~myers-1/pyopenssl/npn

« back to all changes in this revision

Viewing changes to OpenSSL/test/test_crypto.py

  • Committer: Jean-Paul Calderone
  • Date: 2011-04-07 02:19:52 UTC
  • mfrom: (142.1.13 subjectAltName)
  • Revision ID: exarkun@divmod.com-20110407021952-c464twfn6f3j0uvf
Add more access to certificate extension data

Show diffs side-by-side

added added

removed removed

Lines of Context:
353
353
        self.assertEqual(ext.get_short_name(), b('nsComment'))
354
354
 
355
355
 
 
356
    def test_get_data(self):
 
357
        """
 
358
        L{X509Extension.get_data} returns a string giving the data of the
 
359
        extension.
 
360
        """
 
361
        ext = X509Extension(b('basicConstraints'), True, b('CA:true'))
 
362
        # Expect to get back the DER encoded form of CA:true.
 
363
        self.assertEqual(ext.get_data(), b('0\x03\x01\x01\xff'))
 
364
 
 
365
 
 
366
    def test_get_data_wrong_args(self):
 
367
        """
 
368
        L{X509Extension.get_data} raises L{TypeError} if passed any arguments.
 
369
        """
 
370
        ext = X509Extension(b('basicConstraints'), True, b('CA:true'))
 
371
        self.assertRaises(TypeError, ext.get_data, None)
 
372
        self.assertRaises(TypeError, ext.get_data, "foo")
 
373
        self.assertRaises(TypeError, ext.get_data, 7)
 
374
 
 
375
 
356
376
    def test_unused_subject(self):
357
377
        """
358
378
        The C{subject} parameter to L{X509Extension} may be provided for an
947
967
    """
948
968
    pemData = cleartextCertificatePEM + cleartextPrivateKeyPEM
949
969
 
 
970
    extpem = """
 
971
-----BEGIN CERTIFICATE-----
 
972
MIIC3jCCAkegAwIBAgIJAJHFjlcCgnQzMA0GCSqGSIb3DQEBBQUAMEcxCzAJBgNV
 
973
BAYTAlNFMRUwEwYDVQQIEwxXZXN0ZXJib3R0b20xEjAQBgNVBAoTCUNhdGFsb2dp
 
974
eDENMAsGA1UEAxMEUm9vdDAeFw0wODA0MjIxNDQ1MzhaFw0wOTA0MjIxNDQ1Mzha
 
975
MFQxCzAJBgNVBAYTAlNFMQswCQYDVQQIEwJXQjEUMBIGA1UEChMLT3Blbk1ldGFk
 
976
aXIxIjAgBgNVBAMTGW5vZGUxLm9tMi5vcGVubWV0YWRpci5vcmcwgZ8wDQYJKoZI
 
977
hvcNAQEBBQADgY0AMIGJAoGBAPIcQMrwbk2nESF/0JKibj9i1x95XYAOwP+LarwT
 
978
Op4EQbdlI9SY+uqYqlERhF19w7CS+S6oyqx0DRZSk4Y9dZ9j9/xgm2u/f136YS1u
 
979
zgYFPvfUs6PqYLPSM8Bw+SjJ+7+2+TN+Tkiof9WP1cMjodQwOmdsiRbR0/J7+b1B
 
980
hec1AgMBAAGjgcQwgcEwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNT
 
981
TCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFIdHsBcMVVMbAO7j6NCj
 
982
03HgLnHaMB8GA1UdIwQYMBaAFL2h9Bf9Mre4vTdOiHTGAt7BRY/8MEYGA1UdEQQ/
 
983
MD2CDSouZXhhbXBsZS5vcmeCESoub20yLmV4bWFwbGUuY29thwSC7wgKgRNvbTJA
 
984
b3Blbm1ldGFkaXIub3JnMA0GCSqGSIb3DQEBBQUAA4GBALd7WdXkp2KvZ7/PuWZA
 
985
MPlIxyjS+Ly11+BNE0xGQRp9Wz+2lABtpgNqssvU156+HkKd02rGheb2tj7MX9hG
 
986
uZzbwDAZzJPjzDQDD7d3cWsrVcfIdqVU7epHqIadnOF+X0ghJ39pAm6VVadnSXCt
 
987
WpOdIpB8KksUTCzV591Nr1wd
 
988
-----END CERTIFICATE-----
 
989
    """
950
990
    def signable(self):
951
991
        """
952
992
        Create and return a new L{X509}.
1199
1239
            b("A8:EB:07:F8:53:25:0A:F2:56:05:C5:A5:C4:C4:C7:15"))
1200
1240
 
1201
1241
 
 
1242
    def _extcert(self, pkey, extensions):
 
1243
        cert = X509()
 
1244
        cert.set_pubkey(pkey)
 
1245
        cert.get_subject().commonName = "Unit Tests"
 
1246
        cert.get_issuer().commonName = "Unit Tests"
 
1247
        when = b(datetime.now().strftime("%Y%m%d%H%M%SZ"))
 
1248
        cert.set_notBefore(when)
 
1249
        cert.set_notAfter(when)
 
1250
 
 
1251
        cert.add_extensions(extensions)
 
1252
        return load_certificate(
 
1253
            FILETYPE_PEM, dump_certificate(FILETYPE_PEM, cert))
 
1254
 
 
1255
 
 
1256
    def test_extension_count(self):
 
1257
        """
 
1258
        L{X509.get_extension_count} returns the number of extensions that are
 
1259
        present in the certificate.
 
1260
        """
 
1261
        pkey = load_privatekey(FILETYPE_PEM, client_key_pem)
 
1262
        ca = X509Extension(b('basicConstraints'), True, b('CA:FALSE'))
 
1263
        key = X509Extension(b('keyUsage'), True, b('digitalSignature'))
 
1264
        subjectAltName = X509Extension(
 
1265
            b('subjectAltName'), True, b('DNS:example.com'))
 
1266
 
 
1267
        # Try a certificate with no extensions at all.
 
1268
        c = self._extcert(pkey, [])
 
1269
        self.assertEqual(c.get_extension_count(), 0)
 
1270
 
 
1271
        # And a certificate with one
 
1272
        c = self._extcert(pkey, [ca])
 
1273
        self.assertEqual(c.get_extension_count(), 1)
 
1274
 
 
1275
        # And a certificate with several
 
1276
        c = self._extcert(pkey, [ca, key, subjectAltName])
 
1277
        self.assertEqual(c.get_extension_count(), 3)
 
1278
 
 
1279
 
 
1280
    def test_get_extension(self):
 
1281
        """
 
1282
        L{X509.get_extension} takes an integer and returns an L{X509Extension}
 
1283
        corresponding to the extension at that index.
 
1284
        """
 
1285
        pkey = load_privatekey(FILETYPE_PEM, client_key_pem)
 
1286
        ca = X509Extension(b('basicConstraints'), True, b('CA:FALSE'))
 
1287
        key = X509Extension(b('keyUsage'), True, b('digitalSignature'))
 
1288
        subjectAltName = X509Extension(
 
1289
            b('subjectAltName'), False, b('DNS:example.com'))
 
1290
 
 
1291
        cert = self._extcert(pkey, [ca, key, subjectAltName])
 
1292
 
 
1293
        ext = cert.get_extension(0)
 
1294
        self.assertTrue(isinstance(ext, X509Extension))
 
1295
        self.assertTrue(ext.get_critical())
 
1296
        self.assertEqual(ext.get_short_name(), b('basicConstraints'))
 
1297
 
 
1298
        ext = cert.get_extension(1)
 
1299
        self.assertTrue(isinstance(ext, X509Extension))
 
1300
        self.assertTrue(ext.get_critical())
 
1301
        self.assertEqual(ext.get_short_name(), b('keyUsage'))
 
1302
 
 
1303
        ext = cert.get_extension(2)
 
1304
        self.assertTrue(isinstance(ext, X509Extension))
 
1305
        self.assertFalse(ext.get_critical())
 
1306
        self.assertEqual(ext.get_short_name(), b('subjectAltName'))
 
1307
 
 
1308
        self.assertRaises(IndexError, cert.get_extension, -1)
 
1309
        self.assertRaises(IndexError, cert.get_extension, 4)
 
1310
        self.assertRaises(TypeError, cert.get_extension, "hello")
 
1311
 
 
1312
 
1202
1313
    def test_invalid_digest_algorithm(self):
1203
1314
        """
1204
1315
        L{X509.digest} raises L{ValueError} if called with an unrecognized hash