support CRLDistributionPoints in the OpenSSL backend

author: Paul Kehrer <paul.l.kehrer@gmail.com> 2015-05-10 14:55:51 -0500
committer: Paul Kehrer <paul.l.kehrer@gmail.com> 2015-05-13 08:55:46 -0500
commit: 9a10d59aaaf805a2aecef40df5338d2fc0602be9 (patch)
tree: 64e41957adddc5cf8eb654fd5bbe7f5c7ae45cc6 /tests
parent: 91ea3a91fe67ecf2577b3f88955c4baad4d4f131 (diff)
download: cryptography-9a10d59aaaf805a2aecef40df5338d2fc0602be9.tar.gz
cryptography-9a10d59aaaf805a2aecef40df5338d2fc0602be9.tar.bz2
cryptography-9a10d59aaaf805a2aecef40df5338d2fc0602be9.zip
1 files changed, 158 insertions, 0 deletions
diff --git a/tests/test_x509_ext.py b/tests/test_x509_ext.py
index 2852776b..94b33aeb 100644
--- a/tests/test_x509_ext.py
+++ b/tests/test_x509_ext.py
@@ -1929,3 +1929,161 @@ class TestCRLDistributionPoints(object):
         assert cdp != cdp3
         assert cdp != cdp4
         assert cdp != object()
+
+
+@pytest.mark.requires_backend_interface(interface=RSABackend)
+@pytest.mark.requires_backend_interface(interface=X509Backend)
+class TestCRLDistributionPointsExtension(object):
+    def test_fullname_and_crl_issuer(self, backend):
+        cert = _load_cert(
+            os.path.join(
+                "x509", "PKITS_data", "certs", "ValidcRLIssuerTest28EE.crt"
+            ),
+            x509.load_der_x509_certificate,
+            backend
+        )
+
+        cdps = cert.extensions.get_extension_for_oid(
+            x509.OID_CRL_DISTRIBUTION_POINTS
+        ).value
+
+        assert cdps == x509.CRLDistributionPoints([
+            x509.DistributionPoint(
+                full_name=[x509.DirectoryName(
+                    x509.Name([
+                        x509.NameAttribute(x509.OID_COUNTRY_NAME, "US"),
+                        x509.NameAttribute(
+                            x509.OID_ORGANIZATION_NAME,
+                            "Test Certificates 2011"
+                        ),
+                        x509.NameAttribute(
+                            x509.OID_ORGANIZATIONAL_UNIT_NAME,
+                            "indirectCRL CA3 cRLIssuer"
+                        ),
+                        x509.NameAttribute(
+                            x509.OID_COMMON_NAME,
+                            "indirect CRL for indirectCRL CA3"
+                        ),
+                    ])
+                )],
+                relative_name=None,
+                reasons=None,
+                crl_issuer=[x509.DirectoryName(
+                    x509.Name([
+                        x509.NameAttribute(x509.OID_COUNTRY_NAME, "US"),
+                        x509.NameAttribute(
+                            x509.OID_ORGANIZATION_NAME,
+                            "Test Certificates 2011"
+                        ),
+                        x509.NameAttribute(
+                            x509.OID_ORGANIZATIONAL_UNIT_NAME,
+                            "indirectCRL CA3 cRLIssuer"
+                        ),
+                    ])
+                )],
+            )
+        ])
+
+    def test_relativename_and_crl_issuer(self, backend):
+        cert = _load_cert(
+            os.path.join(
+                "x509", "PKITS_data", "certs", "ValidcRLIssuerTest29EE.crt"
+            ),
+            x509.load_der_x509_certificate,
+            backend
+        )
+
+        cdps = cert.extensions.get_extension_for_oid(
+            x509.OID_CRL_DISTRIBUTION_POINTS
+        ).value
+
+        assert cdps == x509.CRLDistributionPoints([
+            x509.DistributionPoint(
+                full_name=None,
+                relative_name=x509.Name([
+                    x509.NameAttribute(
+                        x509.OID_COMMON_NAME,
+                        "indirect CRL for indirectCRL CA3"
+                    ),
+                ]),
+                reasons=None,
+                crl_issuer=[x509.DirectoryName(
+                    x509.Name([
+                        x509.NameAttribute(x509.OID_COUNTRY_NAME, "US"),
+                        x509.NameAttribute(
+                            x509.OID_ORGANIZATION_NAME,
+                            "Test Certificates 2011"
+                        ),
+                        x509.NameAttribute(
+                            x509.OID_ORGANIZATIONAL_UNIT_NAME,
+                            "indirectCRL CA3 cRLIssuer"
+                        ),
+                    ])
+                )],
+            )
+        ])
+
+    def test_fullname_crl_issuer_reasons(self, backend):
+        cert = _load_cert(
+            os.path.join(
+                "x509", "custom", "cdp_fullname_reasons_crl_issuer.pem"
+            ),
+            x509.load_pem_x509_certificate,
+            backend
+        )
+
+        cdps = cert.extensions.get_extension_for_oid(
+            x509.OID_CRL_DISTRIBUTION_POINTS
+        ).value
+
+        assert cdps == x509.CRLDistributionPoints([
+            x509.DistributionPoint(
+                full_name=[x509.UniformResourceIdentifier(
+                    u"http://myhost.com/myca.crl"
+                )],
+                relative_name=None,
+                reasons=frozenset([
+                    x509.ReasonFlags.key_compromise,
+                    x509.ReasonFlags.ca_compromise
+                ]),
+                crl_issuer=[x509.DirectoryName(
+                    x509.Name([
+                        x509.NameAttribute(x509.OID_COUNTRY_NAME, "US"),
+                        x509.NameAttribute(
+                            x509.OID_ORGANIZATION_NAME, "PyCA"
+                        ),
+                        x509.NameAttribute(
+                            x509.OID_COMMON_NAME, "cryptography CA"
+                        ),
+                    ])
+                )],
+            )
+        ])
+
+    def test_crl_issuer_only(self, backend):
+        cert = _load_cert(
+            os.path.join(
+                "x509", "custom", "cdp_crl_issuer.pem"
+            ),
+            x509.load_pem_x509_certificate,
+            backend
+        )
+
+        cdps = cert.extensions.get_extension_for_oid(
+            x509.OID_CRL_DISTRIBUTION_POINTS
+        ).value
+
+        assert cdps == x509.CRLDistributionPoints([
+            x509.DistributionPoint(
+                full_name=None,
+                relative_name=None,
+                reasons=None,
+                crl_issuer=[x509.DirectoryName(
+                    x509.Name([
+                        x509.NameAttribute(
+                            x509.OID_COMMON_NAME, "cryptography CA"
+                        ),
+                    ])
+                )],
+            )
+        ])
author	Paul Kehrer <paul.l.kehrer@gmail.com>	2015-05-10 14:55:51 -0500
committer	Paul Kehrer <paul.l.kehrer@gmail.com>	2015-05-13 08:55:46 -0500
commit	9a10d59aaaf805a2aecef40df5338d2fc0602be9 (patch)
tree	64e41957adddc5cf8eb654fd5bbe7f5c7ae45cc6 /tests
parent	91ea3a91fe67ecf2577b3f88955c4baad4d4f131 (diff)
download	cryptography-9a10d59aaaf805a2aecef40df5338d2fc0602be9.tar.gz cryptography-9a10d59aaaf805a2aecef40df5338d2fc0602be9.tar.bz2 cryptography-9a10d59aaaf805a2aecef40df5338d2fc0602be9.zip