/*
 * QEMU PC keyboard emulation
 * 
 * Copyright (c) 2003 Fabrice Bellard
 * 
 * Permission is hereby granted, free of charge, to any person obtaining a copy
 * of this software and associated documentation files (the "Software"), to deal
 * in the Software without restriction, including without limitation the rights
 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 * copies of the Software, and to permit persons to whom the Software is
 * furnished to do so, subject to the following conditions:
 *
 * The above copyright notice and this permission notice shall be included in
 * all copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 * THE SOFTWARE.
 */
#include "vl.h"

/* debug PC keyboard */
//#define DEBUG_KBD

/* debug PC keyboard : only mouse */
//#define DEBUG_MOUSE

/*	Keyboard Controller Commands */
#define KBD_CCMD_READ_MODE	0x20	/* Read mode bits */
#define KBD_CCMD_WRITE_MODE	0x60	/* Write mode bits */
#define KBD_CCMD_GET_VERSION	0xA1	/* Get controller version */
#define KBD_CCMD_MOUSE_DISABLE	0xA7	/* Disable mouse interface */
#define KBD_CCMD_MOUSE_ENABLE	0xA8	/* Enable mouse interface */
#define KBD_CCMD_TEST_MOUSE	0xA9	/* Mouse interface test */
#define KBD_CCMD_SELF_TEST	0xAA	/* Controller self test */
#define KBD_CCMD_KBD_TEST	0xAB	/* Keyboard interface test */
#define KBD_CCMD_KBD_DISABLE	0xAD	/* Keyboard interface disable */
#define KBD_CCMD_KBD_ENABLE	0xAE	/* Keyboard interface enable */
#define KBD_CCMD_READ_INPORT    0xC0    /* read input port */
#define KBD_CCMD_READ_OUTPORT	0xD0    /* read output port */
#define KBD_CCMD_WRITE_OUTPORT	0xD1    /* write output port */
#define KBD_CCMD_WRITE_OBUF	0xD2
#define KBD_CCMD_WRITE_AUX_OBUF	0xD3    /* Write to output buffer as if
					   initiated by the auxiliary device */
#define KBD_CCMD_WRITE_MOUSE	0xD4	/* Write the following byte to the mouse */
#define KBD_CCMD_DISABLE_A20    0xDD    /* HP vectra only ? */
#define KBD_CCMD_ENABLE_A20     0xDF    /* HP vectra only ? */
#define KBD_CCMD_RESET	        0xFE

/* Keyboard Commands */
#define KBD_CMD_SET_LEDS	0xED	/* Set keyboard leds */
#define KBD_CMD_ECHO     	0xEE
#define KBD_CMD_GET_ID 	        0xF2	/* get keyboard ID */
#define KBD_CMD_SET_RATE	0xF3	/* Set typematic rate */
#define KBD_CMD_ENABLE		0xF4	/* Enable scanning */
#define KBD_CMD_RESET_DISABLE	0xF5	/* reset and disable scanning */
#define KBD_CMD_RESET_ENABLE   	0xF6    /* reset and enable scanning */
#define KBD_CMD_RESET		0xFF	/* Reset */

/* Keyboard Replies */
#define KBD_REPLY_POR		0xAA	/* Power on reset */
#define KBD_REPLY_ACK		0xFA	/* Command ACK */
#define KBD_REPLY_RESEND	0xFE	/* Command NACK, send the cmd again */

/* Status Register Bits */
#define KBD_STAT_OBF 		0x01	/* Keyboard output buffer full */
#define KBD_STAT_IBF 		0x02	/* Keyboard input buffer full */
#define KBD_STAT_SELFTEST	0x04	/* Self test successful */
#define KBD_STAT_CMD		0x08	/* Last write was a command write (0=data) */
#define KBD_STAT_UNLOCKED	0x10	/* Zero if keyboard locked */
#define KBD_STAT_MOUSE_OBF	0x20	/* Mouse output buffer full */
#define KBD_STAT_GTO 		0x40	/* General receive/xmit timeout */
#define KBD_STAT_PERR 		0x80	/* Parity error */

/* Controller Mode Register Bits */
#define KBD_MODE_KBD_INT	0x01	/* Keyboard data generate IRQ1 */
#define KBD_MODE_MOUSE_INT	0x02	/* Mouse data generate IRQ12 */
#define KBD_MODE_SYS 		0x04	/* The system flag (?) */
#define KBD_MODE_NO_KEYLOCK	0x08	/* The keylock doesn't affect the keyboard if set */
#define KBD_MODE_DISABLE_KBD	0x10	/* Disable keyboard interface */
#define KBD_MODE_DISABLE_MOUSE	0x20	/* Disable mouse interface */
#define KBD_MODE_KCC 		0x40	/* Scan code conversion to PC format */
#define KBD_MODE_RFU		0x80

/* Mouse Commands */
#define AUX_SET_SCALE11		0xE6	/* Set 1:1 scaling */
#define AUX_SET_SCALE21		0xE7	/* Set 2:1 scaling */
#define AUX_SET_RES		0xE8	/* Set resolution */
#define AUX_GET_SCALE		0xE9	/* Get scaling factor */
/* according to Synaptic docs this $E9 is really 3-byte status */
#define AUX_SET_STREAM		0xEA	/* Set stream mode */
#define AUX_POLL		0xEB	/* Poll */
#define AUX_RESET_WRAP		0xEC	/* Reset wrap mode */
#define AUX_SET_WRAP		0xEE	/* Set wrap mode */
#define AUX_SET_REMOTE		0xF0	/* Set remote mode */
#define AUX_GET_TYPE		0xF2	/* Get type */
#define AUX_SET_SAMPLE		0xF3	/* Set sample rate */
#define AUX_ENABLE_DEV		0xF4	/* Enable aux device */
#define AUX_DISABLE_DEV		0xF5	/* Disable aux device */
#define AUX_SET_DEFAULT		0xF6
#define AUX_RESET		0xFF	/* Reset aux device */
#define AUX_ACK			0xFA	/* Command byte ACK. */

#define MOUSE_STATUS_REMOTE     0x40
#define MOUSE_STATUS_ENABLED    0x20
#define MOUSE_STATUS_SCALE21    0x10

#define KBD_QUEUE_SIZE 256

typedef struct {
    uint8_t aux[KBD_QUEUE_SIZE];
    uint8_t data[KBD_QUEUE_SIZE];
    int rptr, wptr, count;
} KBDQueue;

typedef struct {
    int absolute;
    int high;
} TouchPad;

typedef struct KBDState {
    KBDQueue queue;
    uint8_t write_cmd; /* if non zero, write data to port 60 is expected */
    uint8_t status;
    uint8_t mode;
    /* keyboard state */
    int kbd_write_cmd;
    int scan_enabled;
    /* mouse state */
    int mouse_write_cmd;
    uint8_t mouse_status;
    uint8_t mouse_resolution;
    uint8_t mouse_sample_rate;
    uint8_t mouse_wrap;
    uint8_t mouse_type; /* 0 = PS2, 3 = IMPS/2, 4 = IMEX */
    uint8_t mouse_detect_state;
    int mouse_dx; /* current values, needed for 'poll' mode */
    int mouse_dy;
    int mouse_dz;
    uint8_t mouse_buttons;
    TouchPad touchpad;
} KBDState;

KBDState kbd_state;

/* update irq and KBD_STAT_[MOUSE_]OBF */
/* XXX: not generating the irqs if KBD_MODE_DISABLE_KBD is set may be
   incorrect, but it avoids having to simulate exact delays */
static void kbd_update_irq(KBDState *s)
{
    KBDQueue *q = &s->queue;
    int irq12_level, irq1_level;

    irq1_level = 0;    
    irq12_level = 0;    
    s->status &= ~(KBD_STAT_OBF | KBD_STAT_MOUSE_OBF);
    if (q->count != 0) {
        s->status |= KBD_STAT_OBF;
        if (q->aux[q->rptr]) {
            s->status |= KBD_STAT_MOUSE_OBF;
            if (s->mode & KBD_MODE_MOUSE_INT)
                irq12_level = 1;
        } else {
            if ((s->mode & KBD_MODE_KBD_INT) && 
                !(s->mode & KBD_MODE_DISABLE_KBD))
                irq1_level = 1;
        }
    }
    pic_set_irq(1, irq1_level);
    pic_set_irq(12, irq12_level);
}

static void kbd_queue(KBDState *s, int b, int aux)
{
    KBDQueue *q = &s->queue;

#if defined(DEBUG_MOUSE) || defined(DEBUG_KBD)
    if (aux)
        printf("mouse event: 0x%02x\n", b);
#ifdef DEBUG_KBD
    else
        printf("kbd event: 0x%02x\n", b);
#endif
#endif
    if (q->count >= KBD_QUEUE_SIZE)
        return;
    q->aux[q->wptr] = aux;
    q->data[q->wptr] = b;
    if (++q->wptr == KBD_QUEUE_SIZE)
        q->wptr = 0;
    q->count++;
    kbd_update_irq(s);
}

static void pc_kbd_put_keycode(void *opaque, int keycode)
{
    KBDState *s = opaque;
    kbd_queue(s, keycode, 0);
}

static uint32_t kbd_read_status(void *opaque, uint32_t addr)
{
    KBDState *s = opaque;
    int val;
    val = s->status;
#if defined(DEBUG_KBD)
    printf("kbd: read status=0x%02x\n", val);
#endif
    return val;
}

static void kbd_write_command(void *opaque, uint32_t addr, uint32_t val)
{
    KBDState *s = opaque;

#ifdef DEBUG_KBD
    printf("kbd: write cmd=0x%02x\n", val);
#endif
    switch(val) {
    case KBD_CCMD_READ_MODE:
        kbd_queue(s, s->mode, 0);
        break;
    case KBD_CCMD_WRITE_MODE:
    case KBD_CCMD_WRITE_OBUF:
    case KBD_CCMD_WRITE_AUX_OBUF:
    case KBD_CCMD_WRITE_MOUSE:
    case KBD_CCMD_WRITE_OUTPORT:
        s->write_cmd = val;
        break;
    case KBD_CCMD_MOUSE_DISABLE:
        s->mode |= KBD_MODE_DISABLE_MOUSE;
        break;
    case KBD_CCMD_MOUSE_ENABLE:
        s->mode &= ~KBD_MODE_DISABLE_MOUSE;
        break;
    case KBD_CCMD_TEST_MOUSE:
        kbd_queue(s, 0x00, 0);
        break;
    case KBD_CCMD_SELF_TEST:
        s->status |= KBD_STAT_SELFTEST;
        kbd_queue(s, 0x55, 0);
        break;
    case KBD_CCMD_KBD_TEST:
        kbd_queue(s, 0x00, 0);
        break;
    case KBD_CCMD_KBD_DISABLE:
        s->mode |= KBD_MODE_DISABLE_KBD;
        kbd_update_irq(s);
        break;
    case KBD_CCMD_KBD_ENABLE:
        s->mode &= ~KBD_MODE_DISABLE_KBD;
        kbd_update_irq(s);
        break;
    case KBD_CCMD_READ_INPORT:
        kbd_queue(s, 0x00, 0);
        break;
    case KBD_CCMD_READ_OUTPORT:
        /* XXX: check that */
#ifdef TARGET_I386
        val = 0x01 | (((cpu_single_env->a20_mask >> 20) & 1) << 1);
#else
        val = 0x01;
#endif
        if (s->status & KBD_STAT_OBF)
            val |= 0x10;
        if (s->status & KBD_STAT_MOUSE_OBF)
            val |= 0x20;
        kbd_queue(s, val, 0);
        break;
#ifdef TARGET_I386
    case KBD_CCMD_ENABLE_A20:
        cpu_x86_set_a20(cpu_single_env, 1);
        break;
    case KBD_CCMD_DISABLE_A20:
        cpu_x86_set_a20(cpu_single_env, 0);
        break;
#endif
    case KBD_CCMD_RESET:
        qemu_system_reset_request();
        break;
    case 0xff:
        /* ignore that - I don't know what is its use */
        break;
    default:
        fprintf(stderr, "qemu: unsupported keyboard cmd=0x%02x\n", val);
        break;
    }
}

static uint32_t kbd_read_data(void *opaque, uint32_t addr)
{
    KBDState *s = opaque;
    KBDQueue *q;
    int val, index, aux;
    
    q = &s->queue;
    if (q->count == 0) {
        /* NOTE: if no data left, we return the last keyboard one
           (needed for EMM386) */
        /* XXX: need a timer to do things correctly */
        index = q->rptr - 1;
        if (index < 0)
            index = KBD_QUEUE_SIZE - 1;
        val = q->data[index];
    } else {
        aux = q->aux[q->rptr];
        val = q->data[q->rptr];
        if (++q->rptr == KBD_QUEUE_SIZE)
            q->rptr = 0;
        q->count--;
        /* reading deasserts IRQ */
        if (aux)
            pic_set_irq(12, 0);
        else
            pic_set_irq(1, 0);
    }
    /* reassert IRQs if data left */
    kbd_update_irq(s);
#ifdef DEBUG_KBD
    printf("kbd: read data=0x%02x\n", val);
#endif
    return val;
}

static void kbd_reset_keyboard(KBDState *s)
{
    s->scan_enabled = 1;
}

static void kbd_write_keyboard(KBDState *s, int val)
{
    switch(s->kbd_write_cmd) {
    default:
    case -1:
        switch(val) {
        case 0x00:
            kbd_queue(s, KBD_REPLY_ACK, 0);
            break;
        case 0x05:
            kbd_queue(s, KBD_REPLY_RESEND, 0);
            break;
        case KBD_CMD_GET_ID:
            kbd_queue(s, KBD_REPLY_ACK, 0);
            kbd_queue(s, 0xab, 0);
            kbd_queue(s, 0x83, 0);
            break;
        case KBD_CMD_ECHO:
            kbd_queue(s, KBD_CMD_ECHO, 0);
            break;
        case KBD_CMD_ENABLE:
            s->scan_enabled = 1;
            kbd_queue(s, KBD_REPLY_ACK, 0);
            break;
        case KBD_CMD_SET_LEDS:
        case KBD_CMD_SET_RATE:
            s->kbd_write_cmd = val;
            kbd_queue(s, KBD_REPLY_ACK, 0);
            break;
        case KBD_CMD_RESET_DISABLE:
            kbd_reset_keyboard(s);
            s->scan_enabled = 0;
            kbd_queue(s, KBD_REPLY_ACK, 0);
            break;
        case KBD_CMD_RESET_ENABLE:
            kbd_reset_keyboard(s);
            s->scan_enabled = 1;
            kbd_queue(s, KBD_REPLY_ACK, 0);
            break;
        case KBD_CMD_RESET:
            kbd_reset_keyboard(s);
            kbd_queue(s, KBD_REPLY_ACK, 0);
            kbd_queue(s, KBD_REPLY_POR, 0);
            break;
        default:
            kbd_queue(s, KBD_REPLY_ACK, 0);
            break;
        }
        break;
    case KBD_CMD_SET_LEDS:
        kbd_queue(s, KBD_REPLY_ACK, 0);
        s->kbd_write_cmd = -1;
        break;
    case KBD_CMD_SET_RATE:
        kbd_queue(s, KBD_REPLY_ACK, 0);
        s->kbd_write_cmd = -1;
        break;
    }
}

static void kbd_mouse_send_packet(KBDState *s)
{
    unsigned int b;
    int dx1, dy1, dz1;

    dx1 = s->mouse_dx;
    dy1 = s->mouse_dy;
    dz1 = s->mouse_dz;
    if (s->touchpad.absolute)
    {
	int dz2, dleftnright, dg, df;
	if (dx1 > 6143)
	    dx1 = 6143;
	else if (dx1 < 0)
	    dx1 = 0;
	if (dy1 > 6143)
	    dy1 = 6143;
	else if (dy1 < 0)
	    dy1 = 0;
	dz2 = 80; /* normal finger pressure */
	dg = 0; /* guesture not supported */
	df = 0; /* finger not supported */
	dleftnright = (s->mouse_buttons & 0x07);
	/*
	X: 13 bits --return absolute x ord
	Y: 13 bits --return absolute y ord
	Z: 8 bits --return constant 80 since we don't know how hard the user
		is pressing on the mouse button ;) 80 is the default for pen
		pressure, as touchpads cant sense what pressure a pen makes.
	W: 4 bits --return 0, we don't support finger width (should we?)
	left: 1 bit --is left button pressed
	right: 1 bit --is right button pressed
	guesture: 1 bit --we dont support, return 0
	finger: 1 bit --ditto
	total: 42 bits in 6 bytes
	note that Synaptics drivers ignore the finger and guesture bits and
	consider them redundant
	*/
	/*
	note: the packet setup is different when Wmode = 1, but
	    this doesn't apply since we don't support Wmode capability
	format of packet is as follows:
	*/
	// 1 0 finger reserved 0 gesture right left
	kbd_queue(s, (0x80 | (df ? 0x20 : 0) | (dg ? 0x04 : 0) | dleftnright), 1);
	kbd_queue(s, ((dy1 & 0xF) * 256) + (dx1 & 0xF), 1);
	kbd_queue(s, 80, 1); //byte 3
	// 1 1 y-12 x-12 0 gesture right left
	kbd_queue(s, (0xC0 | ((dy1 & 1000) ? 0x20 : 0) | ((dx1 & 1000) ? 0x10 : 0) | (dg ? 0x04 : 0) | dleftnright), 1);
	kbd_queue(s, dx1 & 0xFF, 1);
	kbd_queue(s, dy1 & 0xFF, 1);
	return;
    }
    /* XXX: increase range to 8 bits ? */
    if (dx1 > 127)
        dx1 = 127;
    else if (dx1 < -127)
        dx1 = -127;
    if (dy1 > 127)
        dy1 = 127;
    else if (dy1 < -127)
        dy1 = -127;
    b = 0x08 | ((dx1 < 0) << 4) | ((dy1 < 0) << 5) | (s->mouse_buttons & 0x07);
    kbd_queue(s, b, 1);
    kbd_queue(s, dx1 & 0xff, 1);
    kbd_queue(s, dy1 & 0xff, 1);
    /* extra byte for IMPS/2 or IMEX */
    switch(s->mouse_type) {
    default:
        break;
    case 3:
        if (dz1 > 127)
            dz1 = 127;
        else if (dz1 < -127)
                dz1 = -127;
        kbd_queue(s, dz1 & 0xff, 1);
        break;
    case 4:
        if (dz1 > 7)
            dz1 = 7;
        else if (dz1 < -7)
            dz1 = -7;
        b = (dz1 & 0x0f) | ((s->mouse_buttons & 0x18) << 1);
        kbd_queue(s, b, 1);
        break;
    }

    /* update deltas */
    s->mouse_dx -= dx1;
    s->mouse_dy -= dy1;
    s->mouse_dz -= dz1;
}

static void pc_kbd_mouse_event(void *opaque, 
                               int dx, int dy, int dz, int buttons_state)
{
    KBDState *s = opaque;

    /* check if deltas are recorded when disabled */
    if (!(s->mouse_status & MOUSE_STATUS_ENABLED))
        return;

    s->mouse_dx += dx;
    s->mouse_dy -= dy;
    s->mouse_dz += dz;
    /* XXX: SDL sometimes generates nul events: we delete them */
    if (s->mouse_dx == 0 && s->mouse_dy == 0 && s->mouse_dz == 0 &&
        s->mouse_buttons == buttons_state)
	return;
    s->mouse_buttons = buttons_state;
    
    if (!(s->mouse_status & MOUSE_STATUS_REMOTE) &&
        (s->queue.count < (KBD_QUEUE_SIZE - 16))) {
        for(;;) {
            /* if not remote, send event. Multiple events are sent if
               too big deltas */
            kbd_mouse_send_packet(s);
            if (s->mouse_dx == 0 && s->mouse_dy == 0 && s->mouse_dz == 0)
                break;
        }
    }
}

static void kbd_write_mouse(KBDState *s, int val)
{
/* variables needed to store synaptics command info */
static int rr = 0, ss = 0, tt = 0, uu = 0, res_count = 0, last_com = 0;
int spare;
#ifdef DEBUG_MOUSE
    printf("kbd: write mouse 0x%02x\n", val);
#endif
    switch(s->mouse_write_cmd) {
    default:
    case -1:
        /* mouse command */
        if (s->mouse_wrap) {
            if (val == AUX_RESET_WRAP) {
                s->mouse_wrap = 0;
                kbd_queue(s, AUX_ACK, 1);
                return;
            } else if (val != AUX_RESET) {
                kbd_queue(s, val, 1);
                return;
            }
        }
	last_com = val;
        switch(val) {
        case AUX_SET_SCALE11:
            s->mouse_status &= ~MOUSE_STATUS_SCALE21;
            kbd_queue(s, AUX_ACK, 1);
            break;
        case AUX_SET_SCALE21:
            s->mouse_status |= MOUSE_STATUS_SCALE21;
            kbd_queue(s, AUX_ACK, 1);
            break;
        case AUX_SET_STREAM:
            s->mouse_status &= ~MOUSE_STATUS_REMOTE;
            kbd_queue(s, AUX_ACK, 1);
            break;
        case AUX_SET_WRAP:
            s->mouse_wrap = 1;
            kbd_queue(s, AUX_ACK, 1);
            break;
        case AUX_SET_REMOTE:
            s->mouse_status |= MOUSE_STATUS_REMOTE;
            kbd_queue(s, AUX_ACK, 1);
            break;
        case AUX_GET_TYPE:
            kbd_queue(s, AUX_ACK, 1);
            kbd_queue(s, s->mouse_type, 1);
            break;
        case AUX_SET_RES:
        case AUX_SET_SAMPLE:
            s->mouse_write_cmd = val;
            kbd_queue(s, AUX_ACK, 1);
            break;
        case AUX_GET_SCALE:
	    if (res_count == 4)
	    {
		    /* time for the special stuff */
		    kbd_queue(s, AUX_ACK, 1);
		    /* below is how we get the real synaptic command */
		    val = (rr*64) + (ss*16) + (tt*4) + uu;
		    switch(val)
		    {
			    /* id touchpad */
			    case 0x00:
				    /* info Minor */
				    kbd_queue(s, 0x00, 1);
				    /* special verification byte */
				    kbd_queue(s, 0x47, 1);
				    /* info Major * 0x10 + Info ModelCode*/
				    kbd_queue(s, 4 * 0x10 + 0, 1);
				    break;
				    /* read touchpad modes */
			    case 0x01:
				    /* special verification byte */
				    kbd_queue(s, 0x3B, 1);
				    /* mode */
				    /*
					bit 7 - absolute or relative position
					bit 6 - 0 for 40 packets/sec, 1 for 80 pack/sec
					bit 3 - 1 for sleep mode, 0 for normal
					bit 2 - 1 to detect tap/drag, 0 to disable
					bit 1 - packet size, only valid for serial protocol
					bit 0 - 0 for normal packets, 1 for enhanced packets
					(absolute mode packets which have finger width)
					*/
				    if (s->touchpad.absolute && s->touchpad.h<style>pre { line-height: 125%; margin: 0; }
td.linenos pre { color: #000000; background-color: #f0f0f0; padding: 0 5px 0 5px; }
span.linenos { color: #000000; background-color: #f0f0f0; padding: 0 5px 0 5px; }
td.linenos pre.special { color: #000000; background-color: #ffffc0; padding: 0 5px 0 5px; }
span.linenos.special { color: #000000; background-color: #ffffc0; padding: 0 5px 0 5px; }
.highlight .hll { background-color: #ffffcc }
.highlight { background: #ffffff; }
.highlight .c { color: #888888 } /* Comment */
.highlight .err { color: #a61717; background-color: #e3d2d2 } /* Error */
.highlight .k { color: #008800; font-weight: bold } /* Keyword */
.highlight .ch { color: #888888 } /* Comment.Hashbang */
.highlight .cm { color: #888888 } /* Comment.Multiline */
.highlight .cp { color: #cc0000; font-weight: bold } /* Comment.Preproc */
.highlight .cpf { color: #888888 } /* Comment.PreprocFile */
.highlight .c1 { color: #888888 } /* Comment.Single */
.highlight .cs { color: #cc0000; font-weight: bold; background-color: #fff0f0 } /* Comment.Special */
.highlight .gd { color: #000000; background-color: #ffdddd } /* Generic.Deleted */
.highlight .ge { font-style: italic } /* Generic.Emph */
.highlight .gr { color: #aa0000 } /* Generic.Error */
.highlight .gh { color: #333333 } /* Generic.Heading */
.highlight .gi { color: #000000; background-color: #ddffdd } /* Generic.Inserted */
.highlight .go { color: #888888 } /* Generic.Output */
.highlight .gp { color: #555555 } /* Generic.Prompt */
.highlight .gs { font-weight: bold } /* Generic.Strong */
.highlight .gu { color: #666666 } /* Generic.Subheading */
.highlight .gt { color: #aa0000 } /* Generic.Traceback */
.highlight .kc { color: #008800; font-weight: bold } /* Keyword.Constant */
.highlight .kd { color: #008800; font-weight: bold } /* Keyword.Declaration */
.highlight .kn { color: #008800; font-weight: bold } /* Keyword.Namespace */
.highlight .kp { color: #008800 } /* Keyword.Pseudo */
.highlight .kr { color: #008800; font-weight: bold } /* Keyword.Reserved */
.highlight .kt { color: #888888; font-weight: bold } /* Keyword.Type */
.highlight .m { color: #0000DD; font-weight: bold } /* Literal.Number */
.highlight .s { color: #dd2200; background-color: #fff0f0 } /* Literal.String */
.highlight .na { color: #336699 } /* Name.Attribute */
.highlight .nb { color: #003388 } /* Name.Builtin */
.highlight .nc { color: #bb0066; font-weight: bold } /* Name.Class */
.highlight .no { color: #003366; font-weight: bold } /* Name.Constant */
.highlight .nd { color: #555555 } /* Name.Decorator */
.highlight .ne { color: #bb0066; font-weight: bold } /* Name.Exception */
.highlight .nf { color: #0066bb; font-weight: bold } /* Name.Function */
.highlight .nl { color: #336699; font-style: italic } /* Name.Label */
.highlight .nn { color: #bb0066; font-weight: bold } /* Name.Namespace */
.highlight .py { color: #336699; font-weight: bold } /* Name.Property */
.highlight .nt { color: #bb0066; font-weight: bold } /* Name.Tag */
.highlight .nv { color: #336699 } /* Name.Variable */
.highlight .ow { color: #008800 } /* Operator.Word */
.highlight .w { color: #bbbbbb } /* Text.Whitespace */
.highlight .mb { color: #0000DD; font-weight: bold } /* Literal.Number.Bin */
.highlight .mf { color: #0000DD; font-weight: bold } /* Literal.Number.Float */
.highlight .mh { color: #0000DD; font-weight: bold } /* Literal.Number.Hex */
.highlight .mi { color: #0000DD; font-weight: bold } /* Literal.Number.Integer */
.highlight .mo { color: #0000DD; font-weight: bold } /* Literal.Number.Oct */
.highlight .sa { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Affix */
.highlight .sb { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Backtick */
.highlight .sc { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Char */
.highlight .dl { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Delimiter */
.highlight .sd { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Doc */
.highlight .s2 { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Double */
.highlight .se { color: #0044dd; background-color: #fff0f0 } /* Literal.String.Escape */
.highlight .sh { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Heredoc */
.highlight .si { color: #3333bb; background-color: #fff0f0 } /* Literal.String.Interpol */
.highlight .sx { color: #22bb22; background-color: #f0fff0 } /* Literal.String.Other */
.highlight .sr { color: #008800; background-color: #fff0ff } /* Literal.String.Regex */
.highlight .s1 { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Single */
.highlight .ss { color: #aa6600; background-color: #fff0f0 } /* Literal.String.Symbol */
.highlight .bp { color: #003388 } /* Name.Builtin.Pseudo */
.highlight .fm { color: #0066bb; font-weight: bold } /* Name.Function.Magic */
.highlight .vc { color: #336699 } /* Name.Variable.Class */
.highlight .vg { color: #dd7700 } /* Name.Variable.Global */
.highlight .vi { color: #3333bb } /* Name.Variable.Instance */
.highlight .vm { color: #336699 } /* Name.Variable.Magic */
.highlight .il { color: #0000DD; font-weight: bold } /* Literal.Number.Integer.Long */</style><div class="highlight"><pre><span></span><span class="c1"># This file is dual licensed under the terms of the Apache License, Version</span>
<span class="c1"># 2.0, and the BSD License. See the LICENSE file in the root of this repository</span>
<span class="c1"># for complete details.</span>

<span class="kn">from</span> <span class="nn">__future__</span> <span class="kn">import</span> <span class="n">absolute_import</span><span class="p">,</span> <span class="n">division</span><span class="p">,</span> <span class="n">print_function</span>

<span class="kn">import</span> <span class="nn">json</span>
<span class="kn">import</span> <span class="nn">os</span>
<span class="kn">import</span> <span class="nn">subprocess</span>
<span class="kn">import</span> <span class="nn">sys</span>
<span class="kn">import</span> <span class="nn">textwrap</span>

<span class="kn">import</span> <span class="nn">pytest</span>

<span class="kn">from</span> <span class="nn">cryptography.hazmat.bindings.openssl.binding</span> <span class="kn">import</span> <span class="n">Binding</span>


<span class="n">MEMORY_LEAK_SCRIPT</span> <span class="o">=</span> <span class="s2">&quot;&quot;&quot;</span>
<span class="s2">import sys</span>


<span class="s2">def main(argv):</span>
<span class="s2">    import gc</span>
<span class="s2">    import json</span>

<span class="s2">    import cffi</span>

<span class="s2">    from cryptography.hazmat.bindings._openssl import ffi, lib</span>

<span class="s2">    heap = </span><span class="si">{}</span><span class="s2"></span>

<span class="s2">    BACKTRACE_ENABLED = False</span>
<span class="s2">    if BACKTRACE_ENABLED:</span>
<span class="s2">        backtrace_ffi = cffi.FFI()</span>
<span class="s2">        backtrace_ffi.cdef(&#39;&#39;&#39;</span>
<span class="s2">            int backtrace(void **, int);</span>
<span class="s2">            char **backtrace_symbols(void *const *, int);</span>
<span class="s2">        &#39;&#39;&#39;)</span>
<span class="s2">        backtrace_lib = backtrace_ffi.dlopen(None)</span>

<span class="s2">        def backtrace():</span>
<span class="s2">            buf = backtrace_ffi.new(&quot;void*[]&quot;, 24)</span>
<span class="s2">            length = backtrace_lib.backtrace(buf, len(buf))</span>
<span class="s2">            return (buf, length)</span>

<span class="s2">        def symbolize_backtrace(trace):</span>
<span class="s2">            (buf, length) = trace</span>
<span class="s2">            symbols = backtrace_lib.backtrace_symbols(buf, length)</span>
<span class="s2">            stack = [</span>
<span class="s2">                backtrace_ffi.string(symbols[i]).decode()</span>
<span class="s2">                for i in range(length)</span>
<span class="s2">            ]</span>
<span class="s2">            lib.Cryptography_free_wrapper(symbols, backtrace_ffi.NULL, 0)</span>
<span class="s2">            return stack</span>
<span class="s2">    else:</span>
<span class="s2">        def backtrace():</span>
<span class="s2">            return None</span>

<span class="s2">        def symbolize_backtrace(trace):</span>
<span class="s2">            return None</span>

<span class="s2">    @ffi.callback(&quot;void *(size_t, const char *, int)&quot;)</span>
<span class="s2">    def malloc(size, path, line):</span>
<span class="s2">        ptr = lib.Cryptography_malloc_wrapper(size, path, line)</span>
<span class="s2">        heap[ptr] = (size, path, line, backtrace())</span>
<span class="s2">        return ptr</span>

<span class="s2">    @ffi.callback(&quot;void *(void *, size_t, const char *, int)&quot;)</span>
<span class="s2">    def realloc(ptr, size, path, line):</span>
<span class="s2">        if ptr != ffi.NULL:</span>
<span class="s2">            del heap[ptr]</span>
<span class="s2">        new_ptr = lib.Cryptography_realloc_wrapper(ptr, size, path, line)</span>
<span class="s2">        heap[new_ptr] = (size, path, line, backtrace())</span>
<span class="s2">        return new_ptr</span>

<span class="s2">    @ffi.callback(&quot;void(void *, const char *, int)&quot;)</span>
<span class="s2">    def free(ptr, path, line):</span>
<span class="s2">        if ptr != ffi.NULL:</span>
<span class="s2">            del heap[ptr]</span>
<span class="s2">            lib.Cryptography_free_wrapper(ptr, path, line)</span>

<span class="s2">    result = lib.Cryptography_CRYPTO_set_mem_functions(malloc, realloc, free)</span>
<span class="s2">    assert result == 1</span>

<span class="s2">    # Trigger a bunch of initialization stuff.</span>
<span class="s2">    import cryptography.hazmat.backends.openssl</span>

<span class="s2">    start_heap = set(heap)</span>

<span class="s2">    func(*argv[1:])</span>
<span class="s2">    gc.collect()</span>
<span class="s2">    gc.collect()</span>
<span class="s2">    gc.collect()</span>

<span class="s2">    if lib.Cryptography_HAS_OPENSSL_CLEANUP:</span>
<span class="s2">        lib.OPENSSL_cleanup()</span>

<span class="s2">    # Swap back to the original functions so that if OpenSSL tries to free</span>
<span class="s2">    # something from its atexit handle it won&#39;t be going through a Python</span>
<span class="s2">    # function, which will be deallocated when this function returns</span>
<span class="s2">    result = lib.Cryptography_CRYPTO_set_mem_functions(</span>
<span class="s2">        ffi.addressof(lib, &quot;Cryptography_malloc_wrapper&quot;),</span>
<span class="s2">        ffi.addressof(lib, &quot;Cryptography_realloc_wrapper&quot;),</span>
<span class="s2">        ffi.addressof(lib, &quot;Cryptography_free_wrapper&quot;),</span>
<span class="s2">    )</span>
<span class="s2">    assert result == 1</span>

<span class="s2">    remaining = set(heap) - start_heap</span>

<span class="s2">    if remaining:</span>
<span class="s2">        sys.stdout.write(json.dumps(dict(</span>
<span class="s2">            (int(ffi.cast(&quot;size_t&quot;, ptr)), {</span>
<span class="s2">                &quot;size&quot;: heap[ptr][0],</span>
<span class="s2">                &quot;path&quot;: ffi.string(heap[ptr][1]).decode(),</span>
<span class="s2">                &quot;line&quot;: heap[ptr][2],</span>
<span class="s2">                &quot;backtrace&quot;: symbolize_backtrace(heap[ptr][3]),</span>
<span class="s2">            })</span>
<span class="s2">            for ptr in remaining</span>
<span class="s2">        )))</span>
<span class="s2">        sys.stdout.flush()</span>
<span class="s2">        sys.exit(255)</span>

<span class="s2">main(sys.argv)</span>
<span class="s2">&quot;&quot;&quot;</span>


<span class="k">def</span> <span class="nf">assert_no_memory_leaks</span><span class="p">(</span><span class="n">s</span><span class="p">,</span> <span class="n">argv</span><span class="o">=</span><span class="p">[]):</span>
    <span class="n">env</span> <span class="o">=</span> <span class="n">os</span><span class="o">.</span><span class="n">environ</span><span class="o">.</span><span class="n">copy</span><span class="p">()</span>
    <span class="n">env</span><span class="p">[</span><span class="s2">&quot;PYTHONPATH&quot;</span><span class="p">]</span> <span class="o">=</span> <span class="n">os</span><span class="o">.</span><span class="n">pathsep</span><span class="o">.</span><span class="n">join</span><span class="p">(</span><span class="n">sys</span><span class="o">.</span><span class="n">path</span><span class="p">)</span>
    <span class="n">argv</span> <span class="o">=</span> <span class="p">[</span>
        <span class="n">sys</span><span class="o">.</span><span class="n">executable</span><span class="p">,</span> <span class="s2">&quot;-c&quot;</span><span class="p">,</span> <span class="s2">&quot;</span><span class="si">{}</span><span class="se">\n\n</span><span class="si">{}</span><span class="s2">&quot;</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">s</span><span class="p">,</span> <span class="n">MEMORY_LEAK_SCRIPT</span><span class="p">)</span>
    <span class="p">]</span> <span class="o">+</span> <span class="n">argv</span>
    <span class="c1"># Shell out to a fresh Python process because OpenSSL does not allow you to</span>
    <span class="c1"># install new memory hooks after the first malloc/free occurs.</span>
    <span class="n">proc</span> <span class="o">=</span> <span class="n">subprocess</span><span class="o">.</span><span class="n">Popen</span><span class="p">(</span>
        <span class="n">argv</span><span class="p">,</span>
        <span class="n">env</span><span class="o">=</span><span class="n">env</span><span class="p">,</span>
        <span class="n">stdout</span><span class="o">=</span><span class="n">subprocess</span><span class="o">.</span><span class="n">PIPE</span><span class="p">,</span>
        <span class="n">stderr</span><span class="o">=</span><span class="n">subprocess</span><span class="o">.</span><span class="n">PIPE</span><span class="p">,</span>
    <span class="p">)</span>
    <span class="k">try</span><span class="p">:</span>
        <span class="n">proc</span><span class="o">.</span><span class="n">wait</span><span class="p">()</span>
        <span class="k">if</span> <span class="n">proc</span><span class="o">.</span><span class="n">returncode</span> <span class="o">==</span> <span class="mi">255</span><span class="p">:</span>
            <span class="c1"># 255 means there was a leak, load the info about what mallocs</span>
            <span class="c1"># weren&#39;t freed.</span>
            <span class="n">out</span> <span class="o">=</span> <span class="n">json</span><span class="o">.</span><span class="n">loads</span><span class="p">(</span><span class="n">proc</span><span class="o">.</span><span class="n">stdout</span><span class="o">.</span><span class="n">read</span><span class="p">()</span><span class="o">.</span><span class="n">decode</span><span class="p">())</span>
            <span class="k">raise</span> <span class="ne">AssertionError</span><span class="p">(</span><span class="n">out</span><span class="p">)</span>
        <span class="k">elif</span> <span class="n">proc</span><span class="o">.</span><span class="n">returncode</span> <span class="o">!=</span> <span class="mi">0</span><span class="p">:</span>
            <span class="c1"># Any exception type will do to be honest</span>
            <span class="k">raise</span> <span class="ne">ValueError</span><span class="p">(</span><span class="n">proc</span><span class="o">.</span><span class="n">stdout</span><span class="o">.</span><span class="n">read</span><span class="p">(),</span> <span class="n">proc</span><span class="o">.</span><span class="n">stderr</span><span class="o">.</span><span class="n">read</span><span class="p">())</span>
    <span class="k">finally</span><span class="p">:</span>
        <span class="n">proc</span><span class="o">.</span><span class="n">stdout</span><span class="o">.</span><span class="n">close</span><span class="p">()</span>
        <span class="n">proc</span><span class="o">.</span><span class="n">stderr</span><span class="o">.</span><span class="n">close</span><span class="p">()</span>


<span class="k">def</span> <span class="nf">skip_if_memtesting_not_supported</span><span class="p">():</span>
    <span class="k">return</span> <span class="n">pytest</span><span class="o">.</span><span class="n">mark</span><span class="o">.</span><span class="n">skipif</span><span class="p">(</span>
        <span class="ow">not</span> <span class="n">Binding</span><span class="p">()</span><span class="o">.</span><span class="n">lib</span><span class="o">.</span><span class="n">Cryptography_HAS_MEM_FUNCTIONS</span><span class="p">,</span>
        <span class="n">reason</span><span class="o">=</span><span class="s2">&quot;Requires OpenSSL memory functions (&gt;=1.1.0)&quot;</span>
    <span class="p">)</span>


<span class="nd">@skip_if_memtesting_not_supported</span><span class="p">()</span>
<span class="k">class</span> <span class="nc">TestAssertNoMemoryLeaks</span><span class="p">(</span><span class="nb">object</span><span class="p">):</span>
    <span class="k">def</span> <span class="nf">test_no_leak_no_malloc</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span>
        <span class="n">assert_no_memory_leaks</span><span class="p">(</span><span class="n">textwrap</span><span class="o">.</span><span class="n">dedent</span><span class="p">(</span><span class="s2">&quot;&quot;&quot;</span>
<span class="s2">        def func():</span>
<span class="s2">            pass</span>
<span class="s2">        &quot;&quot;&quot;</span><span class="p">))</span>

    <span class="k">def</span> <span class="nf">test_no_leak_free</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span>
        <span class="n">assert_no_memory_leaks</span><span class="p">(</span><span class="n">textwrap</span><span class="o">.</span><span class="n">dedent</span><span class="p">(</span><span class="s2">&quot;&quot;&quot;</span>
<span class="s2">        def func():</span>
<span class="s2">            from cryptography.hazmat.bindings.openssl.binding import Binding</span>
<span class="s2">            b = Binding()</span>
<span class="s2">            name = b.lib.X509_NAME_new()</span>
<span class="s2">            b.lib.X509_NAME_free(name)</span>
<span class="s2">        &quot;&quot;&quot;</span><span class="p">))</span>

    <span class="k">def</span> <span class="nf">test_no_leak_gc</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span>
        <span class="n">assert_no_memory_leaks</span><span class="p">(</span><span class="n">textwrap</span><span class="o">.</span><span class="n">dedent</span><span class="p">(</span><span class="s2">&quot;&quot;&quot;</span>
<span class="s2">        def func():</span>
<span class="s2">            from cryptography.hazmat.bindings.openssl.binding import Binding</span>
<span class="s2">            b = Binding()</span>
<span class="s2">            name = b.lib.X509_NAME_new()</span>
<span class="s2">            b.ffi.gc(name, b.lib.X509_NAME_free)</span>
<span class="s2">        &quot;&quot;&quot;</span><span class="p">))</span>

    <span class="k">def</span> <span class="nf">test_leak</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span>
        <span class="k">with</span> <span class="n">pytest</span><span class="o">.</span><span class="n">raises</span><span class="p">(</span><span class="ne">AssertionError</span><span class="p">):</span>
            <span class="n">assert_no_memory_leaks</span><span class="p">(</span><span class="n">textwrap</span><span class="o">.</span><span class="n">dedent</span><span class="p">(</span><span class="s2">&quot;&quot;&quot;</span>
<span class="s2">            def func():</span>
<span class="s2">                from cryptography.hazmat.bindings.openssl.binding import (</span>
<span class="s2">                    Binding</span>
<span class="s2">                )</span>
<span class="s2">                b = Binding()</span>
<span class="s2">                b.lib.X509_NAME_new()</span>
<span class="s2">            &quot;&quot;&quot;</span><span class="p">))</span>

    <span class="k">def</span> <span class="nf">test_errors</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span>
        <span class="k">with</span> <span class="n">pytest</span><span class="o">.</span><span class="n">raises</span><span class="p">(</span><span class="ne">ValueError</span><span class="p">):</span>
            <span class="n">assert_no_memory_leaks</span><span class="p">(</span><span class="n">textwrap</span><span class="o">.</span><span class="n">dedent</span><span class="p">(</span><span class="s2">&quot;&quot;&quot;</span>
<span class="s2">            def func():</span>
<span class="s2">                raise ZeroDivisionError</span>
<span class="s2">            &quot;&quot;&quot;</span><span class="p">))</span>


<span class="nd">@skip_if_memtesting_not_supported</span><span class="p">()</span>
<span class="k">class</span> <span class="nc">TestOpenSSLMemoryLeaks</span><span class="p">(</span><span class="nb">object</span><span class="p">):</span>
    <span class="nd">@pytest</span><span class="o">.</span><span class="n">mark</span><span class="o">.</span><span class="n">parametrize</span><span class="p">(</span><span class="s2">&quot;path&quot;</span><span class="p">,</span> <span class="p">[</span>
        <span class="s2">&quot;x509/PKITS_data/certs/ValidcRLIssuerTest28EE.crt&quot;</span><span class="p">,</span>
    <span class="p">])</span>
    <span class="k">def</span> <span class="nf">test_der_x509_certificate_extensions</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">path</span><span class="p">):</span>
        <span class="n">assert_no_memory_leaks</span><span class="p">(</span><span class="n">textwrap</span><span class="o">.</span><span class="n">dedent</span><span class="p">(</span><span class="s2">&quot;&quot;&quot;</span>
<span class="s2">        def func(path):</span>
<span class="s2">            from cryptography import x509</span>
<span class="s2">            from cryptography.hazmat.backends.openssl import backend</span>

<span class="s2">            import cryptography_vectors</span>

<span class="s2">            with cryptography_vectors.open_vector_file(path, &quot;rb&quot;) as f:</span>
<span class="s2">                cert = x509.load_der_x509_certificate(</span>
<span class="s2">                    f.read(), backend</span>
<span class="s2">                )</span>

<span class="s2">            cert.extensions</span>
<span class="s2">        &quot;&quot;&quot;</span><span class="p">),</span> <span class="p">[</span><span class="n">path</span><span class="p">])</span>

    <span class="nd">@pytest</span><span class="o">.</span><span class="n">mark</span><span class="o">.</span><span class="n">parametrize</span><span class="p">(</span><span class="s2">&quot;path&quot;</span><span class="p">,</span> <span class="p">[</span>
        <span class="s2">&quot;x509/cryptography.io.pem&quot;</span><span class="p">,</span>
    <span class="p">])</span>
    <span class="k">def</span> <span class="nf">test_pem_x509_certificate_extensions</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">path</span><span class="p">):</span>
        <span class="n">assert_no_memory_leaks</span><span class="p">(</span><span class="n">textwrap</span><span class="o">.</span><span class="n">dedent</span><span class="p">(</span><span class="s2">&quot;&quot;&quot;</span>
<span class="s2">        def func(path):</span>
<span class="s2">            from cryptography import x509</span>
<span class="s2">            from cryptography.hazmat.backends.openssl import backend</span>

<span class="s2">            import cryptography_vectors</span>

<span class="s2">            with cryptography_vectors.open_vector_file(path, &quot;rb&quot;) as f:</span>
<span class="s2">                cert = x509.load_pem_x509_certificate(</span>
<span class="s2">                    f.read(), backend</span>
<span class="s2">                )</span>

<span class="s2">            cert.extensions</span>
<span class="s2">        &quot;&quot;&quot;</span><span class="p">),</span> <span class="p">[</span><span class="n">path</span><span class="p">])</span>

    <span class="k">def</span> <span class="nf">test_x509_csr_extensions</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span>
        <span class="n">assert_no_memory_leaks</span><span class="p">(</span><span class="n">textwrap</span><span class="o">.</span><span class="n">dedent</span><span class="p">(</span><span class="s2">&quot;&quot;&quot;</span>
<span class="s2">        def func():</span>
<span class="s2">            from cryptography import x509</span>
<span class="s2">            from cryptography.hazmat.backends.openssl import backend</span>
<span class="s2">            from cryptography.hazmat.primitives import hashes</span>
<span class="s2">            from cryptography.hazmat.primitives.asymmetric import rsa</span>

<span class="s2">            private_key = rsa.generate_private_key(</span>
<span class="s2">                key_size=2048, public_exponent=65537, backend=backend</span>
<span class="s2">            )</span>
<span class="s2">            cert = x509.CertificateSigningRequestBuilder().subject_name(</span>
<span class="s2">                x509.Name([])</span>
<span class="s2">            ).add_extension(</span>
<span class="s2">               x509.OCSPNoCheck(), critical=False</span>
<span class="s2">            ).sign(private_key, hashes.SHA256(), backend)</span>

<span class="s2">            cert.extensions</span>
<span class="s2">        &quot;&quot;&quot;</span><span class="p">))</span>

    <span class="k">def</span> <span class="nf">test_ec_private_numbers_private_key</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span>
        <span class="n">assert_no_memory_leaks</span><span class="p">(</span><span class="n">textwrap</span><span class="o">.</span><span class="n">dedent</span><span class="p">(</span><span class="s2">&quot;&quot;&quot;</span>
<span class="s2">        def func():</span>
<span class="s2">            from cryptography.hazmat.backends.openssl import backend</span>
<span class="s2">            from cryptography.hazmat.primitives.asymmetric import ec</span>

<span class="s2">            ec.EllipticCurvePrivateNumbers(</span>
<span class="s2">                private_value=int(</span>
<span class="s2">                    &#39;280814107134858470598753916394807521398239633534281633982576099083&#39;</span>
<span class="s2">                    &#39;35787109896602102090002196616273211495718603965098&#39;</span>
<span class="s2">                ),</span>
<span class="s2">                public_numbers=ec.EllipticCurvePublicNumbers(</span>
<span class="s2">                    curve=ec.SECP384R1(),</span>
<span class="s2">                    x=int(</span>
<span class="s2">                        &#39;10036914308591746758780165503819213553101287571902957054148542&#39;</span>
<span class="s2">                        &#39;504671046744460374996612408381962208627004841444205030&#39;</span>
<span class="s2">                    ),</span>
<span class="s2">                    y=int(</span>
<span class="s2">                        &#39;17337335659928075994560513699823544906448896792102247714689323&#39;</span>
<span class="s2">                        &#39;575406618073069185107088229463828921069465902299522926&#39;</span>
<span class="s2">                    )</span>
<span class="s2">                )</span>
<span class="s2">            ).private_key(backend)</span>
<span class="s2">        &quot;&quot;&quot;</span><span class="p">))</span>

    <span class="k">def</span> <span class="nf">test_ec_derive_private_key</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span>
        <span class="n">assert_no_memory_leaks</span><span class="p">(</span><span class="n">textwrap</span><span class="o">.</span><span class="n">dedent</span><span class="p">(</span><span class="s2">&quot;&quot;&quot;</span>
<span class="s2">        def func():</span>
<span class="s2">            from cryptography.hazmat.backends.openssl import backend</span>
<span class="s2">            from cryptography.hazmat.primitives.asymmetric import ec</span>
<span class="s2">            ec.derive_private_key(1, ec.SECP256R1(), backend)</span>
<span class="s2">        &quot;&quot;&quot;</span><span class="p">))</span>

    <span class="k">def</span> <span class="nf">test_x25519_pubkey_from_private_key</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span>
        <span class="n">assert_no_memory_leaks</span><span class="p">(</span><span class="n">textwrap</span><span class="o">.</span><span class="n">dedent</span><span class="p">(</span><span class="s2">&quot;&quot;&quot;</span>
<span class="s2">        def func():</span>
<span class="s2">            from cryptography.hazmat.primitives.asymmetric import x25519</span>
<span class="s2">            private_key = x25519.X25519PrivateKey.generate()</span>
<span class="s2">            private_key.public_key()</span>
<span class="s2">        &quot;&quot;&quot;</span><span class="p">))</span>

    <span class="k">def</span> <span class="nf">test_create_ocsp_request</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span>
        <span class="n">assert_no_memory_leaks</span><span class="p">(</span><span class="n">textwrap</span><span class="o">.</span><span class="n">dedent</span><span class="p">(</span><span class="s2">&quot;&quot;&quot;</span>
<span class="s2">        def func():</span>
<span class="s2">            from cryptography import x509</span>
<span class="s2">            from cryptography.hazmat.backends.openssl import backend</span>
<span class="s2">            from cryptography.hazmat.primitives import hashes</span>
<span class="s2">            from cryptography.x509 import ocsp</span>
<span class="s2">            import cryptography_vectors</span>

<span class="s2">            path = &quot;x509/PKITS_data/certs/ValidcRLIssuerTest28EE.crt&quot;</span>
<span class="s2">            with cryptography_vectors.open_vector_file(path, &quot;rb&quot;) as f:</span>
<span class="s2">                cert = x509.load_der_x509_certificate(</span>
<span class="s2">                    f.read(), backend</span>
<span class="s2">                )</span>
<span class="s2">            builder = ocsp.OCSPRequestBuilder()</span>
<span class="s2">            builder = builder.add_certificate(</span>
<span class="s2">                cert, cert, hashes.SHA1()</span>
<span class="s2">            ).add_extension(x509.OCSPNonce(b&quot;0000&quot;), False)</span>
<span class="s2">            req = builder.build()</span>
<span class="s2">        &quot;&quot;&quot;</span><span class="p">))</span>

    <span class="nd">@pytest</span><span class="o">.</span><span class="n">mark</span><span class="o">.</span><span class="n">parametrize</span><span class="p">(</span><span class="s2">&quot;path&quot;</span><span class="p">,</span> <span class="p">[</span>
        <span class="s2">&quot;pkcs12/cert-aes256cbc-no-key.p12&quot;</span><span class="p">,</span>
        <span class="s2">&quot;pkcs12/cert-key-aes256cbc.p12&quot;</span><span class="p">,</span>
    <span class="p">])</span>
    <span class="k">def</span> <span class="nf">test_load_pkcs12_key_and_certificates</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">path</span><span class="p">):</span>
        <span class="n">assert_no_memory_leaks</span><span class="p">(</span><span class="n">textwrap</span><span class="o">.</span><span class="n">dedent</span><span class="p">(</span><span class="s2">&quot;&quot;&quot;</span>
<span class="s2">        def func(path):</span>
<span class="s2">            from cryptography import x509</span>
<span class="s2">            from cryptography.hazmat.backends.openssl import backend</span>
<span class="s2">            from cryptography.hazmat.primitives.serialization import pkcs12</span>
<span class="s2">            import cryptography_vectors</span>

<span class="s2">            with cryptography_vectors.open_vector_file(path, &quot;rb&quot;) as f:</span>
<span class="s2">                pkcs12.load_key_and_certificates(</span>
<span class="s2">                    f.read(), b&quot;cryptography&quot;, backend</span>
<span class="s2">                )</span>
<span class="s2">        &quot;&quot;&quot;</span><span class="p">),</span> <span class="p">[</span><span class="n">path</span><span class="p">])</span>

    <span class="k">def</span> <span class="nf">test_create_crl_with_idp</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span>
        <span class="n">assert_no_memory_leaks</span><span class="p">(</span><span class="n">textwrap</span><span class="o">.</span><span class="n">dedent</span><span class="p">(</span><span class="s2">&quot;&quot;&quot;</span>
<span class="s2">        def func():</span>
<span class="s2">            import datetime</span>
<span class="s2">            from cryptography import x509</span>
<span class="s2">            from cryptography.hazmat.backends.openssl import backend</span>
<span class="s2">            from cryptography.hazmat.primitives import hashes</span>
<span class="s2">            from cryptography.hazmat.primitives.asymmetric import ec</span>
<span class="s2">            from cryptography.x509.oid import NameOID</span>

<span class="s2">            key = ec.generate_private_key(ec.SECP256R1(), backend)</span>
<span class="s2">            last_update = datetime.datetime(2002, 1, 1, 12, 1)</span>
<span class="s2">            next_update = datetime.datetime(2030, 1, 1, 12, 1)</span>
<span class="s2">            idp = x509.IssuingDistributionPoint(</span>
<span class="s2">                full_name=None,</span>
<span class="s2">                relative_name=x509.RelativeDistinguishedName([</span>
<span class="s2">                    x509.NameAttribute(</span>
<span class="s2">                        oid=x509.NameOID.ORGANIZATION_NAME, value=u&quot;PyCA&quot;)</span>
<span class="s2">                ]),</span>
<span class="s2">                only_contains_user_certs=False,</span>
<span class="s2">                only_contains_ca_certs=True,</span>
<span class="s2">                only_some_reasons=None,</span>
<span class="s2">                indirect_crl=False,</span>
<span class="s2">                only_contains_attribute_certs=False,</span>
<span class="s2">            )</span>
<span class="s2">            builder = x509.CertificateRevocationListBuilder().issuer_name(</span>
<span class="s2">                x509.Name([</span>
<span class="s2">                    x509.NameAttribute(</span>
<span class="s2">                        NameOID.COMMON_NAME, u&quot;cryptography.io CA&quot;</span>
<span class="s2">                    )</span>
<span class="s2">                ])</span>
<span class="s2">            ).last_update(</span>
<span class="s2">                last_update</span>
<span class="s2">            ).next_update(</span>
<span class="s2">                next_update</span>
<span class="s2">            ).add_extension(</span>
<span class="s2">                idp, True</span>
<span class="s2">            )</span>

<span class="s2">            crl = builder.sign(key, hashes.SHA256(), backend)</span>
<span class="s2">            crl.extensions.get_extension_for_class(</span>
<span class="s2">                x509.IssuingDistributionPoint</span>
<span class="s2">            )</span>
<span class="s2">        &quot;&quot;&quot;</span><span class="p">))</span>

    <span class="k">def</span> <span class="nf">test_create_certificate_with_extensions</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span>
        <span class="n">assert_no_memory_leaks</span><span class="p">(</span><span class="n">textwrap</span><span class="o">.</span><span class="n">dedent</span><span class="p">(</span><span class="s2">&quot;&quot;&quot;</span>
<span class="s2">        def func():</span>
<span class="s2">            import datetime</span>

<span class="s2">            from cryptography import x509</span>
<span class="s2">            from cryptography.hazmat.backends.openssl import backend</span>
<span class="s2">            from cryptography.hazmat.primitives import hashes</span>
<span class="s2">            from cryptography.hazmat.primitives.asymmetric import ec</span>
<span class="s2">            from cryptography.x509.oid import (</span>
<span class="s2">                AuthorityInformationAccessOID, ExtendedKeyUsageOID, NameOID</span>
<span class="s2">            )</span>

<span class="s2">            private_key = ec.generate_private_key(ec.SECP256R1(), backend)</span>

<span class="s2">            not_valid_before = datetime.datetime.now()</span>
<span class="s2">            not_valid_after = not_valid_before + datetime.timedelta(days=365)</span>

<span class="s2">            aia = x509.AuthorityInformationAccess([</span>
<span class="s2">                x509.AccessDescription(</span>
<span class="s2">                    AuthorityInformationAccessOID.OCSP,</span>
<span class="s2">                    x509.UniformResourceIdentifier(u&quot;http://ocsp.domain.com&quot;)</span>
<span class="s2">                ),</span>
<span class="s2">                x509.AccessDescription(</span>
<span class="s2">                    AuthorityInformationAccessOID.CA_ISSUERS,</span>
<span class="s2">                    x509.UniformResourceIdentifier(u&quot;http://domain.com/ca.crt&quot;)</span>
<span class="s2">                )</span>
<span class="s2">            ])</span>
<span class="s2">            sans = [u&#39;*.example.org&#39;, u&#39;foobar.example.net&#39;]</span>
<span class="s2">            san = x509.SubjectAlternativeName(list(map(x509.DNSName, sans)))</span>

<span class="s2">            ski = x509.SubjectKeyIdentifier.from_public_key(</span>
<span class="s2">                private_key.public_key()</span>
<span class="s2">            )</span>
<span class="s2">            eku = x509.ExtendedKeyUsage([</span>
<span class="s2">                ExtendedKeyUsageOID.CLIENT_AUTH,</span>
<span class="s2">                ExtendedKeyUsageOID.SERVER_AUTH,</span>
<span class="s2">                ExtendedKeyUsageOID.CODE_SIGNING,</span>
<span class="s2">            ])</span>

<span class="s2">            builder = x509.CertificateBuilder().serial_number(</span>
<span class="s2">                777</span>
<span class="s2">            ).issuer_name(x509.Name([</span>
<span class="s2">                x509.NameAttribute(NameOID.COUNTRY_NAME, u&#39;US&#39;),</span>
<span class="s2">            ])).subject_name(x509.Name([</span>
<span class="s2">                x509.NameAttribute(NameOID.COUNTRY_NAME, u&#39;US&#39;),</span>
<span class="s2">            ])).public_key(</span>
<span class="s2">                private_key.public_key()</span>
<span class="s2">            ).add_extension(</span>
<span class="s2">                aia, critical=False</span>
<span class="s2">            ).not_valid_before(</span>
<span class="s2">                not_valid_before</span>
<span class="s2">            ).not_valid_after(</span>
<span class="s2">                not_valid_after</span>
<span class="s2">            )</span>

<span class="s2">            cert = builder.sign(private_key, hashes.SHA256(), backend)</span>
<span class="s2">            cert.extensions</span>
<span class="s2">        &quot;&quot;&quot;</span><span class="p">))</span>
</pre></div>
</code></pre></td></tr></table>
</div> <!-- class=content -->
<div class='footer'>generated by <a href='https://git.zx2c4.com/cgit/about/'>cgit v1.2.3</a> (<a href='https://git-scm.com/'>git 2.25.1</a>) at 2025-12-08 17:18:46 +0000</div>
</div> <!-- id=cgit -->
</body>
</html>