Merge pull request #2821 from reaperhulk/encode-policy-constraints

support encoding PolicyConstraints in certificates
author: Alex Gaynor <alex.gaynor@gmail.com> 2016-03-13 21:21:15 -0400
committer: Alex Gaynor <alex.gaynor@gmail.com> 2016-03-13 21:21:15 -0400
commit: 8924a03c51eeafeb87c46a23f08bc5d023f55878 (patch)
tree: e95a6d589bc3678ebaacac78151a032419124a9d /tests/test_x509.py
parent: 76252fca16dccc2add21c985d4d9d883ed55f1c9 (diff)
parent: 89cc4dd5df4127108d8cb1ffdc8b655d98c9cf49 (diff)
download: cryptography-8924a03c51eeafeb87c46a23f08bc5d023f55878.tar.gz
cryptography-8924a03c51eeafeb87c46a23f08bc5d023f55878.tar.bz2
cryptography-8924a03c51eeafeb87c46a23f08bc5d023f55878.zip
1 files changed, 48 insertions, 0 deletions
diff --git a/tests/test_x509.py b/tests/test_x509.py
index c042169c..a6398bb3 100644
--- a/tests/test_x509.py
+++ b/tests/test_x509.py
@@ -2225,6 +2225,54 @@ class TestCertificateBuilder(object):
         )
         assert ext.value == x509.InhibitAnyPolicy(3)
 
+    @pytest.mark.parametrize(
+        "pc",
+        [
+            x509.PolicyConstraints(
+                require_explicit_policy=None,
+                inhibit_policy_mapping=1
+            ),
+            x509.PolicyConstraints(
+                require_explicit_policy=3,
+                inhibit_policy_mapping=1
+            ),
+            x509.PolicyConstraints(
+                require_explicit_policy=0,
+                inhibit_policy_mapping=None
+            ),
+        ]
+    )
+    @pytest.mark.requires_backend_interface(interface=RSABackend)
+    @pytest.mark.requires_backend_interface(interface=X509Backend)
+    def test_policy_constraints(self, backend, pc):
+        issuer_private_key = RSA_KEY_2048.private_key(backend)
+        subject_private_key = RSA_KEY_2048.private_key(backend)
+
+        not_valid_before = datetime.datetime(2002, 1, 1, 12, 1)
+        not_valid_after = datetime.datetime(2030, 12, 31, 8, 30)
+
+        cert = x509.CertificateBuilder().subject_name(
+            x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, u'US')])
+        ).issuer_name(
+            x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, u'US')])
+        ).not_valid_before(
+            not_valid_before
+        ).not_valid_after(
+            not_valid_after
+        ).public_key(
+            subject_private_key.public_key()
+        ).serial_number(
+            123
+        ).add_extension(
+            pc, critical=False
+        ).sign(issuer_private_key, hashes.SHA256(), backend)
+
+        ext = cert.extensions.get_extension_for_class(
+            x509.PolicyConstraints
+        )
+        assert ext.critical is False
+        assert ext.value == pc
+
     @pytest.mark.requires_backend_interface(interface=RSABackend)
     @pytest.mark.requires_backend_interface(interface=X509Backend)
     def test_name_constraints(self, backend):
author	Alex Gaynor <alex.gaynor@gmail.com>	2016-03-13 21:21:15 -0400
committer	Alex Gaynor <alex.gaynor@gmail.com>	2016-03-13 21:21:15 -0400
commit	8924a03c51eeafeb87c46a23f08bc5d023f55878 (patch)
tree	e95a6d589bc3678ebaacac78151a032419124a9d /tests/test_x509.py
parent	76252fca16dccc2add21c985d4d9d883ed55f1c9 (diff)
parent	89cc4dd5df4127108d8cb1ffdc8b655d98c9cf49 (diff)
download	cryptography-8924a03c51eeafeb87c46a23f08bc5d023f55878.tar.gz cryptography-8924a03c51eeafeb87c46a23f08bc5d023f55878.tar.bz2 cryptography-8924a03c51eeafeb87c46a23f08bc5d023f55878.zip