aboutsummaryrefslogtreecommitdiffstats
path: root/tests
diff options
context:
space:
mode:
Diffstat (limited to 'tests')
-rw-r--r--tests/test_x509_ext.py298
1 files changed, 298 insertions, 0 deletions
diff --git a/tests/test_x509_ext.py b/tests/test_x509_ext.py
index 2852776b..72f2f9e4 100644
--- a/tests/test_x509_ext.py
+++ b/tests/test_x509_ext.py
@@ -463,6 +463,57 @@ class TestKeyUsage(object):
"only=False)>"
)
+ def test_eq(self):
+ ku = x509.KeyUsage(
+ digital_signature=False,
+ content_commitment=False,
+ key_encipherment=False,
+ data_encipherment=False,
+ key_agreement=True,
+ key_cert_sign=False,
+ crl_sign=False,
+ encipher_only=False,
+ decipher_only=True
+ )
+ ku2 = x509.KeyUsage(
+ digital_signature=False,
+ content_commitment=False,
+ key_encipherment=False,
+ data_encipherment=False,
+ key_agreement=True,
+ key_cert_sign=False,
+ crl_sign=False,
+ encipher_only=False,
+ decipher_only=True
+ )
+ assert ku == ku2
+
+ def test_ne(self):
+ ku = x509.KeyUsage(
+ digital_signature=False,
+ content_commitment=False,
+ key_encipherment=False,
+ data_encipherment=False,
+ key_agreement=True,
+ key_cert_sign=False,
+ crl_sign=False,
+ encipher_only=False,
+ decipher_only=True
+ )
+ ku2 = x509.KeyUsage(
+ digital_signature=False,
+ content_commitment=False,
+ key_encipherment=False,
+ data_encipherment=False,
+ key_agreement=False,
+ key_cert_sign=False,
+ crl_sign=False,
+ encipher_only=False,
+ decipher_only=False
+ )
+ assert ku != ku2
+ assert ku != object()
+
class TestSubjectKeyIdentifier(object):
def test_properties(self):
@@ -622,6 +673,19 @@ class TestBasicConstraints(object):
"<BasicConstraints(ca=True, path_length=None)>"
)
+ def test_eq(self):
+ na = x509.BasicConstraints(ca=True, path_length=None)
+ na2 = x509.BasicConstraints(ca=True, path_length=None)
+ assert na == na2
+
+ def test_ne(self):
+ na = x509.BasicConstraints(ca=True, path_length=None)
+ na2 = x509.BasicConstraints(ca=True, path_length=1)
+ na3 = x509.BasicConstraints(ca=False, path_length=None)
+ assert na != na2
+ assert na != na3
+ assert na != object()
+
class TestExtendedKeyUsage(object):
def test_not_all_oids(self):
@@ -1077,6 +1141,25 @@ class TestSubjectAlternativeName(object):
"<SubjectAlternativeName([<DNSName(value=cryptography.io)>])>"
)
+ def test_eq(self):
+ san = x509.SubjectAlternativeName(
+ [x509.DNSName(u"cryptography.io")]
+ )
+ san2 = x509.SubjectAlternativeName(
+ [x509.DNSName(u"cryptography.io")]
+ )
+ assert san == san2
+
+ def test_ne(self):
+ san = x509.SubjectAlternativeName(
+ [x509.DNSName(u"cryptography.io")]
+ )
+ san2 = x509.SubjectAlternativeName(
+ [x509.RFC822Name(u"admin@cryptography.io")]
+ )
+ assert san != san2
+ assert san != object()
+
@pytest.mark.requires_backend_interface(interface=RSABackend)
@pytest.mark.requires_backend_interface(interface=X509Backend)
@@ -1929,3 +2012,218 @@ class TestCRLDistributionPoints(object):
assert cdp != cdp3
assert cdp != cdp4
assert cdp != object()
+
+
+@pytest.mark.requires_backend_interface(interface=RSABackend)
+@pytest.mark.requires_backend_interface(interface=X509Backend)
+class TestCRLDistributionPointsExtension(object):
+ def test_fullname_and_crl_issuer(self, backend):
+ cert = _load_cert(
+ os.path.join(
+ "x509", "PKITS_data", "certs", "ValidcRLIssuerTest28EE.crt"
+ ),
+ x509.load_der_x509_certificate,
+ backend
+ )
+
+ cdps = cert.extensions.get_extension_for_oid(
+ x509.OID_CRL_DISTRIBUTION_POINTS
+ ).value
+
+ assert cdps == x509.CRLDistributionPoints([
+ x509.DistributionPoint(
+ full_name=[x509.DirectoryName(
+ x509.Name([
+ x509.NameAttribute(x509.OID_COUNTRY_NAME, "US"),
+ x509.NameAttribute(
+ x509.OID_ORGANIZATION_NAME,
+ "Test Certificates 2011"
+ ),
+ x509.NameAttribute(
+ x509.OID_ORGANIZATIONAL_UNIT_NAME,
+ "indirectCRL CA3 cRLIssuer"
+ ),
+ x509.NameAttribute(
+ x509.OID_COMMON_NAME,
+ "indirect CRL for indirectCRL CA3"
+ ),
+ ])
+ )],
+ relative_name=None,
+ reasons=None,
+ crl_issuer=[x509.DirectoryName(
+ x509.Name([
+ x509.NameAttribute(x509.OID_COUNTRY_NAME, "US"),
+ x509.NameAttribute(
+ x509.OID_ORGANIZATION_NAME,
+ "Test Certificates 2011"
+ ),
+ x509.NameAttribute(
+ x509.OID_ORGANIZATIONAL_UNIT_NAME,
+ "indirectCRL CA3 cRLIssuer"
+ ),
+ ])
+ )],
+ )
+ ])
+
+ def test_relativename_and_crl_issuer(self, backend):
+ cert = _load_cert(
+ os.path.join(
+ "x509", "PKITS_data", "certs", "ValidcRLIssuerTest29EE.crt"
+ ),
+ x509.load_der_x509_certificate,
+ backend
+ )
+
+ cdps = cert.extensions.get_extension_for_oid(
+ x509.OID_CRL_DISTRIBUTION_POINTS
+ ).value
+
+ assert cdps == x509.CRLDistributionPoints([
+ x509.DistributionPoint(
+ full_name=None,
+ relative_name=x509.Name([
+ x509.NameAttribute(
+ x509.OID_COMMON_NAME,
+ "indirect CRL for indirectCRL CA3"
+ ),
+ ]),
+ reasons=None,
+ crl_issuer=[x509.DirectoryName(
+ x509.Name([
+ x509.NameAttribute(x509.OID_COUNTRY_NAME, "US"),
+ x509.NameAttribute(
+ x509.OID_ORGANIZATION_NAME,
+ "Test Certificates 2011"
+ ),
+ x509.NameAttribute(
+ x509.OID_ORGANIZATIONAL_UNIT_NAME,
+ "indirectCRL CA3 cRLIssuer"
+ ),
+ ])
+ )],
+ )
+ ])
+
+ def test_fullname_crl_issuer_reasons(self, backend):
+ cert = _load_cert(
+ os.path.join(
+ "x509", "custom", "cdp_fullname_reasons_crl_issuer.pem"
+ ),
+ x509.load_pem_x509_certificate,
+ backend
+ )
+
+ cdps = cert.extensions.get_extension_for_oid(
+ x509.OID_CRL_DISTRIBUTION_POINTS
+ ).value
+
+ assert cdps == x509.CRLDistributionPoints([
+ x509.DistributionPoint(
+ full_name=[x509.UniformResourceIdentifier(
+ u"http://myhost.com/myca.crl"
+ )],
+ relative_name=None,
+ reasons=frozenset([
+ x509.ReasonFlags.key_compromise,
+ x509.ReasonFlags.ca_compromise
+ ]),
+ crl_issuer=[x509.DirectoryName(
+ x509.Name([
+ x509.NameAttribute(x509.OID_COUNTRY_NAME, "US"),
+ x509.NameAttribute(
+ x509.OID_ORGANIZATION_NAME, "PyCA"
+ ),
+ x509.NameAttribute(
+ x509.OID_COMMON_NAME, "cryptography CA"
+ ),
+ ])
+ )],
+ )
+ ])
+
+ def test_all_reasons(self, backend):
+ cert = _load_cert(
+ os.path.join(
+ "x509", "custom", "cdp_all_reasons.pem"
+ ),
+ x509.load_pem_x509_certificate,
+ backend
+ )
+
+ cdps = cert.extensions.get_extension_for_oid(
+ x509.OID_CRL_DISTRIBUTION_POINTS
+ ).value
+
+ assert cdps == x509.CRLDistributionPoints([
+ x509.DistributionPoint(
+ full_name=[x509.UniformResourceIdentifier(
+ u"http://domain.com/some.crl"
+ )],
+ relative_name=None,
+ reasons=frozenset([
+ x509.ReasonFlags.key_compromise,
+ x509.ReasonFlags.ca_compromise,
+ x509.ReasonFlags.affiliation_changed,
+ x509.ReasonFlags.superseded,
+ x509.ReasonFlags.privilege_withdrawn,
+ x509.ReasonFlags.cessation_of_operation,
+ x509.ReasonFlags.aa_compromise,
+ x509.ReasonFlags.certificate_hold,
+ ]),
+ crl_issuer=None
+ )
+ ])
+
+ def test_single_reason(self, backend):
+ cert = _load_cert(
+ os.path.join(
+ "x509", "custom", "cdp_reason_aa_compromise.pem"
+ ),
+ x509.load_pem_x509_certificate,
+ backend
+ )
+
+ cdps = cert.extensions.get_extension_for_oid(
+ x509.OID_CRL_DISTRIBUTION_POINTS
+ ).value
+
+ assert cdps == x509.CRLDistributionPoints([
+ x509.DistributionPoint(
+ full_name=[x509.UniformResourceIdentifier(
+ u"http://domain.com/some.crl"
+ )],
+ relative_name=None,
+ reasons=frozenset([x509.ReasonFlags.aa_compromise]),
+ crl_issuer=None
+ )
+ ])
+
+ def test_crl_issuer_only(self, backend):
+ cert = _load_cert(
+ os.path.join(
+ "x509", "custom", "cdp_crl_issuer.pem"
+ ),
+ x509.load_pem_x509_certificate,
+ backend
+ )
+
+ cdps = cert.extensions.get_extension_for_oid(
+ x509.OID_CRL_DISTRIBUTION_POINTS
+ ).value
+
+ assert cdps == x509.CRLDistributionPoints([
+ x509.DistributionPoint(
+ full_name=None,
+ relative_name=None,
+ reasons=None,
+ crl_issuer=[x509.DirectoryName(
+ x509.Name([
+ x509.NameAttribute(
+ x509.OID_COMMON_NAME, "cryptography CA"
+ ),
+ ])
+ )],
+ )
+ ])
generated by cgit v1.2.3 (git 2.25.1) at 2025-11-04 02:11:18 +0000