diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2015-10-19 23:45:59 -0500 |
|---|---|---|
| committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2015-10-20 11:13:07 -0500 |
| commit | 5a2bb54bbb7b68a7407ab5d62c828c329166bd81 (patch) | |
| tree | c2de009d37d9f1603dd66914bf9f6f3a4f12aa4a /tests | |
| parent | 08801cd1bacf08aa4d4a833ff235574f4da15a20 (diff) | |
| download | cryptography-5a2bb54bbb7b68a7407ab5d62c828c329166bd81.tar.gz cryptography-5a2bb54bbb7b68a7407ab5d62c828c329166bd81.tar.bz2 cryptography-5a2bb54bbb7b68a7407ab5d62c828c329166bd81.zip | |
encode countryName with PrintableString
This commit adds a dependency on asn1crypto for testing purposes to
parse the certificate and confirm that countryName is encoded with
PrintableString while other fields are UTF8String. This is a test
only dep.
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/test_x509.py | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/tests/test_x509.py b/tests/test_x509.py index 8035886c..1fa4d82a 100644 --- a/tests/test_x509.py +++ b/tests/test_x509.py @@ -9,6 +9,8 @@ import datetime import ipaddress import os +from asn1crypto import core, x509 as asn1cryptox509 + import pytest import six @@ -834,6 +836,43 @@ class TestRSACertificateRequest(object): x509.DNSName(u"cryptography.io"), ] + def test_build_cert_printable_string_country_name(self, backend): + issuer_private_key = RSA_KEY_2048.private_key(backend) + subject_private_key = RSA_KEY_2048.private_key(backend) + + not_valid_before = datetime.datetime(2002, 1, 1, 12, 1) + not_valid_after = datetime.datetime(2030, 12, 31, 8, 30) + + builder = x509.CertificateBuilder().serial_number( + 777 + ).issuer_name(x509.Name([ + x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'), + x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u'Texas'), + ])).subject_name(x509.Name([ + x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'), + x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u'Texas'), + ])).public_key( + subject_private_key.public_key() + ).not_valid_before( + not_valid_before + ).not_valid_after( + not_valid_after + ) + + cert = builder.sign(issuer_private_key, hashes.SHA256(), backend) + + parsedasn1 = asn1cryptox509.Certificate.load( + cert.public_bytes(serialization.Encoding.DER) + ) + assert isinstance( + parsedasn1.subject.chosen[0][0]['value'].chosen, + core.PrintableString + ) + assert isinstance( + parsedasn1.subject.chosen[1][0]['value'].chosen, + core.UTF8String + ) + class TestCertificateBuilder(object): @pytest.mark.requires_backend_interface(interface=RSABackend) |