From d3e84164d9932782beebfb997615bca6f6d30a8b Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Sun, 28 Jun 2015 10:14:55 -0400 Subject: Initial code to encode SANs --- tests/test_x509.py | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) (limited to 'tests') diff --git a/tests/test_x509.py b/tests/test_x509.py index df315cc3..64a59237 100644 --- a/tests/test_x509.py +++ b/tests/test_x509.py @@ -884,6 +884,30 @@ class TestCertificateSigningRequestBuilder(object): ]) ) + def test_subject_alt_names(self, backend): + private_key = RSA_KEY_2048.private_key(backend) + + csr = x509.CertificateSigningRequestBuilder().subject_name( + x509.Name([ + x509.NameAttribute(x509.OID_COMMON_NAME, u"SAN"), + ]) + ).add_extension( + x509.SubjectAlternativeName([ + x509.DNSName(u"google.com"), + ]), + critical=False, + ).sign(private_key, hashes.SHA256(), backend) + + assert len(csr.extensions) == 1 + ext = csr.extensions.get_extension_for_oid( + x509.OID_SUBJECT_ALTERNATIVE_NAME + ) + assert not ext.critical + assert ext.oid == x509.OID_SUBJECT_ALTERNATIVE_NAME + assert list(ext.value) == [ + x509.DNSName(u"google.com"), + ] + @pytest.mark.requires_backend_interface(interface=DSABackend) @pytest.mark.requires_backend_interface(interface=X509Backend) -- cgit v1.2.3 From ac7f70a1dc284339238fcfbdfba4f76476ab3d29 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Sun, 28 Jun 2015 11:07:52 -0400 Subject: fix the not implemeneted test --- tests/test_x509.py | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) (limited to 'tests') diff --git a/tests/test_x509.py b/tests/test_x509.py index 64a59237..133f0535 100644 --- a/tests/test_x509.py +++ b/tests/test_x509.py @@ -864,7 +864,17 @@ class TestCertificateSigningRequestBuilder(object): x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), ]) ).add_extension( - x509.SubjectAlternativeName([x509.DNSName(u"cryptography.io")]), + x509.KeyUsage( + digital_signature=True, + content_commitment=True, + key_encipherment=False, + data_encipherment=False, + key_agreement=False, + key_cert_sign=True, + crl_sign=False, + encipher_only=False, + decipher_only=False + ), critical=False, ) with pytest.raises(NotImplementedError): -- cgit v1.2.3 From e49351193d5027f212fd6a7677e7859cc71fe6d8 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Fri, 3 Jul 2015 10:29:49 -0400 Subject: fixed merge --- tests/test_x509.py | 13 ------------- 1 file changed, 13 deletions(-) (limited to 'tests') diff --git a/tests/test_x509.py b/tests/test_x509.py index 3491446d..fb74e3b1 100644 --- a/tests/test_x509.py +++ b/tests/test_x509.py @@ -863,19 +863,6 @@ class TestCertificateSigningRequestBuilder(object): x509.Name([ x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), ]) - ).add_extension( - x509.KeyUsage( - digital_signature=True, - content_commitment=True, - key_encipherment=False, - data_encipherment=False, - key_agreement=False, - key_cert_sign=True, - crl_sign=False, - encipher_only=False, - decipher_only=False - ), - critical=False, ).add_extension( x509.KeyUsage( digital_signature=True, -- cgit v1.2.3 From 7583f7ff3a2d655aa1f58fde1fa13da7e8b40f57 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Fri, 3 Jul 2015 10:56:49 -0400 Subject: add this part of the test back --- tests/test_x509.py | 3 +++ 1 file changed, 3 insertions(+) (limited to 'tests') diff --git a/tests/test_x509.py b/tests/test_x509.py index 32f29ff5..3975d5b6 100644 --- a/tests/test_x509.py +++ b/tests/test_x509.py @@ -877,6 +877,9 @@ class TestCertificateSigningRequestBuilder(object): x509.Name([ x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), ]) + ).add_extension( + x509.SubjectAlternativeName([x509.DNSName(u"cryptography.io")]), + critical=False, ).add_extension( x509.KeyUsage( digital_signature=True, -- cgit v1.2.3 From d5f718c19c09f529ff34b319a1e2e0e7f1862a9a Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Sun, 5 Jul 2015 11:19:38 -0400 Subject: Organize code a bit better --- tests/test_x509.py | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'tests') diff --git a/tests/test_x509.py b/tests/test_x509.py index 3975d5b6..6cc0fc48 100644 --- a/tests/test_x509.py +++ b/tests/test_x509.py @@ -935,6 +935,24 @@ class TestCertificateSigningRequestBuilder(object): x509.DNSName(u"google.com"), ] + def test_subject_alt_name_unsupported_general_name(self, backend): + private_key = RSA_KEY_2048.private_key(backend) + + builder = x509.CertificateSigningRequestBuilder().subject_name( + x509.Name([ + x509.NameAttribute(x509.OID_COMMON_NAME, u"SAN"), + ]) + ).add_extension( + x509.SubjectAlternativeName([ + x509.RFC822Name(u"test@example.com"), + ]), + critical=False, + ) + + with pytest.raises(NotImplementedError): + builder.sign(private_key, hashes.SHA256(), backend) + + @pytest.mark.requires_backend_interface(interface=DSABackend) @pytest.mark.requires_backend_interface(interface=X509Backend) -- cgit v1.2.3 From eae9560f6801e9c89381c2616b795b9037f2a6a9 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Sun, 5 Jul 2015 11:36:57 -0400 Subject: flake8 for the flkae8 god --- tests/test_x509.py | 1 - 1 file changed, 1 deletion(-) (limited to 'tests') diff --git a/tests/test_x509.py b/tests/test_x509.py index 6cc0fc48..b8c3b03a 100644 --- a/tests/test_x509.py +++ b/tests/test_x509.py @@ -953,7 +953,6 @@ class TestCertificateSigningRequestBuilder(object): builder.sign(private_key, hashes.SHA256(), backend) - @pytest.mark.requires_backend_interface(interface=DSABackend) @pytest.mark.requires_backend_interface(interface=X509Backend) class TestDSACertificate(object): -- cgit v1.2.3 From 6431d50831b8e4a4927f5e6619603eeac78ff489 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Sun, 5 Jul 2015 12:28:46 -0400 Subject: Wildcards. Also fixed a bug with multiple GNs --- tests/test_x509.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'tests') diff --git a/tests/test_x509.py b/tests/test_x509.py index b8c3b03a..78552978 100644 --- a/tests/test_x509.py +++ b/tests/test_x509.py @@ -920,7 +920,8 @@ class TestCertificateSigningRequestBuilder(object): ]) ).add_extension( x509.SubjectAlternativeName([ - x509.DNSName(u"google.com"), + x509.DNSName(u"example.com"), + x509.DNSName(u"*.example.com"), ]), critical=False, ).sign(private_key, hashes.SHA256(), backend) @@ -932,7 +933,8 @@ class TestCertificateSigningRequestBuilder(object): assert not ext.critical assert ext.oid == x509.OID_SUBJECT_ALTERNATIVE_NAME assert list(ext.value) == [ - x509.DNSName(u"google.com"), + x509.DNSName(u"example.com"), + x509.DNSName(u"*.example.com"), ] def test_subject_alt_name_unsupported_general_name(self, backend): -- cgit v1.2.3