353
353
self.assertEqual(ext.get_short_name(), b('nsComment'))
356
def test_get_data(self):
358
L{X509Extension.get_data} returns a string giving the data of the
361
ext = X509Extension(b('basicConstraints'), True, b('CA:true'))
362
# Expect to get back the DER encoded form of CA:true.
363
self.assertEqual(ext.get_data(), b('0\x03\x01\x01\xff'))
366
def test_get_data_wrong_args(self):
368
L{X509Extension.get_data} raises L{TypeError} if passed any arguments.
370
ext = X509Extension(b('basicConstraints'), True, b('CA:true'))
371
self.assertRaises(TypeError, ext.get_data, None)
372
self.assertRaises(TypeError, ext.get_data, "foo")
373
self.assertRaises(TypeError, ext.get_data, 7)
356
376
def test_unused_subject(self):
358
378
The C{subject} parameter to L{X509Extension} may be provided for an
948
968
pemData = cleartextCertificatePEM + cleartextPrivateKeyPEM
971
-----BEGIN CERTIFICATE-----
972
MIIC3jCCAkegAwIBAgIJAJHFjlcCgnQzMA0GCSqGSIb3DQEBBQUAMEcxCzAJBgNV
973
BAYTAlNFMRUwEwYDVQQIEwxXZXN0ZXJib3R0b20xEjAQBgNVBAoTCUNhdGFsb2dp
974
eDENMAsGA1UEAxMEUm9vdDAeFw0wODA0MjIxNDQ1MzhaFw0wOTA0MjIxNDQ1Mzha
975
MFQxCzAJBgNVBAYTAlNFMQswCQYDVQQIEwJXQjEUMBIGA1UEChMLT3Blbk1ldGFk
976
aXIxIjAgBgNVBAMTGW5vZGUxLm9tMi5vcGVubWV0YWRpci5vcmcwgZ8wDQYJKoZI
977
hvcNAQEBBQADgY0AMIGJAoGBAPIcQMrwbk2nESF/0JKibj9i1x95XYAOwP+LarwT
978
Op4EQbdlI9SY+uqYqlERhF19w7CS+S6oyqx0DRZSk4Y9dZ9j9/xgm2u/f136YS1u
979
zgYFPvfUs6PqYLPSM8Bw+SjJ+7+2+TN+Tkiof9WP1cMjodQwOmdsiRbR0/J7+b1B
980
hec1AgMBAAGjgcQwgcEwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNT
981
TCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFIdHsBcMVVMbAO7j6NCj
982
03HgLnHaMB8GA1UdIwQYMBaAFL2h9Bf9Mre4vTdOiHTGAt7BRY/8MEYGA1UdEQQ/
983
MD2CDSouZXhhbXBsZS5vcmeCESoub20yLmV4bWFwbGUuY29thwSC7wgKgRNvbTJA
984
b3Blbm1ldGFkaXIub3JnMA0GCSqGSIb3DQEBBQUAA4GBALd7WdXkp2KvZ7/PuWZA
985
MPlIxyjS+Ly11+BNE0xGQRp9Wz+2lABtpgNqssvU156+HkKd02rGheb2tj7MX9hG
986
uZzbwDAZzJPjzDQDD7d3cWsrVcfIdqVU7epHqIadnOF+X0ghJ39pAm6VVadnSXCt
987
WpOdIpB8KksUTCzV591Nr1wd
988
-----END CERTIFICATE-----
950
990
def signable(self):
952
992
Create and return a new L{X509}.
1199
1239
b("A8:EB:07:F8:53:25:0A:F2:56:05:C5:A5:C4:C4:C7:15"))
1242
def _extcert(self, pkey, extensions):
1244
cert.set_pubkey(pkey)
1245
cert.get_subject().commonName = "Unit Tests"
1246
cert.get_issuer().commonName = "Unit Tests"
1247
when = b(datetime.now().strftime("%Y%m%d%H%M%SZ"))
1248
cert.set_notBefore(when)
1249
cert.set_notAfter(when)
1251
cert.add_extensions(extensions)
1252
return load_certificate(
1253
FILETYPE_PEM, dump_certificate(FILETYPE_PEM, cert))
1256
def test_extension_count(self):
1258
L{X509.get_extension_count} returns the number of extensions that are
1259
present in the certificate.
1261
pkey = load_privatekey(FILETYPE_PEM, client_key_pem)
1262
ca = X509Extension(b('basicConstraints'), True, b('CA:FALSE'))
1263
key = X509Extension(b('keyUsage'), True, b('digitalSignature'))
1264
subjectAltName = X509Extension(
1265
b('subjectAltName'), True, b('DNS:example.com'))
1267
# Try a certificate with no extensions at all.
1268
c = self._extcert(pkey, [])
1269
self.assertEqual(c.get_extension_count(), 0)
1271
# And a certificate with one
1272
c = self._extcert(pkey, [ca])
1273
self.assertEqual(c.get_extension_count(), 1)
1275
# And a certificate with several
1276
c = self._extcert(pkey, [ca, key, subjectAltName])
1277
self.assertEqual(c.get_extension_count(), 3)
1280
def test_get_extension(self):
1282
L{X509.get_extension} takes an integer and returns an L{X509Extension}
1283
corresponding to the extension at that index.
1285
pkey = load_privatekey(FILETYPE_PEM, client_key_pem)
1286
ca = X509Extension(b('basicConstraints'), True, b('CA:FALSE'))
1287
key = X509Extension(b('keyUsage'), True, b('digitalSignature'))
1288
subjectAltName = X509Extension(
1289
b('subjectAltName'), False, b('DNS:example.com'))
1291
cert = self._extcert(pkey, [ca, key, subjectAltName])
1293
ext = cert.get_extension(0)
1294
self.assertTrue(isinstance(ext, X509Extension))
1295
self.assertTrue(ext.get_critical())
1296
self.assertEqual(ext.get_short_name(), b('basicConstraints'))
1298
ext = cert.get_extension(1)
1299
self.assertTrue(isinstance(ext, X509Extension))
1300
self.assertTrue(ext.get_critical())
1301
self.assertEqual(ext.get_short_name(), b('keyUsage'))
1303
ext = cert.get_extension(2)
1304
self.assertTrue(isinstance(ext, X509Extension))
1305
self.assertFalse(ext.get_critical())
1306
self.assertEqual(ext.get_short_name(), b('subjectAltName'))
1308
self.assertRaises(IndexError, cert.get_extension, -1)
1309
self.assertRaises(IndexError, cert.get_extension, 4)
1310
self.assertRaises(TypeError, cert.get_extension, "hello")
1202
1313
def test_invalid_digest_algorithm(self):
1204
1315
L{X509.digest} raises L{ValueError} if called with an unrecognized hash