From dd6b78be80e9b31e07a9ef695aaa902ef042dcfd Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Fri, 31 Aug 2018 18:25:52 -0500 Subject: Fixes #4333 -- added support for precert poison extension (#4442) * Fixes #4333 -- added support for precert poison extension * Make work on all OpenSSL versions * fixed flake8 + docs * fix for older OpenSSLs * document this * spell --- tests/x509/test_x509_ext.py | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) (limited to 'tests/x509') diff --git a/tests/x509/test_x509_ext.py b/tests/x509/test_x509_ext.py index c052f859..7e0ae220 100644 --- a/tests/x509/test_x509_ext.py +++ b/tests/x509/test_x509_ext.py @@ -4440,6 +4440,35 @@ class TestInhibitAnyPolicyExtension(object): assert iap.skip_certs == 5 +@pytest.mark.requires_backend_interface(interface=RSABackend) +@pytest.mark.requires_backend_interface(interface=X509Backend) +class TestPrecertPoisonExtension(object): + def test_load(self, backend): + cert = _load_cert( + os.path.join("x509", "cryptography.io.precert.pem"), + x509.load_pem_x509_certificate, + backend + ) + poison = cert.extensions.get_extension_for_oid( + ExtensionOID.PRECERT_POISON + ).value + assert isinstance(poison, x509.PrecertPoison) + poison = cert.extensions.get_extension_for_class( + x509.PrecertPoison + ).value + assert isinstance(poison, x509.PrecertPoison) + + def test_generate(self, backend): + private_key = RSA_KEY_2048.private_key(backend) + cert = _make_certbuilder(private_key).add_extension( + x509.PrecertPoison(), critical=True + ).sign(private_key, hashes.SHA256(), backend) + poison = cert.extensions.get_extension_for_oid( + ExtensionOID.PRECERT_POISON + ).value + assert isinstance(poison, x509.PrecertPoison) + + @pytest.mark.requires_backend_interface(interface=RSABackend) @pytest.mark.requires_backend_interface(interface=X509Backend) class TestPrecertificateSignedCertificateTimestampsExtension(object): -- cgit v1.2.3