From d06763d9258115b2e1199296a18d7ec773d47ac3 Mon Sep 17 00:00:00 2001 From: Nick Bastin Date: Sat, 12 Dec 2015 18:32:59 -0800 Subject: Allow any OID for access_method, validate OIDs at creation time, fix tests. --- tests/test_x509_ext.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'tests') diff --git a/tests/test_x509_ext.py b/tests/test_x509_ext.py index 751de08d..511fad62 100644 --- a/tests/test_x509_ext.py +++ b/tests/test_x509_ext.py @@ -1861,7 +1861,8 @@ class TestExtendedKeyUsageExtension(object): class TestAccessDescription(object): def test_invalid_access_method(self): - with pytest.raises(ValueError): + # access_method can be *any* valid OID + with pytest.raises(TypeError): x509.AccessDescription("notanoid", x509.DNSName(u"test")) def test_invalid_access_location(self): -- cgit v1.2.3 From 11f0f8a3f8e03ef6831c5d487f1af994b9231ad6 Mon Sep 17 00:00:00 2001 From: Nick Bastin Date: Sat, 12 Dec 2015 18:54:12 -0800 Subject: Add test for arbitrary access_method --- tests/test_x509_ext.py | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'tests') diff --git a/tests/test_x509_ext.py b/tests/test_x509_ext.py index 511fad62..de2fb671 100644 --- a/tests/test_x509_ext.py +++ b/tests/test_x509_ext.py @@ -1871,6 +1871,10 @@ class TestAccessDescription(object): AuthorityInformationAccessOID.CA_ISSUERS, "invalid" ) + def test_valid_nonstandard_method (self): + ad = x509.AccessDescription("2.999.1", x509.UniformResourceIdentifier(u"http://example.com")) + assert ad is not None + def test_repr(self): ad = x509.AccessDescription( AuthorityInformationAccessOID.OCSP, -- cgit v1.2.3 From 326fc8eb679099552703accd814692c01514312b Mon Sep 17 00:00:00 2001 From: Nick Bastin Date: Sat, 12 Dec 2015 19:08:12 -0800 Subject: Style cleanup, missing import --- tests/test_x509_ext.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'tests') diff --git a/tests/test_x509_ext.py b/tests/test_x509_ext.py index de2fb671..ca1b9f45 100644 --- a/tests/test_x509_ext.py +++ b/tests/test_x509_ext.py @@ -18,8 +18,8 @@ from cryptography.hazmat.backends.interfaces import ( ) from cryptography.hazmat.primitives.asymmetric import ec from cryptography.x509.oid import ( - AuthorityInformationAccessOID, ExtendedKeyUsageOID, - ExtensionOID, NameOID + AuthorityInformationAccessOID, ExtendedKeyUsageOID, ExtensionOID, + NameOID, ObjectIdentifier ) from .hazmat.primitives.test_ec import _skip_curve_unsupported @@ -1872,7 +1872,10 @@ class TestAccessDescription(object): ) def test_valid_nonstandard_method (self): - ad = x509.AccessDescription("2.999.1", x509.UniformResourceIdentifier(u"http://example.com")) + ad = x509.AccessDescription( + ObjectIdentifier("2.999.1"), + x509.UniformResourceIdentifier(u"http://example.com") + ) assert ad is not None def test_repr(self): -- cgit v1.2.3 From 99de318242fffabdb46ea5713436a0b8ad63521f Mon Sep 17 00:00:00 2001 From: Nick Bastin Date: Sun, 13 Dec 2015 05:37:04 -0800 Subject: PEP8 fixes --- tests/test_x509_ext.py | 1 - 1 file changed, 1 deletion(-) (limited to 'tests') diff --git a/tests/test_x509_ext.py b/tests/test_x509_ext.py index ca1b9f45..bbdc6079 100644 --- a/tests/test_x509_ext.py +++ b/tests/test_x509_ext.py @@ -1861,7 +1861,6 @@ class TestExtendedKeyUsageExtension(object): class TestAccessDescription(object): def test_invalid_access_method(self): - # access_method can be *any* valid OID with pytest.raises(TypeError): x509.AccessDescription("notanoid", x509.DNSName(u"test")) -- cgit v1.2.3 From d2ecf8601bf9f6aeebd0b7080071a42ef1105cae Mon Sep 17 00:00:00 2001 From: Nick Bastin Date: Sun, 13 Dec 2015 05:44:46 -0800 Subject: Dangling pep8 fix --- tests/test_x509_ext.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'tests') diff --git a/tests/test_x509_ext.py b/tests/test_x509_ext.py index bbdc6079..83145cd0 100644 --- a/tests/test_x509_ext.py +++ b/tests/test_x509_ext.py @@ -1870,7 +1870,7 @@ class TestAccessDescription(object): AuthorityInformationAccessOID.CA_ISSUERS, "invalid" ) - def test_valid_nonstandard_method (self): + def test_valid_nonstandard_method(self): ad = x509.AccessDescription( ObjectIdentifier("2.999.1"), x509.UniformResourceIdentifier(u"http://example.com") -- cgit v1.2.3 From 79d9e6aa93b4cc0ccdf120d48d854a09df21f381 Mon Sep 17 00:00:00 2001 From: Nick Bastin Date: Sun, 13 Dec 2015 15:43:46 -0800 Subject: Test for non-standard AIA support in CertificateBuilder --- tests/test_x509.py | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) (limited to 'tests') diff --git a/tests/test_x509.py b/tests/test_x509.py index 67066f04..6c838162 100644 --- a/tests/test_x509.py +++ b/tests/test_x509.py @@ -1293,6 +1293,38 @@ class TestCertificateBuilder(object): with pytest.raises(NotImplementedError): builder.sign(private_key, hashes.SHA1(), backend) + + @pytest.mark.requires_backend_interface(interface=RSABackend) + @pytest.mark.requires_backend_interface(interface=X509Backend) + def test_encode_nonstandard_aia(self, backend): + private_key = RSA_KEY_2048.private_key(backend) + + aia = x509.AuthorityInformationAccess([ + x509.AccessDescription( + x509.ObjectIdentifier("2.999.7"), + x509.UniformResourceIdentifier(u"http://example.com") + ), + ]) + + builder = x509.CertificateBuilder().subject_name(x509.Name([ + x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'), + ])).issuer_name(x509.Name([ + x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'), + ])).public_key( + private_key.public_key() + ).serial_number( + 777 + ).not_valid_before( + datetime.datetime(1999, 1, 1) + ).not_valid_after( + datetime.datetime(2020, 1, 1) + ).add_extension( + aia, False + ) + + builder.sign(private_key, hashes.SHA256(), backend) + + @pytest.mark.requires_backend_interface(interface=RSABackend) @pytest.mark.requires_backend_interface(interface=X509Backend) def test_no_subject_name(self, backend): -- cgit v1.2.3 From db5360b5565a120769ba953693947c9039d166aa Mon Sep 17 00:00:00 2001 From: Nick Bastin Date: Mon, 14 Dec 2015 04:10:28 -0800 Subject: Dealing with the pedantry of pep8 --- tests/test_x509.py | 2 -- 1 file changed, 2 deletions(-) (limited to 'tests') diff --git a/tests/test_x509.py b/tests/test_x509.py index 6c838162..1a4c484b 100644 --- a/tests/test_x509.py +++ b/tests/test_x509.py @@ -1293,7 +1293,6 @@ class TestCertificateBuilder(object): with pytest.raises(NotImplementedError): builder.sign(private_key, hashes.SHA1(), backend) - @pytest.mark.requires_backend_interface(interface=RSABackend) @pytest.mark.requires_backend_interface(interface=X509Backend) def test_encode_nonstandard_aia(self, backend): @@ -1324,7 +1323,6 @@ class TestCertificateBuilder(object): builder.sign(private_key, hashes.SHA256(), backend) - @pytest.mark.requires_backend_interface(interface=RSABackend) @pytest.mark.requires_backend_interface(interface=X509Backend) def test_no_subject_name(self, backend): -- cgit v1.2.3