diff options
| -rw-r--r-- | src/cryptography/x509/__init__.py | 12 | ||||
| -rw-r--r-- | src/cryptography/x509/base.py | 233 | ||||
| -rw-r--r-- | src/cryptography/x509/extensions.py | 235 | ||||
| -rw-r--r-- | tests/test_x509.py | 32 | ||||
| -rw-r--r-- | tests/test_x509_ext.py | 64 |
5 files changed, 292 insertions, 284 deletions
diff --git a/src/cryptography/x509/__init__.py b/src/cryptography/x509/__init__.py index 389d737b..0beff1f8 100644 --- a/src/cryptography/x509/__init__.py +++ b/src/cryptography/x509/__init__.py @@ -5,21 +5,21 @@ from __future__ import absolute_import, division, print_function from cryptography.x509.base import ( - AccessDescription, AuthorityInformationAccess, - BasicConstraints, CRLDistributionPoints, Certificate, CertificateBuilder, + Certificate, CertificateBuilder, CertificatePolicies, CertificateRevocationList, CertificateSigningRequest, - CertificateSigningRequestBuilder, DistributionPoint, + CertificateSigningRequestBuilder, DuplicateExtension, ExtendedKeyUsage, Extension, ExtensionNotFound, ExtensionType, Extensions, GeneralNames, InhibitAnyPolicy, InvalidVersion, IssuerAlternativeName, KeyUsage, NameConstraints, NoticeReference, OCSPNoCheck, ObjectIdentifier, - PolicyInformation, ReasonFlags, - RevokedCertificate, SubjectAlternativeName, + PolicyInformation, RevokedCertificate, SubjectAlternativeName, UnsupportedExtension, UserNotice, Version, load_der_x509_certificate, load_der_x509_csr, load_pem_x509_certificate, load_pem_x509_csr, ) from cryptography.x509.extensions import ( - AuthorityKeyIdentifier, SubjectKeyIdentifier + AccessDescription, AuthorityInformationAccess, + AuthorityKeyIdentifier, BasicConstraints, CRLDistributionPoints, + DistributionPoint, ReasonFlags, SubjectKeyIdentifier ) from cryptography.x509.general_name import ( DNSName, DirectoryName, GeneralName, IPAddress, OtherName, RFC822Name, diff --git a/src/cryptography/x509/base.py b/src/cryptography/x509/base.py index b906c7a8..7e755de0 100644 --- a/src/cryptography/x509/base.py +++ b/src/cryptography/x509/base.py @@ -16,7 +16,7 @@ from cryptography.hazmat.primitives.asymmetric import dsa, ec, rsa from cryptography.x509.general_name import GeneralName, IPAddress, OtherName from cryptography.x509.name import Name from cryptography.x509.oid import ( - AuthorityInformationAccessOID, ExtensionOID, ObjectIdentifier + ExtensionOID, ObjectIdentifier ) @@ -168,45 +168,6 @@ class OCSPNoCheck(object): @utils.register_interface(ExtensionType) -class BasicConstraints(object): - oid = ExtensionOID.BASIC_CONSTRAINTS - - def __init__(self, ca, path_length): - if not isinstance(ca, bool): - raise TypeError("ca must be a boolean value") - - if path_length is not None and not ca: - raise ValueError("path_length must be None when ca is False") - - if ( - path_length is not None and - (not isinstance(path_length, six.integer_types) or path_length < 0) - ): - raise TypeError( - "path_length must be a non-negative integer or None" - ) - - self._ca = ca - self._path_length = path_length - - ca = utils.read_only_property("_ca") - path_length = utils.read_only_property("_path_length") - - def __repr__(self): - return ("<BasicConstraints(ca={0.ca}, " - "path_length={0.path_length})>").format(self) - - def __eq__(self, other): - if not isinstance(other, BasicConstraints): - return NotImplemented - - return self.ca == other.ca and self.path_length == other.path_length - - def __ne__(self, other): - return not self == other - - -@utils.register_interface(ExtensionType) class KeyUsage(object): oid = ExtensionOID.KEY_USAGE @@ -293,74 +254,6 @@ class KeyUsage(object): @utils.register_interface(ExtensionType) -class AuthorityInformationAccess(object): - oid = ExtensionOID.AUTHORITY_INFORMATION_ACCESS - - def __init__(self, descriptions): - if not all(isinstance(x, AccessDescription) for x in descriptions): - raise TypeError( - "Every item in the descriptions list must be an " - "AccessDescription" - ) - - self._descriptions = descriptions - - def __iter__(self): - return iter(self._descriptions) - - def __len__(self): - return len(self._descriptions) - - def __repr__(self): - return "<AuthorityInformationAccess({0})>".format(self._descriptions) - - def __eq__(self, other): - if not isinstance(other, AuthorityInformationAccess): - return NotImplemented - - return self._descriptions == other._descriptions - - def __ne__(self, other): - return not self == other - - -class AccessDescription(object): - def __init__(self, access_method, access_location): - if not (access_method == AuthorityInformationAccessOID.OCSP or - access_method == AuthorityInformationAccessOID.CA_ISSUERS): - raise ValueError( - "access_method must be OID_OCSP or OID_CA_ISSUERS" - ) - - if not isinstance(access_location, GeneralName): - raise TypeError("access_location must be a GeneralName") - - self._access_method = access_method - self._access_location = access_location - - def __repr__(self): - return ( - "<AccessDescription(access_method={0.access_method}, access_locati" - "on={0.access_location})>".format(self) - ) - - def __eq__(self, other): - if not isinstance(other, AccessDescription): - return NotImplemented - - return ( - self.access_method == other.access_method and - self.access_location == other.access_location - ) - - def __ne__(self, other): - return not self == other - - access_method = utils.read_only_property("_access_method") - access_location = utils.read_only_property("_access_location") - - -@utils.register_interface(ExtensionType) class CertificatePolicies(object): oid = ExtensionOID.CERTIFICATE_POLICIES @@ -568,130 +461,6 @@ class NameConstraints(object): @utils.register_interface(ExtensionType) -class CRLDistributionPoints(object): - oid = ExtensionOID.CRL_DISTRIBUTION_POINTS - - def __init__(self, distribution_points): - if not all( - isinstance(x, DistributionPoint) for x in distribution_points - ): - raise TypeError( - "distribution_points must be a list of DistributionPoint " - "objects" - ) - - self._distribution_points = distribution_points - - def __iter__(self): - return iter(self._distribution_points) - - def __len__(self): - return len(self._distribution_points) - - def __repr__(self): - return "<CRLDistributionPoints({0})>".format(self._distribution_points) - - def __eq__(self, other): - if not isinstance(other, CRLDistributionPoints): - return NotImplemented - - return self._distribution_points == other._distribution_points - - def __ne__(self, other): - return not self == other - - -class DistributionPoint(object): - def __init__(self, full_name, relative_name, reasons, crl_issuer): - if full_name and relative_name: - raise ValueError( - "You cannot provide both full_name and relative_name, at " - "least one must be None." - ) - - if full_name and not all( - isinstance(x, GeneralName) for x in full_name - ): - raise TypeError( - "full_name must be a list of GeneralName objects" - ) - - if relative_name and not isinstance(relative_name, Name): - raise TypeError("relative_name must be a Name") - - if crl_issuer and not all( - isinstance(x, GeneralName) for x in crl_issuer - ): - raise TypeError( - "crl_issuer must be None or a list of general names" - ) - - if reasons and (not isinstance(reasons, frozenset) or not all( - isinstance(x, ReasonFlags) for x in reasons - )): - raise TypeError("reasons must be None or frozenset of ReasonFlags") - - if reasons and ( - ReasonFlags.unspecified in reasons or - ReasonFlags.remove_from_crl in reasons - ): - raise ValueError( - "unspecified and remove_from_crl are not valid reasons in a " - "DistributionPoint" - ) - - if reasons and not crl_issuer and not (full_name or relative_name): - raise ValueError( - "You must supply crl_issuer, full_name, or relative_name when " - "reasons is not None" - ) - - self._full_name = full_name - self._relative_name = relative_name - self._reasons = reasons - self._crl_issuer = crl_issuer - - def __repr__(self): - return ( - "<DistributionPoint(full_name={0.full_name}, relative_name={0.rela" - "tive_name}, reasons={0.reasons}, crl_issuer={0.crl_is" - "suer})>".format(self) - ) - - def __eq__(self, other): - if not isinstance(other, DistributionPoint): - return NotImplemented - - return ( - self.full_name == other.full_name and - self.relative_name == other.relative_name and - self.reasons == other.reasons and - self.crl_issuer == other.crl_issuer - ) - - def __ne__(self, other): - return not self == other - - full_name = utils.read_only_property("_full_name") - relative_name = utils.read_only_property("_relative_name") - reasons = utils.read_only_property("_reasons") - crl_issuer = utils.read_only_property("_crl_issuer") - - -class ReasonFlags(Enum): - unspecified = "unspecified" - key_compromise = "keyCompromise" - ca_compromise = "cACompromise" - affiliation_changed = "affiliationChanged" - superseded = "superseded" - cessation_of_operation = "cessationOfOperation" - certificate_hold = "certificateHold" - privilege_withdrawn = "privilegeWithdrawn" - aa_compromise = "aACompromise" - remove_from_crl = "removeFromCRL" - - -@utils.register_interface(ExtensionType) class InhibitAnyPolicy(object): oid = ExtensionOID.INHIBIT_ANY_POLICY diff --git a/src/cryptography/x509/extensions.py b/src/cryptography/x509/extensions.py index 38175531..eef9f11a 100644 --- a/src/cryptography/x509/extensions.py +++ b/src/cryptography/x509/extensions.py @@ -5,6 +5,7 @@ from __future__ import absolute_import, division, print_function import hashlib +from enum import Enum from pyasn1.codec.der import decoder from pyasn1.type import namedtype, univ @@ -15,8 +16,9 @@ from cryptography import utils from cryptography.hazmat.primitives import serialization from cryptography.x509.base import ExtensionType from cryptography.x509.general_name import GeneralName +from cryptography.x509.name import Name from cryptography.x509.oid import ( - ExtensionOID + AuthorityInformationAccessOID, ExtensionOID ) @@ -142,3 +144,234 @@ class SubjectKeyIdentifier(object): def __ne__(self, other): return not self == other + + +@utils.register_interface(ExtensionType) +class AuthorityInformationAccess(object): + oid = ExtensionOID.AUTHORITY_INFORMATION_ACCESS + + def __init__(self, descriptions): + if not all(isinstance(x, AccessDescription) for x in descriptions): + raise TypeError( + "Every item in the descriptions list must be an " + "AccessDescription" + ) + + self._descriptions = descriptions + + def __iter__(self): + return iter(self._descriptions) + + def __len__(self): + return len(self._descriptions) + + def __repr__(self): + return "<AuthorityInformationAccess({0})>".format(self._descriptions) + + def __eq__(self, other): + if not isinstance(other, AuthorityInformationAccess): + return NotImplemented + + return self._descriptions == other._descriptions + + def __ne__(self, other): + return not self == other + + +class AccessDescription(object): + def __init__(self, access_method, access_location): + if not (access_method == AuthorityInformationAccessOID.OCSP or + access_method == AuthorityInformationAccessOID.CA_ISSUERS): + raise ValueError( + "access_method must be OID_OCSP or OID_CA_ISSUERS" + ) + + if not isinstance(access_location, GeneralName): + raise TypeError("access_location must be a GeneralName") + + self._access_method = access_method + self._access_location = access_location + + def __repr__(self): + return ( + "<AccessDescription(access_method={0.access_method}, access_locati" + "on={0.access_location})>".format(self) + ) + + def __eq__(self, other): + if not isinstance(other, AccessDescription): + return NotImplemented + + return ( + self.access_method == other.access_method and + self.access_location == other.access_location + ) + + def __ne__(self, other): + return not self == other + + access_method = utils.read_only_property("_access_method") + access_location = utils.read_only_property("_access_location") + + +@utils.register_interface(ExtensionType) +class BasicConstraints(object): + oid = ExtensionOID.BASIC_CONSTRAINTS + + def __init__(self, ca, path_length): + if not isinstance(ca, bool): + raise TypeError("ca must be a boolean value") + + if path_length is not None and not ca: + raise ValueError("path_length must be None when ca is False") + + if ( + path_length is not None and + (not isinstance(path_length, six.integer_types) or path_length < 0) + ): + raise TypeError( + "path_length must be a non-negative integer or None" + ) + + self._ca = ca + self._path_length = path_length + + ca = utils.read_only_property("_ca") + path_length = utils.read_only_property("_path_length") + + def __repr__(self): + return ("<BasicConstraints(ca={0.ca}, " + "path_length={0.path_length})>").format(self) + + def __eq__(self, other): + if not isinstance(other, BasicConstraints): + return NotImplemented + + return self.ca == other.ca and self.path_length == other.path_length + + def __ne__(self, other): + return not self == other + + +@utils.register_interface(ExtensionType) +class CRLDistributionPoints(object): + oid = ExtensionOID.CRL_DISTRIBUTION_POINTS + + def __init__(self, distribution_points): + if not all( + isinstance(x, DistributionPoint) for x in distribution_points + ): + raise TypeError( + "distribution_points must be a list of DistributionPoint " + "objects" + ) + + self._distribution_points = distribution_points + + def __iter__(self): + return iter(self._distribution_points) + + def __len__(self): + return len(self._distribution_points) + + def __repr__(self): + return "<CRLDistributionPoints({0})>".format(self._distribution_points) + + def __eq__(self, other): + if not isinstance(other, CRLDistributionPoints): + return NotImplemented + + return self._distribution_points == other._distribution_points + + def __ne__(self, other): + return not self == other + + +class DistributionPoint(object): + def __init__(self, full_name, relative_name, reasons, crl_issuer): + if full_name and relative_name: + raise ValueError( + "You cannot provide both full_name and relative_name, at " + "least one must be None." + ) + + if full_name and not all( + isinstance(x, GeneralName) for x in full_name + ): + raise TypeError( + "full_name must be a list of GeneralName objects" + ) + + if relative_name and not isinstance(relative_name, Name): + raise TypeError("relative_name must be a Name") + + if crl_issuer and not all( + isinstance(x, GeneralName) for x in crl_issuer + ): + raise TypeError( + "crl_issuer must be None or a list of general names" + ) + + if reasons and (not isinstance(reasons, frozenset) or not all( + isinstance(x, ReasonFlags) for x in reasons + )): + raise TypeError("reasons must be None or frozenset of ReasonFlags") + + if reasons and ( + ReasonFlags.unspecified in reasons or + ReasonFlags.remove_from_crl in reasons + ): + raise ValueError( + "unspecified and remove_from_crl are not valid reasons in a " + "DistributionPoint" + ) + + if reasons and not crl_issuer and not (full_name or relative_name): + raise ValueError( + "You must supply crl_issuer, full_name, or relative_name when " + "reasons is not None" + ) + + self._full_name = full_name + self._relative_name = relative_name + self._reasons = reasons + self._crl_issuer = crl_issuer + + def __repr__(self): + return ( + "<DistributionPoint(full_name={0.full_name}, relative_name={0.rela" + "tive_name}, reasons={0.reasons}, crl_issuer={0.crl_is" + "suer})>".format(self) + ) + + def __eq__(self, other): + if not isinstance(other, DistributionPoint): + return NotImplemented + + return ( + self.full_name == other.full_name and + self.relative_name == other.relative_name and + self.reasons == other.reasons and + self.crl_issuer == other.crl_issuer + ) + + def __ne__(self, other): + return not self == other + + full_name = utils.read_only_property("_full_name") + relative_name = utils.read_only_property("_relative_name") + reasons = utils.read_only_property("_reasons") + crl_issuer = utils.read_only_property("_crl_issuer") + + +class ReasonFlags(Enum): + unspecified = "unspecified" + key_compromise = "keyCompromise" + ca_compromise = "cACompromise" + affiliation_changed = "affiliationChanged" + superseded = "superseded" + cessation_of_operation = "cessationOfOperation" + certificate_hold = "certificateHold" + privilege_withdrawn = "privilegeWithdrawn" + aa_compromise = "aACompromise" + remove_from_crl = "removeFromCRL" diff --git a/tests/test_x509.py b/tests/test_x509.py index 42f8f58d..b7602d18 100644 --- a/tests/test_x509.py +++ b/tests/test_x509.py @@ -20,7 +20,9 @@ from cryptography.hazmat.backends.interfaces import ( ) from cryptography.hazmat.primitives import hashes, serialization from cryptography.hazmat.primitives.asymmetric import dsa, ec, rsa -from cryptography.x509.oid import ExtensionOID, NameOID +from cryptography.x509.oid import ( + AuthorityInformationAccessOID, ExtendedKeyUsageOID, ExtensionOID, NameOID +) from .hazmat.primitives.fixtures_dsa import DSA_KEY_2048 from .hazmat.primitives.fixtures_rsa import RSA_KEY_2048, RSA_KEY_512 @@ -1503,9 +1505,9 @@ class TestCertificateBuilder(object): 123 ).add_extension( x509.ExtendedKeyUsage([ - x509.OID_CLIENT_AUTH, - x509.OID_SERVER_AUTH, - x509.OID_CODE_SIGNING, + ExtendedKeyUsageOID.CLIENT_AUTH, + ExtendedKeyUsageOID.SERVER_AUTH, + ExtendedKeyUsageOID.CODE_SIGNING, ]), critical=False ).sign(issuer_private_key, hashes.SHA256(), backend) @@ -1514,9 +1516,9 @@ class TestCertificateBuilder(object): ) assert eku.critical is False assert eku.value == x509.ExtendedKeyUsage([ - x509.OID_CLIENT_AUTH, - x509.OID_SERVER_AUTH, - x509.OID_CODE_SIGNING, + ExtendedKeyUsageOID.CLIENT_AUTH, + ExtendedKeyUsageOID.SERVER_AUTH, + ExtendedKeyUsageOID.CODE_SIGNING, ]) @pytest.mark.requires_backend_interface(interface=RSABackend) @@ -2011,9 +2013,9 @@ class TestCertificateSigningRequestBuilder(object): x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, u'US')]) ).add_extension( x509.ExtendedKeyUsage([ - x509.OID_CLIENT_AUTH, - x509.OID_SERVER_AUTH, - x509.OID_CODE_SIGNING, + ExtendedKeyUsageOID.CLIENT_AUTH, + ExtendedKeyUsageOID.SERVER_AUTH, + ExtendedKeyUsageOID.CODE_SIGNING, ]), critical=False ).sign(private_key, hashes.SHA256(), backend) @@ -2022,9 +2024,9 @@ class TestCertificateSigningRequestBuilder(object): ) assert eku.critical is False assert eku.value == x509.ExtendedKeyUsage([ - x509.OID_CLIENT_AUTH, - x509.OID_SERVER_AUTH, - x509.OID_CODE_SIGNING, + ExtendedKeyUsageOID.CLIENT_AUTH, + ExtendedKeyUsageOID.SERVER_AUTH, + ExtendedKeyUsageOID.CODE_SIGNING, ]) @pytest.mark.requires_backend_interface(interface=RSABackend) @@ -2051,11 +2053,11 @@ class TestCertificateSigningRequestBuilder(object): aia = x509.AuthorityInformationAccess([ x509.AccessDescription( - x509.OID_OCSP, + AuthorityInformationAccessOID.OCSP, x509.UniformResourceIdentifier(u"http://ocsp.domain.com") ), x509.AccessDescription( - x509.OID_CA_ISSUERS, + AuthorityInformationAccessOID.CA_ISSUERS, x509.UniformResourceIdentifier(u"http://domain.com/ca.crt") ) ]) diff --git a/tests/test_x509_ext.py b/tests/test_x509_ext.py index faf9086a..2c5438a9 100644 --- a/tests/test_x509_ext.py +++ b/tests/test_x509_ext.py @@ -17,7 +17,9 @@ from cryptography.hazmat.backends.interfaces import ( DSABackend, EllipticCurveBackend, RSABackend, X509Backend ) from cryptography.hazmat.primitives.asymmetric import ec -from cryptography.x509.oid import ExtensionOID, NameOID +from cryptography.x509.oid import ( + AuthorityInformationAccessOID, ExtendedKeyUsageOID, ExtensionOID, NameOID +) from .hazmat.primitives.test_ec import _skip_curve_unsupported from .test_x509 import _load_cert @@ -731,8 +733,8 @@ class TestExtendedKeyUsage(object): ]) assert len(eku) == 2 assert list(eku) == [ - x509.OID_SERVER_AUTH, - x509.OID_CLIENT_AUTH + ExtendedKeyUsageOID.SERVER_AUTH, + ExtendedKeyUsageOID.CLIENT_AUTH ] def test_repr(self): @@ -1797,11 +1799,13 @@ class TestAccessDescription(object): def test_invalid_access_location(self): with pytest.raises(TypeError): - x509.AccessDescription(x509.OID_CA_ISSUERS, "invalid") + x509.AccessDescription( + AuthorityInformationAccessOID.CA_ISSUERS, "invalid" + ) def test_repr(self): ad = x509.AccessDescription( - x509.OID_OCSP, + AuthorityInformationAccessOID.OCSP, x509.UniformResourceIdentifier(u"http://ocsp.domain.com") ) assert repr(ad) == ( @@ -1812,26 +1816,26 @@ class TestAccessDescription(object): def test_eq(self): ad = x509.AccessDescription( - x509.OID_OCSP, + AuthorityInformationAccessOID.OCSP, x509.UniformResourceIdentifier(u"http://ocsp.domain.com") ) ad2 = x509.AccessDescription( - x509.OID_OCSP, + AuthorityInformationAccessOID.OCSP, x509.UniformResourceIdentifier(u"http://ocsp.domain.com") ) assert ad == ad2 def test_ne(self): ad = x509.AccessDescription( - x509.OID_OCSP, + AuthorityInformationAccessOID.OCSP, x509.UniformResourceIdentifier(u"http://ocsp.domain.com") ) ad2 = x509.AccessDescription( - x509.OID_CA_ISSUERS, + AuthorityInformationAccessOID.CA_ISSUERS, x509.UniformResourceIdentifier(u"http://ocsp.domain.com") ) ad3 = x509.AccessDescription( - x509.OID_OCSP, + AuthorityInformationAccessOID.OCSP, x509.UniformResourceIdentifier(u"http://notthesame") ) assert ad != ad2 @@ -1847,22 +1851,22 @@ class TestAuthorityInformationAccess(object): def test_iter_len(self): aia = x509.AuthorityInformationAccess([ x509.AccessDescription( - x509.OID_OCSP, + AuthorityInformationAccessOID.OCSP, x509.UniformResourceIdentifier(u"http://ocsp.domain.com") ), x509.AccessDescription( - x509.OID_CA_ISSUERS, + AuthorityInformationAccessOID.CA_ISSUERS, x509.UniformResourceIdentifier(u"http://domain.com/ca.crt") ) ]) assert len(aia) == 2 assert list(aia) == [ x509.AccessDescription( - x509.OID_OCSP, + AuthorityInformationAccessOID.OCSP, x509.UniformResourceIdentifier(u"http://ocsp.domain.com") ), x509.AccessDescription( - x509.OID_CA_ISSUERS, + AuthorityInformationAccessOID.CA_ISSUERS, x509.UniformResourceIdentifier(u"http://domain.com/ca.crt") ) ] @@ -1870,11 +1874,11 @@ class TestAuthorityInformationAccess(object): def test_repr(self): aia = x509.AuthorityInformationAccess([ x509.AccessDescription( - x509.OID_OCSP, + AuthorityInformationAccessOID.OCSP, x509.UniformResourceIdentifier(u"http://ocsp.domain.com") ), x509.AccessDescription( - x509.OID_CA_ISSUERS, + AuthorityInformationAccessOID.CA_ISSUERS, x509.UniformResourceIdentifier(u"http://domain.com/ca.crt") ) ]) @@ -1890,21 +1894,21 @@ class TestAuthorityInformationAccess(object): def test_eq(self): aia = x509.AuthorityInformationAccess([ x509.AccessDescription( - x509.OID_OCSP, + AuthorityInformationAccessOID.OCSP, x509.UniformResourceIdentifier(u"http://ocsp.domain.com") ), x509.AccessDescription( - x509.OID_CA_ISSUERS, + AuthorityInformationAccessOID.CA_ISSUERS, x509.UniformResourceIdentifier(u"http://domain.com/ca.crt") ) ]) aia2 = x509.AuthorityInformationAccess([ x509.AccessDescription( - x509.OID_OCSP, + AuthorityInformationAccessOID.OCSP, x509.UniformResourceIdentifier(u"http://ocsp.domain.com") ), x509.AccessDescription( - x509.OID_CA_ISSUERS, + AuthorityInformationAccessOID.CA_ISSUERS, x509.UniformResourceIdentifier(u"http://domain.com/ca.crt") ) ]) @@ -1913,17 +1917,17 @@ class TestAuthorityInformationAccess(object): def test_ne(self): aia = x509.AuthorityInformationAccess([ x509.AccessDescription( - x509.OID_OCSP, + AuthorityInformationAccessOID.OCSP, x509.UniformResourceIdentifier(u"http://ocsp.domain.com") ), x509.AccessDescription( - x509.OID_CA_ISSUERS, + AuthorityInformationAccessOID.CA_ISSUERS, x509.UniformResourceIdentifier(u"http://domain.com/ca.crt") ) ]) aia2 = x509.AuthorityInformationAccess([ x509.AccessDescription( - x509.OID_OCSP, + AuthorityInformationAccessOID.OCSP, x509.UniformResourceIdentifier(u"http://ocsp.domain.com") ), ]) @@ -1949,11 +1953,11 @@ class TestAuthorityInformationAccessExtension(object): assert ext.value == x509.AuthorityInformationAccess([ x509.AccessDescription( - x509.OID_OCSP, + AuthorityInformationAccessOID.OCSP, x509.UniformResourceIdentifier(u"http://gv.symcd.com") ), x509.AccessDescription( - x509.OID_CA_ISSUERS, + AuthorityInformationAccessOID.CA_ISSUERS, x509.UniformResourceIdentifier(u"http://gv.symcb.com/gv.crt") ), ]) @@ -1972,15 +1976,15 @@ class TestAuthorityInformationAccessExtension(object): assert ext.value == x509.AuthorityInformationAccess([ x509.AccessDescription( - x509.OID_OCSP, + AuthorityInformationAccessOID.OCSP, x509.UniformResourceIdentifier(u"http://ocsp.domain.com") ), x509.AccessDescription( - x509.OID_OCSP, + AuthorityInformationAccessOID.OCSP, x509.UniformResourceIdentifier(u"http://ocsp2.domain.com") ), x509.AccessDescription( - x509.OID_CA_ISSUERS, + AuthorityInformationAccessOID.CA_ISSUERS, x509.DirectoryName(x509.Name([ x509.NameAttribute(NameOID.COMMON_NAME, u"myCN"), x509.NameAttribute(NameOID.ORGANIZATION_NAME, @@ -2003,7 +2007,7 @@ class TestAuthorityInformationAccessExtension(object): assert ext.value == x509.AuthorityInformationAccess([ x509.AccessDescription( - x509.OID_OCSP, + AuthorityInformationAccessOID.OCSP, x509.UniformResourceIdentifier(u"http://ocsp.domain.com") ), ]) @@ -2022,7 +2026,7 @@ class TestAuthorityInformationAccessExtension(object): assert ext.value == x509.AuthorityInformationAccess([ x509.AccessDescription( - x509.OID_CA_ISSUERS, + AuthorityInformationAccessOID.CA_ISSUERS, x509.DirectoryName(x509.Name([ x509.NameAttribute(NameOID.COMMON_NAME, u"myCN"), x509.NameAttribute(NameOID.ORGANIZATION_NAME, |