From ff9178064dd38d27ccd8de5ac7f8d9ced202f9ea Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Fri, 26 Jun 2015 17:29:04 -0500 Subject: add test for CSR builder setting subject twice --- tests/test_x509.py | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/tests/test_x509.py b/tests/test_x509.py index ee83ed2d..99551eb2 100644 --- a/tests/test_x509.py +++ b/tests/test_x509.py @@ -834,7 +834,7 @@ class TestCertificateSigningRequestBuilder(object): assert basic_constraints.value.ca is True assert basic_constraints.value.path_length == 2 - def test_add_duplicate_extension(self, backend): + def test_add_duplicate_extension(self): builder = x509.CertificateSigningRequestBuilder().add_extension( x509.BasicConstraints(True, 2), critical=True, ) @@ -843,12 +843,12 @@ class TestCertificateSigningRequestBuilder(object): x509.BasicConstraints(True, 2), critical=True, ) - def test_set_invalid_subject(self, backend): + def test_set_invalid_subject(self): builder = x509.CertificateSigningRequestBuilder() with pytest.raises(TypeError): builder.subject_name('NotAName') - def test_add_unsupported_extension(self, backend): + def test_add_unsupported_extension(self): builder = x509.CertificateSigningRequestBuilder() with pytest.raises(NotImplementedError): builder.add_extension( @@ -856,6 +856,20 @@ class TestCertificateSigningRequestBuilder(object): critical=False, ) + def test_set_subject_twice(self): + builder = x509.CertificateSigningRequestBuilder() + builder = builder.subject_name( + x509.Name([ + x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), + ]) + ) + with pytest.raises(ValueError): + builder.subject_name( + x509.Name([ + x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), + ]) + ) + @pytest.mark.requires_backend_interface(interface=DSABackend) @pytest.mark.requires_backend_interface(interface=X509Backend) -- cgit v1.2.3 From 7e2fbe670ac66bc77470facfd8471ba2f0e1e153 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Fri, 26 Jun 2015 17:59:05 -0500 Subject: test notimplementederror for unsupported csr extensions in backends --- src/cryptography/x509.py | 4 ++++ tests/test_x509.py | 14 ++++++++++++++ 2 files changed, 18 insertions(+) diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py index 21e18ddd..24d501e5 100644 --- a/src/cryptography/x509.py +++ b/src/cryptography/x509.py @@ -1468,6 +1468,10 @@ class CertificateSigningRequestBuilder(object): """ if isinstance(extension, BasicConstraints): extension = Extension(OID_BASIC_CONSTRAINTS, critical, extension) + elif isinstance(extension, SubjectAlternativeName): + extension = Extension( + OID_SUBJECT_ALTERNATIVE_NAME, critical, extension + ) else: raise NotImplementedError('Unsupported X.509 extension.') # TODO: This is quadratic in the number of extensions diff --git a/tests/test_x509.py b/tests/test_x509.py index 99551eb2..53052196 100644 --- a/tests/test_x509.py +++ b/tests/test_x509.py @@ -856,6 +856,20 @@ class TestCertificateSigningRequestBuilder(object): critical=False, ) + def test_add_unsupported_extension_in_backend(self, backend): + private_key = RSA_KEY_2048.private_key(backend) + builder = x509.CertificateSigningRequestBuilder() + builder = builder.subject_name( + x509.Name([ + x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), + ]) + ).add_extension( + x509.SubjectAlternativeName([x509.DNSName(u"cryptography.io")]), + critical=False, + ) + with pytest.raises(NotImplementedError): + builder.sign(backend, private_key, hashes.SHA256()) + def test_set_subject_twice(self): builder = x509.CertificateSigningRequestBuilder() builder = builder.subject_name( -- cgit v1.2.3