diff options
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/test_x509_ext.py | 207 |
1 files changed, 100 insertions, 107 deletions
diff --git a/tests/test_x509_ext.py b/tests/test_x509_ext.py index 1ccb361b..e0858c76 100644 --- a/tests/test_x509_ext.py +++ b/tests/test_x509_ext.py @@ -1320,69 +1320,46 @@ class TestAuthorityKeyIdentifierExtension(object): assert ext.value.authority_cert_serial_number == 3 -class TestReasonFlags(object): - def test_flags(self): - flags = x509.ReasonFlags( - True, True, False, False, True, True, False, False - ) - assert flags.key_compromise is True - assert flags.ca_compromise is True - assert flags.affiliation_changed is False - assert flags.superseded is False - assert flags.cessation_of_operation is True - assert flags.certificate_hold is True - assert flags.privilege_withdrawn is False - assert flags.aa_compromise is False - - def test_eq(self): - flags = x509.ReasonFlags( - True, True, False, False, True, True, False, False - ) - flags2 = x509.ReasonFlags( - True, True, False, False, True, True, False, False - ) - assert flags == flags2 - - def test_ne(self): - flags = x509.ReasonFlags( - True, True, False, False, True, True, False, False - ) - flags2 = x509.ReasonFlags( - True, True, False, False, True, True, False, True - ) - assert flags != flags2 - assert flags != object() - - def test_repr(self): - flags = x509.ReasonFlags( - True, True, False, False, True, True, False, False - ) - assert repr(flags) == ( - "<ReasonFlags(key_compromise=True, ca_compromise=True, affiliatio" - "n_changed=False,superseded=False, cessation_of_operation=True, c" - "ertificate_hold=True, privilege_withdrawn=False, aa_compromise=F" - "alse)>" - ) - - class TestDistributionPoint(object): - def test_distribution_point_list_not_general_names(self): + def test_distribution_point_full_name_not_general_names(self): with pytest.raises(TypeError): - x509.DistributionPoint(["notgn"], None, None) + x509.DistributionPoint(["notgn"], None, None, None) - def test_distribution_point_not_name(self): + def test_distribution_point_relative_name_not_name(self): with pytest.raises(TypeError): - x509.DistributionPoint("notname", None, None) + x509.DistributionPoint(None, "notname", None, None) + + def test_distribution_point_full_and_relative_not_none(self): + with pytest.raises(ValueError): + x509.DistributionPoint("data", "notname", None, None) def test_crl_issuer_not_general_names(self): with pytest.raises(TypeError): - x509.DistributionPoint(None, None, ["notgn"]) + x509.DistributionPoint(None, None, None, ["notgn"]) def test_reason_not_reasonflags(self): with pytest.raises(TypeError): x509.DistributionPoint( [x509.UniformResourceIdentifier(u"http://crypt.og/crl")], - "notreasonflags", + None, + ["notreasonflags"], + None + ) + + def test_disallowed_reasons(self): + with pytest.raises(ValueError): + x509.DistributionPoint( + [x509.UniformResourceIdentifier(u"http://crypt.og/crl")], + None, + [x509.ReasonFlags.unspecified], + None + ) + + with pytest.raises(ValueError): + x509.DistributionPoint( + [x509.UniformResourceIdentifier(u"http://crypt.og/crl")], + None, + [x509.ReasonFlags.remove_from_crl], None ) @@ -1390,18 +1367,16 @@ class TestDistributionPoint(object): with pytest.raises(ValueError): x509.DistributionPoint( None, - x509.ReasonFlags( - True, True, False, False, True, True, False, False - ), + None, + [x509.ReasonFlags.aa_compromise], None ) def test_eq(self): dp = x509.DistributionPoint( [x509.UniformResourceIdentifier(u"http://crypt.og/crl")], - x509.ReasonFlags( - False, False, False, False, False, True, False, False - ), + None, + [x509.ReasonFlags.superseded], [ x509.DirectoryName( x509.Name([ @@ -1414,9 +1389,8 @@ class TestDistributionPoint(object): ) dp2 = x509.DistributionPoint( [x509.UniformResourceIdentifier(u"http://crypt.og/crl")], - x509.ReasonFlags( - False, False, False, False, False, True, False, False - ), + None, + [x509.ReasonFlags.superseded], [ x509.DirectoryName( x509.Name([ @@ -1432,9 +1406,10 @@ class TestDistributionPoint(object): def test_ne(self): dp = x509.DistributionPoint( [x509.UniformResourceIdentifier(u"http://crypt.og/crl")], - x509.ReasonFlags( - False, False, False, False, False, True, False, False - ), + None, + [ + x509.ReasonFlags.superseded, + ], [ x509.DirectoryName( x509.Name([ @@ -1448,6 +1423,7 @@ class TestDistributionPoint(object): dp2 = x509.DistributionPoint( [x509.UniformResourceIdentifier(u"http://crypt.og/crl")], None, + None, None ) assert dp != dp2 @@ -1455,12 +1431,14 @@ class TestDistributionPoint(object): def test_repr(self): dp = x509.DistributionPoint( + None, x509.Name([ x509.NameAttribute(x509.OID_COMMON_NAME, "myCN") ]), - x509.ReasonFlags( - False, False, False, False, False, True, False, False - ), + [ + x509.ReasonFlags.key_compromise, + x509.ReasonFlags.ca_compromise, + ], [ x509.DirectoryName( x509.Name([ @@ -1472,14 +1450,12 @@ class TestDistributionPoint(object): ], ) assert repr(dp) == ( - "<DistributionPoint(distribution_point=<Name([<NameAttribute(oid=" - "<ObjectIdentifier(oid=2.5.4.3, name=commonName)>, value='myCN')>" - "])>, reasons=<ReasonFlags(key_compromise=False, ca_compromise=Fa" - "lse, affiliation_changed=False,superseded=False, cessation_of_op" - "eration=False, certificate_hold=True, privilege_withdrawn=False," - " aa_compromise=False)>, crl_issuer=[<DirectoryName(value=<Name([" - "<NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.3, name=commonNam" - "e)>, value='Important CA')>])>)>])>" + "<DistributionPoint(full_name=None, relative_name=<Name([<NameAtt" + "ribute(oid=<ObjectIdentifier(oid=2.5.4.3, name=commonName)>, val" + "ue='myCN')>])>, reasons=[<ReasonFlags.key_compromise: 'keyCompro" + "mise'>, <ReasonFlags.ca_compromise: 'cACompromise'>], crl_issuer" + "=[<DirectoryName(value=<Name([<NameAttribute(oid=<ObjectIdentifi" + "er(oid=2.5.4.3, name=commonName)>, value='Important CA')>])>)>])>" ) @@ -1493,13 +1469,16 @@ class TestCRLDistributionPoints(object): x509.DistributionPoint( [x509.UniformResourceIdentifier(u"http://domain")], None, + None, None ), x509.DistributionPoint( [x509.UniformResourceIdentifier(u"ftp://domain")], - x509.ReasonFlags( - True, True, True, True, True, True, True, True - ), + None, + [ + x509.ReasonFlags.key_compromise, + x509.ReasonFlags.ca_compromise, + ], None ), ]) @@ -1508,13 +1487,16 @@ class TestCRLDistributionPoints(object): x509.DistributionPoint( [x509.UniformResourceIdentifier(u"http://domain")], None, + None, None ), x509.DistributionPoint( [x509.UniformResourceIdentifier(u"ftp://domain")], - x509.ReasonFlags( - True, True, True, True, True, True, True, True - ), + None, + [ + x509.ReasonFlags.key_compromise, + x509.ReasonFlags.ca_compromise, + ], None ), ] @@ -1523,37 +1505,41 @@ class TestCRLDistributionPoints(object): cdp = x509.CRLDistributionPoints([ x509.DistributionPoint( [x509.UniformResourceIdentifier(u"ftp://domain")], - x509.ReasonFlags( - True, True, True, True, True, True, True, True - ), + None, + [ + x509.ReasonFlags.key_compromise, + x509.ReasonFlags.ca_compromise, + ], None ), ]) assert repr(cdp) == ( - "<CRLDistributionPoints([<DistributionPoint(distribution_point=[<" - "UniformResourceIdentifier(value=ftp://domain)>], reasons=<Reason" - "Flags(key_compromise=True, ca_compromise=True, affiliation_chang" - "ed=True,superseded=True, cessation_of_operation=True, certificat" - "e_hold=True, privilege_withdrawn=True, aa_compromise=True)>, crl" - "_issuer=None)>])>" + "<CRLDistributionPoints([<DistributionPoint(full_name=[<UniformRes" + "ourceIdentifier(value=ftp://domain)>], relative_name=None, reason" + "s=[<ReasonFlags.key_compromise: 'keyCompromise'>, <ReasonFlags.ca" + "_compromise: 'cACompromise'>], crl_issuer=None)>])>" ) def test_eq(self): cdp = x509.CRLDistributionPoints([ x509.DistributionPoint( [x509.UniformResourceIdentifier(u"ftp://domain")], - x509.ReasonFlags( - True, True, True, True, True, True, True, True - ), + None, + [ + x509.ReasonFlags.key_compromise, + x509.ReasonFlags.ca_compromise, + ], [x509.UniformResourceIdentifier(u"uri://thing")], ), ]) cdp2 = x509.CRLDistributionPoints([ x509.DistributionPoint( [x509.UniformResourceIdentifier(u"ftp://domain")], - x509.ReasonFlags( - True, True, True, True, True, True, True, True - ), + None, + [ + x509.ReasonFlags.key_compromise, + x509.ReasonFlags.ca_compromise, + ], [x509.UniformResourceIdentifier(u"uri://thing")], ), ]) @@ -1563,36 +1549,43 @@ class TestCRLDistributionPoints(object): cdp = x509.CRLDistributionPoints([ x509.DistributionPoint( [x509.UniformResourceIdentifier(u"ftp://domain")], - x509.ReasonFlags( - True, True, True, True, True, True, True, True - ), + None, + [ + x509.ReasonFlags.key_compromise, + x509.ReasonFlags.ca_compromise, + ], [x509.UniformResourceIdentifier(u"uri://thing")], ), ]) cdp2 = x509.CRLDistributionPoints([ x509.DistributionPoint( [x509.UniformResourceIdentifier(u"ftp://domain2")], - x509.ReasonFlags( - True, True, True, True, True, True, True, True - ), + None, + [ + x509.ReasonFlags.key_compromise, + x509.ReasonFlags.ca_compromise, + ], [x509.UniformResourceIdentifier(u"uri://thing")], ), ]) cdp3 = x509.CRLDistributionPoints([ x509.DistributionPoint( [x509.UniformResourceIdentifier(u"ftp://domain")], - x509.ReasonFlags( - True, True, True, True, True, True, True, False - ), + None, + [ + x509.ReasonFlags.key_compromise, + ], [x509.UniformResourceIdentifier(u"uri://thing")], ), ]) cdp4 = x509.CRLDistributionPoints([ x509.DistributionPoint( [x509.UniformResourceIdentifier(u"ftp://domain")], - x509.ReasonFlags( - True, True, True, True, True, True, True, True - ), + None, + [ + x509.ReasonFlags.key_compromise, + x509.ReasonFlags.ca_compromise, + ], [x509.UniformResourceIdentifier(u"uri://thing2")], ), ]) |