diff options
author | InvalidInterrupt <InvalidInterrupt@users.noreply.github.com> | 2016-08-16 19:39:31 -0700 |
---|---|---|
committer | Alex Gaynor <alex.gaynor@gmail.com> | 2016-08-16 22:39:31 -0400 |
commit | 8e66ca6813016d9fc6f57d5f1e50530fc39f78ae (patch) | |
tree | 630a57899cf44a6c98f7928c065da04f16504267 /tests/test_x509.py | |
parent | dcbd220ee6b4e23f292897e1d6b1e26004ecfd64 (diff) | |
download | cryptography-8e66ca6813016d9fc6f57d5f1e50530fc39f78ae.tar.gz cryptography-8e66ca6813016d9fc6f57d5f1e50530fc39f78ae.tar.bz2 cryptography-8e66ca6813016d9fc6f57d5f1e50530fc39f78ae.zip |
CertificateBuilder accepts aware datetimes for not_valid_after and not_valid_before (#2920)
* CertificateBuilder accepts aware datetimes for not_valid_after and not_valid_before
These functions now accept aware datetimes and convert them to UTC
* Added pytz to test requirements
* Correct pep8 error and improve Changelog wording
* Improve tests and clarify changelog message
* Trim Changelog line length
* Allow RevokedCertificateBuilder and CertificateRevocationListBuilder to accept aware datetimes
* Fix accidental changelog entry
Diffstat (limited to 'tests/test_x509.py')
-rw-r--r-- | tests/test_x509.py | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/tests/test_x509.py b/tests/test_x509.py index 1ce8c611..b1d627c3 100644 --- a/tests/test_x509.py +++ b/tests/test_x509.py @@ -16,6 +16,8 @@ from pyasn1_modules import rfc2459 import pytest +import pytz + import six from cryptography import utils, x509 @@ -1745,6 +1747,30 @@ class TestCertificateBuilder(object): with pytest.raises(ValueError): builder.serial_number(20) + @pytest.mark.requires_backend_interface(interface=RSABackend) + @pytest.mark.requires_backend_interface(interface=X509Backend) + def test_aware_not_valid_after(self, backend): + time = datetime.datetime(2012, 1, 16, 22, 43) + tz = pytz.timezone("US/Pacific") + time = tz.localize(time) + utc_time = datetime.datetime(2012, 1, 17, 6, 43) + private_key = RSA_KEY_2048.private_key(backend) + cert_builder = x509.CertificateBuilder().not_valid_after(time) + cert_builder = cert_builder.subject_name( + x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, u'US')]) + ).issuer_name( + x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, u'US')]) + ).serial_number( + 1 + ).public_key( + private_key.public_key() + ).not_valid_before( + utc_time - datetime.timedelta(days=365) + ) + + cert = cert_builder.sign(private_key, hashes.SHA256(), backend) + assert cert.not_valid_after == utc_time + def test_invalid_not_valid_after(self): with pytest.raises(TypeError): x509.CertificateBuilder().not_valid_after(104204304504) @@ -1767,6 +1793,30 @@ class TestCertificateBuilder(object): datetime.datetime.now() ) + @pytest.mark.requires_backend_interface(interface=RSABackend) + @pytest.mark.requires_backend_interface(interface=X509Backend) + def test_aware_not_valid_before(self, backend): + time = datetime.datetime(2012, 1, 16, 22, 43) + tz = pytz.timezone("US/Pacific") + time = tz.localize(time) + utc_time = datetime.datetime(2012, 1, 17, 6, 43) + private_key = RSA_KEY_2048.private_key(backend) + cert_builder = x509.CertificateBuilder().not_valid_before(time) + cert_builder = cert_builder.subject_name( + x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, u'US')]) + ).issuer_name( + x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, u'US')]) + ).serial_number( + 1 + ).public_key( + private_key.public_key() + ).not_valid_after( + utc_time + datetime.timedelta(days=366) + ) + + cert = cert_builder.sign(private_key, hashes.SHA256(), backend) + assert cert.not_valid_before == utc_time + def test_invalid_not_valid_before(self): with pytest.raises(TypeError): x509.CertificateBuilder().not_valid_before(104204304504) |