From b77c716a2935b2fc1de30092ebacdaefae184414 Mon Sep 17 00:00:00 2001
From: Ian Cordasco <graffatcolmingov@gmail.com>
Date: Mon, 20 Jul 2015 21:22:33 -0500
Subject: Add tests to test_openssl backend for extra coverage

---
 tests/hazmat/backends/test_openssl.py | 39 +++++++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)

(limited to 'tests/hazmat/backends/test_openssl.py')

diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py
index 6a2e8a77..5505c630 100644
--- a/tests/hazmat/backends/test_openssl.py
+++ b/tests/hazmat/backends/test_openssl.py
@@ -4,6 +4,7 @@
 
 from __future__ import absolute_import, division, print_function
 
+import datetime
 import os
 import subprocess
 import sys
@@ -14,6 +15,7 @@ import pretend
 import pytest
 
 from cryptography import utils
+from cryptography import x509
 from cryptography.exceptions import InternalError, _Reasons
 from cryptography.hazmat.backends.interfaces import RSABackend
 from cryptography.hazmat.backends.openssl.backend import (
@@ -478,6 +480,43 @@ class TestOpenSSLCreateX509CSR(object):
             backend.create_x509_csr(object(), private_key, hashes.SHA1())
 
 
+class TestOpenSSLSignX509Certificate(object):
+    def test_requires_certificate_builder(self):
+        private_key = RSA_KEY_2048.private_key(backend)
+
+        with pytest.raises(TypeError):
+            backend.sign_x509_certificate(object(), private_key, DummyHash())
+
+    def test_checks_for_unsupported_extensions(self):
+        private_key = RSA_KEY_2048.private_key(backend)
+        builder = x509.CertificateBuilder().version(
+            x509.Version.v3
+        ).subject_name(x509.Name([
+            x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
+            x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Texas'),
+            x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Austin'),
+            x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'PyCA'),
+            x509.NameAttribute(x509.OID_COMMON_NAME, u'cryptography.io'),
+        ])).public_key(
+            private_key.public_key()
+        ).serial_number(
+            777
+        ).not_valid_before(
+            datetime.datetime(1999, 1, 1)
+        ).not_valid_after(
+            datetime.datetime(2020, 1, 1)
+        )
+
+        builder._extensions.append(x509.Extension(
+            oid=x509.OID_COUNTRY_NAME,
+            critical=False,
+            value=object()
+        ))
+
+        with pytest.raises(NotImplementedError):
+            backend.sign_x509_certificate(builder, private_key, hashes.SHA1())
+
+
 class TestOpenSSLSerialisationWithOpenSSL(object):
     def test_pem_password_cb_buffer_too_small(self):
         ffi_cb, cb = backend._pem_password_cb(b"aa")
-- 
cgit v1.2.3


From 893246fd6b6dcefa270777e7cb8261a3131a2745 Mon Sep 17 00:00:00 2001
From: Ian Cordasco <graffatcolmingov@gmail.com>
Date: Fri, 24 Jul 2015 14:52:18 -0500
Subject: Remove CertificateBuilder.version

Default CertificateBuilder to Version.v3
---
 tests/hazmat/backends/test_openssl.py | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

(limited to 'tests/hazmat/backends/test_openssl.py')

diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py
index 5505c630..daa37874 100644
--- a/tests/hazmat/backends/test_openssl.py
+++ b/tests/hazmat/backends/test_openssl.py
@@ -489,9 +489,7 @@ class TestOpenSSLSignX509Certificate(object):
 
     def test_checks_for_unsupported_extensions(self):
         private_key = RSA_KEY_2048.private_key(backend)
-        builder = x509.CertificateBuilder().version(
-            x509.Version.v3
-        ).subject_name(x509.Name([
+        builder = x509.CertificateBuilder().subject_name(x509.Name([
             x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
             x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Texas'),
             x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Austin'),
-- 
cgit v1.2.3


From 17c8900f0b38052d16864de493bd1d409cc94180 Mon Sep 17 00:00:00 2001
From: Ian Cordasco <graffatcolmingov@gmail.com>
Date: Sun, 2 Aug 2015 21:13:59 -0500
Subject: Add note to serial_number parameter about entropy

- Add reference to random-numbers.rst for easy intra-linking
- Document critical parameter of CertificateBuilder.add_extension
- Support InhibitAnyPolicy in the CertificateBuilder frontend but not
  in the backend
- Slim down more tests
- Fix up test that asserts the backend does not allow for unsupported
  extensions
---
 tests/hazmat/backends/test_openssl.py | 14 +++-----------
 1 file changed, 3 insertions(+), 11 deletions(-)

(limited to 'tests/hazmat/backends/test_openssl.py')

diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py
index daa37874..5b611cd0 100644
--- a/tests/hazmat/backends/test_openssl.py
+++ b/tests/hazmat/backends/test_openssl.py
@@ -491,10 +491,6 @@ class TestOpenSSLSignX509Certificate(object):
         private_key = RSA_KEY_2048.private_key(backend)
         builder = x509.CertificateBuilder().subject_name(x509.Name([
             x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
-            x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Texas'),
-            x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Austin'),
-            x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'PyCA'),
-            x509.NameAttribute(x509.OID_COMMON_NAME, u'cryptography.io'),
         ])).public_key(
             private_key.public_key()
         ).serial_number(
@@ -503,16 +499,12 @@ class TestOpenSSLSignX509Certificate(object):
             datetime.datetime(1999, 1, 1)
         ).not_valid_after(
             datetime.datetime(2020, 1, 1)
+        ).add_extension(
+            x509.InhibitAnyPolicy(0), False
         )
 
-        builder._extensions.append(x509.Extension(
-            oid=x509.OID_COUNTRY_NAME,
-            critical=False,
-            value=object()
-        ))
-
         with pytest.raises(NotImplementedError):
-            backend.sign_x509_certificate(builder, private_key, hashes.SHA1())
+            builder.sign(backend, private_key, hashes.SHA1())
 
 
 class TestOpenSSLSerialisationWithOpenSSL(object):
-- 
cgit v1.2.3