diff options
7 files changed, 114 insertions, 18 deletions
diff --git a/docs/development/test-vectors.rst b/docs/development/test-vectors.rst index 41531f7b..3d49801d 100644 --- a/docs/development/test-vectors.rst +++ b/docs/development/test-vectors.rst @@ -179,6 +179,19 @@ Custom X.509 Vectors containing an authority information access extension with an OCSP entry. * ``aia_ca_issuers.pem`` - An RSA 2048 bit self-signed certificate containing an authority information access extension with a CA issuers entry. +* ``cdp_fullname_reasons_crl_issuer.pem`` - An RSA 1024 bit certificate + containing a CRL distribution points extension with ``fullName``, + ``cRLIssuer``, and ``reasons`` data. +* ``cdp_crl_issuer.pem`` - An RSA 1024 bit certificate containing a CRL + distribution points extension with ``cRLIssuer`` data. +* ``cp_user_notice_with_notice_reference.pem`` - An RSA 2048 bit self-signed + certificate containing a certificate policies extension with a + notice reference in the user notice. +* ``cp_user_notice_with_explicit_text.pem`` - An RSA 2048 bit self-signed + certificate containing a certificate policies extension with explicit + text and no notice reference. +* ``cp_cps_uri.pem`` - An RSA 2048 bit self-signed certificate containing a + certificate policies extension with a CPS URI and no user notice. Custom X.509 Request Vectors ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py index 42ca138d..44ad2d6d 100644 --- a/src/cryptography/hazmat/backends/openssl/x509.py +++ b/src/cryptography/hazmat/backends/openssl/x509.py @@ -65,6 +65,17 @@ def _build_x509_name(backend, x509_name): return x509.Name(attributes) +def _build_general_names(backend, gns): + num = backend._lib.sk_GENERAL_NAME_num(gns) + names = [] + for i in range(num): + gn = backend._lib.sk_GENERAL_NAME_value(gns, i) + assert gn != backend._ffi.NULL + names.append(_build_general_name(backend, gn)) + + return names + + def _build_general_name(backend, gn): if gn.type == backend._lib.GEN_DNS: data = backend._ffi.buffer(gn.d.dNSName.data, gn.d.dNSName.length)[:] @@ -342,15 +353,9 @@ class _Certificate(object): )[:] if akid.issuer != self._backend._ffi.NULL: - authority_cert_issuer = [] - - num = self._backend._lib.sk_GENERAL_NAME_num(akid.issuer) - for i in range(num): - gn = self._backend._lib.sk_GENERAL_NAME_value(akid.issuer, i) - assert gn != self._backend._ffi.NULL - value = _build_general_name(self._backend, gn) - - authority_cert_issuer.append(value) + authority_cert_issuer = _build_general_names( + self._backend, akid.issuer + ) if akid.serial != self._backend._ffi.NULL: bn = self._backend._lib.ASN1_INTEGER_to_BN( @@ -420,15 +425,7 @@ class _Certificate(object): ) assert gns != self._backend._ffi.NULL gns = self._backend._ffi.gc(gns, self._backend._lib.GENERAL_NAMES_free) - num = self._backend._lib.sk_GENERAL_NAME_num(gns) - general_names = [] - - for i in range(num): - gn = self._backend._lib.sk_GENERAL_NAME_value(gns, i) - assert gn != self._backend._ffi.NULL - value = _build_general_name(self._backend, gn) - - general_names.append(value) + general_names = _build_general_names(self._backend, gns) return x509.SubjectAlternativeName(general_names) diff --git a/vectors/cryptography_vectors/x509/custom/cdp_crl_issuer.pem b/vectors/cryptography_vectors/x509/custom/cdp_crl_issuer.pem new file mode 100644 index 00000000..522cfc65 --- /dev/null +++ b/vectors/cryptography_vectors/x509/custom/cdp_crl_issuer.pem @@ -0,0 +1,14 @@ +-----BEGIN CERTIFICATE----- +MIICMjCCAZugAwIBAgIBBDANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEO +MAwGA1UECBMFVGV4YXMxDzANBgNVBAcTBkF1c3RpbjENMAsGA1UEChMEUHlDQTET +MBEGA1UEAxMKcmFuZG8gcm9vdDAeFw0xNTA1MTAxOTQ2MDdaFw0xNjA1MDkxOTQ2 +MDdaMDsxDTALBgNVBAMTBGxlYWYxDjAMBgNVBAgTBVRleGFzMQswCQYDVQQGEwJV +UzENMAsGA1UEChMEUHlDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtrm+ +lMamYGVuULhG2m7HjsNz48bV9/9GShnLW1C7jajVbOu5YetyVfyKXoymbqT68O0d +7YxnFz1Yiik3/RqxbTL8ccc2F5VXXcwzc5A6EwtqJNVCG3NY/Ft5vYONVl20dyhV +/7BzKA/Lv45FnSDyiGss/amNGodznEk/95QdeLkCAwEAAaMvMC0wKwYDVR0fBCQw +IjAgoh6kHDAaMRgwFgYDVQQDDA9jcnlwdG9ncmFwaHkgQ0EwDQYJKoZIhvcNAQEF +BQADgYEAXrFLaAwEJqRLsjnHZmd8tRUKTkJqUMjfenm7M9inCpkaqVFefgftR1pT +d4pyj36RhNVaFXw6b54CxUnvehO9oY8tiREK49rtBHWq0IuoPTwpl5xTkQz75E/5 +lvXL/5lJ59HEFItiW7Orl7GeRZIf5ef4lGEGvD5CedmJdB//vTA= +-----END CERTIFICATE----- diff --git a/vectors/cryptography_vectors/x509/custom/cdp_fullname_reasons_crl_issuer.pem b/vectors/cryptography_vectors/x509/custom/cdp_fullname_reasons_crl_issuer.pem new file mode 100644 index 00000000..112899a8 --- /dev/null +++ b/vectors/cryptography_vectors/x509/custom/cdp_fullname_reasons_crl_issuer.pem @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE----- +MIICcjCCAdugAwIBAgIBATANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEO +MAwGA1UECBMFVGV4YXMxDzANBgNVBAcTBkF1c3RpbjENMAsGA1UEChMEUHlDQTET +MBEGA1UEAxMKcmFuZG8gcm9vdDAeFw0xNTA1MTAxODQ2MDFaFw0xNjA1MDkxODQ2 +MDFaMDsxDTALBgNVBAMTBGxlYWYxDjAMBgNVBAgTBVRleGFzMQswCQYDVQQGEwJV +UzENMAsGA1UEChMEUHlDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtrm+ +lMamYGVuULhG2m7HjsNz48bV9/9GShnLW1C7jajVbOu5YetyVfyKXoymbqT68O0d +7YxnFz1Yiik3/RqxbTL8ccc2F5VXXcwzc5A6EwtqJNVCG3NY/Ft5vYONVl20dyhV +/7BzKA/Lv45FnSDyiGss/amNGodznEk/95QdeLkCAwEAAaNvMG0wawYDVR0fBGQw +YjBgoB6gHIYaaHR0cDovL215aG9zdC5jb20vbXljYS5jcmyBAgVgojqkODA2MQsw +CQYDVQQGEwJVUzENMAsGA1UECgwEUHlDQTEYMBYGA1UEAwwPY3J5cHRvZ3JhcGh5 +IENBMA0GCSqGSIb3DQEBBQUAA4GBACjshycFKqBSEFTupZAn8l4zuuif514pCi0/ +U8MjSDsHZRhN/zFGoH2vpZNjkLbvvSj27zz4PoE2HTaKigeLsKxYQxLdtXe9mnmk +i1GKTDgnHxBLRfG7KlNQSoWZPP0PAhYNkGCm+NsTytJZqREokCNw7K9BmUoclqRL +ydRF7jc4 +-----END CERTIFICATE----- diff --git a/vectors/cryptography_vectors/x509/custom/cp_cps_uri.pem b/vectors/cryptography_vectors/x509/custom/cp_cps_uri.pem new file mode 100644 index 00000000..b8120080 --- /dev/null +++ b/vectors/cryptography_vectors/x509/custom/cp_cps_uri.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC8TCCAdmgAwIBAgITBmsoYWX1PCELRmm8qB2WJ2QdDjANBgkqhkiG9w0BAQUF +ADASMRAwDgYDVQQDDAdQeUNBIENBMB4XDTE1MDUxMTE4NTc0NVoXDTE2MDUxMDE4 +NTc0NVowEjEQMA4GA1UEAwwHUHlDQSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAK3FTRITEY4b/Y1Uv4CtH61Y19TPxK2+H/XuqHwtYlPRyD35LLFE +S0wykf0V2m1DUmf9jQa9R63jBZxzCgJ/oIJzV28PgSg9P/Nn417fNASDduY2GPvY +uwwKXcLY2fBBFjBrz7z/5tyXCADjLDkzoUTzQlYPbhOrFU5QwaqlckXBgt/48GRD +ujoHy4RSMEDNjLUDgwx7Z/JK2ujbGJDguLRuBsHirk2h6xXEmSWxquKDXw4Nnakw +Bqp8kKhQ2xTSWXxabNps8FCBM4sC78gKgONy3lbYdHFt/2BU4yAMyowJwtDEYHCq +e1g4sVsB839Ol0SXb6vleXQ6dx+zbi8UzTsCAwEAAaNAMD4wPAYDVR0gBDUwMzAx +BgtghkgB4DkBAgMEATAiMCAGCCsGAQUFBwIBFhRodHRwOi8vb3RoZXIuY29tL2Nw +czANBgkqhkiG9w0BAQUFAAOCAQEADpZIjHvu02euPNI8nzzDufRXEnjrF09xc9pu +dxTjWU2mSVApXPmTDyWzOD+2HmsNKHRE6sWjca5qPDeDbGq4JOw+TzYq9eoqwK2S +h0QHUpg5ZaAmIJ1qe5/sNETH5RFlXrlzW9S0rwViLgUaJp6MreTdGZbxdpNsfdku +Nd+STz0MA/3ScbdUcj6uwQQ4JxQiTuPwD35pKwxfUzHjeTmqIEHDuCk17KqIRORd +beD3vFx0R5IQ3mQ69zSGY2AGB0A9oS0qQ2/Mh59A6xyjbPH3Rr7g5MW58PPTWp2F +SXkloy7Ze+doQ7wXE6PVmaeKz5qA9OGaCHIiC2iG9UcqWxfeWw== +-----END CERTIFICATE----- diff --git a/vectors/cryptography_vectors/x509/custom/cp_user_notice_with_explicit_text.pem b/vectors/cryptography_vectors/x509/custom/cp_user_notice_with_explicit_text.pem new file mode 100644 index 00000000..5c554d22 --- /dev/null +++ b/vectors/cryptography_vectors/x509/custom/cp_user_notice_with_explicit_text.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC5DCCAcygAwIBAgITBmsoXdMU1JQ6vRGJby5SNWZ/cTANBgkqhkiG9w0BAQUF +ADASMRAwDgYDVQQDDAdQeUNBIENBMB4XDTE1MDUxMTE4NTY1N1oXDTE2MDUxMDE4 +NTY1N1owEjEQMA4GA1UEAwwHUHlDQSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAK3FTRITEY4b/Y1Uv4CtH61Y19TPxK2+H/XuqHwtYlPRyD35LLFE +S0wykf0V2m1DUmf9jQa9R63jBZxzCgJ/oIJzV28PgSg9P/Nn417fNASDduY2GPvY +uwwKXcLY2fBBFjBrz7z/5tyXCADjLDkzoUTzQlYPbhOrFU5QwaqlckXBgt/48GRD +ujoHy4RSMEDNjLUDgwx7Z/JK2ujbGJDguLRuBsHirk2h6xXEmSWxquKDXw4Nnakw +Bqp8kKhQ2xTSWXxabNps8FCBM4sC78gKgONy3lbYdHFt/2BU4yAMyowJwtDEYHCq +e1g4sVsB839Ol0SXb6vleXQ6dx+zbi8UzTsCAwEAAaMzMDEwLwYDVR0gBCgwJjAk +BgtghkgB4DkBAgMEATAVMBMGCCsGAQUFBwICMAcaBXRoaW5nMA0GCSqGSIb3DQEB +BQUAA4IBAQBryvzKUwmTCwvHomy1u73lG7fiQLYb5rSSUq0ungYMTuqP5qLuRQ2N +2JxqCTgbQX/GfyGx2X1dKDQOFkSFkArtnBxhxLodJhL2CGdZ9SwgH0ANu0oMz081 +zA4WvI6WUz00ni07vGtRHIFktVYvoo9oTneLBXeNfSUj4bnJ2ggI/luONnhOval2 +XBFwK7p7lFsgNKRYKptoTPMesRLDdlTEwG/1qEbaQ5rJg208oeIpPn1eG8OPeRL0 +wYQxjC8yxAvalAv4DrDFvl6N8v8DDgIz9aVPR4d4yBQq7BBQLx0+AoMZPUTnxSG8 +ngP92zj0Nma2+XfHV/h+Z9ffMhc8d7mQ +-----END CERTIFICATE----- diff --git a/vectors/cryptography_vectors/x509/custom/cp_user_notice_with_notice_reference.pem b/vectors/cryptography_vectors/x509/custom/cp_user_notice_with_notice_reference.pem new file mode 100644 index 00000000..7c9ae35e --- /dev/null +++ b/vectors/cryptography_vectors/x509/custom/cp_user_notice_with_notice_reference.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDSDCCAjCgAwIBAgITBmsoTdhbDlV/BM8MX5MoDgxUQjANBgkqhkiG9w0BAQUF +ADASMRAwDgYDVQQDDAdQeUNBIENBMB4XDTE1MDUxMTE4NTMyNVoXDTE2MDUxMDE4 +NTMyNVowEjEQMA4GA1UEAwwHUHlDQSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAK3FTRITEY4b/Y1Uv4CtH61Y19TPxK2+H/XuqHwtYlPRyD35LLFE +S0wykf0V2m1DUmf9jQa9R63jBZxzCgJ/oIJzV28PgSg9P/Nn417fNASDduY2GPvY +uwwKXcLY2fBBFjBrz7z/5tyXCADjLDkzoUTzQlYPbhOrFU5QwaqlckXBgt/48GRD +ujoHy4RSMEDNjLUDgwx7Z/JK2ujbGJDguLRuBsHirk2h6xXEmSWxquKDXw4Nnakw +Bqp8kKhQ2xTSWXxabNps8FCBM4sC78gKgONy3lbYdHFt/2BU4yAMyowJwtDEYHCq +e1g4sVsB839Ol0SXb6vleXQ6dx+zbi8UzTsCAwEAAaOBljCBkzCBkAYDVR0gBIGI +MIGFMIGCBgtghkgB4DkBAgMEATBzMCIGCCsGAQUFBwIBFhZodHRwOi8vZXhhbXBs +ZS5jb20vY3BzMCAGCCsGAQUFBwIBFhRodHRwOi8vb3RoZXIuY29tL2NwczArBggr +BgEFBQcCAjAfMBYWBm15IG9yZzAMAgEBAgECAgEDAgEEGgV0aGluZzANBgkqhkiG +9w0BAQUFAAOCAQEAgOyP4qwI5llvvIu2f5lyCEMsKEwFkCaeJ74jjW2ZjSI6qz0I +qrTLjk5ePsf2i1+sXRtvpkFsAVFFSMtUvmkcniXbfHPkOqvExkLuelo68T429KSv +PDAUia8alBkJ3BwRIce3T5MS7AousTGTEy5BsEb2gjbA093OOFOWaQBXZ7UlBZWE +c5s9zMHJSmD8DuRSkaLMwQcf3jJQ+KAPsFFidA+oBwigtBW1XisEdiASd3MSZmL5 +IOzq40gVqz9lB1WMVFq5WzBj+EskFnV8RRpASQJqHqmNw4lH0Cf6rwilTZ8+Q3Sp +oPE7RycMMrEOxqBv25ZIAUcRspTpMeFriuSMuw== +-----END CERTIFICATE----- |