aboutsummaryrefslogtreecommitdiffstats
path: root/tests
diff options
context:
space:
mode:
Diffstat (limited to 'tests')
-rw-r--r--tests/test_x509.py475
-rw-r--r--tests/test_x509_ext.py279
2 files changed, 382 insertions, 372 deletions
diff --git a/tests/test_x509.py b/tests/test_x509.py
index 94340579..b7602d18 100644
--- a/tests/test_x509.py
+++ b/tests/test_x509.py
@@ -20,6 +20,9 @@ from cryptography.hazmat.backends.interfaces import (
)
from cryptography.hazmat.primitives import hashes, serialization
from cryptography.hazmat.primitives.asymmetric import dsa, ec, rsa
+from cryptography.x509.oid import (
+ AuthorityInformationAccessOID, ExtendedKeyUsageOID, ExtensionOID, NameOID
+)
from .hazmat.primitives.fixtures_dsa import DSA_KEY_2048
from .hazmat.primitives.fixtures_rsa import RSA_KEY_2048, RSA_KEY_512
@@ -88,14 +91,14 @@ class TestRSACertificate(object):
issuer = cert.issuer
assert isinstance(issuer, x509.Name)
assert list(issuer) == [
- x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
+ x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'),
x509.NameAttribute(
- x509.OID_ORGANIZATION_NAME, u'Test Certificates 2011'
+ NameOID.ORGANIZATION_NAME, u'Test Certificates 2011'
),
- x509.NameAttribute(x509.OID_COMMON_NAME, u'Good CA')
+ x509.NameAttribute(NameOID.COMMON_NAME, u'Good CA')
]
- assert issuer.get_attributes_for_oid(x509.OID_COMMON_NAME) == [
- x509.NameAttribute(x509.OID_COMMON_NAME, u'Good CA')
+ assert issuer.get_attributes_for_oid(NameOID.COMMON_NAME) == [
+ x509.NameAttribute(NameOID.COMMON_NAME, u'Good CA')
]
def test_all_issuer_name_types(self, backend):
@@ -111,36 +114,36 @@ class TestRSACertificate(object):
assert isinstance(issuer, x509.Name)
assert list(issuer) == [
- x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
- x509.NameAttribute(x509.OID_COUNTRY_NAME, u'CA'),
- x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Texas'),
- x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Illinois'),
- x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Chicago'),
- x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Austin'),
- x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'Zero, LLC'),
- x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'One, LLC'),
- x509.NameAttribute(x509.OID_COMMON_NAME, u'common name 0'),
- x509.NameAttribute(x509.OID_COMMON_NAME, u'common name 1'),
- x509.NameAttribute(x509.OID_ORGANIZATIONAL_UNIT_NAME, u'OU 0'),
- x509.NameAttribute(x509.OID_ORGANIZATIONAL_UNIT_NAME, u'OU 1'),
- x509.NameAttribute(x509.OID_DN_QUALIFIER, u'dnQualifier0'),
- x509.NameAttribute(x509.OID_DN_QUALIFIER, u'dnQualifier1'),
- x509.NameAttribute(x509.OID_SERIAL_NUMBER, u'123'),
- x509.NameAttribute(x509.OID_SERIAL_NUMBER, u'456'),
- x509.NameAttribute(x509.OID_TITLE, u'Title 0'),
- x509.NameAttribute(x509.OID_TITLE, u'Title 1'),
- x509.NameAttribute(x509.OID_SURNAME, u'Surname 0'),
- x509.NameAttribute(x509.OID_SURNAME, u'Surname 1'),
- x509.NameAttribute(x509.OID_GIVEN_NAME, u'Given Name 0'),
- x509.NameAttribute(x509.OID_GIVEN_NAME, u'Given Name 1'),
- x509.NameAttribute(x509.OID_PSEUDONYM, u'Incognito 0'),
- x509.NameAttribute(x509.OID_PSEUDONYM, u'Incognito 1'),
- x509.NameAttribute(x509.OID_GENERATION_QUALIFIER, u'Last Gen'),
- x509.NameAttribute(x509.OID_GENERATION_QUALIFIER, u'Next Gen'),
- x509.NameAttribute(x509.OID_DOMAIN_COMPONENT, u'dc0'),
- x509.NameAttribute(x509.OID_DOMAIN_COMPONENT, u'dc1'),
- x509.NameAttribute(x509.OID_EMAIL_ADDRESS, u'test0@test.local'),
- x509.NameAttribute(x509.OID_EMAIL_ADDRESS, u'test1@test.local'),
+ x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'),
+ x509.NameAttribute(NameOID.COUNTRY_NAME, u'CA'),
+ x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u'Texas'),
+ x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u'Illinois'),
+ x509.NameAttribute(NameOID.LOCALITY_NAME, u'Chicago'),
+ x509.NameAttribute(NameOID.LOCALITY_NAME, u'Austin'),
+ x509.NameAttribute(NameOID.ORGANIZATION_NAME, u'Zero, LLC'),
+ x509.NameAttribute(NameOID.ORGANIZATION_NAME, u'One, LLC'),
+ x509.NameAttribute(NameOID.COMMON_NAME, u'common name 0'),
+ x509.NameAttribute(NameOID.COMMON_NAME, u'common name 1'),
+ x509.NameAttribute(NameOID.ORGANIZATIONAL_UNIT_NAME, u'OU 0'),
+ x509.NameAttribute(NameOID.ORGANIZATIONAL_UNIT_NAME, u'OU 1'),
+ x509.NameAttribute(NameOID.DN_QUALIFIER, u'dnQualifier0'),
+ x509.NameAttribute(NameOID.DN_QUALIFIER, u'dnQualifier1'),
+ x509.NameAttribute(NameOID.SERIAL_NUMBER, u'123'),
+ x509.NameAttribute(NameOID.SERIAL_NUMBER, u'456'),
+ x509.NameAttribute(NameOID.TITLE, u'Title 0'),
+ x509.NameAttribute(NameOID.TITLE, u'Title 1'),
+ x509.NameAttribute(NameOID.SURNAME, u'Surname 0'),
+ x509.NameAttribute(NameOID.SURNAME, u'Surname 1'),
+ x509.NameAttribute(NameOID.GIVEN_NAME, u'Given Name 0'),
+ x509.NameAttribute(NameOID.GIVEN_NAME, u'Given Name 1'),
+ x509.NameAttribute(NameOID.PSEUDONYM, u'Incognito 0'),
+ x509.NameAttribute(NameOID.PSEUDONYM, u'Incognito 1'),
+ x509.NameAttribute(NameOID.GENERATION_QUALIFIER, u'Last Gen'),
+ x509.NameAttribute(NameOID.GENERATION_QUALIFIER, u'Next Gen'),
+ x509.NameAttribute(NameOID.DOMAIN_COMPONENT, u'dc0'),
+ x509.NameAttribute(NameOID.DOMAIN_COMPONENT, u'dc1'),
+ x509.NameAttribute(NameOID.EMAIL_ADDRESS, u'test0@test.local'),
+ x509.NameAttribute(NameOID.EMAIL_ADDRESS, u'test1@test.local'),
]
def test_subject(self, backend):
@@ -155,18 +158,18 @@ class TestRSACertificate(object):
subject = cert.subject
assert isinstance(subject, x509.Name)
assert list(subject) == [
- x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
+ x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'),
x509.NameAttribute(
- x509.OID_ORGANIZATION_NAME, u'Test Certificates 2011'
+ NameOID.ORGANIZATION_NAME, u'Test Certificates 2011'
),
x509.NameAttribute(
- x509.OID_COMMON_NAME,
+ NameOID.COMMON_NAME,
u'Valid pre2000 UTC notBefore Date EE Certificate Test3'
)
]
- assert subject.get_attributes_for_oid(x509.OID_COMMON_NAME) == [
+ assert subject.get_attributes_for_oid(NameOID.COMMON_NAME) == [
x509.NameAttribute(
- x509.OID_COMMON_NAME,
+ NameOID.COMMON_NAME,
u'Valid pre2000 UTC notBefore Date EE Certificate Test3'
)
]
@@ -180,15 +183,15 @@ class TestRSACertificate(object):
x509.load_pem_x509_certificate,
backend
)
- assert cert.subject.get_attributes_for_oid(x509.OID_COMMON_NAME) == [
+ assert cert.subject.get_attributes_for_oid(NameOID.COMMON_NAME) == [
x509.NameAttribute(
- x509.OID_COMMON_NAME,
+ NameOID.COMMON_NAME,
u'We heart UTF8!\u2122'
)
]
- assert cert.issuer.get_attributes_for_oid(x509.OID_COMMON_NAME) == [
+ assert cert.issuer.get_attributes_for_oid(NameOID.COMMON_NAME) == [
x509.NameAttribute(
- x509.OID_COMMON_NAME,
+ NameOID.COMMON_NAME,
u'We heart UTF8!\u2122'
)
]
@@ -205,40 +208,40 @@ class TestRSACertificate(object):
subject = cert.subject
assert isinstance(subject, x509.Name)
assert list(subject) == [
- x509.NameAttribute(x509.OID_COUNTRY_NAME, u'AU'),
- x509.NameAttribute(x509.OID_COUNTRY_NAME, u'DE'),
- x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'California'),
- x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'New York'),
- x509.NameAttribute(x509.OID_LOCALITY_NAME, u'San Francisco'),
- x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Ithaca'),
- x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'Org Zero, LLC'),
- x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'Org One, LLC'),
- x509.NameAttribute(x509.OID_COMMON_NAME, u'CN 0'),
- x509.NameAttribute(x509.OID_COMMON_NAME, u'CN 1'),
+ x509.NameAttribute(NameOID.COUNTRY_NAME, u'AU'),
+ x509.NameAttribute(NameOID.COUNTRY_NAME, u'DE'),
+ x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u'California'),
+ x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u'New York'),
+ x509.NameAttribute(NameOID.LOCALITY_NAME, u'San Francisco'),
+ x509.NameAttribute(NameOID.LOCALITY_NAME, u'Ithaca'),
+ x509.NameAttribute(NameOID.ORGANIZATION_NAME, u'Org Zero, LLC'),
+ x509.NameAttribute(NameOID.ORGANIZATION_NAME, u'Org One, LLC'),
+ x509.NameAttribute(NameOID.COMMON_NAME, u'CN 0'),
+ x509.NameAttribute(NameOID.COMMON_NAME, u'CN 1'),
x509.NameAttribute(
- x509.OID_ORGANIZATIONAL_UNIT_NAME, u'Engineering 0'
+ NameOID.ORGANIZATIONAL_UNIT_NAME, u'Engineering 0'
),
x509.NameAttribute(
- x509.OID_ORGANIZATIONAL_UNIT_NAME, u'Engineering 1'
+ NameOID.ORGANIZATIONAL_UNIT_NAME, u'Engineering 1'
),
- x509.NameAttribute(x509.OID_DN_QUALIFIER, u'qualified0'),
- x509.NameAttribute(x509.OID_DN_QUALIFIER, u'qualified1'),
- x509.NameAttribute(x509.OID_SERIAL_NUMBER, u'789'),
- x509.NameAttribute(x509.OID_SERIAL_NUMBER, u'012'),
- x509.NameAttribute(x509.OID_TITLE, u'Title IX'),
- x509.NameAttribute(x509.OID_TITLE, u'Title X'),
- x509.NameAttribute(x509.OID_SURNAME, u'Last 0'),
- x509.NameAttribute(x509.OID_SURNAME, u'Last 1'),
- x509.NameAttribute(x509.OID_GIVEN_NAME, u'First 0'),
- x509.NameAttribute(x509.OID_GIVEN_NAME, u'First 1'),
- x509.NameAttribute(x509.OID_PSEUDONYM, u'Guy Incognito 0'),
- x509.NameAttribute(x509.OID_PSEUDONYM, u'Guy Incognito 1'),
- x509.NameAttribute(x509.OID_GENERATION_QUALIFIER, u'32X'),
- x509.NameAttribute(x509.OID_GENERATION_QUALIFIER, u'Dreamcast'),
- x509.NameAttribute(x509.OID_DOMAIN_COMPONENT, u'dc2'),
- x509.NameAttribute(x509.OID_DOMAIN_COMPONENT, u'dc3'),
- x509.NameAttribute(x509.OID_EMAIL_ADDRESS, u'test2@test.local'),
- x509.NameAttribute(x509.OID_EMAIL_ADDRESS, u'test3@test.local'),
+ x509.NameAttribute(NameOID.DN_QUALIFIER, u'qualified0'),
+ x509.NameAttribute(NameOID.DN_QUALIFIER, u'qualified1'),
+ x509.NameAttribute(NameOID.SERIAL_NUMBER, u'789'),
+ x509.NameAttribute(NameOID.SERIAL_NUMBER, u'012'),
+ x509.NameAttribute(NameOID.TITLE, u'Title IX'),
+ x509.NameAttribute(NameOID.TITLE, u'Title X'),
+ x509.NameAttribute(NameOID.SURNAME, u'Last 0'),
+ x509.NameAttribute(NameOID.SURNAME, u'Last 1'),
+ x509.NameAttribute(NameOID.GIVEN_NAME, u'First 0'),
+ x509.NameAttribute(NameOID.GIVEN_NAME, u'First 1'),
+ x509.NameAttribute(NameOID.PSEUDONYM, u'Guy Incognito 0'),
+ x509.NameAttribute(NameOID.PSEUDONYM, u'Guy Incognito 1'),
+ x509.NameAttribute(NameOID.GENERATION_QUALIFIER, u'32X'),
+ x509.NameAttribute(NameOID.GENERATION_QUALIFIER, u'Dreamcast'),
+ x509.NameAttribute(NameOID.DOMAIN_COMPONENT, u'dc2'),
+ x509.NameAttribute(NameOID.DOMAIN_COMPONENT, u'dc3'),
+ x509.NameAttribute(NameOID.EMAIL_ADDRESS, u'test2@test.local'),
+ x509.NameAttribute(NameOID.EMAIL_ADDRESS, u'test3@test.local'),
]
def test_load_good_ca_cert(self, backend):
@@ -547,11 +550,11 @@ class TestRSACertificateRequest(object):
subject = request.subject
assert isinstance(subject, x509.Name)
assert list(subject) == [
- x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
- x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Texas'),
- x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Austin'),
- x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'PyCA'),
- x509.NameAttribute(x509.OID_COMMON_NAME, u'cryptography.io'),
+ x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'),
+ x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u'Texas'),
+ x509.NameAttribute(NameOID.LOCALITY_NAME, u'Austin'),
+ x509.NameAttribute(NameOID.ORGANIZATION_NAME, u'PyCA'),
+ x509.NameAttribute(NameOID.COMMON_NAME, u'cryptography.io'),
]
extensions = request.extensions
assert isinstance(extensions, x509.Extensions)
@@ -585,7 +588,7 @@ class TestRSACertificateRequest(object):
with pytest.raises(x509.DuplicateExtension) as exc:
request.extensions
- assert exc.value.oid == x509.OID_BASIC_CONSTRAINTS
+ assert exc.value.oid == ExtensionOID.BASIC_CONSTRAINTS
def test_unsupported_critical_extension(self, backend):
request = _load_cert(
@@ -623,7 +626,7 @@ class TestRSACertificateRequest(object):
assert isinstance(extensions, x509.Extensions)
assert list(extensions) == [
x509.Extension(
- x509.OID_BASIC_CONSTRAINTS,
+ ExtensionOID.BASIC_CONSTRAINTS,
True,
x509.BasicConstraints(ca=True, path_length=1),
),
@@ -636,7 +639,7 @@ class TestRSACertificateRequest(object):
backend,
)
ext = request.extensions.get_extension_for_oid(
- x509.OID_SUBJECT_ALTERNATIVE_NAME
+ ExtensionOID.SUBJECT_ALTERNATIVE_NAME
)
assert list(ext.value) == [
x509.DNSName(u"cryptography.io"),
@@ -663,11 +666,11 @@ class TestRSACertificateRequest(object):
subject = request.subject
assert isinstance(subject, x509.Name)
assert list(subject) == [
- x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
- x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Texas'),
- x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Austin'),
- x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'PyCA'),
- x509.NameAttribute(x509.OID_COMMON_NAME, u'cryptography.io'),
+ x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'),
+ x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u'Texas'),
+ x509.NameAttribute(NameOID.LOCALITY_NAME, u'Austin'),
+ x509.NameAttribute(NameOID.ORGANIZATION_NAME, u'PyCA'),
+ x509.NameAttribute(NameOID.COMMON_NAME, u'cryptography.io'),
]
def test_public_bytes_der(self, backend):
@@ -690,11 +693,11 @@ class TestRSACertificateRequest(object):
subject = request.subject
assert isinstance(subject, x509.Name)
assert list(subject) == [
- x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
- x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Texas'),
- x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Austin'),
- x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'PyCA'),
- x509.NameAttribute(x509.OID_COMMON_NAME, u'cryptography.io'),
+ x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'),
+ x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u'Texas'),
+ x509.NameAttribute(NameOID.LOCALITY_NAME, u'Austin'),
+ x509.NameAttribute(NameOID.ORGANIZATION_NAME, u'PyCA'),
+ x509.NameAttribute(NameOID.COMMON_NAME, u'cryptography.io'),
]
def test_public_bytes_invalid_encoding(self, backend):
@@ -790,17 +793,17 @@ class TestRSACertificateRequest(object):
builder = x509.CertificateBuilder().serial_number(
777
).issuer_name(x509.Name([
- x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
- x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Texas'),
- x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Austin'),
- x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'PyCA'),
- x509.NameAttribute(x509.OID_COMMON_NAME, u'cryptography.io'),
+ x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'),
+ x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u'Texas'),
+ x509.NameAttribute(NameOID.LOCALITY_NAME, u'Austin'),
+ x509.NameAttribute(NameOID.ORGANIZATION_NAME, u'PyCA'),
+ x509.NameAttribute(NameOID.COMMON_NAME, u'cryptography.io'),
])).subject_name(x509.Name([
- x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
- x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Texas'),
- x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Austin'),
- x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'PyCA'),
- x509.NameAttribute(x509.OID_COMMON_NAME, u'cryptography.io'),
+ x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'),
+ x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u'Texas'),
+ x509.NameAttribute(NameOID.LOCALITY_NAME, u'Austin'),
+ x509.NameAttribute(NameOID.ORGANIZATION_NAME, u'PyCA'),
+ x509.NameAttribute(NameOID.COMMON_NAME, u'cryptography.io'),
])).public_key(
subject_private_key.public_key()
).add_extension(
@@ -820,12 +823,12 @@ class TestRSACertificateRequest(object):
assert cert.not_valid_before == not_valid_before
assert cert.not_valid_after == not_valid_after
basic_constraints = cert.extensions.get_extension_for_oid(
- x509.OID_BASIC_CONSTRAINTS
+ ExtensionOID.BASIC_CONSTRAINTS
)
assert basic_constraints.value.ca is False
assert basic_constraints.value.path_length is None
subject_alternative_name = cert.extensions.get_extension_for_oid(
- x509.OID_SUBJECT_ALTERNATIVE_NAME
+ ExtensionOID.SUBJECT_ALTERNATIVE_NAME
)
assert list(subject_alternative_name.value) == [
x509.DNSName(u"cryptography.io"),
@@ -838,9 +841,9 @@ class TestCertificateBuilder(object):
def test_checks_for_unsupported_extensions(self, backend):
private_key = RSA_KEY_2048.private_key(backend)
builder = x509.CertificateBuilder().subject_name(x509.Name([
- x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
+ x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'),
])).issuer_name(x509.Name([
- x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
+ x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'),
])).public_key(
private_key.public_key()
).serial_number(
@@ -863,7 +866,7 @@ class TestCertificateBuilder(object):
builder = x509.CertificateBuilder().serial_number(
777
).issuer_name(x509.Name([
- x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
+ x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'),
])).public_key(
subject_private_key.public_key()
).not_valid_before(
@@ -881,7 +884,7 @@ class TestCertificateBuilder(object):
builder = x509.CertificateBuilder().serial_number(
777
).subject_name(x509.Name([
- x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
+ x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'),
])).public_key(
subject_private_key.public_key()
).not_valid_before(
@@ -899,9 +902,9 @@ class TestCertificateBuilder(object):
builder = x509.CertificateBuilder().serial_number(
777
).issuer_name(x509.Name([
- x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
+ x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'),
])).subject_name(x509.Name([
- x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
+ x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'),
])).not_valid_before(
datetime.datetime(2002, 1, 1, 12, 1)
).not_valid_after(
@@ -917,9 +920,9 @@ class TestCertificateBuilder(object):
builder = x509.CertificateBuilder().serial_number(
777
).issuer_name(x509.Name([
- x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
+ x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'),
])).subject_name(x509.Name([
- x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
+ x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'),
])).public_key(
subject_private_key.public_key()
).not_valid_after(
@@ -935,9 +938,9 @@ class TestCertificateBuilder(object):
builder = x509.CertificateBuilder().serial_number(
777
).issuer_name(x509.Name([
- x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
+ x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'),
])).subject_name(x509.Name([
- x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
+ x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'),
])).public_key(
subject_private_key.public_key()
).not_valid_before(
@@ -951,9 +954,9 @@ class TestCertificateBuilder(object):
def test_no_serial_number(self, backend):
subject_private_key = RSA_KEY_2048.private_key(backend)
builder = x509.CertificateBuilder().issuer_name(x509.Name([
- x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
+ x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'),
])).subject_name(x509.Name([
- x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
+ x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'),
])).public_key(
subject_private_key.public_key()
).not_valid_before(
@@ -975,7 +978,7 @@ class TestCertificateBuilder(object):
def test_issuer_name_may_only_be_set_once(self):
name = x509.Name([
- x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
+ x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'),
])
builder = x509.CertificateBuilder().issuer_name(name)
@@ -993,7 +996,7 @@ class TestCertificateBuilder(object):
def test_subject_name_may_only_be_set_once(self):
name = x509.Name([
- x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
+ x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'),
])
builder = x509.CertificateBuilder().subject_name(name)
@@ -1104,9 +1107,9 @@ class TestCertificateBuilder(object):
private_key = RSA_KEY_2048.private_key(backend)
builder = x509.CertificateBuilder()
builder = builder.subject_name(
- x509.Name([x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US')])
+ x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, u'US')])
).issuer_name(
- x509.Name([x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US')])
+ x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, u'US')])
).serial_number(
1
).public_key(
@@ -1129,9 +1132,9 @@ class TestCertificateBuilder(object):
private_key = DSA_KEY_2048.private_key(backend)
builder = x509.CertificateBuilder()
builder = builder.subject_name(
- x509.Name([x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US')])
+ x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, u'US')])
).issuer_name(
- x509.Name([x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US')])
+ x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, u'US')])
).serial_number(
1
).public_key(
@@ -1155,9 +1158,9 @@ class TestCertificateBuilder(object):
private_key = ec.generate_private_key(ec.SECP256R1(), backend)
builder = x509.CertificateBuilder()
builder = builder.subject_name(
- x509.Name([x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US')])
+ x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, u'US')])
).issuer_name(
- x509.Name([x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US')])
+ x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, u'US')])
).serial_number(
1
).public_key(
@@ -1179,20 +1182,20 @@ class TestCertificateBuilder(object):
full_name=None,
relative_name=x509.Name([
x509.NameAttribute(
- x509.OID_COMMON_NAME,
+ NameOID.COMMON_NAME,
u"indirect CRL for indirectCRL CA3"
),
]),
reasons=None,
crl_issuer=[x509.DirectoryName(
x509.Name([
- x509.NameAttribute(x509.OID_COUNTRY_NAME, u"US"),
+ x509.NameAttribute(NameOID.COUNTRY_NAME, u"US"),
x509.NameAttribute(
- x509.OID_ORGANIZATION_NAME,
+ NameOID.ORGANIZATION_NAME,
u"Test Certificates 2011"
),
x509.NameAttribute(
- x509.OID_ORGANIZATIONAL_UNIT_NAME,
+ NameOID.ORGANIZATIONAL_UNIT_NAME,
u"indirectCRL CA3 cRLIssuer"
),
])
@@ -1203,7 +1206,7 @@ class TestCertificateBuilder(object):
x509.DistributionPoint(
full_name=[x509.DirectoryName(
x509.Name([
- x509.NameAttribute(x509.OID_COUNTRY_NAME, u"US"),
+ x509.NameAttribute(NameOID.COUNTRY_NAME, u"US"),
])
)],
relative_name=None,
@@ -1211,7 +1214,7 @@ class TestCertificateBuilder(object):
crl_issuer=[x509.DirectoryName(
x509.Name([
x509.NameAttribute(
- x509.OID_ORGANIZATION_NAME,
+ NameOID.ORGANIZATION_NAME,
u"cryptography Testing"
),
])
@@ -1235,9 +1238,9 @@ class TestCertificateBuilder(object):
]),
crl_issuer=[x509.DirectoryName(
x509.Name([
- x509.NameAttribute(x509.OID_COUNTRY_NAME, u"US"),
+ x509.NameAttribute(NameOID.COUNTRY_NAME, u"US"),
x509.NameAttribute(
- x509.OID_COMMON_NAME, u"cryptography CA"
+ NameOID.COMMON_NAME, u"cryptography CA"
),
])
)],
@@ -1270,7 +1273,7 @@ class TestCertificateBuilder(object):
crl_issuer=[x509.DirectoryName(
x509.Name([
x509.NameAttribute(
- x509.OID_COMMON_NAME, u"cryptography CA"
+ NameOID.COMMON_NAME, u"cryptography CA"
),
])
)],
@@ -1297,9 +1300,9 @@ class TestCertificateBuilder(object):
builder = x509.CertificateBuilder().serial_number(
4444444
).issuer_name(x509.Name([
- x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Austin'),
+ x509.NameAttribute(NameOID.LOCALITY_NAME, u'Austin'),
])).subject_name(x509.Name([
- x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Austin'),
+ x509.NameAttribute(NameOID.LOCALITY_NAME, u'Austin'),
])).public_key(
subject_private_key.public_key()
).add_extension(
@@ -1314,7 +1317,7 @@ class TestCertificateBuilder(object):
cert = builder.sign(issuer_private_key, hashes.SHA1(), backend)
ext = cert.extensions.get_extension_for_oid(
- x509.OID_CRL_DISTRIBUTION_POINTS
+ ExtensionOID.CRL_DISTRIBUTION_POINTS
)
assert ext.critical is False
assert ext.value == cdp
@@ -1334,9 +1337,9 @@ class TestCertificateBuilder(object):
builder = x509.CertificateBuilder().serial_number(
777
).issuer_name(x509.Name([
- x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
+ x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'),
])).subject_name(x509.Name([
- x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
+ x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'),
])).public_key(
subject_private_key.public_key()
).add_extension(
@@ -1356,12 +1359,12 @@ class TestCertificateBuilder(object):
assert cert.not_valid_before == not_valid_before
assert cert.not_valid_after == not_valid_after
basic_constraints = cert.extensions.get_extension_for_oid(
- x509.OID_BASIC_CONSTRAINTS
+ ExtensionOID.BASIC_CONSTRAINTS
)
assert basic_constraints.value.ca is False
assert basic_constraints.value.path_length is None
subject_alternative_name = cert.extensions.get_extension_for_oid(
- x509.OID_SUBJECT_ALTERNATIVE_NAME
+ ExtensionOID.SUBJECT_ALTERNATIVE_NAME
)
assert list(subject_alternative_name.value) == [
x509.DNSName(u"cryptography.io"),
@@ -1383,9 +1386,9 @@ class TestCertificateBuilder(object):
builder = x509.CertificateBuilder().serial_number(
777
).issuer_name(x509.Name([
- x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
+ x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'),
])).subject_name(x509.Name([
- x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
+ x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'),
])).public_key(
subject_private_key.public_key()
).add_extension(
@@ -1405,12 +1408,12 @@ class TestCertificateBuilder(object):
assert cert.not_valid_before == not_valid_before
assert cert.not_valid_after == not_valid_after
basic_constraints = cert.extensions.get_extension_for_oid(
- x509.OID_BASIC_CONSTRAINTS
+ ExtensionOID.BASIC_CONSTRAINTS
)
assert basic_constraints.value.ca is False
assert basic_constraints.value.path_length is None
subject_alternative_name = cert.extensions.get_extension_for_oid(
- x509.OID_SUBJECT_ALTERNATIVE_NAME
+ ExtensionOID.SUBJECT_ALTERNATIVE_NAME
)
assert list(subject_alternative_name.value) == [
x509.DNSName(u"cryptography.io"),
@@ -1428,9 +1431,9 @@ class TestCertificateBuilder(object):
builder = x509.CertificateBuilder().serial_number(
777
).issuer_name(x509.Name([
- x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
+ x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'),
])).subject_name(x509.Name([
- x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
+ x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'),
])).public_key(
subject_private_key.public_key()
).not_valid_before(
@@ -1452,9 +1455,9 @@ class TestCertificateBuilder(object):
not_valid_after = datetime.datetime(2030, 12, 31, 8, 30)
cert = x509.CertificateBuilder().subject_name(
- x509.Name([x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US')])
+ x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, u'US')])
).issuer_name(
- x509.Name([x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US')])
+ x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, u'US')])
).not_valid_before(
not_valid_before
).not_valid_after(
@@ -1471,7 +1474,7 @@ class TestCertificateBuilder(object):
).sign(issuer_private_key, hashes.SHA256(), backend)
ext = cert.extensions.get_extension_for_oid(
- x509.OID_ISSUER_ALTERNATIVE_NAME
+ ExtensionOID.ISSUER_ALTERNATIVE_NAME
)
assert ext.critical is False
assert ext.value == x509.IssuerAlternativeName([
@@ -1489,9 +1492,9 @@ class TestCertificateBuilder(object):
not_valid_after = datetime.datetime(2030, 12, 31, 8, 30)
cert = x509.CertificateBuilder().subject_name(
- x509.Name([x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US')])
+ x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, u'US')])
).issuer_name(
- x509.Name([x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US')])
+ x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, u'US')])
).not_valid_before(
not_valid_before
).not_valid_after(
@@ -1502,20 +1505,20 @@ class TestCertificateBuilder(object):
123
).add_extension(
x509.ExtendedKeyUsage([
- x509.OID_CLIENT_AUTH,
- x509.OID_SERVER_AUTH,
- x509.OID_CODE_SIGNING,
+ ExtendedKeyUsageOID.CLIENT_AUTH,
+ ExtendedKeyUsageOID.SERVER_AUTH,
+ ExtendedKeyUsageOID.CODE_SIGNING,
]), critical=False
).sign(issuer_private_key, hashes.SHA256(), backend)
eku = cert.extensions.get_extension_for_oid(
- x509.OID_EXTENDED_KEY_USAGE
+ ExtensionOID.EXTENDED_KEY_USAGE
)
assert eku.critical is False
assert eku.value == x509.ExtendedKeyUsage([
- x509.OID_CLIENT_AUTH,
- x509.OID_SERVER_AUTH,
- x509.OID_CODE_SIGNING,
+ ExtendedKeyUsageOID.CLIENT_AUTH,
+ ExtendedKeyUsageOID.SERVER_AUTH,
+ ExtendedKeyUsageOID.CODE_SIGNING,
])
@pytest.mark.requires_backend_interface(interface=RSABackend)
@@ -1528,9 +1531,9 @@ class TestCertificateBuilder(object):
not_valid_after = datetime.datetime(2030, 12, 31, 8, 30)
cert = x509.CertificateBuilder().subject_name(
- x509.Name([x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US')])
+ x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, u'US')])
).issuer_name(
- x509.Name([x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US')])
+ x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, u'US')])
).not_valid_before(
not_valid_before
).not_valid_after(
@@ -1544,7 +1547,7 @@ class TestCertificateBuilder(object):
).sign(issuer_private_key, hashes.SHA256(), backend)
ext = cert.extensions.get_extension_for_oid(
- x509.OID_INHIBIT_ANY_POLICY
+ ExtensionOID.INHIBIT_ANY_POLICY
)
assert ext.value == x509.InhibitAnyPolicy(3)
@@ -1558,9 +1561,9 @@ class TestCertificateBuilder(object):
not_valid_after = datetime.datetime(2030, 12, 31, 8, 30)
cert = x509.CertificateBuilder().subject_name(
- x509.Name([x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US')])
+ x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, u'US')])
).issuer_name(
- x509.Name([x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US')])
+ x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, u'US')])
).not_valid_before(
not_valid_before
).not_valid_after(
@@ -1584,7 +1587,7 @@ class TestCertificateBuilder(object):
critical=False
).sign(issuer_private_key, hashes.SHA256(), backend)
- ext = cert.extensions.get_extension_for_oid(x509.OID_KEY_USAGE)
+ ext = cert.extensions.get_extension_for_oid(ExtensionOID.KEY_USAGE)
assert ext.critical is False
assert ext.value == x509.KeyUsage(
digital_signature=True,
@@ -1625,7 +1628,7 @@ class TestCertificateSigningRequestBuilder(object):
request = x509.CertificateSigningRequestBuilder().subject_name(
x509.Name([
- x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'PyCA'),
+ x509.NameAttribute(NameOID.ORGANIZATION_NAME, u'PyCA'),
])
).add_extension(
x509.BasicConstraints(ca=True, path_length=2), critical=True
@@ -1637,10 +1640,10 @@ class TestCertificateSigningRequestBuilder(object):
subject = request.subject
assert isinstance(subject, x509.Name)
assert list(subject) == [
- x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'PyCA'),
+ x509.NameAttribute(NameOID.ORGANIZATION_NAME, u'PyCA'),
]
basic_constraints = request.extensions.get_extension_for_oid(
- x509.OID_BASIC_CONSTRAINTS
+ ExtensionOID.BASIC_CONSTRAINTS
)
assert basic_constraints.value.ca is True
assert basic_constraints.value.path_length == 2
@@ -1651,7 +1654,7 @@ class TestCertificateSigningRequestBuilder(object):
request = x509.CertificateSigningRequestBuilder().subject_name(
x509.Name([
- x509.NameAttribute(x509.OID_ORGANIZATION_NAME,
+ x509.NameAttribute(NameOID.ORGANIZATION_NAME,
u'PyCA\U0001f37a'),
])
).add_extension(
@@ -1664,7 +1667,7 @@ class TestCertificateSigningRequestBuilder(object):
subject = loaded_request.subject
assert isinstance(subject, x509.Name)
assert list(subject) == [
- x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'PyCA\U0001f37a'),
+ x509.NameAttribute(NameOID.ORGANIZATION_NAME, u'PyCA\U0001f37a'),
]
@pytest.mark.requires_backend_interface(interface=RSABackend)
@@ -1673,7 +1676,7 @@ class TestCertificateSigningRequestBuilder(object):
request = x509.CertificateSigningRequestBuilder().subject_name(
x509.Name([
- x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
+ x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'),
])
).add_extension(
x509.BasicConstraints(ca=False, path_length=None), critical=True,
@@ -1685,10 +1688,10 @@ class TestCertificateSigningRequestBuilder(object):
subject = request.subject
assert isinstance(subject, x509.Name)
assert list(subject) == [
- x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
+ x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'),
]
basic_constraints = request.extensions.get_extension_for_oid(
- x509.OID_BASIC_CONSTRAINTS
+ ExtensionOID.BASIC_CONSTRAINTS
)
assert basic_constraints.value.ca is False
assert basic_constraints.value.path_length is None
@@ -1703,7 +1706,7 @@ class TestCertificateSigningRequestBuilder(object):
request = x509.CertificateSigningRequestBuilder().subject_name(
x509.Name([
- x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Texas'),
+ x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u'Texas'),
])
).add_extension(
x509.BasicConstraints(ca=True, path_length=2), critical=True
@@ -1715,10 +1718,10 @@ class TestCertificateSigningRequestBuilder(object):
subject = request.subject
assert isinstance(subject, x509.Name)
assert list(subject) == [
- x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Texas'),
+ x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u'Texas'),
]
basic_constraints = request.extensions.get_extension_for_oid(
- x509.OID_BASIC_CONSTRAINTS
+ ExtensionOID.BASIC_CONSTRAINTS
)
assert basic_constraints.value.ca is True
assert basic_constraints.value.path_length == 2
@@ -1732,7 +1735,7 @@ class TestCertificateSigningRequestBuilder(object):
request = x509.CertificateSigningRequestBuilder().subject_name(
x509.Name([
- x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
+ x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'),
])
).add_extension(
x509.BasicConstraints(ca=True, path_length=2), critical=True
@@ -1744,10 +1747,10 @@ class TestCertificateSigningRequestBuilder(object):
subject = request.subject
assert isinstance(subject, x509.Name)
assert list(subject) == [
- x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
+ x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'),
]
basic_constraints = request.extensions.get_extension_for_oid(
- x509.OID_BASIC_CONSTRAINTS
+ ExtensionOID.BASIC_CONSTRAINTS
)
assert basic_constraints.value.ca is True
assert basic_constraints.value.path_length == 2
@@ -1777,7 +1780,7 @@ class TestCertificateSigningRequestBuilder(object):
builder = x509.CertificateSigningRequestBuilder()
builder = builder.subject_name(
x509.Name([
- x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
+ x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'),
])
).add_extension(
x509.SubjectAlternativeName([x509.DNSName(u"cryptography.io")]),
@@ -1793,7 +1796,7 @@ class TestCertificateSigningRequestBuilder(object):
builder = x509.CertificateSigningRequestBuilder()
request = builder.subject_name(
x509.Name([
- x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
+ x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'),
])
).add_extension(
x509.KeyUsage(
@@ -1810,7 +1813,7 @@ class TestCertificateSigningRequestBuilder(object):
critical=False
).sign(private_key, hashes.SHA256(), backend)
assert len(request.extensions) == 1
- ext = request.extensions.get_extension_for_oid(x509.OID_KEY_USAGE)
+ ext = request.extensions.get_extension_for_oid(ExtensionOID.KEY_USAGE)
assert ext.critical is False
assert ext.value == x509.KeyUsage(
digital_signature=True,
@@ -1829,7 +1832,7 @@ class TestCertificateSigningRequestBuilder(object):
builder = x509.CertificateSigningRequestBuilder()
request = builder.subject_name(
x509.Name([
- x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
+ x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'),
])
).add_extension(
x509.KeyUsage(
@@ -1846,7 +1849,7 @@ class TestCertificateSigningRequestBuilder(object):
critical=False
).sign(private_key, hashes.SHA256(), backend)
assert len(request.extensions) == 1
- ext = request.extensions.get_extension_for_oid(x509.OID_KEY_USAGE)
+ ext = request.extensions.get_extension_for_oid(ExtensionOID.KEY_USAGE)
assert ext.critical is False
assert ext.value == x509.KeyUsage(
digital_signature=False,
@@ -1864,7 +1867,7 @@ class TestCertificateSigningRequestBuilder(object):
private_key = RSA_KEY_2048.private_key(backend)
builder = x509.CertificateSigningRequestBuilder()
request = builder.subject_name(
- x509.Name([x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US')])
+ x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, u'US')])
).add_extension(
x509.SubjectAlternativeName([x509.DNSName(u"cryptography.io")]),
critical=False,
@@ -1876,12 +1879,12 @@ class TestCertificateSigningRequestBuilder(object):
public_key = request.public_key()
assert isinstance(public_key, rsa.RSAPublicKey)
basic_constraints = request.extensions.get_extension_for_oid(
- x509.OID_BASIC_CONSTRAINTS
+ ExtensionOID.BASIC_CONSTRAINTS
)
assert basic_constraints.value.ca is True
assert basic_constraints.value.path_length == 2
ext = request.extensions.get_extension_for_oid(
- x509.OID_SUBJECT_ALTERNATIVE_NAME
+ ExtensionOID.SUBJECT_ALTERNATIVE_NAME
)
assert list(ext.value) == [x509.DNSName(u"cryptography.io")]
@@ -1889,13 +1892,13 @@ class TestCertificateSigningRequestBuilder(object):
builder = x509.CertificateSigningRequestBuilder()
builder = builder.subject_name(
x509.Name([
- x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
+ x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'),
])
)
with pytest.raises(ValueError):
builder.subject_name(
x509.Name([
- x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
+ x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'),
])
)
@@ -1904,7 +1907,7 @@ class TestCertificateSigningRequestBuilder(object):
csr = x509.CertificateSigningRequestBuilder().subject_name(
x509.Name([
- x509.NameAttribute(x509.OID_COMMON_NAME, u"SAN"),
+ x509.NameAttribute(NameOID.COMMON_NAME, u"SAN"),
])
).add_extension(
x509.SubjectAlternativeName([
@@ -1912,9 +1915,9 @@ class TestCertificateSigningRequestBuilder(object):
x509.DNSName(u"*.example.com"),
x509.RegisteredID(x509.ObjectIdentifier("1.2.3.4.5.6.7")),
x509.DirectoryName(x509.Name([
- x509.NameAttribute(x509.OID_COMMON_NAME, u'PyCA'),
+ x509.NameAttribute(NameOID.COMMON_NAME, u'PyCA'),
x509.NameAttribute(
- x509.OID_ORGANIZATION_NAME, u'We heart UTF8!\u2122'
+ NameOID.ORGANIZATION_NAME, u'We heart UTF8!\u2122'
)
])),
x509.IPAddress(ipaddress.ip_address(u"127.0.0.1")),
@@ -1938,18 +1941,18 @@ class TestCertificateSigningRequestBuilder(object):
assert len(csr.extensions) == 1
ext = csr.extensions.get_extension_for_oid(
- x509.OID_SUBJECT_ALTERNATIVE_NAME
+ ExtensionOID.SUBJECT_ALTERNATIVE_NAME
)
assert not ext.critical
- assert ext.oid == x509.OID_SUBJECT_ALTERNATIVE_NAME
+ assert ext.oid == ExtensionOID.SUBJECT_ALTERNATIVE_NAME
assert list(ext.value) == [
x509.DNSName(u"example.com"),
x509.DNSName(u"*.example.com"),
x509.RegisteredID(x509.ObjectIdentifier("1.2.3.4.5.6.7")),
x509.DirectoryName(x509.Name([
- x509.NameAttribute(x509.OID_COMMON_NAME, u'PyCA'),
+ x509.NameAttribute(NameOID.COMMON_NAME, u'PyCA'),
x509.NameAttribute(
- x509.OID_ORGANIZATION_NAME, u'We heart UTF8!\u2122'
+ NameOID.ORGANIZATION_NAME, u'We heart UTF8!\u2122'
),
])),
x509.IPAddress(ipaddress.ip_address(u"127.0.0.1")),
@@ -1974,7 +1977,7 @@ class TestCertificateSigningRequestBuilder(object):
builder = x509.CertificateSigningRequestBuilder().subject_name(
x509.Name([
- x509.NameAttribute(x509.OID_COMMON_NAME, u"SAN"),
+ x509.NameAttribute(NameOID.COMMON_NAME, u"SAN"),
])
).add_extension(
x509.SubjectAlternativeName([
@@ -1993,7 +1996,7 @@ class TestCertificateSigningRequestBuilder(object):
builder = x509.CertificateSigningRequestBuilder().subject_name(
x509.Name([
- x509.NameAttribute(x509.OID_COMMON_NAME, u"SAN"),
+ x509.NameAttribute(NameOID.COMMON_NAME, u"SAN"),
])
).add_extension(
x509.SubjectAlternativeName([FakeGeneralName("")]),
@@ -2007,23 +2010,23 @@ class TestCertificateSigningRequestBuilder(object):
private_key = RSA_KEY_2048.private_key(backend)
builder = x509.CertificateSigningRequestBuilder()
request = builder.subject_name(
- x509.Name([x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US')])
+ x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, u'US')])
).add_extension(
x509.ExtendedKeyUsage([
- x509.OID_CLIENT_AUTH,
- x509.OID_SERVER_AUTH,
- x509.OID_CODE_SIGNING,
+ ExtendedKeyUsageOID.CLIENT_AUTH,
+ ExtendedKeyUsageOID.SERVER_AUTH,
+ ExtendedKeyUsageOID.CODE_SIGNING,
]), critical=False
).sign(private_key, hashes.SHA256(), backend)
eku = request.extensions.get_extension_for_oid(
- x509.OID_EXTENDED_KEY_USAGE
+ ExtensionOID.EXTENDED_KEY_USAGE
)
assert eku.critical is False
assert eku.value == x509.ExtendedKeyUsage([
- x509.OID_CLIENT_AUTH,
- x509.OID_SERVER_AUTH,
- x509.OID_CODE_SIGNING,
+ ExtendedKeyUsageOID.CLIENT_AUTH,
+ ExtendedKeyUsageOID.SERVER_AUTH,
+ ExtendedKeyUsageOID.CODE_SIGNING,
])
@pytest.mark.requires_backend_interface(interface=RSABackend)
@@ -2031,7 +2034,7 @@ class TestCertificateSigningRequestBuilder(object):
private_key = rsa.generate_private_key(65537, 512, backend)
builder = x509.CertificateSigningRequestBuilder()
builder = builder.subject_name(
- x509.Name([x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US')])
+ x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, u'US')])
)
with pytest.raises(ValueError) as exc:
@@ -2050,11 +2053,11 @@ class TestCertificateSigningRequestBuilder(object):
aia = x509.AuthorityInformationAccess([
x509.AccessDescription(
- x509.OID_OCSP,
+ AuthorityInformationAccessOID.OCSP,
x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
),
x509.AccessDescription(
- x509.OID_CA_ISSUERS,
+ AuthorityInformationAccessOID.CA_ISSUERS,
x509.UniformResourceIdentifier(u"http://domain.com/ca.crt")
)
])
@@ -2062,9 +2065,9 @@ class TestCertificateSigningRequestBuilder(object):
builder = x509.CertificateBuilder().serial_number(
777
).issuer_name(x509.Name([
- x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
+ x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'),
])).subject_name(x509.Name([
- x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
+ x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'),
])).public_key(
subject_private_key.public_key()
).add_extension(
@@ -2078,7 +2081,7 @@ class TestCertificateSigningRequestBuilder(object):
cert = builder.sign(issuer_private_key, hashes.SHA1(), backend)
ext = cert.extensions.get_extension_for_oid(
- x509.OID_AUTHORITY_INFORMATION_ACCESS
+ ExtensionOID.AUTHORITY_INFORMATION_ACCESS
)
assert ext.value == aia
@@ -2098,9 +2101,9 @@ class TestCertificateSigningRequestBuilder(object):
builder = x509.CertificateBuilder().serial_number(
777
).issuer_name(x509.Name([
- x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
+ x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'),
])).subject_name(x509.Name([
- x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
+ x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'),
])).public_key(
subject_private_key.public_key()
).add_extension(
@@ -2114,7 +2117,7 @@ class TestCertificateSigningRequestBuilder(object):
cert = builder.sign(issuer_private_key, hashes.SHA1(), backend)
ext = cert.extensions.get_extension_for_oid(
- x509.OID_SUBJECT_KEY_IDENTIFIER
+ ExtensionOID.SUBJECT_KEY_IDENTIFIER
)
assert ext.value == ski
@@ -2134,10 +2137,10 @@ class TestCertificateSigningRequestBuilder(object):
x509.DirectoryName(
x509.Name([
x509.NameAttribute(
- x509.OID_ORGANIZATION_NAME, u"PyCA"
+ NameOID.ORGANIZATION_NAME, u"PyCA"
),
x509.NameAttribute(
- x509.OID_COMMON_NAME, u"cryptography CA"
+ NameOID.COMMON_NAME, u"cryptography CA"
)
])
)
@@ -2150,10 +2153,10 @@ class TestCertificateSigningRequestBuilder(object):
x509.DirectoryName(
x509.Name([
x509.NameAttribute(
- x509.OID_ORGANIZATION_NAME, u"PyCA"
+ NameOID.ORGANIZATION_NAME, u"PyCA"
),
x509.NameAttribute(
- x509.OID_COMMON_NAME, u"cryptography CA"
+ NameOID.COMMON_NAME, u"cryptography CA"
)
])
)
@@ -2174,9 +2177,9 @@ class TestCertificateSigningRequestBuilder(object):
builder = x509.CertificateBuilder().serial_number(
777
).issuer_name(x509.Name([
- x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
+ x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'),
])).subject_name(x509.Name([
- x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
+ x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'),
])).public_key(
subject_private_key.public_key()
).add_extension(
@@ -2190,7 +2193,7 @@ class TestCertificateSigningRequestBuilder(object):
cert = builder.sign(issuer_private_key, hashes.SHA256(), backend)
ext = cert.extensions.get_extension_for_oid(
- x509.OID_AUTHORITY_KEY_IDENTIFIER
+ ExtensionOID.AUTHORITY_KEY_IDENTIFIER
)
assert ext.value == aki
@@ -2204,9 +2207,9 @@ class TestCertificateSigningRequestBuilder(object):
builder = x509.CertificateBuilder().serial_number(
777
).issuer_name(x509.Name([
- x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
+ x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'),
])).subject_name(x509.Name([
- x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
+ x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'),
])).public_key(
subject_private_key.public_key()
).add_extension(
@@ -2220,7 +2223,7 @@ class TestCertificateSigningRequestBuilder(object):
cert = builder.sign(issuer_private_key, hashes.SHA256(), backend)
ext = cert.extensions.get_extension_for_oid(
- x509.OID_OCSP_NO_CHECK
+ ExtensionOID.OCSP_NO_CHECK
)
assert isinstance(ext.value, x509.OCSPNoCheck)
@@ -2296,11 +2299,11 @@ class TestDSACertificate(object):
subject = request.subject
assert isinstance(subject, x509.Name)
assert list(subject) == [
- x509.NameAttribute(x509.OID_COMMON_NAME, u'cryptography.io'),
- x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'PyCA'),
- x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
- x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Texas'),
- x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Austin'),
+ x509.NameAttribute(NameOID.COMMON_NAME, u'cryptography.io'),
+ x509.NameAttribute(NameOID.ORGANIZATION_NAME, u'PyCA'),
+ x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'),
+ x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u'Texas'),
+ x509.NameAttribute(NameOID.LOCALITY_NAME, u'Austin'),
]
@@ -2360,11 +2363,11 @@ class TestECDSACertificate(object):
subject = request.subject
assert isinstance(subject, x509.Name)
assert list(subject) == [
- x509.NameAttribute(x509.OID_COMMON_NAME, u'cryptography.io'),
- x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'PyCA'),
- x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
- x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Texas'),
- x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Austin'),
+ x509.NameAttribute(NameOID.COMMON_NAME, u'cryptography.io'),
+ x509.NameAttribute(NameOID.ORGANIZATION_NAME, u'PyCA'),
+ x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'),
+ x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u'Texas'),
+ x509.NameAttribute(NameOID.LOCALITY_NAME, u'Austin'),
]
@@ -2460,8 +2463,8 @@ class TestName(object):
def test_repr(self):
name = x509.Name([
- x509.NameAttribute(x509.OID_COMMON_NAME, u'cryptography.io'),
- x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'PyCA'),
+ x509.NameAttribute(NameOID.COMMON_NAME, u'cryptography.io'),
+ x509.NameAttribute(NameOID.ORGANIZATION_NAME, u'PyCA'),
])
if six.PY3:
diff --git a/tests/test_x509_ext.py b/tests/test_x509_ext.py
index 40231b93..2c5438a9 100644
--- a/tests/test_x509_ext.py
+++ b/tests/test_x509_ext.py
@@ -17,6 +17,9 @@ from cryptography.hazmat.backends.interfaces import (
DSABackend, EllipticCurveBackend, RSABackend, X509Backend
)
from cryptography.hazmat.primitives.asymmetric import ec
+from cryptography.x509.oid import (
+ AuthorityInformationAccessOID, ExtendedKeyUsageOID, ExtensionOID, NameOID
+)
from .hazmat.primitives.test_ec import _skip_curve_unsupported
from .test_x509 import _load_cert
@@ -31,11 +34,11 @@ class TestExtension(object):
def test_critical_not_a_bool(self):
bc = x509.BasicConstraints(ca=False, path_length=None)
with pytest.raises(TypeError):
- x509.Extension(x509.OID_BASIC_CONSTRAINTS, "notabool", bc)
+ x509.Extension(ExtensionOID.BASIC_CONSTRAINTS, "notabool", bc)
def test_repr(self):
bc = x509.BasicConstraints(ca=False, path_length=None)
- ext = x509.Extension(x509.OID_BASIC_CONSTRAINTS, True, bc)
+ ext = x509.Extension(ExtensionOID.BASIC_CONSTRAINTS, True, bc)
assert repr(ext) == (
"<Extension(oid=<ObjectIdentifier(oid=2.5.29.19, name=basicConst"
"raints)>, critical=True, value=<BasicConstraints(ca=False, path"
@@ -277,7 +280,7 @@ class TestCertificatePoliciesExtension(object):
)
cp = cert.extensions.get_extension_for_oid(
- x509.OID_CERTIFICATE_POLICIES
+ ExtensionOID.CERTIFICATE_POLICIES
).value
assert cp == x509.CertificatePolicies([
@@ -297,7 +300,7 @@ class TestCertificatePoliciesExtension(object):
)
cp = cert.extensions.get_extension_for_oid(
- x509.OID_CERTIFICATE_POLICIES
+ ExtensionOID.CERTIFICATE_POLICIES
).value
assert cp == x509.CertificatePolicies([
@@ -324,7 +327,7 @@ class TestCertificatePoliciesExtension(object):
)
cp = cert.extensions.get_extension_for_oid(
- x509.OID_CERTIFICATE_POLICIES
+ ExtensionOID.CERTIFICATE_POLICIES
).value
assert cp == x509.CertificatePolicies([
@@ -344,7 +347,7 @@ class TestCertificatePoliciesExtension(object):
)
cp = cert.extensions.get_extension_for_oid(
- x509.OID_CERTIFICATE_POLICIES
+ ExtensionOID.CERTIFICATE_POLICIES
).value
assert cp == x509.CertificatePolicies([
@@ -556,7 +559,7 @@ class TestSubjectKeyIdentifier(object):
ski = x509.SubjectKeyIdentifier(
binascii.unhexlify(b"092384932230498bc980aa8098456f6ff7ff3ac9")
)
- ext = x509.Extension(x509.OID_SUBJECT_KEY_IDENTIFIER, False, ski)
+ ext = x509.Extension(ExtensionOID.SUBJECT_KEY_IDENTIFIER, False, ski)
if six.PY3:
assert repr(ext) == (
"<Extension(oid=<ObjectIdentifier(oid=2.5.29.14, name=subjectK"
@@ -629,7 +632,7 @@ class TestAuthorityKeyIdentifier(object):
def test_repr(self):
dirname = x509.DirectoryName(
- x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, u'myCN')])
+ x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, u'myCN')])
)
aki = x509.AuthorityKeyIdentifier(b"digest", [dirname], 1234)
@@ -650,21 +653,21 @@ class TestAuthorityKeyIdentifier(object):
def test_eq(self):
dirname = x509.DirectoryName(
- x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, u'myCN')])
+ x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, u'myCN')])
)
aki = x509.AuthorityKeyIdentifier(b"digest", [dirname], 1234)
dirname2 = x509.DirectoryName(
- x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, u'myCN')])
+ x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, u'myCN')])
)
aki2 = x509.AuthorityKeyIdentifier(b"digest", [dirname2], 1234)
assert aki == aki2
def test_ne(self):
dirname = x509.DirectoryName(
- x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, u'myCN')])
+ x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, u'myCN')])
)
dirname5 = x509.DirectoryName(
- x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, u'aCN')])
+ x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, u'aCN')])
)
aki = x509.AuthorityKeyIdentifier(b"digest", [dirname], 1234)
aki2 = x509.AuthorityKeyIdentifier(b"diges", [dirname], 1234)
@@ -730,8 +733,8 @@ class TestExtendedKeyUsage(object):
])
assert len(eku) == 2
assert list(eku) == [
- x509.OID_SERVER_AUTH,
- x509.OID_CLIENT_AUTH
+ ExtendedKeyUsageOID.SERVER_AUTH,
+ ExtendedKeyUsageOID.CLIENT_AUTH
]
def test_repr(self):
@@ -774,9 +777,9 @@ class TestExtensions(object):
assert len(ext) == 0
assert list(ext) == []
with pytest.raises(x509.ExtensionNotFound) as exc:
- ext.get_extension_for_oid(x509.OID_BASIC_CONSTRAINTS)
+ ext.get_extension_for_oid(ExtensionOID.BASIC_CONSTRAINTS)
- assert exc.value.oid == x509.OID_BASIC_CONSTRAINTS
+ assert exc.value.oid == ExtensionOID.BASIC_CONSTRAINTS
def test_one_extension(self, backend):
cert = _load_cert(
@@ -787,7 +790,7 @@ class TestExtensions(object):
backend
)
extensions = cert.extensions
- ext = extensions.get_extension_for_oid(x509.OID_BASIC_CONSTRAINTS)
+ ext = extensions.get_extension_for_oid(ExtensionOID.BASIC_CONSTRAINTS)
assert ext is not None
assert ext.value.ca is False
@@ -802,7 +805,7 @@ class TestExtensions(object):
with pytest.raises(x509.DuplicateExtension) as exc:
cert.extensions
- assert exc.value.oid == x509.OID_BASIC_CONSTRAINTS
+ assert exc.value.oid == ExtensionOID.BASIC_CONSTRAINTS
def test_unsupported_critical_extension(self, backend):
cert = _load_cert(
@@ -842,7 +845,7 @@ class TestBasicConstraintsExtension(object):
backend
)
ext = cert.extensions.get_extension_for_oid(
- x509.OID_BASIC_CONSTRAINTS
+ ExtensionOID.BASIC_CONSTRAINTS
)
assert ext is not None
assert ext.critical is True
@@ -856,7 +859,7 @@ class TestBasicConstraintsExtension(object):
backend
)
ext = cert.extensions.get_extension_for_oid(
- x509.OID_BASIC_CONSTRAINTS
+ ExtensionOID.BASIC_CONSTRAINTS
)
assert ext is not None
assert ext.critical is True
@@ -870,7 +873,7 @@ class TestBasicConstraintsExtension(object):
backend
)
ext = cert.extensions.get_extension_for_oid(
- x509.OID_BASIC_CONSTRAINTS
+ ExtensionOID.BASIC_CONSTRAINTS
)
assert ext is not None
assert ext.critical is True
@@ -884,7 +887,7 @@ class TestBasicConstraintsExtension(object):
backend
)
ext = cert.extensions.get_extension_for_oid(
- x509.OID_BASIC_CONSTRAINTS
+ ExtensionOID.BASIC_CONSTRAINTS
)
assert ext is not None
assert ext.critical is True
@@ -903,7 +906,9 @@ class TestBasicConstraintsExtension(object):
backend
)
with pytest.raises(x509.ExtensionNotFound):
- cert.extensions.get_extension_for_oid(x509.OID_BASIC_CONSTRAINTS)
+ cert.extensions.get_extension_for_oid(
+ ExtensionOID.BASIC_CONSTRAINTS
+ )
def test_basic_constraint_not_critical(self, backend):
cert = _load_cert(
@@ -914,7 +919,7 @@ class TestBasicConstraintsExtension(object):
backend
)
ext = cert.extensions.get_extension_for_oid(
- x509.OID_BASIC_CONSTRAINTS
+ ExtensionOID.BASIC_CONSTRAINTS
)
assert ext is not None
assert ext.critical is False
@@ -931,7 +936,7 @@ class TestSubjectKeyIdentifierExtension(object):
backend
)
ext = cert.extensions.get_extension_for_oid(
- x509.OID_SUBJECT_KEY_IDENTIFIER
+ ExtensionOID.SUBJECT_KEY_IDENTIFIER
)
ski = ext.value
assert ext is not None
@@ -950,7 +955,7 @@ class TestSubjectKeyIdentifierExtension(object):
)
with pytest.raises(x509.ExtensionNotFound):
cert.extensions.get_extension_for_oid(
- x509.OID_SUBJECT_KEY_IDENTIFIER
+ ExtensionOID.SUBJECT_KEY_IDENTIFIER
)
@pytest.mark.requires_backend_interface(interface=RSABackend)
@@ -962,7 +967,7 @@ class TestSubjectKeyIdentifierExtension(object):
backend
)
ext = cert.extensions.get_extension_for_oid(
- x509.OID_SUBJECT_KEY_IDENTIFIER
+ ExtensionOID.SUBJECT_KEY_IDENTIFIER
)
ski = x509.SubjectKeyIdentifier.from_public_key(
cert.public_key()
@@ -979,7 +984,7 @@ class TestSubjectKeyIdentifierExtension(object):
)
ext = cert.extensions.get_extension_for_oid(
- x509.OID_SUBJECT_KEY_IDENTIFIER
+ ExtensionOID.SUBJECT_KEY_IDENTIFIER
)
ski = x509.SubjectKeyIdentifier.from_public_key(
cert.public_key()
@@ -997,7 +1002,7 @@ class TestSubjectKeyIdentifierExtension(object):
)
ext = cert.extensions.get_extension_for_oid(
- x509.OID_SUBJECT_KEY_IDENTIFIER
+ ExtensionOID.SUBJECT_KEY_IDENTIFIER
)
ski = x509.SubjectKeyIdentifier.from_public_key(
cert.public_key()
@@ -1016,9 +1021,9 @@ class TestKeyUsageExtension(object):
)
ext = cert.extensions
with pytest.raises(x509.ExtensionNotFound) as exc:
- ext.get_extension_for_oid(x509.OID_KEY_USAGE)
+ ext.get_extension_for_oid(ExtensionOID.KEY_USAGE)
- assert exc.value.oid == x509.OID_KEY_USAGE
+ assert exc.value.oid == ExtensionOID.KEY_USAGE
def test_all_purposes(self, backend):
cert = _load_cert(
@@ -1029,7 +1034,7 @@ class TestKeyUsageExtension(object):
backend
)
extensions = cert.extensions
- ext = extensions.get_extension_for_oid(x509.OID_KEY_USAGE)
+ ext = extensions.get_extension_for_oid(ExtensionOID.KEY_USAGE)
assert ext is not None
ku = ext.value
@@ -1051,7 +1056,7 @@ class TestKeyUsageExtension(object):
x509.load_der_x509_certificate,
backend
)
- ext = cert.extensions.get_extension_for_oid(x509.OID_KEY_USAGE)
+ ext = cert.extensions.get_extension_for_oid(ExtensionOID.KEY_USAGE)
assert ext is not None
assert ext.critical is True
@@ -1105,7 +1110,7 @@ class TestDirectoryName(object):
x509.DirectoryName(1.3)
def test_repr(self):
- name = x509.Name([x509.NameAttribute(x509.OID_COMMON_NAME, u'value1')])
+ name = x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, u'value1')])
gn = x509.DirectoryName(x509.Name([name]))
if six.PY3:
assert repr(gn) == (
@@ -1203,20 +1208,20 @@ class TestRegisteredID(object):
x509.RegisteredID(1.3)
def test_repr(self):
- gn = x509.RegisteredID(x509.OID_COMMON_NAME)
+ gn = x509.RegisteredID(NameOID.COMMON_NAME)
assert repr(gn) == (
"<RegisteredID(value=<ObjectIdentifier(oid=2.5.4.3, name=commonNam"
"e)>)>"
)
def test_eq(self):
- gn = x509.RegisteredID(x509.OID_COMMON_NAME)
- gn2 = x509.RegisteredID(x509.OID_COMMON_NAME)
+ gn = x509.RegisteredID(NameOID.COMMON_NAME)
+ gn2 = x509.RegisteredID(NameOID.COMMON_NAME)
assert gn == gn2
def test_ne(self):
- gn = x509.RegisteredID(x509.OID_COMMON_NAME)
- gn2 = x509.RegisteredID(x509.OID_BASIC_CONSTRAINTS)
+ gn = x509.RegisteredID(NameOID.COMMON_NAME)
+ gn2 = x509.RegisteredID(ExtensionOID.BASIC_CONSTRAINTS)
assert gn != gn2
assert gn != object()
@@ -1424,7 +1429,7 @@ class TestRSAIssuerAlternativeNameExtension(object):
backend,
)
ext = cert.extensions.get_extension_for_oid(
- x509.OID_ISSUER_ALTERNATIVE_NAME
+ ExtensionOID.ISSUER_ALTERNATIVE_NAME
)
assert list(ext.value) == [
x509.UniformResourceIdentifier(u"http://path.to.root/root.crt"),
@@ -1497,7 +1502,7 @@ class TestRSASubjectAlternativeNameExtension(object):
backend
)
ext = cert.extensions.get_extension_for_oid(
- x509.OID_SUBJECT_ALTERNATIVE_NAME
+ ExtensionOID.SUBJECT_ALTERNATIVE_NAME
)
assert ext is not None
assert ext.critical is False
@@ -1514,7 +1519,7 @@ class TestRSASubjectAlternativeNameExtension(object):
backend
)
ext = cert.extensions.get_extension_for_oid(
- x509.OID_SUBJECT_ALTERNATIVE_NAME
+ ExtensionOID.SUBJECT_ALTERNATIVE_NAME
)
dns = ext.value.get_values_for_type(x509.DNSName)
@@ -1532,7 +1537,7 @@ class TestRSASubjectAlternativeNameExtension(object):
backend
)
ext = cert.extensions.get_extension_for_oid(
- x509.OID_SUBJECT_ALTERNATIVE_NAME
+ ExtensionOID.SUBJECT_ALTERNATIVE_NAME
)
dns = ext.value.get_values_for_type(x509.DNSName)
@@ -1558,7 +1563,7 @@ class TestRSASubjectAlternativeNameExtension(object):
backend
)
ext = cert.extensions.get_extension_for_oid(
- x509.OID_SUBJECT_ALTERNATIVE_NAME
+ ExtensionOID.SUBJECT_ALTERNATIVE_NAME
)
assert ext is not None
assert ext.critical is False
@@ -1576,7 +1581,7 @@ class TestRSASubjectAlternativeNameExtension(object):
backend
)
ext = cert.extensions.get_extension_for_oid(
- x509.OID_SUBJECT_ALTERNATIVE_NAME
+ ExtensionOID.SUBJECT_ALTERNATIVE_NAME
)
assert ext is not None
uri = ext.value.get_values_for_type(
@@ -1597,7 +1602,7 @@ class TestRSASubjectAlternativeNameExtension(object):
backend
)
ext = cert.extensions.get_extension_for_oid(
- x509.OID_SUBJECT_ALTERNATIVE_NAME
+ ExtensionOID.SUBJECT_ALTERNATIVE_NAME
)
assert ext is not None
assert ext.critical is False
@@ -1619,7 +1624,7 @@ class TestRSASubjectAlternativeNameExtension(object):
backend
)
ext = cert.extensions.get_extension_for_oid(
- x509.OID_SUBJECT_ALTERNATIVE_NAME
+ ExtensionOID.SUBJECT_ALTERNATIVE_NAME
)
assert ext is not None
assert ext.critical is False
@@ -1629,9 +1634,9 @@ class TestRSASubjectAlternativeNameExtension(object):
dirname = san.get_values_for_type(x509.DirectoryName)
assert [
x509.Name([
- x509.NameAttribute(x509.OID_COMMON_NAME, u'test'),
- x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'Org'),
- x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Texas'),
+ x509.NameAttribute(NameOID.COMMON_NAME, u'test'),
+ x509.NameAttribute(NameOID.ORGANIZATION_NAME, u'Org'),
+ x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u'Texas'),
])
] == dirname
@@ -1644,7 +1649,7 @@ class TestRSASubjectAlternativeNameExtension(object):
backend
)
ext = cert.extensions.get_extension_for_oid(
- x509.OID_SUBJECT_ALTERNATIVE_NAME
+ ExtensionOID.SUBJECT_ALTERNATIVE_NAME
)
assert ext is not None
assert ext.critical is False
@@ -1674,7 +1679,7 @@ class TestRSASubjectAlternativeNameExtension(object):
backend
)
ext = cert.extensions.get_extension_for_oid(
- x509.OID_SUBJECT_ALTERNATIVE_NAME
+ ExtensionOID.SUBJECT_ALTERNATIVE_NAME
)
assert ext is not None
rfc822_name = ext.value.get_values_for_type(x509.RFC822Name)
@@ -1693,7 +1698,7 @@ class TestRSASubjectAlternativeNameExtension(object):
backend
)
ext = cert.extensions.get_extension_for_oid(
- x509.OID_SUBJECT_ALTERNATIVE_NAME
+ ExtensionOID.SUBJECT_ALTERNATIVE_NAME
)
assert ext is not None
assert ext.critical is False
@@ -1710,9 +1715,9 @@ class TestRSASubjectAlternativeNameExtension(object):
assert [u"cryptography.io"] == dns
assert [
x509.Name([
- x509.NameAttribute(x509.OID_COMMON_NAME, u'dirCN'),
+ x509.NameAttribute(NameOID.COMMON_NAME, u'dirCN'),
x509.NameAttribute(
- x509.OID_ORGANIZATION_NAME, u'Cryptographic Authority'
+ NameOID.ORGANIZATION_NAME, u'Cryptographic Authority'
),
])
] == dirname
@@ -1744,7 +1749,7 @@ class TestRSASubjectAlternativeNameExtension(object):
)
ext = cert.extensions.get_extension_for_oid(
- x509.OID_SUBJECT_ALTERNATIVE_NAME
+ ExtensionOID.SUBJECT_ALTERNATIVE_NAME
)
assert ext is not None
assert ext.critical is False
@@ -1770,7 +1775,7 @@ class TestExtendedKeyUsageExtension(object):
backend
)
ext = cert.extensions.get_extension_for_oid(
- x509.OID_EXTENDED_KEY_USAGE
+ ExtensionOID.EXTENDED_KEY_USAGE
)
assert ext is not None
assert ext.critical is False
@@ -1794,11 +1799,13 @@ class TestAccessDescription(object):
def test_invalid_access_location(self):
with pytest.raises(TypeError):
- x509.AccessDescription(x509.OID_CA_ISSUERS, "invalid")
+ x509.AccessDescription(
+ AuthorityInformationAccessOID.CA_ISSUERS, "invalid"
+ )
def test_repr(self):
ad = x509.AccessDescription(
- x509.OID_OCSP,
+ AuthorityInformationAccessOID.OCSP,
x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
)
assert repr(ad) == (
@@ -1809,26 +1816,26 @@ class TestAccessDescription(object):
def test_eq(self):
ad = x509.AccessDescription(
- x509.OID_OCSP,
+ AuthorityInformationAccessOID.OCSP,
x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
)
ad2 = x509.AccessDescription(
- x509.OID_OCSP,
+ AuthorityInformationAccessOID.OCSP,
x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
)
assert ad == ad2
def test_ne(self):
ad = x509.AccessDescription(
- x509.OID_OCSP,
+ AuthorityInformationAccessOID.OCSP,
x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
)
ad2 = x509.AccessDescription(
- x509.OID_CA_ISSUERS,
+ AuthorityInformationAccessOID.CA_ISSUERS,
x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
)
ad3 = x509.AccessDescription(
- x509.OID_OCSP,
+ AuthorityInformationAccessOID.OCSP,
x509.UniformResourceIdentifier(u"http://notthesame")
)
assert ad != ad2
@@ -1844,22 +1851,22 @@ class TestAuthorityInformationAccess(object):
def test_iter_len(self):
aia = x509.AuthorityInformationAccess([
x509.AccessDescription(
- x509.OID_OCSP,
+ AuthorityInformationAccessOID.OCSP,
x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
),
x509.AccessDescription(
- x509.OID_CA_ISSUERS,
+ AuthorityInformationAccessOID.CA_ISSUERS,
x509.UniformResourceIdentifier(u"http://domain.com/ca.crt")
)
])
assert len(aia) == 2
assert list(aia) == [
x509.AccessDescription(
- x509.OID_OCSP,
+ AuthorityInformationAccessOID.OCSP,
x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
),
x509.AccessDescription(
- x509.OID_CA_ISSUERS,
+ AuthorityInformationAccessOID.CA_ISSUERS,
x509.UniformResourceIdentifier(u"http://domain.com/ca.crt")
)
]
@@ -1867,11 +1874,11 @@ class TestAuthorityInformationAccess(object):
def test_repr(self):
aia = x509.AuthorityInformationAccess([
x509.AccessDescription(
- x509.OID_OCSP,
+ AuthorityInformationAccessOID.OCSP,
x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
),
x509.AccessDescription(
- x509.OID_CA_ISSUERS,
+ AuthorityInformationAccessOID.CA_ISSUERS,
x509.UniformResourceIdentifier(u"http://domain.com/ca.crt")
)
])
@@ -1887,21 +1894,21 @@ class TestAuthorityInformationAccess(object):
def test_eq(self):
aia = x509.AuthorityInformationAccess([
x509.AccessDescription(
- x509.OID_OCSP,
+ AuthorityInformationAccessOID.OCSP,
x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
),
x509.AccessDescription(
- x509.OID_CA_ISSUERS,
+ AuthorityInformationAccessOID.CA_ISSUERS,
x509.UniformResourceIdentifier(u"http://domain.com/ca.crt")
)
])
aia2 = x509.AuthorityInformationAccess([
x509.AccessDescription(
- x509.OID_OCSP,
+ AuthorityInformationAccessOID.OCSP,
x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
),
x509.AccessDescription(
- x509.OID_CA_ISSUERS,
+ AuthorityInformationAccessOID.CA_ISSUERS,
x509.UniformResourceIdentifier(u"http://domain.com/ca.crt")
)
])
@@ -1910,17 +1917,17 @@ class TestAuthorityInformationAccess(object):
def test_ne(self):
aia = x509.AuthorityInformationAccess([
x509.AccessDescription(
- x509.OID_OCSP,
+ AuthorityInformationAccessOID.OCSP,
x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
),
x509.AccessDescription(
- x509.OID_CA_ISSUERS,
+ AuthorityInformationAccessOID.CA_ISSUERS,
x509.UniformResourceIdentifier(u"http://domain.com/ca.crt")
)
])
aia2 = x509.AuthorityInformationAccess([
x509.AccessDescription(
- x509.OID_OCSP,
+ AuthorityInformationAccessOID.OCSP,
x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
),
])
@@ -1939,18 +1946,18 @@ class TestAuthorityInformationAccessExtension(object):
backend
)
ext = cert.extensions.get_extension_for_oid(
- x509.OID_AUTHORITY_INFORMATION_ACCESS
+ ExtensionOID.AUTHORITY_INFORMATION_ACCESS
)
assert ext is not None
assert ext.critical is False
assert ext.value == x509.AuthorityInformationAccess([
x509.AccessDescription(
- x509.OID_OCSP,
+ AuthorityInformationAccessOID.OCSP,
x509.UniformResourceIdentifier(u"http://gv.symcd.com")
),
x509.AccessDescription(
- x509.OID_CA_ISSUERS,
+ AuthorityInformationAccessOID.CA_ISSUERS,
x509.UniformResourceIdentifier(u"http://gv.symcb.com/gv.crt")
),
])
@@ -1962,25 +1969,25 @@ class TestAuthorityInformationAccessExtension(object):
backend
)
ext = cert.extensions.get_extension_for_oid(
- x509.OID_AUTHORITY_INFORMATION_ACCESS
+ ExtensionOID.AUTHORITY_INFORMATION_ACCESS
)
assert ext is not None
assert ext.critical is False
assert ext.value == x509.AuthorityInformationAccess([
x509.AccessDescription(
- x509.OID_OCSP,
+ AuthorityInformationAccessOID.OCSP,
x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
),
x509.AccessDescription(
- x509.OID_OCSP,
+ AuthorityInformationAccessOID.OCSP,
x509.UniformResourceIdentifier(u"http://ocsp2.domain.com")
),
x509.AccessDescription(
- x509.OID_CA_ISSUERS,
+ AuthorityInformationAccessOID.CA_ISSUERS,
x509.DirectoryName(x509.Name([
- x509.NameAttribute(x509.OID_COMMON_NAME, u"myCN"),
- x509.NameAttribute(x509.OID_ORGANIZATION_NAME,
+ x509.NameAttribute(NameOID.COMMON_NAME, u"myCN"),
+ x509.NameAttribute(NameOID.ORGANIZATION_NAME,
u"some Org"),
]))
),
@@ -1993,14 +2000,14 @@ class TestAuthorityInformationAccessExtension(object):
backend
)
ext = cert.extensions.get_extension_for_oid(
- x509.OID_AUTHORITY_INFORMATION_ACCESS
+ ExtensionOID.AUTHORITY_INFORMATION_ACCESS
)
assert ext is not None
assert ext.critical is False
assert ext.value == x509.AuthorityInformationAccess([
x509.AccessDescription(
- x509.OID_OCSP,
+ AuthorityInformationAccessOID.OCSP,
x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
),
])
@@ -2012,17 +2019,17 @@ class TestAuthorityInformationAccessExtension(object):
backend
)
ext = cert.extensions.get_extension_for_oid(
- x509.OID_AUTHORITY_INFORMATION_ACCESS
+ ExtensionOID.AUTHORITY_INFORMATION_ACCESS
)
assert ext is not None
assert ext.critical is False
assert ext.value == x509.AuthorityInformationAccess([
x509.AccessDescription(
- x509.OID_CA_ISSUERS,
+ AuthorityInformationAccessOID.CA_ISSUERS,
x509.DirectoryName(x509.Name([
- x509.NameAttribute(x509.OID_COMMON_NAME, u"myCN"),
- x509.NameAttribute(x509.OID_ORGANIZATION_NAME,
+ x509.NameAttribute(NameOID.COMMON_NAME, u"myCN"),
+ x509.NameAttribute(NameOID.ORGANIZATION_NAME,
u"some Org"),
]))
),
@@ -2041,7 +2048,7 @@ class TestAuthorityKeyIdentifierExtension(object):
backend
)
ext = cert.extensions.get_extension_for_oid(
- x509.OID_AUTHORITY_KEY_IDENTIFIER
+ ExtensionOID.AUTHORITY_KEY_IDENTIFIER
)
assert ext is not None
assert ext.critical is False
@@ -2061,7 +2068,7 @@ class TestAuthorityKeyIdentifierExtension(object):
backend
)
ext = cert.extensions.get_extension_for_oid(
- x509.OID_AUTHORITY_KEY_IDENTIFIER
+ ExtensionOID.AUTHORITY_KEY_IDENTIFIER
)
assert ext is not None
assert ext.critical is False
@@ -2073,10 +2080,10 @@ class TestAuthorityKeyIdentifierExtension(object):
x509.DirectoryName(
x509.Name([
x509.NameAttribute(
- x509.OID_ORGANIZATION_NAME, u"PyCA"
+ NameOID.ORGANIZATION_NAME, u"PyCA"
),
x509.NameAttribute(
- x509.OID_COMMON_NAME, u"cryptography.io"
+ NameOID.COMMON_NAME, u"cryptography.io"
)
])
)
@@ -2092,7 +2099,7 @@ class TestAuthorityKeyIdentifierExtension(object):
backend
)
ext = cert.extensions.get_extension_for_oid(
- x509.OID_AUTHORITY_KEY_IDENTIFIER
+ ExtensionOID.AUTHORITY_KEY_IDENTIFIER
)
assert ext is not None
assert ext.critical is False
@@ -2102,10 +2109,10 @@ class TestAuthorityKeyIdentifierExtension(object):
x509.DirectoryName(
x509.Name([
x509.NameAttribute(
- x509.OID_ORGANIZATION_NAME, u"PyCA"
+ NameOID.ORGANIZATION_NAME, u"PyCA"
),
x509.NameAttribute(
- x509.OID_COMMON_NAME, u"cryptography.io"
+ NameOID.COMMON_NAME, u"cryptography.io"
)
])
)
@@ -2124,7 +2131,7 @@ class TestAuthorityKeyIdentifierExtension(object):
backend
)
ext = cert.extensions.get_extension_for_oid(
- x509.OID_AUTHORITY_KEY_IDENTIFIER
+ ExtensionOID.AUTHORITY_KEY_IDENTIFIER
)
aki = x509.AuthorityKeyIdentifier.from_issuer_public_key(
issuer_cert.public_key()
@@ -2241,7 +2248,7 @@ class TestNameConstraintsExtension(object):
backend
)
nc = cert.extensions.get_extension_for_oid(
- x509.OID_NAME_CONSTRAINTS
+ ExtensionOID.NAME_CONSTRAINTS
).value
assert nc == x509.NameConstraints(
permitted_subtrees=[
@@ -2249,7 +2256,7 @@ class TestNameConstraintsExtension(object):
],
excluded_subtrees=[
x509.DirectoryName(x509.Name([
- x509.NameAttribute(x509.OID_COMMON_NAME, u"zombo")
+ x509.NameAttribute(NameOID.COMMON_NAME, u"zombo")
]))
]
)
@@ -2263,7 +2270,7 @@ class TestNameConstraintsExtension(object):
backend
)
nc = cert.extensions.get_extension_for_oid(
- x509.OID_NAME_CONSTRAINTS
+ ExtensionOID.NAME_CONSTRAINTS
).value
assert nc == x509.NameConstraints(
permitted_subtrees=[
@@ -2281,7 +2288,7 @@ class TestNameConstraintsExtension(object):
backend
)
nc = cert.extensions.get_extension_for_oid(
- x509.OID_NAME_CONSTRAINTS
+ ExtensionOID.NAME_CONSTRAINTS
).value
assert nc == x509.NameConstraints(
permitted_subtrees=[
@@ -2300,7 +2307,7 @@ class TestNameConstraintsExtension(object):
backend
)
nc = cert.extensions.get_extension_for_oid(
- x509.OID_NAME_CONSTRAINTS
+ ExtensionOID.NAME_CONSTRAINTS
).value
assert nc == x509.NameConstraints(
permitted_subtrees=None,
@@ -2319,7 +2326,7 @@ class TestNameConstraintsExtension(object):
backend
)
nc = cert.extensions.get_extension_for_oid(
- x509.OID_NAME_CONSTRAINTS
+ ExtensionOID.NAME_CONSTRAINTS
).value
assert nc == x509.NameConstraints(
permitted_subtrees=[
@@ -2341,7 +2348,7 @@ class TestNameConstraintsExtension(object):
backend
)
nc = cert.extensions.get_extension_for_oid(
- x509.OID_NAME_CONSTRAINTS
+ ExtensionOID.NAME_CONSTRAINTS
).value
assert nc == x509.NameConstraints(
permitted_subtrees=[
@@ -2361,7 +2368,7 @@ class TestNameConstraintsExtension(object):
)
with pytest.raises(ValueError):
cert.extensions.get_extension_for_oid(
- x509.OID_NAME_CONSTRAINTS
+ ExtensionOID.NAME_CONSTRAINTS
)
@@ -2435,7 +2442,7 @@ class TestDistributionPoint(object):
x509.DirectoryName(
x509.Name([
x509.NameAttribute(
- x509.OID_COMMON_NAME, u"Important CA"
+ NameOID.COMMON_NAME, u"Important CA"
)
])
)
@@ -2449,7 +2456,7 @@ class TestDistributionPoint(object):
x509.DirectoryName(
x509.Name([
x509.NameAttribute(
- x509.OID_COMMON_NAME, u"Important CA"
+ NameOID.COMMON_NAME, u"Important CA"
)
])
)
@@ -2466,7 +2473,7 @@ class TestDistributionPoint(object):
x509.DirectoryName(
x509.Name([
x509.NameAttribute(
- x509.OID_COMMON_NAME, u"Important CA"
+ NameOID.COMMON_NAME, u"Important CA"
)
])
)
@@ -2485,14 +2492,14 @@ class TestDistributionPoint(object):
dp = x509.DistributionPoint(
None,
x509.Name([
- x509.NameAttribute(x509.OID_COMMON_NAME, u"myCN")
+ x509.NameAttribute(NameOID.COMMON_NAME, u"myCN")
]),
frozenset([x509.ReasonFlags.ca_compromise]),
[
x509.DirectoryName(
x509.Name([
x509.NameAttribute(
- x509.OID_COMMON_NAME, u"Important CA"
+ NameOID.COMMON_NAME, u"Important CA"
)
])
)
@@ -2670,24 +2677,24 @@ class TestCRLDistributionPointsExtension(object):
)
cdps = cert.extensions.get_extension_for_oid(
- x509.OID_CRL_DISTRIBUTION_POINTS
+ ExtensionOID.CRL_DISTRIBUTION_POINTS
).value
assert cdps == x509.CRLDistributionPoints([
x509.DistributionPoint(
full_name=[x509.DirectoryName(
x509.Name([
- x509.NameAttribute(x509.OID_COUNTRY_NAME, u"US"),
+ x509.NameAttribute(NameOID.COUNTRY_NAME, u"US"),
x509.NameAttribute(
- x509.OID_ORGANIZATION_NAME,
+ NameOID.ORGANIZATION_NAME,
u"Test Certificates 2011"
),
x509.NameAttribute(
- x509.OID_ORGANIZATIONAL_UNIT_NAME,
+ NameOID.ORGANIZATIONAL_UNIT_NAME,
u"indirectCRL CA3 cRLIssuer"
),
x509.NameAttribute(
- x509.OID_COMMON_NAME,
+ NameOID.COMMON_NAME,
u"indirect CRL for indirectCRL CA3"
),
])
@@ -2696,13 +2703,13 @@ class TestCRLDistributionPointsExtension(object):
reasons=None,
crl_issuer=[x509.DirectoryName(
x509.Name([
- x509.NameAttribute(x509.OID_COUNTRY_NAME, u"US"),
+ x509.NameAttribute(NameOID.COUNTRY_NAME, u"US"),
x509.NameAttribute(
- x509.OID_ORGANIZATION_NAME,
+ NameOID.ORGANIZATION_NAME,
u"Test Certificates 2011"
),
x509.NameAttribute(
- x509.OID_ORGANIZATIONAL_UNIT_NAME,
+ NameOID.ORGANIZATIONAL_UNIT_NAME,
u"indirectCRL CA3 cRLIssuer"
),
])
@@ -2720,7 +2727,7 @@ class TestCRLDistributionPointsExtension(object):
)
cdps = cert.extensions.get_extension_for_oid(
- x509.OID_CRL_DISTRIBUTION_POINTS
+ ExtensionOID.CRL_DISTRIBUTION_POINTS
).value
assert cdps == x509.CRLDistributionPoints([
@@ -2728,20 +2735,20 @@ class TestCRLDistributionPointsExtension(object):
full_name=None,
relative_name=x509.Name([
x509.NameAttribute(
- x509.OID_COMMON_NAME,
+ NameOID.COMMON_NAME,
u"indirect CRL for indirectCRL CA3"
),
]),
reasons=None,
crl_issuer=[x509.DirectoryName(
x509.Name([
- x509.NameAttribute(x509.OID_COUNTRY_NAME, u"US"),
+ x509.NameAttribute(NameOID.COUNTRY_NAME, u"US"),
x509.NameAttribute(
- x509.OID_ORGANIZATION_NAME,
+ NameOID.ORGANIZATION_NAME,
u"Test Certificates 2011"
),
x509.NameAttribute(
- x509.OID_ORGANIZATIONAL_UNIT_NAME,
+ NameOID.ORGANIZATIONAL_UNIT_NAME,
u"indirectCRL CA3 cRLIssuer"
),
])
@@ -2759,7 +2766,7 @@ class TestCRLDistributionPointsExtension(object):
)
cdps = cert.extensions.get_extension_for_oid(
- x509.OID_CRL_DISTRIBUTION_POINTS
+ ExtensionOID.CRL_DISTRIBUTION_POINTS
).value
assert cdps == x509.CRLDistributionPoints([
@@ -2774,12 +2781,12 @@ class TestCRLDistributionPointsExtension(object):
]),
crl_issuer=[x509.DirectoryName(
x509.Name([
- x509.NameAttribute(x509.OID_COUNTRY_NAME, u"US"),
+ x509.NameAttribute(NameOID.COUNTRY_NAME, u"US"),
x509.NameAttribute(
- x509.OID_ORGANIZATION_NAME, u"PyCA"
+ NameOID.ORGANIZATION_NAME, u"PyCA"
),
x509.NameAttribute(
- x509.OID_COMMON_NAME, u"cryptography CA"
+ NameOID.COMMON_NAME, u"cryptography CA"
),
])
)],
@@ -2796,7 +2803,7 @@ class TestCRLDistributionPointsExtension(object):
)
cdps = cert.extensions.get_extension_for_oid(
- x509.OID_CRL_DISTRIBUTION_POINTS
+ ExtensionOID.CRL_DISTRIBUTION_POINTS
).value
assert cdps == x509.CRLDistributionPoints([
@@ -2829,7 +2836,7 @@ class TestCRLDistributionPointsExtension(object):
)
cdps = cert.extensions.get_extension_for_oid(
- x509.OID_CRL_DISTRIBUTION_POINTS
+ ExtensionOID.CRL_DISTRIBUTION_POINTS
).value
assert cdps == x509.CRLDistributionPoints([
@@ -2853,7 +2860,7 @@ class TestCRLDistributionPointsExtension(object):
)
cdps = cert.extensions.get_extension_for_oid(
- x509.OID_CRL_DISTRIBUTION_POINTS
+ ExtensionOID.CRL_DISTRIBUTION_POINTS
).value
assert cdps == x509.CRLDistributionPoints([
@@ -2864,7 +2871,7 @@ class TestCRLDistributionPointsExtension(object):
crl_issuer=[x509.DirectoryName(
x509.Name([
x509.NameAttribute(
- x509.OID_COMMON_NAME, u"cryptography CA"
+ NameOID.COMMON_NAME, u"cryptography CA"
),
])
)],
@@ -2884,7 +2891,7 @@ class TestOCSPNoCheckExtension(object):
backend
)
ext = cert.extensions.get_extension_for_oid(
- x509.OID_OCSP_NO_CHECK
+ ExtensionOID.OCSP_NO_CHECK
)
assert isinstance(ext.value, x509.OCSPNoCheck)
@@ -2926,7 +2933,7 @@ class TestInhibitAnyPolicyExtension(object):
backend
)
iap = cert.extensions.get_extension_for_oid(
- x509.OID_INHIBIT_ANY_POLICY
+ ExtensionOID.INHIBIT_ANY_POLICY
).value
assert iap.skip_certs == 5
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-30 14:05:36 +0000