diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2015-06-17 09:39:47 -0600 |
|---|---|---|
| committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2015-06-17 09:39:47 -0600 |
| commit | b0e8ffac859b20512428321b685346685af2c0c7 (patch) | |
| tree | b92b87bec65ddb50316f63757ed33a3163d0d1c6 | |
| parent | 926f8ac4927bdc9977f2d960c7def3f2927d1198 (diff) | |
| parent | ab94b90c077674031bda9c249c2b0eab5ddca5c4 (diff) | |
| download | cryptography-b0e8ffac859b20512428321b685346685af2c0c7.tar.gz cryptography-b0e8ffac859b20512428321b685346685af2c0c7.tar.bz2 cryptography-b0e8ffac859b20512428321b685346685af2c0c7.zip | |
Merge pull request #2033 from sigmavirus24/name-attribute-text-check
Enforce text type of NameAttribute.value
| -rw-r--r-- | CHANGELOG.rst | 2 | ||||
| -rw-r--r-- | src/cryptography/x509.py | 5 | ||||
| -rw-r--r-- | tests/test_x509.py | 267 | ||||
| -rw-r--r-- | tests/test_x509_ext.py | 116 |
4 files changed, 215 insertions, 175 deletions
diff --git a/CHANGELOG.rst b/CHANGELOG.rst index f521c11d..5c9d08ea 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -22,6 +22,8 @@ Changelog provisioning URIs. * Add :class:`~cryptography.hazmat.primitives.kdf.concatkdf.ConcatKDFHash` and :class:`~cryptography.hazmat.primitives.kdf.concatkdf.ConcatKDFHMAC`. +* Raise a ``TypeError`` when passing objects that are not text as the value to + :class:`~cryptography.x509.NameAttribute`. 0.9.1 - 2015-06-06 ~~~~~~~~~~~~~~~~~~ diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py index 87028be1..2e2e8512 100644 --- a/src/cryptography/x509.py +++ b/src/cryptography/x509.py @@ -148,6 +148,11 @@ class NameAttribute(object): "oid argument must be an ObjectIdentifier instance." ) + if not isinstance(value, six.text_type): + raise TypeError( + "value argument must be a text type." + ) + self._oid = oid self._value = value diff --git a/tests/test_x509.py b/tests/test_x509.py index a3bed85f..547aa58e 100644 --- a/tests/test_x509.py +++ b/tests/test_x509.py @@ -10,6 +10,8 @@ import os import pytest +import six + from cryptography import x509 from cryptography.exceptions import UnsupportedAlgorithm from cryptography.hazmat.backends.interfaces import ( @@ -70,14 +72,14 @@ class TestRSACertificate(object): issuer = cert.issuer assert isinstance(issuer, x509.Name) assert list(issuer) == [ - x509.NameAttribute(x509.OID_COUNTRY_NAME, 'US'), + x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), x509.NameAttribute( - x509.OID_ORGANIZATION_NAME, 'Test Certificates 2011' + x509.OID_ORGANIZATION_NAME, u'Test Certificates 2011' ), - x509.NameAttribute(x509.OID_COMMON_NAME, 'Good CA') + x509.NameAttribute(x509.OID_COMMON_NAME, u'Good CA') ] assert issuer.get_attributes_for_oid(x509.OID_COMMON_NAME) == [ - x509.NameAttribute(x509.OID_COMMON_NAME, 'Good CA') + x509.NameAttribute(x509.OID_COMMON_NAME, u'Good CA') ] def test_all_issuer_name_types(self, backend): @@ -93,36 +95,36 @@ class TestRSACertificate(object): assert isinstance(issuer, x509.Name) assert list(issuer) == [ - x509.NameAttribute(x509.OID_COUNTRY_NAME, 'US'), - x509.NameAttribute(x509.OID_COUNTRY_NAME, 'CA'), - x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, 'Texas'), - x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, 'Illinois'), - x509.NameAttribute(x509.OID_LOCALITY_NAME, 'Chicago'), - x509.NameAttribute(x509.OID_LOCALITY_NAME, 'Austin'), - x509.NameAttribute(x509.OID_ORGANIZATION_NAME, 'Zero, LLC'), - x509.NameAttribute(x509.OID_ORGANIZATION_NAME, 'One, LLC'), - x509.NameAttribute(x509.OID_COMMON_NAME, 'common name 0'), - x509.NameAttribute(x509.OID_COMMON_NAME, 'common name 1'), - x509.NameAttribute(x509.OID_ORGANIZATIONAL_UNIT_NAME, 'OU 0'), - x509.NameAttribute(x509.OID_ORGANIZATIONAL_UNIT_NAME, 'OU 1'), - x509.NameAttribute(x509.OID_DN_QUALIFIER, 'dnQualifier0'), - x509.NameAttribute(x509.OID_DN_QUALIFIER, 'dnQualifier1'), - x509.NameAttribute(x509.OID_SERIAL_NUMBER, '123'), - x509.NameAttribute(x509.OID_SERIAL_NUMBER, '456'), - x509.NameAttribute(x509.OID_TITLE, 'Title 0'), - x509.NameAttribute(x509.OID_TITLE, 'Title 1'), - x509.NameAttribute(x509.OID_SURNAME, 'Surname 0'), - x509.NameAttribute(x509.OID_SURNAME, 'Surname 1'), - x509.NameAttribute(x509.OID_GIVEN_NAME, 'Given Name 0'), - x509.NameAttribute(x509.OID_GIVEN_NAME, 'Given Name 1'), - x509.NameAttribute(x509.OID_PSEUDONYM, 'Incognito 0'), - x509.NameAttribute(x509.OID_PSEUDONYM, 'Incognito 1'), - x509.NameAttribute(x509.OID_GENERATION_QUALIFIER, 'Last Gen'), - x509.NameAttribute(x509.OID_GENERATION_QUALIFIER, 'Next Gen'), - x509.NameAttribute(x509.OID_DOMAIN_COMPONENT, 'dc0'), - x509.NameAttribute(x509.OID_DOMAIN_COMPONENT, 'dc1'), - x509.NameAttribute(x509.OID_EMAIL_ADDRESS, 'test0@test.local'), - x509.NameAttribute(x509.OID_EMAIL_ADDRESS, 'test1@test.local'), + x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), + x509.NameAttribute(x509.OID_COUNTRY_NAME, u'CA'), + x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Texas'), + x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Illinois'), + x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Chicago'), + x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Austin'), + x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'Zero, LLC'), + x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'One, LLC'), + x509.NameAttribute(x509.OID_COMMON_NAME, u'common name 0'), + x509.NameAttribute(x509.OID_COMMON_NAME, u'common name 1'), + x509.NameAttribute(x509.OID_ORGANIZATIONAL_UNIT_NAME, u'OU 0'), + x509.NameAttribute(x509.OID_ORGANIZATIONAL_UNIT_NAME, u'OU 1'), + x509.NameAttribute(x509.OID_DN_QUALIFIER, u'dnQualifier0'), + x509.NameAttribute(x509.OID_DN_QUALIFIER, u'dnQualifier1'), + x509.NameAttribute(x509.OID_SERIAL_NUMBER, u'123'), + x509.NameAttribute(x509.OID_SERIAL_NUMBER, u'456'), + x509.NameAttribute(x509.OID_TITLE, u'Title 0'), + x509.NameAttribute(x509.OID_TITLE, u'Title 1'), + x509.NameAttribute(x509.OID_SURNAME, u'Surname 0'), + x509.NameAttribute(x509.OID_SURNAME, u'Surname 1'), + x509.NameAttribute(x509.OID_GIVEN_NAME, u'Given Name 0'), + x509.NameAttribute(x509.OID_GIVEN_NAME, u'Given Name 1'), + x509.NameAttribute(x509.OID_PSEUDONYM, u'Incognito 0'), + x509.NameAttribute(x509.OID_PSEUDONYM, u'Incognito 1'), + x509.NameAttribute(x509.OID_GENERATION_QUALIFIER, u'Last Gen'), + x509.NameAttribute(x509.OID_GENERATION_QUALIFIER, u'Next Gen'), + x509.NameAttribute(x509.OID_DOMAIN_COMPONENT, u'dc0'), + x509.NameAttribute(x509.OID_DOMAIN_COMPONENT, u'dc1'), + x509.NameAttribute(x509.OID_EMAIL_ADDRESS, u'test0@test.local'), + x509.NameAttribute(x509.OID_EMAIL_ADDRESS, u'test1@test.local'), ] def test_subject(self, backend): @@ -137,19 +139,19 @@ class TestRSACertificate(object): subject = cert.subject assert isinstance(subject, x509.Name) assert list(subject) == [ - x509.NameAttribute(x509.OID_COUNTRY_NAME, 'US'), + x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), x509.NameAttribute( - x509.OID_ORGANIZATION_NAME, 'Test Certificates 2011' + x509.OID_ORGANIZATION_NAME, u'Test Certificates 2011' ), x509.NameAttribute( x509.OID_COMMON_NAME, - 'Valid pre2000 UTC notBefore Date EE Certificate Test3' + u'Valid pre2000 UTC notBefore Date EE Certificate Test3' ) ] assert subject.get_attributes_for_oid(x509.OID_COMMON_NAME) == [ x509.NameAttribute( x509.OID_COMMON_NAME, - 'Valid pre2000 UTC notBefore Date EE Certificate Test3' + u'Valid pre2000 UTC notBefore Date EE Certificate Test3' ) ] @@ -187,40 +189,40 @@ class TestRSACertificate(object): subject = cert.subject assert isinstance(subject, x509.Name) assert list(subject) == [ - x509.NameAttribute(x509.OID_COUNTRY_NAME, 'AU'), - x509.NameAttribute(x509.OID_COUNTRY_NAME, 'DE'), - x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, 'California'), - x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, 'New York'), - x509.NameAttribute(x509.OID_LOCALITY_NAME, 'San Francisco'), - x509.NameAttribute(x509.OID_LOCALITY_NAME, 'Ithaca'), - x509.NameAttribute(x509.OID_ORGANIZATION_NAME, 'Org Zero, LLC'), - x509.NameAttribute(x509.OID_ORGANIZATION_NAME, 'Org One, LLC'), - x509.NameAttribute(x509.OID_COMMON_NAME, 'CN 0'), - x509.NameAttribute(x509.OID_COMMON_NAME, 'CN 1'), + x509.NameAttribute(x509.OID_COUNTRY_NAME, u'AU'), + x509.NameAttribute(x509.OID_COUNTRY_NAME, u'DE'), + x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'California'), + x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'New York'), + x509.NameAttribute(x509.OID_LOCALITY_NAME, u'San Francisco'), + x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Ithaca'), + x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'Org Zero, LLC'), + x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'Org One, LLC'), + x509.NameAttribute(x509.OID_COMMON_NAME, u'CN 0'), + x509.NameAttribute(x509.OID_COMMON_NAME, u'CN 1'), x509.NameAttribute( - x509.OID_ORGANIZATIONAL_UNIT_NAME, 'Engineering 0' + x509.OID_ORGANIZATIONAL_UNIT_NAME, u'Engineering 0' ), x509.NameAttribute( - x509.OID_ORGANIZATIONAL_UNIT_NAME, 'Engineering 1' + x509.OID_ORGANIZATIONAL_UNIT_NAME, u'Engineering 1' ), - x509.NameAttribute(x509.OID_DN_QUALIFIER, 'qualified0'), - x509.NameAttribute(x509.OID_DN_QUALIFIER, 'qualified1'), - x509.NameAttribute(x509.OID_SERIAL_NUMBER, '789'), - x509.NameAttribute(x509.OID_SERIAL_NUMBER, '012'), - x509.NameAttribute(x509.OID_TITLE, 'Title IX'), - x509.NameAttribute(x509.OID_TITLE, 'Title X'), - x509.NameAttribute(x509.OID_SURNAME, 'Last 0'), - x509.NameAttribute(x509.OID_SURNAME, 'Last 1'), - x509.NameAttribute(x509.OID_GIVEN_NAME, 'First 0'), - x509.NameAttribute(x509.OID_GIVEN_NAME, 'First 1'), - x509.NameAttribute(x509.OID_PSEUDONYM, 'Guy Incognito 0'), - x509.NameAttribute(x509.OID_PSEUDONYM, 'Guy Incognito 1'), - x509.NameAttribute(x509.OID_GENERATION_QUALIFIER, '32X'), - x509.NameAttribute(x509.OID_GENERATION_QUALIFIER, 'Dreamcast'), - x509.NameAttribute(x509.OID_DOMAIN_COMPONENT, 'dc2'), - x509.NameAttribute(x509.OID_DOMAIN_COMPONENT, 'dc3'), - x509.NameAttribute(x509.OID_EMAIL_ADDRESS, 'test2@test.local'), - x509.NameAttribute(x509.OID_EMAIL_ADDRESS, 'test3@test.local'), + x509.NameAttribute(x509.OID_DN_QUALIFIER, u'qualified0'), + x509.NameAttribute(x509.OID_DN_QUALIFIER, u'qualified1'), + x509.NameAttribute(x509.OID_SERIAL_NUMBER, u'789'), + x509.NameAttribute(x509.OID_SERIAL_NUMBER, u'012'), + x509.NameAttribute(x509.OID_TITLE, u'Title IX'), + x509.NameAttribute(x509.OID_TITLE, u'Title X'), + x509.NameAttribute(x509.OID_SURNAME, u'Last 0'), + x509.NameAttribute(x509.OID_SURNAME, u'Last 1'), + x509.NameAttribute(x509.OID_GIVEN_NAME, u'First 0'), + x509.NameAttribute(x509.OID_GIVEN_NAME, u'First 1'), + x509.NameAttribute(x509.OID_PSEUDONYM, u'Guy Incognito 0'), + x509.NameAttribute(x509.OID_PSEUDONYM, u'Guy Incognito 1'), + x509.NameAttribute(x509.OID_GENERATION_QUALIFIER, u'32X'), + x509.NameAttribute(x509.OID_GENERATION_QUALIFIER, u'Dreamcast'), + x509.NameAttribute(x509.OID_DOMAIN_COMPONENT, u'dc2'), + x509.NameAttribute(x509.OID_DOMAIN_COMPONENT, u'dc3'), + x509.NameAttribute(x509.OID_EMAIL_ADDRESS, u'test2@test.local'), + x509.NameAttribute(x509.OID_EMAIL_ADDRESS, u'test3@test.local'), ] def test_load_good_ca_cert(self, backend): @@ -473,11 +475,11 @@ class TestRSACertificateRequest(object): subject = request.subject assert isinstance(subject, x509.Name) assert list(subject) == [ - x509.NameAttribute(x509.OID_COUNTRY_NAME, 'US'), - x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, 'Texas'), - x509.NameAttribute(x509.OID_LOCALITY_NAME, 'Austin'), - x509.NameAttribute(x509.OID_ORGANIZATION_NAME, 'PyCA'), - x509.NameAttribute(x509.OID_COMMON_NAME, 'cryptography.io'), + x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), + x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Texas'), + x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Austin'), + x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'PyCA'), + x509.NameAttribute(x509.OID_COMMON_NAME, u'cryptography.io'), ] extensions = request.extensions assert isinstance(extensions, x509.Extensions) @@ -575,11 +577,11 @@ class TestRSACertificateRequest(object): subject = request.subject assert isinstance(subject, x509.Name) assert list(subject) == [ - x509.NameAttribute(x509.OID_COUNTRY_NAME, 'US'), - x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, 'Texas'), - x509.NameAttribute(x509.OID_LOCALITY_NAME, 'Austin'), - x509.NameAttribute(x509.OID_ORGANIZATION_NAME, 'PyCA'), - x509.NameAttribute(x509.OID_COMMON_NAME, 'cryptography.io'), + x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), + x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Texas'), + x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Austin'), + x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'PyCA'), + x509.NameAttribute(x509.OID_COMMON_NAME, u'cryptography.io'), ] def test_public_bytes_der(self, backend): @@ -602,11 +604,11 @@ class TestRSACertificateRequest(object): subject = request.subject assert isinstance(subject, x509.Name) assert list(subject) == [ - x509.NameAttribute(x509.OID_COUNTRY_NAME, 'US'), - x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, 'Texas'), - x509.NameAttribute(x509.OID_LOCALITY_NAME, 'Austin'), - x509.NameAttribute(x509.OID_ORGANIZATION_NAME, 'PyCA'), - x509.NameAttribute(x509.OID_COMMON_NAME, 'cryptography.io'), + x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), + x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Texas'), + x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Austin'), + x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'PyCA'), + x509.NameAttribute(x509.OID_COMMON_NAME, u'cryptography.io'), ] def test_public_bytes_invalid_encoding(self, backend): @@ -716,11 +718,11 @@ class TestDSACertificate(object): subject = request.subject assert isinstance(subject, x509.Name) assert list(subject) == [ - x509.NameAttribute(x509.OID_COMMON_NAME, 'cryptography.io'), - x509.NameAttribute(x509.OID_ORGANIZATION_NAME, 'PyCA'), - x509.NameAttribute(x509.OID_COUNTRY_NAME, 'US'), - x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, 'Texas'), - x509.NameAttribute(x509.OID_LOCALITY_NAME, 'Austin'), + x509.NameAttribute(x509.OID_COMMON_NAME, u'cryptography.io'), + x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'PyCA'), + x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), + x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Texas'), + x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Austin'), ] @@ -781,47 +783,60 @@ class TestECDSACertificate(object): subject = request.subject assert isinstance(subject, x509.Name) assert list(subject) == [ - x509.NameAttribute(x509.OID_COMMON_NAME, 'cryptography.io'), - x509.NameAttribute(x509.OID_ORGANIZATION_NAME, 'PyCA'), - x509.NameAttribute(x509.OID_COUNTRY_NAME, 'US'), - x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, 'Texas'), - x509.NameAttribute(x509.OID_LOCALITY_NAME, 'Austin'), + x509.NameAttribute(x509.OID_COMMON_NAME, u'cryptography.io'), + x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'PyCA'), + x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), + x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Texas'), + x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Austin'), ] class TestNameAttribute(object): def test_init_bad_oid(self): with pytest.raises(TypeError): - x509.NameAttribute(None, 'value') + x509.NameAttribute(None, u'value') + + def test_init_bad_value(self): + with pytest.raises(TypeError): + x509.NameAttribute( + x509.ObjectIdentifier('oid'), + b'bytes' + ) def test_eq(self): assert x509.NameAttribute( - x509.ObjectIdentifier('oid'), 'value' + x509.ObjectIdentifier('oid'), u'value' ) == x509.NameAttribute( - x509.ObjectIdentifier('oid'), 'value' + x509.ObjectIdentifier('oid'), u'value' ) def test_ne(self): assert x509.NameAttribute( - x509.ObjectIdentifier('2.5.4.3'), 'value' + x509.ObjectIdentifier('2.5.4.3'), u'value' ) != x509.NameAttribute( - x509.ObjectIdentifier('2.5.4.5'), 'value' + x509.ObjectIdentifier('2.5.4.5'), u'value' ) assert x509.NameAttribute( - x509.ObjectIdentifier('oid'), 'value' + x509.ObjectIdentifier('oid'), u'value' ) != x509.NameAttribute( - x509.ObjectIdentifier('oid'), 'value2' + x509.ObjectIdentifier('oid'), u'value2' ) assert x509.NameAttribute( - x509.ObjectIdentifier('oid'), 'value' + x509.ObjectIdentifier('oid'), u'value' ) != object() def test_repr(self): - na = x509.NameAttribute(x509.ObjectIdentifier('2.5.4.3'), 'value') - assert repr(na) == ( - "<NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.3, name=commonName" - ")>, value='value')>" - ) + na = x509.NameAttribute(x509.ObjectIdentifier('2.5.4.3'), u'value') + if six.PY3: + assert repr(na) == ( + "<NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.3, name=commo" + "nName)>, value='value')>" + ) + else: + assert repr(na) == ( + "<NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.3, name=commo" + "nName)>, value=u'value')>" + ) class TestObjectIdentifier(object): @@ -845,36 +860,44 @@ class TestObjectIdentifier(object): class TestName(object): def test_eq(self): name1 = x509.Name([ - x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value1'), - x509.NameAttribute(x509.ObjectIdentifier('oid2'), 'value2'), + x509.NameAttribute(x509.ObjectIdentifier('oid'), u'value1'), + x509.NameAttribute(x509.ObjectIdentifier('oid2'), u'value2'), ]) name2 = x509.Name([ - x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value1'), - x509.NameAttribute(x509.ObjectIdentifier('oid2'), 'value2'), + x509.NameAttribute(x509.ObjectIdentifier('oid'), u'value1'), + x509.NameAttribute(x509.ObjectIdentifier('oid2'), u'value2'), ]) assert name1 == name2 def test_ne(self): name1 = x509.Name([ - x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value1'), - x509.NameAttribute(x509.ObjectIdentifier('oid2'), 'value2'), + x509.NameAttribute(x509.ObjectIdentifier('oid'), u'value1'), + x509.NameAttribute(x509.ObjectIdentifier('oid2'), u'value2'), ]) name2 = x509.Name([ - x509.NameAttribute(x509.ObjectIdentifier('oid2'), 'value2'), - x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value1'), + x509.NameAttribute(x509.ObjectIdentifier('oid2'), u'value2'), + x509.NameAttribute(x509.ObjectIdentifier('oid'), u'value1'), ]) assert name1 != name2 assert name1 != object() def test_repr(self): name = x509.Name([ - x509.NameAttribute(x509.OID_COMMON_NAME, 'cryptography.io'), - x509.NameAttribute(x509.OID_ORGANIZATION_NAME, 'PyCA'), + x509.NameAttribute(x509.OID_COMMON_NAME, u'cryptography.io'), + x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'PyCA'), ]) - assert repr(name) == ( - "<Name([<NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.3, name=com" - "monName)>, value='cryptography.io')>, <NameAttribute(oid=<ObjectI" - "dentifier(oid=2.5.4.10, name=organizationName)>, value='PyCA')>])" - ">" - ) + if six.PY3: + assert repr(name) == ( + "<Name([<NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.3, name" + "=commonName)>, value='cryptography.io')>, <NameAttribute(oid=" + "<ObjectIdentifier(oid=2.5.4.10, name=organizationName)>, valu" + "e='PyCA')>])>" + ) + else: + assert repr(name) == ( + "<Name([<NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.3, name" + "=commonName)>, value=u'cryptography.io')>, <NameAttribute(oid" + "=<ObjectIdentifier(oid=2.5.4.10, name=organizationName)>, val" + "ue=u'PyCA')>])>" + ) diff --git a/tests/test_x509_ext.py b/tests/test_x509_ext.py index 1b575b6c..d836164b 100644 --- a/tests/test_x509_ext.py +++ b/tests/test_x509_ext.py @@ -596,8 +596,8 @@ class TestAuthorityKeyIdentifier(object): def test_authority_cert_serial_number_not_integer(self): dirname = x509.DirectoryName( x509.Name([ - x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value1'), - x509.NameAttribute(x509.ObjectIdentifier('oid2'), 'value2'), + x509.NameAttribute(x509.ObjectIdentifier('oid'), u'value1'), + x509.NameAttribute(x509.ObjectIdentifier('oid2'), u'value2'), ]) ) with pytest.raises(TypeError): @@ -610,8 +610,8 @@ class TestAuthorityKeyIdentifier(object): def test_authority_issuer_not_none_serial_none(self): dirname = x509.DirectoryName( x509.Name([ - x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value1'), - x509.NameAttribute(x509.ObjectIdentifier('oid2'), 'value2'), + x509.NameAttribute(x509.ObjectIdentifier('oid'), u'value1'), + x509.NameAttribute(x509.ObjectIdentifier('oid2'), u'value2'), ]) ) with pytest.raises(ValueError): @@ -625,7 +625,7 @@ class TestAuthorityKeyIdentifier(object): def test_repr(self): dirname = x509.DirectoryName( - x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, 'myCN')]) + x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, u'myCN')]) ) aki = x509.AuthorityKeyIdentifier(b"digest", [dirname], 1234) @@ -640,27 +640,27 @@ class TestAuthorityKeyIdentifier(object): assert repr(aki) == ( "<AuthorityKeyIdentifier(key_identifier='digest', authority_ce" "rt_issuer=[<DirectoryName(value=<Name([<NameAttribute(oid=<Ob" - "jectIdentifier(oid=2.5.4.3, name=commonName)>, value='myCN')>" - "])>)>], authority_cert_serial_number=1234)>" + "jectIdentifier(oid=2.5.4.3, name=commonName)>, value=u'myCN')" + ">])>)>], authority_cert_serial_number=1234)>" ) def test_eq(self): dirname = x509.DirectoryName( - x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, 'myCN')]) + x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, u'myCN')]) ) aki = x509.AuthorityKeyIdentifier(b"digest", [dirname], 1234) dirname2 = x509.DirectoryName( - x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, 'myCN')]) + x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, u'myCN')]) ) aki2 = x509.AuthorityKeyIdentifier(b"digest", [dirname2], 1234) assert aki == aki2 def test_ne(self): dirname = x509.DirectoryName( - x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, 'myCN')]) + x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, u'myCN')]) ) dirname5 = x509.DirectoryName( - x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, 'aCN')]) + x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, u'aCN')]) ) aki = x509.AuthorityKeyIdentifier(b"digest", [dirname], 1234) aki2 = x509.AuthorityKeyIdentifier(b"diges", [dirname], 1234) @@ -1048,19 +1048,27 @@ class TestDirectoryName(object): x509.DirectoryName(1.3) def test_repr(self): - name = x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, 'value1')]) + name = x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, u'value1')]) gn = x509.DirectoryName(x509.Name([name])) - assert repr(gn) == ( - "<DirectoryName(value=<Name([<Name([<NameAttribute(oid=<ObjectIden" - "tifier(oid=2.5.4.3, name=commonName)>, value='value1')>])>])>)>" - ) + if six.PY3: + assert repr(gn) == ( + "<DirectoryName(value=<Name([<Name([<NameAttribute(oid=<Object" + "Identifier(oid=2.5.4.3, name=commonName)>, value='value1')>])" + ">])>)>" + ) + else: + assert repr(gn) == ( + "<DirectoryName(value=<Name([<Name([<NameAttribute(oid=<Object" + "Identifier(oid=2.5.4.3, name=commonName)>, value=u'value1')>]" + ")>])>)>" + ) def test_eq(self): name = x509.Name([ - x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value1') + x509.NameAttribute(x509.ObjectIdentifier('oid'), u'value1') ]) name2 = x509.Name([ - x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value1') + x509.NameAttribute(x509.ObjectIdentifier('oid'), u'value1') ]) gn = x509.DirectoryName(x509.Name([name])) gn2 = x509.DirectoryName(x509.Name([name2])) @@ -1068,10 +1076,10 @@ class TestDirectoryName(object): def test_ne(self): name = x509.Name([ - x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value1') + x509.NameAttribute(x509.ObjectIdentifier('oid'), u'value1') ]) name2 = x509.Name([ - x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value2') + x509.NameAttribute(x509.ObjectIdentifier('oid'), u'value2') ]) gn = x509.DirectoryName(x509.Name([name])) gn2 = x509.DirectoryName(x509.Name([name2])) @@ -1419,9 +1427,9 @@ class TestRSASubjectAlternativeNameExtension(object): dirname = san.get_values_for_type(x509.DirectoryName) assert [ x509.Name([ - x509.NameAttribute(x509.OID_COMMON_NAME, 'test'), - x509.NameAttribute(x509.OID_ORGANIZATION_NAME, 'Org'), - x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, 'Texas'), + x509.NameAttribute(x509.OID_COMMON_NAME, u'test'), + x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'Org'), + x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Texas'), ]) ] == dirname @@ -1500,9 +1508,9 @@ class TestRSASubjectAlternativeNameExtension(object): assert [u"cryptography.io"] == dns assert [ x509.Name([ - x509.NameAttribute(x509.OID_COMMON_NAME, 'dirCN'), + x509.NameAttribute(x509.OID_COMMON_NAME, u'dirCN'), x509.NameAttribute( - x509.OID_ORGANIZATION_NAME, 'Cryptographic Authority' + x509.OID_ORGANIZATION_NAME, u'Cryptographic Authority' ), ]) ] == dirname @@ -1746,8 +1754,9 @@ class TestAuthorityInformationAccessExtension(object): x509.AccessDescription( x509.OID_CA_ISSUERS, x509.DirectoryName(x509.Name([ - x509.NameAttribute(x509.OID_COMMON_NAME, "myCN"), - x509.NameAttribute(x509.OID_ORGANIZATION_NAME, "some Org"), + x509.NameAttribute(x509.OID_COMMON_NAME, u"myCN"), + x509.NameAttribute(x509.OID_ORGANIZATION_NAME, + u"some Org"), ])) ), ]) @@ -1787,8 +1796,9 @@ class TestAuthorityInformationAccessExtension(object): x509.AccessDescription( x509.OID_CA_ISSUERS, x509.DirectoryName(x509.Name([ - x509.NameAttribute(x509.OID_COMMON_NAME, "myCN"), - x509.NameAttribute(x509.OID_ORGANIZATION_NAME, "some Org"), + x509.NameAttribute(x509.OID_COMMON_NAME, u"myCN"), + x509.NameAttribute(x509.OID_ORGANIZATION_NAME, + u"some Org"), ])) ), ]) @@ -1948,7 +1958,7 @@ class TestDistributionPoint(object): x509.DirectoryName( x509.Name([ x509.NameAttribute( - x509.OID_COMMON_NAME, "Important CA" + x509.OID_COMMON_NAME, u"Important CA" ) ]) ) @@ -1962,7 +1972,7 @@ class TestDistributionPoint(object): x509.DirectoryName( x509.Name([ x509.NameAttribute( - x509.OID_COMMON_NAME, "Important CA" + x509.OID_COMMON_NAME, u"Important CA" ) ]) ) @@ -1979,7 +1989,7 @@ class TestDistributionPoint(object): x509.DirectoryName( x509.Name([ x509.NameAttribute( - x509.OID_COMMON_NAME, "Important CA" + x509.OID_COMMON_NAME, u"Important CA" ) ]) ) @@ -1998,14 +2008,14 @@ class TestDistributionPoint(object): dp = x509.DistributionPoint( None, x509.Name([ - x509.NameAttribute(x509.OID_COMMON_NAME, "myCN") + x509.NameAttribute(x509.OID_COMMON_NAME, u"myCN") ]), frozenset([x509.ReasonFlags.ca_compromise]), [ x509.DirectoryName( x509.Name([ x509.NameAttribute( - x509.OID_COMMON_NAME, "Important CA" + x509.OID_COMMON_NAME, u"Important CA" ) ]) ) @@ -2024,10 +2034,10 @@ class TestDistributionPoint(object): assert repr(dp) == ( "<DistributionPoint(full_name=None, relative_name=<Name([<Name" "Attribute(oid=<ObjectIdentifier(oid=2.5.4.3, name=commonName)" - ">, value='myCN')>])>, reasons=frozenset([<ReasonFlags.ca_comp" - "romise: 'cACompromise'>]), crl_issuer=[<DirectoryName(value=<" - "Name([<NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.3, name=" - "commonName)>, value='Important CA')>])>)>])>" + ">, value=u'myCN')>])>, reasons=frozenset([<ReasonFlags.ca_com" + "promise: 'cACompromise'>]), crl_issuer=[<DirectoryName(value=" + "<Name([<NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.3, name" + "=commonName)>, value=u'Important CA')>])>)>])>" ) @@ -2190,18 +2200,18 @@ class TestCRLDistributionPointsExtension(object): x509.DistributionPoint( full_name=[x509.DirectoryName( x509.Name([ - x509.NameAttribute(x509.OID_COUNTRY_NAME, "US"), + x509.NameAttribute(x509.OID_COUNTRY_NAME, u"US"), x509.NameAttribute( x509.OID_ORGANIZATION_NAME, - "Test Certificates 2011" + u"Test Certificates 2011" ), x509.NameAttribute( x509.OID_ORGANIZATIONAL_UNIT_NAME, - "indirectCRL CA3 cRLIssuer" + u"indirectCRL CA3 cRLIssuer" ), x509.NameAttribute( x509.OID_COMMON_NAME, - "indirect CRL for indirectCRL CA3" + u"indirect CRL for indirectCRL CA3" ), ]) )], @@ -2209,14 +2219,14 @@ class TestCRLDistributionPointsExtension(object): reasons=None, crl_issuer=[x509.DirectoryName( x509.Name([ - x509.NameAttribute(x509.OID_COUNTRY_NAME, "US"), + x509.NameAttribute(x509.OID_COUNTRY_NAME, u"US"), x509.NameAttribute( x509.OID_ORGANIZATION_NAME, - "Test Certificates 2011" + u"Test Certificates 2011" ), x509.NameAttribute( x509.OID_ORGANIZATIONAL_UNIT_NAME, - "indirectCRL CA3 cRLIssuer" + u"indirectCRL CA3 cRLIssuer" ), ]) )], @@ -2242,20 +2252,20 @@ class TestCRLDistributionPointsExtension(object): relative_name=x509.Name([ x509.NameAttribute( x509.OID_COMMON_NAME, - "indirect CRL for indirectCRL CA3" + u"indirect CRL for indirectCRL CA3" ), ]), reasons=None, crl_issuer=[x509.DirectoryName( x509.Name([ - x509.NameAttribute(x509.OID_COUNTRY_NAME, "US"), + x509.NameAttribute(x509.OID_COUNTRY_NAME, u"US"), x509.NameAttribute( x509.OID_ORGANIZATION_NAME, - "Test Certificates 2011" + u"Test Certificates 2011" ), x509.NameAttribute( x509.OID_ORGANIZATIONAL_UNIT_NAME, - "indirectCRL CA3 cRLIssuer" + u"indirectCRL CA3 cRLIssuer" ), ]) )], @@ -2287,12 +2297,12 @@ class TestCRLDistributionPointsExtension(object): ]), crl_issuer=[x509.DirectoryName( x509.Name([ - x509.NameAttribute(x509.OID_COUNTRY_NAME, "US"), + x509.NameAttribute(x509.OID_COUNTRY_NAME, u"US"), x509.NameAttribute( - x509.OID_ORGANIZATION_NAME, "PyCA" + x509.OID_ORGANIZATION_NAME, u"PyCA" ), x509.NameAttribute( - x509.OID_COMMON_NAME, "cryptography CA" + x509.OID_COMMON_NAME, u"cryptography CA" ), ]) )], @@ -2377,7 +2387,7 @@ class TestCRLDistributionPointsExtension(object): crl_issuer=[x509.DirectoryName( x509.Name([ x509.NameAttribute( - x509.OID_COMMON_NAME, "cryptography CA" + x509.OID_COMMON_NAME, u"cryptography CA" ), ]) )], |