735 | sign(priv_key, content, "sha1") |
| 3736 | |
Jean-Paul Calderone | 9828f66 | 2010-12-08 22:57:26 -0500 | [diff] [blame] | 3737 | |
Jean-Paul Calderone | c09fd58 | 2014-04-18 22:00:10 -0400 | [diff] [blame] | 3738 | class EllipticCurveTests(TestCase): |
| 3739 | """ |
| 3740 | Tests for :py:class:`_EllipticCurve`, :py:obj:`get_elliptic_curve`, and |
| 3741 | :py:obj:`get_elliptic_curves`. |
| 3742 | """ |
Alex Gaynor | aceb3e2 | 2015-09-05 12:00:22 -0400 | [diff] [blame] | 3743 | |
Jean-Paul Calderone | c09fd58 | 2014-04-18 22:00:10 -0400 | [diff] [blame] | 3744 | def test_set(self): |
| 3745 | """ |
| 3746 | :py:obj:`get_elliptic_curves` returns a :py:obj:`set`. |
| 3747 | """ |
| 3748 | self.assertIsInstance(get_elliptic_curves(), set) |
| 3749 | |
Jean-Paul Calderone | c09fd58 | 2014-04-18 22:00:10 -0400 | [diff] [blame] | 3750 | def test_some_curves(self): |
| 3751 | """ |
| 3752 | If :py:mod:`cryptography` has elliptic curve support then the set |
| 3753 | returned by :py:obj:`get_elliptic_curves` has some elliptic curves in |
| 3754 | it. |
| 3755 | |
| 3756 | There could be an OpenSSL that violates this assumption. If so, this |
| 3757 | test will fail and we'll find out. |
| 3758 | """ |
| 3759 | curves = get_elliptic_curves() |
| 3760 | if lib.Cryptography_HAS_EC: |
| 3761 | self.assertTrue(curves) |
| 3762 | else: |
| 3763 | self.assertFalse(curves) |
| 3764 | |
Jean-Paul Calderone | c09fd58 | 2014-04-18 22:00:10 -0400 | [diff] [blame] | 3765 | def test_a_curve(self): |
| 3766 | """ |
| 3767 | :py:obj:`get_elliptic_curve` can be used to retrieve a particular |
| 3768 | supported curve. |
| 3769 | """ |
| 3770 | curves = get_elliptic_curves() |
| 3771 | if curves: |
| 3772 | curve = next(iter(curves)) |
| 3773 | self.assertEqual(curve.name, get_elliptic_curve(curve.name).name) |
| 3774 | else: |
Jean-Paul Calderone | eb86f3a | 2014-04-19 09:45:57 -0400 | [diff] [blame] | 3775 | self.assertRaises(ValueError, get_elliptic_curve, u("prime256v1")) |
Jean-Paul Calderone | c09fd58 | 2014-04-18 22:00:10 -0400 | [diff] [blame] | 3776 | |
Jean-Paul Calderone | c09fd58 | 2014-04-18 22:00:10 -0400 | [diff] [blame] | 3777 | def test_not_a_curve(self): |
| 3778 | """ |
| 3779 | :py:obj:`get_elliptic_curve` raises :py:class:`ValueError` if called |
| 3780 | with a name which does not identify a supported curve. |
| 3781 | """ |
| 3782 | self.assertRaises( |
Jean-Paul Calderone | 5a82db9 | 2014-04-19 09:51:29 -0400 | [diff] [blame] | 3783 | ValueError, get_elliptic_curve, u("this curve was just invented")) |
Jean-Paul Calderone | c09fd58 | 2014-04-18 22:00:10 -0400 | [diff] [blame] | 3784 | |
Jean-Paul Calderone | c09fd58 | 2014-04-18 22:00:10 -0400 | [diff] [blame] | 3785 | def test_repr(self): |
| 3786 | """ |
| 3787 | The string representation of a curve object includes simply states the |
| 3788 | object is a curve and what its name is. |
| 3789 | """ |
| 3790 | curves = get_elliptic_curves() |
| 3791 | if curves: |
| 3792 | curve = next(iter(curves)) |
| 3793 | self.assertEqual("<Curve %r>" % (curve.name,), repr(curve)) |
| 3794 | |
Jean-Paul Calderone | c09fd58 | 2014-04-18 22:00:10 -0400 | [diff] [blame] | 3795 | def test_to_EC_KEY(self): |
| 3796 | """ |
| 3797 | The curve object can export a version of itself as an EC_KEY* via the |
| 3798 | private :py:meth:`_EllipticCurve._to_EC_KEY`. |
| 3799 | """ |
| 3800 | curves = get_elliptic_curves() |
| 3801 | if curves: |
| 3802 | curve = next(iter(curves)) |
| 3803 | # It's not easy to assert anything about this object. However, see |
| 3804 | # leakcheck/crypto.py for a test that demonstrates it at least does |
| 3805 | # not leak memory. |
| 3806 | curve._to_EC_KEY() |
| 3807 | |
| 3808 | |
Jean-Paul Calderone | 1be7708 | 2014-04-30 18:17:41 -0400 | [diff] [blame] | 3809 | class EllipticCurveFactory(object): |
| 3810 | """ |
| 3811 | A helper to get the names of two curves. |
| 3812 | """ |
Alex Gaynor | aceb3e2 | 2015-09-05 12:00:22 -0400 | [diff] [blame] | 3813 | |
Jean-Paul Calderone | 1be7708 | 2014-04-30 18:17:41 -0400 | [diff] [blame] | 3814 | def __init__(self): |
| 3815 | curves = iter(get_elliptic_curves()) |
| 3816 | try: |
| 3817 | self.curve_name = next(curves).name |
| 3818 | self.another_curve_name = next(curves).name |
| 3819 | except StopIteration: |
| 3820 | self.curve_name = self.another_curve_name = None |
| 3821 | |
| 3822 | |
Jean-Paul Calderone | 1be7708 | 2014-04-30 18:17:41 -0400 | [diff] [blame] | 3823 | class EllipticCurveEqualityTests(TestCase, EqualityTestsMixin): |
| 3824 | """ |
| 3825 | Tests :py:type:`_EllipticCurve`\ 's implementation of ``==`` and ``!=``. |
| 3826 | """ |
| 3827 | curve_factory = EllipticCurveFactory() |
| 3828 | |
| 3829 | if curve_factory.curve_name is None: |
| 3830 | skip = "There are no curves available there can be no curve objects." |
| 3831 | |
Jean-Paul Calderone | 1be7708 | 2014-04-30 18:17:41 -0400 | [diff] [blame] | 3832 | def anInstance(self): |
| 3833 | """ |
| 3834 | Get the curve object for an arbitrary curve supported by the system. |
| 3835 | """ |
| 3836 | return get_elliptic_curve(self.curve_factory.curve_name) |
| 3837 | |
Jean-Paul Calderone | 1be7708 | 2014-04-30 18:17:41 -0400 | [diff] [blame] | 3838 | def anotherInstance(self): |
| 3839 | """ |
| 3840 | Get the curve object for an arbitrary curve supported by the system - |
| 3841 | but not the one returned by C{anInstance}. |
| 3842 | """ |
| 3843 | return get_elliptic_curve(self.curve_factory.another_curve_name) |
| 3844 | |
| 3845 | |
Jean-Paul Calderone | 22c3124 | 2014-05-01 07:49:47 -0400 | [diff] [blame] | 3846 | class EllipticCurveHashTests(TestCase): |
| 3847 | """ |
| 3848 | Tests for :py:type:`_EllipticCurve`\ 's implementation of hashing (thus use |
| 3849 | as an item in a :py:type:`dict` or :py:type:`set`). |
| 3850 | """ |
| 3851 | curve_factory = EllipticCurveFactory() |
| 3852 | |
| 3853 | if curve_factory.curve_name is None: |
| 3854 | skip = "There are no curves available there can be no curve objects." |
| 3855 | |
Jean-Paul Calderone | 22c3124 | 2014-05-01 07:49:47 -0400 | [diff] [blame] | 3856 | def test_contains(self): |
| 3857 | """ |
| 3858 | The ``in`` operator reports that a :py:type:`set` containing a curve |
| 3859 | does contain that curve. |
| 3860 | """ |
| 3861 | curve = get_elliptic_curve(self.curve_factory.curve_name) |
| 3862 | curves = set([curve]) |
| 3863 | self.assertIn(curve, curves) |
| 3864 | |
Jean-Paul Calderone | 22c3124 | 2014-05-01 07:49:47 -0400 | [diff] [blame] | 3865 | def test_does_not_contain(self): |
| 3866 | """ |
| 3867 | The ``in`` operator reports that a :py:type:`set` not containing a |
| 3868 | curve does not contain that curve. |
| 3869 | """ |
| 3870 | curve = get_elliptic_curve(self.curve_factory.curve_name) |
Alex Gaynor | 85b4970 | 2015-09-05 16:30:59 -0400 | [diff] [blame] | 3871 | curves = set([ |
| 3872 | get_elliptic_curve(self.curve_factory.another_curve_name) |
| 3873 | ]) |
Jean-Paul Calderone | 22c3124 | 2014-05-01 07:49:47 -0400 | [diff] [blame] | 3874 | self.assertNotIn(curve, curves) |
| 3875 | |
| 3876 | |
Rick Dean | 5b7b637 | 2009-04-01 11:34:06 -0500 | [diff] [blame] | 3877 | if __name__ == '__main__': |
| 3878 | main() |