allow asn1 times of 1950-01-01 and later. (#4728)

* allow asn1 times of 1950-01-01 and later. * add a test * pretty up the test
author: Paul Kehrer <paul.l.kehrer@gmail.com> 2019-01-22 06:59:06 -0600
committer: Alex Gaynor <alex.gaynor@gmail.com> 2019-01-22 07:59:06 -0500
commit: 2e9c7df922edbc59981a2c0fdb6ea4f15fdd8afc (patch)
tree: b37d095c076db48ab3e7cf4e68a4f6894a30b6d6 /tests/x509
parent: 767fa8511caade795457b23ea9d3d85af1ed12bb (diff)
download: cryptography-2e9c7df922edbc59981a2c0fdb6ea4f15fdd8afc.tar.gz
cryptography-2e9c7df922edbc59981a2c0fdb6ea4f15fdd8afc.tar.bz2
cryptography-2e9c7df922edbc59981a2c0fdb6ea4f15fdd8afc.zip
3 files changed, 37 insertions, 8 deletions
diff --git a/tests/x509/test_x509.py b/tests/x509/test_x509.py
index 55f5ddda..c8c863fb 100644
--- a/tests/x509/test_x509.py
+++ b/tests/x509/test_x509.py
@@ -2027,6 +2027,35 @@ class TestCertificateBuilder(object):
         cert = cert_builder.sign(private_key, hashes.SHA256(), backend)
         assert cert.not_valid_after == utc_time
 
+    @pytest.mark.requires_backend_interface(interface=RSABackend)
+    @pytest.mark.requires_backend_interface(interface=X509Backend)
+    def test_earliest_time(self, backend):
+        time = datetime.datetime(1950, 1, 1)
+        private_key = RSA_KEY_2048.private_key(backend)
+        cert_builder = x509.CertificateBuilder().subject_name(
+            x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, u'US')])
+        ).issuer_name(
+            x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, u'US')])
+        ).serial_number(
+            1
+        ).public_key(
+            private_key.public_key()
+        ).not_valid_before(
+            time
+        ).not_valid_after(
+            time
+        )
+        cert = cert_builder.sign(private_key, hashes.SHA256(), backend)
+        assert cert.not_valid_before == time
+        assert cert.not_valid_after == time
+        parsed = Certificate.load(
+            cert.public_bytes(serialization.Encoding.DER)
+        )
+        not_before = parsed['tbs_certificate']['validity']['not_before']
+        not_after = parsed['tbs_certificate']['validity']['not_after']
+        assert not_before.chosen.tag == 23  # UTCTime
+        assert not_after.chosen.tag == 23  # UTCTime
+
     def test_invalid_not_valid_after(self):
         with pytest.raises(TypeError):
             x509.CertificateBuilder().not_valid_after(104204304504)
@@ -2036,7 +2065,7 @@ class TestCertificateBuilder(object):
 
         with pytest.raises(ValueError):
             x509.CertificateBuilder().not_valid_after(
-                datetime.datetime(1960, 8, 10)
+                datetime.datetime(1940, 8, 10)
             )
 
     def test_not_valid_after_may_only_be_set_once(self):
@@ -2082,7 +2111,7 @@ class TestCertificateBuilder(object):
 
         with pytest.raises(ValueError):
             x509.CertificateBuilder().not_valid_before(
-                datetime.datetime(1960, 8, 10)
+                datetime.datetime(1940, 8, 10)
             )
 
     def test_not_valid_before_may_only_be_set_once(self):
diff --git a/tests/x509/test_x509_crlbuilder.py b/tests/x509/test_x509_crlbuilder.py
index e90fd3fd..5f220bca 100644
--- a/tests/x509/test_x509_crlbuilder.py
+++ b/tests/x509/test_x509_crlbuilder.py
@@ -62,10 +62,10 @@ class TestCertificateRevocationListBuilder(object):
         with pytest.raises(TypeError):
             builder.last_update("notadatetime")
 
-    def test_last_update_before_unix_epoch(self):
+    def test_last_update_before_1950(self):
         builder = x509.CertificateRevocationListBuilder()
         with pytest.raises(ValueError):
-            builder.last_update(datetime.datetime(1960, 8, 10))
+            builder.last_update(datetime.datetime(1940, 8, 10))
 
     def test_set_last_update_twice(self):
         builder = x509.CertificateRevocationListBuilder().last_update(
@@ -97,10 +97,10 @@ class TestCertificateRevocationListBuilder(object):
         with pytest.raises(TypeError):
             builder.next_update("notadatetime")
 
-    def test_next_update_before_unix_epoch(self):
+    def test_next_update_before_1950(self):
         builder = x509.CertificateRevocationListBuilder()
         with pytest.raises(ValueError):
-            builder.next_update(datetime.datetime(1960, 8, 10))
+            builder.next_update(datetime.datetime(1940, 8, 10))
 
     def test_set_next_update_twice(self):
         builder = x509.CertificateRevocationListBuilder().next_update(
diff --git a/tests/x509/test_x509_revokedcertbuilder.py b/tests/x509/test_x509_revokedcertbuilder.py
index e3a06509..75c6b269 100644
--- a/tests/x509/test_x509_revokedcertbuilder.py
+++ b/tests/x509/test_x509_revokedcertbuilder.py
@@ -80,10 +80,10 @@ class TestRevokedCertificateBuilder(object):
         with pytest.raises(TypeError):
             x509.RevokedCertificateBuilder().revocation_date("notadatetime")
 
-    def test_revocation_date_before_unix_epoch(self):
+    def test_revocation_date_before_1950(self):
         with pytest.raises(ValueError):
             x509.RevokedCertificateBuilder().revocation_date(
-                datetime.datetime(1960, 8, 10)
+                datetime.datetime(1940, 8, 10)
             )
 
     def test_set_revocation_date_twice(self):
author	Paul Kehrer <paul.l.kehrer@gmail.com>	2019-01-22 06:59:06 -0600
committer	Alex Gaynor <alex.gaynor@gmail.com>	2019-01-22 07:59:06 -0500
commit	2e9c7df922edbc59981a2c0fdb6ea4f15fdd8afc (patch)
tree	b37d095c076db48ab3e7cf4e68a4f6894a30b6d6 /tests/x509
parent	767fa8511caade795457b23ea9d3d85af1ed12bb (diff)
download	cryptography-2e9c7df922edbc59981a2c0fdb6ea4f15fdd8afc.tar.gz cryptography-2e9c7df922edbc59981a2c0fdb6ea4f15fdd8afc.tar.bz2 cryptography-2e9c7df922edbc59981a2c0fdb6ea4f15fdd8afc.zip