diff options
27 files changed, 282 insertions, 43 deletions
diff --git a/.travis.yml b/.travis.yml index 23c999ec..e1af18f9 100644 --- a/.travis.yml +++ b/.travis.yml @@ -117,18 +117,6 @@ matrix: - language: generic os: osx osx_image: xcode7 - env: TOXENV=py33 OPENSSL=0.9.8 - - language: generic - os: osx - osx_image: xcode7 - env: TOXENV=py34 OPENSSL=0.9.8 - - language: generic - os: osx - osx_image: xcode7 - env: TOXENV=py35 OPENSSL=0.9.8 - - language: generic - os: osx - osx_image: xcode7 env: TOXENV=pypy OPENSSL=0.9.8 - language: generic os: osx diff --git a/dev-requirements.txt b/dev-requirements.txt index 6130eb37..d82c13b6 100644 --- a/dev-requirements.txt +++ b/dev-requirements.txt @@ -5,7 +5,7 @@ invoke iso8601 pep8-naming pretend -pytest<2.8 +pytest requests sphinx sphinx_rtd_theme diff --git a/docs/development/test-vectors.rst b/docs/development/test-vectors.rst index 15c3be96..bfe76330 100644 --- a/docs/development/test-vectors.rst +++ b/docs/development/test-vectors.rst @@ -148,6 +148,9 @@ Custom X.509 Vectors certificate containing a subject alternative name extension with the following general names: ``rfc822Name``, ``dNSName``, ``iPAddress``, ``directoryName``, and ``uniformResourceIdentifier``. +* ``san_empty_hostname.pem`` - An RSA 2048 bit self-signed certificate + containing a subject alternative extension with an empty ``dNSName`` + general name. * ``san_other_name.pem`` - An RSA 2048 bit self-signed certificate containing a subject alternative name extension with the ``otherName`` general name. * ``san_registered_id.pem`` - An RSA 1024 bit certificate containing a @@ -193,6 +196,9 @@ Custom X.509 Vectors containing an authority information access extension with an OCSP entry. * ``aia_ca_issuers.pem`` - An RSA 2048 bit self-signed certificate containing an authority information access extension with a CA issuers entry. +* ``cdp_empty_hostname.pem`` - An RSA 2048 bit self-signed certificate + containing a CRL distribution point extension with ``fullName`` URI without + a hostname. * ``cdp_fullname_reasons_crl_issuer.pem`` - An RSA 1024 bit certificate containing a CRL distribution points extension with ``fullName``, ``cRLIssuer``, and ``reasons`` data. @@ -248,6 +254,8 @@ Custom X.509 Vectors policy constraints extension with an inhibit policy mapping element. * ``pc_require.pem`` - An RSA 2048 bit self-signed certificate containing a policy constraints extension with a require explicit policy element. +* ``unsupported_subject_public_key_info.pem`` - A certificate whose public key + is an unknown OID (``1.3.6.1.4.1.8432.1.1.2``). Custom X.509 Request Vectors ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/docs/hazmat/primitives/asymmetric/dsa.rst b/docs/hazmat/primitives/asymmetric/dsa.rst index 4eb17e30..1429cb09 100644 --- a/docs/hazmat/primitives/asymmetric/dsa.rst +++ b/docs/hazmat/primitives/asymmetric/dsa.rst @@ -86,8 +86,14 @@ described in :rfc:`3279`. This can be decoded using Verification ~~~~~~~~~~~~ -Using a :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey` -provider. +Verification is performed using a +:class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey` provider. +You can get a public key object with +:func:`~cryptography.hazmat.primitives.serialization.load_pem_public_key`, +:func:`~cryptography.hazmat.primitives.serialization.load_der_public_key`, +:meth:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicNumbers.public_key` +, or +:meth:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey.public_key`. .. doctest:: diff --git a/docs/hazmat/primitives/asymmetric/ec.rst b/docs/hazmat/primitives/asymmetric/ec.rst index 6356c278..7c67229c 100644 --- a/docs/hazmat/primitives/asymmetric/ec.rst +++ b/docs/hazmat/primitives/asymmetric/ec.rst @@ -12,7 +12,7 @@ Elliptic curve cryptography Generate a new private key on ``curve`` for use with ``backend``. - :param backend: A :class:`EllipticCurve` provider. + :param curve: A :class:`EllipticCurve` provider. :param backend: A :class:`~cryptography.hazmat.backends.interfaces.EllipticCurveBackend` diff --git a/docs/hazmat/primitives/asymmetric/rsa.rst b/docs/hazmat/primitives/asymmetric/rsa.rst index f88750cf..bc2402de 100644 --- a/docs/hazmat/primitives/asymmetric/rsa.rst +++ b/docs/hazmat/primitives/asymmetric/rsa.rst @@ -163,9 +163,15 @@ Verification ~~~~~~~~~~~~ The previous section describes what to do if you have a private key and want to -sign something. If you have a public key, a message, and a signature, you can -check that the public key genuinely was used to sign that specific message. You -also need to know which signing algorithm was used: +sign something. If you have a public key, a message, a signature, and the +signing algorithm that was used you can check that the private key associated +with a given public key was used to sign that specific message. You can obtain +a public key to use in verification using +:func:`~cryptography.hazmat.primitives.serialization.load_pem_public_key`, +:func:`~cryptography.hazmat.primitives.serialization.load_der_public_key`, +:meth:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicNumbers.public_key` +, or +:meth:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey.public_key`. .. doctest:: diff --git a/docs/hazmat/primitives/asymmetric/serialization.rst b/docs/hazmat/primitives/asymmetric/serialization.rst index 8d51f0d7..f14f4037 100644 --- a/docs/hazmat/primitives/asymmetric/serialization.rst +++ b/docs/hazmat/primitives/asymmetric/serialization.rst @@ -337,8 +337,6 @@ Serialization Encodings .. class:: Encoding - .. versionadded:: 0.8 - An enumeration for encoding types. Used with the ``private_bytes`` method available on :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKeyWithSerialization` @@ -353,10 +351,14 @@ Serialization Encodings .. attribute:: PEM + .. versionadded:: 0.8 + For PEM format. This is a base64 format with delimiters. .. attribute:: DER + .. versionadded:: 0.9 + For DER format. This is a binary format. diff --git a/docs/installation.rst b/docs/installation.rst index 7847969f..61f9348e 100644 --- a/docs/installation.rst +++ b/docs/installation.rst @@ -46,7 +46,9 @@ dependencies are included. Just run If you prefer to compile it yourself you'll need to have OpenSSL installed. You can compile OpenSSL yourself as well or use the binaries we build for our -release infrastructure (`32-bit`_ and `64-bit`_). Wherever you place your copy +release infrastructure (`openssl-release`_). Be sure to download the proper +version for your architecture and Python (2010 works for Python 2.6, 2.7, 3.3, +and 3.4 while 2015 is required for 3.5). Wherever you place your copy of OpenSSL you'll need to set the ``LIB`` and ``INCLUDE`` environment variables to include the proper locations. For example: @@ -250,8 +252,7 @@ information, consult `Greg Wilson's blog post`_ on the subject. .. _`Homebrew`: http://brew.sh .. _`MacPorts`: https://www.macports.org -.. _`32-bit`: https://jenkins.cryptography.io/job/openssl-win32-release/ -.. _`64-bit`: https://jenkins.cryptography.io/job/openssl-win64-release/ +.. _`openssl-release`: https://jenkins.cryptography.io/job/openssl-release/ .. _`bug in conda`: https://github.com/conda/conda-recipes/issues/110 .. _`Greg Wilson's blog post`: http://software-carpentry.org/blog/2014/04/mr-biczo-was-right.html .. _virtualenv: https://virtualenv.pypa.io/en/latest/ diff --git a/docs/spelling_wordlist.txt b/docs/spelling_wordlist.txt index adb9186c..dc8bcd0b 100644 --- a/docs/spelling_wordlist.txt +++ b/docs/spelling_wordlist.txt @@ -30,6 +30,7 @@ fernet Fernet FIPS hazmat +hostname indistinguishability initialisms interoperable diff --git a/docs/x509/reference.rst b/docs/x509/reference.rst index 87383db1..97224c9f 100644 --- a/docs/x509/reference.rst +++ b/docs/x509/reference.rst @@ -226,13 +226,13 @@ X.509 Certificate Object .. method:: public_key() - :type: + The public key associated with the certificate. + + :returns: :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey` or :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey` or :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey` - The public key associated with the certificate. - .. doctest:: >>> from cryptography.hazmat.primitives.asymmetric import rsa @@ -521,6 +521,8 @@ X.509 Certificate Builder :class:`~cryptography.hazmat.backends.interfaces.X509Backend` interface. + :returns: :class:`~cryptography.x509.Certificate` + X.509 CSR (Certificate Signing Request) Object ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -531,13 +533,13 @@ X.509 CSR (Certificate Signing Request) Object .. method:: public_key() - :type: + The public key associated with the request. + + :returns: :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey` or :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey` or :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey` - The public key associated with the request. - .. doctest:: >>> from cryptography.hazmat.primitives.asymmetric import rsa @@ -1,3 +1,5 @@ +#!/usr/bin/env python + # This file is dual licensed under the terms of the Apache License, Version # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. @@ -57,7 +59,7 @@ else: # If you add a new dep here you probably need to add it in the tox.ini as well test_requirements = [ - "pytest<2.8", + "pytest", "pretend", "iso8601", "hypothesis", diff --git a/src/_cffi_src/build_openssl.py b/src/_cffi_src/build_openssl.py index defa69d3..c856e3d9 100644 --- a/src/_cffi_src/build_openssl.py +++ b/src/_cffi_src/build_openssl.py @@ -79,7 +79,6 @@ ffi = build_ffi_for_binding( "objects", "opensslv", "pem", - "pkcs7", "pkcs12", "rand", "rsa", @@ -87,7 +86,8 @@ ffi = build_ffi_for_binding( "x509", "x509name", "x509v3", - "x509_vfy" + "x509_vfy", + "pkcs7", ], pre_include=_OSX_PRE_INCLUDE, post_include=_OSX_POST_INCLUDE, diff --git a/src/_cffi_src/openssl/pkcs7.py b/src/_cffi_src/openssl/pkcs7.py index 5d6ee45f..0dd89582 100644 --- a/src/_cffi_src/openssl/pkcs7.py +++ b/src/_cffi_src/openssl/pkcs7.py @@ -10,7 +10,33 @@ INCLUDES = """ TYPES = """ typedef struct { + Cryptography_STACK_OF_X509 *cert; + Cryptography_STACK_OF_X509_CRL *crl; + ...; +} PKCS7_SIGNED; + +typedef struct { + Cryptography_STACK_OF_X509 *cert; + Cryptography_STACK_OF_X509_CRL *crl; + ...; +} PKCS7_SIGN_ENVELOPE; + +typedef ... PKCS7_DIGEST; +typedef ... PKCS7_ENCRYPT; +typedef ... PKCS7_ENVELOPE; + +typedef struct { ASN1_OBJECT *type; + union { + char *ptr; + ASN1_OCTET_STRING *data; + PKCS7_SIGNED *sign; + PKCS7_ENVELOPE *enveloped; + PKCS7_SIGN_ENVELOPE *signed_and_enveloped; + PKCS7_DIGEST *digest; + PKCS7_ENCRYPT *encrypted; + ASN1_TYPE *other; + } d; ...; } PKCS7; @@ -44,13 +70,17 @@ Cryptography_STACK_OF_X509 *PKCS7_get0_signers(PKCS7 *, PKCS7 *PKCS7_encrypt(Cryptography_STACK_OF_X509 *, BIO *, const EVP_CIPHER *, int); int PKCS7_decrypt(PKCS7 *, EVP_PKEY *, X509 *, BIO *, int); + +BIO *PKCS7_dataInit(PKCS7 *, BIO *); """ MACROS = """ +int PKCS7_type_is_encrypted(PKCS7 *); int PKCS7_type_is_signed(PKCS7 *); int PKCS7_type_is_enveloped(PKCS7 *); int PKCS7_type_is_signedAndEnveloped(PKCS7 *); int PKCS7_type_is_data(PKCS7 *); +int PKCS7_type_is_digest(PKCS7 *); """ CUSTOMIZATIONS = "" diff --git a/src/_cffi_src/openssl/x509v3.py b/src/_cffi_src/openssl/x509v3.py index 84e49640..8e163dc2 100644 --- a/src/_cffi_src/openssl/x509v3.py +++ b/src/_cffi_src/openssl/x509v3.py @@ -202,6 +202,8 @@ void OTHERNAME_free(OTHERNAME *); void *X509V3_set_ctx_nodb(X509V3_CTX *); int i2d_GENERAL_NAMES(GENERAL_NAMES *, unsigned char **); +GENERAL_NAMES *d2i_GENERAL_NAMES(GENERAL_NAMES **, const unsigned char **, + long); int i2d_EXTENDED_KEY_USAGE(EXTENDED_KEY_USAGE *, unsigned char **); diff --git a/src/cryptography/hazmat/backends/interfaces.py b/src/cryptography/hazmat/backends/interfaces.py index a43621a7..d93968cf 100644 --- a/src/cryptography/hazmat/backends/interfaces.py +++ b/src/cryptography/hazmat/backends/interfaces.py @@ -212,7 +212,7 @@ class EllipticCurveBackend(object): @abc.abstractmethod def load_elliptic_curve_private_numbers(self, numbers): """ - Return an EllipticCurvePublicKey provider using the given numbers. + Return an EllipticCurvePrivateKey provider using the given numbers. """ diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py index ac025e95..0d3b3dd4 100644 --- a/src/cryptography/hazmat/backends/openssl/backend.py +++ b/src/cryptography/hazmat/backends/openssl/backend.py @@ -1776,9 +1776,13 @@ class Backend(object): self.openssl_assert(res == 1) res = self._lib.BN_cmp(bn_x, check_x) - self.openssl_assert(res == 0) + if res != 0: + self._consume_errors() + raise ValueError("Invalid EC Key X point.") res = self._lib.BN_cmp(bn_y, check_y) - self.openssl_assert(res == 0) + if res != 0: + self._consume_errors() + raise ValueError("Invalid EC Key Y point.") res = self._lib.EC_KEY_set_public_key(ctx, point) self.openssl_assert(res == 1) diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py index 80f32e29..2de5a8c7 100644 --- a/src/cryptography/hazmat/backends/openssl/x509.py +++ b/src/cryptography/hazmat/backends/openssl/x509.py @@ -64,7 +64,9 @@ def _decode_general_names(backend, gns): def _decode_general_name(backend, gn): if gn.type == backend._lib.GEN_DNS: data = backend._asn1_string_to_bytes(gn.d.dNSName) - if data.startswith(b"*."): + if not data: + decoded = u"" + elif data.startswith(b"*."): # This is a wildcard name. We need to remove the leading wildcard, # IDNA decode, then re-add the wildcard. Wildcard characters should # always be left-most (RFC 2595 section 2.4). @@ -82,7 +84,10 @@ def _decode_general_name(backend, gn): elif gn.type == backend._lib.GEN_URI: data = backend._asn1_string_to_ascii(gn.d.uniformResourceIdentifier) parsed = urllib_parse.urlparse(data) - hostname = idna.decode(parsed.hostname) + if parsed.hostname: + hostname = idna.decode(parsed.hostname) + else: + hostname = "" if parsed.port: netloc = hostname + u":" + six.text_type(parsed.port) else: @@ -260,7 +265,11 @@ class _Certificate(object): def public_key(self): pkey = self._backend._lib.X509_get_pubkey(self._x509) - self._backend.openssl_assert(pkey != self._backend._ffi.NULL) + if pkey == self._backend._ffi.NULL: + # Remove errors from the stack. + self._backend._consume_errors() + raise ValueError("Certificate public key is of an unknown type") + pkey = self._backend._ffi.gc(pkey, self._backend._lib.EVP_PKEY_free) return self._backend._evp_pkey_to_public_key(pkey) diff --git a/tests/hazmat/primitives/test_ec.py b/tests/hazmat/primitives/test_ec.py index 59bdc525..5467464a 100644 --- a/tests/hazmat/primitives/test_ec.py +++ b/tests/hazmat/primitives/test_ec.py @@ -285,6 +285,35 @@ class TestECDSAVectors(object): with pytest.raises(ValueError): numbers.private_key(backend) + def test_load_invalid_public_ec_key_from_numbers(self, backend): + _skip_curve_unsupported(backend, ec.SECP521R1()) + + # Bad X coordinate + numbers = ec.EllipticCurvePublicNumbers( + int("000003647356b91f8ace114c7247ecf4f4a622553fc025e04a178f179ef27" + "9090c184af678a4c78f635483bdd8aa544851c6ef291c1f0d6a241ebfd145" + "77d1d30d9903ce", 16), + int("000001499bc7e079322ea0fcfbd6b40103fa6a1536c2257b182db0df4b369" + "6ec643adf100eb4f2025d1b873f82e5a475d6e4400ba777090eeb4563a115" + "09e4c87319dc26", 16), + ec.SECP521R1() + ) + with pytest.raises(ValueError): + numbers.public_key(backend) + + # Bad Y coordinate + numbers = ec.EllipticCurvePublicNumbers( + int("0000019aadc221cc0525118ab6d5aa1f64720603de0be128cbfea0b381ad8" + "02a2facc6370bb58cf88b3f0c692bc654ee19d6cad198f10d4b681b396f20" + "d2e40603fa945b", 16), + int("0000025da392803a320717a08d4cb3dea932039badff363b71bdb8064e726" + "6c7f4f4b748d4d425347fc33e3885d34b750fa7fcd5691f4d90c89522ce33" + "feff5db10088a5", 16), + ec.SECP521R1() + ) + with pytest.raises(ValueError): + numbers.public_key(backend) + @pytest.mark.parametrize( "vector", itertools.chain( diff --git a/tests/test_utils.py b/tests/test_utils.py index 04182a06..72e20725 100644 --- a/tests/test_utils.py +++ b/tests/test_utils.py @@ -3363,7 +3363,7 @@ def test_load_kasvs_ecdh_kdf_vectors(): [EB - SHA224] - COUNT = 0 + COUNT = 50 dsCAVS = 540904b67b3716823dd621ed72ad3dbc615887b4f56f910b78a57199 QsCAVSx = 28e5f3a72d8f6b8499dd1bcdfceafcecec68a0d715789bcf4b55fe15 QsCAVSy = 8c8006a7da7c1a19f5328d7e865522b0c0dfb9a29b2c46dc96590d2a @@ -3385,7 +3385,7 @@ ffdfa60dd7 expected = [ {'errno': 12, 'fail': True, - 'COUNT': 0, + 'COUNT': 50, 'CAVS': { 'd': int("540904b67b3716823dd621ed72ad3dbc615887b4f56f910b" "78a57199", 16), diff --git a/tests/test_x509.py b/tests/test_x509.py index 0c022df1..8035886c 100644 --- a/tests/test_x509.py +++ b/tests/test_x509.py @@ -2395,6 +2395,21 @@ class TestECDSACertificate(object): ] +@pytest.mark.requires_backend_interface(interface=X509Backend) +class TestOtherCertificate(object): + def test_unsupported_subject_public_key_info(self, backend): + cert = _load_cert( + os.path.join( + "x509", "custom", "unsupported_subject_public_key_info.pem" + ), + x509.load_pem_x509_certificate, + backend, + ) + + with pytest.raises(ValueError): + cert.public_key() + + class TestNameAttribute(object): def test_init_bad_oid(self): with pytest.raises(TypeError): diff --git a/tests/test_x509_ext.py b/tests/test_x509_ext.py index 85373973..1bc14620 100644 --- a/tests/test_x509_ext.py +++ b/tests/test_x509_ext.py @@ -1555,6 +1555,21 @@ class TestRSASubjectAlternativeNameExtension(object): u'saseliminator.com' ] + def test_san_empty_hostname(self, backend): + cert = _load_cert( + os.path.join( + "x509", "custom", "san_empty_hostname.pem" + ), + x509.load_pem_x509_certificate, + backend + ) + san = cert.extensions.get_extension_for_oid( + ExtensionOID.SUBJECT_ALTERNATIVE_NAME + ) + + dns = san.value.get_values_for_type(x509.DNSName) + assert dns == [u''] + def test_san_wildcard_idna_dns_name(self, backend): cert = _load_cert( os.path.join("x509", "custom", "san_wildcard_idna.pem"), @@ -2903,6 +2918,30 @@ class TestCRLDistributionPointsExtension(object): ) ]) + def test_crl_empty_hostname(self, backend): + cert = _load_cert( + os.path.join( + "x509", "custom", "cdp_empty_hostname.pem" + ), + x509.load_pem_x509_certificate, + backend + ) + + cdps = cert.extensions.get_extension_for_oid( + ExtensionOID.CRL_DISTRIBUTION_POINTS + ).value + + assert cdps == x509.CRLDistributionPoints([ + x509.DistributionPoint( + full_name=[x509.UniformResourceIdentifier( + u"ldap:/CN=A,OU=B,dc=C,DC=D?E?F?G?H=I" + )], + relative_name=None, + reasons=None, + crl_issuer=None + ) + ]) + @pytest.mark.requires_backend_interface(interface=RSABackend) @pytest.mark.requires_backend_interface(interface=X509Backend) diff --git a/tests/utils.py b/tests/utils.py index cc3f9fcc..3970109e 100644 --- a/tests/utils.py +++ b/tests/utils.py @@ -722,7 +722,7 @@ def load_kasvs_ecdh_vectors(vector_data): if line.startswith("["): tag = line.split()[0][1:] elif line.startswith("COUNT = "): - data["COUNT"] = int(line.split("=")[1], 16) + data["COUNT"] = int(line.split("=")[1]) elif line.startswith("dsCAVS = "): data["CAVS"]["d"] = int(line.split("=")[1], 16) elif line.startswith("QsCAVSx = "): @@ -7,7 +7,7 @@ deps = coverage iso8601 pretend - pytest<2.8 + pytest hypothesis>=1.11.4 ./vectors passenv = ARCHFLAGS LDFLAGS CFLAGS INCLUDE LIB LD_LIBRARY_PATH USERNAME diff --git a/vectors/cryptography_vectors/x509/custom/cdp_empty_hostname.pem b/vectors/cryptography_vectors/x509/custom/cdp_empty_hostname.pem new file mode 100644 index 00000000..8a97ea2e --- /dev/null +++ b/vectors/cryptography_vectors/x509/custom/cdp_empty_hostname.pem @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIIFsDCCA5igAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UECgwEUHlD +QTAeFw0xNTEwMTAwNDQ3MTVaFw0xNjEwMDkwNDQ3MTVaMA8xDTALBgNVBAoMBFB5 +Q0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC4CpXJ7KnM/wyy/LyK ++yO/I8G0HmZd3sUcOca8WLwIgld0FMet9vC0OIIln9PvWdYEDux1IzTEPF1KWmar +2hgE9QcQzJVbELrqzh4SMvePcT9SW22qexDkzOvlVs/XaADf3t/HdSghi/uF/RVj +boN0UyeSMFPB3myKZ9lIyFaJ9bZAjKI+Yfa6nvAE5b+bIc4zd8BkxzPToDq8XyBl +j/gqYF9B3ZBJvhuztke93YDiMUlTCOIjlx/+kwjP9T1iob6oT7DanfdYxPrEIIqW +c3vaaNNh+8p7ZkB+ipKjfYa8BdaJ6mfeUUwDrBnG2PXm/GMdQPJvFoOF5tTOZ7gd +wQbJhHtlyl2Ah8dZiy4mU2o/4buHilu8FI755Q1gVCSZWvwnECHbF1yL7ZHPJ9Y0 +swhbcewR0xc/uYx/Mu//o0v/IRVQ4yQZDUe0B68+pqQtlUnZR/0pIuqfyvZt6tvb +0rQt8YPahgbRxsZ81NH++0M9mD+NYuFJda+7uhS2HwAxLN2qal1repB2914z/WiW +FHdG6sjR+Dfp3wG2Q1gIkXH6KNyOATa1kbUf4IoDKZ6T1CfEixJ3DxT0PlzDGPA1 +8QdF+jWxxyIJf2K2x95WotB9RGDLhKFfB/yw+PiaO3Yj8bKurUQEk/OhHhOxFESQ +I5NNdN4vY0MfykL5BbKIjyabqwIDAQABo4IBFDCCARAwCQYDVR0TBAIwADARBglg +hkgBhvhCAQEEBAMCBkAwMwYJYIZIAYb4QgENBCYWJE9wZW5TU0wgR2VuZXJhdGVk +IFNlcnZlciBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUGjhISt50wkqiNQcSJ3YYhQ29 +CBYwPwYDVR0jBDgwNoAUGjhISt50wkqiNQcSJ3YYhQ29CBahE6QRMA8xDTALBgNV +BAoMBFB5Q0GCCQDJtDPL+4grIjAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYI +KwYBBQUHAwEwNgYDVR0fBC8wLTAroCmgJ4YlbGRhcDovLy9DTj1BLE9VPUIsZGM9 +QyxEQz1EP0U/Rj9HP0g9STANBgkqhkiG9w0BAQsFAAOCAgEAg5r2b6APXiXaUQeT +daEeuWDGFtPxg/eOBoFh/GrqxxX6TfvqfcTQfwPeJqT1b5TBs5OAq3vcaJhSy4/X +FWbMSzZjpEbr2mGrvt1EU8lAu9LZFDZD+UMvAOSAeQN5ePogUkXOip2GfRn+mK5w +Yko9vroyprU1NhJFPagJ7jLEHKULQB5VC61Of57+72P5u+dU563pWcM0t9A1Jw5N +ERpO1m3oXJMFKhgxeTsmitH/Q2b/39V+o5LplQtyyjvHjSthE2PM0+0A7IafQmAV +z4C7wEaSqwOsrzEz2mw5MAqeqpc6/TcmxZOLgajVLvyEyfb5OaLiWkjj+Mi1RtWp +Ylx4Z9B1wCgPcZYkfMmUwn/YuBSxTMWk5ktHiM6mc1K/0FFxnAR4+WXIzQW9n5Rg +uuurBKYHWFOtfjThSEOqTSBMDEzRtk/d3n7aXGD1xOEYti6U5o3gASv7wQDIVKkv +xpil5fmrmwEjU0dcjU5AtSZt0rLXJGywT2hTrCL7Ua8BtKwzp0KKVXLAo7O+1Vau +u3m1D26xvgkwgB8fbgaXpFViJADHHVxBSeIuEEtkrgq2Znubc/BF7QGoXLbrsYo/ +mgbT71C8VbY+g5Gmk0xr5+xWiEBCq+Px2Bkz09J83/eJ5UU9zcMn+5oK9YQ5QAJk +Mb7IyeivYBRJP4cqh4LdUaBIEHI= +-----END CERTIFICATE----- diff --git a/vectors/cryptography_vectors/x509/custom/san_empty_hostname.pem b/vectors/cryptography_vectors/x509/custom/san_empty_hostname.pem new file mode 100644 index 00000000..90b678b9 --- /dev/null +++ b/vectors/cryptography_vectors/x509/custom/san_empty_hostname.pem @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE----- +MIIFgzCCA2ugAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UECgwEUHlD +QTAeFw0xNTEwMTAwNDQ2MTRaFw0xNjEwMDkwNDQ2MTRaMA8xDTALBgNVBAoMBFB5 +Q0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC4CpXJ7KnM/wyy/LyK ++yO/I8G0HmZd3sUcOca8WLwIgld0FMet9vC0OIIln9PvWdYEDux1IzTEPF1KWmar +2hgE9QcQzJVbELrqzh4SMvePcT9SW22qexDkzOvlVs/XaADf3t/HdSghi/uF/RVj +boN0UyeSMFPB3myKZ9lIyFaJ9bZAjKI+Yfa6nvAE5b+bIc4zd8BkxzPToDq8XyBl +j/gqYF9B3ZBJvhuztke93YDiMUlTCOIjlx/+kwjP9T1iob6oT7DanfdYxPrEIIqW +c3vaaNNh+8p7ZkB+ipKjfYa8BdaJ6mfeUUwDrBnG2PXm/GMdQPJvFoOF5tTOZ7gd +wQbJhHtlyl2Ah8dZiy4mU2o/4buHilu8FI755Q1gVCSZWvwnECHbF1yL7ZHPJ9Y0 +swhbcewR0xc/uYx/Mu//o0v/IRVQ4yQZDUe0B68+pqQtlUnZR/0pIuqfyvZt6tvb +0rQt8YPahgbRxsZ81NH++0M9mD+NYuFJda+7uhS2HwAxLN2qal1repB2914z/WiW +FHdG6sjR+Dfp3wG2Q1gIkXH6KNyOATa1kbUf4IoDKZ6T1CfEixJ3DxT0PlzDGPA1 +8QdF+jWxxyIJf2K2x95WotB9RGDLhKFfB/yw+PiaO3Yj8bKurUQEk/OhHhOxFESQ +I5NNdN4vY0MfykL5BbKIjyabqwIDAQABo4HoMIHlMAkGA1UdEwQCMAAwEQYJYIZI +AYb4QgEBBAQDAgZAMDMGCWCGSAGG+EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBT +ZXJ2ZXIgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFBo4SEredMJKojUHEid2GIUNvQgW +MD8GA1UdIwQ4MDaAFBo4SEredMJKojUHEid2GIUNvQgWoROkETAPMQ0wCwYDVQQK +DARQeUNBggkAybQzy/uIKyIwDgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsG +AQUFBwMBMAsGA1UdEQQEMAKCADANBgkqhkiG9w0BAQsFAAOCAgEAjDlZFmLz7JPA +8sQCjTbHkTJsn4vD/VqZPszqXuaR/De2R8EhnJEd2uTMYOG+X9iFkyxUYl3OWzQ3 +GLznmjLaobuOQ9ck3RhNDaSjcqTVFGB8EXIVrM3ioh/1YB9GPlOuaUFWJKwWQkS0 +GqUp5JlmWV9ScyW7R7IgZOMTb2opaww0vlSNudqaFGjpTmSd/VNPaAIAEK3NQwZa +XtQ70CqiwBAHoDWvHfFfIiXVvkze0QPzWbKPRmK0iaGzxZ9E+0+w36r2YL0vkQzQ +9fwrfPM10Am7VdHnyExbm/gr9LkJQDb6Igz3M6Hd8Ui7w8dlaw0+jzTZ1cwXyOL8 +4BjbBvuFvsx8OyCaPl+EO0Z4XPquPWV80igbGbkxGQiIFMP5TyK+7yGB+1txWnMR +8ADmuMhCRUJ5Gim5p8yrq6cZTsxfgbmNsPCWeTroyscBXZEDYEzLpUvs/SI826+Y +a607iwg4YcHl9JUN2bcTay5G0tXFyrI5iLfEeMaSiRSM1EOqyYsBI9buf3WhH+rm +mlXyXt1mXhHvZDY/kWdbiHNc7GNAhhCQIuuLHhXd3/6eyMn8iGE5a/cbjPVwcYLw +bxjb9YB6yWbrAQSG/ts89v/efqqhxnpjXtZ+gJLLmBrVq70UZj0ptNKDCvsCNlHr +cHZkH9okuLpO5zNsYPEWjg1NoF4wwxw= +-----END CERTIFICATE----- diff --git a/vectors/cryptography_vectors/x509/custom/unsupported_subject_public_key_info.pem b/vectors/cryptography_vectors/x509/custom/unsupported_subject_public_key_info.pem new file mode 100644 index 00000000..aa06dfb7 --- /dev/null +++ b/vectors/cryptography_vectors/x509/custom/unsupported_subject_public_key_info.pem @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIEyTCCA7GgAwIBAgIIASZ+ezr7rN0wDQYJKoZIhvcNAQEFBQAwgZAxCzAJBgNV +BAYTAlVTMRAwDgYDVQQIEwdNb250YW5hMRAwDgYDVQQHEwdCb3plbWFuMREwDwYD +VQQKEwhTYXd0b290aDETMBEGA1UECxMKQ29uc3VsdGluZzEWMBQGA1UEAxMNd3d3 +Lnlhc3NsLmNvbTEdMBsGCSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20wIhgPMjAx +MTEyMDUwMDE2MzdaGA8yMDEzMDQxOTAxMTYzN1owgYoxCzAJBgNVBAYTAlVTMQsw +CQYDVQQIEwJPUjERMA8GA1UEBxMIUG9ydGxhbmQxDjAMBgNVBAoTBXlhU1NMMRQw +EgYDVQQLEwtEZXZlbG9wbWVudDEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEdMBsG +CSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20wggJLMBgGCisGAQQBwXABAQIGCisG +AQQBwXABAi4DggItAASCAihFDRAy0fOBZth/IRQFJeuEUgrViJfGvKOUuNW6yYmn +9/YXT2I3/aiBZ/udSehoEFVPNgLs/ZWwNrsIuETH5TPkS1e9Ig4I5G839deKT89M +Qpq7GiKLwlLY3He/a6O+/UMEFH4ShdhDopsH2+IsWCX0H7Lvp8L8RqURrQNFXvlr +xRAFiBixEQNry2HyEcVz/9TQSdifE4KGUtneErqsk1/Sms1m1/NqW30H77YerJfs +QWsOEgasoJnYWS6knJC4XsUbJKqKcHRc6XeODOyf72J3ESvES2C+cqEsShxVP7zG +hDiHurwfyvIAUL4bZSBtlAqt60iOEsXScXwdbNrj+4iuFAyjX8+JrxGMbDNi3X5l +L2RLUiEIKUSGUozbDlR3jU2WoHUm76mZwjGe1+vOKpvqh5yrRoyqiDERj8wsGrDO +MdoheW1xSjQ3p5fQ/UOtagWA5Lh/MqbCIHdMzMLpbOmfhFJA5BXaNg/qThhjpmvf +csYfwWCWukKKbjfY7cxOVMuUN0VvoYBjOxt5UQhXuPjH/+5s4J7E/IxQrWz6fhcG +wfvJjWJjedfhP23Jm4zodbwtU6MgPF641DcAwcnBqSi/Ugi7d0YeHMqTJkSnIJZV +r3v1YLuqiFDzB6bx69DGpCxFMxIpdOPq4a9WpeQQ9H7cBK0HFl4tRPNnQ2XCrKMc +86gQ35aaM2vPvgj0d/zgC0AG8WFQEG1wYBvLEgfiQsi7auXoScYZA8AwDQYJKoZI +hvcNAQEFBQADggEBAJ7eyiJIGiyyrhAdaYOit3U3CUkGSatNXTkn8PRO8SwzPWCi +FQ+4AePYV+/ovtNZiqLwm7mVa3s2CS8LCk2s9/ld22cDJNV+gDkzrelUyTLUi0jr +zZJwEiaNXIEkYrLGifSzoNUgQBTzDmOSkm2UpIX70GTsXF73FKdqonf1VTnopVKa +XZDpIG3/TKyh8jCwowMrkxnHS886FhXiHGCBzM1rnp3S+r3b+rTqoKoeuZQnDgJP +IZwnZL6agtwbUfmZj6/868irlsLtC9M5nKBtj/U/tQIrW52XEhBqChmTXIq0JNL1 +++kWLLeu9t0T53Pth3VxMT/ePV0aURQvjINm60o= +-----END CERTIFICATE----- diff --git a/vectors/setup.py b/vectors/setup.py index 53ec82eb..bf02e389 100644 --- a/vectors/setup.py +++ b/vectors/setup.py @@ -1,3 +1,5 @@ +#!/usr/bin/env python + # This file is dual licensed under the terms of the Apache License, Version # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. |