diff options
| author | Marti Raudsepp <marti@juffo.org> | 2018-12-08 03:26:07 +0200 |
|---|---|---|
| committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2018-12-08 09:26:07 +0800 |
| commit | c3d38b5d80a955aee4b160bb97464a20c4992da7 (patch) | |
| tree | 8d6580c1a56be5bccd9f98a414b5bb234b527d20 /tests/x509 | |
| parent | 7e422821b9f800f5345c37011c510dc9e76f552c (diff) | |
| download | cryptography-c3d38b5d80a955aee4b160bb97464a20c4992da7.tar.gz cryptography-c3d38b5d80a955aee4b160bb97464a20c4992da7.tar.bz2 cryptography-c3d38b5d80a955aee4b160bb97464a20c4992da7.zip | |
Add RFC 4514 Distinguished Name formatting for Name, RDN and NameAttribute (#4304)
Diffstat (limited to 'tests/x509')
| -rw-r--r-- | tests/x509/test_x509.py | 72 | ||||
| -rw-r--r-- | tests/x509/test_x509_ext.py | 41 |
2 files changed, 46 insertions, 67 deletions
diff --git a/tests/x509/test_x509.py b/tests/x509/test_x509.py index 15cfe43d..f4520811 100644 --- a/tests/x509/test_x509.py +++ b/tests/x509/test_x509.py @@ -1138,30 +1138,11 @@ class TestRSACertificate(object): x509.load_pem_x509_certificate, backend ) - if not six.PY2: - assert repr(cert) == ( - "<Certificate(subject=<Name([<NameAttribute(oid=<ObjectIdentif" - "ier(oid=2.5.4.11, name=organizationalUnitName)>, value='GT487" - "42965')>, <NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.11, " - "name=organizationalUnitName)>, value='See www.rapidssl.com/re" - "sources/cps (c)14')>, <NameAttribute(oid=<ObjectIdentifier(oi" - "d=2.5.4.11, name=organizationalUnitName)>, value='Domain Cont" - "rol Validated - RapidSSL(R)')>, <NameAttribute(oid=<ObjectIde" - "ntifier(oid=2.5.4.3, name=commonName)>, value='www.cryptograp" - "hy.io')>])>, ...)>" - ) - else: - assert repr(cert) == ( - "<Certificate(subject=<Name([<NameAttribute(oid=<ObjectIdentif" - "ier(oid=2.5.4.11, name=organizationalUnitName)>, value=u'GT48" - "742965')>, <NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.11," - " name=organizationalUnitName)>, value=u'See www.rapidssl.com/" - "resources/cps (c)14')>, <NameAttribute(oid=<ObjectIdentifier(" - "oid=2.5.4.11, name=organizationalUnitName)>, value=u'Domain C" - "ontrol Validated - RapidSSL(R)')>, <NameAttribute(oid=<Object" - "Identifier(oid=2.5.4.3, name=commonName)>, value=u'www.crypto" - "graphy.io')>])>, ...)>" - ) + assert repr(cert) == ( + "<Certificate(subject=<Name(OU=GT48742965, OU=See www.rapidssl.com" + "/resources/cps (c)14, OU=Domain Control Validated - RapidSSL(R), " + "CN=www.cryptography.io)>, ...)>" + ) def test_parse_tls_feature_extension(self, backend): cert = _load_cert( @@ -3933,6 +3914,18 @@ class TestNameAttribute(object): "nName)>, value=u'value')>" ) + def test_distinugished_name(self): + # Escaping + na = x509.NameAttribute(NameOID.COMMON_NAME, u'James "Jim" Smith, III') + assert na.rfc4514_string() == r'CN=James \"Jim\" Smith\, III' + na = x509.NameAttribute(NameOID.USER_ID, u'# escape+,;\0this ') + assert na.rfc4514_string() == r'UID=\# escape\+\,\;\00this\ ' + + # Nonstandard attribute OID + na = x509.NameAttribute(NameOID.EMAIL_ADDRESS, u'somebody@example.com') + assert (na.rfc4514_string() == + '1.2.840.113549.1.9.1=somebody@example.com') + class TestRelativeDistinguishedName(object): def test_init_empty(self): @@ -4120,20 +4113,23 @@ class TestName(object): x509.NameAttribute(NameOID.ORGANIZATION_NAME, u'PyCA'), ]) - if not six.PY2: - assert repr(name) == ( - "<Name([<NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.3, name" - "=commonName)>, value='cryptography.io')>, <NameAttribute(oid=" - "<ObjectIdentifier(oid=2.5.4.10, name=organizationName)>, valu" - "e='PyCA')>])>" - ) - else: - assert repr(name) == ( - "<Name([<NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.3, name" - "=commonName)>, value=u'cryptography.io')>, <NameAttribute(oid" - "=<ObjectIdentifier(oid=2.5.4.10, name=organizationName)>, val" - "ue=u'PyCA')>])>" - ) + assert repr(name) == "<Name(CN=cryptography.io, O=PyCA)>" + + def test_rfc4514_string(self): + n = x509.Name([ + x509.RelativeDistinguishedName([ + x509.NameAttribute(NameOID.ORGANIZATIONAL_UNIT_NAME, u'Sales'), + x509.NameAttribute(NameOID.COMMON_NAME, u'J. Smith'), + ]), + x509.RelativeDistinguishedName([ + x509.NameAttribute(NameOID.DOMAIN_COMPONENT, u'example'), + ]), + x509.RelativeDistinguishedName([ + x509.NameAttribute(NameOID.DOMAIN_COMPONENT, u'net'), + ]), + ]) + assert (n.rfc4514_string() == + 'OU=Sales+CN=J. Smith, DC=example, DC=net') def test_not_nameattribute(self): with pytest.raises(TypeError): diff --git a/tests/x509/test_x509_ext.py b/tests/x509/test_x509_ext.py index 152db964..6de105fa 100644 --- a/tests/x509/test_x509_ext.py +++ b/tests/x509/test_x509_ext.py @@ -1135,16 +1135,14 @@ class TestAuthorityKeyIdentifier(object): if not six.PY2: assert repr(aki) == ( "<AuthorityKeyIdentifier(key_identifier=b'digest', authority_" - "cert_issuer=[<DirectoryName(value=<Name([<NameAttribute(oid=" - "<ObjectIdentifier(oid=2.5.4.3, name=commonName)>, value='myC" - "N')>])>)>], authority_cert_serial_number=1234)>" + "cert_issuer=[<DirectoryName(value=<Name(CN=myCN)>)>], author" + "ity_cert_serial_number=1234)>" ) else: assert repr(aki) == ( - "<AuthorityKeyIdentifier(key_identifier='digest', authority_ce" - "rt_issuer=[<DirectoryName(value=<Name([<NameAttribute(oid=<Ob" - "jectIdentifier(oid=2.5.4.3, name=commonName)>, value=u'myCN')" - ">])>)>], authority_cert_serial_number=1234)>" + "<AuthorityKeyIdentifier(key_identifier='digest', authority_" + "cert_issuer=[<DirectoryName(value=<Name(CN=myCN)>)>], author" + "ity_cert_serial_number=1234)>" ) def test_eq(self): @@ -1719,16 +1717,7 @@ class TestDirectoryName(object): def test_repr(self): name = x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, u'value1')]) gn = x509.DirectoryName(name) - if not six.PY2: - assert repr(gn) == ( - "<DirectoryName(value=<Name([<NameAttribute(oid=<ObjectIdentif" - "ier(oid=2.5.4.3, name=commonName)>, value='value1')>])>)>" - ) - else: - assert repr(gn) == ( - "<DirectoryName(value=<Name([<NameAttribute(oid=<ObjectIdentif" - "ier(oid=2.5.4.3, name=commonName)>, value=u'value1')>])>)>" - ) + assert repr(gn) == "<DirectoryName(value=<Name(CN=value1)>)>" def test_eq(self): name = x509.Name([ @@ -3656,22 +3645,16 @@ class TestDistributionPoint(object): if not six.PY2: assert repr(dp) == ( "<DistributionPoint(full_name=None, relative_name=<RelativeDis" - "tinguishedName([<NameAttribute(oid=<ObjectIdentifier(oid=2.5." - "4.3, name=commonName)>, value='myCN')>])>, reasons=frozenset(" - "{<ReasonFlags.ca_compromise: 'cACompromise'>}), crl_issuer=[<" - "DirectoryName(value=<Name([<NameAttribute(oid=<ObjectIdentifi" - "er(oid=2.5.4.3, name=commonName)>, value='Important CA')>])>)" - ">])>" + "tinguishedName(CN=myCN)>, reasons=frozenset({<ReasonFlags.ca_" + "compromise: 'cACompromise'>}), crl_issuer=[<DirectoryName(val" + "ue=<Name(CN=Important CA)>)>])>" ) else: assert repr(dp) == ( "<DistributionPoint(full_name=None, relative_name=<RelativeDis" - "tinguishedName([<NameAttribute(oid=<ObjectIdentifier(oid=2.5." - "4.3, name=commonName)>, value=u'myCN')>])>, reasons=frozenset" - "([<ReasonFlags.ca_compromise: 'cACompromise'>]), crl_issuer=[" - "<DirectoryName(value=<Name([<NameAttribute(oid=<ObjectIdentif" - "ier(oid=2.5.4.3, name=commonName)>, value=u'Important CA')>])" - ">)>])>" + "tinguishedName(CN=myCN)>, reasons=frozenset([<ReasonFlags.ca_" + "compromise: 'cACompromise'>]), crl_issuer=[<DirectoryName(val" + "ue=<Name(CN=Important CA)>)>])>" ) def test_hash(self): |