diff options
| author | Ian Cordasco <graffatcolmingov@gmail.com> | 2015-06-22 20:11:17 -0500 |
|---|---|---|
| committer | Ian Cordasco <graffatcolmingov@gmail.com> | 2015-06-24 19:30:04 -0500 |
| commit | 8ed8edce1764ea17800ef83f422c7a73bfdfa74b (patch) | |
| tree | 06a36274bdc29393345143a63626fe75f9b953d8 /tests/hazmat | |
| parent | 34853f362f19bab9212824a1235a2c30f84234a3 (diff) | |
| download | cryptography-8ed8edce1764ea17800ef83f422c7a73bfdfa74b.tar.gz cryptography-8ed8edce1764ea17800ef83f422c7a73bfdfa74b.tar.bz2 cryptography-8ed8edce1764ea17800ef83f422c7a73bfdfa74b.zip | |
Add tests to the CSR Builder for EC and DSA keys
This skips certain tests on certain versions of differences in how
X509_REQ_sign works on those versions. A separate pull request will address
those differences.
Diffstat (limited to 'tests/hazmat')
| -rw-r--r-- | tests/hazmat/backends/test_openssl.py | 25 |
1 files changed, 24 insertions, 1 deletions
diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py index b35e7670..4275b593 100644 --- a/tests/hazmat/backends/test_openssl.py +++ b/tests/hazmat/backends/test_openssl.py @@ -21,13 +21,14 @@ from cryptography.hazmat.backends.openssl.backend import ( ) from cryptography.hazmat.backends.openssl.ec import _sn_to_elliptic_curve from cryptography.hazmat.primitives import hashes, serialization -from cryptography.hazmat.primitives.asymmetric import dsa, padding +from cryptography.hazmat.primitives.asymmetric import dsa, ec, padding from cryptography.hazmat.primitives.ciphers import ( BlockCipherAlgorithm, Cipher, CipherAlgorithm ) from cryptography.hazmat.primitives.ciphers.algorithms import AES from cryptography.hazmat.primitives.ciphers.modes import CBC, CTR, Mode +from ..primitives.fixtures_dsa import DSA_KEY_2048 from ..primitives.fixtures_rsa import RSA_KEY_2048, RSA_KEY_512 from ...utils import load_vectors_from_file, raises_unsupported_algorithm @@ -453,6 +454,28 @@ class TestOpenSSLCMAC(object): backend.create_cmac_ctx(FakeAlgorithm()) +class TestOpenSSLCreateX509CSR(object): + @pytest.mark.skipif( + backend._lib.OPENSSL_VERSION_NUMBER >= 0x10001000, + reason="Requires an older OpenSSL. Must be < 1.0.1" + ) + def test_unsupported_dsa_keys(self): + private_key = DSA_KEY_2048.private_key(backend) + + with pytest.raises(NotImplementedError): + backend.create_x509_csr(object(), private_key, hashes.SHA1()) + + @pytest.mark.skipif( + backend._lib.OPENSSL_VERSION_NUMBER >= 0x10001000, + reason="Requires an older OpenSSL. Must be < 1.0.1" + ) + def test_unsupported_ec_keys(self): + private_key = ec.generate_private_key(ec.SECT283K1(), backend) + + with pytest.raises(NotImplementedError): + backend.create_x509_csr(object(), private_key, hashes.SHA1()) + + class TestOpenSSLSerialisationWithOpenSSL(object): def test_pem_password_cb_buffer_too_small(self): ffi_cb, cb = backend._pem_password_cb(b"aa") |