From a9d78c13ea2996c896d3dfda8b7e887c444ec4cb Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Wed, 26 Nov 2014 10:59:03 -1000 Subject: update docs, test invalid x509 version --- CHANGELOG.rst | 2 ++ docs/exceptions.rst | 5 +++++ docs/hazmat/primitives/interfaces.rst | 2 +- docs/x509.rst | 2 +- src/cryptography/exceptions.py | 4 ++++ src/cryptography/hazmat/backends/openssl/x509.py | 5 ++++- tests/test_x509.py | 13 ++++++++++++- 7 files changed, 29 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index cf6d2252..29cee493 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -22,6 +22,8 @@ Changelog :func:`~cryptography.hazmat.primitives.serialization.load_ssh_public_key` to support the loading of OpenSSH public keys (:rfc:`4253`). Currently, only RSA keys are supported. +* Added initial support for X.509 certificate parsing. See :doc:`X.509 ` + for more information. 0.6.1 - 2014-10-15 ~~~~~~~~~~~~~~~~~~ diff --git a/docs/exceptions.rst b/docs/exceptions.rst index 28da8ecc..b86d3eea 100644 --- a/docs/exceptions.rst +++ b/docs/exceptions.rst @@ -43,3 +43,8 @@ Exceptions This is raised when the verify method of a one time password function's computed token does not match the expected token. + + +.. class:: InvalidX509Version + + This is raised when an X.509 certificate has an invalid version number. diff --git a/docs/hazmat/primitives/interfaces.rst b/docs/hazmat/primitives/interfaces.rst index d87e8d66..71646ce9 100644 --- a/docs/hazmat/primitives/interfaces.rst +++ b/docs/hazmat/primitives/interfaces.rst @@ -705,7 +705,7 @@ X509 .. attribute:: version - :type: X509Version + :type: :class:`~cryptography.x509.X509Version` The certificate version as an enumeration. diff --git a/docs/x509.rst b/docs/x509.rst index 5d18297a..2c9c0f46 100644 --- a/docs/x509.rst +++ b/docs/x509.rst @@ -3,7 +3,7 @@ X.509 ===== -.. currentmodule:: cryptography.hazmat.primitives.x509 +.. currentmodule:: cryptography.x509 X.509 is an ITU-T standard for a `public key infrastructure`_. X.509v3 is defined in :rfc:`5280` (which obsoletes :rfc:`2459` and :rfc:`3280`). diff --git a/src/cryptography/exceptions.py b/src/cryptography/exceptions.py index b0e1a993..23edcd02 100644 --- a/src/cryptography/exceptions.py +++ b/src/cryptography/exceptions.py @@ -53,3 +53,7 @@ class InvalidKey(Exception): class InvalidToken(Exception): pass + + +class InvalidX509Version(Exception): + pass diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py index 0c6395f4..9f6f71d0 100644 --- a/src/cryptography/hazmat/backends/openssl/x509.py +++ b/src/cryptography/hazmat/backends/openssl/x509.py @@ -16,6 +16,7 @@ from __future__ import absolute_import, division, print_function import datetime from cryptography import utils, x509 +from cryptography.exceptions import InvalidX509Version from cryptography.hazmat.primitives import hashes, interfaces @@ -60,7 +61,9 @@ class _X509Certificate(object): elif version == 2: return x509.X509Version.v3 else: - raise StandardError("TODO") + raise InvalidX509Version( + "{0} is not a valid X509 version", version + ) @property def serial(self): diff --git a/tests/test_x509.py b/tests/test_x509.py index 97102946..eac8a307 100644 --- a/tests/test_x509.py +++ b/tests/test_x509.py @@ -12,10 +12,11 @@ import textwrap import pytest from cryptography import x509 +from cryptography.exceptions import InvalidX509Version from cryptography.hazmat.backends.interfaces import RSABackend, X509Backend from cryptography.hazmat.primitives import interfaces -from .hazmat.primitives.utils import load_vectors_from_file +from .utils import load_vectors_from_file def _der_to_pem(data): @@ -83,3 +84,13 @@ class TestX509Certificate(object): assert cert.not_before == datetime.datetime(2010, 1, 1, 8, 30) assert cert.not_after == datetime.datetime(2050, 1, 1, 12, 1) assert cert.version == x509.X509Version.v3 + + def test_invalid_version_cert(self, backend): + cert = load_vectors_from_file( + os.path.join("x509", "custom", "invalid_version.pem"), + lambda pemfile: x509.load_pem_x509_certificate( + pemfile.read(), backend + ) + ) + with pytest.raises(InvalidX509Version): + cert.version -- cgit v1.2.3