diff options
| author | Alex Gaynor <alex.gaynor@gmail.com> | 2015-07-03 03:52:39 -0400 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2015-07-03 03:52:39 -0400 |
| commit | 53a36a1f8cd7c6bf243d5a5ad5522b0a592bba3d (patch) | |
| tree | 6e8ec078cf59bd7d7ea2f94747aba82175298688 /tests/test_x509_ext.py | |
| parent | f5a4519f7ead73cbca826f3d7c815dd8963efb0a (diff) | |
| parent | 23cafe861f4da2d7261a41bc57801b226e6b8c1b (diff) | |
| download | cryptography-53a36a1f8cd7c6bf243d5a5ad5522b0a592bba3d.tar.gz cryptography-53a36a1f8cd7c6bf243d5a5ad5522b0a592bba3d.tar.bz2 cryptography-53a36a1f8cd7c6bf243d5a5ad5522b0a592bba3d.zip | |
Merge branch 'master' into encode-san
Diffstat (limited to 'tests/test_x509_ext.py')
| -rw-r--r-- | tests/test_x509_ext.py | 82 |
1 files changed, 82 insertions, 0 deletions
diff --git a/tests/test_x509_ext.py b/tests/test_x509_ext.py index 6d91ba41..0ef84e79 100644 --- a/tests/test_x509_ext.py +++ b/tests/test_x509_ext.py @@ -2033,6 +2033,88 @@ class TestNameConstraints(object): assert nc != object() +@pytest.mark.requires_backend_interface(interface=RSABackend) +@pytest.mark.requires_backend_interface(interface=X509Backend) +class TestNameConstraintsExtension(object): + def test_permitted_excluded(self, backend): + cert = _load_cert( + os.path.join( + "x509", "custom", "nc_permitted_excluded_2.pem" + ), + x509.load_pem_x509_certificate, + backend + ) + nc = cert.extensions.get_extension_for_oid( + x509.OID_NAME_CONSTRAINTS + ).value + assert nc == x509.NameConstraints( + permitted_subtrees=[ + x509.DNSName(u"zombo.local"), + ], + excluded_subtrees=[ + x509.DirectoryName(x509.Name([ + x509.NameAttribute(x509.OID_COMMON_NAME, u"zombo") + ])) + ] + ) + + def test_permitted(self, backend): + cert = _load_cert( + os.path.join( + "x509", "custom", "nc_permitted_2.pem" + ), + x509.load_pem_x509_certificate, + backend + ) + nc = cert.extensions.get_extension_for_oid( + x509.OID_NAME_CONSTRAINTS + ).value + assert nc == x509.NameConstraints( + permitted_subtrees=[ + x509.DNSName(u"zombo.local"), + ], + excluded_subtrees=None + ) + + def test_permitted_with_leading_period(self, backend): + cert = _load_cert( + os.path.join( + "x509", "custom", "nc_permitted.pem" + ), + x509.load_pem_x509_certificate, + backend + ) + nc = cert.extensions.get_extension_for_oid( + x509.OID_NAME_CONSTRAINTS + ).value + assert nc == x509.NameConstraints( + permitted_subtrees=[ + x509.DNSName(u".cryptography.io"), + x509.UniformResourceIdentifier(u"ftp://cryptography.test") + ], + excluded_subtrees=None + ) + + def test_excluded_with_leading_period(self, backend): + cert = _load_cert( + os.path.join( + "x509", "custom", "nc_excluded.pem" + ), + x509.load_pem_x509_certificate, + backend + ) + nc = cert.extensions.get_extension_for_oid( + x509.OID_NAME_CONSTRAINTS + ).value + assert nc == x509.NameConstraints( + permitted_subtrees=None, + excluded_subtrees=[ + x509.DNSName(u".cryptography.io"), + x509.UniformResourceIdentifier(u"gopher://cryptography.test") + ] + ) + + class TestDistributionPoint(object): def test_distribution_point_full_name_not_general_names(self): with pytest.raises(TypeError): |