aboutsummaryrefslogtreecommitdiffstats
path: root/tests
diff options
context:
space:
mode:
Diffstat (limited to 'tests')
-rw-r--r--tests/hazmat/primitives/test_asym_utils.py50
-rw-r--r--tests/hazmat/primitives/test_dsa.py4
-rw-r--r--tests/test_x509.py32
-rw-r--r--tests/test_x509_ext.py89
4 files changed, 107 insertions, 68 deletions
diff --git a/tests/hazmat/primitives/test_asym_utils.py b/tests/hazmat/primitives/test_asym_utils.py
index 35b77ca4..b9971137 100644
--- a/tests/hazmat/primitives/test_asym_utils.py
+++ b/tests/hazmat/primitives/test_asym_utils.py
@@ -7,64 +7,72 @@ from __future__ import absolute_import, division, print_function
import pytest
from cryptography.hazmat.primitives.asymmetric.utils import (
- decode_rfc6979_signature, encode_rfc6979_signature
+ decode_dss_signature, decode_rfc6979_signature,
+ encode_dss_signature, encode_rfc6979_signature
)
-def test_rfc6979_signature():
- sig = encode_rfc6979_signature(1, 1)
+def test_deprecated_rfc6979_signature():
+ sig = pytest.deprecated_call(encode_rfc6979_signature, 1, 1)
assert sig == b"0\x06\x02\x01\x01\x02\x01\x01"
- assert decode_rfc6979_signature(sig) == (1, 1)
+ decoded = pytest.deprecated_call(decode_rfc6979_signature, sig)
+ assert decoded == (1, 1)
+
+
+def test_dss_signature():
+ sig = encode_dss_signature(1, 1)
+ assert sig == b"0\x06\x02\x01\x01\x02\x01\x01"
+ assert decode_dss_signature(sig) == (1, 1)
r_s1 = (
1037234182290683143945502320610861668562885151617,
559776156650501990899426031439030258256861634312
)
- sig2 = encode_rfc6979_signature(*r_s1)
+ sig2 = encode_dss_signature(*r_s1)
assert sig2 == (
b'0-\x02\x15\x00\xb5\xaf0xg\xfb\x8bT9\x00\x13\xccg\x02\r\xdf\x1f,\x0b'
b'\x81\x02\x14b\r;"\xabP1D\x0c>5\xea\xb6\xf4\x81)\x8f\x9e\x9f\x08'
)
- assert decode_rfc6979_signature(sig2) == r_s1
+ assert decode_dss_signature(sig2) == r_s1
- sig3 = encode_rfc6979_signature(0, 0)
+ sig3 = encode_dss_signature(0, 0)
assert sig3 == b"0\x06\x02\x01\x00\x02\x01\x00"
- assert decode_rfc6979_signature(sig3) == (0, 0)
+ assert decode_dss_signature(sig3) == (0, 0)
- sig4 = encode_rfc6979_signature(-1, 0)
+ sig4 = encode_dss_signature(-1, 0)
assert sig4 == b"0\x06\x02\x01\xFF\x02\x01\x00"
- assert decode_rfc6979_signature(sig4) == (-1, 0)
+ assert decode_dss_signature(sig4) == (-1, 0)
-def test_encode_rfc6979_non_integer():
+def test_encode_dss_non_integer():
with pytest.raises(ValueError):
- encode_rfc6979_signature("h", 3)
+ encode_dss_signature("h", 3)
with pytest.raises(ValueError):
- encode_rfc6979_signature("3", "2")
+ encode_dss_signature("3", "2")
with pytest.raises(ValueError):
- encode_rfc6979_signature(3, "h")
+ encode_dss_signature(3, "h")
with pytest.raises(ValueError):
- encode_rfc6979_signature(3.3, 1.2)
+ encode_dss_signature(3.3, 1.2)
with pytest.raises(ValueError):
- encode_rfc6979_signature("hello", "world")
+ encode_dss_signature("hello", "world")
-def test_decode_rfc6979_trailing_bytes():
+def test_decode_dss_trailing_bytes():
with pytest.raises(ValueError):
- decode_rfc6979_signature(b"0\x06\x02\x01\x01\x02\x01\x01\x00\x00\x00")
+ decode_dss_signature(b"0\x06\x02\x01\x01\x02\x01\x01\x00\x00\x00")
-def test_decode_rfc6979_invalid_asn1():
+def test_decode_dss_invalid_asn1():
with pytest.raises(ValueError):
# This byte sequence has an invalid ASN.1 sequence length as well as
# an invalid integer length for the second integer.
- decode_rfc6979_signature(b"0\x07\x02\x01\x01\x02\x02\x01")
+ decode_dss_signature(b"0\x07\x02\x01\x01\x02\x02\x01")
with pytest.raises(ValueError):
# This is the BER "end-of-contents octets," which older versions of
# pyasn1 are wrongly willing to return from top-level DER decoding.
- decode_rfc6979_signature(b"\x00\x00")
+ decode_dss_signature(b"\x00\x00")
diff --git a/tests/hazmat/primitives/test_dsa.py b/tests/hazmat/primitives/test_dsa.py
index 53e41883..d1f8f341 100644
--- a/tests/hazmat/primitives/test_dsa.py
+++ b/tests/hazmat/primitives/test_dsa.py
@@ -17,7 +17,7 @@ from cryptography.hazmat.backends.interfaces import (
from cryptography.hazmat.primitives import hashes, serialization
from cryptography.hazmat.primitives.asymmetric import dsa
from cryptography.hazmat.primitives.asymmetric.utils import (
- encode_rfc6979_signature
+ encode_dss_signature
)
from cryptography.utils import bit_length
@@ -567,7 +567,7 @@ class TestDSAVerification(object):
),
y=vector['y']
).public_key(backend)
- sig = encode_rfc6979_signature(vector['r'], vector['s'])
+ sig = encode_dss_signature(vector['r'], vector['s'])
verifier = public_key.verifier(sig, algorithm())
verifier.update(vector['msg'])
if vector['result'] == "F":
diff --git a/tests/test_x509.py b/tests/test_x509.py
index 42f8f58d..b7602d18 100644
--- a/tests/test_x509.py
+++ b/tests/test_x509.py
@@ -20,7 +20,9 @@ from cryptography.hazmat.backends.interfaces import (
)
from cryptography.hazmat.primitives import hashes, serialization
from cryptography.hazmat.primitives.asymmetric import dsa, ec, rsa
-from cryptography.x509.oid import ExtensionOID, NameOID
+from cryptography.x509.oid import (
+ AuthorityInformationAccessOID, ExtendedKeyUsageOID, ExtensionOID, NameOID
+)
from .hazmat.primitives.fixtures_dsa import DSA_KEY_2048
from .hazmat.primitives.fixtures_rsa import RSA_KEY_2048, RSA_KEY_512
@@ -1503,9 +1505,9 @@ class TestCertificateBuilder(object):
123
).add_extension(
x509.ExtendedKeyUsage([
- x509.OID_CLIENT_AUTH,
- x509.OID_SERVER_AUTH,
- x509.OID_CODE_SIGNING,
+ ExtendedKeyUsageOID.CLIENT_AUTH,
+ ExtendedKeyUsageOID.SERVER_AUTH,
+ ExtendedKeyUsageOID.CODE_SIGNING,
]), critical=False
).sign(issuer_private_key, hashes.SHA256(), backend)
@@ -1514,9 +1516,9 @@ class TestCertificateBuilder(object):
)
assert eku.critical is False
assert eku.value == x509.ExtendedKeyUsage([
- x509.OID_CLIENT_AUTH,
- x509.OID_SERVER_AUTH,
- x509.OID_CODE_SIGNING,
+ ExtendedKeyUsageOID.CLIENT_AUTH,
+ ExtendedKeyUsageOID.SERVER_AUTH,
+ ExtendedKeyUsageOID.CODE_SIGNING,
])
@pytest.mark.requires_backend_interface(interface=RSABackend)
@@ -2011,9 +2013,9 @@ class TestCertificateSigningRequestBuilder(object):
x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, u'US')])
).add_extension(
x509.ExtendedKeyUsage([
- x509.OID_CLIENT_AUTH,
- x509.OID_SERVER_AUTH,
- x509.OID_CODE_SIGNING,
+ ExtendedKeyUsageOID.CLIENT_AUTH,
+ ExtendedKeyUsageOID.SERVER_AUTH,
+ ExtendedKeyUsageOID.CODE_SIGNING,
]), critical=False
).sign(private_key, hashes.SHA256(), backend)
@@ -2022,9 +2024,9 @@ class TestCertificateSigningRequestBuilder(object):
)
assert eku.critical is False
assert eku.value == x509.ExtendedKeyUsage([
- x509.OID_CLIENT_AUTH,
- x509.OID_SERVER_AUTH,
- x509.OID_CODE_SIGNING,
+ ExtendedKeyUsageOID.CLIENT_AUTH,
+ ExtendedKeyUsageOID.SERVER_AUTH,
+ ExtendedKeyUsageOID.CODE_SIGNING,
])
@pytest.mark.requires_backend_interface(interface=RSABackend)
@@ -2051,11 +2053,11 @@ class TestCertificateSigningRequestBuilder(object):
aia = x509.AuthorityInformationAccess([
x509.AccessDescription(
- x509.OID_OCSP,
+ AuthorityInformationAccessOID.OCSP,
x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
),
x509.AccessDescription(
- x509.OID_CA_ISSUERS,
+ AuthorityInformationAccessOID.CA_ISSUERS,
x509.UniformResourceIdentifier(u"http://domain.com/ca.crt")
)
])
diff --git a/tests/test_x509_ext.py b/tests/test_x509_ext.py
index faf9086a..85373973 100644
--- a/tests/test_x509_ext.py
+++ b/tests/test_x509_ext.py
@@ -17,7 +17,9 @@ from cryptography.hazmat.backends.interfaces import (
DSABackend, EllipticCurveBackend, RSABackend, X509Backend
)
from cryptography.hazmat.primitives.asymmetric import ec
-from cryptography.x509.oid import ExtensionOID, NameOID
+from cryptography.x509.oid import (
+ AuthorityInformationAccessOID, ExtendedKeyUsageOID, ExtensionOID, NameOID
+)
from .hazmat.primitives.test_ec import _skip_curve_unsupported
from .test_x509 import _load_cert
@@ -731,8 +733,8 @@ class TestExtendedKeyUsage(object):
])
assert len(eku) == 2
assert list(eku) == [
- x509.OID_SERVER_AUTH,
- x509.OID_CLIENT_AUTH
+ ExtendedKeyUsageOID.SERVER_AUTH,
+ ExtendedKeyUsageOID.CLIENT_AUTH
]
def test_repr(self):
@@ -830,6 +832,31 @@ class TestExtensions(object):
extensions = cert.extensions
assert len(extensions) == 0
+ def test_no_extensions_get_for_class(self, backend):
+ cert = _load_cert(
+ os.path.join(
+ "x509", "cryptography.io.pem"
+ ),
+ x509.load_pem_x509_certificate,
+ backend
+ )
+ exts = cert.extensions
+ with pytest.raises(x509.ExtensionNotFound) as exc:
+ exts.get_extension_for_class(x509.IssuerAlternativeName)
+ assert exc.value.oid == ExtensionOID.ISSUER_ALTERNATIVE_NAME
+
+ def test_one_extension_get_for_class(self, backend):
+ cert = _load_cert(
+ os.path.join(
+ "x509", "custom", "basic_constraints_not_critical.pem"
+ ),
+ x509.load_pem_x509_certificate,
+ backend
+ )
+ ext = cert.extensions.get_extension_for_class(x509.BasicConstraints)
+ assert ext is not None
+ assert isinstance(ext.value, x509.BasicConstraints)
+
@pytest.mark.requires_backend_interface(interface=RSABackend)
@pytest.mark.requires_backend_interface(interface=X509Backend)
@@ -1797,11 +1824,13 @@ class TestAccessDescription(object):
def test_invalid_access_location(self):
with pytest.raises(TypeError):
- x509.AccessDescription(x509.OID_CA_ISSUERS, "invalid")
+ x509.AccessDescription(
+ AuthorityInformationAccessOID.CA_ISSUERS, "invalid"
+ )
def test_repr(self):
ad = x509.AccessDescription(
- x509.OID_OCSP,
+ AuthorityInformationAccessOID.OCSP,
x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
)
assert repr(ad) == (
@@ -1812,26 +1841,26 @@ class TestAccessDescription(object):
def test_eq(self):
ad = x509.AccessDescription(
- x509.OID_OCSP,
+ AuthorityInformationAccessOID.OCSP,
x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
)
ad2 = x509.AccessDescription(
- x509.OID_OCSP,
+ AuthorityInformationAccessOID.OCSP,
x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
)
assert ad == ad2
def test_ne(self):
ad = x509.AccessDescription(
- x509.OID_OCSP,
+ AuthorityInformationAccessOID.OCSP,
x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
)
ad2 = x509.AccessDescription(
- x509.OID_CA_ISSUERS,
+ AuthorityInformationAccessOID.CA_ISSUERS,
x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
)
ad3 = x509.AccessDescription(
- x509.OID_OCSP,
+ AuthorityInformationAccessOID.OCSP,
x509.UniformResourceIdentifier(u"http://notthesame")
)
assert ad != ad2
@@ -1847,22 +1876,22 @@ class TestAuthorityInformationAccess(object):
def test_iter_len(self):
aia = x509.AuthorityInformationAccess([
x509.AccessDescription(
- x509.OID_OCSP,
+ AuthorityInformationAccessOID.OCSP,
x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
),
x509.AccessDescription(
- x509.OID_CA_ISSUERS,
+ AuthorityInformationAccessOID.CA_ISSUERS,
x509.UniformResourceIdentifier(u"http://domain.com/ca.crt")
)
])
assert len(aia) == 2
assert list(aia) == [
x509.AccessDescription(
- x509.OID_OCSP,
+ AuthorityInformationAccessOID.OCSP,
x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
),
x509.AccessDescription(
- x509.OID_CA_ISSUERS,
+ AuthorityInformationAccessOID.CA_ISSUERS,
x509.UniformResourceIdentifier(u"http://domain.com/ca.crt")
)
]
@@ -1870,11 +1899,11 @@ class TestAuthorityInformationAccess(object):
def test_repr(self):
aia = x509.AuthorityInformationAccess([
x509.AccessDescription(
- x509.OID_OCSP,
+ AuthorityInformationAccessOID.OCSP,
x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
),
x509.AccessDescription(
- x509.OID_CA_ISSUERS,
+ AuthorityInformationAccessOID.CA_ISSUERS,
x509.UniformResourceIdentifier(u"http://domain.com/ca.crt")
)
])
@@ -1890,21 +1919,21 @@ class TestAuthorityInformationAccess(object):
def test_eq(self):
aia = x509.AuthorityInformationAccess([
x509.AccessDescription(
- x509.OID_OCSP,
+ AuthorityInformationAccessOID.OCSP,
x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
),
x509.AccessDescription(
- x509.OID_CA_ISSUERS,
+ AuthorityInformationAccessOID.CA_ISSUERS,
x509.UniformResourceIdentifier(u"http://domain.com/ca.crt")
)
])
aia2 = x509.AuthorityInformationAccess([
x509.AccessDescription(
- x509.OID_OCSP,
+ AuthorityInformationAccessOID.OCSP,
x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
),
x509.AccessDescription(
- x509.OID_CA_ISSUERS,
+ AuthorityInformationAccessOID.CA_ISSUERS,
x509.UniformResourceIdentifier(u"http://domain.com/ca.crt")
)
])
@@ -1913,17 +1942,17 @@ class TestAuthorityInformationAccess(object):
def test_ne(self):
aia = x509.AuthorityInformationAccess([
x509.AccessDescription(
- x509.OID_OCSP,
+ AuthorityInformationAccessOID.OCSP,
x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
),
x509.AccessDescription(
- x509.OID_CA_ISSUERS,
+ AuthorityInformationAccessOID.CA_ISSUERS,
x509.UniformResourceIdentifier(u"http://domain.com/ca.crt")
)
])
aia2 = x509.AuthorityInformationAccess([
x509.AccessDescription(
- x509.OID_OCSP,
+ AuthorityInformationAccessOID.OCSP,
x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
),
])
@@ -1949,11 +1978,11 @@ class TestAuthorityInformationAccessExtension(object):
assert ext.value == x509.AuthorityInformationAccess([
x509.AccessDescription(
- x509.OID_OCSP,
+ AuthorityInformationAccessOID.OCSP,
x509.UniformResourceIdentifier(u"http://gv.symcd.com")
),
x509.AccessDescription(
- x509.OID_CA_ISSUERS,
+ AuthorityInformationAccessOID.CA_ISSUERS,
x509.UniformResourceIdentifier(u"http://gv.symcb.com/gv.crt")
),
])
@@ -1972,15 +2001,15 @@ class TestAuthorityInformationAccessExtension(object):
assert ext.value == x509.AuthorityInformationAccess([
x509.AccessDescription(
- x509.OID_OCSP,
+ AuthorityInformationAccessOID.OCSP,
x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
),
x509.AccessDescription(
- x509.OID_OCSP,
+ AuthorityInformationAccessOID.OCSP,
x509.UniformResourceIdentifier(u"http://ocsp2.domain.com")
),
x509.AccessDescription(
- x509.OID_CA_ISSUERS,
+ AuthorityInformationAccessOID.CA_ISSUERS,
x509.DirectoryName(x509.Name([
x509.NameAttribute(NameOID.COMMON_NAME, u"myCN"),
x509.NameAttribute(NameOID.ORGANIZATION_NAME,
@@ -2003,7 +2032,7 @@ class TestAuthorityInformationAccessExtension(object):
assert ext.value == x509.AuthorityInformationAccess([
x509.AccessDescription(
- x509.OID_OCSP,
+ AuthorityInformationAccessOID.OCSP,
x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
),
])
@@ -2022,7 +2051,7 @@ class TestAuthorityInformationAccessExtension(object):
assert ext.value == x509.AuthorityInformationAccess([
x509.AccessDescription(
- x509.OID_CA_ISSUERS,
+ AuthorityInformationAccessOID.CA_ISSUERS,
x509.DirectoryName(x509.Name([
x509.NameAttribute(NameOID.COMMON_NAME, u"myCN"),
x509.NameAttribute(NameOID.ORGANIZATION_NAME,
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-29 19:58:17 +0000