X-Git-Url: http://wagner.pp.ru/gitweb/?a=blobdiff_plain;f=tests%2Ftestx509.py;h=fb6e054231e10170c00925b40d8978e068889f06;hb=6c34e2a01664aeb3a5a14f7a79e76b394349b672;hp=011d487e770c78e9dee3d0d74f64cf3880e38ced;hpb=6ecf699650b17d6c8d8a8670d51b33631824fe46;p=oss%2Fctypescrypto.git

diff --git a/tests/testx509.py b/tests/testx509.py
index 011d487..fb6e054 100644
--- a/tests/testx509.py
+++ b/tests/testx509.py
@@ -1,16 +1,17 @@
 #!/usr/bin/env python
 # -*- encoding: utf-8 -*-
 
-from ctypescrypto.x509 import X509,X509Store,utc
+from ctypescrypto.x509 import X509,X509Store,utc,StackOfX509
 from ctypescrypto.oid import Oid
 from tempfile import NamedTemporaryFile
 import datetime
 import unittest
+import os
 
 
 
 class TestCertInfo(unittest.TestCase):
-	ca_cert="""-----BEGIN CERTIFICATE-----
+    ca_cert="""-----BEGIN CERTIFICATE-----
 MIIEDzCCAvegAwIBAgIJAN9Ejmna3JJ7MA0GCSqGSIb3DQEBBQUAMIGdMQswCQYD
 VQQGEwJSVTEVMBMGA1UECAwM0JzQvtGB0LrQstCwMTAwLgYDVQQKDCfQo9C00L7R
 gdGC0L7QstC10YDRj9GO0YnQuNC5INGG0LXQvdGC0YAxIjAgBgNVBAMMGdCS0LjQ
@@ -35,7 +36,7 @@ vFY/2KV16/FdBovTFWMyKrzlYHm0Wgt28IWqhocq/golLfvkz3VAkLQvOF2i6hNc
 4feBv69SRTsTCFN9PtJCtxPX/K9LZKeccBKgGjrHQpAF+JU=
 -----END CERTIFICATE-----
 """
-	cert1="""-----BEGIN CERTIFICATE-----
+    cert1="""-----BEGIN CERTIFICATE-----
 MIIEDzCCAvegAwIBAgIJAN9Ejmna3JJ8MA0GCSqGSIb3DQEBBQUAMIGdMQswCQYD
 VQQGEwJSVTEVMBMGA1UECAwM0JzQvtGB0LrQstCwMTAwLgYDVQQKDCfQo9C00L7R
 gdGC0L7QstC10YDRj9GO0YnQuNC5INGG0LXQvdGC0YAxIjAgBgNVBAMMGdCS0LjQ
@@ -60,7 +61,7 @@ uo291iEXyooazJdbWwZwcwk7WrNNKhqktPTg0X1ZHNnGwOAGPzwNJFGPeFj71r0t
 aFWU5EMRKaZK75keXq/RdaOAenl+nKF6xA2XHDhGgdndFfY=
 -----END CERTIFICATE-----
 """
-	pubkey1="""-----BEGIN PUBLIC KEY-----
+    pubkey1="""-----BEGIN PUBLIC KEY-----
 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArQSfrrxNROyzNEz60G2E
 HBP+E4BL0b1QytGAZZiQp2XIhhQeb7mx+c4mpwgvD7/IdAcK+YVGx78nfY723T3w
 G48U7HzFNbLvNDycxyXecXbvCmRsxPy8TxkwPf6TIT3UcixtwMMqZFqlAtSTDmOO
@@ -70,7 +71,7 @@ iFTXJP8/Au8kfezlA4b+eS81zWq2BFvNlBQsgf04S88oew0CuBBgtjUIIw7XZkS0
 3QIDAQAB
 -----END PUBLIC KEY-----
 """
-	digicert_cert="""digicert.crt
+    digicert_cert="""digicert.crt
 -----BEGIN CERTIFICATE-----
 MIIG5jCCBc6gAwIBAgIQAze5KDR8YKauxa2xIX84YDANBgkqhkiG9w0BAQUFADBs
 MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
@@ -111,78 +112,204 @@ BEkAui6mSnKDcp33C4ypieez12Qf1uNgywPE3IjpnSUBAHHLA7QpYCWP+UbRe3Gu
 zVMSW4SOwg/H7ZMZ2cn6j1g0djIvruFQFGHUqFijyDATI+/GJYw2jxyA
 -----END CERTIFICATE-----
 """
-	def test_readpubkey(self):
-		c=X509(self.cert1)
-		p=c.pubkey
-		self.assertEqual(p.exportpub(),self.pubkey1)
-	def test_subject(self):
-		c=X509(self.cert1)
-		self.assertEqual(unicode(c.subject),u'C=RU,ST=ÐÐ¾ÑÐºÐ²Ð°,L=ÐÐ¾ÑÐºÐ²Ð°,O=Ð§Ð°ÑÑÐ½Ð¾Ðµ Ð»Ð¸ÑÐ¾,CN=ÐÐ¸ÐºÑÐ¾Ñ ÐÐ°Ð³Ð½ÐµÑ')
-	def test_issuer(self):
-		c=X509(self.cert1)
-		self.assertEqual(unicode(c.issuer),u'C=RU,ST=ÐÐ¾ÑÐºÐ²Ð°,O=Ð£Ð´Ð¾ÑÑÐ¾Ð²ÐµÑÑÑÑÐ¸Ð¹ ÑÐµÐ½ÑÑ,CN=ÐÐ¸ÐºÑÐ¾Ñ ÐÐ°Ð³Ð½ÐµÑ,emailAddress=vitus@wagner.pp.ru')
-	def test_subjectfields(self):
-		c=X509(self.cert1)
-		self.assertEqual(c.subject[Oid("C")],"RU")
-		self.assertEqual(c.subject[Oid("L")],u'\u041c\u043e\u0441\u043a\u0432\u0430')
-	def test_notBefore(self):
-		c=X509(self.cert1)
-		self.assertEqual(c.startDate,datetime.datetime(2014,10,26,19,07,17,0,utc))
-	def test_notAfter(self):
-		c=X509(self.cert1)
-		self.assertEqual(c.endDate,datetime.datetime(2024,10,23,19,7,17,0,utc))
-	def test_namecomp(self):
-		c=X509(self.cert1)
-		ca=X509(self.ca_cert)
-		self.assertEqual(c.issuer,ca.subject)
-		self.assertNotEqual(c.subject,c.issuer)
-		self.assertEqual(ca.issuer,ca.subject)
-	def test_serial(self):
-		c=X509(self.cert1)
-		self.assertEqual(c.serial,0xDF448E69DADC927CL)
-	def test_version(self):
-		c=X509(self.cert1)
-		self.assertEqual(c.version,3)
-	def test_ca_cert(self):
-		ca=X509(self.ca_cert)
-		self.assertTrue(ca.check_ca())
-		notca=X509(self.cert1)
-		self.assertFalse(notca.check_ca())
-	def test_verify_by_key(self):
-		ca=X509(self.ca_cert)
-		pubkey=ca.pubkey
-		self.assertTrue(ca.verify(key=pubkey))
-		c=X509(self.cert1)
-		pk2=c.pubkey
-		self.assertFalse(c.verify(key=pk2))
-		self.assertTrue(c.verify(key=pubkey))
-	def test_default_filestore(self):
-		store=X509Store(default=True)
-		c1=X509(self.cert1)
-		# Cert signed by our CA shouldn't be successfully verified
-		# by default CA store
-		self.assertFalse(c1.verify(store))
-		# but cert, downloaded from some commercial CA - should.
-		c2=X509(self.digicert_cert)
-		self.assertTrue(c2.verify(store))
-	def test_verify_by_filestore(self):
-		trusted=NamedTemporaryFile()
-		trusted.write(self.ca_cert)
-		trusted.flush()
-		goodcert=X509(self.cert1)
-		badcert=X509(self.cert1[0:-30]+"GG"+self.cert1[-28:])
-		gitcert=X509(self.digicert_cert)
-		store=X509Store(file=trusted.name)
-		# We should successfuly verify certificate signed by our CA cert
-		self.assertTrue(goodcert.verify(store))
-		# We should reject corrupted certificate
-		self.assertFalse(badcert.verify(store))
-		# And if we specify explicitely certificate file, certificate,
-		# signed by some commercial CA should be rejected too
-		self.assertFalse(gitcert.verify(store))
-		trusted.close()
-		pass
-	def test_verify_by_dirstore(self):
-		pass
+    def test_readpubkey(self):
+        c=X509(self.cert1)
+        p=c.pubkey
+        self.assertEqual(p.exportpub(),self.pubkey1)
+    def test_pem(self):
+        c=X509(self.cert1)
+        self.assertEqual(c.pem(),self.cert1)
+    def test_subject(self):
+        c=X509(self.cert1)
+        self.assertEqual(unicode(c.subject),u'C=RU,ST=ÐÐ¾ÑÐºÐ²Ð°,L=ÐÐ¾ÑÐºÐ²Ð°,O=Ð§Ð°ÑÑÐ½Ð¾Ðµ Ð»Ð¸ÑÐ¾,CN=ÐÐ¸ÐºÑÐ¾Ñ ÐÐ°Ð³Ð½ÐµÑ')
+    def test_subject_str(self):
+        c=X509(self.cert1)
+        self.assertEqual(str(c.subject),b'C=RU,ST=\\D0\\9C\\D0\\BE\\D1\\81\\D0\\BA\\D0\\B2\\D0\\B0,L=\\D0\\9C\\D0\\BE\\D1\\81\\D0\\BA\\D0\\B2\\D0\\B0,O=\\D0\\A7\\D0\\B0\\D1\\81\\D1\\82\\D0\\BD\\D0\\BE\\D0\\B5 \\D0\\BB\\D0\\B8\\D1\\86\\D0\\BE,CN=\\D0\\92\\D0\\B8\\D0\\BA\\D1\\82\\D0\\BE\\D1\\80 \\D0\\92\\D0\\B0\\D0\\B3\\D0\\BD\\D0\\B5\\D1\\80')
+    def test_subject_len(self):
+        c=X509(self.cert1)
+        self.assertEqual(len(c.subject),5)
+    def test_issuer(self):
+        c=X509(self.cert1)
+        self.assertEqual(unicode(c.issuer),u'C=RU,ST=ÐÐ¾ÑÐºÐ²Ð°,O=Ð£Ð´Ð¾ÑÑÐ¾Ð²ÐµÑÑÑÑÐ¸Ð¹ ÑÐµÐ½ÑÑ,CN=ÐÐ¸ÐºÑÐ¾Ñ ÐÐ°Ð³Ð½ÐµÑ,emailAddress=vitus@wagner.pp.ru')
+    def test_subjectfields(self):
+        c=X509(self.cert1)
+        self.assertEqual(c.subject[Oid("C")],"RU")
+        with self.assertRaises(TypeError):
+            x=c.subject["CN"]
+        self.assertEqual(c.subject[Oid("L")],u'\u041c\u043e\u0441\u043a\u0432\u0430')
+    def test_subjectmodify(self):
+        c=X509(self.cert1)
+        with self.assertRaises(ValueError):
+            c.subject[Oid("CN")]=u'Foo'
+        with self.assertRaises(ValueError):
+            del c.subject[Oid('CN')]
+    def test_subjectbadsubfield(self):
+        c=X509(self.cert1)
+        with self.assertRaises(KeyError):
+            x=c.subject[Oid("streetAddress")]
+    def test_subjectfieldindex(self):
+        c=X509(self.cert1)
+        self.assertEqual(repr(c.subject[0]),repr((Oid('C'),u'RU')))
+    def test_subjectbadindex(self):
+        c=X509(self.cert1)
+        with self.assertRaises(IndexError):
+            x=c.subject[11]
+        with self.assertRaises(IndexError):
+            x=c.subject[-1]
+    def test_notBefore(self):
+        c=X509(self.cert1)
+        self.assertEqual(c.startDate,datetime.datetime(2014,10,26,19,07,17,0,utc))
+    def test_notAfter(self):
+        c=X509(self.cert1)
+        self.assertEqual(c.endDate,datetime.datetime(2024,10,23,19,7,17,0,utc))
+    def test_subjectHash(self):
+        c=X509(self.cert1)
+        self.assertEqual(hash(c.subject),0x1f3ed722)
+    def test_issuerHash(self):
+        c=X509(self.cert1)
+        self.assertEqual(hash(c.issuer),0x7d3ea8c3)
+    def test_namecomp(self):
+        c=X509(self.cert1)
+        ca=X509(self.ca_cert)
+        self.assertEqual(c.issuer,ca.subject)
+        self.assertNotEqual(c.subject,c.issuer)
+        self.assertEqual(ca.issuer,ca.subject)
+    def test_serial(self):
+        c=X509(self.cert1)
+        self.assertEqual(c.serial,0xDF448E69DADC927CL)
+    def test_version(self):
+        c=X509(self.cert1)
+        self.assertEqual(c.version,3)
+    def test_ca_cert(self):
+        ca=X509(self.ca_cert)
+        self.assertTrue(ca.check_ca())
+        notca=X509(self.cert1)
+        self.assertFalse(notca.check_ca())
+    def test_extension_count(self):
+        cert=X509(self.cert1)
+        self.assertTrue(len(cert.extensions),4)
+        ca_cert=X509(self.ca_cert)
+        self.assertEqual(len(ca_cert.extensions),3)
+    def test_extension_outofrange(self):
+        cert=X509(self.cert1)
+        with self.assertRaises(IndexError):
+            cert.extensions[4]
+        with self.assertRaises(IndexError):
+            cert.extensions[-1]
+    def test_extension_oid(self):
+        cert=X509(self.cert1)
+        ext=cert.extensions[0]
+        ext_id=ext.oid
+        self.assertTrue(isinstance(ext_id,Oid))
+        self.assertEqual(ext_id,Oid('basicConstraints'))
+    def test_extension_text(self):
+        cert=X509(self.cert1)
+        ext=cert.extensions[0]
+        self.assertEqual(str(ext),'CA:FALSE')
+        self.assertEqual(unicode(ext),u'CA:FALSE')
+    def test_extenson_find(self):
+        cert=X509(self.cert1)
+        exts=cert.extensions.find(Oid('subjectAltName'))
+        self.assertEqual(len(exts),1)
+        self.assertEqual(exts[0].oid,Oid('subjectAltName'))
+    def test_extension_bad_find(self):
+        cert=X509(self.cert1)
+        with self.assertRaises(TypeError):
+            exts=cert.extensions.find('subjectAltName')
+    def test_extenson_critical(self):
+        cert=X509(self.digicert_cert)
+        crit_exts=cert.extensions.find_critical()
+        self.assertEqual(len(crit_exts),2)
+        other_exts=cert.extensions.find_critical(False)
+        self.assertEqual(len(crit_exts)+len(other_exts),len(cert.extensions))
+        self.assertEqual(crit_exts[0].critical,True)
+        self.assertEqual(other_exts[0].critical,False)
+    def test_verify_by_key(self):
+        ca=X509(self.ca_cert)
+        pubkey=ca.pubkey
+        self.assertTrue(ca.verify(key=pubkey))
+        c=X509(self.cert1)
+        pk2=c.pubkey
+        self.assertFalse(c.verify(key=pk2))
+        self.assertTrue(c.verify(key=pubkey))
+    def test_verify_self_singed(self):
+        ca=X509(self.ca_cert)
+        self.assertTrue(ca.verify())
+    def test_default_filestore(self):
+        store=X509Store(default=True)
+        c1=X509(self.cert1)
+        # Cert signed by our CA shouldn't be successfully verified
+        # by default CA store
+        self.assertFalse(c1.verify(store))
+        # but cert, downloaded from some commercial CA - should.
+        c2=X509(self.digicert_cert)
+        self.assertTrue(c2.verify(store))
+    def test_verify_by_filestore(self):
+        trusted=NamedTemporaryFile(delete=False)
+        trusted.write(self.ca_cert)
+        trusted.close()
+        goodcert=X509(self.cert1)
+        badcert=X509(self.cert1[0:-30]+"GG"+self.cert1[-28:])
+        gitcert=X509(self.digicert_cert)
+        store=X509Store(file=trusted.name)
+        os.unlink(trusted.name)
+        # We should successfuly verify certificate signed by our CA cert
+        self.assertTrue(goodcert.verify(store))
+        # We should reject corrupted certificate
+        self.assertFalse(badcert.verify(store))
+        # And if we specify explicitely certificate file, certificate,
+        # signed by some commercial CA should be rejected too
+        self.assertFalse(gitcert.verify(store))
+        trusted.close()
+    def test_verify_by_dirstore(self):
+        pass
+    def test_certstack1(self):
+        l=[]
+        l.append(X509(self.cert1))
+        self.assertEqual(unicode(l[0].subject[Oid('CN')]),u'ÐÐ¸ÐºÑÐ¾Ñ ÐÐ°Ð³Ð½ÐµÑ')
+        l.append(X509(self.ca_cert))
+        l.append(X509(self.digicert_cert))
+        stack=StackOfX509(certs=l)
+        self.assertEqual(len(stack),3)
+        self.assertTrue(isinstance(stack[1],X509))
+        self.assertEqual(unicode(stack[0].subject[Oid('CN')]),u'ÐÐ¸ÐºÑÐ¾Ñ ÐÐ°Ð³Ð½ÐµÑ')
+        with self.assertRaises(IndexError):
+            c=stack[-1]
+        with self.assertRaises(IndexError):
+            c=stack[3]
+        del stack[1]
+        self.assertEqual(len(stack),2)
+        self.assertEqual(unicode(stack[0].subject[Oid('CN')]),u'ÐÐ¸ÐºÑÐ¾Ñ ÐÐ°Ð³Ð½ÐµÑ')
+        self.assertEqual(unicode(stack[1].subject[Oid('CN')]),u'DigiCert High Assurance EV CA-1')
+    def test_certstack2(self):
+        stack=StackOfX509()
+        stack.append(X509(self.cert1))
+        stack.append(X509(self.ca_cert))
+        c=stack[1]
+        stack[1]=X509(self.digicert_cert)
+        self.assertEqual(len(stack),2)
+        self.assertEqual(unicode(stack[1].subject[Oid('CN')]),u'DigiCert High Assurance EV CA-1')
+        with self.assertRaises(IndexError):
+            stack[-1]=c
+        with self.assertRaises(IndexError):
+            stack[3]=c
+        with self.assertRaises(TypeError):
+            stack[0]=self.cert1
+        with self.assertRaises(TypeError):
+            stack.append(self.cert1)
+    def test_certstack3(self):
+        l=[]
+        l.append(X509(self.cert1))
+        self.assertEqual(unicode(l[0].subject[Oid('CN')]),u'ÐÐ¸ÐºÑÐ¾Ñ ÐÐ°Ð³Ð½ÐµÑ')
+        l.append(X509(self.ca_cert))
+        l.append(X509(self.digicert_cert))
+        stack=StackOfX509(certs=l)
+        stack2=StackOfX509(ptr=stack.ptr,disposable=False)
+        with self.assertRaises(ValueError):
+            stack3=StackOfX509(ptr=stack.ptr,certs=l)
+        with self.assertRaises(ValueError):
+            stack2[1]=l[0]
+        with self.assertRaises(ValueError):
+            stack2.append(l[0])
 if __name__ == '__main__':
-	unittest.main()
+    unittest.main()