diff options
| author | Andre Caron <andre.l.caron@gmail.com> | 2015-05-18 10:23:28 -0400 |
|---|---|---|
| committer | Andre Caron <andre.l.caron@gmail.com> | 2015-05-18 10:25:30 -0400 |
| commit | 476c5df3f12967b397a3e02e303db774cfa95915 (patch) | |
| tree | 1872dff9ebd507e8c7ae304f693a0a7b0e9e469c /tests | |
| parent | 0b0179f7311162084f2b8dc6a028e301ca2eb7b2 (diff) | |
| download | cryptography-476c5df3f12967b397a3e02e303db774cfa95915.tar.gz cryptography-476c5df3f12967b397a3e02e303db774cfa95915.tar.bz2 cryptography-476c5df3f12967b397a3e02e303db774cfa95915.zip | |
Adds support for writing CSRs.
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/test_x509.py | 66 |
1 files changed, 65 insertions, 1 deletions
diff --git a/tests/test_x509.py b/tests/test_x509.py index 47c1c647..bef761e5 100644 --- a/tests/test_x509.py +++ b/tests/test_x509.py @@ -15,7 +15,7 @@ from cryptography.exceptions import UnsupportedAlgorithm from cryptography.hazmat.backends.interfaces import ( DSABackend, EllipticCurveBackend, RSABackend, X509Backend ) -from cryptography.hazmat.primitives import hashes +from cryptography.hazmat.primitives import hashes, serialization from cryptography.hazmat.primitives.asymmetric import dsa, ec, rsa from .hazmat.primitives.test_ec import _skip_curve_unsupported @@ -471,6 +471,70 @@ class TestRSACertificate(object): ), ] + def test_encode_pem(self, backend): + # Load an existing CSR. + request = _load_cert( + os.path.join("x509", "requests", "rsa_sha1.pem"), + x509.load_pem_x509_csr, + backend + ) + + # Encode it to PEM and load it back. + request = x509.load_pem_x509_csr(request.public_bytes( + encoding=serialization.Encoding.PEM, + ), backend) + + # We should recover what we had to start with. + assert isinstance(request.signature_hash_algorithm, hashes.SHA1) + public_key = request.public_key() + assert isinstance(public_key, rsa.RSAPublicKey) + subject = request.subject + assert isinstance(subject, x509.Name) + assert list(subject) == [ + x509.NameAttribute(x509.OID_COUNTRY_NAME, 'US'), + x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, 'Texas'), + x509.NameAttribute(x509.OID_LOCALITY_NAME, 'Austin'), + x509.NameAttribute(x509.OID_ORGANIZATION_NAME, 'PyCA'), + x509.NameAttribute(x509.OID_COMMON_NAME, 'cryptography.io'), + ] + + def test_encode_der(self, backend): + # Load an existing CSR. + request = _load_cert( + os.path.join("x509", "requests", "rsa_sha1.pem"), + x509.load_pem_x509_csr, + backend + ) + + # Encode it to DER and load it back. + request = x509.load_der_x509_csr(request.public_bytes( + encoding=serialization.Encoding.DER, + ), backend) + + # We should recover what we had to start with. + assert isinstance(request.signature_hash_algorithm, hashes.SHA1) + public_key = request.public_key() + assert isinstance(public_key, rsa.RSAPublicKey) + subject = request.subject + assert isinstance(subject, x509.Name) + assert list(subject) == [ + x509.NameAttribute(x509.OID_COUNTRY_NAME, 'US'), + x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, 'Texas'), + x509.NameAttribute(x509.OID_LOCALITY_NAME, 'Austin'), + x509.NameAttribute(x509.OID_ORGANIZATION_NAME, 'PyCA'), + x509.NameAttribute(x509.OID_COMMON_NAME, 'cryptography.io'), + ] + + def test_encode_invalid_encoding(self, backend): + request = _load_cert( + os.path.join("x509", "requests", "rsa_sha1.pem"), + x509.load_pem_x509_csr, + backend + ) + + with pytest.raises(TypeError): + request.public_bytes('NotAnEncoding') + @pytest.mark.requires_backend_interface(interface=DSABackend) @pytest.mark.requires_backend_interface(interface=X509Backend) |