diff options
author | William Woodruff <william@yossarian.net> | 2024-06-25 21:51:24 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-06-25 21:51:24 -0400 |
commit | f370b0981099adf6b267e31015b202c72f9782ea (patch) | |
tree | 973b15a8323e1363a56b8b2888ebd269a96a4d03 /tests/x509 | |
parent | ae3b2a07e2f92288d5029b1de49bf340d0617c90 (diff) | |
download | pyca-cryptography-f370b0981099adf6b267e31015b202c72f9782ea.zip pyca-cryptography-f370b0981099adf6b267e31015b202c72f9782ea.tar.gz pyca-cryptography-f370b0981099adf6b267e31015b202c72f9782ea.tar.bz2 |
policy/extension: improve extension policy errors (#11162)
* policy/extension: improve extension policy errors
* verification: ValidationError::ExtensionError variant
Begin cleaning things up.
* policy/extension: remove redundant clone
* ensure that we render the ext OID
* lib: coverage for other display arms
* relocate custom vector
* test-vectors: typo
Diffstat (limited to 'tests/x509')
-rw-r--r-- | tests/x509/verification/test_verification.py | 32 |
1 files changed, 31 insertions, 1 deletions
diff --git a/tests/x509/verification/test_verification.py b/tests/x509/verification/test_verification.py index 409f6f9..f5e70ba 100644 --- a/tests/x509/verification/test_verification.py +++ b/tests/x509/verification/test_verification.py @@ -11,7 +11,11 @@ import pytest from cryptography import x509 from cryptography.x509.general_name import DNSName, IPAddress -from cryptography.x509.verification import PolicyBuilder, Store +from cryptography.x509.verification import ( + PolicyBuilder, + Store, + VerificationError, +) from tests.x509.test_x509 import _load_cert @@ -139,6 +143,32 @@ class TestClientVerifier: assert x509.DNSName("cryptography.io") in verified_client.subjects assert len(verified_client.subjects) == 2 + def test_verify_fails_renders_oid(self): + leaf = _load_cert( + os.path.join("x509", "custom", "ekucrit-testuser-cert.pem"), + x509.load_pem_x509_certificate, + ) + + store = Store([leaf]) + + validation_time = datetime.datetime.fromisoformat( + "2024-06-26T00:00:00+00:00" + ) + + builder = PolicyBuilder().store(store) + builder = builder.time(validation_time) + verifier = builder.build_client_verifier() + + pattern = ( + r"invalid extension: 2\.5\.29\.37: " + r"Certificate extension has incorrect criticality" + ) + with pytest.raises( + VerificationError, + match=pattern, + ): + verifier.verify(leaf, []) + class TestServerVerifier: @pytest.mark.parametrize( |