From dc480adc596c82e175f323df1ad042f3646d74cc Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Mon, 23 Feb 2015 12:14:54 -0600 Subject: basic support for parsing x509 requests --- tests/test_x509.py | 67 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 67 insertions(+) (limited to 'tests/test_x509.py') diff --git a/tests/test_x509.py b/tests/test_x509.py index 2a472686..8f188885 100644 --- a/tests/test_x509.py +++ b/tests/test_x509.py @@ -340,6 +340,34 @@ class TestRSACertificate(object): with pytest.raises(UnsupportedAlgorithm): cert.signature_hash_algorithm + def test_load_rsa_certificate_request(self, backend): + request = _load_cert( + os.path.join("x509", "requests", "rsa_sha1.pem"), + x509.load_pem_x509_request, + backend + ) + assert isinstance(request.signature_hash_algorithm, hashes.SHA1) + public_key = request.public_key() + assert isinstance(public_key, rsa.RSAPublicKey) + subject = request.subject + assert isinstance(subject, x509.Name) + assert list(subject) == [ + x509.NameAttribute(x509.OID_COUNTRY_NAME, 'US'), + x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, 'Texas'), + x509.NameAttribute(x509.OID_LOCALITY_NAME, 'Austin'), + x509.NameAttribute(x509.OID_ORGANIZATION_NAME, 'PyCA'), + x509.NameAttribute(x509.OID_COMMON_NAME, 'cryptography.io'), + ] + + def test_unsupported_signature_hash_algorithm_request(self, backend): + request = _load_cert( + os.path.join("x509", "requests", "rsa_md4.pem"), + x509.load_pem_x509_request, + backend + ) + with pytest.raises(UnsupportedAlgorithm): + request.signature_hash_algorithm + @pytest.mark.requires_backend_interface(interface=DSABackend) @pytest.mark.requires_backend_interface(interface=X509Backend) @@ -392,6 +420,25 @@ class TestDSACertificate(object): "822ff5d234e073b901cf5941f58e1f538e71d40d", 16 ) + def test_load_dsa_request(self, backend): + request = _load_cert( + os.path.join("x509", "requests", "dsa_sha1.pem"), + x509.load_pem_x509_request, + backend + ) + assert isinstance(request.signature_hash_algorithm, hashes.SHA1) + public_key = request.public_key() + assert isinstance(public_key, dsa.DSAPublicKey) + subject = request.subject + assert isinstance(subject, x509.Name) + assert list(subject) == [ + x509.NameAttribute(x509.OID_COMMON_NAME, 'cryptography.io'), + x509.NameAttribute(x509.OID_ORGANIZATION_NAME, 'PyCA'), + x509.NameAttribute(x509.OID_COUNTRY_NAME, 'US'), + x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, 'Texas'), + x509.NameAttribute(x509.OID_LOCALITY_NAME, 'Austin'), + ] + @pytest.mark.requires_backend_interface(interface=EllipticCurveBackend) @pytest.mark.requires_backend_interface(interface=X509Backend) @@ -428,6 +475,26 @@ class TestECDSACertificate(object): with pytest.raises(NotImplementedError): cert.public_key() + def test_load_ecdsa_certificate_request(self, backend): + _skip_curve_unsupported(backend, ec.SECP384R1()) + request = _load_cert( + os.path.join("x509", "requests", "ec_sha256.pem"), + x509.load_pem_x509_request, + backend + ) + assert isinstance(request.signature_hash_algorithm, hashes.SHA256) + public_key = request.public_key() + assert isinstance(public_key, ec.EllipticCurvePublicKey) + subject = request.subject + assert isinstance(subject, x509.Name) + assert list(subject) == [ + x509.NameAttribute(x509.OID_COMMON_NAME, 'cryptography.io'), + x509.NameAttribute(x509.OID_ORGANIZATION_NAME, 'PyCA'), + x509.NameAttribute(x509.OID_COUNTRY_NAME, 'US'), + x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, 'Texas'), + x509.NameAttribute(x509.OID_LOCALITY_NAME, 'Austin'), + ] + class TestNameAttribute(object): def test_init_bad_oid(self): -- cgit v1.2.3 From 31e398802c79d3b4a182b28f17b99595e84bbe2a Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Wed, 11 Mar 2015 11:37:04 -0500 Subject: rename request to CSR --- tests/test_x509.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'tests/test_x509.py') diff --git a/tests/test_x509.py b/tests/test_x509.py index 8f188885..3665adc3 100644 --- a/tests/test_x509.py +++ b/tests/test_x509.py @@ -343,7 +343,7 @@ class TestRSACertificate(object): def test_load_rsa_certificate_request(self, backend): request = _load_cert( os.path.join("x509", "requests", "rsa_sha1.pem"), - x509.load_pem_x509_request, + x509.load_pem_x509_csr, backend ) assert isinstance(request.signature_hash_algorithm, hashes.SHA1) @@ -362,7 +362,7 @@ class TestRSACertificate(object): def test_unsupported_signature_hash_algorithm_request(self, backend): request = _load_cert( os.path.join("x509", "requests", "rsa_md4.pem"), - x509.load_pem_x509_request, + x509.load_pem_x509_csr, backend ) with pytest.raises(UnsupportedAlgorithm): @@ -423,7 +423,7 @@ class TestDSACertificate(object): def test_load_dsa_request(self, backend): request = _load_cert( os.path.join("x509", "requests", "dsa_sha1.pem"), - x509.load_pem_x509_request, + x509.load_pem_x509_csr, backend ) assert isinstance(request.signature_hash_algorithm, hashes.SHA1) @@ -479,7 +479,7 @@ class TestECDSACertificate(object): _skip_curve_unsupported(backend, ec.SECP384R1()) request = _load_cert( os.path.join("x509", "requests", "ec_sha256.pem"), - x509.load_pem_x509_request, + x509.load_pem_x509_csr, backend ) assert isinstance(request.signature_hash_algorithm, hashes.SHA256) -- cgit v1.2.3 From b759e29dfeb889015039041e3d1b74939ab3a53c Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Tue, 17 Mar 2015 07:34:41 -0500 Subject: add test for invalid PEM CSR --- tests/test_x509.py | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'tests/test_x509.py') diff --git a/tests/test_x509.py b/tests/test_x509.py index 3665adc3..22b93f61 100644 --- a/tests/test_x509.py +++ b/tests/test_x509.py @@ -359,6 +359,10 @@ class TestRSACertificate(object): x509.NameAttribute(x509.OID_COMMON_NAME, 'cryptography.io'), ] + def test_invalid_certificate_request_pem(self, backend): + with pytest.raises(ValueError): + x509.load_pem_x509_csr(b"notacsr", backend) + def test_unsupported_signature_hash_algorithm_request(self, backend): request = _load_cert( os.path.join("x509", "requests", "rsa_md4.pem"), -- cgit v1.2.3