diff options
Diffstat (limited to 'tests/test_x509_ext.py')
| -rw-r--r-- | tests/test_x509_ext.py | 279 |
1 files changed, 143 insertions, 136 deletions
diff --git a/tests/test_x509_ext.py b/tests/test_x509_ext.py index 40231b93..2c5438a9 100644 --- a/tests/test_x509_ext.py +++ b/tests/test_x509_ext.py @@ -17,6 +17,9 @@ from cryptography.hazmat.backends.interfaces import ( DSABackend, EllipticCurveBackend, RSABackend, X509Backend ) from cryptography.hazmat.primitives.asymmetric import ec +from cryptography.x509.oid import ( + AuthorityInformationAccessOID, ExtendedKeyUsageOID, ExtensionOID, NameOID +) from .hazmat.primitives.test_ec import _skip_curve_unsupported from .test_x509 import _load_cert @@ -31,11 +34,11 @@ class TestExtension(object): def test_critical_not_a_bool(self): bc = x509.BasicConstraints(ca=False, path_length=None) with pytest.raises(TypeError): - x509.Extension(x509.OID_BASIC_CONSTRAINTS, "notabool", bc) + x509.Extension(ExtensionOID.BASIC_CONSTRAINTS, "notabool", bc) def test_repr(self): bc = x509.BasicConstraints(ca=False, path_length=None) - ext = x509.Extension(x509.OID_BASIC_CONSTRAINTS, True, bc) + ext = x509.Extension(ExtensionOID.BASIC_CONSTRAINTS, True, bc) assert repr(ext) == ( "<Extension(oid=<ObjectIdentifier(oid=2.5.29.19, name=basicConst" "raints)>, critical=True, value=<BasicConstraints(ca=False, path" @@ -277,7 +280,7 @@ class TestCertificatePoliciesExtension(object): ) cp = cert.extensions.get_extension_for_oid( - x509.OID_CERTIFICATE_POLICIES + ExtensionOID.CERTIFICATE_POLICIES ).value assert cp == x509.CertificatePolicies([ @@ -297,7 +300,7 @@ class TestCertificatePoliciesExtension(object): ) cp = cert.extensions.get_extension_for_oid( - x509.OID_CERTIFICATE_POLICIES + ExtensionOID.CERTIFICATE_POLICIES ).value assert cp == x509.CertificatePolicies([ @@ -324,7 +327,7 @@ class TestCertificatePoliciesExtension(object): ) cp = cert.extensions.get_extension_for_oid( - x509.OID_CERTIFICATE_POLICIES + ExtensionOID.CERTIFICATE_POLICIES ).value assert cp == x509.CertificatePolicies([ @@ -344,7 +347,7 @@ class TestCertificatePoliciesExtension(object): ) cp = cert.extensions.get_extension_for_oid( - x509.OID_CERTIFICATE_POLICIES + ExtensionOID.CERTIFICATE_POLICIES ).value assert cp == x509.CertificatePolicies([ @@ -556,7 +559,7 @@ class TestSubjectKeyIdentifier(object): ski = x509.SubjectKeyIdentifier( binascii.unhexlify(b"092384932230498bc980aa8098456f6ff7ff3ac9") ) - ext = x509.Extension(x509.OID_SUBJECT_KEY_IDENTIFIER, False, ski) + ext = x509.Extension(ExtensionOID.SUBJECT_KEY_IDENTIFIER, False, ski) if six.PY3: assert repr(ext) == ( "<Extension(oid=<ObjectIdentifier(oid=2.5.29.14, name=subjectK" @@ -629,7 +632,7 @@ class TestAuthorityKeyIdentifier(object): def test_repr(self): dirname = x509.DirectoryName( - x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, u'myCN')]) + x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, u'myCN')]) ) aki = x509.AuthorityKeyIdentifier(b"digest", [dirname], 1234) @@ -650,21 +653,21 @@ class TestAuthorityKeyIdentifier(object): def test_eq(self): dirname = x509.DirectoryName( - x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, u'myCN')]) + x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, u'myCN')]) ) aki = x509.AuthorityKeyIdentifier(b"digest", [dirname], 1234) dirname2 = x509.DirectoryName( - x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, u'myCN')]) + x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, u'myCN')]) ) aki2 = x509.AuthorityKeyIdentifier(b"digest", [dirname2], 1234) assert aki == aki2 def test_ne(self): dirname = x509.DirectoryName( - x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, u'myCN')]) + x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, u'myCN')]) ) dirname5 = x509.DirectoryName( - x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, u'aCN')]) + x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, u'aCN')]) ) aki = x509.AuthorityKeyIdentifier(b"digest", [dirname], 1234) aki2 = x509.AuthorityKeyIdentifier(b"diges", [dirname], 1234) @@ -730,8 +733,8 @@ class TestExtendedKeyUsage(object): ]) assert len(eku) == 2 assert list(eku) == [ - x509.OID_SERVER_AUTH, - x509.OID_CLIENT_AUTH + ExtendedKeyUsageOID.SERVER_AUTH, + ExtendedKeyUsageOID.CLIENT_AUTH ] def test_repr(self): @@ -774,9 +777,9 @@ class TestExtensions(object): assert len(ext) == 0 assert list(ext) == [] with pytest.raises(x509.ExtensionNotFound) as exc: - ext.get_extension_for_oid(x509.OID_BASIC_CONSTRAINTS) + ext.get_extension_for_oid(ExtensionOID.BASIC_CONSTRAINTS) - assert exc.value.oid == x509.OID_BASIC_CONSTRAINTS + assert exc.value.oid == ExtensionOID.BASIC_CONSTRAINTS def test_one_extension(self, backend): cert = _load_cert( @@ -787,7 +790,7 @@ class TestExtensions(object): backend ) extensions = cert.extensions - ext = extensions.get_extension_for_oid(x509.OID_BASIC_CONSTRAINTS) + ext = extensions.get_extension_for_oid(ExtensionOID.BASIC_CONSTRAINTS) assert ext is not None assert ext.value.ca is False @@ -802,7 +805,7 @@ class TestExtensions(object): with pytest.raises(x509.DuplicateExtension) as exc: cert.extensions - assert exc.value.oid == x509.OID_BASIC_CONSTRAINTS + assert exc.value.oid == ExtensionOID.BASIC_CONSTRAINTS def test_unsupported_critical_extension(self, backend): cert = _load_cert( @@ -842,7 +845,7 @@ class TestBasicConstraintsExtension(object): backend ) ext = cert.extensions.get_extension_for_oid( - x509.OID_BASIC_CONSTRAINTS + ExtensionOID.BASIC_CONSTRAINTS ) assert ext is not None assert ext.critical is True @@ -856,7 +859,7 @@ class TestBasicConstraintsExtension(object): backend ) ext = cert.extensions.get_extension_for_oid( - x509.OID_BASIC_CONSTRAINTS + ExtensionOID.BASIC_CONSTRAINTS ) assert ext is not None assert ext.critical is True @@ -870,7 +873,7 @@ class TestBasicConstraintsExtension(object): backend ) ext = cert.extensions.get_extension_for_oid( - x509.OID_BASIC_CONSTRAINTS + ExtensionOID.BASIC_CONSTRAINTS ) assert ext is not None assert ext.critical is True @@ -884,7 +887,7 @@ class TestBasicConstraintsExtension(object): backend ) ext = cert.extensions.get_extension_for_oid( - x509.OID_BASIC_CONSTRAINTS + ExtensionOID.BASIC_CONSTRAINTS ) assert ext is not None assert ext.critical is True @@ -903,7 +906,9 @@ class TestBasicConstraintsExtension(object): backend ) with pytest.raises(x509.ExtensionNotFound): - cert.extensions.get_extension_for_oid(x509.OID_BASIC_CONSTRAINTS) + cert.extensions.get_extension_for_oid( + ExtensionOID.BASIC_CONSTRAINTS + ) def test_basic_constraint_not_critical(self, backend): cert = _load_cert( @@ -914,7 +919,7 @@ class TestBasicConstraintsExtension(object): backend ) ext = cert.extensions.get_extension_for_oid( - x509.OID_BASIC_CONSTRAINTS + ExtensionOID.BASIC_CONSTRAINTS ) assert ext is not None assert ext.critical is False @@ -931,7 +936,7 @@ class TestSubjectKeyIdentifierExtension(object): backend ) ext = cert.extensions.get_extension_for_oid( - x509.OID_SUBJECT_KEY_IDENTIFIER + ExtensionOID.SUBJECT_KEY_IDENTIFIER ) ski = ext.value assert ext is not None @@ -950,7 +955,7 @@ class TestSubjectKeyIdentifierExtension(object): ) with pytest.raises(x509.ExtensionNotFound): cert.extensions.get_extension_for_oid( - x509.OID_SUBJECT_KEY_IDENTIFIER + ExtensionOID.SUBJECT_KEY_IDENTIFIER ) @pytest.mark.requires_backend_interface(interface=RSABackend) @@ -962,7 +967,7 @@ class TestSubjectKeyIdentifierExtension(object): backend ) ext = cert.extensions.get_extension_for_oid( - x509.OID_SUBJECT_KEY_IDENTIFIER + ExtensionOID.SUBJECT_KEY_IDENTIFIER ) ski = x509.SubjectKeyIdentifier.from_public_key( cert.public_key() @@ -979,7 +984,7 @@ class TestSubjectKeyIdentifierExtension(object): ) ext = cert.extensions.get_extension_for_oid( - x509.OID_SUBJECT_KEY_IDENTIFIER + ExtensionOID.SUBJECT_KEY_IDENTIFIER ) ski = x509.SubjectKeyIdentifier.from_public_key( cert.public_key() @@ -997,7 +1002,7 @@ class TestSubjectKeyIdentifierExtension(object): ) ext = cert.extensions.get_extension_for_oid( - x509.OID_SUBJECT_KEY_IDENTIFIER + ExtensionOID.SUBJECT_KEY_IDENTIFIER ) ski = x509.SubjectKeyIdentifier.from_public_key( cert.public_key() @@ -1016,9 +1021,9 @@ class TestKeyUsageExtension(object): ) ext = cert.extensions with pytest.raises(x509.ExtensionNotFound) as exc: - ext.get_extension_for_oid(x509.OID_KEY_USAGE) + ext.get_extension_for_oid(ExtensionOID.KEY_USAGE) - assert exc.value.oid == x509.OID_KEY_USAGE + assert exc.value.oid == ExtensionOID.KEY_USAGE def test_all_purposes(self, backend): cert = _load_cert( @@ -1029,7 +1034,7 @@ class TestKeyUsageExtension(object): backend ) extensions = cert.extensions - ext = extensions.get_extension_for_oid(x509.OID_KEY_USAGE) + ext = extensions.get_extension_for_oid(ExtensionOID.KEY_USAGE) assert ext is not None ku = ext.value @@ -1051,7 +1056,7 @@ class TestKeyUsageExtension(object): x509.load_der_x509_certificate, backend ) - ext = cert.extensions.get_extension_for_oid(x509.OID_KEY_USAGE) + ext = cert.extensions.get_extension_for_oid(ExtensionOID.KEY_USAGE) assert ext is not None assert ext.critical is True @@ -1105,7 +1110,7 @@ class TestDirectoryName(object): x509.DirectoryName(1.3) def test_repr(self): - name = x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, u'value1')]) + name = x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, u'value1')]) gn = x509.DirectoryName(x509.Name([name])) if six.PY3: assert repr(gn) == ( @@ -1203,20 +1208,20 @@ class TestRegisteredID(object): x509.RegisteredID(1.3) def test_repr(self): - gn = x509.RegisteredID(x509.OID_COMMON_NAME) + gn = x509.RegisteredID(NameOID.COMMON_NAME) assert repr(gn) == ( "<RegisteredID(value=<ObjectIdentifier(oid=2.5.4.3, name=commonNam" "e)>)>" ) def test_eq(self): - gn = x509.RegisteredID(x509.OID_COMMON_NAME) - gn2 = x509.RegisteredID(x509.OID_COMMON_NAME) + gn = x509.RegisteredID(NameOID.COMMON_NAME) + gn2 = x509.RegisteredID(NameOID.COMMON_NAME) assert gn == gn2 def test_ne(self): - gn = x509.RegisteredID(x509.OID_COMMON_NAME) - gn2 = x509.RegisteredID(x509.OID_BASIC_CONSTRAINTS) + gn = x509.RegisteredID(NameOID.COMMON_NAME) + gn2 = x509.RegisteredID(ExtensionOID.BASIC_CONSTRAINTS) assert gn != gn2 assert gn != object() @@ -1424,7 +1429,7 @@ class TestRSAIssuerAlternativeNameExtension(object): backend, ) ext = cert.extensions.get_extension_for_oid( - x509.OID_ISSUER_ALTERNATIVE_NAME + ExtensionOID.ISSUER_ALTERNATIVE_NAME ) assert list(ext.value) == [ x509.UniformResourceIdentifier(u"http://path.to.root/root.crt"), @@ -1497,7 +1502,7 @@ class TestRSASubjectAlternativeNameExtension(object): backend ) ext = cert.extensions.get_extension_for_oid( - x509.OID_SUBJECT_ALTERNATIVE_NAME + ExtensionOID.SUBJECT_ALTERNATIVE_NAME ) assert ext is not None assert ext.critical is False @@ -1514,7 +1519,7 @@ class TestRSASubjectAlternativeNameExtension(object): backend ) ext = cert.extensions.get_extension_for_oid( - x509.OID_SUBJECT_ALTERNATIVE_NAME + ExtensionOID.SUBJECT_ALTERNATIVE_NAME ) dns = ext.value.get_values_for_type(x509.DNSName) @@ -1532,7 +1537,7 @@ class TestRSASubjectAlternativeNameExtension(object): backend ) ext = cert.extensions.get_extension_for_oid( - x509.OID_SUBJECT_ALTERNATIVE_NAME + ExtensionOID.SUBJECT_ALTERNATIVE_NAME ) dns = ext.value.get_values_for_type(x509.DNSName) @@ -1558,7 +1563,7 @@ class TestRSASubjectAlternativeNameExtension(object): backend ) ext = cert.extensions.get_extension_for_oid( - x509.OID_SUBJECT_ALTERNATIVE_NAME + ExtensionOID.SUBJECT_ALTERNATIVE_NAME ) assert ext is not None assert ext.critical is False @@ -1576,7 +1581,7 @@ class TestRSASubjectAlternativeNameExtension(object): backend ) ext = cert.extensions.get_extension_for_oid( - x509.OID_SUBJECT_ALTERNATIVE_NAME + ExtensionOID.SUBJECT_ALTERNATIVE_NAME ) assert ext is not None uri = ext.value.get_values_for_type( @@ -1597,7 +1602,7 @@ class TestRSASubjectAlternativeNameExtension(object): backend ) ext = cert.extensions.get_extension_for_oid( - x509.OID_SUBJECT_ALTERNATIVE_NAME + ExtensionOID.SUBJECT_ALTERNATIVE_NAME ) assert ext is not None assert ext.critical is False @@ -1619,7 +1624,7 @@ class TestRSASubjectAlternativeNameExtension(object): backend ) ext = cert.extensions.get_extension_for_oid( - x509.OID_SUBJECT_ALTERNATIVE_NAME + ExtensionOID.SUBJECT_ALTERNATIVE_NAME ) assert ext is not None assert ext.critical is False @@ -1629,9 +1634,9 @@ class TestRSASubjectAlternativeNameExtension(object): dirname = san.get_values_for_type(x509.DirectoryName) assert [ x509.Name([ - x509.NameAttribute(x509.OID_COMMON_NAME, u'test'), - x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'Org'), - x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Texas'), + x509.NameAttribute(NameOID.COMMON_NAME, u'test'), + x509.NameAttribute(NameOID.ORGANIZATION_NAME, u'Org'), + x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u'Texas'), ]) ] == dirname @@ -1644,7 +1649,7 @@ class TestRSASubjectAlternativeNameExtension(object): backend ) ext = cert.extensions.get_extension_for_oid( - x509.OID_SUBJECT_ALTERNATIVE_NAME + ExtensionOID.SUBJECT_ALTERNATIVE_NAME ) assert ext is not None assert ext.critical is False @@ -1674,7 +1679,7 @@ class TestRSASubjectAlternativeNameExtension(object): backend ) ext = cert.extensions.get_extension_for_oid( - x509.OID_SUBJECT_ALTERNATIVE_NAME + ExtensionOID.SUBJECT_ALTERNATIVE_NAME ) assert ext is not None rfc822_name = ext.value.get_values_for_type(x509.RFC822Name) @@ -1693,7 +1698,7 @@ class TestRSASubjectAlternativeNameExtension(object): backend ) ext = cert.extensions.get_extension_for_oid( - x509.OID_SUBJECT_ALTERNATIVE_NAME + ExtensionOID.SUBJECT_ALTERNATIVE_NAME ) assert ext is not None assert ext.critical is False @@ -1710,9 +1715,9 @@ class TestRSASubjectAlternativeNameExtension(object): assert [u"cryptography.io"] == dns assert [ x509.Name([ - x509.NameAttribute(x509.OID_COMMON_NAME, u'dirCN'), + x509.NameAttribute(NameOID.COMMON_NAME, u'dirCN'), x509.NameAttribute( - x509.OID_ORGANIZATION_NAME, u'Cryptographic Authority' + NameOID.ORGANIZATION_NAME, u'Cryptographic Authority' ), ]) ] == dirname @@ -1744,7 +1749,7 @@ class TestRSASubjectAlternativeNameExtension(object): ) ext = cert.extensions.get_extension_for_oid( - x509.OID_SUBJECT_ALTERNATIVE_NAME + ExtensionOID.SUBJECT_ALTERNATIVE_NAME ) assert ext is not None assert ext.critical is False @@ -1770,7 +1775,7 @@ class TestExtendedKeyUsageExtension(object): backend ) ext = cert.extensions.get_extension_for_oid( - x509.OID_EXTENDED_KEY_USAGE + ExtensionOID.EXTENDED_KEY_USAGE ) assert ext is not None assert ext.critical is False @@ -1794,11 +1799,13 @@ class TestAccessDescription(object): def test_invalid_access_location(self): with pytest.raises(TypeError): - x509.AccessDescription(x509.OID_CA_ISSUERS, "invalid") + x509.AccessDescription( + AuthorityInformationAccessOID.CA_ISSUERS, "invalid" + ) def test_repr(self): ad = x509.AccessDescription( - x509.OID_OCSP, + AuthorityInformationAccessOID.OCSP, x509.UniformResourceIdentifier(u"http://ocsp.domain.com") ) assert repr(ad) == ( @@ -1809,26 +1816,26 @@ class TestAccessDescription(object): def test_eq(self): ad = x509.AccessDescription( - x509.OID_OCSP, + AuthorityInformationAccessOID.OCSP, x509.UniformResourceIdentifier(u"http://ocsp.domain.com") ) ad2 = x509.AccessDescription( - x509.OID_OCSP, + AuthorityInformationAccessOID.OCSP, x509.UniformResourceIdentifier(u"http://ocsp.domain.com") ) assert ad == ad2 def test_ne(self): ad = x509.AccessDescription( - x509.OID_OCSP, + AuthorityInformationAccessOID.OCSP, x509.UniformResourceIdentifier(u"http://ocsp.domain.com") ) ad2 = x509.AccessDescription( - x509.OID_CA_ISSUERS, + AuthorityInformationAccessOID.CA_ISSUERS, x509.UniformResourceIdentifier(u"http://ocsp.domain.com") ) ad3 = x509.AccessDescription( - x509.OID_OCSP, + AuthorityInformationAccessOID.OCSP, x509.UniformResourceIdentifier(u"http://notthesame") ) assert ad != ad2 @@ -1844,22 +1851,22 @@ class TestAuthorityInformationAccess(object): def test_iter_len(self): aia = x509.AuthorityInformationAccess([ x509.AccessDescription( - x509.OID_OCSP, + AuthorityInformationAccessOID.OCSP, x509.UniformResourceIdentifier(u"http://ocsp.domain.com") ), x509.AccessDescription( - x509.OID_CA_ISSUERS, + AuthorityInformationAccessOID.CA_ISSUERS, x509.UniformResourceIdentifier(u"http://domain.com/ca.crt") ) ]) assert len(aia) == 2 assert list(aia) == [ x509.AccessDescription( - x509.OID_OCSP, + AuthorityInformationAccessOID.OCSP, x509.UniformResourceIdentifier(u"http://ocsp.domain.com") ), x509.AccessDescription( - x509.OID_CA_ISSUERS, + AuthorityInformationAccessOID.CA_ISSUERS, x509.UniformResourceIdentifier(u"http://domain.com/ca.crt") ) ] @@ -1867,11 +1874,11 @@ class TestAuthorityInformationAccess(object): def test_repr(self): aia = x509.AuthorityInformationAccess([ x509.AccessDescription( - x509.OID_OCSP, + AuthorityInformationAccessOID.OCSP, x509.UniformResourceIdentifier(u"http://ocsp.domain.com") ), x509.AccessDescription( - x509.OID_CA_ISSUERS, + AuthorityInformationAccessOID.CA_ISSUERS, x509.UniformResourceIdentifier(u"http://domain.com/ca.crt") ) ]) @@ -1887,21 +1894,21 @@ class TestAuthorityInformationAccess(object): def test_eq(self): aia = x509.AuthorityInformationAccess([ x509.AccessDescription( - x509.OID_OCSP, + AuthorityInformationAccessOID.OCSP, x509.UniformResourceIdentifier(u"http://ocsp.domain.com") ), x509.AccessDescription( - x509.OID_CA_ISSUERS, + AuthorityInformationAccessOID.CA_ISSUERS, x509.UniformResourceIdentifier(u"http://domain.com/ca.crt") ) ]) aia2 = x509.AuthorityInformationAccess([ x509.AccessDescription( - x509.OID_OCSP, + AuthorityInformationAccessOID.OCSP, x509.UniformResourceIdentifier(u"http://ocsp.domain.com") ), x509.AccessDescription( - x509.OID_CA_ISSUERS, + AuthorityInformationAccessOID.CA_ISSUERS, x509.UniformResourceIdentifier(u"http://domain.com/ca.crt") ) ]) @@ -1910,17 +1917,17 @@ class TestAuthorityInformationAccess(object): def test_ne(self): aia = x509.AuthorityInformationAccess([ x509.AccessDescription( - x509.OID_OCSP, + AuthorityInformationAccessOID.OCSP, x509.UniformResourceIdentifier(u"http://ocsp.domain.com") ), x509.AccessDescription( - x509.OID_CA_ISSUERS, + AuthorityInformationAccessOID.CA_ISSUERS, x509.UniformResourceIdentifier(u"http://domain.com/ca.crt") ) ]) aia2 = x509.AuthorityInformationAccess([ x509.AccessDescription( - x509.OID_OCSP, + AuthorityInformationAccessOID.OCSP, x509.UniformResourceIdentifier(u"http://ocsp.domain.com") ), ]) @@ -1939,18 +1946,18 @@ class TestAuthorityInformationAccessExtension(object): backend ) ext = cert.extensions.get_extension_for_oid( - x509.OID_AUTHORITY_INFORMATION_ACCESS + ExtensionOID.AUTHORITY_INFORMATION_ACCESS ) assert ext is not None assert ext.critical is False assert ext.value == x509.AuthorityInformationAccess([ x509.AccessDescription( - x509.OID_OCSP, + AuthorityInformationAccessOID.OCSP, x509.UniformResourceIdentifier(u"http://gv.symcd.com") ), x509.AccessDescription( - x509.OID_CA_ISSUERS, + AuthorityInformationAccessOID.CA_ISSUERS, x509.UniformResourceIdentifier(u"http://gv.symcb.com/gv.crt") ), ]) @@ -1962,25 +1969,25 @@ class TestAuthorityInformationAccessExtension(object): backend ) ext = cert.extensions.get_extension_for_oid( - x509.OID_AUTHORITY_INFORMATION_ACCESS + ExtensionOID.AUTHORITY_INFORMATION_ACCESS ) assert ext is not None assert ext.critical is False assert ext.value == x509.AuthorityInformationAccess([ x509.AccessDescription( - x509.OID_OCSP, + AuthorityInformationAccessOID.OCSP, x509.UniformResourceIdentifier(u"http://ocsp.domain.com") ), x509.AccessDescription( - x509.OID_OCSP, + AuthorityInformationAccessOID.OCSP, x509.UniformResourceIdentifier(u"http://ocsp2.domain.com") ), x509.AccessDescription( - x509.OID_CA_ISSUERS, + AuthorityInformationAccessOID.CA_ISSUERS, x509.DirectoryName(x509.Name([ - x509.NameAttribute(x509.OID_COMMON_NAME, u"myCN"), - x509.NameAttribute(x509.OID_ORGANIZATION_NAME, + x509.NameAttribute(NameOID.COMMON_NAME, u"myCN"), + x509.NameAttribute(NameOID.ORGANIZATION_NAME, u"some Org"), ])) ), @@ -1993,14 +2000,14 @@ class TestAuthorityInformationAccessExtension(object): backend ) ext = cert.extensions.get_extension_for_oid( - x509.OID_AUTHORITY_INFORMATION_ACCESS + ExtensionOID.AUTHORITY_INFORMATION_ACCESS ) assert ext is not None assert ext.critical is False assert ext.value == x509.AuthorityInformationAccess([ x509.AccessDescription( - x509.OID_OCSP, + AuthorityInformationAccessOID.OCSP, x509.UniformResourceIdentifier(u"http://ocsp.domain.com") ), ]) @@ -2012,17 +2019,17 @@ class TestAuthorityInformationAccessExtension(object): backend ) ext = cert.extensions.get_extension_for_oid( - x509.OID_AUTHORITY_INFORMATION_ACCESS + ExtensionOID.AUTHORITY_INFORMATION_ACCESS ) assert ext is not None assert ext.critical is False assert ext.value == x509.AuthorityInformationAccess([ x509.AccessDescription( - x509.OID_CA_ISSUERS, + AuthorityInformationAccessOID.CA_ISSUERS, x509.DirectoryName(x509.Name([ - x509.NameAttribute(x509.OID_COMMON_NAME, u"myCN"), - x509.NameAttribute(x509.OID_ORGANIZATION_NAME, + x509.NameAttribute(NameOID.COMMON_NAME, u"myCN"), + x509.NameAttribute(NameOID.ORGANIZATION_NAME, u"some Org"), ])) ), @@ -2041,7 +2048,7 @@ class TestAuthorityKeyIdentifierExtension(object): backend ) ext = cert.extensions.get_extension_for_oid( - x509.OID_AUTHORITY_KEY_IDENTIFIER + ExtensionOID.AUTHORITY_KEY_IDENTIFIER ) assert ext is not None assert ext.critical is False @@ -2061,7 +2068,7 @@ class TestAuthorityKeyIdentifierExtension(object): backend ) ext = cert.extensions.get_extension_for_oid( - x509.OID_AUTHORITY_KEY_IDENTIFIER + ExtensionOID.AUTHORITY_KEY_IDENTIFIER ) assert ext is not None assert ext.critical is False @@ -2073,10 +2080,10 @@ class TestAuthorityKeyIdentifierExtension(object): x509.DirectoryName( x509.Name([ x509.NameAttribute( - x509.OID_ORGANIZATION_NAME, u"PyCA" + NameOID.ORGANIZATION_NAME, u"PyCA" ), x509.NameAttribute( - x509.OID_COMMON_NAME, u"cryptography.io" + NameOID.COMMON_NAME, u"cryptography.io" ) ]) ) @@ -2092,7 +2099,7 @@ class TestAuthorityKeyIdentifierExtension(object): backend ) ext = cert.extensions.get_extension_for_oid( - x509.OID_AUTHORITY_KEY_IDENTIFIER + ExtensionOID.AUTHORITY_KEY_IDENTIFIER ) assert ext is not None assert ext.critical is False @@ -2102,10 +2109,10 @@ class TestAuthorityKeyIdentifierExtension(object): x509.DirectoryName( x509.Name([ x509.NameAttribute( - x509.OID_ORGANIZATION_NAME, u"PyCA" + NameOID.ORGANIZATION_NAME, u"PyCA" ), x509.NameAttribute( - x509.OID_COMMON_NAME, u"cryptography.io" + NameOID.COMMON_NAME, u"cryptography.io" ) ]) ) @@ -2124,7 +2131,7 @@ class TestAuthorityKeyIdentifierExtension(object): backend ) ext = cert.extensions.get_extension_for_oid( - x509.OID_AUTHORITY_KEY_IDENTIFIER + ExtensionOID.AUTHORITY_KEY_IDENTIFIER ) aki = x509.AuthorityKeyIdentifier.from_issuer_public_key( issuer_cert.public_key() @@ -2241,7 +2248,7 @@ class TestNameConstraintsExtension(object): backend ) nc = cert.extensions.get_extension_for_oid( - x509.OID_NAME_CONSTRAINTS + ExtensionOID.NAME_CONSTRAINTS ).value assert nc == x509.NameConstraints( permitted_subtrees=[ @@ -2249,7 +2256,7 @@ class TestNameConstraintsExtension(object): ], excluded_subtrees=[ x509.DirectoryName(x509.Name([ - x509.NameAttribute(x509.OID_COMMON_NAME, u"zombo") + x509.NameAttribute(NameOID.COMMON_NAME, u"zombo") ])) ] ) @@ -2263,7 +2270,7 @@ class TestNameConstraintsExtension(object): backend ) nc = cert.extensions.get_extension_for_oid( - x509.OID_NAME_CONSTRAINTS + ExtensionOID.NAME_CONSTRAINTS ).value assert nc == x509.NameConstraints( permitted_subtrees=[ @@ -2281,7 +2288,7 @@ class TestNameConstraintsExtension(object): backend ) nc = cert.extensions.get_extension_for_oid( - x509.OID_NAME_CONSTRAINTS + ExtensionOID.NAME_CONSTRAINTS ).value assert nc == x509.NameConstraints( permitted_subtrees=[ @@ -2300,7 +2307,7 @@ class TestNameConstraintsExtension(object): backend ) nc = cert.extensions.get_extension_for_oid( - x509.OID_NAME_CONSTRAINTS + ExtensionOID.NAME_CONSTRAINTS ).value assert nc == x509.NameConstraints( permitted_subtrees=None, @@ -2319,7 +2326,7 @@ class TestNameConstraintsExtension(object): backend ) nc = cert.extensions.get_extension_for_oid( - x509.OID_NAME_CONSTRAINTS + ExtensionOID.NAME_CONSTRAINTS ).value assert nc == x509.NameConstraints( permitted_subtrees=[ @@ -2341,7 +2348,7 @@ class TestNameConstraintsExtension(object): backend ) nc = cert.extensions.get_extension_for_oid( - x509.OID_NAME_CONSTRAINTS + ExtensionOID.NAME_CONSTRAINTS ).value assert nc == x509.NameConstraints( permitted_subtrees=[ @@ -2361,7 +2368,7 @@ class TestNameConstraintsExtension(object): ) with pytest.raises(ValueError): cert.extensions.get_extension_for_oid( - x509.OID_NAME_CONSTRAINTS + ExtensionOID.NAME_CONSTRAINTS ) @@ -2435,7 +2442,7 @@ class TestDistributionPoint(object): x509.DirectoryName( x509.Name([ x509.NameAttribute( - x509.OID_COMMON_NAME, u"Important CA" + NameOID.COMMON_NAME, u"Important CA" ) ]) ) @@ -2449,7 +2456,7 @@ class TestDistributionPoint(object): x509.DirectoryName( x509.Name([ x509.NameAttribute( - x509.OID_COMMON_NAME, u"Important CA" + NameOID.COMMON_NAME, u"Important CA" ) ]) ) @@ -2466,7 +2473,7 @@ class TestDistributionPoint(object): x509.DirectoryName( x509.Name([ x509.NameAttribute( - x509.OID_COMMON_NAME, u"Important CA" + NameOID.COMMON_NAME, u"Important CA" ) ]) ) @@ -2485,14 +2492,14 @@ class TestDistributionPoint(object): dp = x509.DistributionPoint( None, x509.Name([ - x509.NameAttribute(x509.OID_COMMON_NAME, u"myCN") + x509.NameAttribute(NameOID.COMMON_NAME, u"myCN") ]), frozenset([x509.ReasonFlags.ca_compromise]), [ x509.DirectoryName( x509.Name([ x509.NameAttribute( - x509.OID_COMMON_NAME, u"Important CA" + NameOID.COMMON_NAME, u"Important CA" ) ]) ) @@ -2670,24 +2677,24 @@ class TestCRLDistributionPointsExtension(object): ) cdps = cert.extensions.get_extension_for_oid( - x509.OID_CRL_DISTRIBUTION_POINTS + ExtensionOID.CRL_DISTRIBUTION_POINTS ).value assert cdps == x509.CRLDistributionPoints([ x509.DistributionPoint( full_name=[x509.DirectoryName( x509.Name([ - x509.NameAttribute(x509.OID_COUNTRY_NAME, u"US"), + x509.NameAttribute(NameOID.COUNTRY_NAME, u"US"), x509.NameAttribute( - x509.OID_ORGANIZATION_NAME, + NameOID.ORGANIZATION_NAME, u"Test Certificates 2011" ), x509.NameAttribute( - x509.OID_ORGANIZATIONAL_UNIT_NAME, + NameOID.ORGANIZATIONAL_UNIT_NAME, u"indirectCRL CA3 cRLIssuer" ), x509.NameAttribute( - x509.OID_COMMON_NAME, + NameOID.COMMON_NAME, u"indirect CRL for indirectCRL CA3" ), ]) @@ -2696,13 +2703,13 @@ class TestCRLDistributionPointsExtension(object): reasons=None, crl_issuer=[x509.DirectoryName( x509.Name([ - x509.NameAttribute(x509.OID_COUNTRY_NAME, u"US"), + x509.NameAttribute(NameOID.COUNTRY_NAME, u"US"), x509.NameAttribute( - x509.OID_ORGANIZATION_NAME, + NameOID.ORGANIZATION_NAME, u"Test Certificates 2011" ), x509.NameAttribute( - x509.OID_ORGANIZATIONAL_UNIT_NAME, + NameOID.ORGANIZATIONAL_UNIT_NAME, u"indirectCRL CA3 cRLIssuer" ), ]) @@ -2720,7 +2727,7 @@ class TestCRLDistributionPointsExtension(object): ) cdps = cert.extensions.get_extension_for_oid( - x509.OID_CRL_DISTRIBUTION_POINTS + ExtensionOID.CRL_DISTRIBUTION_POINTS ).value assert cdps == x509.CRLDistributionPoints([ @@ -2728,20 +2735,20 @@ class TestCRLDistributionPointsExtension(object): full_name=None, relative_name=x509.Name([ x509.NameAttribute( - x509.OID_COMMON_NAME, + NameOID.COMMON_NAME, u"indirect CRL for indirectCRL CA3" ), ]), reasons=None, crl_issuer=[x509.DirectoryName( x509.Name([ - x509.NameAttribute(x509.OID_COUNTRY_NAME, u"US"), + x509.NameAttribute(NameOID.COUNTRY_NAME, u"US"), x509.NameAttribute( - x509.OID_ORGANIZATION_NAME, + NameOID.ORGANIZATION_NAME, u"Test Certificates 2011" ), x509.NameAttribute( - x509.OID_ORGANIZATIONAL_UNIT_NAME, + NameOID.ORGANIZATIONAL_UNIT_NAME, u"indirectCRL CA3 cRLIssuer" ), ]) @@ -2759,7 +2766,7 @@ class TestCRLDistributionPointsExtension(object): ) cdps = cert.extensions.get_extension_for_oid( - x509.OID_CRL_DISTRIBUTION_POINTS + ExtensionOID.CRL_DISTRIBUTION_POINTS ).value assert cdps == x509.CRLDistributionPoints([ @@ -2774,12 +2781,12 @@ class TestCRLDistributionPointsExtension(object): ]), crl_issuer=[x509.DirectoryName( x509.Name([ - x509.NameAttribute(x509.OID_COUNTRY_NAME, u"US"), + x509.NameAttribute(NameOID.COUNTRY_NAME, u"US"), x509.NameAttribute( - x509.OID_ORGANIZATION_NAME, u"PyCA" + NameOID.ORGANIZATION_NAME, u"PyCA" ), x509.NameAttribute( - x509.OID_COMMON_NAME, u"cryptography CA" + NameOID.COMMON_NAME, u"cryptography CA" ), ]) )], @@ -2796,7 +2803,7 @@ class TestCRLDistributionPointsExtension(object): ) cdps = cert.extensions.get_extension_for_oid( - x509.OID_CRL_DISTRIBUTION_POINTS + ExtensionOID.CRL_DISTRIBUTION_POINTS ).value assert cdps == x509.CRLDistributionPoints([ @@ -2829,7 +2836,7 @@ class TestCRLDistributionPointsExtension(object): ) cdps = cert.extensions.get_extension_for_oid( - x509.OID_CRL_DISTRIBUTION_POINTS + ExtensionOID.CRL_DISTRIBUTION_POINTS ).value assert cdps == x509.CRLDistributionPoints([ @@ -2853,7 +2860,7 @@ class TestCRLDistributionPointsExtension(object): ) cdps = cert.extensions.get_extension_for_oid( - x509.OID_CRL_DISTRIBUTION_POINTS + ExtensionOID.CRL_DISTRIBUTION_POINTS ).value assert cdps == x509.CRLDistributionPoints([ @@ -2864,7 +2871,7 @@ class TestCRLDistributionPointsExtension(object): crl_issuer=[x509.DirectoryName( x509.Name([ x509.NameAttribute( - x509.OID_COMMON_NAME, u"cryptography CA" + NameOID.COMMON_NAME, u"cryptography CA" ), ]) )], @@ -2884,7 +2891,7 @@ class TestOCSPNoCheckExtension(object): backend ) ext = cert.extensions.get_extension_for_oid( - x509.OID_OCSP_NO_CHECK + ExtensionOID.OCSP_NO_CHECK ) assert isinstance(ext.value, x509.OCSPNoCheck) @@ -2926,7 +2933,7 @@ class TestInhibitAnyPolicyExtension(object): backend ) iap = cert.extensions.get_extension_for_oid( - x509.OID_INHIBIT_ANY_POLICY + ExtensionOID.INHIBIT_ANY_POLICY ).value assert iap.skip_certs == 5 |