diff options
| author | Alex Gaynor <alex.gaynor@gmail.com> | 2015-08-08 23:46:38 -0400 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2015-08-08 23:46:38 -0400 |
| commit | ba62a0ba66cdf7476dd741a0bf0f08cab518524c (patch) | |
| tree | e8db8b3700443db0565d70ce170a1380cb92a9ff /tests | |
| parent | 57df4852891c509917bffca53dffad88a4e914ab (diff) | |
| parent | aedeedb8ce32caedf68ae0bf0066a70175c9f694 (diff) | |
| download | cryptography-ba62a0ba66cdf7476dd741a0bf0f08cab518524c.tar.gz cryptography-ba62a0ba66cdf7476dd741a0bf0f08cab518524c.tar.bz2 cryptography-ba62a0ba66cdf7476dd741a0bf0f08cab518524c.zip | |
Merge pull request #2230 from reaperhulk/encode-iap
support InhibitAnyPolicy in CertificateBuilder
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/hazmat/backends/test_openssl.py | 2 | ||||
| -rw-r--r-- | tests/test_x509.py | 30 |
2 files changed, 31 insertions, 1 deletions
diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py index 051827af..8f559c84 100644 --- a/tests/hazmat/backends/test_openssl.py +++ b/tests/hazmat/backends/test_openssl.py @@ -529,7 +529,7 @@ class TestOpenSSLSignX509Certificate(object): ).not_valid_after( datetime.datetime(2020, 1, 1) ).add_extension( - x509.InhibitAnyPolicy(0), False + x509.IssuerAlternativeName([x509.DNSName(u"crypto.io")]), False ) with pytest.raises(NotImplementedError): diff --git a/tests/test_x509.py b/tests/test_x509.py index 9ca8931d..b630e337 100644 --- a/tests/test_x509.py +++ b/tests/test_x509.py @@ -1455,6 +1455,36 @@ class TestCertificateBuilder(object): @pytest.mark.requires_backend_interface(interface=RSABackend) @pytest.mark.requires_backend_interface(interface=X509Backend) + def test_inhibit_any_policy(self, backend): + issuer_private_key = RSA_KEY_2048.private_key(backend) + subject_private_key = RSA_KEY_2048.private_key(backend) + + not_valid_before = datetime.datetime(2002, 1, 1, 12, 1) + not_valid_after = datetime.datetime(2030, 12, 31, 8, 30) + + cert = x509.CertificateBuilder().subject_name( + x509.Name([x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US')]) + ).issuer_name( + x509.Name([x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US')]) + ).not_valid_before( + not_valid_before + ).not_valid_after( + not_valid_after + ).public_key( + subject_private_key.public_key() + ).serial_number( + 123 + ).add_extension( + x509.InhibitAnyPolicy(3), critical=False + ).sign(issuer_private_key, hashes.SHA256(), backend) + + ext = cert.extensions.get_extension_for_oid( + x509.OID_INHIBIT_ANY_POLICY + ) + assert ext.value == x509.InhibitAnyPolicy(3) + + @pytest.mark.requires_backend_interface(interface=RSABackend) + @pytest.mark.requires_backend_interface(interface=X509Backend) def test_key_usage(self, backend): issuer_private_key = RSA_KEY_2048.private_key(backend) subject_private_key = RSA_KEY_2048.private_key(backend) |