« back to all changes in this revision
Viewing changes to OpenSSL/test/test_crypto.py
- browse files at revision 159
- compare with another revision
- compare with revision 159
- download diff
- download tarball
- view history from revision 159
- Committer: Jean-Paul Calderone
- Date: 2011-09-11 19:49:43 UTC
- mfrom: (156.3.22 sphinx-doc)
- Revision ID: exarkun@divmod.com-20110911194943-ucaan2tzidk7ek5l
Convert the documentation from LaTeX/epytext to Sphinx/ReST
- files added:
- doc
- doc/_static
- doc/_templates
- doc/api
- files removed:
- doc
- doc/html
- doc/tools
- doc/tools/html
- doc/tools/html/icons
- doc/tools/info
- doc/tools/paper-a4
- doc/tools/perl
- doc/tools/sgmlconv
- doc/tools/templates
- doc/tools/texinputs
- files renamed:
- doc/Quotes => doc/Quotes
- doc/images/ => doc/images/
- files modified:
- ChangeLog
added
removed
OpenSSL/test/test_crypto.py
2
2
# See LICENSE file for details.
3
3
4
4
"""
5
Unit tests for L{OpenSSL.crypto}.
5
Unit tests for :py:mod:`OpenSSL.crypto`.
6
6
"""
7
7
8
8
from unittest import main
268
268
269
269
class X509ExtTests(TestCase):
270
270
"""
271
Tests for L{OpenSSL.crypto.X509Extension}.
271
Tests for :py:class:`OpenSSL.crypto.X509Extension`.
272
272
"""
273
273
274
274
def setUp(self):
296
296
297
297
def test_str(self):
298
298
"""
299
The string representation of L{X509Extension} instances as returned by
300
C{str} includes stuff.
299
The string representation of :py:class:`X509Extension` instances as returned by
300
:py:data:`str` includes stuff.
301
301
"""
302
302
# This isn't necessarily the best string representation. Perhaps it
303
303
# will be changed/improved in the future.
308
308
309
309
def test_type(self):
310
310
"""
311
L{X509Extension} and L{X509ExtensionType} refer to the same type object
311
:py:class:`X509Extension` and :py:class:`X509ExtensionType` refer to the same type object
312
312
and can be used to create instances of that type.
313
313
"""
314
314
self.assertIdentical(X509Extension, X509ExtensionType)
319
319
320
320
def test_construction(self):
321
321
"""
322
L{X509Extension} accepts an extension type name, a critical flag,
323
and an extension value and returns an L{X509ExtensionType} instance.
322
:py:class:`X509Extension` accepts an extension type name, a critical flag,
323
and an extension value and returns an :py:class:`X509ExtensionType` instance.
324
324
"""
325
325
basic = X509Extension(b('basicConstraints'), True, b('CA:true'))
326
326
self.assertTrue(
338
338
339
339
def test_invalid_extension(self):
340
340
"""
341
L{X509Extension} raises something if it is passed a bad extension
341
:py:class:`X509Extension` raises something if it is passed a bad extension
342
342
name or value.
343
343
"""
344
344
self.assertRaises(
357
357
358
358
def test_get_critical(self):
359
359
"""
360
L{X509ExtensionType.get_critical} returns the value of the
360
:py:meth:`X509ExtensionType.get_critical` returns the value of the
361
361
extension's critical flag.
362
362
"""
363
363
ext = X509Extension(b('basicConstraints'), True, b('CA:true'))
368
368
369
369
def test_get_short_name(self):
370
370
"""
371
L{X509ExtensionType.get_short_name} returns a string giving the short
371
:py:meth:`X509ExtensionType.get_short_name` returns a string giving the short
372
372
type name of the extension.
373
373
"""
374
374
ext = X509Extension(b('basicConstraints'), True, b('CA:true'))
379
379
380
380
def test_get_data(self):
381
381
"""
382
L{X509Extension.get_data} returns a string giving the data of the
382
:py:meth:`X509Extension.get_data` returns a string giving the data of the
383
383
extension.
384
384
"""
385
385
ext = X509Extension(b('basicConstraints'), True, b('CA:true'))
389
389
390
390
def test_get_data_wrong_args(self):
391
391
"""
392
L{X509Extension.get_data} raises L{TypeError} if passed any arguments.
392
:py:meth:`X509Extension.get_data` raises :py:exc:`TypeError` if passed any arguments.
393
393
"""
394
394
ext = X509Extension(b('basicConstraints'), True, b('CA:true'))
395
395
self.assertRaises(TypeError, ext.get_data, None)
399
399
400
400
def test_unused_subject(self):
401
401
"""
402
The C{subject} parameter to L{X509Extension} may be provided for an
402
The :py:data:`subject` parameter to :py:class:`X509Extension` may be provided for an
403
403
extension which does not use it and is ignored in this case.
404
404
"""
405
405
ext1 = X509Extension(
414
414
415
415
def test_subject(self):
416
416
"""
417
If an extension requires a subject, the C{subject} parameter to
418
L{X509Extension} provides its value.
417
If an extension requires a subject, the :py:data:`subject` parameter to
418
:py:class:`X509Extension` provides its value.
419
419
"""
420
420
ext3 = X509Extension(
421
421
b('subjectKeyIdentifier'), False, b('hash'), subject=self.x509)
427
427
428
428
def test_missing_subject(self):
429
429
"""
430
If an extension requires a subject and the C{subject} parameter is
430
If an extension requires a subject and the :py:data:`subject` parameter is
431
431
given no value, something happens.
432
432
"""
433
433
self.assertRaises(
436
436
437
437
def test_invalid_subject(self):
438
438
"""
439
If the C{subject} parameter is given a value which is not an L{X509}
440
instance, L{TypeError} is raised.
439
If the :py:data:`subject` parameter is given a value which is not an
440
:py:class:`X509` instance, :py:exc:`TypeError` is raised.
441
441
"""
442
442
for badObj in [True, object(), "hello", [], self]:
443
443
self.assertRaises(
448
448
449
449
def test_unused_issuer(self):
450
450
"""
451
The C{issuer} parameter to L{X509Extension} may be provided for an
451
The :py:data:`issuer` parameter to :py:class:`X509Extension` may be provided for an
452
452
extension which does not use it and is ignored in this case.
453
453
"""
454
454
ext1 = X509Extension(
462
462
463
463
def test_issuer(self):
464
464
"""
465
If an extension requires a issuer, the C{issuer} parameter to
466
L{X509Extension} provides its value.
465
If an extension requires a issuer, the :py:data:`issuer` parameter to
466
:py:class:`X509Extension` provides its value.
467
467
"""
468
468
ext2 = X509Extension(
469
469
b('authorityKeyIdentifier'), False, b('issuer:always'),
477
477
478
478
def test_missing_issuer(self):
479
479
"""
480
If an extension requires an issue and the C{issuer} parameter is given
480
If an extension requires an issue and the :py:data:`issuer` parameter is given
481
481
no value, something happens.
482
482
"""
483
483
self.assertRaises(
489
489
490
490
def test_invalid_issuer(self):
491
491
"""
492
If the C{issuer} parameter is given a value which is not an L{X509}
493
instance, L{TypeError} is raised.
492
If the :py:data:`issuer` parameter is given a value which is not an
493
:py:class:`X509` instance, :py:exc:`TypeError` is raised.
494
494
"""
495
495
for badObj in [True, object(), "hello", [], self]:
496
496
self.assertRaises(
503
503
504
504
class PKeyTests(TestCase):
505
505
"""
506
Unit tests for L{OpenSSL.crypto.PKey}.
506
Unit tests for :py:class:`OpenSSL.crypto.PKey`.
507
507
"""
508
508
def test_type(self):
509
509
"""
510
L{PKey} and L{PKeyType} refer to the same type object and can be used
511
to create instances of that type.
510
:py:class:`PKey` and :py:class:`PKeyType` refer to the same type object
511
and can be used to create instances of that type.
512
512
"""
513
513
self.assertIdentical(PKey, PKeyType)
514
514
self.assertConsistentType(PKey, 'PKey')
516
516
517
517
def test_construction(self):
518
518
"""
519
L{PKey} takes no arguments and returns a new L{PKey} instance.
519
:py:class:`PKey` takes no arguments and returns a new :py:class:`PKey` instance.
520
520
"""
521
521
self.assertRaises(TypeError, PKey, None)
522
522
key = PKey()
527
527
528
528
def test_pregeneration(self):
529
529
"""
530
L{PKeyType.bits} and L{PKeyType.type} return C{0} before the key is
531
generated. L{PKeyType.check} raises L{TypeError} before the key is
530
:py:attr:`PKeyType.bits` and :py:attr:`PKeyType.type` return :py:data:`0` before the key is
531
generated. :py:attr:`PKeyType.check` raises :py:exc:`TypeError` before the key is
532
532
generated.
533
533
"""
534
534
key = PKey()
539
539
540
540
def test_failedGeneration(self):
541
541
"""
542
L{PKeyType.generate_key} takes two arguments, the first giving the key
543
type as one of L{TYPE_RSA} or L{TYPE_DSA} and the second giving the
542
:py:meth:`PKeyType.generate_key` takes two arguments, the first giving the key
543
type as one of :py:data:`TYPE_RSA` or :py:data:`TYPE_DSA` and the second giving the
544
544
number of bits to generate. If an invalid type is specified or
545
generation fails, L{Error} is raised. If an invalid number of bits is
546
specified, L{ValueError} or L{Error} is raised.
545
generation fails, :py:exc:`Error` is raised. If an invalid number of bits is
546
specified, :py:exc:`ValueError` or :py:exc:`Error` is raised.
547
547
"""
548
548
key = PKey()
549
549
self.assertRaises(TypeError, key.generate_key)
574
574
575
575
def test_rsaGeneration(self):
576
576
"""
577
L{PKeyType.generate_key} generates an RSA key when passed
578
L{TYPE_RSA} as a type and a reasonable number of bits.
577
:py:meth:`PKeyType.generate_key` generates an RSA key when passed
578
:py:data:`TYPE_RSA` as a type and a reasonable number of bits.
579
579
"""
580
580
bits = 128
581
581
key = PKey()
587
587
588
588
def test_dsaGeneration(self):
589
589
"""
590
L{PKeyType.generate_key} generates a DSA key when passed
591
L{TYPE_DSA} as a type and a reasonable number of bits.
590
:py:meth:`PKeyType.generate_key` generates a DSA key when passed
591
:py:data:`TYPE_DSA` as a type and a reasonable number of bits.
592
592
"""
593
593
# 512 is a magic number. The DSS (Digital Signature Standard)
594
594
# allows a minimum of 512 bits for DSA. DSA_generate_parameters
603
603
604
604
def test_regeneration(self):
605
605
"""
606
L{PKeyType.generate_key} can be called multiple times on the same
606
:py:meth:`PKeyType.generate_key` can be called multiple times on the same
607
607
key to generate new keys.
608
608
"""
609
609
key = PKey()
615
615
616
616
def test_inconsistentKey(self):
617
617
"""
618
L{PKeyType.check} returns C{False} if the key is not consistent.
618
:py:`PKeyType.check` returns :py:exc:`Error` if the key is not consistent.
619
619
"""
620
620
key = load_privatekey(FILETYPE_PEM, inconsistentPrivateKeyPEM)
621
621
self.assertRaises(Error, key.check)
623
623
624
624
def test_check_wrong_args(self):
625
625
"""
626
L{PKeyType.check} raises L{TypeError} if called with any arguments.
626
:py:meth:`PKeyType.check` raises :py:exc:`TypeError` if called with any arguments.
627
627
"""
628
628
self.assertRaises(TypeError, PKey().check, None)
629
629
self.assertRaises(TypeError, PKey().check, object())
633
633
634
634
class X509NameTests(TestCase):
635
635
"""
636
Unit tests for L{OpenSSL.crypto.X509Name}.
636
Unit tests for :py:class:`OpenSSL.crypto.X509Name`.
637
637
"""
638
638
def _x509name(self, **attrs):
639
639
# XXX There's no other way to get a new X509Name yet.
650
650
651
651
def test_type(self):
652
652
"""
653
The type of X509Name objects is L{X509NameType}.
653
The type of X509Name objects is :py:class:`X509NameType`.
654
654
"""
655
655
self.assertIdentical(X509Name, X509NameType)
656
656
self.assertEqual(X509NameType.__name__, 'X509Name')
665
665
666
666
def test_onlyStringAttributes(self):
667
667
"""
668
Attempting to set a non-L{str} attribute name on an L{X509NameType}
669
instance causes L{TypeError} to be raised.
668
Attempting to set a non-:py:data:`str` attribute name on an :py:class:`X509NameType`
669
instance causes :py:exc:`TypeError` to be raised.
670
670
"""
671
671
name = self._x509name()
672
672
# Beyond these cases, you may also think that unicode should be
682
682
683
683
def test_setInvalidAttribute(self):
684
684
"""
685
Attempting to set any attribute name on an L{X509NameType} instance for
686
which no corresponding NID is defined causes L{AttributeError} to be
685
Attempting to set any attribute name on an :py:class:`X509NameType` instance for
686
which no corresponding NID is defined causes :py:exc:`AttributeError` to be
687
687
raised.
688
688
"""
689
689
name = self._x509name()
692
692
693
693
def test_attributes(self):
694
694
"""
695
L{X509NameType} instances have attributes for each standard (?)
695
:py:class:`X509NameType` instances have attributes for each standard (?)
696
696
X509Name field.
697
697
"""
698
698
name = self._x509name()
712
712
713
713
def test_copy(self):
714
714
"""
715
L{X509Name} creates a new L{X509NameType} instance with all the same
716
attributes as an existing L{X509NameType} instance when called with
715
:py:class:`X509Name` creates a new :py:class:`X509NameType` instance with all the same
716
attributes as an existing :py:class:`X509NameType` instance when called with
717
717
one.
718
718
"""
719
719
name = self._x509name(commonName="foo", emailAddress="bar@example.com")
733
733
734
734
def test_repr(self):
735
735
"""
736
L{repr} passed an L{X509NameType} instance should return a string
736
:py:func:`repr` passed an :py:class:`X509NameType` instance should return a string
737
737
containing a description of the type and the NIDs which have been set
738
738
on it.
739
739
"""
745
745
746
746
def test_comparison(self):
747
747
"""
748
L{X509NameType} instances should compare based on their NIDs.
748
:py:class:`X509NameType` instances should compare based on their NIDs.
749
749
"""
750
750
def _equality(a, b, assertTrue, assertFalse):
751
751
assertTrue(a == b, "(%r == %r) --> False" % (a, b))
820
820
821
821
def test_hash(self):
822
822
"""
823
L{X509Name.hash} returns an integer hash based on the value of the
823
:py:meth:`X509Name.hash` returns an integer hash based on the value of the
824
824
name.
825
825
"""
826
826
a = self._x509name(CN="foo")
832
832
833
833
def test_der(self):
834
834
"""
835
L{X509Name.der} returns the DER encoded form of the name.
835
:py:meth:`X509Name.der` returns the DER encoded form of the name.
836
836
"""
837
837
a = self._x509name(CN="foo", C="US")
838
838
self.assertEqual(
843
843
844
844
def test_get_components(self):
845
845
"""
846
L{X509Name.get_components} returns a C{list} of two-tuples of C{str}
846
:py:meth:`X509Name.get_components` returns a :py:data:`list` of
847
two-tuples of :py:data:`str`
847
848
giving the NIDs and associated values which make up the name.
848
849
"""
849
850
a = self._x509name()
862
863
"""
863
864
def signable(self):
864
865
"""
865
Return something with a C{set_pubkey}, C{set_pubkey}, and C{sign} method.
866
Return something with a :py:meth:`set_pubkey`, :py:meth:`set_pubkey`,
867
and :py:meth:`sign` method.
866
868
"""
867
869
raise NotImplementedError()
868
870
869
871
870
872
def test_signWithUngenerated(self):
871
873
"""
872
L{X509Req.sign} raises L{ValueError} when pass a L{PKey} with no parts.
874
:py:meth:`X509Req.sign` raises :py:exc:`ValueError` when pass a
875
:py:class:`PKey` with no parts.
873
876
"""
874
877
request = self.signable()
875
878
key = PKey()
878
881
879
882
def test_signWithPublicKey(self):
880
883
"""
881
L{X509Req.sign} raises L{ValueError} when pass a L{PKey} with no
882
private part as the signing key.
884
:py:meth:`X509Req.sign` raises :py:exc:`ValueError` when pass a
885
:py:class:`PKey` with no private part as the signing key.
883
886
"""
884
887
request = self.signable()
885
888
key = PKey()
891
894
892
895
def test_signWithUnknownDigest(self):
893
896
"""
894
L{X509Req.sign} raises L{ValueError} when passed a digest name which is
897
:py:meth:`X509Req.sign` raises :py:exc:`ValueError` when passed a digest name which is
895
898
not known.
896
899
"""
897
900
request = self.signable()
902
905
903
906
def test_sign(self):
904
907
"""
905
L{X509Req.sign} succeeds when passed a private key object and a valid
906
digest function. C{X509Req.verify} can be used to check the signature.
908
:py:meth:`X509Req.sign` succeeds when passed a private key object and a valid
909
digest function. :py:meth:`X509Req.verify` can be used to check the signature.
907
910
"""
908
911
request = self.signable()
909
912
key = PKey()
924
927
925
928
class X509ReqTests(TestCase, _PKeyInteractionTestsMixin):
926
929
"""
927
Tests for L{OpenSSL.crypto.X509Req}.
930
Tests for :py:class:`OpenSSL.crypto.X509Req`.
928
931
"""
929
932
def signable(self):
930
933
"""
931
Create and return a new L{X509Req}.
934
Create and return a new :py:class:`X509Req`.
932
935
"""
933
936
return X509Req()
934
937
935
938
936
939
def test_type(self):
937
940
"""
938
L{X509Req} and L{X509ReqType} refer to the same type object and can be
941
:py:obj:`X509Req` and :py:obj:`X509ReqType` refer to the same type object and can be
939
942
used to create instances of that type.
940
943
"""
941
944
self.assertIdentical(X509Req, X509ReqType)
944
947
945
948
def test_construction(self):
946
949
"""
947
L{X509Req} takes no arguments and returns an L{X509ReqType} instance.
950
:py:obj:`X509Req` takes no arguments and returns an :py:obj:`X509ReqType` instance.
948
951
"""
949
952
request = X509Req()
950
953
self.assertTrue(
954
957
955
958
def test_version(self):
956
959
"""
957
L{X509ReqType.set_version} sets the X.509 version of the certificate
958
request. L{X509ReqType.get_version} returns the X.509 version of
960
:py:obj:`X509ReqType.set_version` sets the X.509 version of the certificate
961
request. :py:obj:`X509ReqType.get_version` returns the X.509 version of
959
962
the certificate request. The initial value of the version is 0.
960
963
"""
961
964
request = X509Req()
968
971
969
972
def test_version_wrong_args(self):
970
973
"""
971
L{X509ReqType.set_version} raises L{TypeError} if called with the wrong
972
number of arguments or with a non-C{int} argument.
973
L{X509ReqType.get_version} raises L{TypeError} if called with any
974
:py:obj:`X509ReqType.set_version` raises :py:obj:`TypeError` if called with the wrong
975
number of arguments or with a non-:py:obj:`int` argument.
976
:py:obj:`X509ReqType.get_version` raises :py:obj:`TypeError` if called with any
974
977
arguments.
975
978
"""
976
979
request = X509Req()
982
985
983
986
def test_get_subject(self):
984
987
"""
985
L{X509ReqType.get_subject} returns an L{X509Name} for the subject of
988
:py:obj:`X509ReqType.get_subject` returns an :py:obj:`X509Name` for the subject of
986
989
the request and which is valid even after the request object is
987
990
otherwise dead.
988
991
"""
1000
1003
1001
1004
def test_get_subject_wrong_args(self):
1002
1005
"""
1003
L{X509ReqType.get_subject} raises L{TypeError} if called with any
1006
:py:obj:`X509ReqType.get_subject` raises :py:obj:`TypeError` if called with any
1004
1007
arguments.
1005
1008
"""
1006
1009
request = X509Req()
1009
1012
1010
1013
def test_add_extensions(self):
1011
1014
"""
1012
L{X509Req.add_extensions} accepts a C{list} of L{X509Extension}
1015
:py:obj:`X509Req.add_extensions` accepts a :py:obj:`list` of :py:obj:`X509Extension`
1013
1016
instances and adds them to the X509 request.
1014
1017
"""
1015
1018
request = X509Req()
1020
1023
1021
1024
def test_add_extensions_wrong_args(self):
1022
1025
"""
1023
L{X509Req.add_extensions} raises L{TypeError} if called with the wrong
1024
number of arguments or with a non-C{list}. Or it raises L{ValueError}
1025
if called with a C{list} containing objects other than L{X509Extension}
1026
:py:obj:`X509Req.add_extensions` raises :py:obj:`TypeError` if called with the wrong
1027
number of arguments or with a non-:py:obj:`list`. Or it raises :py:obj:`ValueError`
1028
if called with a :py:obj:`list` containing objects other than :py:obj:`X509Extension`
1026
1029
instances.
1027
1030
"""
1028
1031
request = X509Req()
1035
1038
1036
1039
class X509Tests(TestCase, _PKeyInteractionTestsMixin):
1037
1040
"""
1038
Tests for L{OpenSSL.crypto.X509}.
1041
Tests for :py:obj:`OpenSSL.crypto.X509`.
1039
1042
"""
1040
1043
pemData = cleartextCertificatePEM + cleartextPrivateKeyPEM
1041
1044
1061
1064
"""
1062
1065
def signable(self):
1063
1066
"""
1064
Create and return a new L{X509}.
1067
Create and return a new :py:obj:`X509`.
1065
1068
"""
1066
1069
return X509()
1067
1070
1068
1071
1069
1072
def test_type(self):
1070
1073
"""
1071
L{X509} and L{X509Type} refer to the same type object and can be used
1074
:py:obj:`X509` and :py:obj:`X509Type` refer to the same type object and can be used
1072
1075
to create instances of that type.
1073
1076
"""
1074
1077
self.assertIdentical(X509, X509Type)
1077
1080
1078
1081
def test_construction(self):
1079
1082
"""
1080
L{X509} takes no arguments and returns an instance of L{X509Type}.
1083
:py:obj:`X509` takes no arguments and returns an instance of :py:obj:`X509Type`.
1081
1084
"""
1082
1085
certificate = X509()
1083
1086
self.assertTrue(
1093
1096
1094
1097
def test_get_version_wrong_args(self):
1095
1098
"""
1096
L{X509.get_version} raises L{TypeError} if invoked with any arguments.
1099
:py:obj:`X509.get_version` raises :py:obj:`TypeError` if invoked with any arguments.
1097
1100
"""
1098
1101
cert = X509()
1099
1102
self.assertRaises(TypeError, cert.get_version, None)
1101
1104
1102
1105
def test_set_version_wrong_args(self):
1103
1106
"""
1104
L{X509.set_version} raises L{TypeError} if invoked with the wrong number
1105
of arguments or an argument not of type C{int}.
1107
:py:obj:`X509.set_version` raises :py:obj:`TypeError` if invoked with the wrong number
1108
of arguments or an argument not of type :py:obj:`int`.
1106
1109
"""
1107
1110
cert = X509()
1108
1111
self.assertRaises(TypeError, cert.set_version)
1112
1115
1113
1116
def test_version(self):
1114
1117
"""
1115
L{X509.set_version} sets the certificate version number.
1116
L{X509.get_version} retrieves it.
1118
:py:obj:`X509.set_version` sets the certificate version number.
1119
:py:obj:`X509.get_version` retrieves it.
1117
1120
"""
1118
1121
cert = X509()
1119
1122
cert.set_version(1234)
1122
1125
1123
1126
def test_get_serial_number_wrong_args(self):
1124
1127
"""
1125
L{X509.get_serial_number} raises L{TypeError} if invoked with any
1128
:py:obj:`X509.get_serial_number` raises :py:obj:`TypeError` if invoked with any
1126
1129
arguments.
1127
1130
"""
1128
1131
cert = X509()
1131
1134
1132
1135
def test_serial_number(self):
1133
1136
"""
1134
The serial number of an L{X509Type} can be retrieved and modified with
1135
L{X509Type.get_serial_number} and L{X509Type.set_serial_number}.
1137
The serial number of an :py:obj:`X509Type` can be retrieved and modified with
1138
:py:obj:`X509Type.get_serial_number` and :py:obj:`X509Type.set_serial_number`.
1136
1139
"""
1137
1140
certificate = X509()
1138
1141
self.assertRaises(TypeError, certificate.set_serial_number)
1152
1155
1153
1156
def _setBoundTest(self, which):
1154
1157
"""
1155
L{X509Type.set_notBefore} takes a string in the format of an ASN1
1158
:py:obj:`X509Type.set_notBefore` takes a string in the format of an ASN1
1156
1159
GENERALIZEDTIME and sets the beginning of the certificate's validity
1157
1160
period to it.
1158
1161
"""
1191
1194
1192
1195
def test_set_notBefore(self):
1193
1196
"""
1194
L{X509Type.set_notBefore} takes a string in the format of an ASN1
1197
:py:obj:`X509Type.set_notBefore` takes a string in the format of an ASN1
1195
1198
GENERALIZEDTIME and sets the beginning of the certificate's validity
1196
1199
period to it.
1197
1200
"""
1200
1203
1201
1204
def test_set_notAfter(self):
1202
1205
"""
1203
L{X509Type.set_notAfter} takes a string in the format of an ASN1
1206
:py:obj:`X509Type.set_notAfter` takes a string in the format of an ASN1
1204
1207
GENERALIZEDTIME and sets the end of the certificate's validity period
1205
1208
to it.
1206
1209
"""
1209
1212
1210
1213
def test_get_notBefore(self):
1211
1214
"""
1212
L{X509Type.get_notBefore} returns a string in the format of an ASN1
1215
:py:obj:`X509Type.get_notBefore` returns a string in the format of an ASN1
1213
1216
GENERALIZEDTIME even for certificates which store it as UTCTIME
1214
1217
internally.
1215
1218
"""
1219
1222
1220
1223
def test_get_notAfter(self):
1221
1224
"""
1222
L{X509Type.get_notAfter} returns a string in the format of an ASN1
1225
:py:obj:`X509Type.get_notAfter` returns a string in the format of an ASN1
1223
1226
GENERALIZEDTIME even for certificates which store it as UTCTIME
1224
1227
internally.
1225
1228
"""
1229
1232
1230
1233
def test_gmtime_adj_notBefore_wrong_args(self):
1231
1234
"""
1232
L{X509Type.gmtime_adj_notBefore} raises L{TypeError} if called with the
1233
wrong number of arguments or a non-C{int} argument.
1235
:py:obj:`X509Type.gmtime_adj_notBefore` raises :py:obj:`TypeError` if called with the
1236
wrong number of arguments or a non-:py:obj:`int` argument.
1234
1237
"""
1235
1238
cert = X509()
1236
1239
self.assertRaises(TypeError, cert.gmtime_adj_notBefore)
1240
1243
1241
1244
def test_gmtime_adj_notBefore(self):
1242
1245
"""
1243
L{X509Type.gmtime_adj_notBefore} changes the not-before timestamp to be
1246
:py:obj:`X509Type.gmtime_adj_notBefore` changes the not-before timestamp to be
1244
1247
the current time plus the number of seconds passed in.
1245
1248
"""
1246
1249
cert = load_certificate(FILETYPE_PEM, self.pemData)
1251
1254
1252
1255
def test_gmtime_adj_notAfter_wrong_args(self):
1253
1256
"""
1254
L{X509Type.gmtime_adj_notAfter} raises L{TypeError} if called with the
1255
wrong number of arguments or a non-C{int} argument.
1257
:py:obj:`X509Type.gmtime_adj_notAfter` raises :py:obj:`TypeError` if called with the
1258
wrong number of arguments or a non-:py:obj:`int` argument.
1256
1259
"""
1257
1260
cert = X509()
1258
1261
self.assertRaises(TypeError, cert.gmtime_adj_notAfter)
1262
1265
1263
1266
def test_gmtime_adj_notAfter(self):
1264
1267
"""
1265
L{X509Type.gmtime_adj_notAfter} changes the not-after timestamp to be
1268
:py:obj:`X509Type.gmtime_adj_notAfter` changes the not-after timestamp to be
1266
1269
the current time plus the number of seconds passed in.
1267
1270
"""
1268
1271
cert = load_certificate(FILETYPE_PEM, self.pemData)
1273
1276
1274
1277
def test_has_expired_wrong_args(self):
1275
1278
"""
1276
L{X509Type.has_expired} raises L{TypeError} if called with any
1279
:py:obj:`X509Type.has_expired` raises :py:obj:`TypeError` if called with any
1277
1280
arguments.
1278
1281
"""
1279
1282
cert = X509()
1282
1285
1283
1286
def test_has_expired(self):
1284
1287
"""
1285
L{X509Type.has_expired} returns C{True} if the certificate's not-after
1288
:py:obj:`X509Type.has_expired` returns :py:obj:`True` if the certificate's not-after
1286
1289
time is in the past.
1287
1290
"""
1288
1291
cert = X509()
1292
1295
1293
1296
def test_has_not_expired(self):
1294
1297
"""
1295
L{X509Type.has_expired} returns C{False} if the certificate's not-after
1298
:py:obj:`X509Type.has_expired` returns :py:obj:`False` if the certificate's not-after
1296
1299
time is in the future.
1297
1300
"""
1298
1301
cert = X509()
1302
1305
1303
1306
def test_digest(self):
1304
1307
"""
1305
L{X509.digest} returns a string giving ":"-separated hex-encoded words
1308
:py:obj:`X509.digest` returns a string giving ":"-separated hex-encoded words
1306
1309
of the digest of the certificate.
1307
1310
"""
1308
1311
cert = X509()
1327
1330
1328
1331
def test_extension_count(self):
1329
1332
"""
1330
L{X509.get_extension_count} returns the number of extensions that are
1333
:py:obj:`X509.get_extension_count` returns the number of extensions that are
1331
1334
present in the certificate.
1332
1335
"""
1333
1336
pkey = load_privatekey(FILETYPE_PEM, client_key_pem)
1351
1354
1352
1355
def test_get_extension(self):
1353
1356
"""
1354
L{X509.get_extension} takes an integer and returns an L{X509Extension}
1357
:py:obj:`X509.get_extension` takes an integer and returns an :py:obj:`X509Extension`
1355
1358
corresponding to the extension at that index.
1356
1359
"""
1357
1360
pkey = load_privatekey(FILETYPE_PEM, client_key_pem)
1384
1387
1385
1388
def test_invalid_digest_algorithm(self):
1386
1389
"""
1387
L{X509.digest} raises L{ValueError} if called with an unrecognized hash
1390
:py:obj:`X509.digest` raises :py:obj:`ValueError` if called with an unrecognized hash
1388
1391
algorithm.
1389
1392
"""
1390
1393
cert = X509()
1393
1396
1394
1397
def test_get_subject_wrong_args(self):
1395
1398
"""
1396
L{X509.get_subject} raises L{TypeError} if called with any arguments.
1399
:py:obj:`X509.get_subject` raises :py:obj:`TypeError` if called with any arguments.
1397
1400
"""
1398
1401
cert = X509()
1399
1402
self.assertRaises(TypeError, cert.get_subject, None)
1401
1404
1402
1405
def test_get_subject(self):
1403
1406
"""
1404
L{X509.get_subject} returns an L{X509Name} instance.
1407
:py:obj:`X509.get_subject` returns an :py:obj:`X509Name` instance.
1405
1408
"""
1406
1409
cert = load_certificate(FILETYPE_PEM, self.pemData)
1407
1410
subj = cert.get_subject()
1414
1417
1415
1418
def test_set_subject_wrong_args(self):
1416
1419
"""
1417
L{X509.set_subject} raises a L{TypeError} if called with the wrong
1418
number of arguments or an argument not of type L{X509Name}.
1420
:py:obj:`X509.set_subject` raises a :py:obj:`TypeError` if called with the wrong
1421
number of arguments or an argument not of type :py:obj:`X509Name`.
1419
1422
"""
1420
1423
cert = X509()
1421
1424
self.assertRaises(TypeError, cert.set_subject)
1425
1428
1426
1429
def test_set_subject(self):
1427
1430
"""
1428
L{X509.set_subject} changes the subject of the certificate to the one
1431
:py:obj:`X509.set_subject` changes the subject of the certificate to the one
1429
1432
passed in.
1430
1433
"""
1431
1434
cert = X509()
1440
1443
1441
1444
def test_get_issuer_wrong_args(self):
1442
1445
"""
1443
L{X509.get_issuer} raises L{TypeError} if called with any arguments.
1446
:py:obj:`X509.get_issuer` raises :py:obj:`TypeError` if called with any arguments.
1444
1447
"""
1445
1448
cert = X509()
1446
1449
self.assertRaises(TypeError, cert.get_issuer, None)
1448
1451
1449
1452
def test_get_issuer(self):
1450
1453
"""
1451
L{X509.get_issuer} returns an L{X509Name} instance.
1454
:py:obj:`X509.get_issuer` returns an :py:obj:`X509Name` instance.
1452
1455
"""
1453
1456
cert = load_certificate(FILETYPE_PEM, self.pemData)
1454
1457
subj = cert.get_issuer()
1462
1465
1463
1466
def test_set_issuer_wrong_args(self):
1464
1467
"""
1465
L{X509.set_issuer} raises a L{TypeError} if called with the wrong
1466
number of arguments or an argument not of type L{X509Name}.
1468
:py:obj:`X509.set_issuer` raises a :py:obj:`TypeError` if called with the wrong
1469
number of arguments or an argument not of type :py:obj:`X509Name`.
1467
1470
"""
1468
1471
cert = X509()
1469
1472
self.assertRaises(TypeError, cert.set_issuer)
1473
1476
1474
1477
def test_set_issuer(self):
1475
1478
"""
1476
L{X509.set_issuer} changes the issuer of the certificate to the one
1479
:py:obj:`X509.set_issuer` changes the issuer of the certificate to the one
1477
1480
passed in.
1478
1481
"""
1479
1482
cert = X509()
1488
1491
1489
1492
def test_get_pubkey_uninitialized(self):
1490
1493
"""
1491
When called on a certificate with no public key, L{X509.get_pubkey}
1492
raises L{OpenSSL.crypto.Error}.
1494
When called on a certificate with no public key, :py:obj:`X509.get_pubkey`
1495
raises :py:obj:`OpenSSL.crypto.Error`.
1493
1496
"""
1494
1497
cert = X509()
1495
1498
self.assertRaises(Error, cert.get_pubkey)
1497
1500
1498
1501
def test_subject_name_hash_wrong_args(self):
1499
1502
"""
1500
L{X509.subject_name_hash} raises L{TypeError} if called with any
1503
:py:obj:`X509.subject_name_hash` raises :py:obj:`TypeError` if called with any
1501
1504
arguments.
1502
1505
"""
1503
1506
cert = X509()
1506
1509
1507
1510
def test_subject_name_hash(self):
1508
1511
"""
1509
L{X509.subject_name_hash} returns the hash of the certificate's subject
1512
:py:obj:`X509.subject_name_hash` returns the hash of the certificate's subject
1510
1513
name.
1511
1514
"""
1512
1515
cert = load_certificate(FILETYPE_PEM, self.pemData)
1519
1522
1520
1523
def test_get_signature_algorithm(self):
1521
1524
"""
1522
L{X509Type.get_signature_algorithm} returns a string which means
1525
:py:obj:`X509Type.get_signature_algorithm` returns a string which means
1523
1526
the algorithm used to sign the certificate.
1524
1527
"""
1525
1528
cert = load_certificate(FILETYPE_PEM, self.pemData)
1529
1532
1530
1533
def test_get_undefined_signature_algorithm(self):
1531
1534
"""
1532
L{X509Type.get_signature_algorithm} raises L{ValueError} if the
1535
:py:obj:`X509Type.get_signature_algorithm` raises :py:obj:`ValueError` if the
1533
1536
signature algorithm is undefined or unknown.
1534
1537
"""
1535
1538
# This certificate has been modified to indicate a bogus OID in the
1562
1565
1563
1566
class PKCS12Tests(TestCase):
1564
1567
"""
1565
Test for L{OpenSSL.crypto.PKCS12} and L{OpenSSL.crypto.load_pkcs12}.
1568
Test for :py:obj:`OpenSSL.crypto.PKCS12` and :py:obj:`OpenSSL.crypto.load_pkcs12`.
1566
1569
"""
1567
1570
pemData = cleartextCertificatePEM + cleartextPrivateKeyPEM
1568
1571
1569
1572
def test_type(self):
1570
1573
"""
1571
L{PKCS12Type} is a type object.
1574
:py:obj:`PKCS12Type` is a type object.
1572
1575
"""
1573
1576
self.assertIdentical(PKCS12, PKCS12Type)
1574
1577
self.assertConsistentType(PKCS12, 'PKCS12')
1576
1579
1577
1580
def test_empty_construction(self):
1578
1581
"""
1579
L{PKCS12} returns a new instance of L{PKCS12} with no certificate,
1582
:py:obj:`PKCS12` returns a new instance of :py:obj:`PKCS12` with no certificate,
1580
1583
private key, CA certificates, or friendly name.
1581
1584
"""
1582
1585
p12 = PKCS12()
1588
1591
1589
1592
def test_type_errors(self):
1590
1593
"""
1591
The L{PKCS12} setter functions (C{set_certificate}, C{set_privatekey},
1592
C{set_ca_certificates}, and C{set_friendlyname}) raise L{TypeError}
1594
The :py:obj:`PKCS12` setter functions (:py:obj:`set_certificate`, :py:obj:`set_privatekey`,
1595
:py:obj:`set_ca_certificates`, and :py:obj:`set_friendlyname`) raise :py:obj:`TypeError`
1593
1596
when passed objects of types other than those expected.
1594
1597
"""
1595
1598
p12 = PKCS12()
1609
1612
1610
1613
def test_key_only(self):
1611
1614
"""
1612
A L{PKCS12} with only a private key can be exported using
1613
L{PKCS12.export} and loaded again using L{load_pkcs12}.
1615
A :py:obj:`PKCS12` with only a private key can be exported using
1616
:py:obj:`PKCS12.export` and loaded again using :py:obj:`load_pkcs12`.
1614
1617
"""
1615
1618
passwd = 'blah'
1616
1619
p12 = PKCS12()
1636
1639
1637
1640
def test_cert_only(self):
1638
1641
"""
1639
A L{PKCS12} with only a certificate can be exported using
1640
L{PKCS12.export} and loaded again using L{load_pkcs12}.
1642
A :py:obj:`PKCS12` with only a certificate can be exported using
1643
:py:obj:`PKCS12.export` and loaded again using :py:obj:`load_pkcs12`.
1641
1644
"""
1642
1645
passwd = 'blah'
1643
1646
p12 = PKCS12()
1716
1719
def test_load_pkcs12(self):
1717
1720
"""
1718
1721
A PKCS12 string generated using the openssl command line can be loaded
1719
with L{load_pkcs12} and its components extracted and examined.
1722
with :py:obj:`load_pkcs12` and its components extracted and examined.
1720
1723
"""
1721
1724
passwd = 'whatever'
1722
1725
pem = client_key_pem + client_cert_pem
1734
1737
1735
1738
def test_load_pkcs12_garbage(self):
1736
1739
"""
1737
L{load_pkcs12} raises L{OpenSSL.crypto.Error} when passed a string
1740
:py:obj:`load_pkcs12` raises :py:obj:`OpenSSL.crypto.Error` when passed a string
1738
1741
which is not a PKCS12 dump.
1739
1742
"""
1740
1743
passwd = 'whatever'
1745
1748
1746
1749
def test_replace(self):
1747
1750
"""
1748
L{PKCS12.set_certificate} replaces the certificate in a PKCS12 cluster.
1749
L{PKCS12.set_privatekey} replaces the private key.
1750
L{PKCS12.set_ca_certificates} replaces the CA certificates.
1751
:py:obj:`PKCS12.set_certificate` replaces the certificate in a PKCS12 cluster.
1752
:py:obj:`PKCS12.set_privatekey` replaces the private key.
1753
:py:obj:`PKCS12.set_ca_certificates` replaces the CA certificates.
1751
1754
"""
1752
1755
p12 = self.gen_pkcs12(client_cert_pem, client_key_pem, root_cert_pem)
1753
1756
p12.set_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))
1765
1768
1766
1769
def test_friendly_name(self):
1767
1770
"""
1768
The I{friendlyName} of a PKCS12 can be set and retrieved via
1769
L{PKCS12.get_friendlyname} and L{PKCS12_set_friendlyname}, and a
1770
L{PKCS12} with a friendly name set can be dumped with L{PKCS12.export}.
1771
The *friendlyName* of a PKCS12 can be set and retrieved via
1772
:py:obj:`PKCS12.get_friendlyname` and :py:obj:`PKCS12_set_friendlyname`, and a
1773
:py:obj:`PKCS12` with a friendly name set can be dumped with :py:obj:`PKCS12.export`.
1771
1774
"""
1772
1775
passwd = 'Dogmeat[]{}!@#$%^&*()~`?/.,<>-_+=";:'
1773
1776
p12 = self.gen_pkcs12(server_cert_pem, server_key_pem, root_cert_pem)
1805
1808
1806
1809
def test_removing_ca_cert(self):
1807
1810
"""
1808
Passing C{None} to L{PKCS12.set_ca_certificates} removes all CA
1811
Passing :py:obj:`None` to :py:obj:`PKCS12.set_ca_certificates` removes all CA
1809
1812
certificates.
1810
1813
"""
1811
1814
p12 = self.gen_pkcs12(server_cert_pem, server_key_pem, root_cert_pem)
1815
1818
1816
1819
def test_export_without_mac(self):
1817
1820
"""
1818
Exporting a PKCS12 with a C{maciter} of C{-1} excludes the MAC
1821
Exporting a PKCS12 with a :py:obj:`maciter` of ``-1`` excludes the MAC
1819
1822
entirely.
1820
1823
"""
1821
1824
passwd = 'Lake Michigan'
1863
1866
1864
1867
def test_export_without_args(self):
1865
1868
"""
1866
All the arguments to L{PKCS12.export} are optional.
1869
All the arguments to :py:obj:`PKCS12.export` are optional.
1867
1870
"""
1868
1871
p12 = self.gen_pkcs12(server_cert_pem, server_key_pem, root_cert_pem)
1869
1872
dumped_p12 = p12.export() # no args
1873
1876
1874
1877
def test_key_cert_mismatch(self):
1875
1878
"""
1876
L{PKCS12.export} raises an exception when a key and certificate
1879
:py:obj:`PKCS12.export` raises an exception when a key and certificate
1877
1880
mismatch.
1878
1881
"""
1879
1882
p12 = self.gen_pkcs12(server_cert_pem, client_key_pem, root_cert_pem)
1888
1891
"""
1889
1892
Internal method for quoting a single command-line argument.
1890
1893
1891
@type: C{str}
1892
@param s: A single unquoted string to quote for something that is expecting
1894
See http://www.perlmonks.org/?node_id=764004
1895
1896
:type: :py:obj:`str`
1897
:param s: A single unquoted string to quote for something that is expecting
1893
1898
cmd.exe-style quoting
1894
1899
1895
@rtype: C{str}
1896
@return: A cmd.exe-style quoted string
1897
1898
@see: U{http://www.perlmonks.org/?node_id=764004}
1900
:rtype: :py:obj:`str`
1901
:return: A cmd.exe-style quoted string
1899
1902
"""
1900
1903
s = _cmdLineQuoteRe2.sub(r"\1\1", _cmdLineQuoteRe.sub(r'\1\1\\"', s))
1901
1904
return '"%s"' % s
1905
1908
def quoteArguments(arguments):
1906
1909
"""
1907
1910
Quote an iterable of command-line arguments for passing to CreateProcess or
1908
a similar API. This allows the list passed to C{reactor.spawnProcess} to
1909
match the child process's C{sys.argv} properly.
1910
1911
@type arguments: C{iterable} of C{str}
1912
@param arguments: An iterable of unquoted arguments to quote
1913
1914
@rtype: C{str}
1915
@return: A space-delimited string containing quoted versions of L{arguments}
1911
a similar API. This allows the list passed to :py:obj:`reactor.spawnProcess` to
1912
match the child process's :py:obj:`sys.argv` properly.
1913
1914
:type arguments: :py:obj:`iterable` of :py:obj:`str`
1915
:param arguments: An iterable of unquoted arguments to quote
1916
1917
:rtype: :py:obj:`str`
1918
:return: A space-delimited string containing quoted versions of :py:obj:`arguments`
1916
1919
"""
1917
1920
return ' '.join(map(cmdLineQuote, arguments))
1918
1921
1937
1940
1938
1941
class FunctionTests(TestCase):
1939
1942
"""
1940
Tests for free-functions in the L{OpenSSL.crypto} module.
1943
Tests for free-functions in the :py:obj:`OpenSSL.crypto` module.
1941
1944
"""
1942
1945
1943
1946
def test_load_privatekey_invalid_format(self):
1944
1947
"""
1945
L{load_privatekey} raises L{ValueError} if passed an unknown filetype.
1948
:py:obj:`load_privatekey` raises :py:obj:`ValueError` if passed an unknown filetype.
1946
1949
"""
1947
1950
self.assertRaises(ValueError, load_privatekey, 100, root_key_pem)
1948
1951
1949
1952
1950
1953
def test_load_privatekey_invalid_passphrase_type(self):
1951
1954
"""
1952
L{load_privatekey} raises L{TypeError} if passed a passphrase that is
1953
neither a c{str} nor a callable.
1955
:py:obj:`load_privatekey` raises :py:obj:`TypeError` if passed a passphrase that is
1956
neither a :py:obj:`str` nor a callable.
1954
1957
"""
1955
1958
self.assertRaises(
1956
1959
TypeError,
1960
1963
1961
1964
def test_load_privatekey_wrong_args(self):
1962
1965
"""
1963
L{load_privatekey} raises L{TypeError} if called with the wrong number
1966
:py:obj:`load_privatekey` raises :py:obj:`TypeError` if called with the wrong number
1964
1967
of arguments.
1965
1968
"""
1966
1969
self.assertRaises(TypeError, load_privatekey)
1968
1971
1969
1972
def test_load_privatekey_wrongPassphrase(self):
1970
1973
"""
1971
L{load_privatekey} raises L{OpenSSL.crypto.Error} when it is passed an
1974
:py:obj:`load_privatekey` raises :py:obj:`OpenSSL.crypto.Error` when it is passed an
1972
1975
encrypted PEM and an incorrect passphrase.
1973
1976
"""
1974
1977
self.assertRaises(
1978
1981
1979
1982
def test_load_privatekey_passphrase(self):
1980
1983
"""
1981
L{load_privatekey} can create a L{PKey} object from an encrypted PEM
1984
:py:obj:`load_privatekey` can create a :py:obj:`PKey` object from an encrypted PEM
1982
1985
string if given the passphrase.
1983
1986
"""
1984
1987
key = load_privatekey(
1989
1992
1990
1993
def test_load_privatekey_wrongPassphraseCallback(self):
1991
1994
"""
1992
L{load_privatekey} raises L{OpenSSL.crypto.Error} when it is passed an
1995
:py:obj:`load_privatekey` raises :py:obj:`OpenSSL.crypto.Error` when it is passed an
1993
1996
encrypted PEM and a passphrase callback which returns an incorrect
1994
1997
passphrase.
1995
1998
"""
2005
2008
2006
2009
def test_load_privatekey_passphraseCallback(self):
2007
2010
"""
2008
L{load_privatekey} can create a L{PKey} object from an encrypted PEM
2011
:py:obj:`load_privatekey` can create a :py:obj:`PKey` object from an encrypted PEM
2009
2012
string if given a passphrase callback which returns the correct
2010
2013
password.
2011
2014
"""
2021
2024
def test_load_privatekey_passphrase_exception(self):
2022
2025
"""
2023
2026
An exception raised by the passphrase callback passed to
2024
L{load_privatekey} causes L{OpenSSL.crypto.Error} to be raised.
2027
:py:obj:`load_privatekey` causes :py:obj:`OpenSSL.crypto.Error` to be raised.
2025
2028
2026
2029
This isn't as nice as just letting the exception pass through. The
2027
2030
behavior might be changed to that eventually.
2036
2039
2037
2040
def test_dump_privatekey_wrong_args(self):
2038
2041
"""
2039
L{dump_privatekey} raises L{TypeError} if called with the wrong number
2042
:py:obj:`dump_privatekey` raises :py:obj:`TypeError` if called with the wrong number
2040
2043
of arguments.
2041
2044
"""
2042
2045
self.assertRaises(TypeError, dump_privatekey)
2044
2047
2045
2048
def test_dump_privatekey_unknown_cipher(self):
2046
2049
"""
2047
L{dump_privatekey} raises L{ValueError} if called with an unrecognized
2050
:py:obj:`dump_privatekey` raises :py:obj:`ValueError` if called with an unrecognized
2048
2051
cipher name.
2049
2052
"""
2050
2053
key = PKey()
2056
2059
2057
2060
def test_dump_privatekey_invalid_passphrase_type(self):
2058
2061
"""
2059
L{dump_privatekey} raises L{TypeError} if called with a passphrase which
2060
is neither a C{str} nor a callable.
2062
:py:obj:`dump_privatekey` raises :py:obj:`TypeError` if called with a passphrase which
2063
is neither a :py:obj:`str` nor a callable.
2061
2064
"""
2062
2065
key = PKey()
2063
2066
key.generate_key(TYPE_RSA, 512)
2068
2071
2069
2072
def test_dump_privatekey_invalid_filetype(self):
2070
2073
"""
2071
L{dump_privatekey} raises L{ValueError} if called with an unrecognized
2074
:py:obj:`dump_privatekey` raises :py:obj:`ValueError` if called with an unrecognized
2072
2075
filetype.
2073
2076
"""
2074
2077
key = PKey()
2078
2081
2079
2082
def test_dump_privatekey_passphrase(self):
2080
2083
"""
2081
L{dump_privatekey} writes an encrypted PEM when given a passphrase.
2084
:py:obj:`dump_privatekey` writes an encrypted PEM when given a passphrase.
2082
2085
"""
2083
2086
passphrase = b("foo")
2084
2087
key = load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM)
2092
2095
2093
2096
def test_dump_certificate(self):
2094
2097
"""
2095
L{dump_certificate} writes PEM, DER, and text.
2098
:py:obj:`dump_certificate` writes PEM, DER, and text.
2096
2099
"""
2097
2100
pemData = cleartextCertificatePEM + cleartextPrivateKeyPEM
2098
2101
cert = load_certificate(FILETYPE_PEM, pemData)
2111
2114
2112
2115
def test_dump_privatekey(self):
2113
2116
"""
2114
L{dump_privatekey} writes a PEM, DER, and text.
2117
:py:obj:`dump_privatekey` writes a PEM, DER, and text.
2115
2118
"""
2116
2119
key = load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM)
2117
2120
self.assertTrue(key.check())
2131
2134
2132
2135
def test_dump_certificate_request(self):
2133
2136
"""
2134
L{dump_certificate_request} writes a PEM, DER, and text.
2137
:py:obj:`dump_certificate_request` writes a PEM, DER, and text.
2135
2138
"""
2136
2139
req = load_certificate_request(FILETYPE_PEM, cleartextCertificateRequestPEM)
2137
2140
dumped_pem = dump_certificate_request(FILETYPE_PEM, req)
2150
2153
2151
2154
def test_dump_privatekey_passphraseCallback(self):
2152
2155
"""
2153
L{dump_privatekey} writes an encrypted PEM when given a callback which
2156
:py:obj:`dump_privatekey` writes an encrypted PEM when given a callback which
2154
2157
returns the correct passphrase.
2155
2158
"""
2156
2159
passphrase = b("foo")
2170
2173
2171
2174
def test_load_pkcs7_data(self):
2172
2175
"""
2173
L{load_pkcs7_data} accepts a PKCS#7 string and returns an instance of
2174
L{PKCS7Type}.
2176
:py:obj:`load_pkcs7_data` accepts a PKCS#7 string and returns an instance of
2177
:py:obj:`PKCS7Type`.
2175
2178
"""
2176
2179
pkcs7 = load_pkcs7_data(FILETYPE_PEM, pkcs7Data)
2177
2180
self.assertTrue(isinstance(pkcs7, PKCS7Type))
2180
2183
2181
2184
class PKCS7Tests(TestCase):
2182
2185
"""
2183
Tests for L{PKCS7Type}.
2186
Tests for :py:obj:`PKCS7Type`.
2184
2187
"""
2185
2188
def test_type(self):
2186
2189
"""
2187
L{PKCS7Type} is a type object.
2190
:py:obj:`PKCS7Type` is a type object.
2188
2191
"""
2189
2192
self.assertTrue(isinstance(PKCS7Type, type))
2190
2193
self.assertEqual(PKCS7Type.__name__, 'PKCS7')
2197
2200
2198
2201
def test_type_is_signed_wrong_args(self):
2199
2202
"""
2200
L{PKCS7Type.type_is_signed} raises L{TypeError} if called with any
2203
:py:obj:`PKCS7Type.type_is_signed` raises :py:obj:`TypeError` if called with any
2201
2204
arguments.
2202
2205
"""
2203
2206
pkcs7 = load_pkcs7_data(FILETYPE_PEM, pkcs7Data)
2206
2209
2207
2210
def test_type_is_signed(self):
2208
2211
"""
2209
L{PKCS7Type.type_is_signed} returns C{True} if the PKCS7 object is of
2210
the type I{signed}.
2212
:py:obj:`PKCS7Type.type_is_signed` returns :py:obj:`True` if the PKCS7 object is of
2213
the type *signed*.
2211
2214
"""
2212
2215
pkcs7 = load_pkcs7_data(FILETYPE_PEM, pkcs7Data)
2213
2216
self.assertTrue(pkcs7.type_is_signed())
2215
2218
2216
2219
def test_type_is_enveloped_wrong_args(self):
2217
2220
"""
2218
L{PKCS7Type.type_is_enveloped} raises L{TypeError} if called with any
2221
:py:obj:`PKCS7Type.type_is_enveloped` raises :py:obj:`TypeError` if called with any
2219
2222
arguments.
2220
2223
"""
2221
2224
pkcs7 = load_pkcs7_data(FILETYPE_PEM, pkcs7Data)
2224
2227
2225
2228
def test_type_is_enveloped(self):
2226
2229
"""
2227
L{PKCS7Type.type_is_enveloped} returns C{False} if the PKCS7 object is
2228
not of the type I{enveloped}.
2230
:py:obj:`PKCS7Type.type_is_enveloped` returns :py:obj:`False` if the PKCS7 object is
2231
not of the type *enveloped*.
2229
2232
"""
2230
2233
pkcs7 = load_pkcs7_data(FILETYPE_PEM, pkcs7Data)
2231
2234
self.assertFalse(pkcs7.type_is_enveloped())
2233
2236
2234
2237
def test_type_is_signedAndEnveloped_wrong_args(self):
2235
2238
"""
2236
L{PKCS7Type.type_is_signedAndEnveloped} raises L{TypeError} if called
2239
:py:obj:`PKCS7Type.type_is_signedAndEnveloped` raises :py:obj:`TypeError` if called
2237
2240
with any arguments.
2238
2241
"""
2239
2242
pkcs7 = load_pkcs7_data(FILETYPE_PEM, pkcs7Data)
2242
2245
2243
2246
def test_type_is_signedAndEnveloped(self):
2244
2247
"""
2245
L{PKCS7Type.type_is_signedAndEnveloped} returns C{False} if the PKCS7
2246
object is not of the type I{signed and enveloped}.
2248
:py:obj:`PKCS7Type.type_is_signedAndEnveloped` returns :py:obj:`False` if the PKCS7
2249
object is not of the type *signed and enveloped*.
2247
2250
"""
2248
2251
pkcs7 = load_pkcs7_data(FILETYPE_PEM, pkcs7Data)
2249
2252
self.assertFalse(pkcs7.type_is_signedAndEnveloped())
2251
2254
2252
2255
def test_type_is_data(self):
2253
2256
"""
2254
L{PKCS7Type.type_is_data} returns C{False} if the PKCS7 object is not of
2257
:py:obj:`PKCS7Type.type_is_data` returns :py:obj:`False` if the PKCS7 object is not of
2255
2258
the type data.
2256
2259
"""
2257
2260
pkcs7 = load_pkcs7_data(FILETYPE_PEM, pkcs7Data)
2260
2263
2261
2264
def test_type_is_data_wrong_args(self):
2262
2265
"""
2263
L{PKCS7Type.type_is_data} raises L{TypeError} if called with any
2266
:py:obj:`PKCS7Type.type_is_data` raises :py:obj:`TypeError` if called with any
2264
2267
arguments.
2265
2268
"""
2266
2269
pkcs7 = load_pkcs7_data(FILETYPE_PEM, pkcs7Data)
2269
2272
2270
2273
def test_get_type_name_wrong_args(self):
2271
2274
"""
2272
L{PKCS7Type.get_type_name} raises L{TypeError} if called with any
2275
:py:obj:`PKCS7Type.get_type_name` raises :py:obj:`TypeError` if called with any
2273
2276
arguments.
2274
2277
"""
2275
2278
pkcs7 = load_pkcs7_data(FILETYPE_PEM, pkcs7Data)
2278
2281
2279
2282
def test_get_type_name(self):
2280
2283
"""
2281
L{PKCS7Type.get_type_name} returns a C{str} giving the type name.
2284
:py:obj:`PKCS7Type.get_type_name` returns a :py:obj:`str` giving the type name.
2282
2285
"""
2283
2286
pkcs7 = load_pkcs7_data(FILETYPE_PEM, pkcs7Data)
2284
2287
self.assertEquals(pkcs7.get_type_name(), b('pkcs7-signedData'))
2287
2290
def test_attribute(self):
2288
2291
"""
2289
2292
If an attribute other than one of the methods tested here is accessed on
2290
an instance of L{PKCS7Type}, L{AttributeError} is raised.
2293
an instance of :py:obj:`PKCS7Type`, :py:obj:`AttributeError` is raised.
2291
2294
"""
2292
2295
pkcs7 = load_pkcs7_data(FILETYPE_PEM, pkcs7Data)
2293
2296
self.assertRaises(AttributeError, getattr, pkcs7, "foo")
2296
2299
2297
2300
class NetscapeSPKITests(TestCase, _PKeyInteractionTestsMixin):
2298
2301
"""
2299
Tests for L{OpenSSL.crypto.NetscapeSPKI}.
2302
Tests for :py:obj:`OpenSSL.crypto.NetscapeSPKI`.
2300
2303
"""
2301
2304
def signable(self):
2302
2305
"""
2303
Return a new L{NetscapeSPKI} for use with signing tests.
2306
Return a new :py:obj:`NetscapeSPKI` for use with signing tests.
2304
2307
"""
2305
2308
return NetscapeSPKI()
2306
2309
2307
2310
2308
2311
def test_type(self):
2309
2312
"""
2310
L{NetscapeSPKI} and L{NetscapeSPKIType} refer to the same type object
2313
:py:obj:`NetscapeSPKI` and :py:obj:`NetscapeSPKIType` refer to the same type object
2311
2314
and can be used to create instances of that type.
2312
2315
"""
2313
2316
self.assertIdentical(NetscapeSPKI, NetscapeSPKIType)
2316
2319
2317
2320
def test_construction(self):
2318
2321
"""
2319
L{NetscapeSPKI} returns an instance of L{NetscapeSPKIType}.
2322
:py:obj:`NetscapeSPKI` returns an instance of :py:obj:`NetscapeSPKIType`.
2320
2323
"""
2321
2324
nspki = NetscapeSPKI()
2322
2325
self.assertTrue(isinstance(nspki, NetscapeSPKIType))
2324
2327
2325
2328
def test_invalid_attribute(self):
2326
2329
"""
2327
Accessing a non-existent attribute of a L{NetscapeSPKI} instance causes
2328
an L{AttributeError} to be raised.
2330
Accessing a non-existent attribute of a :py:obj:`NetscapeSPKI` instance causes
2331
an :py:obj:`AttributeError` to be raised.
2329
2332
"""
2330
2333
nspki = NetscapeSPKI()
2331
2334
self.assertRaises(AttributeError, lambda: nspki.foo)
2333
2336
2334
2337
def test_b64_encode(self):
2335
2338
"""
2336
L{NetscapeSPKI.b64_encode} encodes the certificate to a base64 blob.
2339
:py:obj:`NetscapeSPKI.b64_encode` encodes the certificate to a base64 blob.
2337
2340
"""
2338
2341
nspki = NetscapeSPKI()
2339
2342
blob = nspki.b64_encode()
2343
2346
2344
2347
class RevokedTests(TestCase):
2345
2348
"""
2346
Tests for L{OpenSSL.crypto.Revoked}
2349
Tests for :py:obj:`OpenSSL.crypto.Revoked`
2347
2350
"""
2348
2351
def test_construction(self):
2349
2352
"""
2350
Confirm we can create L{OpenSSL.crypto.Revoked}. Check
2353
Confirm we can create :py:obj:`OpenSSL.crypto.Revoked`. Check
2351
2354
that it is empty.
2352
2355
"""
2353
2356
revoked = Revoked()
2360
2363
2361
2364
def test_construction_wrong_args(self):
2362
2365
"""
2363
Calling L{OpenSSL.crypto.Revoked} with any arguments results
2364
in a L{TypeError} being raised.
2366
Calling :py:obj:`OpenSSL.crypto.Revoked` with any arguments results
2367
in a :py:obj:`TypeError` being raised.
2365
2368
"""
2366
2369
self.assertRaises(TypeError, Revoked, None)
2367
2370
self.assertRaises(TypeError, Revoked, 1)
2371
2374
def test_serial(self):
2372
2375
"""
2373
2376
Confirm we can set and get serial numbers from
2374
L{OpenSSL.crypto.Revoked}. Confirm errors are handled
2377
:py:obj:`OpenSSL.crypto.Revoked`. Confirm errors are handled
2375
2378
with grace.
2376
2379
"""
2377
2380
revoked = Revoked()
2394
2397
def test_date(self):
2395
2398
"""
2396
2399
Confirm we can set and get revocation dates from
2397
L{OpenSSL.crypto.Revoked}. Confirm errors are handled
2400
:py:obj:`OpenSSL.crypto.Revoked`. Confirm errors are handled
2398
2401
with grace.
2399
2402
"""
2400
2403
revoked = Revoked()
2411
2414
def test_reason(self):
2412
2415
"""
2413
2416
Confirm we can set and get revocation reasons from
2414
L{OpenSSL.crypto.Revoked}. The "get" need to work
2417
:py:obj:`OpenSSL.crypto.Revoked`. The "get" need to work
2415
2418
as "set". Likewise, each reason of all_reasons() must work.
2416
2419
"""
2417
2420
revoked = Revoked()
2431
2434
2432
2435
def test_set_reason_wrong_arguments(self):
2433
2436
"""
2434
Calling L{OpenSSL.crypto.Revoked.set_reason} with other than
2437
Calling :py:obj:`OpenSSL.crypto.Revoked.set_reason` with other than
2435
2438
one argument, or an argument which isn't a valid reason,
2436
results in L{TypeError} or L{ValueError} being raised.
2439
results in :py:obj:`TypeError` or :py:obj:`ValueError` being raised.
2437
2440
"""
2438
2441
revoked = Revoked()
2439
2442
self.assertRaises(TypeError, revoked.set_reason, 100)
2442
2445
2443
2446
def test_get_reason_wrong_arguments(self):
2444
2447
"""
2445
Calling L{OpenSSL.crypto.Revoked.get_reason} with any
2446
arguments results in L{TypeError} being raised.
2448
Calling :py:obj:`OpenSSL.crypto.Revoked.get_reason` with any
2449
arguments results in :py:obj:`TypeError` being raised.
2447
2450
"""
2448
2451
revoked = Revoked()
2449
2452
self.assertRaises(TypeError, revoked.get_reason, None)
2454
2457
2455
2458
class CRLTests(TestCase):
2456
2459
"""
2457
Tests for L{OpenSSL.crypto.CRL}
2460
Tests for :py:obj:`OpenSSL.crypto.CRL`
2458
2461
"""
2459
2462
cert = load_certificate(FILETYPE_PEM, cleartextCertificatePEM)
2460
2463
pkey = load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM)
2461
2464
2462
2465
def test_construction(self):
2463
2466
"""
2464
Confirm we can create L{OpenSSL.crypto.CRL}. Check
2467
Confirm we can create :py:obj:`OpenSSL.crypto.CRL`. Check
2465
2468
that it is empty
2466
2469
"""
2467
2470
crl = CRL()
2471
2474
2472
2475
def test_construction_wrong_args(self):
2473
2476
"""
2474
Calling L{OpenSSL.crypto.CRL} with any number of arguments
2475
results in a L{TypeError} being raised.
2477
Calling :py:obj:`OpenSSL.crypto.CRL` with any number of arguments
2478
results in a :py:obj:`TypeError` being raised.
2476
2479
"""
2477
2480
self.assertRaises(TypeError, CRL, 1)
2478
2481
self.assertRaises(TypeError, CRL, "")
2514
2517
2515
2518
def test_add_revoked_keyword(self):
2516
2519
"""
2517
L{OpenSSL.CRL.add_revoked} accepts its single argument as the
2518
I{revoked} keyword argument.
2520
:py:obj:`OpenSSL.CRL.add_revoked` accepts its single argument as the
2521
``revoked`` keyword argument.
2519
2522
"""
2520
2523
crl = CRL()
2521
2524
revoked = Revoked()
2525
2528
2526
2529
def test_export_wrong_args(self):
2527
2530
"""
2528
Calling L{OpenSSL.CRL.export} with fewer than two or more than
2531
Calling :py:obj:`OpenSSL.CRL.export` with fewer than two or more than
2529
2532
four arguments, or with arguments other than the certificate,
2530
2533
private key, integer file type, and integer number of days it
2531
expects, results in a L{TypeError} being raised.
2534
expects, results in a :py:obj:`TypeError` being raised.
2532
2535
"""
2533
2536
crl = CRL()
2534
2537
self.assertRaises(TypeError, crl.export)
2543
2546
2544
2547
def test_export_unknown_filetype(self):
2545
2548
"""
2546
Calling L{OpenSSL.CRL.export} with a file type other than
2547
L{FILETYPE_PEM}, L{FILETYPE_ASN1}, or L{FILETYPE_TEXT} results
2548
in a L{ValueError} being raised.
2549
Calling :py:obj:`OpenSSL.CRL.export` with a file type other than
2550
:py:obj:`FILETYPE_PEM`, :py:obj:`FILETYPE_ASN1`, or :py:obj:`FILETYPE_TEXT` results
2551
in a :py:obj:`ValueError` being raised.
2549
2552
"""
2550
2553
crl = CRL()
2551
2554
self.assertRaises(ValueError, crl.export, self.cert, self.pkey, 100, 10)
2554
2557
def test_get_revoked(self):
2555
2558
"""
2556
2559
Use python to create a simple CRL with two revocations.
2557
Get back the L{Revoked} using L{OpenSSL.CRL.get_revoked} and
2560
Get back the :py:obj:`Revoked` using :py:obj:`OpenSSL.CRL.get_revoked` and
2558
2561
verify them.
2559
2562
"""
2560
2563
crl = CRL()
2580
2583
2581
2584
def test_get_revoked_wrong_args(self):
2582
2585
"""
2583
Calling L{OpenSSL.CRL.get_revoked} with any arguments results
2584
in a L{TypeError} being raised.
2586
Calling :py:obj:`OpenSSL.CRL.get_revoked` with any arguments results
2587
in a :py:obj:`TypeError` being raised.
2585
2588
"""
2586
2589
crl = CRL()
2587
2590
self.assertRaises(TypeError, crl.get_revoked, None)
2592
2595
2593
2596
def test_add_revoked_wrong_args(self):
2594
2597
"""
2595
Calling L{OpenSSL.CRL.add_revoked} with other than one
2596
argument results in a L{TypeError} being raised.
2598
Calling :py:obj:`OpenSSL.CRL.add_revoked` with other than one
2599
argument results in a :py:obj:`TypeError` being raised.
2597
2600
"""
2598
2601
crl = CRL()
2599
2602
self.assertRaises(TypeError, crl.add_revoked)
2626
2629
2627
2630
def test_load_crl_wrong_args(self):
2628
2631
"""
2629
Calling L{OpenSSL.crypto.load_crl} with other than two
2630
arguments results in a L{TypeError} being raised.
2632
Calling :py:obj:`OpenSSL.crypto.load_crl` with other than two
2633
arguments results in a :py:obj:`TypeError` being raised.
2631
2634
"""
2632
2635
self.assertRaises(TypeError, load_crl)
2633
2636
self.assertRaises(TypeError, load_crl, FILETYPE_PEM)
2636
2639
2637
2640
def test_load_crl_bad_filetype(self):
2638
2641
"""
2639
Calling L{OpenSSL.crypto.load_crl} with an unknown file type
2640
raises a L{ValueError}.
2642
Calling :py:obj:`OpenSSL.crypto.load_crl` with an unknown file type
2643
raises a :py:obj:`ValueError`.
2641
2644
"""
2642
2645
self.assertRaises(ValueError, load_crl, 100, crlData)
2643
2646
2644
2647
2645
2648
def test_load_crl_bad_data(self):
2646
2649
"""
2647
Calling L{OpenSSL.crypto.load_crl} with file data which can't
2648
be loaded raises a L{OpenSSL.crypto.Error}.
2650
Calling :py:obj:`OpenSSL.crypto.load_crl` with file data which can't
2651
be loaded raises a :py:obj:`OpenSSL.crypto.Error`.
2649
2652
"""
2650
2653
self.assertRaises(Error, load_crl, FILETYPE_PEM, "hello, world")
2651
2654
2652
2655
2653
2656
class SignVerifyTests(TestCase):
2654
2657
"""
2655
Tests for L{OpenSSL.crypto.sign} and L{OpenSSL.crypto.verify}.
2658
Tests for :py:obj:`OpenSSL.crypto.sign` and :py:obj:`OpenSSL.crypto.verify`.
2656
2659
"""
2657
2660
def test_sign_verify(self):
2658
2661
"""
2659
L{sign} generates a cryptographic signature which L{verify} can check.
2662
:py:obj:`sign` generates a cryptographic signature which :py:obj:`verify` can check.
2660
2663
"""
2661
2664
content = b(
2662
2665
"It was a bright cold day in April, and the clocks were striking "
2697
2700
2698
2701
def test_sign_nulls(self):
2699
2702
"""
2700
L{sign} produces a signature for a string with embedded nulls.
2703
:py:obj:`sign` produces a signature for a string with embedded nulls.
2701
2704
"""
2702
2705
content = b("Watch out! \0 Did you see it?")
2703
2706
priv_key = load_privatekey(FILETYPE_PEM, root_key_pem)
Loggerhead is a web-based interface for Breezy
Version: 2.0.1