diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2015-07-23 20:31:12 +0100 |
|---|---|---|
| committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2015-07-23 22:12:47 +0100 |
| commit | dce91f0b2923daf60a6fdfd811eb5b3d81ac7c88 (patch) | |
| tree | 5d7a89c36fd968c4f536f1c96e8f8fe2e49d78c1 /tests | |
| parent | 8bfbacef9cb973115c0cf0f4185c8f47812c37bc (diff) | |
| download | cryptography-dce91f0b2923daf60a6fdfd811eb5b3d81ac7c88.tar.gz cryptography-dce91f0b2923daf60a6fdfd811eb5b3d81ac7c88.tar.bz2 cryptography-dce91f0b2923daf60a6fdfd811eb5b3d81ac7c88.zip | |
Support encoding KeyUsage into certificate signing requests
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/test_x509.py | 66 |
1 files changed, 64 insertions, 2 deletions
diff --git a/tests/test_x509.py b/tests/test_x509.py index b2262c71..af7d9421 100644 --- a/tests/test_x509.py +++ b/tests/test_x509.py @@ -962,6 +962,20 @@ class TestCertificateSigningRequestBuilder(object): x509.SubjectAlternativeName([x509.DNSName(u"cryptography.io")]), critical=False, ).add_extension( + x509.InhibitAnyPolicy(0), + critical=False + ) + with pytest.raises(NotImplementedError): + builder.sign(private_key, hashes.SHA256(), backend) + + def test_key_usage(self, backend): + private_key = RSA_KEY_2048.private_key(backend) + builder = x509.CertificateSigningRequestBuilder() + request = builder.subject_name( + x509.Name([ + x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), + ]) + ).add_extension( x509.KeyUsage( digital_signature=True, content_commitment=True, @@ -974,9 +988,57 @@ class TestCertificateSigningRequestBuilder(object): decipher_only=False ), critical=False + ).sign(private_key, hashes.SHA256(), backend) + assert len(request.extensions) == 1 + ext = request.extensions.get_extension_for_oid(x509.OID_KEY_USAGE) + assert ext.critical is False + assert ext.value == x509.KeyUsage( + digital_signature=True, + content_commitment=True, + key_encipherment=False, + data_encipherment=False, + key_agreement=False, + key_cert_sign=True, + crl_sign=False, + encipher_only=False, + decipher_only=False + ) + + def test_key_usage_key_agreement_bit(self, backend): + private_key = RSA_KEY_2048.private_key(backend) + builder = x509.CertificateSigningRequestBuilder() + request = builder.subject_name( + x509.Name([ + x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), + ]) + ).add_extension( + x509.KeyUsage( + digital_signature=False, + content_commitment=False, + key_encipherment=False, + data_encipherment=False, + key_agreement=True, + key_cert_sign=True, + crl_sign=False, + encipher_only=False, + decipher_only=True + ), + critical=False + ).sign(private_key, hashes.SHA256(), backend) + assert len(request.extensions) == 1 + ext = request.extensions.get_extension_for_oid(x509.OID_KEY_USAGE) + assert ext.critical is False + assert ext.value == x509.KeyUsage( + digital_signature=False, + content_commitment=False, + key_encipherment=False, + data_encipherment=False, + key_agreement=True, + key_cert_sign=True, + crl_sign=False, + encipher_only=False, + decipher_only=True ) - with pytest.raises(NotImplementedError): - builder.sign(private_key, hashes.SHA256(), backend) def test_add_two_extensions(self, backend): private_key = RSA_KEY_2048.private_key(backend) |