def test_verify_by_key(self):
ca = X509(self.ca_cert)
pubkey = ca.pubkey
self.assertTrue(ca.verify(key=pubkey))
c = X509(self.cert1)
pk2 = c.pubkey
self.assertFalse(c.verify(key=pk2))
self.assertTrue(c.verify(key=pubkey))
def test_default_filestore(self):
store = X509Store(default=True)
c1 = X509(self.cert1)
# Cert signed by our CA shouldn't be successfully verified
# by default CA store
self.assertFalse(c1.verify(store))
# but cert, downloaded from some commercial CA - should.
c2 = X509(self.digicert_cert)
self.assertTrue(c2.verify(store))
def test_certstack3(self):
l = []
l.append(X509(self.cert1))
self.assertEqual(unicode(l[0].subject[Oid('CN')]), u'Виктор Вагнер')
l.append(X509(self.ca_cert))
l.append(X509(self.digicert_cert))
stack = StackOfX509(certs=l)
stack2 = StackOfX509(ptr=stack.ptr, disposable=False)
with self.assertRaises(ValueError):
stack3 = StackOfX509(ptr=stack.ptr, certs=l)
with self.assertRaises(ValueError):
stack2[1] = l[0]
with self.assertRaises(ValueError):
stack2.append(l[0])
def test_subjectfields(self):
c = X509(self.cert1)
self.assertEqual(c.subject[Oid("C")], "RU")
with self.assertRaises(TypeError):
x = c.subject["CN"]
self.assertEqual(c.subject[Oid("L")],
u'\u041c\u043e\u0441\u043a\u0432\u0430')
def test_verify_by_filestore(self):
trusted = NamedTemporaryFile()
trusted.write(self.ca_cert)
trusted.flush()
goodcert = X509(self.cert1)
badcert = X509(self.cert1[0:-30] + "GG" + self.cert1[-28:])
gitcert = X509(self.digicert_cert)
store = X509Store(file=trusted.name)
# We should successfuly verify certificate signed by our CA cert
self.assertTrue(goodcert.verify(store))
# We should reject corrupted certificate
self.assertFalse(badcert.verify(store))
# And if we specify explicitely certificate file, certificate,
# signed by some commercial CA should be rejected too
self.assertFalse(gitcert.verify(store))
trusted.close()
def test_certstack2(self):
stack = StackOfX509()
stack.append(X509(self.cert1))
stack.append(X509(self.ca_cert))
c = stack[1]
stack[1] = X509(self.digicert_cert)
self.assertEqual(len(stack), 2)
self.assertEqual(unicode(stack[1].subject[Oid('CN')]),
u'DigiCert High Assurance EV CA-1')
with self.assertRaises(IndexError):
stack[-1] = c
with self.assertRaises(IndexError):
stack[3] = c
with self.assertRaises(TypeError):
stack[0] = self.cert1
with self.assertRaises(TypeError):
stack.append(self.cert1)
def test_extenson_critical(self):
cert = X509(self.digicert_cert)
crit_exts = cert.extensions.find_critical()
self.assertEqual(len(crit_exts), 2)
other_exts = cert.extensions.find_critical(False)
self.assertEqual(
len(crit_exts) + len(other_exts), len(cert.extensions))
self.assertEqual(crit_exts[0].critical, True)
self.assertEqual(other_exts[0].critical, False)
def test_certstack1(self):
l = []
l.append(X509(self.cert1))
self.assertEqual(unicode(l[0].subject[Oid('CN')]), u'Виктор Вагнер')
l.append(X509(self.ca_cert))
l.append(X509(self.digicert_cert))
stack = StackOfX509(certs=l)
self.assertEqual(len(stack), 3)
self.assertTrue(isinstance(stack[1], X509))
self.assertEqual(unicode(stack[0].subject[Oid('CN')]),
u'Виктор Вагнер')
with self.assertRaises(IndexError):
c = stack[-1]
with self.assertRaises(IndexError):
c = stack[3]
del stack[1]
self.assertEqual(len(stack), 2)
self.assertEqual(unicode(stack[0].subject[Oid('CN')]),
u'Виктор Вагнер')
self.assertEqual(unicode(stack[1].subject[Oid('CN')]),
u'DigiCert High Assurance EV CA-1')
def test_subjectbadsubfield(self):
c = X509(self.cert1)
with self.assertRaises(KeyError):
x = c.subject[Oid("streetAddress")]
def test_extension_bad_find(self):
cert = X509(self.cert1)
with self.assertRaises(TypeError):
exts = cert.extensions.find('subjectAltName')
def test_subjectfieldindex(self):
c = X509(self.cert1)
self.assertEqual(repr(c.subject[0]), repr((Oid('C'), u'RU')))
def test_extension_text(self):
cert = X509(self.cert1)
ext = cert.extensions[0]
self.assertEqual(str(ext), 'CA:FALSE')
self.assertEqual(unicode(ext), u'CA:FALSE')
def test_extenson_find(self):
cert = X509(self.cert1)
exts = cert.extensions.find(Oid('subjectAltName'))
self.assertEqual(len(exts), 1)
self.assertEqual(exts[0].oid, Oid('subjectAltName'))
def test_issuer(self):
c = X509(self.cert1)
self.assertEqual(
unicode(c.issuer),
u'C=RU,ST=Москва,O=Удостоверяющий центр,CN=Виктор Вагнер,[email protected]'
)
def test_notAfter(self):
c = X509(self.cert1)
self.assertEqual(c.endDate,
datetime.datetime(2024, 10, 23, 19, 7, 17, 0, utc))
def test_subject_len(self):
c = X509(self.cert1)
self.assertEqual(len(c.subject), 5)
def test_extension_count(self):
cert = X509(self.cert1)
self.assertTrue(len(cert.extensions), 4)
ca_cert = X509(self.ca_cert)
self.assertEqual(len(ca_cert.extensions), 3)
def test_serial(self):
c = X509(self.cert1)
self.assertEqual(c.serial, 0xDF448E69DADC927CL)
def test_subjectbadindex(self):
c = X509(self.cert1)
with self.assertRaises(IndexError):
x = c.subject[11]
with self.assertRaises(IndexError):
x = c.subject[-1]
def test_namecomp(self):
c = X509(self.cert1)
ca = X509(self.ca_cert)
self.assertEqual(c.issuer, ca.subject)
self.assertNotEqual(c.subject, c.issuer)
self.assertEqual(ca.issuer, ca.subject)
def test_issuerHash(self):
c = X509(self.cert1)
self.assertEqual(hash(c.issuer), 0x7d3ea8c3)
def test_subjectHash(self):
c = X509(self.cert1)
self.assertEqual(hash(c.subject), 0x1f3ed722)
def test_verify_self_singed(self):
ca = X509(self.ca_cert)
self.assertTrue(ca.verify())
def test_extension_outofrange(self):
cert = X509(self.cert1)
with self.assertRaises(IndexError):
cert.extensions[4]
with self.assertRaises(IndexError):
cert.extensions[-1]
def test_subjectmodify(self):
c = X509(self.cert1)
with self.assertRaises(ValueError):
c.subject[Oid("CN")] = u'Foo'
with self.assertRaises(ValueError):
del c.subject[Oid('CN')]
def test_extension_oid(self):
cert = X509(self.cert1)
ext = cert.extensions[0]
ext_id = ext.oid
self.assertTrue(isinstance(ext_id, Oid))
self.assertEqual(ext_id, Oid('basicConstraints'))
def test_version(self):
c = X509(self.cert1)
self.assertEqual(c.version, 3)
def test_notBefore(self):
c = X509(self.cert1)
self.assertEqual(c.startDate,
datetime.datetime(2014, 10, 26, 19, 07, 17, 0, utc))
def test_ca_cert(self):
ca = X509(self.ca_cert)
self.assertTrue(ca.check_ca())
notca = X509(self.cert1)
self.assertFalse(notca.check_ca())
def test_subject_str(self):
c = X509(self.cert1)
self.assertEqual(
str(c.subject),
b'C=RU,ST=\\D0\\9C\\D0\\BE\\D1\\81\\D0\\BA\\D0\\B2\\D0\\B0,L=\\D0\\9C\\D0\\BE\\D1\\81\\D0\\BA\\D0\\B2\\D0\\B0,O=\\D0\\A7\\D0\\B0\\D1\\81\\D1\\82\\D0\\BD\\D0\\BE\\D0\\B5 \\D0\\BB\\D0\\B8\\D1\\86\\D0\\BE,CN=\\D0\\92\\D0\\B8\\D0\\BA\\D1\\82\\D0\\BE\\D1\\80 \\D0\\92\\D0\\B0\\D0\\B3\\D0\\BD\\D0\\B5\\D1\\80'
)