diff options
Diffstat (limited to 'tests/test_x509.py')
| -rw-r--r-- | tests/test_x509.py | 475 |
1 files changed, 239 insertions, 236 deletions
diff --git a/tests/test_x509.py b/tests/test_x509.py index 94340579..b7602d18 100644 --- a/tests/test_x509.py +++ b/tests/test_x509.py @@ -20,6 +20,9 @@ from cryptography.hazmat.backends.interfaces import ( ) from cryptography.hazmat.primitives import hashes, serialization from cryptography.hazmat.primitives.asymmetric import dsa, ec, rsa +from cryptography.x509.oid import ( + AuthorityInformationAccessOID, ExtendedKeyUsageOID, ExtensionOID, NameOID +) from .hazmat.primitives.fixtures_dsa import DSA_KEY_2048 from .hazmat.primitives.fixtures_rsa import RSA_KEY_2048, RSA_KEY_512 @@ -88,14 +91,14 @@ class TestRSACertificate(object): issuer = cert.issuer assert isinstance(issuer, x509.Name) assert list(issuer) == [ - x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), + x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'), x509.NameAttribute( - x509.OID_ORGANIZATION_NAME, u'Test Certificates 2011' + NameOID.ORGANIZATION_NAME, u'Test Certificates 2011' ), - x509.NameAttribute(x509.OID_COMMON_NAME, u'Good CA') + x509.NameAttribute(NameOID.COMMON_NAME, u'Good CA') ] - assert issuer.get_attributes_for_oid(x509.OID_COMMON_NAME) == [ - x509.NameAttribute(x509.OID_COMMON_NAME, u'Good CA') + assert issuer.get_attributes_for_oid(NameOID.COMMON_NAME) == [ + x509.NameAttribute(NameOID.COMMON_NAME, u'Good CA') ] def test_all_issuer_name_types(self, backend): @@ -111,36 +114,36 @@ class TestRSACertificate(object): assert isinstance(issuer, x509.Name) assert list(issuer) == [ - x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), - x509.NameAttribute(x509.OID_COUNTRY_NAME, u'CA'), - x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Texas'), - x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Illinois'), - x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Chicago'), - x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Austin'), - x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'Zero, LLC'), - x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'One, LLC'), - x509.NameAttribute(x509.OID_COMMON_NAME, u'common name 0'), - x509.NameAttribute(x509.OID_COMMON_NAME, u'common name 1'), - x509.NameAttribute(x509.OID_ORGANIZATIONAL_UNIT_NAME, u'OU 0'), - x509.NameAttribute(x509.OID_ORGANIZATIONAL_UNIT_NAME, u'OU 1'), - x509.NameAttribute(x509.OID_DN_QUALIFIER, u'dnQualifier0'), - x509.NameAttribute(x509.OID_DN_QUALIFIER, u'dnQualifier1'), - x509.NameAttribute(x509.OID_SERIAL_NUMBER, u'123'), - x509.NameAttribute(x509.OID_SERIAL_NUMBER, u'456'), - x509.NameAttribute(x509.OID_TITLE, u'Title 0'), - x509.NameAttribute(x509.OID_TITLE, u'Title 1'), - x509.NameAttribute(x509.OID_SURNAME, u'Surname 0'), - x509.NameAttribute(x509.OID_SURNAME, u'Surname 1'), - x509.NameAttribute(x509.OID_GIVEN_NAME, u'Given Name 0'), - x509.NameAttribute(x509.OID_GIVEN_NAME, u'Given Name 1'), - x509.NameAttribute(x509.OID_PSEUDONYM, u'Incognito 0'), - x509.NameAttribute(x509.OID_PSEUDONYM, u'Incognito 1'), - x509.NameAttribute(x509.OID_GENERATION_QUALIFIER, u'Last Gen'), - x509.NameAttribute(x509.OID_GENERATION_QUALIFIER, u'Next Gen'), - x509.NameAttribute(x509.OID_DOMAIN_COMPONENT, u'dc0'), - x509.NameAttribute(x509.OID_DOMAIN_COMPONENT, u'dc1'), - x509.NameAttribute(x509.OID_EMAIL_ADDRESS, u'test0@test.local'), - x509.NameAttribute(x509.OID_EMAIL_ADDRESS, u'test1@test.local'), + x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'), + x509.NameAttribute(NameOID.COUNTRY_NAME, u'CA'), + x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u'Texas'), + x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u'Illinois'), + x509.NameAttribute(NameOID.LOCALITY_NAME, u'Chicago'), + x509.NameAttribute(NameOID.LOCALITY_NAME, u'Austin'), + x509.NameAttribute(NameOID.ORGANIZATION_NAME, u'Zero, LLC'), + x509.NameAttribute(NameOID.ORGANIZATION_NAME, u'One, LLC'), + x509.NameAttribute(NameOID.COMMON_NAME, u'common name 0'), + x509.NameAttribute(NameOID.COMMON_NAME, u'common name 1'), + x509.NameAttribute(NameOID.ORGANIZATIONAL_UNIT_NAME, u'OU 0'), + x509.NameAttribute(NameOID.ORGANIZATIONAL_UNIT_NAME, u'OU 1'), + x509.NameAttribute(NameOID.DN_QUALIFIER, u'dnQualifier0'), + x509.NameAttribute(NameOID.DN_QUALIFIER, u'dnQualifier1'), + x509.NameAttribute(NameOID.SERIAL_NUMBER, u'123'), + x509.NameAttribute(NameOID.SERIAL_NUMBER, u'456'), + x509.NameAttribute(NameOID.TITLE, u'Title 0'), + x509.NameAttribute(NameOID.TITLE, u'Title 1'), + x509.NameAttribute(NameOID.SURNAME, u'Surname 0'), + x509.NameAttribute(NameOID.SURNAME, u'Surname 1'), + x509.NameAttribute(NameOID.GIVEN_NAME, u'Given Name 0'), + x509.NameAttribute(NameOID.GIVEN_NAME, u'Given Name 1'), + x509.NameAttribute(NameOID.PSEUDONYM, u'Incognito 0'), + x509.NameAttribute(NameOID.PSEUDONYM, u'Incognito 1'), + x509.NameAttribute(NameOID.GENERATION_QUALIFIER, u'Last Gen'), + x509.NameAttribute(NameOID.GENERATION_QUALIFIER, u'Next Gen'), + x509.NameAttribute(NameOID.DOMAIN_COMPONENT, u'dc0'), + x509.NameAttribute(NameOID.DOMAIN_COMPONENT, u'dc1'), + x509.NameAttribute(NameOID.EMAIL_ADDRESS, u'test0@test.local'), + x509.NameAttribute(NameOID.EMAIL_ADDRESS, u'test1@test.local'), ] def test_subject(self, backend): @@ -155,18 +158,18 @@ class TestRSACertificate(object): subject = cert.subject assert isinstance(subject, x509.Name) assert list(subject) == [ - x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), + x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'), x509.NameAttribute( - x509.OID_ORGANIZATION_NAME, u'Test Certificates 2011' + NameOID.ORGANIZATION_NAME, u'Test Certificates 2011' ), x509.NameAttribute( - x509.OID_COMMON_NAME, + NameOID.COMMON_NAME, u'Valid pre2000 UTC notBefore Date EE Certificate Test3' ) ] - assert subject.get_attributes_for_oid(x509.OID_COMMON_NAME) == [ + assert subject.get_attributes_for_oid(NameOID.COMMON_NAME) == [ x509.NameAttribute( - x509.OID_COMMON_NAME, + NameOID.COMMON_NAME, u'Valid pre2000 UTC notBefore Date EE Certificate Test3' ) ] @@ -180,15 +183,15 @@ class TestRSACertificate(object): x509.load_pem_x509_certificate, backend ) - assert cert.subject.get_attributes_for_oid(x509.OID_COMMON_NAME) == [ + assert cert.subject.get_attributes_for_oid(NameOID.COMMON_NAME) == [ x509.NameAttribute( - x509.OID_COMMON_NAME, + NameOID.COMMON_NAME, u'We heart UTF8!\u2122' ) ] - assert cert.issuer.get_attributes_for_oid(x509.OID_COMMON_NAME) == [ + assert cert.issuer.get_attributes_for_oid(NameOID.COMMON_NAME) == [ x509.NameAttribute( - x509.OID_COMMON_NAME, + NameOID.COMMON_NAME, u'We heart UTF8!\u2122' ) ] @@ -205,40 +208,40 @@ class TestRSACertificate(object): subject = cert.subject assert isinstance(subject, x509.Name) assert list(subject) == [ - x509.NameAttribute(x509.OID_COUNTRY_NAME, u'AU'), - x509.NameAttribute(x509.OID_COUNTRY_NAME, u'DE'), - x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'California'), - x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'New York'), - x509.NameAttribute(x509.OID_LOCALITY_NAME, u'San Francisco'), - x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Ithaca'), - x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'Org Zero, LLC'), - x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'Org One, LLC'), - x509.NameAttribute(x509.OID_COMMON_NAME, u'CN 0'), - x509.NameAttribute(x509.OID_COMMON_NAME, u'CN 1'), + x509.NameAttribute(NameOID.COUNTRY_NAME, u'AU'), + x509.NameAttribute(NameOID.COUNTRY_NAME, u'DE'), + x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u'California'), + x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u'New York'), + x509.NameAttribute(NameOID.LOCALITY_NAME, u'San Francisco'), + x509.NameAttribute(NameOID.LOCALITY_NAME, u'Ithaca'), + x509.NameAttribute(NameOID.ORGANIZATION_NAME, u'Org Zero, LLC'), + x509.NameAttribute(NameOID.ORGANIZATION_NAME, u'Org One, LLC'), + x509.NameAttribute(NameOID.COMMON_NAME, u'CN 0'), + x509.NameAttribute(NameOID.COMMON_NAME, u'CN 1'), x509.NameAttribute( - x509.OID_ORGANIZATIONAL_UNIT_NAME, u'Engineering 0' + NameOID.ORGANIZATIONAL_UNIT_NAME, u'Engineering 0' ), x509.NameAttribute( - x509.OID_ORGANIZATIONAL_UNIT_NAME, u'Engineering 1' + NameOID.ORGANIZATIONAL_UNIT_NAME, u'Engineering 1' ), - x509.NameAttribute(x509.OID_DN_QUALIFIER, u'qualified0'), - x509.NameAttribute(x509.OID_DN_QUALIFIER, u'qualified1'), - x509.NameAttribute(x509.OID_SERIAL_NUMBER, u'789'), - x509.NameAttribute(x509.OID_SERIAL_NUMBER, u'012'), - x509.NameAttribute(x509.OID_TITLE, u'Title IX'), - x509.NameAttribute(x509.OID_TITLE, u'Title X'), - x509.NameAttribute(x509.OID_SURNAME, u'Last 0'), - x509.NameAttribute(x509.OID_SURNAME, u'Last 1'), - x509.NameAttribute(x509.OID_GIVEN_NAME, u'First 0'), - x509.NameAttribute(x509.OID_GIVEN_NAME, u'First 1'), - x509.NameAttribute(x509.OID_PSEUDONYM, u'Guy Incognito 0'), - x509.NameAttribute(x509.OID_PSEUDONYM, u'Guy Incognito 1'), - x509.NameAttribute(x509.OID_GENERATION_QUALIFIER, u'32X'), - x509.NameAttribute(x509.OID_GENERATION_QUALIFIER, u'Dreamcast'), - x509.NameAttribute(x509.OID_DOMAIN_COMPONENT, u'dc2'), - x509.NameAttribute(x509.OID_DOMAIN_COMPONENT, u'dc3'), - x509.NameAttribute(x509.OID_EMAIL_ADDRESS, u'test2@test.local'), - x509.NameAttribute(x509.OID_EMAIL_ADDRESS, u'test3@test.local'), + x509.NameAttribute(NameOID.DN_QUALIFIER, u'qualified0'), + x509.NameAttribute(NameOID.DN_QUALIFIER, u'qualified1'), + x509.NameAttribute(NameOID.SERIAL_NUMBER, u'789'), + x509.NameAttribute(NameOID.SERIAL_NUMBER, u'012'), + x509.NameAttribute(NameOID.TITLE, u'Title IX'), + x509.NameAttribute(NameOID.TITLE, u'Title X'), + x509.NameAttribute(NameOID.SURNAME, u'Last 0'), + x509.NameAttribute(NameOID.SURNAME, u'Last 1'), + x509.NameAttribute(NameOID.GIVEN_NAME, u'First 0'), + x509.NameAttribute(NameOID.GIVEN_NAME, u'First 1'), + x509.NameAttribute(NameOID.PSEUDONYM, u'Guy Incognito 0'), + x509.NameAttribute(NameOID.PSEUDONYM, u'Guy Incognito 1'), + x509.NameAttribute(NameOID.GENERATION_QUALIFIER, u'32X'), + x509.NameAttribute(NameOID.GENERATION_QUALIFIER, u'Dreamcast'), + x509.NameAttribute(NameOID.DOMAIN_COMPONENT, u'dc2'), + x509.NameAttribute(NameOID.DOMAIN_COMPONENT, u'dc3'), + x509.NameAttribute(NameOID.EMAIL_ADDRESS, u'test2@test.local'), + x509.NameAttribute(NameOID.EMAIL_ADDRESS, u'test3@test.local'), ] def test_load_good_ca_cert(self, backend): @@ -547,11 +550,11 @@ class TestRSACertificateRequest(object): subject = request.subject assert isinstance(subject, x509.Name) assert list(subject) == [ - x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), - x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Texas'), - x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Austin'), - x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'PyCA'), - x509.NameAttribute(x509.OID_COMMON_NAME, u'cryptography.io'), + x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'), + x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u'Texas'), + x509.NameAttribute(NameOID.LOCALITY_NAME, u'Austin'), + x509.NameAttribute(NameOID.ORGANIZATION_NAME, u'PyCA'), + x509.NameAttribute(NameOID.COMMON_NAME, u'cryptography.io'), ] extensions = request.extensions assert isinstance(extensions, x509.Extensions) @@ -585,7 +588,7 @@ class TestRSACertificateRequest(object): with pytest.raises(x509.DuplicateExtension) as exc: request.extensions - assert exc.value.oid == x509.OID_BASIC_CONSTRAINTS + assert exc.value.oid == ExtensionOID.BASIC_CONSTRAINTS def test_unsupported_critical_extension(self, backend): request = _load_cert( @@ -623,7 +626,7 @@ class TestRSACertificateRequest(object): assert isinstance(extensions, x509.Extensions) assert list(extensions) == [ x509.Extension( - x509.OID_BASIC_CONSTRAINTS, + ExtensionOID.BASIC_CONSTRAINTS, True, x509.BasicConstraints(ca=True, path_length=1), ), @@ -636,7 +639,7 @@ class TestRSACertificateRequest(object): backend, ) ext = request.extensions.get_extension_for_oid( - x509.OID_SUBJECT_ALTERNATIVE_NAME + ExtensionOID.SUBJECT_ALTERNATIVE_NAME ) assert list(ext.value) == [ x509.DNSName(u"cryptography.io"), @@ -663,11 +666,11 @@ class TestRSACertificateRequest(object): subject = request.subject assert isinstance(subject, x509.Name) assert list(subject) == [ - x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), - x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Texas'), - x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Austin'), - x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'PyCA'), - x509.NameAttribute(x509.OID_COMMON_NAME, u'cryptography.io'), + x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'), + x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u'Texas'), + x509.NameAttribute(NameOID.LOCALITY_NAME, u'Austin'), + x509.NameAttribute(NameOID.ORGANIZATION_NAME, u'PyCA'), + x509.NameAttribute(NameOID.COMMON_NAME, u'cryptography.io'), ] def test_public_bytes_der(self, backend): @@ -690,11 +693,11 @@ class TestRSACertificateRequest(object): subject = request.subject assert isinstance(subject, x509.Name) assert list(subject) == [ - x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), - x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Texas'), - x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Austin'), - x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'PyCA'), - x509.NameAttribute(x509.OID_COMMON_NAME, u'cryptography.io'), + x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'), + x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u'Texas'), + x509.NameAttribute(NameOID.LOCALITY_NAME, u'Austin'), + x509.NameAttribute(NameOID.ORGANIZATION_NAME, u'PyCA'), + x509.NameAttribute(NameOID.COMMON_NAME, u'cryptography.io'), ] def test_public_bytes_invalid_encoding(self, backend): @@ -790,17 +793,17 @@ class TestRSACertificateRequest(object): builder = x509.CertificateBuilder().serial_number( 777 ).issuer_name(x509.Name([ - x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), - x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Texas'), - x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Austin'), - x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'PyCA'), - x509.NameAttribute(x509.OID_COMMON_NAME, u'cryptography.io'), + x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'), + x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u'Texas'), + x509.NameAttribute(NameOID.LOCALITY_NAME, u'Austin'), + x509.NameAttribute(NameOID.ORGANIZATION_NAME, u'PyCA'), + x509.NameAttribute(NameOID.COMMON_NAME, u'cryptography.io'), ])).subject_name(x509.Name([ - x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), - x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Texas'), - x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Austin'), - x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'PyCA'), - x509.NameAttribute(x509.OID_COMMON_NAME, u'cryptography.io'), + x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'), + x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u'Texas'), + x509.NameAttribute(NameOID.LOCALITY_NAME, u'Austin'), + x509.NameAttribute(NameOID.ORGANIZATION_NAME, u'PyCA'), + x509.NameAttribute(NameOID.COMMON_NAME, u'cryptography.io'), ])).public_key( subject_private_key.public_key() ).add_extension( @@ -820,12 +823,12 @@ class TestRSACertificateRequest(object): assert cert.not_valid_before == not_valid_before assert cert.not_valid_after == not_valid_after basic_constraints = cert.extensions.get_extension_for_oid( - x509.OID_BASIC_CONSTRAINTS + ExtensionOID.BASIC_CONSTRAINTS ) assert basic_constraints.value.ca is False assert basic_constraints.value.path_length is None subject_alternative_name = cert.extensions.get_extension_for_oid( - x509.OID_SUBJECT_ALTERNATIVE_NAME + ExtensionOID.SUBJECT_ALTERNATIVE_NAME ) assert list(subject_alternative_name.value) == [ x509.DNSName(u"cryptography.io"), @@ -838,9 +841,9 @@ class TestCertificateBuilder(object): def test_checks_for_unsupported_extensions(self, backend): private_key = RSA_KEY_2048.private_key(backend) builder = x509.CertificateBuilder().subject_name(x509.Name([ - x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), + x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'), ])).issuer_name(x509.Name([ - x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), + x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'), ])).public_key( private_key.public_key() ).serial_number( @@ -863,7 +866,7 @@ class TestCertificateBuilder(object): builder = x509.CertificateBuilder().serial_number( 777 ).issuer_name(x509.Name([ - x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), + x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'), ])).public_key( subject_private_key.public_key() ).not_valid_before( @@ -881,7 +884,7 @@ class TestCertificateBuilder(object): builder = x509.CertificateBuilder().serial_number( 777 ).subject_name(x509.Name([ - x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), + x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'), ])).public_key( subject_private_key.public_key() ).not_valid_before( @@ -899,9 +902,9 @@ class TestCertificateBuilder(object): builder = x509.CertificateBuilder().serial_number( 777 ).issuer_name(x509.Name([ - x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), + x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'), ])).subject_name(x509.Name([ - x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), + x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'), ])).not_valid_before( datetime.datetime(2002, 1, 1, 12, 1) ).not_valid_after( @@ -917,9 +920,9 @@ class TestCertificateBuilder(object): builder = x509.CertificateBuilder().serial_number( 777 ).issuer_name(x509.Name([ - x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), + x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'), ])).subject_name(x509.Name([ - x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), + x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'), ])).public_key( subject_private_key.public_key() ).not_valid_after( @@ -935,9 +938,9 @@ class TestCertificateBuilder(object): builder = x509.CertificateBuilder().serial_number( 777 ).issuer_name(x509.Name([ - x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), + x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'), ])).subject_name(x509.Name([ - x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), + x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'), ])).public_key( subject_private_key.public_key() ).not_valid_before( @@ -951,9 +954,9 @@ class TestCertificateBuilder(object): def test_no_serial_number(self, backend): subject_private_key = RSA_KEY_2048.private_key(backend) builder = x509.CertificateBuilder().issuer_name(x509.Name([ - x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), + x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'), ])).subject_name(x509.Name([ - x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), + x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'), ])).public_key( subject_private_key.public_key() ).not_valid_before( @@ -975,7 +978,7 @@ class TestCertificateBuilder(object): def test_issuer_name_may_only_be_set_once(self): name = x509.Name([ - x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), + x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'), ]) builder = x509.CertificateBuilder().issuer_name(name) @@ -993,7 +996,7 @@ class TestCertificateBuilder(object): def test_subject_name_may_only_be_set_once(self): name = x509.Name([ - x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), + x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'), ]) builder = x509.CertificateBuilder().subject_name(name) @@ -1104,9 +1107,9 @@ class TestCertificateBuilder(object): private_key = RSA_KEY_2048.private_key(backend) builder = x509.CertificateBuilder() builder = builder.subject_name( - x509.Name([x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US')]) + x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, u'US')]) ).issuer_name( - x509.Name([x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US')]) + x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, u'US')]) ).serial_number( 1 ).public_key( @@ -1129,9 +1132,9 @@ class TestCertificateBuilder(object): private_key = DSA_KEY_2048.private_key(backend) builder = x509.CertificateBuilder() builder = builder.subject_name( - x509.Name([x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US')]) + x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, u'US')]) ).issuer_name( - x509.Name([x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US')]) + x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, u'US')]) ).serial_number( 1 ).public_key( @@ -1155,9 +1158,9 @@ class TestCertificateBuilder(object): private_key = ec.generate_private_key(ec.SECP256R1(), backend) builder = x509.CertificateBuilder() builder = builder.subject_name( - x509.Name([x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US')]) + x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, u'US')]) ).issuer_name( - x509.Name([x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US')]) + x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, u'US')]) ).serial_number( 1 ).public_key( @@ -1179,20 +1182,20 @@ class TestCertificateBuilder(object): full_name=None, relative_name=x509.Name([ x509.NameAttribute( - x509.OID_COMMON_NAME, + NameOID.COMMON_NAME, u"indirect CRL for indirectCRL CA3" ), ]), reasons=None, crl_issuer=[x509.DirectoryName( x509.Name([ - x509.NameAttribute(x509.OID_COUNTRY_NAME, u"US"), + x509.NameAttribute(NameOID.COUNTRY_NAME, u"US"), x509.NameAttribute( - x509.OID_ORGANIZATION_NAME, + NameOID.ORGANIZATION_NAME, u"Test Certificates 2011" ), x509.NameAttribute( - x509.OID_ORGANIZATIONAL_UNIT_NAME, + NameOID.ORGANIZATIONAL_UNIT_NAME, u"indirectCRL CA3 cRLIssuer" ), ]) @@ -1203,7 +1206,7 @@ class TestCertificateBuilder(object): x509.DistributionPoint( full_name=[x509.DirectoryName( x509.Name([ - x509.NameAttribute(x509.OID_COUNTRY_NAME, u"US"), + x509.NameAttribute(NameOID.COUNTRY_NAME, u"US"), ]) )], relative_name=None, @@ -1211,7 +1214,7 @@ class TestCertificateBuilder(object): crl_issuer=[x509.DirectoryName( x509.Name([ x509.NameAttribute( - x509.OID_ORGANIZATION_NAME, + NameOID.ORGANIZATION_NAME, u"cryptography Testing" ), ]) @@ -1235,9 +1238,9 @@ class TestCertificateBuilder(object): ]), crl_issuer=[x509.DirectoryName( x509.Name([ - x509.NameAttribute(x509.OID_COUNTRY_NAME, u"US"), + x509.NameAttribute(NameOID.COUNTRY_NAME, u"US"), x509.NameAttribute( - x509.OID_COMMON_NAME, u"cryptography CA" + NameOID.COMMON_NAME, u"cryptography CA" ), ]) )], @@ -1270,7 +1273,7 @@ class TestCertificateBuilder(object): crl_issuer=[x509.DirectoryName( x509.Name([ x509.NameAttribute( - x509.OID_COMMON_NAME, u"cryptography CA" + NameOID.COMMON_NAME, u"cryptography CA" ), ]) )], @@ -1297,9 +1300,9 @@ class TestCertificateBuilder(object): builder = x509.CertificateBuilder().serial_number( 4444444 ).issuer_name(x509.Name([ - x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Austin'), + x509.NameAttribute(NameOID.LOCALITY_NAME, u'Austin'), ])).subject_name(x509.Name([ - x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Austin'), + x509.NameAttribute(NameOID.LOCALITY_NAME, u'Austin'), ])).public_key( subject_private_key.public_key() ).add_extension( @@ -1314,7 +1317,7 @@ class TestCertificateBuilder(object): cert = builder.sign(issuer_private_key, hashes.SHA1(), backend) ext = cert.extensions.get_extension_for_oid( - x509.OID_CRL_DISTRIBUTION_POINTS + ExtensionOID.CRL_DISTRIBUTION_POINTS ) assert ext.critical is False assert ext.value == cdp @@ -1334,9 +1337,9 @@ class TestCertificateBuilder(object): builder = x509.CertificateBuilder().serial_number( 777 ).issuer_name(x509.Name([ - x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), + x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'), ])).subject_name(x509.Name([ - x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), + x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'), ])).public_key( subject_private_key.public_key() ).add_extension( @@ -1356,12 +1359,12 @@ class TestCertificateBuilder(object): assert cert.not_valid_before == not_valid_before assert cert.not_valid_after == not_valid_after basic_constraints = cert.extensions.get_extension_for_oid( - x509.OID_BASIC_CONSTRAINTS + ExtensionOID.BASIC_CONSTRAINTS ) assert basic_constraints.value.ca is False assert basic_constraints.value.path_length is None subject_alternative_name = cert.extensions.get_extension_for_oid( - x509.OID_SUBJECT_ALTERNATIVE_NAME + ExtensionOID.SUBJECT_ALTERNATIVE_NAME ) assert list(subject_alternative_name.value) == [ x509.DNSName(u"cryptography.io"), @@ -1383,9 +1386,9 @@ class TestCertificateBuilder(object): builder = x509.CertificateBuilder().serial_number( 777 ).issuer_name(x509.Name([ - x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), + x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'), ])).subject_name(x509.Name([ - x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), + x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'), ])).public_key( subject_private_key.public_key() ).add_extension( @@ -1405,12 +1408,12 @@ class TestCertificateBuilder(object): assert cert.not_valid_before == not_valid_before assert cert.not_valid_after == not_valid_after basic_constraints = cert.extensions.get_extension_for_oid( - x509.OID_BASIC_CONSTRAINTS + ExtensionOID.BASIC_CONSTRAINTS ) assert basic_constraints.value.ca is False assert basic_constraints.value.path_length is None subject_alternative_name = cert.extensions.get_extension_for_oid( - x509.OID_SUBJECT_ALTERNATIVE_NAME + ExtensionOID.SUBJECT_ALTERNATIVE_NAME ) assert list(subject_alternative_name.value) == [ x509.DNSName(u"cryptography.io"), @@ -1428,9 +1431,9 @@ class TestCertificateBuilder(object): builder = x509.CertificateBuilder().serial_number( 777 ).issuer_name(x509.Name([ - x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), + x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'), ])).subject_name(x509.Name([ - x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), + x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'), ])).public_key( subject_private_key.public_key() ).not_valid_before( @@ -1452,9 +1455,9 @@ class TestCertificateBuilder(object): not_valid_after = datetime.datetime(2030, 12, 31, 8, 30) cert = x509.CertificateBuilder().subject_name( - x509.Name([x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US')]) + x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, u'US')]) ).issuer_name( - x509.Name([x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US')]) + x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, u'US')]) ).not_valid_before( not_valid_before ).not_valid_after( @@ -1471,7 +1474,7 @@ class TestCertificateBuilder(object): ).sign(issuer_private_key, hashes.SHA256(), backend) ext = cert.extensions.get_extension_for_oid( - x509.OID_ISSUER_ALTERNATIVE_NAME + ExtensionOID.ISSUER_ALTERNATIVE_NAME ) assert ext.critical is False assert ext.value == x509.IssuerAlternativeName([ @@ -1489,9 +1492,9 @@ class TestCertificateBuilder(object): not_valid_after = datetime.datetime(2030, 12, 31, 8, 30) cert = x509.CertificateBuilder().subject_name( - x509.Name([x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US')]) + x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, u'US')]) ).issuer_name( - x509.Name([x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US')]) + x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, u'US')]) ).not_valid_before( not_valid_before ).not_valid_after( @@ -1502,20 +1505,20 @@ class TestCertificateBuilder(object): 123 ).add_extension( x509.ExtendedKeyUsage([ - x509.OID_CLIENT_AUTH, - x509.OID_SERVER_AUTH, - x509.OID_CODE_SIGNING, + ExtendedKeyUsageOID.CLIENT_AUTH, + ExtendedKeyUsageOID.SERVER_AUTH, + ExtendedKeyUsageOID.CODE_SIGNING, ]), critical=False ).sign(issuer_private_key, hashes.SHA256(), backend) eku = cert.extensions.get_extension_for_oid( - x509.OID_EXTENDED_KEY_USAGE + ExtensionOID.EXTENDED_KEY_USAGE ) assert eku.critical is False assert eku.value == x509.ExtendedKeyUsage([ - x509.OID_CLIENT_AUTH, - x509.OID_SERVER_AUTH, - x509.OID_CODE_SIGNING, + ExtendedKeyUsageOID.CLIENT_AUTH, + ExtendedKeyUsageOID.SERVER_AUTH, + ExtendedKeyUsageOID.CODE_SIGNING, ]) @pytest.mark.requires_backend_interface(interface=RSABackend) @@ -1528,9 +1531,9 @@ class TestCertificateBuilder(object): not_valid_after = datetime.datetime(2030, 12, 31, 8, 30) cert = x509.CertificateBuilder().subject_name( - x509.Name([x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US')]) + x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, u'US')]) ).issuer_name( - x509.Name([x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US')]) + x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, u'US')]) ).not_valid_before( not_valid_before ).not_valid_after( @@ -1544,7 +1547,7 @@ class TestCertificateBuilder(object): ).sign(issuer_private_key, hashes.SHA256(), backend) ext = cert.extensions.get_extension_for_oid( - x509.OID_INHIBIT_ANY_POLICY + ExtensionOID.INHIBIT_ANY_POLICY ) assert ext.value == x509.InhibitAnyPolicy(3) @@ -1558,9 +1561,9 @@ class TestCertificateBuilder(object): not_valid_after = datetime.datetime(2030, 12, 31, 8, 30) cert = x509.CertificateBuilder().subject_name( - x509.Name([x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US')]) + x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, u'US')]) ).issuer_name( - x509.Name([x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US')]) + x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, u'US')]) ).not_valid_before( not_valid_before ).not_valid_after( @@ -1584,7 +1587,7 @@ class TestCertificateBuilder(object): critical=False ).sign(issuer_private_key, hashes.SHA256(), backend) - ext = cert.extensions.get_extension_for_oid(x509.OID_KEY_USAGE) + ext = cert.extensions.get_extension_for_oid(ExtensionOID.KEY_USAGE) assert ext.critical is False assert ext.value == x509.KeyUsage( digital_signature=True, @@ -1625,7 +1628,7 @@ class TestCertificateSigningRequestBuilder(object): request = x509.CertificateSigningRequestBuilder().subject_name( x509.Name([ - x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'PyCA'), + x509.NameAttribute(NameOID.ORGANIZATION_NAME, u'PyCA'), ]) ).add_extension( x509.BasicConstraints(ca=True, path_length=2), critical=True @@ -1637,10 +1640,10 @@ class TestCertificateSigningRequestBuilder(object): subject = request.subject assert isinstance(subject, x509.Name) assert list(subject) == [ - x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'PyCA'), + x509.NameAttribute(NameOID.ORGANIZATION_NAME, u'PyCA'), ] basic_constraints = request.extensions.get_extension_for_oid( - x509.OID_BASIC_CONSTRAINTS + ExtensionOID.BASIC_CONSTRAINTS ) assert basic_constraints.value.ca is True assert basic_constraints.value.path_length == 2 @@ -1651,7 +1654,7 @@ class TestCertificateSigningRequestBuilder(object): request = x509.CertificateSigningRequestBuilder().subject_name( x509.Name([ - x509.NameAttribute(x509.OID_ORGANIZATION_NAME, + x509.NameAttribute(NameOID.ORGANIZATION_NAME, u'PyCA\U0001f37a'), ]) ).add_extension( @@ -1664,7 +1667,7 @@ class TestCertificateSigningRequestBuilder(object): subject = loaded_request.subject assert isinstance(subject, x509.Name) assert list(subject) == [ - x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'PyCA\U0001f37a'), + x509.NameAttribute(NameOID.ORGANIZATION_NAME, u'PyCA\U0001f37a'), ] @pytest.mark.requires_backend_interface(interface=RSABackend) @@ -1673,7 +1676,7 @@ class TestCertificateSigningRequestBuilder(object): request = x509.CertificateSigningRequestBuilder().subject_name( x509.Name([ - x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), + x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'), ]) ).add_extension( x509.BasicConstraints(ca=False, path_length=None), critical=True, @@ -1685,10 +1688,10 @@ class TestCertificateSigningRequestBuilder(object): subject = request.subject assert isinstance(subject, x509.Name) assert list(subject) == [ - x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), + x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'), ] basic_constraints = request.extensions.get_extension_for_oid( - x509.OID_BASIC_CONSTRAINTS + ExtensionOID.BASIC_CONSTRAINTS ) assert basic_constraints.value.ca is False assert basic_constraints.value.path_length is None @@ -1703,7 +1706,7 @@ class TestCertificateSigningRequestBuilder(object): request = x509.CertificateSigningRequestBuilder().subject_name( x509.Name([ - x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Texas'), + x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u'Texas'), ]) ).add_extension( x509.BasicConstraints(ca=True, path_length=2), critical=True @@ -1715,10 +1718,10 @@ class TestCertificateSigningRequestBuilder(object): subject = request.subject assert isinstance(subject, x509.Name) assert list(subject) == [ - x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Texas'), + x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u'Texas'), ] basic_constraints = request.extensions.get_extension_for_oid( - x509.OID_BASIC_CONSTRAINTS + ExtensionOID.BASIC_CONSTRAINTS ) assert basic_constraints.value.ca is True assert basic_constraints.value.path_length == 2 @@ -1732,7 +1735,7 @@ class TestCertificateSigningRequestBuilder(object): request = x509.CertificateSigningRequestBuilder().subject_name( x509.Name([ - x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), + x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'), ]) ).add_extension( x509.BasicConstraints(ca=True, path_length=2), critical=True @@ -1744,10 +1747,10 @@ class TestCertificateSigningRequestBuilder(object): subject = request.subject assert isinstance(subject, x509.Name) assert list(subject) == [ - x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), + x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'), ] basic_constraints = request.extensions.get_extension_for_oid( - x509.OID_BASIC_CONSTRAINTS + ExtensionOID.BASIC_CONSTRAINTS ) assert basic_constraints.value.ca is True assert basic_constraints.value.path_length == 2 @@ -1777,7 +1780,7 @@ class TestCertificateSigningRequestBuilder(object): builder = x509.CertificateSigningRequestBuilder() builder = builder.subject_name( x509.Name([ - x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), + x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'), ]) ).add_extension( x509.SubjectAlternativeName([x509.DNSName(u"cryptography.io")]), @@ -1793,7 +1796,7 @@ class TestCertificateSigningRequestBuilder(object): builder = x509.CertificateSigningRequestBuilder() request = builder.subject_name( x509.Name([ - x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), + x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'), ]) ).add_extension( x509.KeyUsage( @@ -1810,7 +1813,7 @@ class TestCertificateSigningRequestBuilder(object): critical=False ).sign(private_key, hashes.SHA256(), backend) assert len(request.extensions) == 1 - ext = request.extensions.get_extension_for_oid(x509.OID_KEY_USAGE) + ext = request.extensions.get_extension_for_oid(ExtensionOID.KEY_USAGE) assert ext.critical is False assert ext.value == x509.KeyUsage( digital_signature=True, @@ -1829,7 +1832,7 @@ class TestCertificateSigningRequestBuilder(object): builder = x509.CertificateSigningRequestBuilder() request = builder.subject_name( x509.Name([ - x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), + x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'), ]) ).add_extension( x509.KeyUsage( @@ -1846,7 +1849,7 @@ class TestCertificateSigningRequestBuilder(object): critical=False ).sign(private_key, hashes.SHA256(), backend) assert len(request.extensions) == 1 - ext = request.extensions.get_extension_for_oid(x509.OID_KEY_USAGE) + ext = request.extensions.get_extension_for_oid(ExtensionOID.KEY_USAGE) assert ext.critical is False assert ext.value == x509.KeyUsage( digital_signature=False, @@ -1864,7 +1867,7 @@ class TestCertificateSigningRequestBuilder(object): private_key = RSA_KEY_2048.private_key(backend) builder = x509.CertificateSigningRequestBuilder() request = builder.subject_name( - x509.Name([x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US')]) + x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, u'US')]) ).add_extension( x509.SubjectAlternativeName([x509.DNSName(u"cryptography.io")]), critical=False, @@ -1876,12 +1879,12 @@ class TestCertificateSigningRequestBuilder(object): public_key = request.public_key() assert isinstance(public_key, rsa.RSAPublicKey) basic_constraints = request.extensions.get_extension_for_oid( - x509.OID_BASIC_CONSTRAINTS + ExtensionOID.BASIC_CONSTRAINTS ) assert basic_constraints.value.ca is True assert basic_constraints.value.path_length == 2 ext = request.extensions.get_extension_for_oid( - x509.OID_SUBJECT_ALTERNATIVE_NAME + ExtensionOID.SUBJECT_ALTERNATIVE_NAME ) assert list(ext.value) == [x509.DNSName(u"cryptography.io")] @@ -1889,13 +1892,13 @@ class TestCertificateSigningRequestBuilder(object): builder = x509.CertificateSigningRequestBuilder() builder = builder.subject_name( x509.Name([ - x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), + x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'), ]) ) with pytest.raises(ValueError): builder.subject_name( x509.Name([ - x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), + x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'), ]) ) @@ -1904,7 +1907,7 @@ class TestCertificateSigningRequestBuilder(object): csr = x509.CertificateSigningRequestBuilder().subject_name( x509.Name([ - x509.NameAttribute(x509.OID_COMMON_NAME, u"SAN"), + x509.NameAttribute(NameOID.COMMON_NAME, u"SAN"), ]) ).add_extension( x509.SubjectAlternativeName([ @@ -1912,9 +1915,9 @@ class TestCertificateSigningRequestBuilder(object): x509.DNSName(u"*.example.com"), x509.RegisteredID(x509.ObjectIdentifier("1.2.3.4.5.6.7")), x509.DirectoryName(x509.Name([ - x509.NameAttribute(x509.OID_COMMON_NAME, u'PyCA'), + x509.NameAttribute(NameOID.COMMON_NAME, u'PyCA'), x509.NameAttribute( - x509.OID_ORGANIZATION_NAME, u'We heart UTF8!\u2122' + NameOID.ORGANIZATION_NAME, u'We heart UTF8!\u2122' ) ])), x509.IPAddress(ipaddress.ip_address(u"127.0.0.1")), @@ -1938,18 +1941,18 @@ class TestCertificateSigningRequestBuilder(object): assert len(csr.extensions) == 1 ext = csr.extensions.get_extension_for_oid( - x509.OID_SUBJECT_ALTERNATIVE_NAME + ExtensionOID.SUBJECT_ALTERNATIVE_NAME ) assert not ext.critical - assert ext.oid == x509.OID_SUBJECT_ALTERNATIVE_NAME + assert ext.oid == ExtensionOID.SUBJECT_ALTERNATIVE_NAME assert list(ext.value) == [ x509.DNSName(u"example.com"), x509.DNSName(u"*.example.com"), x509.RegisteredID(x509.ObjectIdentifier("1.2.3.4.5.6.7")), x509.DirectoryName(x509.Name([ - x509.NameAttribute(x509.OID_COMMON_NAME, u'PyCA'), + x509.NameAttribute(NameOID.COMMON_NAME, u'PyCA'), x509.NameAttribute( - x509.OID_ORGANIZATION_NAME, u'We heart UTF8!\u2122' + NameOID.ORGANIZATION_NAME, u'We heart UTF8!\u2122' ), ])), x509.IPAddress(ipaddress.ip_address(u"127.0.0.1")), @@ -1974,7 +1977,7 @@ class TestCertificateSigningRequestBuilder(object): builder = x509.CertificateSigningRequestBuilder().subject_name( x509.Name([ - x509.NameAttribute(x509.OID_COMMON_NAME, u"SAN"), + x509.NameAttribute(NameOID.COMMON_NAME, u"SAN"), ]) ).add_extension( x509.SubjectAlternativeName([ @@ -1993,7 +1996,7 @@ class TestCertificateSigningRequestBuilder(object): builder = x509.CertificateSigningRequestBuilder().subject_name( x509.Name([ - x509.NameAttribute(x509.OID_COMMON_NAME, u"SAN"), + x509.NameAttribute(NameOID.COMMON_NAME, u"SAN"), ]) ).add_extension( x509.SubjectAlternativeName([FakeGeneralName("")]), @@ -2007,23 +2010,23 @@ class TestCertificateSigningRequestBuilder(object): private_key = RSA_KEY_2048.private_key(backend) builder = x509.CertificateSigningRequestBuilder() request = builder.subject_name( - x509.Name([x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US')]) + x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, u'US')]) ).add_extension( x509.ExtendedKeyUsage([ - x509.OID_CLIENT_AUTH, - x509.OID_SERVER_AUTH, - x509.OID_CODE_SIGNING, + ExtendedKeyUsageOID.CLIENT_AUTH, + ExtendedKeyUsageOID.SERVER_AUTH, + ExtendedKeyUsageOID.CODE_SIGNING, ]), critical=False ).sign(private_key, hashes.SHA256(), backend) eku = request.extensions.get_extension_for_oid( - x509.OID_EXTENDED_KEY_USAGE + ExtensionOID.EXTENDED_KEY_USAGE ) assert eku.critical is False assert eku.value == x509.ExtendedKeyUsage([ - x509.OID_CLIENT_AUTH, - x509.OID_SERVER_AUTH, - x509.OID_CODE_SIGNING, + ExtendedKeyUsageOID.CLIENT_AUTH, + ExtendedKeyUsageOID.SERVER_AUTH, + ExtendedKeyUsageOID.CODE_SIGNING, ]) @pytest.mark.requires_backend_interface(interface=RSABackend) @@ -2031,7 +2034,7 @@ class TestCertificateSigningRequestBuilder(object): private_key = rsa.generate_private_key(65537, 512, backend) builder = x509.CertificateSigningRequestBuilder() builder = builder.subject_name( - x509.Name([x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US')]) + x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, u'US')]) ) with pytest.raises(ValueError) as exc: @@ -2050,11 +2053,11 @@ class TestCertificateSigningRequestBuilder(object): aia = x509.AuthorityInformationAccess([ x509.AccessDescription( - x509.OID_OCSP, + AuthorityInformationAccessOID.OCSP, x509.UniformResourceIdentifier(u"http://ocsp.domain.com") ), x509.AccessDescription( - x509.OID_CA_ISSUERS, + AuthorityInformationAccessOID.CA_ISSUERS, x509.UniformResourceIdentifier(u"http://domain.com/ca.crt") ) ]) @@ -2062,9 +2065,9 @@ class TestCertificateSigningRequestBuilder(object): builder = x509.CertificateBuilder().serial_number( 777 ).issuer_name(x509.Name([ - x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), + x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'), ])).subject_name(x509.Name([ - x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), + x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'), ])).public_key( subject_private_key.public_key() ).add_extension( @@ -2078,7 +2081,7 @@ class TestCertificateSigningRequestBuilder(object): cert = builder.sign(issuer_private_key, hashes.SHA1(), backend) ext = cert.extensions.get_extension_for_oid( - x509.OID_AUTHORITY_INFORMATION_ACCESS + ExtensionOID.AUTHORITY_INFORMATION_ACCESS ) assert ext.value == aia @@ -2098,9 +2101,9 @@ class TestCertificateSigningRequestBuilder(object): builder = x509.CertificateBuilder().serial_number( 777 ).issuer_name(x509.Name([ - x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), + x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'), ])).subject_name(x509.Name([ - x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), + x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'), ])).public_key( subject_private_key.public_key() ).add_extension( @@ -2114,7 +2117,7 @@ class TestCertificateSigningRequestBuilder(object): cert = builder.sign(issuer_private_key, hashes.SHA1(), backend) ext = cert.extensions.get_extension_for_oid( - x509.OID_SUBJECT_KEY_IDENTIFIER + ExtensionOID.SUBJECT_KEY_IDENTIFIER ) assert ext.value == ski @@ -2134,10 +2137,10 @@ class TestCertificateSigningRequestBuilder(object): x509.DirectoryName( x509.Name([ x509.NameAttribute( - x509.OID_ORGANIZATION_NAME, u"PyCA" + NameOID.ORGANIZATION_NAME, u"PyCA" ), x509.NameAttribute( - x509.OID_COMMON_NAME, u"cryptography CA" + NameOID.COMMON_NAME, u"cryptography CA" ) ]) ) @@ -2150,10 +2153,10 @@ class TestCertificateSigningRequestBuilder(object): x509.DirectoryName( x509.Name([ x509.NameAttribute( - x509.OID_ORGANIZATION_NAME, u"PyCA" + NameOID.ORGANIZATION_NAME, u"PyCA" ), x509.NameAttribute( - x509.OID_COMMON_NAME, u"cryptography CA" + NameOID.COMMON_NAME, u"cryptography CA" ) ]) ) @@ -2174,9 +2177,9 @@ class TestCertificateSigningRequestBuilder(object): builder = x509.CertificateBuilder().serial_number( 777 ).issuer_name(x509.Name([ - x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), + x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'), ])).subject_name(x509.Name([ - x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), + x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'), ])).public_key( subject_private_key.public_key() ).add_extension( @@ -2190,7 +2193,7 @@ class TestCertificateSigningRequestBuilder(object): cert = builder.sign(issuer_private_key, hashes.SHA256(), backend) ext = cert.extensions.get_extension_for_oid( - x509.OID_AUTHORITY_KEY_IDENTIFIER + ExtensionOID.AUTHORITY_KEY_IDENTIFIER ) assert ext.value == aki @@ -2204,9 +2207,9 @@ class TestCertificateSigningRequestBuilder(object): builder = x509.CertificateBuilder().serial_number( 777 ).issuer_name(x509.Name([ - x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), + x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'), ])).subject_name(x509.Name([ - x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), + x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'), ])).public_key( subject_private_key.public_key() ).add_extension( @@ -2220,7 +2223,7 @@ class TestCertificateSigningRequestBuilder(object): cert = builder.sign(issuer_private_key, hashes.SHA256(), backend) ext = cert.extensions.get_extension_for_oid( - x509.OID_OCSP_NO_CHECK + ExtensionOID.OCSP_NO_CHECK ) assert isinstance(ext.value, x509.OCSPNoCheck) @@ -2296,11 +2299,11 @@ class TestDSACertificate(object): subject = request.subject assert isinstance(subject, x509.Name) assert list(subject) == [ - x509.NameAttribute(x509.OID_COMMON_NAME, u'cryptography.io'), - x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'PyCA'), - x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), - x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Texas'), - x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Austin'), + x509.NameAttribute(NameOID.COMMON_NAME, u'cryptography.io'), + x509.NameAttribute(NameOID.ORGANIZATION_NAME, u'PyCA'), + x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'), + x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u'Texas'), + x509.NameAttribute(NameOID.LOCALITY_NAME, u'Austin'), ] @@ -2360,11 +2363,11 @@ class TestECDSACertificate(object): subject = request.subject assert isinstance(subject, x509.Name) assert list(subject) == [ - x509.NameAttribute(x509.OID_COMMON_NAME, u'cryptography.io'), - x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'PyCA'), - x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), - x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Texas'), - x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Austin'), + x509.NameAttribute(NameOID.COMMON_NAME, u'cryptography.io'), + x509.NameAttribute(NameOID.ORGANIZATION_NAME, u'PyCA'), + x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'), + x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u'Texas'), + x509.NameAttribute(NameOID.LOCALITY_NAME, u'Austin'), ] @@ -2460,8 +2463,8 @@ class TestName(object): def test_repr(self): name = x509.Name([ - x509.NameAttribute(x509.OID_COMMON_NAME, u'cryptography.io'), - x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'PyCA'), + x509.NameAttribute(NameOID.COMMON_NAME, u'cryptography.io'), + x509.NameAttribute(NameOID.ORGANIZATION_NAME, u'PyCA'), ]) if six.PY3: |