Merge pull request #2593 from reaperhulk/crl-support-ec-dsa

Support EC and DSA signing of CRLs in the OpenSSL backend
author: Alex Gaynor <alex.gaynor@gmail.com> 2015-12-27 15:00:59 -0500
committer: Alex Gaynor <alex.gaynor@gmail.com> 2015-12-27 15:00:59 -0500
commit: b04b67e06ea638e23e06f3fde151a6912c184025 (patch)
tree: c09c007cd5ae3bb50f58255fc1d15c645b7860df /tests/hazmat/backends/test_openssl.py
parent: d5d0a3102b609907f2dfadad8e0da10374475697 (diff)
parent: 9d345312d5ff22cd40d2359dc1765170badf42ea (diff)
download: cryptography-b04b67e06ea638e23e06f3fde151a6912c184025.tar.gz
cryptography-b04b67e06ea638e23e06f3fde151a6912c184025.tar.bz2
cryptography-b04b67e06ea638e23e06f3fde151a6912c184025.zip
1 files changed, 37 insertions, 0 deletions
diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py
index c0e9d28f..ad2daf7d 100644
--- a/tests/hazmat/backends/test_openssl.py
+++ b/tests/hazmat/backends/test_openssl.py
@@ -558,6 +558,43 @@ class TestOpenSSLSignX509CertificateRevocationList(object):
         with pytest.raises(TypeError):
             backend.create_x509_crl(object(), private_key, hashes.SHA256())
 
+    @pytest.mark.skipif(
+        backend._lib.OPENSSL_VERSION_NUMBER >= 0x10001000,
+        reason="Requires an older OpenSSL. Must be < 1.0.1"
+    )
+    def test_sign_with_dsa_private_key_is_unsupported(self):
+        private_key = DSA_KEY_2048.private_key(backend)
+        builder = x509.CertificateRevocationListBuilder()
+        builder = builder.issuer_name(
+            x509.Name([x509.NameAttribute(x509.NameOID.COUNTRY_NAME, u'US')])
+        ).last_update(
+            datetime.datetime(2002, 1, 1, 12, 1)
+        ).next_update(
+            datetime.datetime(2032, 1, 1, 12, 1)
+        )
+
+        with pytest.raises(NotImplementedError):
+            builder.sign(private_key, hashes.SHA1(), backend)
+
+    @pytest.mark.skipif(
+        backend._lib.OPENSSL_VERSION_NUMBER >= 0x10001000,
+        reason="Requires an older OpenSSL. Must be < 1.0.1"
+    )
+    def test_sign_with_ec_private_key_is_unsupported(self):
+        _skip_curve_unsupported(backend, ec.SECP256R1())
+        private_key = ec.generate_private_key(ec.SECP256R1(), backend)
+        builder = x509.CertificateRevocationListBuilder()
+        builder = builder.issuer_name(
+            x509.Name([x509.NameAttribute(x509.NameOID.COUNTRY_NAME, u'US')])
+        ).last_update(
+            datetime.datetime(2002, 1, 1, 12, 1)
+        ).next_update(
+            datetime.datetime(2032, 1, 1, 12, 1)
+        )
+
+        with pytest.raises(NotImplementedError):
+            builder.sign(private_key, hashes.SHA512(), backend)
+
 
 class TestOpenSSLCreateRevokedCertificate(object):
     def test_invalid_builder(self):
author	Alex Gaynor <alex.gaynor@gmail.com>	2015-12-27 15:00:59 -0500
committer	Alex Gaynor <alex.gaynor@gmail.com>	2015-12-27 15:00:59 -0500
commit	b04b67e06ea638e23e06f3fde151a6912c184025 (patch)
tree	c09c007cd5ae3bb50f58255fc1d15c645b7860df /tests/hazmat/backends/test_openssl.py
parent	d5d0a3102b609907f2dfadad8e0da10374475697 (diff)
parent	9d345312d5ff22cd40d2359dc1765170badf42ea (diff)
download	cryptography-b04b67e06ea638e23e06f3fde151a6912c184025.tar.gz cryptography-b04b67e06ea638e23e06f3fde151a6912c184025.tar.bz2 cryptography-b04b67e06ea638e23e06f3fde151a6912c184025.zip