|
| 1 | +# This file is dual licensed under the terms of the Apache License, Version |
| 2 | +# 2.0, and the BSD License. See the LICENSE file in the root of this repository |
| 3 | +# for complete details. |
| 4 | + |
| 5 | +from __future__ import absolute_import, division, print_function |
| 6 | + |
| 7 | +import os |
| 8 | + |
| 9 | +import pytest |
| 10 | + |
| 11 | +from cryptography import x509 |
| 12 | +from cryptography.hazmat.backends.interfaces import DERSerializationBackend |
| 13 | +from cryptography.hazmat.primitives.serialization import load_pem_private_key |
| 14 | +from cryptography.hazmat.primitives.serialization.pkcs12 import ( |
| 15 | + load_key_and_certificates |
| 16 | +) |
| 17 | + |
| 18 | +from .utils import load_vectors_from_file |
| 19 | + |
| 20 | + |
| 21 | +@pytest.mark.requires_backend_interface(interface=DERSerializationBackend) |
| 22 | +class TestPKCS12(object): |
| 23 | + @pytest.mark.parametrize( |
| 24 | + ("filename", "password"), |
| 25 | + [ |
| 26 | + ("cert-key-aes256cbc.p12", b"cryptography"), |
| 27 | + ("cert-none-key-none.p12", b"cryptography"), |
| 28 | + ("cert-rc2-key-3des.p12", b"cryptography"), |
| 29 | + ("no-password.p12", None), |
| 30 | + ] |
| 31 | + ) |
| 32 | + def test_load_pkcs12_ec_keys(self, filename, password, backend): |
| 33 | + cert = load_vectors_from_file( |
| 34 | + os.path.join("x509", "custom", "ca", "ca.pem"), |
| 35 | + lambda pemfile: x509.load_pem_x509_certificate( |
| 36 | + pemfile.read(), backend |
| 37 | + ), mode="rb" |
| 38 | + ) |
| 39 | + key = load_vectors_from_file( |
| 40 | + os.path.join("x509", "custom", "ca", "ca_key.pem"), |
| 41 | + lambda pemfile: load_pem_private_key( |
| 42 | + pemfile.read(), None, backend |
| 43 | + ), mode="rb" |
| 44 | + ) |
| 45 | + parsed_key, parsed_cert, parsed_more_certs = load_vectors_from_file( |
| 46 | + os.path.join("pkcs12", filename), |
| 47 | + lambda derfile: load_key_and_certificates( |
| 48 | + derfile.read(), password, backend |
| 49 | + ), mode="rb" |
| 50 | + ) |
| 51 | + assert parsed_cert == cert |
| 52 | + assert parsed_key.private_numbers() == key.private_numbers() |
| 53 | + assert parsed_more_certs == [] |
| 54 | + |
| 55 | + def test_load_pkcs12_cert_only(self, backend): |
| 56 | + cert = load_vectors_from_file( |
| 57 | + os.path.join("x509", "custom", "ca", "ca.pem"), |
| 58 | + lambda pemfile: x509.load_pem_x509_certificate( |
| 59 | + pemfile.read(), backend |
| 60 | + ), mode="rb" |
| 61 | + ) |
| 62 | + parsed_key, parsed_cert, parsed_more_certs = load_vectors_from_file( |
| 63 | + os.path.join("pkcs12", "cert-aes256cbc-no-key.p12"), |
| 64 | + lambda data: load_key_and_certificates( |
| 65 | + data.read(), b"cryptography", backend |
| 66 | + ), |
| 67 | + mode="rb" |
| 68 | + ) |
| 69 | + assert parsed_cert is None |
| 70 | + assert parsed_key is None |
| 71 | + assert parsed_more_certs == [cert] |
| 72 | + |
| 73 | + def test_load_pkcs12_key_only(self, backend): |
| 74 | + key = load_vectors_from_file( |
| 75 | + os.path.join("x509", "custom", "ca", "ca_key.pem"), |
| 76 | + lambda pemfile: load_pem_private_key( |
| 77 | + pemfile.read(), None, backend |
| 78 | + ), mode="rb" |
| 79 | + ) |
| 80 | + parsed_key, parsed_cert, parsed_more_certs = load_vectors_from_file( |
| 81 | + os.path.join("pkcs12", "no-cert-key-aes256cbc.p12"), |
| 82 | + lambda data: load_key_and_certificates( |
| 83 | + data.read(), b"cryptography", backend |
| 84 | + ), |
| 85 | + mode="rb" |
| 86 | + ) |
| 87 | + assert parsed_key.private_numbers() == key.private_numbers() |
| 88 | + assert parsed_cert is None |
| 89 | + assert parsed_more_certs == [] |
| 90 | + |
| 91 | + def test_non_bytes(self, backend): |
| 92 | + with pytest.raises(TypeError): |
| 93 | + load_key_and_certificates( |
| 94 | + b"irrelevant", object(), backend |
| 95 | + ) |
| 96 | + |
| 97 | + def test_not_a_pkcs12(self, backend): |
| 98 | + with pytest.raises(ValueError): |
| 99 | + load_key_and_certificates( |
| 100 | + b"invalid", b"pass", backend |
| 101 | + ) |
| 102 | + |
| 103 | + def test_invalid_password(self, backend): |
| 104 | + with pytest.raises(ValueError): |
| 105 | + load_vectors_from_file( |
| 106 | + os.path.join("pkcs12", "cert-key-aes256cbc.p12"), |
| 107 | + lambda derfile: load_key_and_certificates( |
| 108 | + derfile.read(), b"invalid", backend |
| 109 | + ), mode="rb" |
| 110 | + ) |
0 commit comments