Merge pull request #1769 from reaperhulk/x509-extension-bc

basicConstraints support for OpenSSL X509 backend
author: Alex Gaynor <alex.gaynor@gmail.com> 2015-03-28 16:40:02 -0400
committer: Alex Gaynor <alex.gaynor@gmail.com> 2015-03-28 16:40:02 -0400
commit: 554104d69e00d7afbea3c69f8e956e84bda5f1af (patch)
tree: 15d91fef1f83ca95a47334bacc9ba68e886a1a18 /tests
parent: 11f1f82ac628712015531b6cbddf5daeb6fd4acf (diff)
parent: de813eab6dcd19372fe7aade302f90fe2dac9d03 (diff)
download: cryptography-554104d69e00d7afbea3c69f8e956e84bda5f1af.tar.gz
cryptography-554104d69e00d7afbea3c69f8e956e84bda5f1af.tar.bz2
cryptography-554104d69e00d7afbea3c69f8e956e84bda5f1af.zip
1 files changed, 108 insertions, 0 deletions
diff --git a/tests/test_x509_ext.py b/tests/test_x509_ext.py
index d8281526..af13f27a 100644
--- a/tests/test_x509_ext.py
+++ b/tests/test_x509_ext.py
@@ -74,6 +74,23 @@ class TestExtensions(object):
         ext = cert.extensions
         assert len(ext) == 0
         assert list(ext) == []
+        with pytest.raises(x509.ExtensionNotFound) as exc:
+            ext.get_extension_for_oid(x509.OID_BASIC_CONSTRAINTS)
+
+        assert exc.value.oid == x509.OID_BASIC_CONSTRAINTS
+
+    def test_one_extension(self, backend):
+        cert = _load_cert(
+            os.path.join(
+                "x509", "custom", "basic_constraints_not_critical.pem"
+            ),
+            x509.load_pem_x509_certificate,
+            backend
+        )
+        extensions = cert.extensions
+        ext = extensions.get_extension_for_oid(x509.OID_BASIC_CONSTRAINTS)
+        assert ext is not None
+        assert ext.value.ca is False
 
     def test_duplicate_extension(self, backend):
         cert = _load_cert(
@@ -112,3 +129,94 @@ class TestExtensions(object):
         )
         extensions = cert.extensions
         assert len(extensions) == 0
+
+
+@pytest.mark.requires_backend_interface(interface=RSABackend)
+@pytest.mark.requires_backend_interface(interface=X509Backend)
+class TestBasicConstraintsExtension(object):
+    def test_ca_true_pathlen_6(self, backend):
+        cert = _load_cert(
+            os.path.join(
+                "x509", "PKITS_data", "certs", "pathLenConstraint6CACert.crt"
+            ),
+            x509.load_der_x509_certificate,
+            backend
+        )
+        ext = cert.extensions.get_extension_for_oid(
+            x509.OID_BASIC_CONSTRAINTS
+        )
+        assert ext is not None
+        assert ext.critical is True
+        assert ext.value.ca is True
+        assert ext.value.path_length == 6
+
+    def test_path_length_zero(self, backend):
+        cert = _load_cert(
+            os.path.join("x509", "custom", "bc_path_length_zero.pem"),
+            x509.load_pem_x509_certificate,
+            backend
+        )
+        ext = cert.extensions.get_extension_for_oid(
+            x509.OID_BASIC_CONSTRAINTS
+        )
+        assert ext is not None
+        assert ext.critical is True
+        assert ext.value.ca is True
+        assert ext.value.path_length == 0
+
+    def test_ca_true_no_pathlen(self, backend):
+        cert = _load_cert(
+            os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"),
+            x509.load_der_x509_certificate,
+            backend
+        )
+        ext = cert.extensions.get_extension_for_oid(
+            x509.OID_BASIC_CONSTRAINTS
+        )
+        assert ext is not None
+        assert ext.critical is True
+        assert ext.value.ca is True
+        assert ext.value.path_length is None
+
+    def test_ca_false(self, backend):
+        cert = _load_cert(
+            os.path.join("x509", "cryptography.io.pem"),
+            x509.load_pem_x509_certificate,
+            backend
+        )
+        ext = cert.extensions.get_extension_for_oid(
+            x509.OID_BASIC_CONSTRAINTS
+        )
+        assert ext is not None
+        assert ext.critical is True
+        assert ext.value.ca is False
+        assert ext.value.path_length is None
+
+    def test_no_basic_constraints(self, backend):
+        cert = _load_cert(
+            os.path.join(
+                "x509",
+                "PKITS_data",
+                "certs",
+                "ValidCertificatePathTest1EE.crt"
+            ),
+            x509.load_der_x509_certificate,
+            backend
+        )
+        with pytest.raises(x509.ExtensionNotFound):
+            cert.extensions.get_extension_for_oid(x509.OID_BASIC_CONSTRAINTS)
+
+    def test_basic_constraint_not_critical(self, backend):
+        cert = _load_cert(
+            os.path.join(
+                "x509", "custom", "basic_constraints_not_critical.pem"
+            ),
+            x509.load_pem_x509_certificate,
+            backend
+        )
+        ext = cert.extensions.get_extension_for_oid(
+            x509.OID_BASIC_CONSTRAINTS
+        )
+        assert ext is not None
+        assert ext.critical is False
+        assert ext.value.ca is False
author	Alex Gaynor <alex.gaynor@gmail.com>	2015-03-28 16:40:02 -0400
committer	Alex Gaynor <alex.gaynor@gmail.com>	2015-03-28 16:40:02 -0400
commit	554104d69e00d7afbea3c69f8e956e84bda5f1af (patch)
tree	15d91fef1f83ca95a47334bacc9ba68e886a1a18 /tests
parent	11f1f82ac628712015531b6cbddf5daeb6fd4acf (diff)
parent	de813eab6dcd19372fe7aade302f90fe2dac9d03 (diff)
download	cryptography-554104d69e00d7afbea3c69f8e956e84bda5f1af.tar.gz cryptography-554104d69e00d7afbea3c69f8e956e84bda5f1af.tar.bz2 cryptography-554104d69e00d7afbea3c69f8e956e84bda5f1af.zip