From dc480adc596c82e175f323df1ad042f3646d74cc Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Mon, 23 Feb 2015 12:14:54 -0600 Subject: basic support for parsing x509 requests --- tests/hazmat/backends/test_multibackend.py | 6 +++ tests/test_x509.py | 67 ++++++++++++++++++++++++++++++ 2 files changed, 73 insertions(+) (limited to 'tests') diff --git a/tests/hazmat/backends/test_multibackend.py b/tests/hazmat/backends/test_multibackend.py index 5a8891c4..8f833ad2 100644 --- a/tests/hazmat/backends/test_multibackend.py +++ b/tests/hazmat/backends/test_multibackend.py @@ -197,6 +197,9 @@ class DummyX509Backend(object): def load_der_x509_certificate(self, data): pass + def load_pem_x509_request(self, data): + pass + class TestMultiBackend(object): def test_ciphers(self): @@ -472,9 +475,12 @@ class TestMultiBackend(object): backend.load_pem_x509_certificate(b"certdata") backend.load_der_x509_certificate(b"certdata") + backend.load_pem_x509_request(b"reqdata") backend = MultiBackend([]) with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_X509): backend.load_pem_x509_certificate(b"certdata") with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_X509): backend.load_der_x509_certificate(b"certdata") + with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_X509): + backend.load_pem_x509_request(b"reqdata") diff --git a/tests/test_x509.py b/tests/test_x509.py index 2a472686..8f188885 100644 --- a/tests/test_x509.py +++ b/tests/test_x509.py @@ -340,6 +340,34 @@ class TestRSACertificate(object): with pytest.raises(UnsupportedAlgorithm): cert.signature_hash_algorithm + def test_load_rsa_certificate_request(self, backend): + request = _load_cert( + os.path.join("x509", "requests", "rsa_sha1.pem"), + x509.load_pem_x509_request, + backend + ) + assert isinstance(request.signature_hash_algorithm, hashes.SHA1) + public_key = request.public_key() + assert isinstance(public_key, rsa.RSAPublicKey) + subject = request.subject + assert isinstance(subject, x509.Name) + assert list(subject) == [ + x509.NameAttribute(x509.OID_COUNTRY_NAME, 'US'), + x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, 'Texas'), + x509.NameAttribute(x509.OID_LOCALITY_NAME, 'Austin'), + x509.NameAttribute(x509.OID_ORGANIZATION_NAME, 'PyCA'), + x509.NameAttribute(x509.OID_COMMON_NAME, 'cryptography.io'), + ] + + def test_unsupported_signature_hash_algorithm_request(self, backend): + request = _load_cert( + os.path.join("x509", "requests", "rsa_md4.pem"), + x509.load_pem_x509_request, + backend + ) + with pytest.raises(UnsupportedAlgorithm): + request.signature_hash_algorithm + @pytest.mark.requires_backend_interface(interface=DSABackend) @pytest.mark.requires_backend_interface(interface=X509Backend) @@ -392,6 +420,25 @@ class TestDSACertificate(object): "822ff5d234e073b901cf5941f58e1f538e71d40d", 16 ) + def test_load_dsa_request(self, backend): + request = _load_cert( + os.path.join("x509", "requests", "dsa_sha1.pem"), + x509.load_pem_x509_request, + backend + ) + assert isinstance(request.signature_hash_algorithm, hashes.SHA1) + public_key = request.public_key() + assert isinstance(public_key, dsa.DSAPublicKey) + subject = request.subject + assert isinstance(subject, x509.Name) + assert list(subject) == [ + x509.NameAttribute(x509.OID_COMMON_NAME, 'cryptography.io'), + x509.NameAttribute(x509.OID_ORGANIZATION_NAME, 'PyCA'), + x509.NameAttribute(x509.OID_COUNTRY_NAME, 'US'), + x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, 'Texas'), + x509.NameAttribute(x509.OID_LOCALITY_NAME, 'Austin'), + ] + @pytest.mark.requires_backend_interface(interface=EllipticCurveBackend) @pytest.mark.requires_backend_interface(interface=X509Backend) @@ -428,6 +475,26 @@ class TestECDSACertificate(object): with pytest.raises(NotImplementedError): cert.public_key() + def test_load_ecdsa_certificate_request(self, backend): + _skip_curve_unsupported(backend, ec.SECP384R1()) + request = _load_cert( + os.path.join("x509", "requests", "ec_sha256.pem"), + x509.load_pem_x509_request, + backend + ) + assert isinstance(request.signature_hash_algorithm, hashes.SHA256) + public_key = request.public_key() + assert isinstance(public_key, ec.EllipticCurvePublicKey) + subject = request.subject + assert isinstance(subject, x509.Name) + assert list(subject) == [ + x509.NameAttribute(x509.OID_COMMON_NAME, 'cryptography.io'), + x509.NameAttribute(x509.OID_ORGANIZATION_NAME, 'PyCA'), + x509.NameAttribute(x509.OID_COUNTRY_NAME, 'US'), + x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, 'Texas'), + x509.NameAttribute(x509.OID_LOCALITY_NAME, 'Austin'), + ] + class TestNameAttribute(object): def test_init_bad_oid(self): -- cgit v1.2.3 From 31e398802c79d3b4a182b28f17b99595e84bbe2a Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Wed, 11 Mar 2015 11:37:04 -0500 Subject: rename request to CSR --- tests/hazmat/backends/test_multibackend.py | 6 +++--- tests/test_x509.py | 8 ++++---- 2 files changed, 7 insertions(+), 7 deletions(-) (limited to 'tests') diff --git a/tests/hazmat/backends/test_multibackend.py b/tests/hazmat/backends/test_multibackend.py index 8f833ad2..40305387 100644 --- a/tests/hazmat/backends/test_multibackend.py +++ b/tests/hazmat/backends/test_multibackend.py @@ -197,7 +197,7 @@ class DummyX509Backend(object): def load_der_x509_certificate(self, data): pass - def load_pem_x509_request(self, data): + def load_pem_x509_csr(self, data): pass @@ -475,7 +475,7 @@ class TestMultiBackend(object): backend.load_pem_x509_certificate(b"certdata") backend.load_der_x509_certificate(b"certdata") - backend.load_pem_x509_request(b"reqdata") + backend.load_pem_x509_csr(b"reqdata") backend = MultiBackend([]) with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_X509): @@ -483,4 +483,4 @@ class TestMultiBackend(object): with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_X509): backend.load_der_x509_certificate(b"certdata") with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_X509): - backend.load_pem_x509_request(b"reqdata") + backend.load_pem_x509_csr(b"reqdata") diff --git a/tests/test_x509.py b/tests/test_x509.py index 8f188885..3665adc3 100644 --- a/tests/test_x509.py +++ b/tests/test_x509.py @@ -343,7 +343,7 @@ class TestRSACertificate(object): def test_load_rsa_certificate_request(self, backend): request = _load_cert( os.path.join("x509", "requests", "rsa_sha1.pem"), - x509.load_pem_x509_request, + x509.load_pem_x509_csr, backend ) assert isinstance(request.signature_hash_algorithm, hashes.SHA1) @@ -362,7 +362,7 @@ class TestRSACertificate(object): def test_unsupported_signature_hash_algorithm_request(self, backend): request = _load_cert( os.path.join("x509", "requests", "rsa_md4.pem"), - x509.load_pem_x509_request, + x509.load_pem_x509_csr, backend ) with pytest.raises(UnsupportedAlgorithm): @@ -423,7 +423,7 @@ class TestDSACertificate(object): def test_load_dsa_request(self, backend): request = _load_cert( os.path.join("x509", "requests", "dsa_sha1.pem"), - x509.load_pem_x509_request, + x509.load_pem_x509_csr, backend ) assert isinstance(request.signature_hash_algorithm, hashes.SHA1) @@ -479,7 +479,7 @@ class TestECDSACertificate(object): _skip_curve_unsupported(backend, ec.SECP384R1()) request = _load_cert( os.path.join("x509", "requests", "ec_sha256.pem"), - x509.load_pem_x509_request, + x509.load_pem_x509_csr, backend ) assert isinstance(request.signature_hash_algorithm, hashes.SHA256) -- cgit v1.2.3 From b759e29dfeb889015039041e3d1b74939ab3a53c Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Tue, 17 Mar 2015 07:34:41 -0500 Subject: add test for invalid PEM CSR --- tests/test_x509.py | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'tests') diff --git a/tests/test_x509.py b/tests/test_x509.py index 3665adc3..22b93f61 100644 --- a/tests/test_x509.py +++ b/tests/test_x509.py @@ -359,6 +359,10 @@ class TestRSACertificate(object): x509.NameAttribute(x509.OID_COMMON_NAME, 'cryptography.io'), ] + def test_invalid_certificate_request_pem(self, backend): + with pytest.raises(ValueError): + x509.load_pem_x509_csr(b"notacsr", backend) + def test_unsupported_signature_hash_algorithm_request(self, backend): request = _load_cert( os.path.join("x509", "requests", "rsa_md4.pem"), -- cgit v1.2.3