From 016e08abddf9fdc507da4f6c6f548c3dfee1b389 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Wed, 26 Nov 2014 09:41:18 -1000 Subject: move x509 to top level, add more docs --- tests/test_x509.py | 85 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 85 insertions(+) create mode 100644 tests/test_x509.py (limited to 'tests/test_x509.py') diff --git a/tests/test_x509.py b/tests/test_x509.py new file mode 100644 index 00000000..97102946 --- /dev/null +++ b/tests/test_x509.py @@ -0,0 +1,85 @@ +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. + +from __future__ import absolute_import, division, print_function + +import base64 +import datetime +import os +import textwrap + +import pytest + +from cryptography import x509 +from cryptography.hazmat.backends.interfaces import RSABackend, X509Backend +from cryptography.hazmat.primitives import interfaces + +from .hazmat.primitives.utils import load_vectors_from_file + + +def _der_to_pem(data): + lines = textwrap.wrap(base64.b64encode(data), 64) + return ( + "-----BEGIN CERTIFICATE-----\n" + + "\n".join(lines) + + "\n-----END CERTIFICATE-----" + ) + + +def _load_der_cert(name, backend): + cert = load_vectors_from_file( + os.path.join( + "x509", "PKITS_data", "certs", name), + lambda pemfile: x509.load_der_x509_certificate( + pemfile.read(), backend + ) + ) + return cert + + +@pytest.mark.requires_backend_interface(interface=RSABackend) +@pytest.mark.requires_backend_interface(interface=X509Backend) +class TestX509Certificate(object): + def test_load_good_ca_cert(self, backend): + cert = _load_der_cert("GoodCACert.crt", backend) + + assert cert + assert cert.not_before == datetime.datetime(2010, 1, 1, 8, 30) + assert cert.not_after == datetime.datetime(2030, 12, 31, 8, 30) + assert cert.serial == 2 + public_key = cert.public_key() + assert isinstance(public_key, interfaces.RSAPublicKey) + assert cert.version == x509.X509Version.v3 + + def test_pre_2000_utc_not_before_cert(self, backend): + cert = _load_der_cert( + "Validpre2000UTCnotBeforeDateTest3EE.crt", + backend + ) + + assert cert + assert cert.not_before == datetime.datetime(1950, 1, 1, 12, 1) + assert cert.not_after == datetime.datetime(2030, 12, 31, 8, 30) + assert cert.version == x509.X509Version.v3 + + def test_generalized_time_not_before_cert(self, backend): + cert = _load_der_cert( + "ValidGeneralizedTimenotBeforeDateTest4EE.crt", + backend + ) + + assert cert + assert cert.not_before == datetime.datetime(2002, 1, 1, 12, 1) + assert cert.not_after == datetime.datetime(2030, 12, 31, 8, 30) + assert cert.version == x509.X509Version.v3 + + def test_generalized_time_not_after_cert(self, backend): + cert = _load_der_cert( + "ValidGeneralizedTimenotAfterDateTest8EE.crt", + backend + ) + assert cert + assert cert.not_before == datetime.datetime(2010, 1, 1, 8, 30) + assert cert.not_after == datetime.datetime(2050, 1, 1, 12, 1) + assert cert.version == x509.X509Version.v3 -- cgit v1.2.3 From a9d78c13ea2996c896d3dfda8b7e887c444ec4cb Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Wed, 26 Nov 2014 10:59:03 -1000 Subject: update docs, test invalid x509 version --- tests/test_x509.py | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) (limited to 'tests/test_x509.py') diff --git a/tests/test_x509.py b/tests/test_x509.py index 97102946..eac8a307 100644 --- a/tests/test_x509.py +++ b/tests/test_x509.py @@ -12,10 +12,11 @@ import textwrap import pytest from cryptography import x509 +from cryptography.exceptions import InvalidX509Version from cryptography.hazmat.backends.interfaces import RSABackend, X509Backend from cryptography.hazmat.primitives import interfaces -from .hazmat.primitives.utils import load_vectors_from_file +from .utils import load_vectors_from_file def _der_to_pem(data): @@ -83,3 +84,13 @@ class TestX509Certificate(object): assert cert.not_before == datetime.datetime(2010, 1, 1, 8, 30) assert cert.not_after == datetime.datetime(2050, 1, 1, 12, 1) assert cert.version == x509.X509Version.v3 + + def test_invalid_version_cert(self, backend): + cert = load_vectors_from_file( + os.path.join("x509", "custom", "invalid_version.pem"), + lambda pemfile: x509.load_pem_x509_certificate( + pemfile.read(), backend + ) + ) + with pytest.raises(InvalidX509Version): + cert.version -- cgit v1.2.3 From 30c5ccdfb505e33dcdaa7f248c3479e3050a70da Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Wed, 26 Nov 2014 11:10:28 -1000 Subject: add x509v1 test --- tests/test_x509.py | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'tests/test_x509.py') diff --git a/tests/test_x509.py b/tests/test_x509.py index eac8a307..0a120eba 100644 --- a/tests/test_x509.py +++ b/tests/test_x509.py @@ -94,3 +94,12 @@ class TestX509Certificate(object): ) with pytest.raises(InvalidX509Version): cert.version + + def test_version_1_cert(self, backend): + cert = load_vectors_from_file( + os.path.join("x509", "v1_cert.pem"), + lambda pemfile: x509.load_pem_x509_certificate( + pemfile.read(), backend + ) + ) + assert cert.version == x509.X509Version.v1 -- cgit v1.2.3 From 7638c3151ccbc17ff1adee0384b1fa10530cf87c Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Wed, 26 Nov 2014 11:13:31 -1000 Subject: improve x509 load error handling --- tests/test_x509.py | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'tests/test_x509.py') diff --git a/tests/test_x509.py b/tests/test_x509.py index 0a120eba..1e1bde1d 100644 --- a/tests/test_x509.py +++ b/tests/test_x509.py @@ -103,3 +103,11 @@ class TestX509Certificate(object): ) ) assert cert.version == x509.X509Version.v1 + + def test_invalid_pem(self, backend): + with pytest.raises(ValueError): + x509.load_pem_x509_certificate(b"notacert", backend) + + def test_invalid_der(self, backend): + with pytest.raises(ValueError): + x509.load_der_x509_certificate(b"notacert", backend) -- cgit v1.2.3 From 1eb5b86f86758a8247b742c580cc7163b89a1e7a Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Wed, 26 Nov 2014 11:44:03 -1000 Subject: improve tests, remove some outdated comments --- tests/test_x509.py | 26 +++++++++++++++++++------- 1 file changed, 19 insertions(+), 7 deletions(-) (limited to 'tests/test_x509.py') diff --git a/tests/test_x509.py b/tests/test_x509.py index 1e1bde1d..fe14758b 100644 --- a/tests/test_x509.py +++ b/tests/test_x509.py @@ -45,7 +45,6 @@ class TestX509Certificate(object): def test_load_good_ca_cert(self, backend): cert = _load_der_cert("GoodCACert.crt", backend) - assert cert assert cert.not_before == datetime.datetime(2010, 1, 1, 8, 30) assert cert.not_after == datetime.datetime(2030, 12, 31, 8, 30) assert cert.serial == 2 @@ -53,16 +52,31 @@ class TestX509Certificate(object): assert isinstance(public_key, interfaces.RSAPublicKey) assert cert.version == x509.X509Version.v3 - def test_pre_2000_utc_not_before_cert(self, backend): + def test_utc_pre_2000_not_before_cert(self, backend): cert = _load_der_cert( "Validpre2000UTCnotBeforeDateTest3EE.crt", backend ) - assert cert assert cert.not_before == datetime.datetime(1950, 1, 1, 12, 1) - assert cert.not_after == datetime.datetime(2030, 12, 31, 8, 30) - assert cert.version == x509.X509Version.v3 + + def test_pre_2000_utc_not_after_cert(self, backend): + cert = _load_der_cert( + "Invalidpre2000UTCEEnotAfterDateTest7EE.crt", + backend + ) + + assert cert.not_after == datetime.datetime(1999, 1, 1, 12, 1) + + def test_post_2000_utc_cert(self, backend): + cert = load_vectors_from_file( + os.path.join("x509", "custom", "post2000utctime.pem"), + lambda pemfile: x509.load_pem_x509_certificate( + pemfile.read(), backend + ) + ) + assert cert.not_before == datetime.datetime(2014, 11, 26, 21, 41, 20) + assert cert.not_after == datetime.datetime(2014, 12, 26, 21, 41, 20) def test_generalized_time_not_before_cert(self, backend): cert = _load_der_cert( @@ -70,7 +84,6 @@ class TestX509Certificate(object): backend ) - assert cert assert cert.not_before == datetime.datetime(2002, 1, 1, 12, 1) assert cert.not_after == datetime.datetime(2030, 12, 31, 8, 30) assert cert.version == x509.X509Version.v3 @@ -80,7 +93,6 @@ class TestX509Certificate(object): "ValidGeneralizedTimenotAfterDateTest8EE.crt", backend ) - assert cert assert cert.not_before == datetime.datetime(2010, 1, 1, 8, 30) assert cert.not_after == datetime.datetime(2050, 1, 1, 12, 1) assert cert.version == x509.X509Version.v3 -- cgit v1.2.3 From f1ef351362da9913f53fec73b68e188533036b4e Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Wed, 26 Nov 2014 17:36:05 -1000 Subject: clean up x509 tests & add DSA/ECDSA tests --- tests/test_x509.py | 72 ++++++++++++++++++++++++++++++++++++++++++------------ 1 file changed, 57 insertions(+), 15 deletions(-) (limited to 'tests/test_x509.py') diff --git a/tests/test_x509.py b/tests/test_x509.py index fe14758b..f50a82ae 100644 --- a/tests/test_x509.py +++ b/tests/test_x509.py @@ -4,36 +4,29 @@ from __future__ import absolute_import, division, print_function -import base64 import datetime import os -import textwrap import pytest from cryptography import x509 from cryptography.exceptions import InvalidX509Version -from cryptography.hazmat.backends.interfaces import RSABackend, X509Backend +from cryptography.hazmat.backends.interfaces import ( + DSABackend, EllipticCurveBackend, RSABackend, X509Backend +) from cryptography.hazmat.primitives import interfaces +from cryptography.hazmat.primitives.asymmetric import ec +from .hazmat.primitives.test_ec import _skip_curve_unsupported from .utils import load_vectors_from_file -def _der_to_pem(data): - lines = textwrap.wrap(base64.b64encode(data), 64) - return ( - "-----BEGIN CERTIFICATE-----\n" + - "\n".join(lines) + - "\n-----END CERTIFICATE-----" - ) - - def _load_der_cert(name, backend): cert = load_vectors_from_file( os.path.join( "x509", "PKITS_data", "certs", name), - lambda pemfile: x509.load_der_x509_certificate( - pemfile.read(), backend + lambda derfile: x509.load_der_x509_certificate( + derfile.read(), backend ) ) return cert @@ -41,7 +34,27 @@ def _load_der_cert(name, backend): @pytest.mark.requires_backend_interface(interface=RSABackend) @pytest.mark.requires_backend_interface(interface=X509Backend) -class TestX509Certificate(object): +class TestRSAX509Certificate(object): + def test_load_pem_cert(self, backend): + cert = load_vectors_from_file( + os.path.join( + "x509", "custom", "post2000utctime.pem"), + lambda pemfile: x509.load_pem_x509_certificate( + pemfile.read(), backend + ) + ) + assert cert + + def test_load_der_cert(self, backend): + cert = load_vectors_from_file( + os.path.join( + "x509", "PKITS_data", "certs", "GoodCACert.crt"), + lambda derfile: x509.load_der_x509_certificate( + derfile.read(), backend + ) + ) + assert cert + def test_load_good_ca_cert(self, backend): cert = _load_der_cert("GoodCACert.crt", backend) @@ -123,3 +136,32 @@ class TestX509Certificate(object): def test_invalid_der(self, backend): with pytest.raises(ValueError): x509.load_der_x509_certificate(b"notacert", backend) + + +@pytest.mark.requires_backend_interface(interface=DSABackend) +@pytest.mark.requires_backend_interface(interface=X509Backend) +class TestDSAX509Certificate(object): + def test_load_dsa_cert(self, backend): + cert = load_vectors_from_file( + os.path.join("x509", "custom", "dsa_root.pem"), + lambda pemfile: x509.load_pem_x509_certificate( + pemfile.read(), backend + ) + ) + public_key = cert.public_key() + assert isinstance(public_key, interfaces.DSAPublicKey) + + +@pytest.mark.requires_backend_interface(interface=EllipticCurveBackend) +@pytest.mark.requires_backend_interface(interface=X509Backend) +class TestECDSAX509Certificate(object): + def test_load_ecdsa_cert(self, backend): + _skip_curve_unsupported(backend, ec.SECP384R1()) + cert = load_vectors_from_file( + os.path.join("x509", "ecdsa_root.pem"), + lambda pemfile: x509.load_pem_x509_certificate( + pemfile.read(), backend + ) + ) + public_key = cert.public_key() + assert isinstance(public_key, interfaces.EllipticCurvePublicKey) -- cgit v1.2.3 From a68fd33ca8518a734b655457eca9ab28ccbcb7bb Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Thu, 27 Nov 2014 07:08:40 -1000 Subject: address review feedback --- tests/test_x509.py | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'tests/test_x509.py') diff --git a/tests/test_x509.py b/tests/test_x509.py index f50a82ae..df27f8d0 100644 --- a/tests/test_x509.py +++ b/tests/test_x509.py @@ -10,7 +10,6 @@ import os import pytest from cryptography import x509 -from cryptography.exceptions import InvalidX509Version from cryptography.hazmat.backends.interfaces import ( DSABackend, EllipticCurveBackend, RSABackend, X509Backend ) @@ -43,7 +42,7 @@ class TestRSAX509Certificate(object): pemfile.read(), backend ) ) - assert cert + assert isinstance(cert, interfaces.X509Certificate) def test_load_der_cert(self, backend): cert = load_vectors_from_file( @@ -53,7 +52,7 @@ class TestRSAX509Certificate(object): derfile.read(), backend ) ) - assert cert + assert isinstance(cert, interfaces.X509Certificate) def test_load_good_ca_cert(self, backend): cert = _load_der_cert("GoodCACert.crt", backend) @@ -117,7 +116,7 @@ class TestRSAX509Certificate(object): pemfile.read(), backend ) ) - with pytest.raises(InvalidX509Version): + with pytest.raises(x509.InvalidX509Version): cert.version def test_version_1_cert(self, backend): -- cgit v1.2.3 From a693cfdfb5e55f92f21cd7b2aa52f332679f241f Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Thu, 27 Nov 2014 07:47:58 -1000 Subject: py3 fixes --- tests/test_x509.py | 109 ++++++++++++++++++++++++++++++----------------------- 1 file changed, 61 insertions(+), 48 deletions(-) (limited to 'tests/test_x509.py') diff --git a/tests/test_x509.py b/tests/test_x509.py index df27f8d0..59b84004 100644 --- a/tests/test_x509.py +++ b/tests/test_x509.py @@ -20,13 +20,16 @@ from .hazmat.primitives.test_ec import _skip_curve_unsupported from .utils import load_vectors_from_file -def _load_der_cert(name, backend): +def _load_cert(filename, fmt, backend): + if fmt == "pem": + loader = x509.load_pem_x509_certificate + else: + loader = x509.load_der_x509_certificate + cert = load_vectors_from_file( - os.path.join( - "x509", "PKITS_data", "certs", name), - lambda derfile: x509.load_der_x509_certificate( - derfile.read(), backend - ) + filename=filename, + loader=lambda pemfile: loader(pemfile.read(), backend), + mode="rb" ) return cert @@ -35,27 +38,27 @@ def _load_der_cert(name, backend): @pytest.mark.requires_backend_interface(interface=X509Backend) class TestRSAX509Certificate(object): def test_load_pem_cert(self, backend): - cert = load_vectors_from_file( - os.path.join( - "x509", "custom", "post2000utctime.pem"), - lambda pemfile: x509.load_pem_x509_certificate( - pemfile.read(), backend - ) + cert = _load_cert( + os.path.join("x509", "custom", "post2000utctime.pem"), + "pem", + backend ) assert isinstance(cert, interfaces.X509Certificate) def test_load_der_cert(self, backend): - cert = load_vectors_from_file( - os.path.join( - "x509", "PKITS_data", "certs", "GoodCACert.crt"), - lambda derfile: x509.load_der_x509_certificate( - derfile.read(), backend - ) + cert = _load_cert( + os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"), + "der", + backend ) assert isinstance(cert, interfaces.X509Certificate) def test_load_good_ca_cert(self, backend): - cert = _load_der_cert("GoodCACert.crt", backend) + cert = _load_cert( + os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"), + "der", + backend + ) assert cert.not_before == datetime.datetime(2010, 1, 1, 8, 30) assert cert.not_after == datetime.datetime(2030, 12, 31, 8, 30) @@ -65,44 +68,58 @@ class TestRSAX509Certificate(object): assert cert.version == x509.X509Version.v3 def test_utc_pre_2000_not_before_cert(self, backend): - cert = _load_der_cert( - "Validpre2000UTCnotBeforeDateTest3EE.crt", + cert = _load_cert( + os.path.join( + "x509", "PKITS_data", "certs", + "Validpre2000UTCnotBeforeDateTest3EE.crt" + ), + "der", backend ) assert cert.not_before == datetime.datetime(1950, 1, 1, 12, 1) def test_pre_2000_utc_not_after_cert(self, backend): - cert = _load_der_cert( - "Invalidpre2000UTCEEnotAfterDateTest7EE.crt", + cert = _load_cert( + os.path.join( + "x509", "PKITS_data", "certs", + "Invalidpre2000UTCEEnotAfterDateTest7EE.crt" + ), + "der", backend ) assert cert.not_after == datetime.datetime(1999, 1, 1, 12, 1) def test_post_2000_utc_cert(self, backend): - cert = load_vectors_from_file( + cert = _load_cert( os.path.join("x509", "custom", "post2000utctime.pem"), - lambda pemfile: x509.load_pem_x509_certificate( - pemfile.read(), backend - ) + "pem", + backend ) assert cert.not_before == datetime.datetime(2014, 11, 26, 21, 41, 20) assert cert.not_after == datetime.datetime(2014, 12, 26, 21, 41, 20) def test_generalized_time_not_before_cert(self, backend): - cert = _load_der_cert( - "ValidGeneralizedTimenotBeforeDateTest4EE.crt", + cert = _load_cert( + os.path.join( + "x509", "PKITS_data", "certs", + "ValidGeneralizedTimenotBeforeDateTest4EE.crt" + ), + "der", backend ) - assert cert.not_before == datetime.datetime(2002, 1, 1, 12, 1) assert cert.not_after == datetime.datetime(2030, 12, 31, 8, 30) assert cert.version == x509.X509Version.v3 def test_generalized_time_not_after_cert(self, backend): - cert = _load_der_cert( - "ValidGeneralizedTimenotAfterDateTest8EE.crt", + cert = _load_cert( + os.path.join( + "x509", "PKITS_data", "certs", + "ValidGeneralizedTimenotAfterDateTest8EE.crt" + ), + "der", backend ) assert cert.not_before == datetime.datetime(2010, 1, 1, 8, 30) @@ -110,21 +127,19 @@ class TestRSAX509Certificate(object): assert cert.version == x509.X509Version.v3 def test_invalid_version_cert(self, backend): - cert = load_vectors_from_file( + cert = _load_cert( os.path.join("x509", "custom", "invalid_version.pem"), - lambda pemfile: x509.load_pem_x509_certificate( - pemfile.read(), backend - ) + "pem", + backend ) with pytest.raises(x509.InvalidX509Version): cert.version def test_version_1_cert(self, backend): - cert = load_vectors_from_file( + cert = _load_cert( os.path.join("x509", "v1_cert.pem"), - lambda pemfile: x509.load_pem_x509_certificate( - pemfile.read(), backend - ) + "pem", + backend ) assert cert.version == x509.X509Version.v1 @@ -141,11 +156,10 @@ class TestRSAX509Certificate(object): @pytest.mark.requires_backend_interface(interface=X509Backend) class TestDSAX509Certificate(object): def test_load_dsa_cert(self, backend): - cert = load_vectors_from_file( + cert = _load_cert( os.path.join("x509", "custom", "dsa_root.pem"), - lambda pemfile: x509.load_pem_x509_certificate( - pemfile.read(), backend - ) + "pem", + backend ) public_key = cert.public_key() assert isinstance(public_key, interfaces.DSAPublicKey) @@ -156,11 +170,10 @@ class TestDSAX509Certificate(object): class TestECDSAX509Certificate(object): def test_load_ecdsa_cert(self, backend): _skip_curve_unsupported(backend, ec.SECP384R1()) - cert = load_vectors_from_file( + cert = _load_cert( os.path.join("x509", "ecdsa_root.pem"), - lambda pemfile: x509.load_pem_x509_certificate( - pemfile.read(), backend - ) + "pem", + backend ) public_key = cert.public_key() assert isinstance(public_key, interfaces.EllipticCurvePublicKey) -- cgit v1.2.3 From 0307c37651216793c0cd63ec7e434878d4d8b5c5 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Thu, 27 Nov 2014 09:49:31 -1000 Subject: test x509 fingerprint --- tests/test_x509.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'tests/test_x509.py') diff --git a/tests/test_x509.py b/tests/test_x509.py index 59b84004..475558f2 100644 --- a/tests/test_x509.py +++ b/tests/test_x509.py @@ -4,6 +4,7 @@ from __future__ import absolute_import, division, print_function +import binascii import datetime import os @@ -13,7 +14,7 @@ from cryptography import x509 from cryptography.hazmat.backends.interfaces import ( DSABackend, EllipticCurveBackend, RSABackend, X509Backend ) -from cryptography.hazmat.primitives import interfaces +from cryptography.hazmat.primitives import hashes, interfaces from cryptography.hazmat.primitives.asymmetric import ec from .hazmat.primitives.test_ec import _skip_curve_unsupported @@ -66,6 +67,8 @@ class TestRSAX509Certificate(object): public_key = cert.public_key() assert isinstance(public_key, interfaces.RSAPublicKey) assert cert.version == x509.X509Version.v3 + fingerprint = binascii.hexlify(cert.fingerprint(hashes.SHA1())) + assert fingerprint == "6f49779533d565e8b7c1062503eab41492c38e4d" def test_utc_pre_2000_not_before_cert(self, backend): cert = _load_cert( -- cgit v1.2.3 From 4e1db790e8eb00154e4a924bcff8bd7bea6dfdb9 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Thu, 27 Nov 2014 10:50:55 -1000 Subject: learn to bytes --- tests/test_x509.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'tests/test_x509.py') diff --git a/tests/test_x509.py b/tests/test_x509.py index 475558f2..b47305f1 100644 --- a/tests/test_x509.py +++ b/tests/test_x509.py @@ -68,7 +68,7 @@ class TestRSAX509Certificate(object): assert isinstance(public_key, interfaces.RSAPublicKey) assert cert.version == x509.X509Version.v3 fingerprint = binascii.hexlify(cert.fingerprint(hashes.SHA1())) - assert fingerprint == "6f49779533d565e8b7c1062503eab41492c38e4d" + assert fingerprint == b"6f49779533d565e8b7c1062503eab41492c38e4d" def test_utc_pre_2000_not_before_cert(self, backend): cert = _load_cert( -- cgit v1.2.3 From 41120320d0872594d35a9ad38305f87ca052f6de Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Tue, 2 Dec 2014 18:31:14 -1000 Subject: refactor a test function to avoid string typing --- tests/test_x509.py | 31 +++++++++++++------------------ 1 file changed, 13 insertions(+), 18 deletions(-) (limited to 'tests/test_x509.py') diff --git a/tests/test_x509.py b/tests/test_x509.py index b47305f1..73810f18 100644 --- a/tests/test_x509.py +++ b/tests/test_x509.py @@ -21,12 +21,7 @@ from .hazmat.primitives.test_ec import _skip_curve_unsupported from .utils import load_vectors_from_file -def _load_cert(filename, fmt, backend): - if fmt == "pem": - loader = x509.load_pem_x509_certificate - else: - loader = x509.load_der_x509_certificate - +def _load_cert(filename, loader, backend): cert = load_vectors_from_file( filename=filename, loader=lambda pemfile: loader(pemfile.read(), backend), @@ -41,7 +36,7 @@ class TestRSAX509Certificate(object): def test_load_pem_cert(self, backend): cert = _load_cert( os.path.join("x509", "custom", "post2000utctime.pem"), - "pem", + x509.load_pem_x509_certificate, backend ) assert isinstance(cert, interfaces.X509Certificate) @@ -49,7 +44,7 @@ class TestRSAX509Certificate(object): def test_load_der_cert(self, backend): cert = _load_cert( os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"), - "der", + x509.load_der_x509_certificate, backend ) assert isinstance(cert, interfaces.X509Certificate) @@ -57,7 +52,7 @@ class TestRSAX509Certificate(object): def test_load_good_ca_cert(self, backend): cert = _load_cert( os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"), - "der", + x509.load_der_x509_certificate, backend ) @@ -76,7 +71,7 @@ class TestRSAX509Certificate(object): "x509", "PKITS_data", "certs", "Validpre2000UTCnotBeforeDateTest3EE.crt" ), - "der", + x509.load_der_x509_certificate, backend ) @@ -88,7 +83,7 @@ class TestRSAX509Certificate(object): "x509", "PKITS_data", "certs", "Invalidpre2000UTCEEnotAfterDateTest7EE.crt" ), - "der", + x509.load_der_x509_certificate, backend ) @@ -97,7 +92,7 @@ class TestRSAX509Certificate(object): def test_post_2000_utc_cert(self, backend): cert = _load_cert( os.path.join("x509", "custom", "post2000utctime.pem"), - "pem", + x509.load_pem_x509_certificate, backend ) assert cert.not_before == datetime.datetime(2014, 11, 26, 21, 41, 20) @@ -109,7 +104,7 @@ class TestRSAX509Certificate(object): "x509", "PKITS_data", "certs", "ValidGeneralizedTimenotBeforeDateTest4EE.crt" ), - "der", + x509.load_der_x509_certificate, backend ) assert cert.not_before == datetime.datetime(2002, 1, 1, 12, 1) @@ -122,7 +117,7 @@ class TestRSAX509Certificate(object): "x509", "PKITS_data", "certs", "ValidGeneralizedTimenotAfterDateTest8EE.crt" ), - "der", + x509.load_der_x509_certificate, backend ) assert cert.not_before == datetime.datetime(2010, 1, 1, 8, 30) @@ -132,7 +127,7 @@ class TestRSAX509Certificate(object): def test_invalid_version_cert(self, backend): cert = _load_cert( os.path.join("x509", "custom", "invalid_version.pem"), - "pem", + x509.load_pem_x509_certificate, backend ) with pytest.raises(x509.InvalidX509Version): @@ -141,7 +136,7 @@ class TestRSAX509Certificate(object): def test_version_1_cert(self, backend): cert = _load_cert( os.path.join("x509", "v1_cert.pem"), - "pem", + x509.load_pem_x509_certificate, backend ) assert cert.version == x509.X509Version.v1 @@ -161,7 +156,7 @@ class TestDSAX509Certificate(object): def test_load_dsa_cert(self, backend): cert = _load_cert( os.path.join("x509", "custom", "dsa_root.pem"), - "pem", + x509.load_pem_x509_certificate, backend ) public_key = cert.public_key() @@ -175,7 +170,7 @@ class TestECDSAX509Certificate(object): _skip_curve_unsupported(backend, ec.SECP384R1()) cert = _load_cert( os.path.join("x509", "ecdsa_root.pem"), - "pem", + x509.load_pem_x509_certificate, backend ) public_key = cert.public_key() -- cgit v1.2.3 From d9fc7252f9470f6f9f6c05047e2fcf1c5c34667a Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Thu, 11 Dec 2014 12:25:00 -0600 Subject: change it to not_valid_* why not --- tests/test_x509.py | 32 ++++++++++++++++++-------------- 1 file changed, 18 insertions(+), 14 deletions(-) (limited to 'tests/test_x509.py') diff --git a/tests/test_x509.py b/tests/test_x509.py index 73810f18..4fac1e55 100644 --- a/tests/test_x509.py +++ b/tests/test_x509.py @@ -56,12 +56,12 @@ class TestRSAX509Certificate(object): backend ) - assert cert.not_before == datetime.datetime(2010, 1, 1, 8, 30) - assert cert.not_after == datetime.datetime(2030, 12, 31, 8, 30) + assert cert.not_valid_before == datetime.datetime(2010, 1, 1, 8, 30) + assert cert.not_valid_after == datetime.datetime(2030, 12, 31, 8, 30) assert cert.serial == 2 public_key = cert.public_key() assert isinstance(public_key, interfaces.RSAPublicKey) - assert cert.version == x509.X509Version.v3 + assert cert.version is x509.X509Version.v3 fingerprint = binascii.hexlify(cert.fingerprint(hashes.SHA1())) assert fingerprint == b"6f49779533d565e8b7c1062503eab41492c38e4d" @@ -75,7 +75,7 @@ class TestRSAX509Certificate(object): backend ) - assert cert.not_before == datetime.datetime(1950, 1, 1, 12, 1) + assert cert.not_valid_before == datetime.datetime(1950, 1, 1, 12, 1) def test_pre_2000_utc_not_after_cert(self, backend): cert = _load_cert( @@ -87,7 +87,7 @@ class TestRSAX509Certificate(object): backend ) - assert cert.not_after == datetime.datetime(1999, 1, 1, 12, 1) + assert cert.not_valid_after == datetime.datetime(1999, 1, 1, 12, 1) def test_post_2000_utc_cert(self, backend): cert = _load_cert( @@ -95,8 +95,12 @@ class TestRSAX509Certificate(object): x509.load_pem_x509_certificate, backend ) - assert cert.not_before == datetime.datetime(2014, 11, 26, 21, 41, 20) - assert cert.not_after == datetime.datetime(2014, 12, 26, 21, 41, 20) + assert cert.not_valid_before == datetime.datetime( + 2014, 11, 26, 21, 41, 20 + ) + assert cert.not_valid_after == datetime.datetime( + 2014, 12, 26, 21, 41, 20 + ) def test_generalized_time_not_before_cert(self, backend): cert = _load_cert( @@ -107,9 +111,9 @@ class TestRSAX509Certificate(object): x509.load_der_x509_certificate, backend ) - assert cert.not_before == datetime.datetime(2002, 1, 1, 12, 1) - assert cert.not_after == datetime.datetime(2030, 12, 31, 8, 30) - assert cert.version == x509.X509Version.v3 + assert cert.not_valid_before == datetime.datetime(2002, 1, 1, 12, 1) + assert cert.not_valid_after == datetime.datetime(2030, 12, 31, 8, 30) + assert cert.version is x509.X509Version.v3 def test_generalized_time_not_after_cert(self, backend): cert = _load_cert( @@ -120,9 +124,9 @@ class TestRSAX509Certificate(object): x509.load_der_x509_certificate, backend ) - assert cert.not_before == datetime.datetime(2010, 1, 1, 8, 30) - assert cert.not_after == datetime.datetime(2050, 1, 1, 12, 1) - assert cert.version == x509.X509Version.v3 + assert cert.not_valid_before == datetime.datetime(2010, 1, 1, 8, 30) + assert cert.not_valid_after == datetime.datetime(2050, 1, 1, 12, 1) + assert cert.version is x509.X509Version.v3 def test_invalid_version_cert(self, backend): cert = _load_cert( @@ -139,7 +143,7 @@ class TestRSAX509Certificate(object): x509.load_pem_x509_certificate, backend ) - assert cert.version == x509.X509Version.v1 + assert cert.version is x509.X509Version.v1 def test_invalid_pem(self, backend): with pytest.raises(ValueError): -- cgit v1.2.3 From b2de948b18316ac5f08b22d1ab22bdd49da9cc5f Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Thu, 11 Dec 2014 14:54:48 -0600 Subject: reorganize a bunch of things related to the x509certificate interface --- tests/test_x509.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'tests/test_x509.py') diff --git a/tests/test_x509.py b/tests/test_x509.py index 4fac1e55..638c7d1b 100644 --- a/tests/test_x509.py +++ b/tests/test_x509.py @@ -39,7 +39,7 @@ class TestRSAX509Certificate(object): x509.load_pem_x509_certificate, backend ) - assert isinstance(cert, interfaces.X509Certificate) + assert isinstance(cert, x509.X509Certificate) def test_load_der_cert(self, backend): cert = _load_cert( @@ -47,7 +47,7 @@ class TestRSAX509Certificate(object): x509.load_der_x509_certificate, backend ) - assert isinstance(cert, interfaces.X509Certificate) + assert isinstance(cert, x509.X509Certificate) def test_load_good_ca_cert(self, backend): cert = _load_cert( -- cgit v1.2.3 From 6c660a88f1ed6d03968b26328a285cfecc4c9a2c Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Fri, 12 Dec 2014 11:50:44 -0600 Subject: raise error on unnamed EC curve certificates when calling public_key ...for now --- tests/test_x509.py | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'tests/test_x509.py') diff --git a/tests/test_x509.py b/tests/test_x509.py index 638c7d1b..7a4d0b7d 100644 --- a/tests/test_x509.py +++ b/tests/test_x509.py @@ -179,3 +179,13 @@ class TestECDSAX509Certificate(object): ) public_key = cert.public_key() assert isinstance(public_key, interfaces.EllipticCurvePublicKey) + + def test_load_ecdsa_no_named_curve(self, backend): + _skip_curve_unsupported(backend, ec.SECP256R1()) + cert = _load_cert( + os.path.join("x509", "custom", "ec_no_named_curve.pem"), + x509.load_pem_x509_certificate, + backend + ) + with pytest.raises(NotImplementedError): + cert.public_key() -- cgit v1.2.3 From 4903adc2f791407203561966f33d85a02ab1b16e Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sat, 13 Dec 2014 16:57:50 -0600 Subject: update test with proper filename --- tests/test_x509.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'tests/test_x509.py') diff --git a/tests/test_x509.py b/tests/test_x509.py index 7a4d0b7d..be118bb8 100644 --- a/tests/test_x509.py +++ b/tests/test_x509.py @@ -159,7 +159,7 @@ class TestRSAX509Certificate(object): class TestDSAX509Certificate(object): def test_load_dsa_cert(self, backend): cert = _load_cert( - os.path.join("x509", "custom", "dsa_root.pem"), + os.path.join("x509", "custom", "dsa_selfsigned_ca.pem"), x509.load_pem_x509_certificate, backend ) -- cgit v1.2.3 From e76cd27c28f75f3972ddcf5e15d5e37e6da2098e Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sun, 14 Dec 2014 19:00:51 -0600 Subject: rename X509 classes to remove X509 and improve some tests --- tests/test_x509.py | 77 +++++++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 67 insertions(+), 10 deletions(-) (limited to 'tests/test_x509.py') diff --git a/tests/test_x509.py b/tests/test_x509.py index be118bb8..f8d19a54 100644 --- a/tests/test_x509.py +++ b/tests/test_x509.py @@ -32,14 +32,17 @@ def _load_cert(filename, loader, backend): @pytest.mark.requires_backend_interface(interface=RSABackend) @pytest.mark.requires_backend_interface(interface=X509Backend) -class TestRSAX509Certificate(object): +class TestRSACertificate(object): def test_load_pem_cert(self, backend): cert = _load_cert( os.path.join("x509", "custom", "post2000utctime.pem"), x509.load_pem_x509_certificate, backend ) - assert isinstance(cert, x509.X509Certificate) + assert isinstance(cert, x509.Certificate) + assert cert.serial == 11559813051657483483 + fingerprint = binascii.hexlify(cert.fingerprint(hashes.SHA1())) + assert fingerprint == b"2b619ed04bfc9c3b08eb677d272192286a0947a8" def test_load_der_cert(self, backend): cert = _load_cert( @@ -47,7 +50,10 @@ class TestRSAX509Certificate(object): x509.load_der_x509_certificate, backend ) - assert isinstance(cert, x509.X509Certificate) + assert isinstance(cert, x509.Certificate) + assert cert.serial == 2 + fingerprint = binascii.hexlify(cert.fingerprint(hashes.SHA1())) + assert fingerprint == b"6f49779533d565e8b7c1062503eab41492c38e4d" def test_load_good_ca_cert(self, backend): cert = _load_cert( @@ -61,7 +67,7 @@ class TestRSAX509Certificate(object): assert cert.serial == 2 public_key = cert.public_key() assert isinstance(public_key, interfaces.RSAPublicKey) - assert cert.version is x509.X509Version.v3 + assert cert.version is x509.Version.v3 fingerprint = binascii.hexlify(cert.fingerprint(hashes.SHA1())) assert fingerprint == b"6f49779533d565e8b7c1062503eab41492c38e4d" @@ -113,7 +119,7 @@ class TestRSAX509Certificate(object): ) assert cert.not_valid_before == datetime.datetime(2002, 1, 1, 12, 1) assert cert.not_valid_after == datetime.datetime(2030, 12, 31, 8, 30) - assert cert.version is x509.X509Version.v3 + assert cert.version is x509.Version.v3 def test_generalized_time_not_after_cert(self, backend): cert = _load_cert( @@ -126,7 +132,7 @@ class TestRSAX509Certificate(object): ) assert cert.not_valid_before == datetime.datetime(2010, 1, 1, 8, 30) assert cert.not_valid_after == datetime.datetime(2050, 1, 1, 12, 1) - assert cert.version is x509.X509Version.v3 + assert cert.version is x509.Version.v3 def test_invalid_version_cert(self, backend): cert = _load_cert( @@ -134,7 +140,7 @@ class TestRSAX509Certificate(object): x509.load_pem_x509_certificate, backend ) - with pytest.raises(x509.InvalidX509Version): + with pytest.raises(x509.InvalidVersion): cert.version def test_version_1_cert(self, backend): @@ -143,7 +149,7 @@ class TestRSAX509Certificate(object): x509.load_pem_x509_certificate, backend ) - assert cert.version is x509.X509Version.v1 + assert cert.version is x509.Version.v1 def test_invalid_pem(self, backend): with pytest.raises(ValueError): @@ -156,7 +162,7 @@ class TestRSAX509Certificate(object): @pytest.mark.requires_backend_interface(interface=DSABackend) @pytest.mark.requires_backend_interface(interface=X509Backend) -class TestDSAX509Certificate(object): +class TestDSACertificate(object): def test_load_dsa_cert(self, backend): cert = _load_cert( os.path.join("x509", "custom", "dsa_selfsigned_ca.pem"), @@ -165,11 +171,49 @@ class TestDSAX509Certificate(object): ) public_key = cert.public_key() assert isinstance(public_key, interfaces.DSAPublicKey) + if isinstance(public_key, interfaces.DSAPublicKeyWithNumbers): + num = public_key.public_numbers() + assert num.y == int( + "4c08bfe5f2d76649c80acf7d431f6ae2124b217abc8c9f6aca776ddfa94" + "53b6656f13e543684cd5f6431a314377d2abfa068b7080cb8ddc065afc2" + "dea559f0b584c97a2b235b9b69b46bc6de1aed422a6f341832618bcaae2" + "198aba388099dafb05ff0b5efecb3b0ae169a62e1c72022af50ae68af3b" + "033c18e6eec1f7df4692c456ccafb79cc7e08da0a5786e9816ceda651d6" + "1b4bb7b81c2783da97cea62df67af5e85991fdc13aff10fc60e06586386" + "b96bb78d65750f542f86951e05a6d81baadbcd35a2e5cad4119923ae6a2" + "002091a3d17017f93c52970113cdc119970b9074ca506eac91c3dd37632" + "5df4af6b3911ef267d26623a5a1c5df4a6d13f1c", 16 + ) + assert num.parameter_numbers.g == int( + "4b7ced71dc353965ecc10d441a9a06fc24943a32d66429dd5ef44d43e67" + "d789d99770aec32c0415dc92970880872da45fef8dd1e115a3e4801387b" + "a6d755861f062fd3b6e9ea8e2641152339b828315b1528ee6c7b79458d2" + "1f3db973f6fc303f9397174c2799dd2351282aa2d8842c357a73495bbaa" + "c4932786414c55e60d73169f5761036fba29e9eebfb049f8a3b1b7cee6f" + "3fbfa136205f130bee2cf5b9c38dc1095d4006f2e73335c07352c64130a" + "1ab2b89f13b48f628d3cc3868beece9bb7beade9f830eacc6fa241425c0" + "b3fcc0df416a0c89f7bf35668d765ec95cdcfbe9caff49cfc156c668c76" + "fa6247676a6d3ac945844a083509c6a1b436baca", 16 + ) + assert num.parameter_numbers.p == int( + "bfade6048e373cd4e48b677e878c8e5b08c02102ae04eb2cb5c46a523a3" + "af1c73d16b24f34a4964781ae7e50500e21777754a670bd19a7420d6330" + "84e5556e33ca2c0e7d547ea5f46a07a01bf8669ae3bdec042d9b2ae5e6e" + "cf49f00ba9dac99ab6eff140d2cedf722ee62c2f9736857971444c25d0a" + "33d2017dc36d682a1054fe2a9428dda355a851ce6e6d61e03e419fd4ca4" + "e703313743d86caa885930f62ed5bf342d8165627681e9cc3244ba72aa2" + "2148400a6bbe80154e855d042c9dc2a3405f1e517be9dea50562f56da93" + "f6085f844a7e705c1f043e65751c583b80d29103e590ccb26efdaa0893d" + "833e36468f3907cfca788a3cb790f0341c8a31bf", 16 + ) + assert num.parameter_numbers.q == int( + "822ff5d234e073b901cf5941f58e1f538e71d40d", 16 + ) @pytest.mark.requires_backend_interface(interface=EllipticCurveBackend) @pytest.mark.requires_backend_interface(interface=X509Backend) -class TestECDSAX509Certificate(object): +class TestECDSACertificate(object): def test_load_ecdsa_cert(self, backend): _skip_curve_unsupported(backend, ec.SECP384R1()) cert = _load_cert( @@ -179,6 +223,19 @@ class TestECDSAX509Certificate(object): ) public_key = cert.public_key() assert isinstance(public_key, interfaces.EllipticCurvePublicKey) + if isinstance( + public_key, interfaces.EllipticCurvePublicKeyWithNumbers + ): + num = public_key.public_numbers() + assert num.x == int( + "dda7d9bb8ab80bfb0b7f21d2f0bebe73f3335d1abc34eadec69bbcd095f" + "6f0ccd00bba615b51467e9e2d9fee8e630c17", 16 + ) + assert num.y == int( + "ec0770f5cf842e40839ce83f416d3badd3a4145936789d0343ee10136c7" + "2deae88a7a16bb543ce67dc23ff031ca3e23e", 16 + ) + assert isinstance(num.curve, ec.SECP384R1) def test_load_ecdsa_no_named_curve(self, backend): _skip_curve_unsupported(backend, ec.SECP256R1()) -- cgit v1.2.3 From d5cccf7a376f4cf81cab6649646af0f09f5389ac Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Mon, 15 Dec 2014 17:20:33 -0600 Subject: add parsed_version attribute to InvalidVersion --- tests/test_x509.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'tests/test_x509.py') diff --git a/tests/test_x509.py b/tests/test_x509.py index f8d19a54..5383871a 100644 --- a/tests/test_x509.py +++ b/tests/test_x509.py @@ -140,9 +140,11 @@ class TestRSACertificate(object): x509.load_pem_x509_certificate, backend ) - with pytest.raises(x509.InvalidVersion): + with pytest.raises(x509.InvalidVersion) as exc: cert.version + assert exc.value.parsed_version == 7 + def test_version_1_cert(self, backend): cert = _load_cert( os.path.join("x509", "v1_cert.pem"), -- cgit v1.2.3