diff options
| author | Alex Gaynor <alex.gaynor@gmail.com> | 2017-06-04 13:36:58 -0400 |
|---|---|---|
| committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2017-06-04 07:36:58 -1000 |
| commit | 6a0718faddbc7b6b57f86417f6daa468c18ea248 (patch) | |
| tree | 624fe16cf368a13cbbd7370b2a4780fa5da76c91 /tests/test_x509_ext.py | |
| parent | 140ec5d6e2167692ba5619b368f44a1b07f96a4a (diff) | |
| download | cryptography-6a0718faddbc7b6b57f86417f6daa468c18ea248.tar.gz cryptography-6a0718faddbc7b6b57f86417f6daa468c18ea248.tar.bz2 cryptography-6a0718faddbc7b6b57f86417f6daa468c18ea248.zip | |
Refs #3461 -- parse SCTs from x.509 extension (#3480)
* Stub API for SCTs, feedback wanted
* grr, flake8
* finish up the __init__
* Initial implementation and tests
* write a test. it fails because computer
* get the tests passing and fix some TODOs
* changelog entry
* This can go now
* Put a skip in this test
* grump
* Removed unreachable code
* moved changelog to the correct section
* Use the deocrator for expressing requirements
* This needs f for the right entry_type
* coverage
* syntax error
* tests for coverage
* better sct eq tests
* docs
* technically correct, the most useless kind of correct
* typo and more details
* bug
* drop __eq__
Diffstat (limited to 'tests/test_x509_ext.py')
| -rw-r--r-- | tests/test_x509_ext.py | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/tests/test_x509_ext.py b/tests/test_x509_ext.py index b89abdda..595ec703 100644 --- a/tests/test_x509_ext.py +++ b/tests/test_x509_ext.py @@ -3668,6 +3668,48 @@ class TestInhibitAnyPolicyExtension(object): @pytest.mark.requires_backend_interface(interface=RSABackend) @pytest.mark.requires_backend_interface(interface=X509Backend) +@pytest.mark.supported( + only_if=lambda backend: backend._lib.CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER, + skip_message="Requires OpenSSL 1.1.0f+", +) +class TestPrecertificateSignedCertificateTimestampsExtension(object): + def test_init(self): + with pytest.raises(TypeError): + x509.PrecertificateSignedCertificateTimestamps([object()]) + + def test_repr(self): + assert repr(x509.PrecertificateSignedCertificateTimestamps([])) == ( + "<PrecertificateSignedCertificateTimestamps([])>" + ) + + def test_simple(self, backend): + cert = _load_cert( + os.path.join("x509", "badssl-sct.pem"), + x509.load_pem_x509_certificate, + backend + ) + scts = cert.extensions.get_extension_for_class( + x509.PrecertificateSignedCertificateTimestamps + ).value + assert len(scts) == 1 + [sct] = scts + assert scts[0] == sct + assert sct.version == x509.certificate_transparency.Version.v1 + assert sct.log_id == ( + b"\xa7\xceJNb\x07\xe0\xad\xde\xe5\xfd\xaaK\x1f\x86v\x87g\xb5\xd0" + b"\x02\xa5]G1\x0e~g\n\x95\xea\xb2" + ) + assert sct.timestamp == datetime.datetime( + 2016, 11, 17, 1, 56, 25, 396000 + ) + assert ( + sct.entry_type == + x509.certificate_transparency.LogEntryType.PRE_CERTIFICATE + ) + + +@pytest.mark.requires_backend_interface(interface=RSABackend) +@pytest.mark.requires_backend_interface(interface=X509Backend) class TestInvalidExtension(object): def test_invalid_certificate_policies_data(self, backend): cert = _load_cert( |