def test_verify_by_key(self): ca = X509(self.ca_cert) pubkey = ca.pubkey self.assertTrue(ca.verify(key=pubkey)) c = X509(self.cert1) pk2 = c.pubkey self.assertFalse(c.verify(key=pk2)) self.assertTrue(c.verify(key=pubkey))
def test_default_filestore(self): store = X509Store(default=True) c1 = X509(self.cert1) # Cert signed by our CA shouldn't be successfully verified # by default CA store self.assertFalse(c1.verify(store)) # but cert, downloaded from some commercial CA - should. c2 = X509(self.digicert_cert) self.assertTrue(c2.verify(store))
def test_certstack3(self): l = [] l.append(X509(self.cert1)) self.assertEqual(unicode(l[0].subject[Oid('CN')]), u'Виктор Вагнер') l.append(X509(self.ca_cert)) l.append(X509(self.digicert_cert)) stack = StackOfX509(certs=l) stack2 = StackOfX509(ptr=stack.ptr, disposable=False) with self.assertRaises(ValueError): stack3 = StackOfX509(ptr=stack.ptr, certs=l) with self.assertRaises(ValueError): stack2[1] = l[0] with self.assertRaises(ValueError): stack2.append(l[0])
def test_subjectfields(self): c = X509(self.cert1) self.assertEqual(c.subject[Oid("C")], "RU") with self.assertRaises(TypeError): x = c.subject["CN"] self.assertEqual(c.subject[Oid("L")], u'\u041c\u043e\u0441\u043a\u0432\u0430')
def test_verify_by_filestore(self): trusted = NamedTemporaryFile() trusted.write(self.ca_cert) trusted.flush() goodcert = X509(self.cert1) badcert = X509(self.cert1[0:-30] + "GG" + self.cert1[-28:]) gitcert = X509(self.digicert_cert) store = X509Store(file=trusted.name) # We should successfuly verify certificate signed by our CA cert self.assertTrue(goodcert.verify(store)) # We should reject corrupted certificate self.assertFalse(badcert.verify(store)) # And if we specify explicitely certificate file, certificate, # signed by some commercial CA should be rejected too self.assertFalse(gitcert.verify(store)) trusted.close()
def test_certstack2(self): stack = StackOfX509() stack.append(X509(self.cert1)) stack.append(X509(self.ca_cert)) c = stack[1] stack[1] = X509(self.digicert_cert) self.assertEqual(len(stack), 2) self.assertEqual(unicode(stack[1].subject[Oid('CN')]), u'DigiCert High Assurance EV CA-1') with self.assertRaises(IndexError): stack[-1] = c with self.assertRaises(IndexError): stack[3] = c with self.assertRaises(TypeError): stack[0] = self.cert1 with self.assertRaises(TypeError): stack.append(self.cert1)
def test_extenson_critical(self): cert = X509(self.digicert_cert) crit_exts = cert.extensions.find_critical() self.assertEqual(len(crit_exts), 2) other_exts = cert.extensions.find_critical(False) self.assertEqual( len(crit_exts) + len(other_exts), len(cert.extensions)) self.assertEqual(crit_exts[0].critical, True) self.assertEqual(other_exts[0].critical, False)
def test_certstack1(self): l = [] l.append(X509(self.cert1)) self.assertEqual(unicode(l[0].subject[Oid('CN')]), u'Виктор Вагнер') l.append(X509(self.ca_cert)) l.append(X509(self.digicert_cert)) stack = StackOfX509(certs=l) self.assertEqual(len(stack), 3) self.assertTrue(isinstance(stack[1], X509)) self.assertEqual(unicode(stack[0].subject[Oid('CN')]), u'Виктор Вагнер') with self.assertRaises(IndexError): c = stack[-1] with self.assertRaises(IndexError): c = stack[3] del stack[1] self.assertEqual(len(stack), 2) self.assertEqual(unicode(stack[0].subject[Oid('CN')]), u'Виктор Вагнер') self.assertEqual(unicode(stack[1].subject[Oid('CN')]), u'DigiCert High Assurance EV CA-1')
def test_subjectbadsubfield(self): c = X509(self.cert1) with self.assertRaises(KeyError): x = c.subject[Oid("streetAddress")]
def test_extension_bad_find(self): cert = X509(self.cert1) with self.assertRaises(TypeError): exts = cert.extensions.find('subjectAltName')
def test_subjectfieldindex(self): c = X509(self.cert1) self.assertEqual(repr(c.subject[0]), repr((Oid('C'), u'RU')))
def test_extension_text(self): cert = X509(self.cert1) ext = cert.extensions[0] self.assertEqual(str(ext), 'CA:FALSE') self.assertEqual(unicode(ext), u'CA:FALSE')
def test_extenson_find(self): cert = X509(self.cert1) exts = cert.extensions.find(Oid('subjectAltName')) self.assertEqual(len(exts), 1) self.assertEqual(exts[0].oid, Oid('subjectAltName'))
def test_issuer(self): c = X509(self.cert1) self.assertEqual( unicode(c.issuer), u'C=RU,ST=Москва,O=Удостоверяющий центр,CN=Виктор Вагнер,[email protected]' )
def test_notAfter(self): c = X509(self.cert1) self.assertEqual(c.endDate, datetime.datetime(2024, 10, 23, 19, 7, 17, 0, utc))
def test_subject_len(self): c = X509(self.cert1) self.assertEqual(len(c.subject), 5)
def test_extension_count(self): cert = X509(self.cert1) self.assertTrue(len(cert.extensions), 4) ca_cert = X509(self.ca_cert) self.assertEqual(len(ca_cert.extensions), 3)
def test_serial(self): c = X509(self.cert1) self.assertEqual(c.serial, 0xDF448E69DADC927CL)
def test_subjectbadindex(self): c = X509(self.cert1) with self.assertRaises(IndexError): x = c.subject[11] with self.assertRaises(IndexError): x = c.subject[-1]
def test_namecomp(self): c = X509(self.cert1) ca = X509(self.ca_cert) self.assertEqual(c.issuer, ca.subject) self.assertNotEqual(c.subject, c.issuer) self.assertEqual(ca.issuer, ca.subject)
def test_issuerHash(self): c = X509(self.cert1) self.assertEqual(hash(c.issuer), 0x7d3ea8c3)
def test_subjectHash(self): c = X509(self.cert1) self.assertEqual(hash(c.subject), 0x1f3ed722)
def test_verify_self_singed(self): ca = X509(self.ca_cert) self.assertTrue(ca.verify())
def test_extension_outofrange(self): cert = X509(self.cert1) with self.assertRaises(IndexError): cert.extensions[4] with self.assertRaises(IndexError): cert.extensions[-1]
def test_subjectmodify(self): c = X509(self.cert1) with self.assertRaises(ValueError): c.subject[Oid("CN")] = u'Foo' with self.assertRaises(ValueError): del c.subject[Oid('CN')]
def test_extension_oid(self): cert = X509(self.cert1) ext = cert.extensions[0] ext_id = ext.oid self.assertTrue(isinstance(ext_id, Oid)) self.assertEqual(ext_id, Oid('basicConstraints'))
def test_version(self): c = X509(self.cert1) self.assertEqual(c.version, 3)
def test_notBefore(self): c = X509(self.cert1) self.assertEqual(c.startDate, datetime.datetime(2014, 10, 26, 19, 07, 17, 0, utc))
def test_ca_cert(self): ca = X509(self.ca_cert) self.assertTrue(ca.check_ca()) notca = X509(self.cert1) self.assertFalse(notca.check_ca())
def test_subject_str(self): c = X509(self.cert1) self.assertEqual( str(c.subject), b'C=RU,ST=\\D0\\9C\\D0\\BE\\D1\\81\\D0\\BA\\D0\\B2\\D0\\B0,L=\\D0\\9C\\D0\\BE\\D1\\81\\D0\\BA\\D0\\B2\\D0\\B0,O=\\D0\\A7\\D0\\B0\\D1\\81\\D1\\82\\D0\\BD\\D0\\BE\\D0\\B5 \\D0\\BB\\D0\\B8\\D1\\86\\D0\\BE,CN=\\D0\\92\\D0\\B8\\D0\\BA\\D1\\82\\D0\\BE\\D1\\80 \\D0\\92\\D0\\B0\\D0\\B3\\D0\\BD\\D0\\B5\\D1\\80' )