From 7618fbeb1fab995f5e44864ba9ace3ebdf4ebc5b Mon Sep 17 00:00:00 2001 From: Ian Cordasco Date: Tue, 16 Jun 2015 19:12:17 -0500 Subject: Enforce text type of NameAttribute.value --- src/cryptography/x509.py | 5 +++++ tests/test_x509.py | 7 +++++++ 2 files changed, 12 insertions(+) diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py index 87028be1..2e2e8512 100644 --- a/src/cryptography/x509.py +++ b/src/cryptography/x509.py @@ -148,6 +148,11 @@ class NameAttribute(object): "oid argument must be an ObjectIdentifier instance." ) + if not isinstance(value, six.text_type): + raise TypeError( + "value argument must be a text type." + ) + self._oid = oid self._value = value diff --git a/tests/test_x509.py b/tests/test_x509.py index a3bed85f..d9aa22db 100644 --- a/tests/test_x509.py +++ b/tests/test_x509.py @@ -794,6 +794,13 @@ class TestNameAttribute(object): with pytest.raises(TypeError): x509.NameAttribute(None, 'value') + def test_init_bad_value(self): + with pytest.raises(TypeError): + x509.NameAttribute( + x509.ObjectIdentifier('oid'), + b'bytes' + ) + def test_eq(self): assert x509.NameAttribute( x509.ObjectIdentifier('oid'), 'value' -- cgit v1.2.3 From 82fc376961182fb31193373c2d28bc5fe6dd22b4 Mon Sep 17 00:00:00 2001 From: Ian Cordasco Date: Tue, 16 Jun 2015 20:59:50 -0500 Subject: Correct x509.NameAttribute test passing bytes --- tests/test_x509.py | 232 ++++++++++++++++++++++++------------------------- tests/test_x509_ext.py | 112 ++++++++++++------------ 2 files changed, 173 insertions(+), 171 deletions(-) diff --git a/tests/test_x509.py b/tests/test_x509.py index d9aa22db..53ddeb84 100644 --- a/tests/test_x509.py +++ b/tests/test_x509.py @@ -70,14 +70,14 @@ class TestRSACertificate(object): issuer = cert.issuer assert isinstance(issuer, x509.Name) assert list(issuer) == [ - x509.NameAttribute(x509.OID_COUNTRY_NAME, 'US'), + x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), x509.NameAttribute( - x509.OID_ORGANIZATION_NAME, 'Test Certificates 2011' + x509.OID_ORGANIZATION_NAME, u'Test Certificates 2011' ), - x509.NameAttribute(x509.OID_COMMON_NAME, 'Good CA') + x509.NameAttribute(x509.OID_COMMON_NAME, u'Good CA') ] assert issuer.get_attributes_for_oid(x509.OID_COMMON_NAME) == [ - x509.NameAttribute(x509.OID_COMMON_NAME, 'Good CA') + x509.NameAttribute(x509.OID_COMMON_NAME, u'Good CA') ] def test_all_issuer_name_types(self, backend): @@ -93,36 +93,36 @@ class TestRSACertificate(object): assert isinstance(issuer, x509.Name) assert list(issuer) == [ - x509.NameAttribute(x509.OID_COUNTRY_NAME, 'US'), - x509.NameAttribute(x509.OID_COUNTRY_NAME, 'CA'), - x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, 'Texas'), - x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, 'Illinois'), - x509.NameAttribute(x509.OID_LOCALITY_NAME, 'Chicago'), - x509.NameAttribute(x509.OID_LOCALITY_NAME, 'Austin'), - x509.NameAttribute(x509.OID_ORGANIZATION_NAME, 'Zero, LLC'), - x509.NameAttribute(x509.OID_ORGANIZATION_NAME, 'One, LLC'), - x509.NameAttribute(x509.OID_COMMON_NAME, 'common name 0'), - x509.NameAttribute(x509.OID_COMMON_NAME, 'common name 1'), - x509.NameAttribute(x509.OID_ORGANIZATIONAL_UNIT_NAME, 'OU 0'), - x509.NameAttribute(x509.OID_ORGANIZATIONAL_UNIT_NAME, 'OU 1'), - x509.NameAttribute(x509.OID_DN_QUALIFIER, 'dnQualifier0'), - x509.NameAttribute(x509.OID_DN_QUALIFIER, 'dnQualifier1'), - x509.NameAttribute(x509.OID_SERIAL_NUMBER, '123'), - x509.NameAttribute(x509.OID_SERIAL_NUMBER, '456'), - x509.NameAttribute(x509.OID_TITLE, 'Title 0'), - x509.NameAttribute(x509.OID_TITLE, 'Title 1'), - x509.NameAttribute(x509.OID_SURNAME, 'Surname 0'), - x509.NameAttribute(x509.OID_SURNAME, 'Surname 1'), - x509.NameAttribute(x509.OID_GIVEN_NAME, 'Given Name 0'), - x509.NameAttribute(x509.OID_GIVEN_NAME, 'Given Name 1'), - x509.NameAttribute(x509.OID_PSEUDONYM, 'Incognito 0'), - x509.NameAttribute(x509.OID_PSEUDONYM, 'Incognito 1'), - x509.NameAttribute(x509.OID_GENERATION_QUALIFIER, 'Last Gen'), - x509.NameAttribute(x509.OID_GENERATION_QUALIFIER, 'Next Gen'), - x509.NameAttribute(x509.OID_DOMAIN_COMPONENT, 'dc0'), - x509.NameAttribute(x509.OID_DOMAIN_COMPONENT, 'dc1'), - x509.NameAttribute(x509.OID_EMAIL_ADDRESS, 'test0@test.local'), - x509.NameAttribute(x509.OID_EMAIL_ADDRESS, 'test1@test.local'), + x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), + x509.NameAttribute(x509.OID_COUNTRY_NAME, u'CA'), + x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Texas'), + x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Illinois'), + x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Chicago'), + x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Austin'), + x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'Zero, LLC'), + x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'One, LLC'), + x509.NameAttribute(x509.OID_COMMON_NAME, u'common name 0'), + x509.NameAttribute(x509.OID_COMMON_NAME, u'common name 1'), + x509.NameAttribute(x509.OID_ORGANIZATIONAL_UNIT_NAME, u'OU 0'), + x509.NameAttribute(x509.OID_ORGANIZATIONAL_UNIT_NAME, u'OU 1'), + x509.NameAttribute(x509.OID_DN_QUALIFIER, u'dnQualifier0'), + x509.NameAttribute(x509.OID_DN_QUALIFIER, u'dnQualifier1'), + x509.NameAttribute(x509.OID_SERIAL_NUMBER, u'123'), + x509.NameAttribute(x509.OID_SERIAL_NUMBER, u'456'), + x509.NameAttribute(x509.OID_TITLE, u'Title 0'), + x509.NameAttribute(x509.OID_TITLE, u'Title 1'), + x509.NameAttribute(x509.OID_SURNAME, u'Surname 0'), + x509.NameAttribute(x509.OID_SURNAME, u'Surname 1'), + x509.NameAttribute(x509.OID_GIVEN_NAME, u'Given Name 0'), + x509.NameAttribute(x509.OID_GIVEN_NAME, u'Given Name 1'), + x509.NameAttribute(x509.OID_PSEUDONYM, u'Incognito 0'), + x509.NameAttribute(x509.OID_PSEUDONYM, u'Incognito 1'), + x509.NameAttribute(x509.OID_GENERATION_QUALIFIER, u'Last Gen'), + x509.NameAttribute(x509.OID_GENERATION_QUALIFIER, u'Next Gen'), + x509.NameAttribute(x509.OID_DOMAIN_COMPONENT, u'dc0'), + x509.NameAttribute(x509.OID_DOMAIN_COMPONENT, u'dc1'), + x509.NameAttribute(x509.OID_EMAIL_ADDRESS, u'test0@test.local'), + x509.NameAttribute(x509.OID_EMAIL_ADDRESS, u'test1@test.local'), ] def test_subject(self, backend): @@ -137,19 +137,19 @@ class TestRSACertificate(object): subject = cert.subject assert isinstance(subject, x509.Name) assert list(subject) == [ - x509.NameAttribute(x509.OID_COUNTRY_NAME, 'US'), + x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), x509.NameAttribute( - x509.OID_ORGANIZATION_NAME, 'Test Certificates 2011' + x509.OID_ORGANIZATION_NAME, u'Test Certificates 2011' ), x509.NameAttribute( x509.OID_COMMON_NAME, - 'Valid pre2000 UTC notBefore Date EE Certificate Test3' + u'Valid pre2000 UTC notBefore Date EE Certificate Test3' ) ] assert subject.get_attributes_for_oid(x509.OID_COMMON_NAME) == [ x509.NameAttribute( x509.OID_COMMON_NAME, - 'Valid pre2000 UTC notBefore Date EE Certificate Test3' + u'Valid pre2000 UTC notBefore Date EE Certificate Test3' ) ] @@ -187,40 +187,40 @@ class TestRSACertificate(object): subject = cert.subject assert isinstance(subject, x509.Name) assert list(subject) == [ - x509.NameAttribute(x509.OID_COUNTRY_NAME, 'AU'), - x509.NameAttribute(x509.OID_COUNTRY_NAME, 'DE'), - x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, 'California'), - x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, 'New York'), - x509.NameAttribute(x509.OID_LOCALITY_NAME, 'San Francisco'), - x509.NameAttribute(x509.OID_LOCALITY_NAME, 'Ithaca'), - x509.NameAttribute(x509.OID_ORGANIZATION_NAME, 'Org Zero, LLC'), - x509.NameAttribute(x509.OID_ORGANIZATION_NAME, 'Org One, LLC'), - x509.NameAttribute(x509.OID_COMMON_NAME, 'CN 0'), - x509.NameAttribute(x509.OID_COMMON_NAME, 'CN 1'), + x509.NameAttribute(x509.OID_COUNTRY_NAME, u'AU'), + x509.NameAttribute(x509.OID_COUNTRY_NAME, u'DE'), + x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'California'), + x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'New York'), + x509.NameAttribute(x509.OID_LOCALITY_NAME, u'San Francisco'), + x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Ithaca'), + x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'Org Zero, LLC'), + x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'Org One, LLC'), + x509.NameAttribute(x509.OID_COMMON_NAME, u'CN 0'), + x509.NameAttribute(x509.OID_COMMON_NAME, u'CN 1'), x509.NameAttribute( - x509.OID_ORGANIZATIONAL_UNIT_NAME, 'Engineering 0' + x509.OID_ORGANIZATIONAL_UNIT_NAME, u'Engineering 0' ), x509.NameAttribute( - x509.OID_ORGANIZATIONAL_UNIT_NAME, 'Engineering 1' + x509.OID_ORGANIZATIONAL_UNIT_NAME, u'Engineering 1' ), - x509.NameAttribute(x509.OID_DN_QUALIFIER, 'qualified0'), - x509.NameAttribute(x509.OID_DN_QUALIFIER, 'qualified1'), - x509.NameAttribute(x509.OID_SERIAL_NUMBER, '789'), - x509.NameAttribute(x509.OID_SERIAL_NUMBER, '012'), - x509.NameAttribute(x509.OID_TITLE, 'Title IX'), - x509.NameAttribute(x509.OID_TITLE, 'Title X'), - x509.NameAttribute(x509.OID_SURNAME, 'Last 0'), - x509.NameAttribute(x509.OID_SURNAME, 'Last 1'), - x509.NameAttribute(x509.OID_GIVEN_NAME, 'First 0'), - x509.NameAttribute(x509.OID_GIVEN_NAME, 'First 1'), - x509.NameAttribute(x509.OID_PSEUDONYM, 'Guy Incognito 0'), - x509.NameAttribute(x509.OID_PSEUDONYM, 'Guy Incognito 1'), - x509.NameAttribute(x509.OID_GENERATION_QUALIFIER, '32X'), - x509.NameAttribute(x509.OID_GENERATION_QUALIFIER, 'Dreamcast'), - x509.NameAttribute(x509.OID_DOMAIN_COMPONENT, 'dc2'), - x509.NameAttribute(x509.OID_DOMAIN_COMPONENT, 'dc3'), - x509.NameAttribute(x509.OID_EMAIL_ADDRESS, 'test2@test.local'), - x509.NameAttribute(x509.OID_EMAIL_ADDRESS, 'test3@test.local'), + x509.NameAttribute(x509.OID_DN_QUALIFIER, u'qualified0'), + x509.NameAttribute(x509.OID_DN_QUALIFIER, u'qualified1'), + x509.NameAttribute(x509.OID_SERIAL_NUMBER, u'789'), + x509.NameAttribute(x509.OID_SERIAL_NUMBER, u'012'), + x509.NameAttribute(x509.OID_TITLE, u'Title IX'), + x509.NameAttribute(x509.OID_TITLE, u'Title X'), + x509.NameAttribute(x509.OID_SURNAME, u'Last 0'), + x509.NameAttribute(x509.OID_SURNAME, u'Last 1'), + x509.NameAttribute(x509.OID_GIVEN_NAME, u'First 0'), + x509.NameAttribute(x509.OID_GIVEN_NAME, u'First 1'), + x509.NameAttribute(x509.OID_PSEUDONYM, u'Guy Incognito 0'), + x509.NameAttribute(x509.OID_PSEUDONYM, u'Guy Incognito 1'), + x509.NameAttribute(x509.OID_GENERATION_QUALIFIER, u'32X'), + x509.NameAttribute(x509.OID_GENERATION_QUALIFIER, u'Dreamcast'), + x509.NameAttribute(x509.OID_DOMAIN_COMPONENT, u'dc2'), + x509.NameAttribute(x509.OID_DOMAIN_COMPONENT, u'dc3'), + x509.NameAttribute(x509.OID_EMAIL_ADDRESS, u'test2@test.local'), + x509.NameAttribute(x509.OID_EMAIL_ADDRESS, u'test3@test.local'), ] def test_load_good_ca_cert(self, backend): @@ -473,11 +473,11 @@ class TestRSACertificateRequest(object): subject = request.subject assert isinstance(subject, x509.Name) assert list(subject) == [ - x509.NameAttribute(x509.OID_COUNTRY_NAME, 'US'), - x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, 'Texas'), - x509.NameAttribute(x509.OID_LOCALITY_NAME, 'Austin'), - x509.NameAttribute(x509.OID_ORGANIZATION_NAME, 'PyCA'), - x509.NameAttribute(x509.OID_COMMON_NAME, 'cryptography.io'), + x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), + x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Texas'), + x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Austin'), + x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'PyCA'), + x509.NameAttribute(x509.OID_COMMON_NAME, u'cryptography.io'), ] extensions = request.extensions assert isinstance(extensions, x509.Extensions) @@ -575,11 +575,11 @@ class TestRSACertificateRequest(object): subject = request.subject assert isinstance(subject, x509.Name) assert list(subject) == [ - x509.NameAttribute(x509.OID_COUNTRY_NAME, 'US'), - x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, 'Texas'), - x509.NameAttribute(x509.OID_LOCALITY_NAME, 'Austin'), - x509.NameAttribute(x509.OID_ORGANIZATION_NAME, 'PyCA'), - x509.NameAttribute(x509.OID_COMMON_NAME, 'cryptography.io'), + x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), + x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Texas'), + x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Austin'), + x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'PyCA'), + x509.NameAttribute(x509.OID_COMMON_NAME, u'cryptography.io'), ] def test_public_bytes_der(self, backend): @@ -602,11 +602,11 @@ class TestRSACertificateRequest(object): subject = request.subject assert isinstance(subject, x509.Name) assert list(subject) == [ - x509.NameAttribute(x509.OID_COUNTRY_NAME, 'US'), - x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, 'Texas'), - x509.NameAttribute(x509.OID_LOCALITY_NAME, 'Austin'), - x509.NameAttribute(x509.OID_ORGANIZATION_NAME, 'PyCA'), - x509.NameAttribute(x509.OID_COMMON_NAME, 'cryptography.io'), + x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), + x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Texas'), + x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Austin'), + x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'PyCA'), + x509.NameAttribute(x509.OID_COMMON_NAME, u'cryptography.io'), ] def test_public_bytes_invalid_encoding(self, backend): @@ -716,11 +716,11 @@ class TestDSACertificate(object): subject = request.subject assert isinstance(subject, x509.Name) assert list(subject) == [ - x509.NameAttribute(x509.OID_COMMON_NAME, 'cryptography.io'), - x509.NameAttribute(x509.OID_ORGANIZATION_NAME, 'PyCA'), - x509.NameAttribute(x509.OID_COUNTRY_NAME, 'US'), - x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, 'Texas'), - x509.NameAttribute(x509.OID_LOCALITY_NAME, 'Austin'), + x509.NameAttribute(x509.OID_COMMON_NAME, u'cryptography.io'), + x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'PyCA'), + x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), + x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Texas'), + x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Austin'), ] @@ -781,18 +781,18 @@ class TestECDSACertificate(object): subject = request.subject assert isinstance(subject, x509.Name) assert list(subject) == [ - x509.NameAttribute(x509.OID_COMMON_NAME, 'cryptography.io'), - x509.NameAttribute(x509.OID_ORGANIZATION_NAME, 'PyCA'), - x509.NameAttribute(x509.OID_COUNTRY_NAME, 'US'), - x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, 'Texas'), - x509.NameAttribute(x509.OID_LOCALITY_NAME, 'Austin'), + x509.NameAttribute(x509.OID_COMMON_NAME, u'cryptography.io'), + x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'PyCA'), + x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), + x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Texas'), + x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Austin'), ] class TestNameAttribute(object): def test_init_bad_oid(self): with pytest.raises(TypeError): - x509.NameAttribute(None, 'value') + x509.NameAttribute(None, u'value') def test_init_bad_value(self): with pytest.raises(TypeError): @@ -803,31 +803,31 @@ class TestNameAttribute(object): def test_eq(self): assert x509.NameAttribute( - x509.ObjectIdentifier('oid'), 'value' + x509.ObjectIdentifier('oid'), u'value' ) == x509.NameAttribute( - x509.ObjectIdentifier('oid'), 'value' + x509.ObjectIdentifier('oid'), u'value' ) def test_ne(self): assert x509.NameAttribute( - x509.ObjectIdentifier('2.5.4.3'), 'value' + x509.ObjectIdentifier('2.5.4.3'), u'value' ) != x509.NameAttribute( - x509.ObjectIdentifier('2.5.4.5'), 'value' + x509.ObjectIdentifier('2.5.4.5'), u'value' ) assert x509.NameAttribute( - x509.ObjectIdentifier('oid'), 'value' + x509.ObjectIdentifier('oid'), u'value' ) != x509.NameAttribute( - x509.ObjectIdentifier('oid'), 'value2' + x509.ObjectIdentifier('oid'), u'value2' ) assert x509.NameAttribute( - x509.ObjectIdentifier('oid'), 'value' + x509.ObjectIdentifier('oid'), u'value' ) != object() def test_repr(self): - na = x509.NameAttribute(x509.ObjectIdentifier('2.5.4.3'), 'value') + na = x509.NameAttribute(x509.ObjectIdentifier('2.5.4.3'), u'value') assert repr(na) == ( ", value='value')>" + ")>, value=u'value')>" ) @@ -852,36 +852,36 @@ class TestObjectIdentifier(object): class TestName(object): def test_eq(self): name1 = x509.Name([ - x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value1'), - x509.NameAttribute(x509.ObjectIdentifier('oid2'), 'value2'), + x509.NameAttribute(x509.ObjectIdentifier('oid'), u'value1'), + x509.NameAttribute(x509.ObjectIdentifier('oid2'), u'value2'), ]) name2 = x509.Name([ - x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value1'), - x509.NameAttribute(x509.ObjectIdentifier('oid2'), 'value2'), + x509.NameAttribute(x509.ObjectIdentifier('oid'), u'value1'), + x509.NameAttribute(x509.ObjectIdentifier('oid2'), u'value2'), ]) assert name1 == name2 def test_ne(self): name1 = x509.Name([ - x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value1'), - x509.NameAttribute(x509.ObjectIdentifier('oid2'), 'value2'), + x509.NameAttribute(x509.ObjectIdentifier('oid'), u'value1'), + x509.NameAttribute(x509.ObjectIdentifier('oid2'), u'value2'), ]) name2 = x509.Name([ - x509.NameAttribute(x509.ObjectIdentifier('oid2'), 'value2'), - x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value1'), + x509.NameAttribute(x509.ObjectIdentifier('oid2'), u'value2'), + x509.NameAttribute(x509.ObjectIdentifier('oid'), u'value1'), ]) assert name1 != name2 assert name1 != object() def test_repr(self): name = x509.Name([ - x509.NameAttribute(x509.OID_COMMON_NAME, 'cryptography.io'), - x509.NameAttribute(x509.OID_ORGANIZATION_NAME, 'PyCA'), + x509.NameAttribute(x509.OID_COMMON_NAME, u'cryptography.io'), + x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'PyCA'), ]) assert repr(name) == ( ", value='cryptography.io')>, , value='PyCA')>])" - ">" + "monName)>, value=u'cryptography.io')>, , value=u'PyCA')>" + "])>" ) diff --git a/tests/test_x509_ext.py b/tests/test_x509_ext.py index 1b575b6c..de8aea98 100644 --- a/tests/test_x509_ext.py +++ b/tests/test_x509_ext.py @@ -596,8 +596,8 @@ class TestAuthorityKeyIdentifier(object): def test_authority_cert_serial_number_not_integer(self): dirname = x509.DirectoryName( x509.Name([ - x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value1'), - x509.NameAttribute(x509.ObjectIdentifier('oid2'), 'value2'), + x509.NameAttribute(x509.ObjectIdentifier('oid'), u'value1'), + x509.NameAttribute(x509.ObjectIdentifier('oid2'), u'value2'), ]) ) with pytest.raises(TypeError): @@ -610,8 +610,8 @@ class TestAuthorityKeyIdentifier(object): def test_authority_issuer_not_none_serial_none(self): dirname = x509.DirectoryName( x509.Name([ - x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value1'), - x509.NameAttribute(x509.ObjectIdentifier('oid2'), 'value2'), + x509.NameAttribute(x509.ObjectIdentifier('oid'), u'value1'), + x509.NameAttribute(x509.ObjectIdentifier('oid2'), u'value2'), ]) ) with pytest.raises(ValueError): @@ -625,7 +625,7 @@ class TestAuthorityKeyIdentifier(object): def test_repr(self): dirname = x509.DirectoryName( - x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, 'myCN')]) + x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, u'myCN')]) ) aki = x509.AuthorityKeyIdentifier(b"digest", [dirname], 1234) @@ -633,34 +633,34 @@ class TestAuthorityKeyIdentifier(object): assert repr(aki) == ( ", value='myC" + ", value=u'myC" "N')>])>)>], authority_cert_serial_number=1234)>" ) else: assert repr(aki) == ( ", value='myCN')>" - "])>)>], authority_cert_serial_number=1234)>" + "jectIdentifier(oid=2.5.4.3, name=commonName)>, value=u'myCN')" + ">])>)>], authority_cert_serial_number=1234)>" ) def test_eq(self): dirname = x509.DirectoryName( - x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, 'myCN')]) + x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, u'myCN')]) ) aki = x509.AuthorityKeyIdentifier(b"digest", [dirname], 1234) dirname2 = x509.DirectoryName( - x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, 'myCN')]) + x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, u'myCN')]) ) aki2 = x509.AuthorityKeyIdentifier(b"digest", [dirname2], 1234) assert aki == aki2 def test_ne(self): dirname = x509.DirectoryName( - x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, 'myCN')]) + x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, u'myCN')]) ) dirname5 = x509.DirectoryName( - x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, 'aCN')]) + x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, u'aCN')]) ) aki = x509.AuthorityKeyIdentifier(b"digest", [dirname], 1234) aki2 = x509.AuthorityKeyIdentifier(b"diges", [dirname], 1234) @@ -1048,19 +1048,19 @@ class TestDirectoryName(object): x509.DirectoryName(1.3) def test_repr(self): - name = x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, 'value1')]) + name = x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, u'value1')]) gn = x509.DirectoryName(x509.Name([name])) assert repr(gn) == ( ", value='value1')>])>])>)>" + "tifier(oid=2.5.4.3, name=commonName)>, value=u'value1')>])>])>)>" ) def test_eq(self): name = x509.Name([ - x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value1') + x509.NameAttribute(x509.ObjectIdentifier('oid'), u'value1') ]) name2 = x509.Name([ - x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value1') + x509.NameAttribute(x509.ObjectIdentifier('oid'), u'value1') ]) gn = x509.DirectoryName(x509.Name([name])) gn2 = x509.DirectoryName(x509.Name([name2])) @@ -1068,10 +1068,10 @@ class TestDirectoryName(object): def test_ne(self): name = x509.Name([ - x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value1') + x509.NameAttribute(x509.ObjectIdentifier('oid'), u'value1') ]) name2 = x509.Name([ - x509.NameAttribute(x509.ObjectIdentifier('oid'), 'value2') + x509.NameAttribute(x509.ObjectIdentifier('oid'), u'value2') ]) gn = x509.DirectoryName(x509.Name([name])) gn2 = x509.DirectoryName(x509.Name([name2])) @@ -1419,9 +1419,9 @@ class TestRSASubjectAlternativeNameExtension(object): dirname = san.get_values_for_type(x509.DirectoryName) assert [ x509.Name([ - x509.NameAttribute(x509.OID_COMMON_NAME, 'test'), - x509.NameAttribute(x509.OID_ORGANIZATION_NAME, 'Org'), - x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, 'Texas'), + x509.NameAttribute(x509.OID_COMMON_NAME, u'test'), + x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'Org'), + x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Texas'), ]) ] == dirname @@ -1500,9 +1500,9 @@ class TestRSASubjectAlternativeNameExtension(object): assert [u"cryptography.io"] == dns assert [ x509.Name([ - x509.NameAttribute(x509.OID_COMMON_NAME, 'dirCN'), + x509.NameAttribute(x509.OID_COMMON_NAME, u'dirCN'), x509.NameAttribute( - x509.OID_ORGANIZATION_NAME, 'Cryptographic Authority' + x509.OID_ORGANIZATION_NAME, u'Cryptographic Authority' ), ]) ] == dirname @@ -1746,8 +1746,9 @@ class TestAuthorityInformationAccessExtension(object): x509.AccessDescription( x509.OID_CA_ISSUERS, x509.DirectoryName(x509.Name([ - x509.NameAttribute(x509.OID_COMMON_NAME, "myCN"), - x509.NameAttribute(x509.OID_ORGANIZATION_NAME, "some Org"), + x509.NameAttribute(x509.OID_COMMON_NAME, u"myCN"), + x509.NameAttribute(x509.OID_ORGANIZATION_NAME, + u"some Org"), ])) ), ]) @@ -1787,8 +1788,9 @@ class TestAuthorityInformationAccessExtension(object): x509.AccessDescription( x509.OID_CA_ISSUERS, x509.DirectoryName(x509.Name([ - x509.NameAttribute(x509.OID_COMMON_NAME, "myCN"), - x509.NameAttribute(x509.OID_ORGANIZATION_NAME, "some Org"), + x509.NameAttribute(x509.OID_COMMON_NAME, u"myCN"), + x509.NameAttribute(x509.OID_ORGANIZATION_NAME, + u"some Org"), ])) ), ]) @@ -1948,7 +1950,7 @@ class TestDistributionPoint(object): x509.DirectoryName( x509.Name([ x509.NameAttribute( - x509.OID_COMMON_NAME, "Important CA" + x509.OID_COMMON_NAME, u"Important CA" ) ]) ) @@ -1962,7 +1964,7 @@ class TestDistributionPoint(object): x509.DirectoryName( x509.Name([ x509.NameAttribute( - x509.OID_COMMON_NAME, "Important CA" + x509.OID_COMMON_NAME, u"Important CA" ) ]) ) @@ -1979,7 +1981,7 @@ class TestDistributionPoint(object): x509.DirectoryName( x509.Name([ x509.NameAttribute( - x509.OID_COMMON_NAME, "Important CA" + x509.OID_COMMON_NAME, u"Important CA" ) ]) ) @@ -1998,14 +2000,14 @@ class TestDistributionPoint(object): dp = x509.DistributionPoint( None, x509.Name([ - x509.NameAttribute(x509.OID_COMMON_NAME, "myCN") + x509.NameAttribute(x509.OID_COMMON_NAME, u"myCN") ]), frozenset([x509.ReasonFlags.ca_compromise]), [ x509.DirectoryName( x509.Name([ x509.NameAttribute( - x509.OID_COMMON_NAME, "Important CA" + x509.OID_COMMON_NAME, u"Important CA" ) ]) ) @@ -2015,19 +2017,19 @@ class TestDistributionPoint(object): assert repr(dp) == ( ", value='myCN')>])>, reasons=frozenset({}), crl_issuer=[, value='Important CA')>])>)>])>" + ">, value=u'myCN')>])>, reasons=frozenset({}), crl_issuer=[, value=u'Important CA')>])>)>])>" ) else: assert repr(dp) == ( ", value='myCN')>])>, reasons=frozenset([]), crl_issuer=[, value='Important CA')>])>)>])>" + ">, value=u'myCN')>])>, reasons=frozenset([]), crl_issuer=[, value=u'Important CA')>])>)>])>" ) @@ -2190,18 +2192,18 @@ class TestCRLDistributionPointsExtension(object): x509.DistributionPoint( full_name=[x509.DirectoryName( x509.Name([ - x509.NameAttribute(x509.OID_COUNTRY_NAME, "US"), + x509.NameAttribute(x509.OID_COUNTRY_NAME, u"US"), x509.NameAttribute( x509.OID_ORGANIZATION_NAME, - "Test Certificates 2011" + u"Test Certificates 2011" ), x509.NameAttribute( x509.OID_ORGANIZATIONAL_UNIT_NAME, - "indirectCRL CA3 cRLIssuer" + u"indirectCRL CA3 cRLIssuer" ), x509.NameAttribute( x509.OID_COMMON_NAME, - "indirect CRL for indirectCRL CA3" + u"indirect CRL for indirectCRL CA3" ), ]) )], @@ -2209,14 +2211,14 @@ class TestCRLDistributionPointsExtension(object): reasons=None, crl_issuer=[x509.DirectoryName( x509.Name([ - x509.NameAttribute(x509.OID_COUNTRY_NAME, "US"), + x509.NameAttribute(x509.OID_COUNTRY_NAME, u"US"), x509.NameAttribute( x509.OID_ORGANIZATION_NAME, - "Test Certificates 2011" + u"Test Certificates 2011" ), x509.NameAttribute( x509.OID_ORGANIZATIONAL_UNIT_NAME, - "indirectCRL CA3 cRLIssuer" + u"indirectCRL CA3 cRLIssuer" ), ]) )], @@ -2242,20 +2244,20 @@ class TestCRLDistributionPointsExtension(object): relative_name=x509.Name([ x509.NameAttribute( x509.OID_COMMON_NAME, - "indirect CRL for indirectCRL CA3" + u"indirect CRL for indirectCRL CA3" ), ]), reasons=None, crl_issuer=[x509.DirectoryName( x509.Name([ - x509.NameAttribute(x509.OID_COUNTRY_NAME, "US"), + x509.NameAttribute(x509.OID_COUNTRY_NAME, u"US"), x509.NameAttribute( x509.OID_ORGANIZATION_NAME, - "Test Certificates 2011" + u"Test Certificates 2011" ), x509.NameAttribute( x509.OID_ORGANIZATIONAL_UNIT_NAME, - "indirectCRL CA3 cRLIssuer" + u"indirectCRL CA3 cRLIssuer" ), ]) )], @@ -2287,12 +2289,12 @@ class TestCRLDistributionPointsExtension(object): ]), crl_issuer=[x509.DirectoryName( x509.Name([ - x509.NameAttribute(x509.OID_COUNTRY_NAME, "US"), + x509.NameAttribute(x509.OID_COUNTRY_NAME, u"US"), x509.NameAttribute( - x509.OID_ORGANIZATION_NAME, "PyCA" + x509.OID_ORGANIZATION_NAME, u"PyCA" ), x509.NameAttribute( - x509.OID_COMMON_NAME, "cryptography CA" + x509.OID_COMMON_NAME, u"cryptography CA" ), ]) )], @@ -2377,7 +2379,7 @@ class TestCRLDistributionPointsExtension(object): crl_issuer=[x509.DirectoryName( x509.Name([ x509.NameAttribute( - x509.OID_COMMON_NAME, "cryptography CA" + x509.OID_COMMON_NAME, u"cryptography CA" ), ]) )], -- cgit v1.2.3 From a908d691490818aa03fbdb0d3f96448e8edbb8cf Mon Sep 17 00:00:00 2001 From: Ian Cordasco Date: Tue, 16 Jun 2015 21:35:24 -0500 Subject: Conditionally construct the repr of NameAttributes --- tests/test_x509.py | 36 ++++++++++++++++++++++++++---------- tests/test_x509_ext.py | 26 +++++++++++++++++--------- 2 files changed, 43 insertions(+), 19 deletions(-) diff --git a/tests/test_x509.py b/tests/test_x509.py index 53ddeb84..547aa58e 100644 --- a/tests/test_x509.py +++ b/tests/test_x509.py @@ -10,6 +10,8 @@ import os import pytest +import six + from cryptography import x509 from cryptography.exceptions import UnsupportedAlgorithm from cryptography.hazmat.backends.interfaces import ( @@ -825,10 +827,16 @@ class TestNameAttribute(object): def test_repr(self): na = x509.NameAttribute(x509.ObjectIdentifier('2.5.4.3'), u'value') - assert repr(na) == ( - ", value=u'value')>" - ) + if six.PY3: + assert repr(na) == ( + ", value='value')>" + ) + else: + assert repr(na) == ( + ", value=u'value')>" + ) class TestObjectIdentifier(object): @@ -879,9 +887,17 @@ class TestName(object): x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'PyCA'), ]) - assert repr(name) == ( - ", value=u'cryptography.io')>, , value=u'PyCA')>" - "])>" - ) + if six.PY3: + assert repr(name) == ( + ", value='cryptography.io')>, , valu" + "e='PyCA')>])>" + ) + else: + assert repr(name) == ( + ", value=u'cryptography.io')>, , val" + "ue=u'PyCA')>])>" + ) diff --git a/tests/test_x509_ext.py b/tests/test_x509_ext.py index de8aea98..d836164b 100644 --- a/tests/test_x509_ext.py +++ b/tests/test_x509_ext.py @@ -633,7 +633,7 @@ class TestAuthorityKeyIdentifier(object): assert repr(aki) == ( ", value=u'myC" + ", value='myC" "N')>])>)>], authority_cert_serial_number=1234)>" ) else: @@ -1050,10 +1050,18 @@ class TestDirectoryName(object): def test_repr(self): name = x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, u'value1')]) gn = x509.DirectoryName(x509.Name([name])) - assert repr(gn) == ( - ", value=u'value1')>])>])>)>" - ) + if six.PY3: + assert repr(gn) == ( + ", value='value1')>])" + ">])>)>" + ) + else: + assert repr(gn) == ( + ", value=u'value1')>]" + ")>])>)>" + ) def test_eq(self): name = x509.Name([ @@ -2017,10 +2025,10 @@ class TestDistributionPoint(object): assert repr(dp) == ( ", value=u'myCN')>])>, reasons=frozenset({}), crl_issuer=[, value=u'Important CA')>])>)>])>" + ">, value='myCN')>])>, reasons=frozenset({}), crl_issuer=[, value='Important CA')>])>)>])>" ) else: assert repr(dp) == ( -- cgit v1.2.3 From ab94b90c077674031bda9c249c2b0eab5ddca5c4 Mon Sep 17 00:00:00 2001 From: Ian Cordasco Date: Wed, 17 Jun 2015 08:28:02 -0500 Subject: Add note to CHANGELOG about change to NameAttribute --- CHANGELOG.rst | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index f521c11d..5c9d08ea 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -22,6 +22,8 @@ Changelog provisioning URIs. * Add :class:`~cryptography.hazmat.primitives.kdf.concatkdf.ConcatKDFHash` and :class:`~cryptography.hazmat.primitives.kdf.concatkdf.ConcatKDFHMAC`. +* Raise a ``TypeError`` when passing objects that are not text as the value to + :class:`~cryptography.x509.NameAttribute`. 0.9.1 - 2015-06-06 ~~~~~~~~~~~~~~~~~~ -- cgit v1.2.3