aboutsummaryrefslogtreecommitdiffstats
path: root/tests
diff options
context:
space:
mode:
authorPaul Kehrer <paul.l.kehrer@gmail.com>2018-12-01 12:15:20 +0800
committerAlex Gaynor <alex.gaynor@gmail.com>2018-11-30 23:15:20 -0500
commiteb3e2e0d73c86d876d48aa6bde9fcf01c761c98f (patch)
tree1b20470ee016a3d1a35e7b5680fe38f38c538574 /tests
parente4e7b89fb627b372cde4158ceb7078d8769497cb (diff)
downloadcryptography-eb3e2e0d73c86d876d48aa6bde9fcf01c761c98f.tar.gz
cryptography-eb3e2e0d73c86d876d48aa6bde9fcf01c761c98f.tar.bz2
cryptography-eb3e2e0d73c86d876d48aa6bde9fcf01c761c98f.zip
IssuingDistributionPoint support (parse only) (#4552)
* IssuingDistributionPoint support h/t to Irina Renteria for the initial work here * python 2 unfortunately still exists * py2 repr * typo caught by flake8 * add docs * review feedback * reorder args, other fixes * use the alex name * add changelog
Diffstat (limited to 'tests')
-rw-r--r--tests/x509/test_x509_ext.py288
1 files changed, 288 insertions, 0 deletions
diff --git a/tests/x509/test_x509_ext.py b/tests/x509/test_x509_ext.py
index 9eac9a27..5ff3bdd6 100644
--- a/tests/x509/test_x509_ext.py
+++ b/tests/x509/test_x509_ext.py
@@ -4440,6 +4440,294 @@ class TestInhibitAnyPolicyExtension(object):
assert iap.skip_certs == 5
+class TestIssuingDistributionPointExtension(object):
+ @pytest.mark.parametrize(
+ ("filename", "expected"),
+ [
+ (
+ "crl_idp_fullname_indirect_crl.pem",
+ x509.IssuingDistributionPoint(
+ full_name=[
+ x509.UniformResourceIdentifier(
+ u"http://myhost.com/myca.crl")
+ ],
+ relative_name=None,
+ only_contains_user_certs=False,
+ only_contains_ca_certs=False,
+ only_some_reasons=None,
+ indirect_crl=True,
+ only_contains_attribute_certs=False,
+ )
+ ),
+ (
+ "crl_idp_fullname_only.pem",
+ x509.IssuingDistributionPoint(
+ full_name=[
+ x509.UniformResourceIdentifier(
+ u"http://myhost.com/myca.crl")
+ ],
+ relative_name=None,
+ only_contains_user_certs=False,
+ only_contains_ca_certs=False,
+ only_some_reasons=None,
+ indirect_crl=False,
+ only_contains_attribute_certs=False,
+ )
+ ),
+ (
+ "crl_idp_fullname_only_aa.pem",
+ x509.IssuingDistributionPoint(
+ full_name=[
+ x509.UniformResourceIdentifier(
+ u"http://myhost.com/myca.crl")
+ ],
+ relative_name=None,
+ only_contains_user_certs=False,
+ only_contains_ca_certs=False,
+ only_some_reasons=None,
+ indirect_crl=False,
+ only_contains_attribute_certs=True,
+ )
+ ),
+ (
+ "crl_idp_fullname_only_user.pem",
+ x509.IssuingDistributionPoint(
+ full_name=[
+ x509.UniformResourceIdentifier(
+ u"http://myhost.com/myca.crl")
+ ],
+ relative_name=None,
+ only_contains_user_certs=True,
+ only_contains_ca_certs=False,
+ only_some_reasons=None,
+ indirect_crl=False,
+ only_contains_attribute_certs=False,
+ )
+ ),
+ (
+ "crl_idp_only_ca.pem",
+ x509.IssuingDistributionPoint(
+ full_name=None,
+ relative_name=x509.RelativeDistinguishedName([
+ x509.NameAttribute(
+ oid=x509.NameOID.ORGANIZATION_NAME, value=u"PyCA"
+ )
+ ]),
+ only_contains_user_certs=False,
+ only_contains_ca_certs=True,
+ only_some_reasons=None,
+ indirect_crl=False,
+ only_contains_attribute_certs=False,
+ )
+ ),
+ (
+ "crl_idp_reasons_only.pem",
+ x509.IssuingDistributionPoint(
+ full_name=None,
+ relative_name=None,
+ only_contains_user_certs=False,
+ only_contains_ca_certs=False,
+ only_some_reasons=frozenset([
+ x509.ReasonFlags.key_compromise
+ ]),
+ indirect_crl=False,
+ only_contains_attribute_certs=False,
+ )
+ ),
+ (
+ "crl_idp_relative_user_all_reasons.pem",
+ x509.IssuingDistributionPoint(
+ full_name=None,
+ relative_name=x509.RelativeDistinguishedName([
+ x509.NameAttribute(
+ oid=x509.NameOID.ORGANIZATION_NAME, value=u"PyCA"
+ )
+ ]),
+ only_contains_user_certs=True,
+ only_contains_ca_certs=False,
+ only_some_reasons=frozenset([
+ x509.ReasonFlags.key_compromise,
+ x509.ReasonFlags.ca_compromise,
+ x509.ReasonFlags.affiliation_changed,
+ x509.ReasonFlags.superseded,
+ x509.ReasonFlags.cessation_of_operation,
+ x509.ReasonFlags.certificate_hold,
+ x509.ReasonFlags.privilege_withdrawn,
+ x509.ReasonFlags.aa_compromise,
+ ]),
+ indirect_crl=False,
+ only_contains_attribute_certs=False,
+ )
+ ),
+ (
+ "crl_idp_relativename_only.pem",
+ x509.IssuingDistributionPoint(
+ full_name=None,
+ relative_name=x509.RelativeDistinguishedName([
+ x509.NameAttribute(
+ oid=x509.NameOID.ORGANIZATION_NAME, value=u"PyCA"
+ )
+ ]),
+ only_contains_user_certs=False,
+ only_contains_ca_certs=False,
+ only_some_reasons=None,
+ indirect_crl=False,
+ only_contains_attribute_certs=False,
+ )
+ ),
+ ]
+ )
+ @pytest.mark.requires_backend_interface(interface=RSABackend)
+ @pytest.mark.requires_backend_interface(interface=X509Backend)
+ def test_vectors(self, filename, expected, backend):
+ crl = _load_cert(
+ os.path.join("x509", "custom", filename),
+ x509.load_pem_x509_crl, backend
+ )
+ idp = crl.extensions.get_extension_for_class(
+ x509.IssuingDistributionPoint
+ ).value
+ assert idp == expected
+
+ @pytest.mark.parametrize(
+ (
+ "error", "only_contains_user_certs", "only_contains_ca_certs",
+ "indirect_crl", "only_contains_attribute_certs",
+ "only_some_reasons", "full_name", "relative_name"
+ ),
+ [
+ (
+ TypeError, False, False, False, False, 'notafrozenset', None,
+ None
+ ),
+ (
+ TypeError, False, False, False, False, frozenset(['bad']),
+ None, None
+ ),
+ (
+ ValueError, False, False, False, False,
+ frozenset([x509.ReasonFlags.unspecified]), None, None
+ ),
+ (
+ ValueError, False, False, False, False,
+ frozenset([x509.ReasonFlags.remove_from_crl]), None, None
+ ),
+ (TypeError, 'notabool', False, False, False, None, None, None),
+ (TypeError, False, 'notabool', False, False, None, None, None),
+ (TypeError, False, False, 'notabool', False, None, None, None),
+ (TypeError, False, False, False, 'notabool', None, None, None),
+ (ValueError, True, True, False, False, None, None, None),
+ (ValueError, False, False, True, True, None, None, None),
+ (ValueError, False, False, False, False, None, None, None),
+ ]
+ )
+ def test_invalid_init(self, error, only_contains_user_certs,
+ only_contains_ca_certs, indirect_crl,
+ only_contains_attribute_certs, only_some_reasons,
+ full_name, relative_name):
+ with pytest.raises(error):
+ x509.IssuingDistributionPoint(
+ full_name, relative_name, only_contains_user_certs,
+ only_contains_ca_certs, only_some_reasons, indirect_crl,
+ only_contains_attribute_certs
+ )
+
+ def test_repr(self):
+ idp = x509.IssuingDistributionPoint(
+ None, None, False, False,
+ frozenset([x509.ReasonFlags.key_compromise]), False, False
+ )
+ if not six.PY2:
+ assert repr(idp) == (
+ "<IssuingDistributionPoint(full_name=None, relative_name=None,"
+ " only_contains_user_certs=False, only_contains_ca_certs=False"
+ ", only_some_reasons=frozenset({<ReasonFlags.key_compromise: '"
+ "keyCompromise'>}), indirect_crl=False, only_contains_attribut"
+ "e_certs=False)>"
+ )
+ else:
+ assert repr(idp) == (
+ "<IssuingDistributionPoint(full_name=None, relative_name=None,"
+ " only_contains_user_certs=False, only_contains_ca_certs=False"
+ ", only_some_reasons=frozenset([<ReasonFlags.key_compromise: '"
+ "keyCompromise'>]), indirect_crl=False, only_contains_attribut"
+ "e_certs=False)>"
+ )
+
+ def test_eq(self):
+ idp1 = x509.IssuingDistributionPoint(
+ only_contains_user_certs=False,
+ only_contains_ca_certs=False,
+ indirect_crl=False,
+ only_contains_attribute_certs=False,
+ only_some_reasons=None,
+ full_name=None,
+ relative_name=x509.RelativeDistinguishedName([
+ x509.NameAttribute(
+ oid=x509.NameOID.ORGANIZATION_NAME, value=u"PyCA")
+ ])
+ )
+ idp2 = x509.IssuingDistributionPoint(
+ only_contains_user_certs=False,
+ only_contains_ca_certs=False,
+ indirect_crl=False,
+ only_contains_attribute_certs=False,
+ only_some_reasons=None,
+ full_name=None,
+ relative_name=x509.RelativeDistinguishedName([
+ x509.NameAttribute(
+ oid=x509.NameOID.ORGANIZATION_NAME, value=u"PyCA")
+ ])
+ )
+ assert idp1 == idp2
+
+ def test_ne(self):
+ idp1 = x509.IssuingDistributionPoint(
+ only_contains_user_certs=False,
+ only_contains_ca_certs=False,
+ indirect_crl=False,
+ only_contains_attribute_certs=False,
+ only_some_reasons=None,
+ full_name=None,
+ relative_name=x509.RelativeDistinguishedName([
+ x509.NameAttribute(
+ oid=x509.NameOID.ORGANIZATION_NAME, value=u"PyCA")
+ ])
+ )
+ idp2 = x509.IssuingDistributionPoint(
+ only_contains_user_certs=True,
+ only_contains_ca_certs=False,
+ indirect_crl=False,
+ only_contains_attribute_certs=False,
+ only_some_reasons=None,
+ full_name=None,
+ relative_name=x509.RelativeDistinguishedName([
+ x509.NameAttribute(
+ oid=x509.NameOID.ORGANIZATION_NAME, value=u"PyCA")
+ ])
+ )
+ assert idp1 != idp2
+ assert idp1 != object()
+
+ def test_hash(self):
+ idp1 = x509.IssuingDistributionPoint(
+ None, None, True, False, None, False, False
+ )
+ idp2 = x509.IssuingDistributionPoint(
+ None, None, True, False, None, False, False
+ )
+ idp3 = x509.IssuingDistributionPoint(
+ None,
+ x509.RelativeDistinguishedName([
+ x509.NameAttribute(
+ oid=x509.NameOID.ORGANIZATION_NAME, value=u"PyCA")
+ ]),
+ True, False, None, False, False
+ )
+ assert hash(idp1) == hash(idp2)
+ assert hash(idp1) != hash(idp3)
+
+
@pytest.mark.requires_backend_interface(interface=RSABackend)
@pytest.mark.requires_backend_interface(interface=X509Backend)
class TestPrecertPoisonExtension(object):
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-25 12:48:36 +0000