7 files changed, 268 insertions, 13 deletions

diff --git a/tests/hazmat/primitives/test_dh.py b/tests/hazmat/primitives/test_dh.py
index 115f3d8c..d8869de9 100644
--- a/tests/hazmat/primitives/test_dh.py
+++ b/tests/hazmat/primitives/test_dh.py
@@ -1,15 +1,6 @@
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#    http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-# implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
 
 from __future__ import absolute_import, division, print_function
 
diff --git a/tests/hazmat/primitives/twofactor/test_hotp.py b/tests/hazmat/primitives/twofactor/test_hotp.py
index a5d1c284..ab5f93c5 100644
--- a/tests/hazmat/primitives/twofactor/test_hotp.py
+++ b/tests/hazmat/primitives/twofactor/test_hotp.py
@@ -92,6 +92,19 @@ class TestHOTP(object):
         with pytest.raises(TypeError):
             HOTP(secret, b"foo", SHA1(), backend)
 
+    def test_get_provisioning_uri(self, backend):
+        secret = b"12345678901234567890"
+        hotp = HOTP(secret, 6, SHA1(), backend)
+
+        assert hotp.get_provisioning_uri("Alice Smith", 1, None) == (
+            "otpauth://hotp/Alice%20Smith?digits=6&secret=GEZDGNBV"
+            "GY3TQOJQGEZDGNBVGY3TQOJQ&algorithm=SHA1&counter=1")
+
+        assert hotp.get_provisioning_uri("Alice Smith", 1, 'Foo') == (
+            "otpauth://hotp/Foo:Alice%20Smith?digits=6&secret=GEZD"
+            "GNBVGY3TQOJQGEZDGNBVGY3TQOJQ&algorithm=SHA1&issuer=Foo"
+            "&counter=1")
+
 
 def test_invalid_backend():
     secret = b"12345678901234567890"
diff --git a/tests/hazmat/primitives/twofactor/test_totp.py b/tests/hazmat/primitives/twofactor/test_totp.py
index 6039983e..95829713 100644
--- a/tests/hazmat/primitives/twofactor/test_totp.py
+++ b/tests/hazmat/primitives/twofactor/test_totp.py
@@ -126,6 +126,19 @@ class TestTOTP(object):
 
         assert totp.generate(time) == b"94287082"
 
+    def test_get_provisioning_uri(self, backend):
+        secret = b"12345678901234567890"
+        totp = TOTP(secret, 6, hashes.SHA1(), 30, backend=backend)
+
+        assert totp.get_provisioning_uri("Alice Smith", None) == (
+            "otpauth://totp/Alice%20Smith?digits=6&secret=GEZDGNBVG"
+            "Y3TQOJQGEZDGNBVGY3TQOJQ&algorithm=SHA1&period=30")
+
+        assert totp.get_provisioning_uri("Alice Smith", 'World') == (
+            "otpauth://totp/World:Alice%20Smith?digits=6&secret=GEZ"
+            "DGNBVGY3TQOJQGEZDGNBVGY3TQOJQ&algorithm=SHA1&issuer=World"
+            "&period=30")
+
 
 def test_invalid_backend():
     secret = b"12345678901234567890"
diff --git a/tests/test_utils.py b/tests/test_utils.py
index 61efb10c..8601d11d 100644
--- a/tests/test_utils.py
+++ b/tests/test_utils.py
@@ -3336,6 +3336,75 @@ f47021022a6c9b45ed791d09d9540eb81ea065fc1959eca365001ee39928c343d75
     assert expected == load_kasvs_ecdh_vectors(vector_data)
 
 
+def test_load_kasvs_ecdh_kdf_vectors():
+    vector_data = textwrap.dedent("""
+    #  Parameter set(s) supported: EB EC ED EE
+    #  CAVSid: CAVSid (in hex: 434156536964)
+    #  IUTid: In hex: a1b2c3d4e5
+    [EB]
+
+    [Curve selected:  P-224]
+    [SHA(s) supported (Used in the KDF function):  SHA224 SHA256 SHA384 SHA512]
+    [MAC algorithm supported:  HMAC]
+    [HMAC SHAs supported:  SHA512]
+    [HMACKeySize(in bits):  112]
+    [HMAC Tag length(in bits):  64]
+
+    #  Generated on Mon Dec 22 11:45:18 2014
+
+
+
+    [EB - SHA224]
+
+
+    COUNT = 0
+    dsCAVS = 540904b67b3716823dd621ed72ad3dbc615887b4f56f910b78a57199
+    QsCAVSx = 28e5f3a72d8f6b8499dd1bcdfceafcecec68a0d715789bcf4b55fe15
+    QsCAVSy = 8c8006a7da7c1a19f5328d7e865522b0c0dfb9a29b2c46dc96590d2a
+    Nonce = 4eefb2a29a0e89c3898a7affdfa60dd7
+    dsIUT = 5e717ae889fc8d67be11c2ebe1a7d3550051448d68a040b2dee8e327
+    QsIUTx = ae7f3db340b647d61713f5374c019f1be2b28573cb6219bb7b747223
+    QsIUTy = 800e6bffcf97c15864ec6e5673fb83359b45f89b8a26a27f6f3dfbff
+    NonceDKMIUT = bb7f1b40d14ebd70443393990b57
+    OI = a1b2c3d4e5bb7f1b40d14ebd70443393990b574341565369645b1582daab9cc6c30d6\
+1fdcf1cdfc7e9a304651e0fdb
+    CAVSTag = 84de198c3a958c62
+    Z = 43f23b2c760d686fc99cc008b63aea92f866e224265af60d2d8ae540
+    MacData = 5374616e646172642054657374204d6573736167654eefb2a29a0e89c3898a7a\
+ffdfa60dd7
+    DKM = ad65fa2d12541c3a21f3cd223efb
+    Result = F (12 - Tag changed )
+    """).splitlines()
+
+    expected = [
+        {'errno': 12,
+         'fail': True,
+         'COUNT': 0,
+         'CAVS': {
+             'd': int("540904b67b3716823dd621ed72ad3dbc615887b4f56f910b"
+                      "78a57199", 16),
+             'x': int("28e5f3a72d8f6b8499dd1bcdfceafcecec68a0d715789bcf"
+                      "4b55fe15", 16),
+             'y': int("8c8006a7da7c1a19f5328d7e865522b0c0dfb9a29b2c46dc"
+                      "96590d2a", 16)},
+         'IUT': {
+             'd': int("5e717ae889fc8d67be11c2ebe1a7d3550051448d68a040b2"
+                      "dee8e327", 16),
+             'x': int("ae7f3db340b647d61713f5374c019f1be2b28573cb6219bb"
+                      "7b747223", 16),
+             'y': int("800e6bffcf97c15864ec6e5673fb83359b45f89b8a26a27f"
+                      "6f3dfbff", 16)},
+         'OI': int("a1b2c3d4e5bb7f1b40d14ebd70443393990b574341565369"
+                   "645b1582daab9cc6c30d61fdcf1cdfc7e9a304651e0fdb", 16),
+         'Z': int("43f23b2c760d686fc99cc008b63aea92f866e224265af60d"
+                  "2d8ae540", 16),
+         'DKM': int("ad65fa2d12541c3a21f3cd223efb", 16),
+         'curve': 'secp224r1'}
+    ]
+
+    assert expected == load_kasvs_ecdh_vectors(vector_data)
+
+
 def test_vector_version():
     assert cryptography.__version__ == cryptography_vectors.__version__
 
diff --git a/tests/test_x509.py b/tests/test_x509.py
index 72fc9d40..a3bed85f 100644
--- a/tests/test_x509.py
+++ b/tests/test_x509.py
@@ -368,6 +368,90 @@ class TestRSACertificate(object):
         with pytest.raises(UnsupportedAlgorithm):
             cert.signature_hash_algorithm
 
+    def test_public_bytes_pem(self, backend):
+        # Load an existing certificate.
+        cert = _load_cert(
+            os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"),
+            x509.load_der_x509_certificate,
+            backend
+        )
+
+        # Encode it to PEM and load it back.
+        cert = x509.load_pem_x509_certificate(cert.public_bytes(
+            encoding=serialization.Encoding.PEM,
+        ), backend)
+
+        # We should recover what we had to start with.
+        assert cert.not_valid_before == datetime.datetime(2010, 1, 1, 8, 30)
+        assert cert.not_valid_after == datetime.datetime(2030, 12, 31, 8, 30)
+        assert cert.serial == 2
+        public_key = cert.public_key()
+        assert isinstance(public_key, rsa.RSAPublicKey)
+        assert cert.version is x509.Version.v3
+        fingerprint = binascii.hexlify(cert.fingerprint(hashes.SHA1()))
+        assert fingerprint == b"6f49779533d565e8b7c1062503eab41492c38e4d"
+
+    def test_public_bytes_der(self, backend):
+        # Load an existing certificate.
+        cert = _load_cert(
+            os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"),
+            x509.load_der_x509_certificate,
+            backend
+        )
+
+        # Encode it to DER and load it back.
+        cert = x509.load_der_x509_certificate(cert.public_bytes(
+            encoding=serialization.Encoding.DER,
+        ), backend)
+
+        # We should recover what we had to start with.
+        assert cert.not_valid_before == datetime.datetime(2010, 1, 1, 8, 30)
+        assert cert.not_valid_after == datetime.datetime(2030, 12, 31, 8, 30)
+        assert cert.serial == 2
+        public_key = cert.public_key()
+        assert isinstance(public_key, rsa.RSAPublicKey)
+        assert cert.version is x509.Version.v3
+        fingerprint = binascii.hexlify(cert.fingerprint(hashes.SHA1()))
+        assert fingerprint == b"6f49779533d565e8b7c1062503eab41492c38e4d"
+
+    def test_public_bytes_invalid_encoding(self, backend):
+        cert = _load_cert(
+            os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"),
+            x509.load_der_x509_certificate,
+            backend
+        )
+
+        with pytest.raises(TypeError):
+            cert.public_bytes('NotAnEncoding')
+
+    @pytest.mark.parametrize(
+        ("cert_path", "loader_func", "encoding"),
+        [
+            (
+                os.path.join("x509", "v1_cert.pem"),
+                x509.load_pem_x509_certificate,
+                serialization.Encoding.PEM,
+            ),
+            (
+                os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"),
+                x509.load_der_x509_certificate,
+                serialization.Encoding.DER,
+            ),
+        ]
+    )
+    def test_public_bytes_match(self, cert_path, loader_func, encoding,
+                                backend):
+        cert_bytes = load_vectors_from_file(
+            cert_path, lambda pemfile: pemfile.read(), mode="rb"
+        )
+        cert = loader_func(cert_bytes, backend)
+        serialized = cert.public_bytes(encoding)
+        assert serialized == cert_bytes
+
+
+@pytest.mark.requires_backend_interface(interface=RSABackend)
+@pytest.mark.requires_backend_interface(interface=X509Backend)
+class TestRSACertificateRequest(object):
     @pytest.mark.parametrize(
         ("path", "loader_func"),
         [
diff --git a/tests/test_x509_ext.py b/tests/test_x509_ext.py
index 20a016b6..f16db337 100644
--- a/tests/test_x509_ext.py
+++ b/tests/test_x509_ext.py
@@ -1139,6 +1139,61 @@ class TestIPAddress(object):
         assert gn != object()
 
 
+class TestGeneralNames(object):
+    def test_get_values_for_type(self):
+        gns = x509.GeneralNames(
+            [x509.DNSName(u"cryptography.io")]
+        )
+        names = gns.get_values_for_type(x509.DNSName)
+        assert names == [u"cryptography.io"]
+
+    def test_iter_names(self):
+        gns = x509.GeneralNames([
+            x509.DNSName(u"cryptography.io"),
+            x509.DNSName(u"crypto.local"),
+        ])
+        assert len(gns) == 2
+        assert list(gns) == [
+            x509.DNSName(u"cryptography.io"),
+            x509.DNSName(u"crypto.local"),
+        ]
+
+    def test_invalid_general_names(self):
+        with pytest.raises(TypeError):
+            x509.GeneralNames(
+                [x509.DNSName(u"cryptography.io"), "invalid"]
+            )
+
+    def test_repr(self):
+        gns = x509.GeneralNames(
+            [
+                x509.DNSName(u"cryptography.io")
+            ]
+        )
+        assert repr(gns) == (
+            "<GeneralNames([<DNSName(value=cryptography.io)>])>"
+        )
+
+    def test_eq(self):
+        gns = x509.GeneralNames(
+            [x509.DNSName(u"cryptography.io")]
+        )
+        gns2 = x509.GeneralNames(
+            [x509.DNSName(u"cryptography.io")]
+        )
+        assert gns == gns2
+
+    def test_ne(self):
+        gns = x509.GeneralNames(
+            [x509.DNSName(u"cryptography.io")]
+        )
+        gns2 = x509.GeneralNames(
+            [x509.RFC822Name(u"admin@cryptography.io")]
+        )
+        assert gns != gns2
+        assert gns != object()
+
+
 class TestSubjectAlternativeName(object):
     def test_get_values_for_type(self):
         san = x509.SubjectAlternativeName(
@@ -1171,7 +1226,8 @@ class TestSubjectAlternativeName(object):
             ]
         )
         assert repr(san) == (
-            "<SubjectAlternativeName([<DNSName(value=cryptography.io)>])>"
+            "<SubjectAlternativeName("
+            "<GeneralNames([<DNSName(value=cryptography.io)>])>)>"
         )
 
     def test_eq(self):
@@ -2271,3 +2327,28 @@ class TestCRLDistributionPointsExtension(object):
                 )],
             )
         ])
+
+
+class TestInhibitAnyPolicy(object):
+    def test_not_int(self):
+        with pytest.raises(TypeError):
+            x509.InhibitAnyPolicy("notint")
+
+    def test_negative_int(self):
+        with pytest.raises(ValueError):
+            x509.InhibitAnyPolicy(-1)
+
+    def test_repr(self):
+        iap = x509.InhibitAnyPolicy(0)
+        assert repr(iap) == "<InhibitAnyPolicy(skip_certs=0)>"
+
+    def test_eq(self):
+        iap = x509.InhibitAnyPolicy(1)
+        iap2 = x509.InhibitAnyPolicy(1)
+        assert iap == iap2
+
+    def test_ne(self):
+        iap = x509.InhibitAnyPolicy(1)
+        iap2 = x509.InhibitAnyPolicy(4)
+        assert iap != iap2
+        assert iap != object()
diff --git a/tests/utils.py b/tests/utils.py
index ab922c94..46d93646 100644
--- a/tests/utils.py
+++ b/tests/utils.py
@@ -739,8 +739,12 @@ def load_kasvs_ecdh_vectors(vector_data):
             data["IUT"]["x"] = int(line.split("=")[1], 16)
         elif line.startswith("QsIUTy = "):
             data["IUT"]["y"] = int(line.split("=")[1], 16)
+        elif line.startswith("OI = "):
+            data["OI"] = int(line.split("=")[1], 16)
         elif line.startswith("Z = "):
             data["Z"] = int(line.split("=")[1], 16)
+        elif line.startswith("DKM = "):
+            data["DKM"] = int(line.split("=")[1], 16)
         elif line.startswith("Result = "):
             result_str = line.split("=")[1].strip()
             match = result_rx.match(result_str)