Update CSR tests and implementation

- Use keyword arguments for x509.BasicConstraints in tests (missed in b790edbdc8fb9a026353d6fb99994326197705c7). - Place X509_request garbage collection under assertion. - Assert that X509 extensions created are not null. - Don't copy the extensions list in CertificateSigningBuilder. They're never appended to, so copying isn't necessary. - Use RSA key fixtures instead of generating new ones on each test run
author: Ian Cordasco <ian.cordasco@rackspace.com> 2015-06-17 11:49:11 -0500
committer: Ian Cordasco <graffatcolmingov@gmail.com> 2015-06-24 13:35:50 -0500
commit: 41f51ce4690472ae930ccffd1a0b9e198945aa84 (patch)
tree: b4237c5fd30726e61499c8286eed1701ee65029f
parent: 94b34d3dd621074bc4d15cdaa548b230886f5d57 (diff)
download: cryptography-41f51ce4690472ae930ccffd1a0b9e198945aa84.tar.gz
cryptography-41f51ce4690472ae930ccffd1a0b9e198945aa84.tar.bz2
cryptography-41f51ce4690472ae930ccffd1a0b9e198945aa84.zip
3 files changed, 8 insertions, 23 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index 1861d182..406117b9 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -817,8 +817,8 @@ class Backend(object):
 
         # Create an empty request.
         x509_req = self._lib.X509_REQ_new()
-        x509_req = self._ffi.gc(x509_req, self._lib.X509_REQ_free)
         assert x509_req != self._ffi.NULL
+        x509_req = self._ffi.gc(x509_req, self._lib.X509_REQ_free)
 
         # Set x509 version.
         res = self._lib.X509_REQ_set_version(x509_req, x509.Version.v1.value)
@@ -839,6 +839,7 @@ class Backend(object):
 
         # Add extensions.
         extensions = self._lib.sk_X509_EXTENSION_new_null()
+        assert extensions != self._ffi.NULL
         extensions = self._ffi.gc(
             extensions,
             self._lib.sk_X509_EXTENSION_free,
diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py
index ab4f3c7e..7e1e34e2 100644
--- a/src/cryptography/x509.py
+++ b/src/cryptography/x509.py
@@ -1450,7 +1450,7 @@ class CertificateSigningRequestBuilder(object):
         Creates an empty X.509 certificate request (v1).
         """
         self._subject_name = subject_name
-        self._extensions = extensions[:]
+        self._extensions = extensions
 
     def subject_name(self, name):
         """
diff --git a/tests/test_x509.py b/tests/test_x509.py
index b2babc66..650c5646 100644
--- a/tests/test_x509.py
+++ b/tests/test_x509.py
@@ -21,6 +21,7 @@ from cryptography.hazmat.primitives import hashes, serialization
 from cryptography.hazmat.primitives.asymmetric import dsa, ec, rsa
 
 from .hazmat.primitives.test_ec import _skip_curve_unsupported
+from .hazmat.primitives.fixtures_rsa import RSA_KEY_2048
 from .utils import load_vectors_from_file
 
 
@@ -683,22 +684,11 @@ class TestRSACertificateRequest(object):
 @pytest.mark.requires_backend_interface(interface=X509Backend)
 class TestCertificateSigningRequestBuilder(object):
     def test_sign_invalid_hash_algorithm(self, backend):
-        private_key = rsa.generate_private_key(
-            public_exponent=65537,
-            key_size=2048,
-            backend=backend,
-        )
         builder = x509.CertificateSigningRequestBuilder()
         with pytest.raises(TypeError):
-            builder.sign(backend, private_key, 'NotAHash')
+            builder.sign(backend, RSA_KEY_2048, 'NotAHash')
 
     def test_build_ca_request(self, backend):
-        private_key = rsa.generate_private_key(
-            public_exponent=65537,
-            key_size=2048,
-            backend=backend,
-        )
-
         request = x509.CertificateSigningRequestBuilder().subject_name(
             x509.Name([
                 x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
@@ -708,9 +698,9 @@ class TestCertificateSigningRequestBuilder(object):
                 x509.NameAttribute(x509.OID_COMMON_NAME, u'cryptography.io'),
             ])
         ).add_extension(
-            x509.BasicConstraints(True, 2), critical=True
+            x509.BasicConstraints(ca=True, path_length=2), critical=True
         ).sign(
-            backend, private_key, hashes.SHA1()
+            backend, RSA_KEY_2048, hashes.SHA1()
         )
 
         assert isinstance(request.signature_hash_algorithm, hashes.SHA1)
@@ -732,12 +722,6 @@ class TestCertificateSigningRequestBuilder(object):
         assert basic_constraints.value.path_length == 2
 
     def test_build_nonca_request(self, backend):
-        private_key = rsa.generate_private_key(
-            public_exponent=65537,
-            key_size=2048,
-            backend=backend,
-        )
-
         request = x509.CertificateSigningRequestBuilder().subject_name(
             x509.Name([
                 x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
@@ -749,7 +733,7 @@ class TestCertificateSigningRequestBuilder(object):
         ).add_extension(
             x509.BasicConstraints(ca=False, path_length=None), critical=True,
         ).sign(
-            backend, private_key, hashes.SHA1()
+            backend, RSA_KEY_2048, hashes.SHA1()
         )
 
         assert isinstance(request.signature_hash_algorithm, hashes.SHA1)
author	Ian Cordasco <ian.cordasco@rackspace.com>	2015-06-17 11:49:11 -0500
committer	Ian Cordasco <graffatcolmingov@gmail.com>	2015-06-24 13:35:50 -0500
commit	41f51ce4690472ae930ccffd1a0b9e198945aa84 (patch)
tree	b4237c5fd30726e61499c8286eed1701ee65029f
parent	94b34d3dd621074bc4d15cdaa548b230886f5d57 (diff)
download	cryptography-41f51ce4690472ae930ccffd1a0b9e198945aa84.tar.gz cryptography-41f51ce4690472ae930ccffd1a0b9e198945aa84.tar.bz2 cryptography-41f51ce4690472ae930ccffd1a0b9e198945aa84.zip