Add eq/ne/hash to PrecertificateSignedCertificateTimestamps (#4534)

* Add eq/ne/hash to PrecertificateSignedCertificateTimestamps This requires adding it to SignedCertificateTimestamps as well * slightly more consistent * right, these need to be conditional * compare by signature * don't use private API
author: Paul Kehrer <paul.l.kehrer@gmail.com> 2018-10-30 10:23:30 +0800
committer: Alex Gaynor <alex.gaynor@gmail.com> 2018-10-29 22:23:30 -0400
commit: 74ce48c5d00e4846740d248a65d35b874f15afe2 (patch)
tree: 6926bba7f30e2d435dea5a86ec102130be084dd5 /tests/x509
parent: d91401d4d38d7f738392a69df43b4fd8b8e6c6e8 (diff)
download: cryptography-74ce48c5d00e4846740d248a65d35b874f15afe2.tar.gz
cryptography-74ce48c5d00e4846740d248a65d35b874f15afe2.tar.bz2
cryptography-74ce48c5d00e4846740d248a65d35b874f15afe2.zip
1 files changed, 154 insertions, 0 deletions
diff --git a/tests/x509/test_x509_ext.py b/tests/x509/test_x509_ext.py
index 7a43c851..9eac9a27 100644
--- a/tests/x509/test_x509_ext.py
+++ b/tests/x509/test_x509_ext.py
@@ -4471,6 +4471,85 @@ class TestPrecertPoisonExtension(object):
 
 @pytest.mark.requires_backend_interface(interface=RSABackend)
 @pytest.mark.requires_backend_interface(interface=X509Backend)
+class TestSignedCertificateTimestamps(object):
+    @pytest.mark.supported(
+        only_if=lambda backend: (
+            backend._lib.CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER),
+        skip_message="Requires OpenSSL 1.1.0f+",
+    )
+    def test_eq(self, backend):
+        sct = _load_cert(
+            os.path.join("x509", "badssl-sct.pem"),
+            x509.load_pem_x509_certificate,
+            backend
+        ).extensions.get_extension_for_class(
+            x509.PrecertificateSignedCertificateTimestamps
+        ).value[0]
+        sct2 = _load_cert(
+            os.path.join("x509", "badssl-sct.pem"),
+            x509.load_pem_x509_certificate,
+            backend
+        ).extensions.get_extension_for_class(
+            x509.PrecertificateSignedCertificateTimestamps
+        ).value[0]
+        assert sct == sct2
+
+    @pytest.mark.supported(
+        only_if=lambda backend: (
+            backend._lib.CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER),
+        skip_message="Requires OpenSSL 1.1.0f+",
+    )
+    def test_ne(self, backend):
+        sct = _load_cert(
+            os.path.join("x509", "badssl-sct.pem"),
+            x509.load_pem_x509_certificate,
+            backend
+        ).extensions.get_extension_for_class(
+            x509.PrecertificateSignedCertificateTimestamps
+        ).value[0]
+        sct2 = _load_cert(
+            os.path.join("x509", "cryptography-scts.pem"),
+            x509.load_pem_x509_certificate,
+            backend
+        ).extensions.get_extension_for_class(
+            x509.PrecertificateSignedCertificateTimestamps
+        ).value[0]
+        assert sct != sct2
+        assert sct != object()
+
+    @pytest.mark.supported(
+        only_if=lambda backend: (
+            backend._lib.CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER),
+        skip_message="Requires OpenSSL 1.1.0f+",
+    )
+    def test_hash(self, backend):
+        sct = _load_cert(
+            os.path.join("x509", "badssl-sct.pem"),
+            x509.load_pem_x509_certificate,
+            backend
+        ).extensions.get_extension_for_class(
+            x509.PrecertificateSignedCertificateTimestamps
+        ).value[0]
+        sct2 = _load_cert(
+            os.path.join("x509", "badssl-sct.pem"),
+            x509.load_pem_x509_certificate,
+            backend
+        ).extensions.get_extension_for_class(
+            x509.PrecertificateSignedCertificateTimestamps
+        ).value[0]
+        sct3 = _load_cert(
+            os.path.join("x509", "cryptography-scts.pem"),
+            x509.load_pem_x509_certificate,
+            backend
+        ).extensions.get_extension_for_class(
+            x509.PrecertificateSignedCertificateTimestamps
+        ).value[0]
+        assert hash(sct) == hash(sct2)
+        assert hash(sct) != hash(sct3)
+
+
+@pytest.mark.requires_backend_interface(interface=RSABackend)
+@pytest.mark.requires_backend_interface(interface=X509Backend)
 class TestPrecertificateSignedCertificateTimestampsExtension(object):
     def test_init(self):
         with pytest.raises(TypeError):
@@ -4486,6 +4565,81 @@ class TestPrecertificateSignedCertificateTimestampsExtension(object):
             backend._lib.CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER),
         skip_message="Requires OpenSSL 1.1.0f+",
     )
+    def test_eq(self, backend):
+        psct1 = _load_cert(
+            os.path.join("x509", "badssl-sct.pem"),
+            x509.load_pem_x509_certificate,
+            backend
+        ).extensions.get_extension_for_class(
+            x509.PrecertificateSignedCertificateTimestamps
+        ).value
+        psct2 = _load_cert(
+            os.path.join("x509", "badssl-sct.pem"),
+            x509.load_pem_x509_certificate,
+            backend
+        ).extensions.get_extension_for_class(
+            x509.PrecertificateSignedCertificateTimestamps
+        ).value
+        assert psct1 == psct2
+
+    @pytest.mark.supported(
+        only_if=lambda backend: (
+            backend._lib.CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER),
+        skip_message="Requires OpenSSL 1.1.0f+",
+    )
+    def test_ne(self, backend):
+        psct1 = _load_cert(
+            os.path.join("x509", "cryptography-scts.pem"),
+            x509.load_pem_x509_certificate,
+            backend
+        ).extensions.get_extension_for_class(
+            x509.PrecertificateSignedCertificateTimestamps
+        ).value
+        psct2 = _load_cert(
+            os.path.join("x509", "badssl-sct.pem"),
+            x509.load_pem_x509_certificate,
+            backend
+        ).extensions.get_extension_for_class(
+            x509.PrecertificateSignedCertificateTimestamps
+        ).value
+        assert psct1 != psct2
+        assert psct1 != object()
+
+    @pytest.mark.supported(
+        only_if=lambda backend: (
+            backend._lib.CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER),
+        skip_message="Requires OpenSSL 1.1.0f+",
+    )
+    def test_hash(self, backend):
+        psct1 = _load_cert(
+            os.path.join("x509", "badssl-sct.pem"),
+            x509.load_pem_x509_certificate,
+            backend
+        ).extensions.get_extension_for_class(
+            x509.PrecertificateSignedCertificateTimestamps
+        ).value
+        psct2 = _load_cert(
+            os.path.join("x509", "badssl-sct.pem"),
+            x509.load_pem_x509_certificate,
+            backend
+        ).extensions.get_extension_for_class(
+            x509.PrecertificateSignedCertificateTimestamps
+        ).value
+        psct3 = _load_cert(
+            os.path.join("x509", "cryptography-scts.pem"),
+            x509.load_pem_x509_certificate,
+            backend
+        ).extensions.get_extension_for_class(
+            x509.PrecertificateSignedCertificateTimestamps
+        ).value
+        assert hash(psct1) == hash(psct2)
+        assert hash(psct1) != hash(psct3)
+
+    @pytest.mark.supported(
+        only_if=lambda backend: (
+            backend._lib.CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER),
+        skip_message="Requires OpenSSL 1.1.0f+",
+    )
     def test_simple(self, backend):
         cert = _load_cert(
             os.path.join("x509", "badssl-sct.pem"),
author	Paul Kehrer <paul.l.kehrer@gmail.com>	2018-10-30 10:23:30 +0800
committer	Alex Gaynor <alex.gaynor@gmail.com>	2018-10-29 22:23:30 -0400
commit	74ce48c5d00e4846740d248a65d35b874f15afe2 (patch)
tree	6926bba7f30e2d435dea5a86ec102130be084dd5 /tests/x509
parent	d91401d4d38d7f738392a69df43b4fd8b8e6c6e8 (diff)
download	cryptography-74ce48c5d00e4846740d248a65d35b874f15afe2.tar.gz cryptography-74ce48c5d00e4846740d248a65d35b874f15afe2.tar.bz2 cryptography-74ce48c5d00e4846740d248a65d35b874f15afe2.zip