File: test_x509.py

package info (click to toggle)
python-cryptography 43.0.0-3
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 5,400 kB
  • sloc: python: 49,159; java: 319; makefile: 161
file content (81 lines) | stat: -rw-r--r-- 2,292 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
 
# This file is dual licensed under the terms of the Apache License, Version
# 2.0, and the BSD License. See the LICENSE file in the root of this repository
# for complete details.

import datetime
import json
import os

import certifi

from cryptography import x509

from ..utils import load_vectors_from_file


def test_object_identifier_constructor(benchmark):
    benchmark(x509.ObjectIdentifier, "1.3.6.1.4.1.11129.2.4.5")


def test_aki_public_bytes(benchmark):
    aki = x509.AuthorityKeyIdentifier(
        key_identifier=b"\x00" * 16,
        authority_cert_issuer=None,
        authority_cert_serial_number=None,
    )
    benchmark(aki.public_bytes)


def test_load_der_certificate(benchmark):
    cert_bytes = load_vectors_from_file(
        os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"),
        loader=lambda pemfile: pemfile.read(),
        mode="rb",
    )

    benchmark(x509.load_der_x509_certificate, cert_bytes)


def test_load_pem_certificate(benchmark):
    cert_bytes = load_vectors_from_file(
        os.path.join("x509", "cryptography.io.pem"),
        loader=lambda pemfile: pemfile.read(),
        mode="rb",
    )

    benchmark(x509.load_pem_x509_certificate, cert_bytes)


def test_verify_docs_python_org(benchmark, pytestconfig):
    limbo_root = pytestconfig.getoption("--x509-limbo-root", skip=True)
    with open(os.path.join(limbo_root, "limbo.json"), "rb") as f:
        [testcase] = [
            tc
            for tc in json.load(f)["testcases"]
            if tc["id"] == "online::docs.python.org"
        ]

    with open(certifi.where(), "rb") as f:
        store = x509.verification.Store(
            x509.load_pem_x509_certificates(f.read())
        )

    leaf = x509.load_pem_x509_certificate(
        testcase["peer_certificate"].encode()
    )
    intermediates = [
        x509.load_pem_x509_certificate(c.encode())
        for c in testcase["untrusted_intermediates"]
    ]
    time = datetime.datetime.fromisoformat(testcase["validation_time"])

    def bench():
        verifier = (
            x509.verification.PolicyBuilder()
            .store(store)
            .time(time)
            .build_server_verifier(x509.DNSName("docs.python.org"))
        )
        verifier.verify(leaf, intermediates)

    benchmark(bench)