diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2015-07-23 19:10:28 +0100 |
|---|---|---|
| committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2015-07-23 19:10:28 +0100 |
| commit | 8bfbacef9cb973115c0cf0f4185c8f47812c37bc (patch) | |
| tree | b55cce2d6132a82a8aac9308d493cdcdda9ef8d1 /tests/test_x509.py | |
| parent | 32a92b6afaf0086f2b0e6b9cf7235576b06503b0 (diff) | |
| download | cryptography-8bfbacef9cb973115c0cf0f4185c8f47812c37bc.tar.gz cryptography-8bfbacef9cb973115c0cf0f4185c8f47812c37bc.tar.bz2 cryptography-8bfbacef9cb973115c0cf0f4185c8f47812c37bc.zip | |
when building a CSR adding > 1 extension would trigger a bug
We were checking sk_X509_EXTENSION_push for a value == 1, but
in reality it returns the number of extensions on the stack. We
now assert >= 1 and added a test.
Diffstat (limited to 'tests/test_x509.py')
| -rw-r--r-- | tests/test_x509.py | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/tests/test_x509.py b/tests/test_x509.py index 94eeab2b..b2262c71 100644 --- a/tests/test_x509.py +++ b/tests/test_x509.py @@ -978,6 +978,31 @@ class TestCertificateSigningRequestBuilder(object): with pytest.raises(NotImplementedError): builder.sign(private_key, hashes.SHA256(), backend) + def test_add_two_extensions(self, backend): + private_key = RSA_KEY_2048.private_key(backend) + builder = x509.CertificateSigningRequestBuilder() + request = builder.subject_name( + x509.Name([x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US')]) + ).add_extension( + x509.SubjectAlternativeName([x509.DNSName(u"cryptography.io")]), + critical=False, + ).add_extension( + x509.BasicConstraints(ca=True, path_length=2), critical=True + ).sign(private_key, hashes.SHA1(), backend) + + assert isinstance(request.signature_hash_algorithm, hashes.SHA1) + public_key = request.public_key() + assert isinstance(public_key, rsa.RSAPublicKey) + basic_constraints = request.extensions.get_extension_for_oid( + x509.OID_BASIC_CONSTRAINTS + ) + assert basic_constraints.value.ca is True + assert basic_constraints.value.path_length == 2 + ext = request.extensions.get_extension_for_oid( + x509.OID_SUBJECT_ALTERNATIVE_NAME + ) + assert list(ext.value) == [x509.DNSName(u"cryptography.io")] + def test_set_subject_twice(self): builder = x509.CertificateSigningRequestBuilder() builder = builder.subject_name( |