Merge pull request #1822 from reaperhulk/x509-keyusage-ossl

keyusage support in the OpenSSL backend
author: Alex Gaynor <alex.gaynor@gmail.com> 2015-04-12 12:40:01 -0400
committer: Alex Gaynor <alex.gaynor@gmail.com> 2015-04-12 12:40:01 -0400
commit: 249bbd0064d42d78ff51e9a0203db4492453418f (patch)
tree: c277bb1f095ff7af89f51f845c9918ea25219014 /tests
parent: d459a8a16c417e0db59de0a643aeb9079b45b9bb (diff)
parent: 4a704e07c61f7658c4c95befac0b1fc0d1aaf315 (diff)
download: cryptography-249bbd0064d42d78ff51e9a0203db4492453418f.tar.gz
cryptography-249bbd0064d42d78ff51e9a0203db4492453418f.tar.bz2
cryptography-249bbd0064d42d78ff51e9a0203db4492453418f.zip
1 files changed, 60 insertions, 0 deletions
diff --git a/tests/test_x509_ext.py b/tests/test_x509_ext.py
index c2d33d92..acfe761d 100644
--- a/tests/test_x509_ext.py
+++ b/tests/test_x509_ext.py
@@ -463,3 +463,63 @@ class TestSubjectKeyIdentifierExtension(object):
             cert.extensions.get_extension_for_oid(
                 x509.OID_SUBJECT_KEY_IDENTIFIER
             )
+
+
+@pytest.mark.requires_backend_interface(interface=RSABackend)
+@pytest.mark.requires_backend_interface(interface=X509Backend)
+class TestKeyUsageExtension(object):
+    def test_no_key_usage(self, backend):
+        cert = _load_cert(
+            os.path.join("x509", "verisign_md2_root.pem"),
+            x509.load_pem_x509_certificate,
+            backend
+        )
+        ext = cert.extensions
+        with pytest.raises(x509.ExtensionNotFound) as exc:
+            ext.get_extension_for_oid(x509.OID_KEY_USAGE)
+
+        assert exc.value.oid == x509.OID_KEY_USAGE
+
+    def test_all_purposes(self, backend):
+        cert = _load_cert(
+            os.path.join(
+                "x509", "custom", "all_key_usages.pem"
+            ),
+            x509.load_pem_x509_certificate,
+            backend
+        )
+        extensions = cert.extensions
+        ext = extensions.get_extension_for_oid(x509.OID_KEY_USAGE)
+        assert ext is not None
+
+        ku = ext.value
+        assert ku.digital_signature is True
+        assert ku.content_commitment is True
+        assert ku.key_encipherment is True
+        assert ku.data_encipherment is True
+        assert ku.key_agreement is True
+        assert ku.key_cert_sign is True
+        assert ku.crl_sign is True
+        assert ku.encipher_only is True
+        assert ku.decipher_only is True
+
+    def test_key_cert_sign_crl_sign(self, backend):
+        cert = _load_cert(
+            os.path.join(
+                "x509", "PKITS_data", "certs", "pathLenConstraint6CACert.crt"
+            ),
+            x509.load_der_x509_certificate,
+            backend
+        )
+        ext = cert.extensions.get_extension_for_oid(x509.OID_KEY_USAGE)
+        assert ext is not None
+        assert ext.critical is True
+
+        ku = ext.value
+        assert ku.digital_signature is False
+        assert ku.content_commitment is False
+        assert ku.key_encipherment is False
+        assert ku.data_encipherment is False
+        assert ku.key_agreement is False
+        assert ku.key_cert_sign is True
+        assert ku.crl_sign is True
author	Alex Gaynor <alex.gaynor@gmail.com>	2015-04-12 12:40:01 -0400
committer	Alex Gaynor <alex.gaynor@gmail.com>	2015-04-12 12:40:01 -0400
commit	249bbd0064d42d78ff51e9a0203db4492453418f (patch)
tree	c277bb1f095ff7af89f51f845c9918ea25219014 /tests
parent	d459a8a16c417e0db59de0a643aeb9079b45b9bb (diff)
parent	4a704e07c61f7658c4c95befac0b1fc0d1aaf315 (diff)
download	cryptography-249bbd0064d42d78ff51e9a0203db4492453418f.tar.gz cryptography-249bbd0064d42d78ff51e9a0203db4492453418f.tar.bz2 cryptography-249bbd0064d42d78ff51e9a0203db4492453418f.zip