1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
|
# This file is dual licensed under the terms of the Apache License, Version
# 2.0, and the BSD License. See the LICENSE file in the root of this repository
# for complete details.
from __future__ import absolute_import, division, print_function
import datetime
import os
import pytest
from cryptography import x509
from cryptography.hazmat.backends.interfaces import (
DSABackend, EllipticCurveBackend, RSABackend, X509Backend
)
from cryptography.hazmat.primitives import interfaces
from cryptography.hazmat.primitives.asymmetric import ec
from .hazmat.primitives.test_ec import _skip_curve_unsupported
from .utils import load_vectors_from_file
def _load_der_cert(name, backend):
cert = load_vectors_from_file(
os.path.join(
"x509", "PKITS_data", "certs", name),
lambda derfile: x509.load_der_x509_certificate(
derfile.read(), backend
)
)
return cert
@pytest.mark.requires_backend_interface(interface=RSABackend)
@pytest.mark.requires_backend_interface(interface=X509Backend)
class TestRSAX509Certificate(object):
def test_load_pem_cert(self, backend):
cert = load_vectors_from_file(
os.path.join(
"x509", "custom", "post2000utctime.pem"),
lambda pemfile: x509.load_pem_x509_certificate(
pemfile.read(), backend
)
)
assert isinstance(cert, interfaces.X509Certificate)
def test_load_der_cert(self, backend):
cert = load_vectors_from_file(
os.path.join(
"x509", "PKITS_data", "certs", "GoodCACert.crt"),
lambda derfile: x509.load_der_x509_certificate(
derfile.read(), backend
)
)
assert isinstance(cert, interfaces.X509Certificate)
def test_load_good_ca_cert(self, backend):
cert = _load_der_cert("GoodCACert.crt", backend)
assert cert.not_before == datetime.datetime(2010, 1, 1, 8, 30)
assert cert.not_after == datetime.datetime(2030, 12, 31, 8, 30)
assert cert.serial == 2
public_key = cert.public_key()
assert isinstance(public_key, interfaces.RSAPublicKey)
assert cert.version == x509.X509Version.v3
def test_utc_pre_2000_not_before_cert(self, backend):
cert = _load_der_cert(
"Validpre2000UTCnotBeforeDateTest3EE.crt",
backend
)
assert cert.not_before == datetime.datetime(1950, 1, 1, 12, 1)
def test_pre_2000_utc_not_after_cert(self, backend):
cert = _load_der_cert(
"Invalidpre2000UTCEEnotAfterDateTest7EE.crt",
backend
)
assert cert.not_after == datetime.datetime(1999, 1, 1, 12, 1)
def test_post_2000_utc_cert(self, backend):
cert = load_vectors_from_file(
os.path.join("x509", "custom", "post2000utctime.pem"),
lambda pemfile: x509.load_pem_x509_certificate(
pemfile.read(), backend
)
)
assert cert.not_before == datetime.datetime(2014, 11, 26, 21, 41, 20)
assert cert.not_after == datetime.datetime(2014, 12, 26, 21, 41, 20)
def test_generalized_time_not_before_cert(self, backend):
cert = _load_der_cert(
"ValidGeneralizedTimenotBeforeDateTest4EE.crt",
backend
)
assert cert.not_before == datetime.datetime(2002, 1, 1, 12, 1)
assert cert.not_after == datetime.datetime(2030, 12, 31, 8, 30)
assert cert.version == x509.X509Version.v3
def test_generalized_time_not_after_cert(self, backend):
cert = _load_der_cert(
"ValidGeneralizedTimenotAfterDateTest8EE.crt",
backend
)
assert cert.not_before == datetime.datetime(2010, 1, 1, 8, 30)
assert cert.not_after == datetime.datetime(2050, 1, 1, 12, 1)
assert cert.version == x509.X509Version.v3
def test_invalid_version_cert(self, backend):
cert = load_vectors_from_file(
os.path.join("x509", "custom", "invalid_version.pem"),
lambda pemfile: x509.load_pem_x509_certificate(
pemfile.read(), backend
)
)
with pytest.raises(x509.InvalidX509Version):
cert.version
def test_version_1_cert(self, backend):
cert = load_vectors_from_file(
os.path.join("x509", "v1_cert.pem"),
lambda pemfile: x509.load_pem_x509_certificate(
pemfile.read(), backend
)
)
assert cert.version == x509.X509Version.v1
def test_invalid_pem(self, backend):
with pytest.raises(ValueError):
x509.load_pem_x509_certificate(b"notacert", backend)
def test_invalid_der(self, backend):
with pytest.raises(ValueError):
x509.load_der_x509_certificate(b"notacert", backend)
@pytest.mark.requires_backend_interface(interface=DSABackend)
@pytest.mark.requires_backend_interface(interface=X509Backend)
class TestDSAX509Certificate(object):
def test_load_dsa_cert(self, backend):
cert = load_vectors_from_file(
os.path.join("x509", "custom", "dsa_root.pem"),
lambda pemfile: x509.load_pem_x509_certificate(
pemfile.read(), backend
)
)
public_key = cert.public_key()
assert isinstance(public_key, interfaces.DSAPublicKey)
@pytest.mark.requires_backend_interface(interface=EllipticCurveBackend)
@pytest.mark.requires_backend_interface(interface=X509Backend)
class TestECDSAX509Certificate(object):
def test_load_ecdsa_cert(self, backend):
_skip_curve_unsupported(backend, ec.SECP384R1())
cert = load_vectors_from_file(
os.path.join("x509", "ecdsa_root.pem"),
lambda pemfile: x509.load_pem_x509_certificate(
pemfile.read(), backend
)
)
public_key = cert.public_key()
assert isinstance(public_key, interfaces.EllipticCurvePublicKey)
|
