diff options
Diffstat (limited to 'pow/POW-0.7/test/test.py')
| -rwxr-xr-x | pow/POW-0.7/test/test.py | 2128 |
1 files changed, 0 insertions, 2128 deletions
diff --git a/pow/POW-0.7/test/test.py b/pow/POW-0.7/test/test.py deleted file mode 100755 index a2070df5..00000000 --- a/pow/POW-0.7/test/test.py +++ /dev/null @@ -1,2128 +0,0 @@ -#!/usr/bin/env python - -#*****************************************************************************# -#* *# -#* Copyright (c) 2002, Peter Shannon *# -#* All rights reserved. *# -#* *# -#* Redistribution and use in source and binary forms, with or without *# -#* modification, are permitted provided that the following conditions *# -#* are met: *# -#* *# -#* * Redistributions of source code must retain the above *# -#* copyright notice, this list of conditions and the following *# -#* disclaimer. *# -#* *# -#* * Redistributions in binary form must reproduce the above *# -#* copyright notice, this list of conditions and the following *# -#* disclaimer in the documentation and/or other materials *# -#* provided with the distribution. *# -#* *# -#* * The name of the contributors may be used to endorse or promote *# -#* products derived from this software without specific prior *# -#* written permission. *# -#* *# -#* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS *# -#* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT *# -#* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS *# -#* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS *# -#* OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, *# -#* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT *# -#* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, *# -#* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY *# -#* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT *# -#* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE *# -#* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. *# -#* *# -#*****************************************************************************# - -import unittest, POW.pkix, POW._oids, base64, sys, os, socket, time, types, string, StringIO, pprint - -if not os.path.isdir('working'): - os.mkdir('working') - -DEBUG = 0 - -o2i = POW.pkix.obj2oid - -def wo(mystring): - file = open('test.der', 'w') - file.write(mystring) - file.close() - -def checkValue(constructor, val1): - obj1 = constructor() - obj1.set(val1) - io = obj1.toString() - if DEBUG: - file = open('test.der', 'w') - obj1.write(file) - file.close() - - obj2 = constructor() - obj2.fromString(io) - val2 = obj2.get() - if val2 == val1: - return 1 - else: - if DEBUG: - print 'read result:', val2 - return 0 - -class DerEncodingTestCase(unittest.TestCase): - 'a small suite of tests for the most complex codings' - - def booleanTest(self): - 'test boolean support' - print - self.failUnless( checkValue(POW.pkix.Boolean, 1), 'true was not presereved correctly') - self.failUnless( checkValue(POW.pkix.Boolean, 0), 'false was not presereved correctly') - - def integerTest(self): - 'test integer support' - print - for i in range(-5000, 5000): - print 'checking codings for', i - self.failUnless( checkValue(POW.pkix.Integer, i), '%i was not presereved correctly' % i) - - def oidTest(self): - 'test oid support' - print - for oid in POW._oids.data.keys(): - print 'checking codings for', oid - self.failUnless( checkValue(POW.pkix.Oid, oid), '%s was not presereved correctly' % `oid`) - - def bitStringTest(self): - 'test bitstring support' - values = [ - (0,), (1,), (0,0), (0,1), (1,0), (1,1), (0,1,0,1,0), (0,0,0,0,0,0,0), - (1,1,1,1,1,1,1,), (0,0,0,0,0,0,0,0), (1,1,1,1,1,1,1,1), - (0,0,0,0,0,0,0,0,0), (1,1,1,1,1,1,1,1,1,) - ] - print - for val in values: - print 'checking codings for', val - self.failUnless( checkValue(POW.pkix.BitString, val), '%s was not presereved correctly' % `val`) - - -class ComplexDerTestCase(unittest.TestCase): - '''a suite of tests for testing encoding of defaults, optional, explicit, - implied and choice objects''' - - def emptySeqTest(self): - 'checking coding of empty sequence object' - seq = POW.pkix.Sequence([]) - try: - seq.toString() - self.fail('attempting to write this should have raised and exception') - except: - pass - self.failUnless(seq.toString() == '0\x00', 'empty sequence encoded incorrectly') - seq.fromString(seq.toString()) - self.failUnless(seq.get() == (), 'empty sequence decoded incorrectly') - self.failUnless(seq.toString() == '0\x00', 'empty sequence encoded incorrectly') - - def seqOfSimpleTest(self): - 'checking coding of basic sequence object' - seq = POW.pkix.Sequence([ POW.pkix.Integer(), POW.pkix.Boolean(), POW.pkix.T61String() ]) - try: - seq.toString() - self.fail('attempting to write this should have raised and exception') - except: - pass - values = (64, 1, 'Hello World') - seq.set( values ) - self.failUnless(seq.toString() == '0\x13\x02\x01@\x01\x01\xff\x14\x0bHello World', 'sequence of basic encoded incorrectly') - seq.fromString(seq.toString()) - self.failUnless(seq.get() == values, 'sequence of basic decoded incorrectly') - self.failUnless(seq.toString() == '0\x13\x02\x01@\x01\x01\xff\x14\x0bHello World', 'sequence of basic encoded incorrectly') - - def seqOfSeqTest(self): - 'checking coding of sequence of sequence object' - seqa = POW.pkix.Sequence([ POW.pkix.Integer(), POW.pkix.Boolean(), POW.pkix.T61String() ]) - seqb = POW.pkix.Sequence([ seqa, POW.pkix.Integer(), POW.pkix.Boolean() ]) - try: - seqb.toString() - self.fail('attempting to write this should have raised and exception') - except: - pass - values = ((64, 1, 'Hello World'), 128, 0) - seqb.set( values ) - self.failUnless(seqb.toString() == '0\x1c0\x13\x02\x01@\x01\x01\xff\x14\x0bHello World\x02\x02\x00\x80\x01\x01\x00', - 'sequence of sequence encoded incorrectly') - seqb.fromString(seqb.toString()) - self.failUnless(seqb.get() == values, 'sequence of sequence decoded incorrectly') - self.failUnless(seqb.toString() == '0\x1c0\x13\x02\x01@\x01\x01\xff\x14\x0bHello World\x02\x02\x00\x80\x01\x01\x00', - 'sequence of sequence encoded incorrectly') - - def seqOfSimpleWithOptionalTest(self): - 'checking coding of sequence of basic objects with optional object' - seq = POW.pkix.Sequence([ POW.pkix.Integer(1), POW.pkix.Boolean(), POW.pkix.T61String() ]) - try: - seq.toString() - self.fail('attempting to write this should have raised and exception') - except: - pass - values = (None, 1, 'Hello World') - seq.set(values) - self.failUnless(seq.toString() == '0\x10\x01\x01\xff\x14\x0bHello World', 'sequence of basic with optional encoded incorrectly') - seq.fromString(seq.toString()) - self.failUnless(seq.get() == values, 'sequence of basic with optional decoded incorrectly') - self.failUnless(seq.toString() == '0\x10\x01\x01\xff\x14\x0bHello World', 'sequence of basic with optional encoded incorrectly') - - def seqOfSimpleWithDefaultTest(self): - 'checking coding of sequence of basic objects with default object' - seq = POW.pkix.Sequence([ POW.pkix.Integer(), POW.pkix.Boolean(), POW.pkix.T61String(0, 'FAtIZWxsbyBXb3JsZA==\n') ]) - try: - seq.toString() - self.fail('attempting to write this should have raised and exception') - except: - pass - values = (32, 1, None) - seq.set( values ) - self.failUnless(seq.toString() == '0\x06\x02\x01 \x01\x01\xff', 'sequence of basic with default encoded incorrectly') - seq.fromString(seq.toString()) - self.failUnless(seq.get() == (32,1,'Hello World'), 'sequence of basic with default decoded incorrectly') - self.failUnless(seq.toString() == '0\x06\x02\x01 \x01\x01\xff', 'sequence of basic with default encoded incorrectly') - - def seqOfOptionalSeqTest(self): - 'checking coding of sequence of optional sequence object' - seq = POW.pkix.Sequence([ POW.pkix.Sequence([POW.pkix.Integer()],1) ]) - try: - seq.toString() - except: - self.fail('attempting to write this should not have raised and exception') - pass - rep = seq.toString() - self.failUnless(seq.toString() == '0\x00', 'sequence of optional sequence encoded incorrectly') - seq.fromString('0\x00') - self.failUnless(seq.toString() == '0\x00', 'sequence of optional sequence encoded incorrectly') - values = ((64,),) - seq.set( values ) - self.failUnless(seq.toString() == '0\x050\x03\x02\x01@', 'sequence of set optional sequence encoded incorrectly') - seq.fromString(seq.toString()) - self.failUnless(seq.get() == values, 'sequence of set optional sequence decoded incorrectly') - - def seqOfPartiallySetOptionalSeqTest(self): - 'checking coding of sequence of optional sequence objects' - seq = POW.pkix.Sequence([ POW.pkix.Sequence([POW.pkix.Integer(), POW.pkix.Integer()],1) ]) - try: - seq.toString() - except: - self.fail('attempting to write this should not have raised and exception') - pass - self.failUnless(seq.toString() == '0\x00', 'sequence of optional sequence encoded incorrectly') - seq.fromString('0\x00') - self.failUnless(seq.toString() == '0\x00', 'sequence of optional sequence encoded incorrectly') - values = ((7,None),) - seq.set( values ) - self.failUnless(seq.toString() == '0\x00', 'sequence of set optional sequence encoded incorrectly') - seq.fromString(seq.toString()) - values = ((7,14),) - seq.set( values ) - self.failUnless(seq.toString() == '0\x080\x06\x02\x01\x07\x02\x01\x0e', 'sequence of set optional sequence encoded incorrectly') - seq.fromString('0\x080\x06\x02\x01\x07\x02\x01\x0e') - self.failUnless(seq.toString() == '0\x080\x06\x02\x01\x07\x02\x01\x0e', 'sequence of set optional sequence encoded incorrectly') - - - def defaultSeqTest(self): - 'checking coding of default sequence object' - seq = POW.pkix.Sequence([POW.pkix.Integer()], 0, 'MAMCAQc=\n') - try: - seq.toString() - except: - self.fail('attempting to write this should not have raised and exception') - pass - self.failUnless(seq.toString() == '', 'unset default sequence encoded incorrectly') - seq.fromString('') - self.failUnless(seq.toString() == '', 'unset default sequence encoded incorrectly') - values = (64,) - seq.set( values ) - self.failUnless(seq.toString() == '0\x03\x02\x01@', 'set default sequence encoded incorrectly') - seq.reset() - seq.fromString('0\x03\x02\x01@') - self.failUnless(seq.get() == (64,), 'set default sequence decoded incorrectly') - self.failUnless(seq.toString() == '0\x03\x02\x01@', 'set default sequence encoded incorrectly') - - def sequenceOfChoiceTest(self): - 'checking coding of sequence of choice objects' - Time = lambda : POW.pkix.Choice({ 'generalTime' : POW.pkix.GeneralizedTime(), - 'utcTime' : POW.pkix.UtcTime() }) - seq = POW.pkix.Sequence([Time(), Time()]) - try: - seq.toString() - self.fail('attempting to write this should have raised and exception') - except: - pass - now = POW.pkix.time2gen(1031669280.1208529) - then = POW.pkix.time2gen(1031669280.1208529 + 60*60*24*365*12) - seq.set( (('generalTime',now),('generalTime',then)) ) - self.failUnless(seq.get() == (('generalTime', '20020910144800Z'), ('generalTime', '20140907144800Z')), - 'sequence of choice encoded incorrectly') - self.failUnless(seq.toString() == '0"\x18\x0f20020910144800Z\x18\x0f20140907144800Z', - 'sequence of choice encoded incorrectly') - self.failUnless(seq.get() == (('generalTime', '20020910144800Z'), ('generalTime', '20140907144800Z')), - 'sequence of choice decoded incorrectly') - - - def seqOfDefaultSeqTest(self): - 'checking coding of sequence of default sequence object' - seq = POW.pkix.Sequence([ POW.pkix.Sequence([POW.pkix.Integer()], 0, 'MAMCAQc=\n') ] ) - try: - seq.toString() - except: - self.fail('attempting to write this should not have raised and exception') - pass - self.failUnless(seq.toString() == '0\x00', 'unset sequence of default sequence encoded incorrectly') - seq.fromString('0\x00') - values = ((128,),) - seq.set( values ) - self.failUnless(seq.toString() == '0\x060\x04\x02\x02\x00\x80', 'set sequence of default sequence encoded incorrectly') - seq.fromString(seq.toString()) - self.failUnless(seq.toString() == '0\x060\x04\x02\x02\x00\x80', 'set sequence of default sequence encoded incorrectly') - self.failUnless(seq.get() == ((128,),), 'set sequence of default sequence decoded incorrectly') - seq.reset() - seq.fromString('0\x00') - self.failUnless(seq.get() == ((7,),), 'default of sequence of default sequence decoded incorrectly') - - def sequenceOfSimpleTest(self): - 'checking coding of basic and empty sequenceOf object' - sqo = POW.pkix.SequenceOf(POW.pkix.Integer) - derval = sqo.toString() - self.failUnless(sqo.toString() == '0\x00', 'empty sequenceOf encoded incorrectly') - sqo.fromString('0\x00') - self.failUnless(sqo.toString() == '0\x00', 'empty sequenceOf encoded incorrectly') - sqo.set( (1,2,3,4) ) - sqo.fromString(derval) - self.failUnless(sqo.get() == (), 'empty sequenceOf decoded incorrectly') - sqo.set( (1,2,3,4) ) - self.failUnless(sqo.toString() == '0\x0c\x02\x01\x01\x02\x01\x02\x02\x01\x03\x02\x01\x04', 'populated sequenceOf encoded incorrectly') - sqo.reset() - sqo.fromString('0\x0c\x02\x01\x01\x02\x01\x02\x02\x01\x03\x02\x01\x04') - self.failUnless(sqo.toString() == '0\x0c\x02\x01\x01\x02\x01\x02\x02\x01\x03\x02\x01\x04', 'populated sequenceOf encoded incorrectly') - self.failUnless(sqo.get() == (1,2,3,4), 'populated sequenceOf decoded incorrectly') - - def defaultSequenceOfTest(self): - 'checking coding of default sequenceOf object' - sqo = POW.pkix.SequenceOf(POW.pkix.Integer,0,'MAwCAQECAQICAQMCAQQ=\n') - try: - sqo.toString() - except: - self.fail('attempting to write this should not have raised and exception') - pass - self.failUnless(sqo.toString() == '', 'unset default sequenceOf encoded incorrectly') - sqo.set(()) - sqo.fromString('') - self.failUnless(sqo.toString() == '', 'unset default sequenceOf encoded incorrectly') - sqo.fromString(sqo.toString()) - self.failUnless(sqo.get() == (1,2,3,4), 'default sequenceOf decoded incorrectly') - sqo.set((24,48) ) - self.failUnless(sqo.toString() == '0\x06\x02\x01\x18\x02\x010', 'populated default sequenceOf encoded incorrectly') - sqo.reset() - sqo.fromString('0\x06\x02\x01\x18\x02\x010') - self.failUnless(sqo.get() == (24,48), 'populated default sequenceOf decoded incorrectly') - self.failUnless(sqo.toString() == '0\x06\x02\x01\x18\x02\x010', 'populated default sequenceOf encoded incorrectly') - - def sequenceOfDefaultSequenceOfTest(self): - 'checking coding of sequence of default sequenceOf object' - seq = POW.pkix.Sequence([ POW.pkix.SequenceOf(POW.pkix.Integer,0,'MAwCAQECAQICAQMCAQQ=\n') ]) - try: - seq.toString() - except: - self.fail('attempting to write this should not have raised and exception') - pass - self.failUnless(seq.toString() == '0\x00', 'unset sequence of default sequenceOf encoded incorrectly') - derval = seq.toString() - seq.set( ((),) ) - seq.fromString(derval) - self.failUnless(seq.get() == ((1,2,3,4),), 'sequence of default sequenceOf decoded incorrectly') - seq.set( ((24,48),) ) - self.failUnless(seq.toString() == '0\x080\x06\x02\x01\x18\x02\x010', 'populated sequence of default sequenceOf encoded incorrectly') - seq.reset() - seq.fromString('0\x080\x06\x02\x01\x18\x02\x010') - self.failUnless(seq.get() == ((24,48),), 'populated sequence of default sequenceOf decoded incorrectly') - self.failUnless(seq.toString() == '0\x080\x06\x02\x01\x18\x02\x010', 'populated sequence of default sequenceOf encoded incorrectly') - - def optionalSequenceOfTest(self): - 'checking coding of optional sequenceOf object' - sqo = POW.pkix.SequenceOf(POW.pkix.Integer,1) - try: - sqo.toString() - except: - self.fail('attempting to write this should not have raised and exception') - pass - self.failUnless(sqo.toString() == '', 'unset optional sequenceOf encoded incorrectly') - sqo.set((24,48) ) - self.failUnless(sqo.toString() == '0\x06\x02\x01\x18\x02\x010', 'set optional sequenceOf encoded incorrectly') - sqo.reset() - sqo.fromString('0\x06\x02\x01\x18\x02\x010') - self.failUnless(sqo.get() == (24,48), 'set optional sequenceOf decoded incorrectly') - self.failUnless(sqo.toString() == '0\x06\x02\x01\x18\x02\x010', 'set optional sequenceOf encoded incorrectly') - - def sequenceOfOptionalSequenceOfTest(self): - 'checking coding of sequence of optional sequenceOf object' - seq = POW.pkix.Sequence([ POW.pkix.SequenceOf(POW.pkix.Integer,1) ]) - try: - seq.toString() - except: - self.fail('attempting to write this should not have raised and exception') - pass - self.failUnless(seq.toString() == '0\x00', 'unset sequence of optional sequenceOf encoded incorrectly') - seq.set( ((1,2,3,4),) ) - self.failUnless(seq.toString() == '0\x0e0\x0c\x02\x01\x01\x02\x01\x02\x02\x01\x03\x02\x01\x04', - 'populated sequence of optional sequenceOf encoded incorrectly') - seq.reset() - seq.fromString('0\x0e0\x0c\x02\x01\x01\x02\x01\x02\x02\x01\x03\x02\x01\x04') - self.failUnless(seq.get() == ((1,2,3,4),), 'populated sequence of optional sequenceOf decoded incorrectly') - - def basicExplicitTest(self): - 'checking coding of basic explicit object' - exp = POW.pkix.Explicit( POW.pkix.CLASS_CONTEXT, POW.pkix.FORM_CONSTRUCTED, 0, POW.pkix.Integer() ) - try: - exp.toString() - self.fail('attempting to write this should have raised and exception') - except: - pass - exp.set(1) - self.failUnless(exp.toString() == '\xa0\x03\x02\x01\x01', 'set explicit integer encoded incorrectly') - exp.reset() - exp.fromString('\xa0\x03\x02\x01\x01') - self.failUnless(exp.toString() == '\xa0\x03\x02\x01\x01', 'set explicit integer encoded incorrectly') - self.failUnless(exp.get() == 1, 'set explicit integer decoded incorrectly') - - def defaultExplicitTest(self): - 'checking coding of default explicit object' - exp = POW.pkix.Explicit( POW.pkix.CLASS_CONTEXT, POW.pkix.FORM_CONSTRUCTED, 0, POW.pkix.Integer(), 0, 'oAMCAQE=\n' ) - try: - exp.toString() - except: - self.fail('attempting to write this should not have raised and exception') - pass - self.failUnless(exp.toString() == '', 'unset default epxlicit integer encoded incorrectly') - exp.set(14) - self.failUnless(exp.toString() == '\xa0\x03\x02\x01\x0e', 'set explicit integer encoded incorrectly') - exp.reset() - exp.fromString('\xa0\x03\x02\x01\x0e') - self.failUnless(exp.get() == 14, 'set explicit integer decoded incorrectly') - self.failUnless(exp.toString() == '\xa0\x03\x02\x01\x0e', 'set explicit integer encoded incorrectly') - - def optionalExplicitTest(self): - 'checking coding of optional explicit object' - exp = POW.pkix.Explicit( POW.pkix.CLASS_CONTEXT, POW.pkix.FORM_CONSTRUCTED, 0, POW.pkix.Integer(), 1 ) - try: - exp.toString() - except: - self.fail('attempting to write this should not have raised and exception') - pass - self.failUnless(exp.toString() == '', 'unset default epxlicit integer encoded incorrectly') - exp.set(14) - self.failUnless(exp.toString() == '\xa0\x03\x02\x01\x0e', 'set explicit integer encoded incorrectly') - exp.reset() - exp.fromString('\xa0\x03\x02\x01\x0e') - self.failUnless(exp.get() == 14, 'set explicit integer decoded incorrectly') - self.failUnless(exp.toString() == '\xa0\x03\x02\x01\x0e', 'set explicit integer encoded incorrectly') - - def basicChoiceTest(self): - 'checking coding of basic choice object' - chint = POW.pkix.Integer() - chstring = POW.pkix.OctetString() - chbool = POW.pkix.Boolean() - choices = { 'i' : chint, - 's' : chstring, - 'b' : chbool } - - ch = POW.pkix.Choice(choices) - try: - ch.toString() - self.fail('attempting to write this should have raised and exception') - except: - pass - ch.set(('i',7)) - self.failUnless(ch.toString() == '\x02\x01\x07', 'set integer choice encoded incorrectly') - ch.set(('s','Hello World')) - self.failUnless(ch.toString() == '\x04\x0bHello World', 'set octet string choice encoded incorrectly') - ch.set(('b',1)) - self.failUnless(ch.toString() == '\x01\x01\xff', 'set boolean choice encoded incorrectly') - - ch.fromString('\x02\x01\x07') - self.failUnless(ch.get() == ('i',7), 'set integer choice decoded incorrectly') - ch.fromString('\x04\x0bHello World') - self.failUnless(ch.get() == ('s','Hello World'), 'set octet string choice decoded incorrectly') - ch.fromString('\x01\x01\xff') - self.failUnless(ch.get() == ('b',1), 'set integer boolean decoded incorrectly') - - def defaultChoiceTest(self): - 'checking coding of default choice object' - chint = POW.pkix.Integer() - chstring = POW.pkix.OctetString() - chbool = POW.pkix.Boolean() - choices = { 'i' : chint, - 's' : chstring, - 'b' : chbool } - - ch = POW.pkix.Choice(choices,0,'AQH/\n') - try: - ch.toString() - except: - self.fail('attempting to write this should not have raised and exception') - pass - self.failUnless(ch.toString() == '', 'unset default choice encoded incorrectly') - ch.set(('i',7)) - self.failUnless(ch.toString() == '\x02\x01\x07', 'set integer choice encoded incorrectly') - ch.set(('s','Hello World')) - self.failUnless(ch.toString() == '\x04\x0bHello World', 'set octet string choice encoded incorrectly') - - ch.fromString('\x02\x01\x07') - self.failUnless(ch.get() == ('i',7), 'set integer choice decoded incorrectly') - ch.fromString('\x04\x0bHello World') - self.failUnless(ch.get() == ('s','Hello World'), 'set octet string choice decoded incorrectly') - ch.fromString('') - self.failUnless(ch.get() == ('b',1), 'set integer boolean decoded incorrectly') - - def optionalChoiceTest(self): - 'checking coding of optional choice object' - chint = POW.pkix.Integer() - chstring = POW.pkix.OctetString() - chbool = POW.pkix.Boolean() - choices = { 'i' : chint, - 's' : chstring, - 'b' : chbool } - - ch = POW.pkix.Choice(choices,1) - try: - ch.toString() - except: - self.fail('attempting to write this should not have raised and exception') - pass - self.failUnless(ch.toString() == '', 'unset choice encoded incorrectly') - ch.set(('i',7)) - self.failUnless(ch.toString() == '\x02\x01\x07', 'set integer choice encoded incorrectly') - ch.set(('s','Hello World')) - self.failUnless(ch.toString() == '\x04\x0bHello World', 'set octet string choice encoded incorrectly') - ch.set(('b',1)) - self.failUnless(ch.toString() == '\x01\x01\xff', 'set boolean choice encoded incorrectly') - - ch.fromString('') - self.failUnless(ch.get() == None, 'unset choice decoded incorrectly') - ch.fromString('\x02\x01\x07') - self.failUnless(ch.get() == ('i',7), 'set integer choice decoded incorrectly') - ch.fromString('\x04\x0bHello World') - self.failUnless(ch.get() == ('s','Hello World'), 'set octet string choice decoded incorrectly') - ch.fromString('\x01\x01\xff') - self.failUnless(ch.get() == ('b',1), 'set integer boolean decoded incorrectly') - - def choiceWithDefaultElementTest(self): - 'checking coding of choice object with default choice' - chint = POW.pkix.Integer() - chstring = POW.pkix.OctetString(0,'BAtIZWxsbyBXb3JsZA==\n') - chbool = POW.pkix.Boolean() - choices = { 'i' : chint, - 's' : chstring, - 'b' : chbool } - - ch = POW.pkix.Choice(choices) - try: - ch.toString() - except: - self.fail('attempting to write this should not have raised and exception') - pass - self.failUnless(ch.get() == ('s','Hello World'), 'set octet string choice decoded incorrectly') - ch.set(('i',7)) - self.failUnless(ch.toString() == '\x02\x01\x07', 'set integer choice encoded incorrectly') - ch.set(('s','Hello World')) - self.failUnless(ch.toString() == '', 'set octet string choice encoded incorrectly') - ch.set(('b',1)) - self.failUnless(ch.toString() == '\x01\x01\xff', 'set boolean choice encoded incorrectly') - - ch.fromString('\x02\x01\x07') - self.failUnless(ch.get() == ('i',7), 'set integer choice decoded incorrectly') - ch.fromString('\x04\x0bHello World') - self.failUnless(ch.get() == ('s','Hello World'), 'set octet string choice decoded incorrectly') - ch.fromString('\x01\x01\xff') - self.failUnless(ch.get() == ('b',1), 'set integer boolean decoded incorrectly') - -class PkixTestCase(unittest.TestCase): - 'a set of tests to check codings of x509v3 objects' - - def confirmvalues(self, os, ns): - for i in range( len(os) ): - if os[i] != ns[i]: - sys.stderr.write( '%i is faulty!\n' % i ) - sys.stderr.write( `os[i]`+'\n' ) - sys.stderr.write( `ns[i]`+'\n' ) - if isinstance(os[i], types.TupleType): - self.confvalue(os[i], ns[i]) - else: - print '%i is ok!' % i - - def validityTest(self): - 'checking coding of validity object' - v = POW.pkix.Validity() - try: - v.toString() - self.fail('attempting to write this should have raised and exception') - except: - pass - now = POW.pkix.time2gen(1031669280.1208529) - v.set( (('generalTime', now),('generalTime', now)) ) - self.failUnless(v.toString() == '0"\x18\x0f20020910144800Z\x18\x0f20020910144800Z', 'set validity encoded incorrectly') - v.fromString('0"\x18\x0f20020910144800Z\x18\x0f20020910144800Z') - self.failUnless(v.get() == (('generalTime', now), ('generalTime', now)), 'set validity encoded incorrectly') - self.failUnless(v.toString() == '0"\x18\x0f20020910144800Z\x18\x0f20020910144800Z', 'set validity encoded incorrectly') - - now = POW.pkix.time2utc(1031669280.1208529) - v.set( (('utcTime', now),('utcTime', now)) ) - self.failUnless(v.toString() == '0\x1e\x17\r020910144800Z\x17\r020910144800Z', 'set validity encoded incorrectly') - v.fromString('0\x1e\x17\r020910144800Z\x17\r020910144800Z') - self.failUnless(v.get() == (('utcTime', now), ('utcTime', now)), 'set validity encoded incorrectly') - self.failUnless(v.toString() == '0\x1e\x17\r020910144800Z\x17\r020910144800Z', 'set validity encoded incorrectly') - - def directoryStringTest(self): - 'checking coding of directoryString object' - d = POW.pkix.DirectoryString() - try: - d.toString() - self.fail('attempting to write this should have raised and exception') - except: - pass - - d.set( ('teletexString', 'Hello World') ) - derval = '\x14\x0bHello World' - self.failUnless(d.toString() == derval, 'set directoryString encoded incorrectly') - d.fromString(derval) - self.failUnless(d.toString() == derval, 'set directoryString encoded incorrectly') - self.failUnless(d.get() == ('teletexString', 'Hello World'), 'set directoryString encoded incorrectly') - - d.set( ('printableString', 'Hello World') ) - derval = '\x13\x0bHello World' - self.failUnless(d.toString() == derval, 'set directoryString encoded incorrectly') - d.fromString(derval) - self.failUnless(d.toString() == derval, 'set directoryString encoded incorrectly') - self.failUnless(d.get() == ('printableString', 'Hello World'), 'set directoryString encoded incorrectly') - - d.set( ('universalString', 'Hello World') ) - derval = '\x1c\x0bHello World' - self.failUnless(d.toString() == derval, 'set directoryString encoded incorrectly') - d.fromString(derval) - self.failUnless(d.toString() == derval, 'set directoryString encoded incorrectly') - self.failUnless(d.get() == ('universalString', 'Hello World'), 'set directoryString encoded incorrectly') - - d.set( ('bmpString', 'Hello World') ) - derval = '\x1e\x0bHello World' - self.failUnless(d.toString() == derval, 'set directoryString encoded incorrectly') - d.fromString(derval) - self.failUnless(d.toString() == derval, 'set directoryString encoded incorrectly') - self.failUnless(d.get() == ('bmpString', 'Hello World'), 'set directoryString encoded incorrectly') - - d.set( ('utf8String', 'Hello World') ) - derval = '\x0c\x0bHello World' - self.failUnless(d.toString() == derval, 'set directoryString encoded incorrectly') - d.fromString(derval) - self.failUnless(d.toString() == derval, 'set directoryString encoded incorrectly') - self.failUnless(d.get() == ('utf8String', 'Hello World'), 'set directoryString encoded incorrectly') - - def attributeTypeAndValueTest(self): - 'checking coding of attributeTypeAndValueTest object' - av = POW.pkix.AttributeTypeAndValue() - try: - av.toString() - self.fail('attempting to write this should have raised and exception') - except: - pass - av.set( (o2i('commonName'), None ) ) - try: - av.toString() - self.fail('attempting to write this should have raised and exception') - except: - pass - av.set( (o2i('commonName'), ('utf8String', None) ) ) - try: - av.toString() - self.fail('attempting to write this should have raised and exception') - except: - pass - - av.set( (o2i('commonName'), ('utf8String', u'Peter Shannon') ) ) - derval = '0\x14\x06\x03U\x04\x03\x0c\rPeter Shannon' - self.failUnless(av.toString() == derval, 'set attributeTypeAndValue encoded incorrectly') - av.fromString(derval) - self.failUnless(av.toString() == derval, 'set attributeTypeAndValue encoded incorrectly') - self.failUnless(av.get() == (o2i('commonName'), ('utf8String', u'Peter Shannon')), 'set attributeTypeAndValue encoded incorrectly') - - - def x509v2Test(self): - 'checking coding of x509v2 object' - cipher = ciphers.getCipher('client') - rsa = cipher[1] - - old = POW.pkix.Certificate() - old.setVersion(1) - old.setSerial(5) - - name = ( (( o2i('countryName'), ('printableString', 'GB') ),), - (( o2i('stateOrProvinceName'), ('printableString', 'Hertfordshire') ),), - (( o2i('organizationName'), ('printableString', 'The House') ),), - (( o2i('commonName'), ('printableString', 'Client') ),) ) - - old.setIssuer(name) - old.setSubject(name) - - now = ('generalTime', POW.pkix.time2gen( time.time() ) ) - then = ('generalTime', POW.pkix.time2gen(time.time() + 60*60*24*365*12) ) - old.setNotBefore(now) - old.setNotAfter(then) - old.setIssuerUniqueID((1,0,1,0)) - old.setSubjectUniqueID((1,0,0,1)) - old.sign(rsa, POW.MD5_DIGEST) - - new = POW.pkix.Certificate() - new.fromString( old.toString() ) - self.failUnless( new.getVersion() == 1, 'version was not presereved correctly') - self.failUnless( new.getSerial() == 5, 'serial was not presereved correctly') - self.failUnless( new.getNotBefore() == now, 'notBefore was not presereved correctly') - self.failUnless( new.getNotAfter() == then, 'notAfter was not presereved correctly') - self.failUnless( new.getIssuer() == name, 'issuerName was not presereved correctly') - self.failUnless( new.getSubject() == name, 'subjectName was not presereved correctly') - self.failUnless( new.getIssuerUniqueID() == (1,0,1,0), 'issuerUniqueId was not presereved correctly') - self.failUnless( new.getSubjectUniqueID() == (1,0,0,1), 'subjectUniqueId was not presereved correctly') - self.failUnless( new.verify(rsa), 'signed text was not verified') - -# os = old.get() -# ns = new.get() -# self.confirmvalues(os,ns) - - - def x509v3Test(self): - 'checking coding of x509v3 object' - - now = POW.pkix.time2gen( time.time() ) - then = POW.pkix.time2gen(time.time() + 60*60*24*365*12) - cipher = ciphers.getCipher('client') - rsa = cipher[1] - - policy = ( - ( o2i('id-cti-ets-proofOfReceipt'), ( - (o2i('cps'), ('cPSuri', 'http://www.p-s.org.uk/policies/policy1')), - (o2i('unotice'), ('userNotice', ((('visibleString', 'The House'),(1,2,3)), ('visibleString', 'We guarentee nothing')) )), - )), - ( o2i('id-cti-ets-proofOfOrigin'), ( - (o2i('cps'), ('cPSuri', 'http://www.p-s.org.uk/policies/policy2')), - )) - ) - - n1 = ('directoryName', ( (( o2i('countryName'), ('printableString', 'UK') ),), - (( o2i('stateOrProvinceName'), ('printableString', 'Herts') ),), - (( o2i('organizationName'), ('printableString', 'The House') ),), - (( o2i('commonName'), ('printableString', 'Shannon Works') ),) ) ) - - n2 = ('rfc822Name', 'peter_shannon@yahoo.com') - n3 = ('uri', 'http://www.p-s.org.uk') - n4 = ('iPAddress', POW.pkix.ip42oct(192,168,100,51)) - - points = ( ( ('fullName',(n1, n4)), (1,1,1,1,1), (n1,) ), ) - - authdigest = POW.Digest( POW.SHA1_DIGEST ) - authdigest.update(rsa.derWrite(POW.RSA_PUBLIC_KEY)) - keyHash = authdigest.digest() - - myExtensions = ( - ( o2i('privateKeyUsagePeriod'),0, (now, then)), - ( o2i('keyUsage'),0, (1,1)), - ( o2i('basicConstraints'),0, (0,None)), - ( o2i('subjectKeyIdentifier'),0, keyHash), - ( o2i('certificatePolicies'),0, policy ), - ( o2i('subjectAltName'),0, (n2,)), - ( o2i('issuerAltName'),0, (n1,n2,n3,n4)), - ( o2i('authorityKeyIdentifier'),0, (keyHash, (), None) ), - ( o2i('cRLDistributionPoints'),0, points ), - ) - - old = POW.pkix.Certificate() - old.setVersion(2) - old.setSerial(5) - - name = ( - (( o2i('commonName'), ('printableString', 'Peter Shannon') ),), - ) - - old.setIssuer(name) - old.setSubject(name) - - old.setNotBefore( ('generalTime', now) ) - old.setNotAfter( ( 'generalTime', then) ) - - old.setExtensions( myExtensions ) - old.sign(rsa, POW.MD5_DIGEST) - - new = POW.pkix.Certificate() - new.fromString( old.toString() ) - - extns = new.getExtensions() - -# ns = new.getExtensions() -# self.confirmvalues(myExtensions,ns) - - self.failUnless( new.getVersion() == 2, 'version was not presereved correctly') - self.failUnless( new.getSerial() == 5, 'serial was not presereved correctly') - self.failUnless( new.getIssuer() == name, 'issuerName was not presereved correctly') - self.failUnless( new.getSubject() == name, 'subjectName was not presereved correctly') - self.failUnless( new.getNotBefore()[1] == now, 'notBefore was not presereved correctly') - self.failUnless( new.getNotAfter()[1] == then, 'notAfter was not presereved correctly') - self.failUnless( new.getExtensions() == myExtensions, 'extensions were not presereved correctly') - self.failUnless( new.verify(rsa), 'signed text was not verified') - - def basicConstraintsTest(self): - 'checking coding of basicConstraints' - for val in [(0,0),(0,None), (1,None), (0,1),(0,2),(1,0),(1,1),(1,2)]: - self.failUnless( checkValue(POW.pkix.BasicConstraints, val), '%s was not presereved correctly' % `val`) - - def generalNameTest(self): - 'checking coding of subjectAltName' - values = [ - (('directoryName', ( (( o2i('countryName'), ('printableString', 'UK') ),), - (( o2i('stateOrProvinceName'), ('printableString', 'Herts') ),), - (( o2i('organizationName'), ('printableString', 'The House') ),), - (( o2i('commonName'), ('printableString', 'Shannon Works') ),), ) - ),), - (('rfc822Name', 'peter_shannon@yahoo.com'),), - (('uri', 'http://www.p-s.org.uk'),), - (('iPAddress', POW.pkix.ip42oct(192,168,100,51)),), - (('registeredId', o2i('countryName')),), - (), - ] - for val in values: - self.failUnless( checkValue(POW.pkix.GeneralNames, val), '%s was not presereved correctly' % `val`) - - def crlv1Test(self): - 'checking coding of CRLv1 object' - now = POW.pkix.time2gen( time.time() ) - then = POW.pkix.time2gen(time.time() + 60*60*24*365*12) - cipher = ciphers.getCipher('client') - rsa = cipher[1] - - old = POW.pkix.CertificateList() - old.setThisUpdate( ('generalTime', now ) ) - - name = ( (( o2i('countryName'), ('printableString', 'GB') ),), - (( o2i('stateOrProvinceName'), ('printableString', 'Hertfordshire') ),), - (( o2i('organizationName'), ('printableString', 'The House') ),), - (( o2i('commonName'), ('printableString', 'Client') ),) ) - - myRevocations = ( - (1, ('generalTime', now), ()), - (2, ('generalTime', now), ()), - (3, ('generalTime', now), (( o2i('cRLReason'), 0, 1),)) - ) - - old.setIssuer(name) - old.setRevokedCertificates( myRevocations ) - - old.sign(rsa, POW.MD5_DIGEST) - - new = POW.pkix.CertificateList() - new.fromString( old.toString() ) - self.failUnless( new.getVersion() == None, 'version was not presereved correctly') - self.failUnless( new.getThisUpdate()[1] == now, 'thisUpdate was not presereved correctly') - self.failUnless( new.getIssuer() == name, 'issuerName was not presereved correctly') - self.failUnless( new.getRevokedCertificates() == myRevocations, 'revokedCerticates was not presereved correctly') - self.failUnless( new.verify(rsa), 'signed envelope was not presereved correctly') - - -class ExtensionsTestCase(unittest.TestCase): - 'Extentions Tests' - - def extensionManipulationTest(self): - 'Extensions manipulation for X509 object tests' - sc = certs.getCert('server') - basic = POW.pkix.BasicConstraints() - basic.set([1,5]) - sc.addExtension( 'basicConstraints', 0, basic.toString() ) - sc.addExtension( 'basicConstraints', 0, basic.toString() ) - sc.addExtension( 'basicConstraints', 0, basic.toString() ) - self.failUnless( sc.countExtensions() == 3, 'cert should have 3 any extensions') - sc.clearExtensions() - self.failUnless( sc.countExtensions() == 0, 'cert should not have any extensions') - sc.addExtension( 'basicConstraints', 0, basic.toString() ) - basic.set([0,1]) - sc.addExtension( 'basicConstraints', 0, basic.toString() ) - basic = POW.pkix.BasicConstraints() - basic.fromString( sc.getExtension(1)[2] ) - self.failUnless( basic.get() == (0,1), 'incorrect extension handling ') - - def basicConstraintTest(self): - 'Basic constraints tests' - serverCert = certs.getCert('server') - basic = POW.pkix.BasicConstraints() - basic.set([1,5]) - serverCert.addExtension( 'basicConstraints', 0, basic.toString() ) - basic = POW.pkix.BasicConstraints() - basic.fromString( serverCert.getExtension(0)[2] ) - values = basic.get() - self.failUnless( values[0] == 1, 'ca value should be true') - self.failUnless( values[1] == 5, 'pathlen values should be 5') - - def privateKeyUsagePeriodTest(self): - 'Private key usage period tests' - serverCert = certs.getCert('server') - period = POW.pkix.PrivateKeyUsagePeriod() - t1 = POW.pkix.time2gen( time.time() ) - t2 = POW.pkix.time2gen(time.time() + 60*60*24*365 ) - period.set([t1,t2]) - serverCert.addExtension( 'privateKeyUsagePeriod', 0, period.toString() ) - period = POW.pkix.PrivateKeyUsagePeriod() - period.fromString( serverCert.getExtension(0)[2] ) - values = period.get() - self.failUnless( values == (t1,t2), 'private key usage period is incorrect') - - def keyUsageTest(self): - 'privateKeyUsage tests' - serverCert = certs.getCert('server') - usage = POW.pkix.KeyUsage() - usage.set([1,1]) - serverCert.addExtension( 'keyUsage', 0, usage.toString() ) - usage = POW.pkix.KeyUsage() - usage.fromString( serverCert.getExtension(0)[2] ) - values = usage.get() - self.failUnless( values == (1,1), 'bit pattern is incorrect') - - def issuerAltNameTest(self): - 'Issuer Alt Name tests' - n1 = ('directoryName', ( (( o2i('countryName'), ('printableString', 'UK') ),), - (( o2i('stateOrProvinceName'), ('printableString', 'Herts') ),), - (( o2i('organizationName'), ('printableString', 'The House') ),), - (( o2i('commonName'), ('printableString', 'Shannon Works') ),) ) ) - - n2 = ('rfc822Name', 'peter_shannon@yahoo.com') - n3 = ('uri', 'http://www.p-s.org.uk') - n4 = ('iPAddress', POW.pkix.ip42oct(192,168,100,51)) - - serverCert = certs.getCert('server') - issuer = POW.pkix.IssuerAltName() - issuer.set([n1,n2,n3,n4]) - serverCert.addExtension( 'issuerAltName', 0, issuer.toString() ) - issuer = POW.pkix.IssuerAltName() - issuer.fromString( serverCert.getExtension(0)[2] ) - values = issuer.get() - self.failUnless( values == (n1,n2,n3,n4), 'generalNames are incorrect') - - def subjectAltNameTest(self): - 'Subject Alt Name tests' - n1 = ('directoryName', ( (( o2i('countryName'), ('printableString', 'UK') ),), - (( o2i('stateOrProvinceName'), ('printableString', 'Herts') ),), - (( o2i('organizationName'), ('printableString', 'The House') ),), - (( o2i('commonName'), ('printableString', 'Shannon Works') ),) ) ) - - n2 = ('rfc822Name', 'peter_shannon@yahoo.com') - n3 = ('uri', 'http://www.p-s.org.uk') - n4 = ('iPAddress', POW.pkix.ip42oct(192,168,100,51)) - - serverCert = certs.getCert('server') - subject = POW.pkix.SubjectAltName() - subject.set([n1,n2,n3,n4]) - serverCert.addExtension( 'subjectAltName', 0, subject.toString() ) - subject = POW.pkix.SubjectAltName() - subject.fromString( serverCert.getExtension(0)[2] ) - values = subject.get() - self.failUnless( values == (n1,n2,n3,n4), 'generalNames are incorrect') - - - def certPolicyTest(self): - 'Certificate Policies tests' - policies=( - ( o2i('id-cti-ets-proofOfReceipt'), ( - (o2i('cps'), ('cPSuri', 'http://www.p-s.org.uk/policies/ps1')), - (o2i('unotice'), ('userNotice', ((('visibleString', 'The House'),(1,2,3)), ('visibleString', 'We guarentee nothing')) )), - )), - ( o2i('id-cti-ets-proofOfOrigin'), ( - (o2i('cps'), ('cPSuri', 'http://www.p-s.org.uk/policies/p2')), - )) - ) - - serverCert = certs.getCert('server') - policy = POW.pkix.CertificatePolicies() - policy.set(policies) - serverCert.addExtension( 'certificatePolicies', 0, policy.toString() ) - policy = POW.pkix.CertificatePolicies() - policy.fromString( serverCert.getExtension(0)[2] ) - values = policy.get() - self.failUnless( values == policies, 'policies are incorrect') - - - -#--------------- Hash test case ---------------# - -class HashTestCase(unittest.TestCase): - 'Hash algorithm tests' - - plainText = 'My extremely silly pass phrase!' - - def _symmetricGeneralTest(self, type, expected=None): - digest = POW.Digest( type ) - digest.update( self.plainText ) - b64Text = base64.encodestring( digest.digest() ) - self.failUnlessEqual( b64Text, expected, 'Digest result incorrect' ) - - def testMd2(self): - 'Generate and check MD2 hash' - self._symmetricGeneralTest( POW.MD2_DIGEST, 'O9VUpKqYAHkCgPyAkclL8g==\n' ) - - def testMd5(self): - 'Generate and check MD5 hash' - self._symmetricGeneralTest( POW.MD5_DIGEST, 'kzb1VPPjrYNNA0gwsoKsQw==\n' ) - - def testSha(self): - 'Generate and check SHA hash' - self._symmetricGeneralTest( POW.SHA_DIGEST, 'ptkIj1ilu9oFTFbP3A6o3KuJL+Q=\n') - - def testSha1(self): - 'Generate and check SHA1 hash' - self._symmetricGeneralTest( POW.SHA1_DIGEST, '7zk06ujVcAWhzREYzY4s4lCw4WQ=\n' ) - - def testRipemd160(self): - 'Generate and check RIPEMD160 hash' - self._symmetricGeneralTest( POW.RIPEMD160_DIGEST, 'R+ve9PdUxqr45duMhG8CBQiahkU=\n' ) - -#--------------- Hash test case ---------------# -#--------------- Hmac test case ---------------# - -class HmacTestCase(unittest.TestCase): - 'HMAC algorithm tests' - - plainText = 'My extremely silly pass phrase!' - password = 'Puny pass word' - - def _symmetricGeneralTest(self, type, expected=None): - hmac = POW.Hmac( type, self.password ) - hmac.update( self.plainText ) - b64Text = base64.encodestring( hmac.mac() ) - self.failUnlessEqual( b64Text, expected, 'HMAC result incorrect' ) - - def testHmacMd2(self): - 'Generate and check MD2 HMAC' - self._symmetricGeneralTest( POW.MD2_DIGEST, 'UgWmfru6kM68GFn3HMmbeg==\n' ) - - def testHmacMd5(self): - 'Generate and check MD5 HMAC' - self._symmetricGeneralTest( POW.MD5_DIGEST, '+l1oP2UbL0dW7L51lw2LSg==\n' ) - - def testHmacSha(self): - 'Generate and check SHA HMAC' - self._symmetricGeneralTest( POW.SHA_DIGEST, 'xuLEZcpj96p2Uo0/Ief1zjUdJdM=\n') - - def testHmacSha1(self): - 'Generate and check SHA1 HMAC' - self._symmetricGeneralTest( POW.SHA1_DIGEST, 'nnT7qPYMHjJ46JXQWmR/Ap0XK2E=\n' ) - - def testHmacRipemd160(self): - 'Generate and check RIPEMD160 HMAC' - self._symmetricGeneralTest( POW.RIPEMD160_DIGEST, 'AeSjVffp5FPIBBtabpD/nwVDz/s=\n' ) - -#--------------- Hmac test case ---------------# -#--------------- Symmetric cipher test case ---------------# - -class SymmetricTestCase(unittest.TestCase): - 'Symmetric algorithm tests' - - password = 'Hello :)' - - plainText = ''' -# Basic system aliases that MUST be present. -postmaster: root -mailer-daemon: postmaster - -# amavis -virusalert: root - -# General redirections for pseudo accounts in /etc/passwd. -administrator: root -daemon: root -lp: root -news: root -uucp: root -games: root -man: root -at: root -postgres: root -mdom: root -amanda: root -ftp: root -wwwrun: root -squid: root -msql: root -gnats: root -nobody: root -''' - - plainText = 'Hello World' - - def _symmetricGeneralTest(self, type): - symmetric = POW.Symmetric( type ) - symmetric.encryptInit( self.password ) - cipherText = symmetric.update( self.plainText ) + symmetric.final() - symmetric.decryptInit( self.password ) - decipheredText = symmetric.update( cipherText ) + symmetric.final() - self.failUnlessEqual( self.plainText, decipheredText, 'decrypted cipher text not equal to original text' ) - - def testDES_ECB(self): - 'Generate and check DES_ECB encrypted text' - self._symmetricGeneralTest( POW.DES_ECB ) - - def testDES_EDE(self): - 'Generate and check DES_EDE encrypted text' - self._symmetricGeneralTest( POW.DES_EDE ) - - def testDES_EDE3(self): - 'Generate and check DES_EDE3 encrypted text' - self._symmetricGeneralTest( POW.DES_EDE3 ) - - def testDES_CFB(self): - 'Generate and check DES_CFB encrypted text' - self._symmetricGeneralTest( POW.DES_ECB ) - - def testDES_EDE_CFB(self): - 'Generate and check DES_EDE_CFB encrypted text' - self._symmetricGeneralTest( POW.DES_EDE_CFB ) - - def testDES_EDE3_CFB(self): - 'Generate and check DES_EDE3_CFB encrypted text' - self._symmetricGeneralTest( POW.DES_EDE3_CFB ) - - def testDES_OFB(self): - 'Generate and check DES_OFB encrypted text' - self._symmetricGeneralTest( POW.DES_OFB ) - - def testDES_EDE_OFB(self): - 'Generate and check DES_EDE_OFB encrypted text' - self._symmetricGeneralTest( POW.DES_EDE_OFB ) - - def testDES_EDE3_OFB(self): - 'Generate and check DES_EDE3_OFB encrypted text' - self._symmetricGeneralTest( POW.DES_EDE3_OFB ) - - def testDES_CBC(self): - 'Generate and check DES_CBC encrypted text' - self._symmetricGeneralTest( POW.DES_CBC ) - - def testDES_EDE_CBC(self): - 'Generate and check DES_EDE_CBC encrypted text' - self._symmetricGeneralTest( POW.DES_EDE_CBC ) - - def testDES_EDE3_CBC(self): - 'Generate and check DES_EDE3_CBC encrypted text' - self._symmetricGeneralTest( POW.DES_EDE3_CBC ) - - def testDESX_CBC(self): - 'Generate and check DESX_CBC encrypted text' - self._symmetricGeneralTest( POW.DESX_CBC ) - - def testRC4(self): - 'Generate and check RC4 encrypted text' - self._symmetricGeneralTest( POW.RC4 ) - - def testRC4_40(self): - 'Generate and check RC4_40 encrypted text' - self._symmetricGeneralTest( POW.DES_EDE3_CBC ) - - def testIDEA_ECB(self): - 'Generate and check IDEA_ECB encrypted text' - self._symmetricGeneralTest( POW.IDEA_ECB ) - - def testIDEA_CFB(self): - 'Generate and check IDEA_CFB encrypted text' - self._symmetricGeneralTest( POW.IDEA_CFB ) - - def testIDEA_OFB(self): - 'Generate and check IDEA_OFB encrypted text' - self._symmetricGeneralTest( POW.IDEA_OFB ) - - def testIDEA_CBC(self): - 'Generate and check IDEA_CBC encrypted text' - self._symmetricGeneralTest( POW.IDEA_CBC ) - - def testRC2_ECB(self): - 'Generate and check RC2_ECB encrypted text' - self._symmetricGeneralTest( POW.RC2_ECB ) - - def testRC2_CBC(self): - 'Generate and check RC2_CBC encrypted text' - self._symmetricGeneralTest( POW.RC2_CBC ) - - def testRC2_40_CBC(self): - 'Generate and check RC2_40_CBC encrypted text' - self._symmetricGeneralTest( POW.RC2_40_CBC ) - - def testRC2_CFB(self): - 'Generate and check RC2_CFB encrypted text' - self._symmetricGeneralTest( POW.RC2_CFB ) - - def testRC2_OFB(self): - 'Generate and check RC2_OFB encrypted text' - self._symmetricGeneralTest( POW.RC2_OFB ) - - def testBF_ECB(self): - 'Generate and check BF_ECB encrypted text' - self._symmetricGeneralTest( POW.BF_ECB ) - - def testBF_CBC(self): - 'Generate and check BF_CBC encrypted text' - self._symmetricGeneralTest( POW.BF_CBC ) - - def testBF_CFB(self): - 'Generate and check BF_CFB encrypted text' - self._symmetricGeneralTest( POW.BF_CFB ) - - def testBF_OFB(self): - 'Generate and check BF_OFB encrypted text' - self._symmetricGeneralTest( POW.BF_OFB ) - - def testCAST5_ECB(self): - 'Generate and check CAST5_ECB encrypted text' - self._symmetricGeneralTest( POW.CAST5_ECB ) - - def testCAST5_CBC(self): - 'Generate and check CAST5_CBC encrypted text' - self._symmetricGeneralTest( POW.CAST5_CBC ) - - def testCAST5_CFB(self): - 'Generate and check CAST5_CFB encrypted text' - self._symmetricGeneralTest( POW.CAST5_CFB ) - - def testCAST5_OFB(self): - 'Generate and check CAST5_OFB encrypted text' - self._symmetricGeneralTest( POW.CAST5_OFB ) - - def testRC5_32_12_16_CBC(self): - 'Generate and check CAST5_OFB encrypted text' - self._symmetricGeneralTest( POW.CAST5_OFB ) - - def testRC5_32_12_16_CFB(self): - 'Generate and check CAST5_OFB encrypted text' - self._symmetricGeneralTest( POW.CAST5_OFB ) - - def testRC5_32_12_16_ECB(self): - 'Generate and check CAST5_OFB encrypted text' - self._symmetricGeneralTest( POW.CAST5_OFB ) - - def testRC5_32_12_16_OFB(self): - 'Generate and check CAST5_OFB encrypted text' - self._symmetricGeneralTest( POW.CAST5_OFB ) - -#--------------- Symmetric cipher test case ---------------# -#--------------- Asymmetric cipher test case ---------------# - -class AsymmetricUtilities: - - keys = { 'client' : { 'priv' : 'working/key1Priv', 'pub' : 'working/key1Pub' }, - 'server' : { 'priv' : 'working/key2Priv', 'pub' : 'working/key2Pub' }, - 'ca' : { 'priv' : 'working/key3Priv', 'pub' : 'working/key3Pub' }, - 'ca2' : { 'priv' : 'working/key4Priv', 'pub' : 'working/key4Pub' }, - 'ca3' : { 'priv' : 'working/key5Priv', 'pub' : 'working/key5Pub' }, - 'server2': { 'priv' : 'working/key6Priv', 'pub' : 'working/key6Pub' } } - - password = 'Silly password' - - def prepCiphers(self): - for entity in self.keys.keys(): - self.makeCipher(entity) - - def unPrepCiphers(self): - for entity in self.keys.keys(): - self.remCipher(entity) - - def getCipher(self, entry): - privFile = open( self.keys[entry]['priv'] ) - pubFile = open( self.keys[entry]['pub'] ) - priv = POW.pemRead( POW.RSA_PRIVATE_KEY,privFile.read(), self.password ) - pub = POW.pemRead( POW.RSA_PUBLIC_KEY, pubFile.read() ) - privFile.close() - pubFile.close() - return (pub, priv) - - def makeCipher(self, entry): - cipher = POW.Asymmetric() - privFile = open( self.keys[entry]['priv'], 'w' ) - pubFile = open( self.keys[entry]['pub'], 'w' ) - privFile.write( cipher.pemWrite( POW.RSA_PRIVATE_KEY, POW.DES_EDE3_CFB, self.password ) ) - pubFile.write( cipher.pemWrite( POW.RSA_PUBLIC_KEY ) ) - privFile.close() - pubFile.close() - - def remCipher(self, entry): - try: os.remove( self.keys[entry]['priv'] ) - except: pass - try: os.remove( self.keys[entry]['pub'] ) - except: pass - -class AsymmetricTestCase(unittest.TestCase): - 'Asymmetric algorithm tests' - - plainText = 'A little text to encrypt!' - - def testPemIo(self): - 'Read and write ciphers in PEM format' - cipher = ciphers.getCipher('client') - public = cipher[0] - private = cipher[1] - pub = public.pemWrite( POW.RSA_PUBLIC_KEY ) - public2 = POW.pemRead( POW.RSA_PUBLIC_KEY, pub ) - priv = private.pemWrite( POW.RSA_PRIVATE_KEY ) - private2 = POW.pemRead( POW.RSA_PRIVATE_KEY, priv ) - priv = private.pemWrite( POW.RSA_PRIVATE_KEY, POW.DES_EDE3_CFB, 'password' ) - private2 = POW.pemRead( POW.RSA_PRIVATE_KEY, priv, 'password' ) - cipherText = public2.publicEncrypt( self.plainText ) - deCiphered = private2.privateDecrypt( cipherText ) - self.failUnlessEqual( self.plainText, deCiphered ) - - def testDerIo(self): - 'Read and write ciphers in DER format' - cipher = ciphers.getCipher('client') - publicKey = cipher[0] - privateKey = cipher[1] - pubDer = publicKey.derWrite( POW.RSA_PUBLIC_KEY ) - publicKey2 = POW.derRead( POW.RSA_PUBLIC_KEY, pubDer ) - privDer = privateKey.derWrite( POW.RSA_PRIVATE_KEY ) - privateKey2 = POW.derRead( POW.RSA_PRIVATE_KEY, privDer) - cipherText = publicKey.publicEncrypt( self.plainText ) - deCiphered = privateKey.privateDecrypt( cipherText ) - self.failUnlessEqual( self.plainText, deCiphered ) - - def testPublicEncrypt(self): - 'Encrypt text using public RSA cipher, decrypt and compare' - cipher = ciphers.getCipher('client') - public = cipher[0] - private = cipher[1] - cipherText = public.publicEncrypt( self.plainText ) - deCiphered = private.privateDecrypt( cipherText ) - self.failUnlessEqual( self.plainText, deCiphered ) - - def testPrivateEncrypt(self): - 'Encrypt text using private RSA cipher, decrypt and compare' - cipher = ciphers.getCipher('client') - public = cipher[0] - private = cipher[1] - cipherText = private.privateEncrypt( self.plainText ) - deCiphered = public.publicDecrypt( cipherText ) - self.failUnlessEqual( self.plainText, deCiphered ) - - def testSign(self): - 'Sign text using private RSA cipher and verify' - cipher = ciphers.getCipher('client') - public = cipher[0] - private = cipher[1] - digest = POW.Digest( POW.SHA1_DIGEST ) - digest.update( self.plainText ) - signedText = private.sign( digest.digest(), POW.SHA1_DIGEST ) - self.failUnless( public.verify( signedText, digest.digest(), POW.SHA1_DIGEST ) ) - -#--------------- Asymmetric cipher test case ---------------# -#--------------- X509 test case ---------------# - -class X509Utilities: - - certs = { 'client' : 'working/cert1', - 'server' : 'working/cert2', - 'ca' : 'working/cert3', - 'ca2' : 'working/cert4', - 'ca3' : 'working/cert5', - 'server2': 'working/cert6' } - - clientName = ( ('C', 'GB'), ('ST', 'Hertfordshire'), - ('O', 'The House'), ('CN', 'Client') ) - - serverName = ( ('C', 'GB'), ('ST', 'Hertfordshire'), - ('O', 'The House'), ('CN', 'Server') ) - - caName = ( ('C', 'GB'), ('ST', 'Hertfordshire'), - ('O', 'The House'), ('CN', 'CA') ) - - ca2Name = ( ('C', 'GB'), ('ST', 'Hertfordshire'), - ('O', 'The House'), ('CN', 'CA2') ) - - ca3Name = ( ('C', 'GB'), ('ST', 'Hertfordshire'), - ('O', 'The House'), ('CN', 'CA3') ) - - server2Name = ( ('C', 'GB'), ('ST', 'Hertfordshire'), - ('O', 'The House'), ('CN', 'server2') ) - - notBefore = POW.pkix.time2utc(1005960447) - notAfter = POW.pkix.time2utc(1037496447) - - caSerial = 0 - serverSerial = 1 - clientSerial = 2 - ca2Serial = 3 - ca3Serial = 4 - server2Serial = 5 - - def __init__(self): - self.asymUtils = AsymmetricUtilities() - self.asymUtils.prepCiphers() - - def prepCerts(self): - for cert in self.certs.keys(): - self.makeCert(cert) - - def unPrepCerts(self): - self.asymUtils.unPrepCiphers() - for cert in self.certs.keys(): - self.remCert(cert) - - def getCert(self, entry): - certFile = open( self.certs[entry] ) - cert = POW.pemRead( POW.X509_CERTIFICATE, certFile.read() ) - certFile.close() - return cert - - def makeCert(self, entry): - caCipher = self.asymUtils.getCipher('ca') - ca2Cipher = self.asymUtils.getCipher('ca2') - ca3Cipher = self.asymUtils.getCipher('ca3') - cert = POW.X509() - #cert.setVersion(2) - - if entry == 'server': - serverCipher = self.asymUtils.getCipher('server') - cert.setIssuer( self.caName ) - cert.setSubject( self.serverName ) - cert.setSerial( self.serverSerial ) - cert.setNotBefore( self.notBefore ) - cert.setNotAfter( self.notAfter ) - cert.setPublicKey( serverCipher[1] ) - cert.sign( caCipher[1] ) - - elif entry == 'client': - clientCipher = self.asymUtils.getCipher('client') - cert.setIssuer( self.caName ) - cert.setSubject( self.clientName ) - cert.setSerial( self.clientSerial ) - cert.setNotBefore( self.notBefore ) - cert.setNotAfter( self.notAfter ) - cert.setPublicKey( clientCipher[0] ) - cert.sign( caCipher[1] ) - - elif entry == 'ca': - cert.setIssuer( self.caName ) - cert.setSubject( self.caName ) - cert.setSerial( self.caSerial ) - cert.setNotBefore( self.notBefore ) - cert.setNotAfter( self.notAfter ) - cert.setPublicKey( caCipher[0] ) - cert.sign( caCipher[1] ) - - elif entry == 'ca2': - cert.setIssuer( self.caName ) - cert.setSubject( self.ca2Name ) - cert.setSerial( self.ca2Serial ) - cert.setNotBefore( self.notBefore ) - cert.setNotAfter( self.notAfter ) - cert.setPublicKey( ca2Cipher[0] ) - cert.sign( caCipher[1] ) - - elif entry == 'ca3': - cert.setIssuer( self.ca2Name ) - cert.setSubject( self.ca3Name ) - cert.setSerial( self.ca3Serial ) - cert.setNotBefore( self.notBefore ) - cert.setNotAfter( self.notAfter ) - cert.setPublicKey( ca3Cipher[0] ) - cert.sign( ca2Cipher[1] ) - - elif entry == 'server2': - server2Cipher = self.asymUtils.getCipher('server2') - cert.setIssuer( self.ca3Name ) - cert.setSubject( self.server2Name ) - cert.setSerial( self.server2Serial ) - cert.setNotBefore( self.notBefore ) - cert.setNotAfter( self.notAfter ) - cert.setPublicKey( server2Cipher[0] ) - cert.sign( ca3Cipher[1] ) - - else: - raise Exception, 'Entry should be ca, ca2, server, server2 or client!' - - certFile = open( self.certs[entry], 'w' ) - certFile.write( cert.pemWrite() ) - certFile.close() - - def remCert(self, entry): - try: os.remove( self.certs[entry] ) - except: pass - -class X509TestCase(unittest.TestCase): - 'X509 tests' - - def testPemIo(self): - 'Read and write certificate in PEM format' - serverCert = certs.getCert('server') - cert = serverCert.pemWrite() - cert2 = POW.pemRead( POW.X509_CERTIFICATE, cert ) - serverCert.getIssuer() - - def testDerIo(self): - 'Read and write certificate in DER format' - serverCert = certs.getCert('server') - cert = serverCert.derWrite() - cert2 = POW.derRead( POW.X509_CERTIFICATE, cert ) - serverCert.getIssuer() - - def testIssuer(self): - 'Check the issuer is correct for server cerficate' - serverCert = certs.getCert('server') - self.failUnlessEqual( certs.caName, serverCert.getIssuer() ) - - def testSubject(self): - 'Check the subject is correct for server cerficate' - serverCert = certs.getCert('server') - self.failUnlessEqual( certs.serverName, serverCert.getSubject() ) - - def testVersion(self): - 'Check version number is correct for server cerficate' - serverCert = certs.getCert('server') - self.failUnlessEqual( 1, serverCert.getSerial() ) - - def testSerial(self): - 'Check serial number is correct for server cerficate' - serverCert = certs.getCert('server') - self.failUnlessEqual( certs.serverSerial, serverCert.getSerial() ) - - def testNotBefore(self): - 'Check notBefore date is correct for server cerficate' - serverCert = certs.getCert('server') - self.failUnlessEqual( certs.notBefore, serverCert.getNotBefore() ) - - def testNotAfter(self): - 'Check notAfter date is correct for server cerficate' - serverCert = certs.getCert('server') - self.failUnlessEqual( certs.notAfter, serverCert.getNotAfter() ) - -#--------------- X509 test case ---------------# -#--------------- X509 Store test case ---------------# - -class X509StoreTestCase(unittest.TestCase): - 'X509 Store tests' - - def testVerify(self): - 'Verify server\'s certificate againtst CA certificate' - caCert = certs.getCert('ca') - serverCert = certs.getCert('server') - - store = POW.X509Store() - store.addTrust( caCert ) - self.failUnless( store.verify( serverCert ) ) - - def testVerifyChain(self): - 'Verify chain of certificate againtst CA certificate' - caCert = certs.getCert('ca') - ca2Cert = certs.getCert('ca2') - ca3Cert = certs.getCert('ca3') - server2Cert = certs.getCert('server2') - - store = POW.X509Store() - store.addTrust( caCert ) - self.failUnless( store.verifyChain( server2Cert, [ca3Cert, ca2Cert ]) ) - - -#--------------- X509 Store test case ---------------# -#--------------- X509 Revoked test case ---------------# - -class X509RevokedTestCase(unittest.TestCase): - 'X509 Store tests' - - serial = 7 - revokedOn = POW.pkix.time2utc(1005960447) - - def testRevoked(self): - 'Create X509 revocation and check values are correct' - rev = POW.X509Revoked( self.serial, self.revokedOn ) - self.failUnlessEqual( rev.getDate(), self.revokedOn ) - self.failUnlessEqual( rev.getSerial(), self.serial ) - -#--------------- X509 Revoked test case ---------------# -#--------------- X509 CRL test case ---------------# - -class X509CrlTestCase(unittest.TestCase): - 'X509 CRL tests' - - revocationData = ( ( 1, POW.pkix.time2utc(1005960447) ), - ( 2, POW.pkix.time2utc(1005960448) ), - ( 3, POW.pkix.time2utc(1005960449) ), - ( 4, POW.pkix.time2utc(1005960450) ), - ( 5, POW.pkix.time2utc(1005960451) ) ) - - thisUpdate = POW.pkix.time2utc(1005960447) - nextUpdate = POW.pkix.time2utc(1037496447) - - version = 2 - - def setUp(self): - self.ca = certs.getCert('ca') - self.caCipher = ciphers.getCipher('ca') - - revocations = [] - for rev in self.revocationData: - revocation = POW.X509Revoked( rev[0], rev[1] ) - revocations.append( revocation ) - - self.crl = POW.X509Crl() - self.crl.setVersion( self.version ) - self.crl.setIssuer( self.ca.getIssuer() ) - self.crl.setThisUpdate( self.thisUpdate ) - self.crl.setNextUpdate( self.nextUpdate ) - self.crl.setRevoked( revocations ) - self.crl.sign( self.caCipher[1] ) - - def tearDown(self): - del self.ca - del self.caCipher - del self.crl - - def testPemIo(self): - 'Read and write CRL in PEM format' - pemCrl = self.crl.pemWrite() - newCrl = POW.pemRead( POW.X509_CRL, pemCrl ) - self.failUnlessEqual( self.version, newCrl.getVersion() ) - - def testDerIo(self): - 'Read and write CRL in DER format' - derCrl = self.crl.derWrite() - newCrl = POW.derRead( POW.X509_CRL, derCrl ) - self.failUnlessEqual( self.version, newCrl.getVersion() ) - - def testVersion(self): - 'Create CRL and check version number is correct' - self.failUnlessEqual( self.version, self.crl.getVersion() ) - - def testIssuer(self): - 'Create CRL and check issuer name is correct' - self.failUnlessEqual( self.ca.getIssuer(), self.crl.getIssuer() ) - - def testThisUpdate(self): - 'Create CRL and check thisUpdate is correct' - self.failUnlessEqual( self.thisUpdate, self.crl.getThisUpdate() ) - - def testNextUpdate(self): - 'Create CRL and check nextUpdate is correct' - self.failUnlessEqual( self.nextUpdate, self.crl.getNextUpdate() ) - - def testRevoked(self): - 'Create CRL and check list of revoked objects is correct' - revokedCerts = self.crl.getRevoked() - for i in range( len(revokedCerts) ): - revocation = revokedCerts[i] - serial = revocation.getSerial() - date = revocation.getDate() - index = serial - 1 - self.failUnlessEqual( self.revocationData[index][0], serial ) - self.failUnlessEqual( self.revocationData[index][1], date ) - - - - def crlIssuerAltNameTest(self): - 'CRL Issuer Alt Name tests' - - n1 = ('directoryName', ( (( o2i('countryName'), ('printableString', 'UK') ),), - (( o2i('stateOrProvinceName'), ('printableString', 'Herts') ),), - (( o2i('organizationName'), ('printableString', 'The House') ),), - (( o2i('commonName'), ('printableString', 'Shannon Works') ),) ) ) - - n2 = ('rfc822Name', 'peter_shannon@yahoo.com') - n3 = ('uri', 'http://www.p-s.org.uk') - n4 = ('iPAddress', POW.pkix.ip42oct(192,168,100,51)) - - issuer = POW.pkix.IssuerAltName() - issuer.set([n1,n2,n3,n4]) - self.crl.addExtension( 'issuerAltName', 0, issuer.toString() ) - issuer = POW.pkix.IssuerAltName() - issuer.fromString( self.crl.getExtension(0)[2] ) - values = issuer.get() - self.failUnless( values == (n1,n2,n3,n4), 'generalNames are incorrect') - - def crlExtensionManipulationTest(self): - 'Extension manipulation for CRL object tests' - - n1 = ('directoryName', ( (( o2i('countryName'), ('printableString', 'UK') ),), - (( o2i('stateOrProvinceName'), ('printableString', 'Herts') ),), - (( o2i('organizationName'), ('printableString', 'The House') ),), - (( o2i('commonName'), ('printableString', 'Shannon Works') ),) ) ) - - n2 = ('rfc822Name', 'peter_shannon@yahoo.com') - n3 = ('uri', 'http://www.p-s.org.uk') - n4 = ('iPAddress', POW.pkix.ip42oct(192,168,100,51)) - - issuer = POW.pkix.IssuerAltName() - issuer.set((n1,n2,n3,n4)) - self.crl.addExtension( 'issuerAltName', 0, issuer.toString() ) - self.crl.addExtension( 'issuerAltName', 0, issuer.toString() ) - self.failUnless( self.crl.countExtensions() == 2, 'CRL should have 2 any extensions') - self.crl.clearExtensions() - self.failUnless( self.crl.countExtensions() == 0, 'CRL should have no extensions') - self.crl.addExtension( 'issuerAltName', 0, issuer.toString() ) - - issuer = POW.pkix.IssuerAltName() - issuer.fromString( self.crl.getExtension(0)[2] ) - self.failUnless( issuer.get() == (n1,n2,n3,n4), 'incorrect extension handling ') - - - issuer = POW.pkix.IssuerAltName() - issuer.fromString( self.crl.getExtension(0)[2] ) - values = issuer.get() - self.failUnless( values == (n1,n2,n3,n4), 'generalNames are incorrect') - - def revExtensionManipulationTest(self): - 'Extension manipulation for CRL revocation object tests' - invalid = POW.pkix.InvalidityDate() - invalid.set( POW.pkix.time2gen(time.time()) ) - reason = POW.pkix.CrlReason() - reason.set(1) - - revdata = self.revocationData[0] - revo = POW.X509Revoked( revdata[0], revdata[1] ) - revo.addExtension( 'invalidityDate', 0, invalid.toString() ) - revo.addExtension( 'CRLReason', 0, reason.toString() ) - self.failUnless( revo.countExtensions() == 2, 'revocation should have 2 any extensions') - revo.clearExtensions() - self.failUnless( revo.countExtensions() == 0, 'revocation should have no extensions') - revo.addExtension( 'CRLReason', 0, reason.toString() ) - revo.addExtension( 'invalidityDate', 0, invalid.toString() ) - reason = POW.pkix.CrlReason() - reason.fromString( revo.getExtension(0)[2] ) - self.failUnless( reason.get() == 1, 'incorrect extension handling ') - - def revocationExtensionTest(self): - 'CRL Revocation Extension tests' - self.ca = certs.getCert('ca') - self.caCipher = ciphers.getCipher('ca') - - revocations = [] - invalid = POW.pkix.InvalidityDate() - invalid.set( POW.pkix.time2gen(time.time()) ) - reason = POW.pkix.CrlReason() - reason.set(1) - for rev in self.revocationData: - revocation = POW.X509Revoked( rev[0], rev[1] ) - revocation.addExtension( 'invalidityDate', 0, invalid.toString() ) - revocation.addExtension( 'CRLReason', 0, reason.toString() ) - revocations.append( revocation ) - - self.crl = POW.X509Crl() - self.crl.setVersion( self.version ) - self.crl.setIssuer( self.ca.getIssuer() ) - self.crl.setThisUpdate( self.thisUpdate ) - self.crl.setNextUpdate( self.nextUpdate ) - self.crl.setRevoked( revocations ) - self.crl.sign( self.caCipher[1] ) - - - -#--------------- X509 CRL test case ---------------# -#--------------- SSL test case ---------------# - -serverPort = 7777 -clientMsg = 'Message from client to server...' -serverMsg = 'Message from server to client...' - -def serverCertKey(): - cert = certs.getCert('server') - key = ciphers.getCipher('server')[1] - return cert, key - -def clientCertKey(): - cert = certs.getCert('client') - key = ciphers.getCipher('client')[1] - return cert, key - -class SimpleSslServer: - - def __init__(self, test): - cert, key = serverCertKey() - ssl = POW.Ssl( POW.SSLV23_SERVER_METHOD ) - ssl.useCertificate(cert) - ssl.useKey(key) - - sock = socket.socket( socket.AF_INET, socket.SOCK_STREAM ) - sock.bind( ('', serverPort) ) - sock.listen(1) - conn, addr = sock.accept() - sock.shutdown(0) - sock.close() - ssl.setFd( conn.fileno() ) - ssl.accept() - - msg = ssl.read() - ssl.write(serverMsg) - - while 1: - try: ssl.shutdown(); break - except: time.sleep(1) - - conn.shutdown(0) - conn.close() - test.failUnlessEqual( clientMsg, msg, 'client/server communication failiure' ) - -class ValidatingSslServer: - - def __init__(self, test): - cert, key = serverCertKey() - ssl = POW.Ssl( POW.SSLV23_SERVER_METHOD ) - ssl.useCertificate(cert) - ssl.useKey(key) - ssl.setVerifyMode( POW.SSL_VERIFY_PEER ) - - store = POW.X509Store() - store.addTrust( certs.getCert('ca') ) - - sock = socket.socket( socket.AF_INET, socket.SOCK_STREAM ) - sock.bind( ('', serverPort) ) - sock.listen(1) - conn, addr = sock.accept() - sock.shutdown(0) - sock.close() - ssl.setFd( conn.fileno() ) - ssl.accept() - - clientCert = ssl.peerCertificate() - - msg = ssl.read() - ssl.write(serverMsg) - - while 1: - try: ssl.shutdown(); break - except: time.sleep(1) - - conn.shutdown(0) - conn.close() - test.failUnless( store.verify( clientCert ), 'client certificate failed verification' ) - -class SslClient: - - def __init__(self, test): - cert, key = clientCertKey() - ssl = POW.Ssl( POW.SSLV23_CLIENT_METHOD ) - ssl.useCertificate(cert) - ssl.useKey(key) - sock = socket.socket( socket.AF_INET, socket.SOCK_STREAM ) - sock.connect( ('', serverPort) ) - ssl.setFd( sock.fileno() ) - ssl.connect() - - ssl.write(clientMsg) - ssl.read() - - while 1: - try: ssl.shutdown(); break - except: time.sleep(1) - - sock.shutdown(0) - sock.close() - -class ValidatingSslClient: - - def __init__(self, test): - cert, key = clientCertKey() - ssl = POW.Ssl( POW.SSLV23_CLIENT_METHOD ) - ssl.useCertificate(cert) - ssl.useKey(key) - ssl.setVerifyMode( POW.SSL_VERIFY_PEER ) - - store = POW.X509Store() - store.addTrust( certs.getCert('ca') ) - - sock = socket.socket( socket.AF_INET, socket.SOCK_STREAM ) - sock.connect( ('', serverPort) ) - ssl.setFd( sock.fileno() ) - ssl.connect() - - serverCert = ssl.peerCertificate() - - ssl.write(clientMsg) - ssl.read() - - while 1: - try: ssl.shutdown(); break - except: time.sleep(1) - - sock.shutdown(0) - sock.close() - test.failUnless( store.verify( serverCert ), 'client certificate failed verification' ) - - - -class SslTestCase(unittest.TestCase): - 'SSL tests' - - def testSimple(self): - '''Test client/server communication over SSL''' - global serverPort - serverPort += 1 - pid = os.fork() - if pid: - time.sleep(1) - SimpleSslServer(self) - else: - time.sleep(3) - SslClient(self) - os._exit(0) - - def testClientValidation(self): - '''Request and validate client certificate''' - global serverPort - serverPort += 1 - pid = os.fork() - if pid: - time.sleep(1) - ValidatingSslServer(self) - else: - time.sleep(3) - SslClient(self) - os._exit(0) - - def testServerValidation(self): - '''Request and validate server certificate''' - global serverPort - serverPort += 1 - pid = os.fork() - if pid: - time.sleep(3) - ValidatingSslClient(self) - else: - time.sleep(1) - SimpleSslServer(self) - os._exit(0) - -#--------------- SSL test case ---------------# -#--------------- Test suite generators ---------------# - -def derEncodingTests(): - suite = unittest.TestSuite() - suite.addTest( DerEncodingTestCase('integerTest') ) - suite.addTest( DerEncodingTestCase('oidTest') ) - suite.addTest( DerEncodingTestCase('booleanTest') ) - suite.addTest( DerEncodingTestCase('bitStringTest') ) - return suite - -def complexDerTests(): - suite = unittest.TestSuite() - suite.addTest( ComplexDerTestCase('emptySeqTest') ) - suite.addTest( ComplexDerTestCase('seqOfSimpleTest') ) - suite.addTest( ComplexDerTestCase('seqOfSeqTest') ) - suite.addTest( ComplexDerTestCase('seqOfSimpleWithOptionalTest') ) - suite.addTest( ComplexDerTestCase('seqOfSimpleWithDefaultTest') ) - suite.addTest( ComplexDerTestCase('seqOfOptionalSeqTest') ) - suite.addTest( ComplexDerTestCase('seqOfPartiallySetOptionalSeqTest') ) - suite.addTest( ComplexDerTestCase('defaultSeqTest') ) - suite.addTest( ComplexDerTestCase('sequenceOfChoiceTest') ) - suite.addTest( ComplexDerTestCase('seqOfDefaultSeqTest') ) - suite.addTest( ComplexDerTestCase('sequenceOfSimpleTest') ) - suite.addTest( ComplexDerTestCase('defaultSequenceOfTest') ) - suite.addTest( ComplexDerTestCase('sequenceOfDefaultSequenceOfTest') ) - suite.addTest( ComplexDerTestCase('optionalSequenceOfTest') ) - suite.addTest( ComplexDerTestCase('sequenceOfOptionalSequenceOfTest') ) - suite.addTest( ComplexDerTestCase('basicExplicitTest') ) - suite.addTest( ComplexDerTestCase('defaultExplicitTest') ) - suite.addTest( ComplexDerTestCase('optionalExplicitTest') ) - suite.addTest( ComplexDerTestCase('basicChoiceTest') ) - suite.addTest( ComplexDerTestCase('defaultChoiceTest') ) - suite.addTest( ComplexDerTestCase('optionalChoiceTest') ) - suite.addTest( ComplexDerTestCase('choiceWithDefaultElementTest') ) - return suite - -def pkixTests(): - suite = unittest.TestSuite() - suite.addTest( PkixTestCase('validityTest') ) - suite.addTest( PkixTestCase('directoryStringTest') ) - suite.addTest( PkixTestCase('attributeTypeAndValueTest') ) - suite.addTest( PkixTestCase('x509v2Test') ) - suite.addTest( PkixTestCase('basicConstraintsTest') ) - suite.addTest( PkixTestCase('generalNameTest') ) - suite.addTest( PkixTestCase('x509v3Test') ) - suite.addTest( PkixTestCase('crlv1Test') ) - return suite - -def x509ExtensionSuite(): - suite = unittest.TestSuite() - suite.addTest( ExtensionsTestCase('extensionManipulationTest') ) - suite.addTest( ExtensionsTestCase('basicConstraintTest') ) - suite.addTest( ExtensionsTestCase('privateKeyUsagePeriodTest') ) - suite.addTest( ExtensionsTestCase('keyUsageTest') ) - suite.addTest( ExtensionsTestCase('issuerAltNameTest') ) - suite.addTest( ExtensionsTestCase('subjectAltNameTest') ) - suite.addTest( ExtensionsTestCase('certPolicyTest') ) - return suite - -def hashSuite(): - suite = unittest.TestSuite() - suite.addTest( HashTestCase('testMd2') ) - suite.addTest( HashTestCase('testMd5') ) - suite.addTest( HashTestCase('testSha') ) - suite.addTest( HashTestCase('testSha1') ) - suite.addTest( HashTestCase('testRipemd160') ) - return suite - -def hmacSuite(): - suite = unittest.TestSuite() - suite.addTest( HmacTestCase('testHmacMd2') ) - suite.addTest( HmacTestCase('testHmacMd5') ) - suite.addTest( HmacTestCase('testHmacSha') ) - suite.addTest( HmacTestCase('testHmacSha1') ) - suite.addTest( HmacTestCase('testHmacRipemd160') ) - return suite - -def symmetricSuite(): - suite = unittest.TestSuite() - if 'DES_ECB' in POW.__dict__.keys(): - suite.addTest( SymmetricTestCase('testDES_ECB') ) - if 'DES_EDE' in POW.__dict__.keys(): - suite.addTest( SymmetricTestCase('testDES_EDE') ) - if 'DES_EDE3' in POW.__dict__.keys(): - suite.addTest( SymmetricTestCase('testDES_EDE3') ) - if 'DES_CFB' in POW.__dict__.keys(): - suite.addTest( SymmetricTestCase('testDES_CFB') ) - if 'DES_EDE_CFB' in POW.__dict__.keys(): - suite.addTest( SymmetricTestCase('testDES_EDE_CFB') ) - if 'DES_EDE3_CFB' in POW.__dict__.keys(): - suite.addTest( SymmetricTestCase('testDES_EDE3_CFB') ) - if 'DES_OFB' in POW.__dict__.keys(): - suite.addTest( SymmetricTestCase('testDES_OFB') ) - if 'DES_EDE_OFB' in POW.__dict__.keys(): - suite.addTest( SymmetricTestCase('testDES_EDE_OFB') ) - if 'DES_EDE3_OFB' in POW.__dict__.keys(): - suite.addTest( SymmetricTestCase('testDES_EDE3_OFB') ) - if 'DES_CBC' in POW.__dict__.keys(): - suite.addTest( SymmetricTestCase('testDES_CBC') ) - if 'DES_EDE_CBC' in POW.__dict__.keys(): - suite.addTest( SymmetricTestCase('testDES_EDE_CBC') ) - if 'DES_EDE3_CBC' in POW.__dict__.keys(): - suite.addTest( SymmetricTestCase('testDES_EDE3_CBC') ) - if 'DESX_CBC' in POW.__dict__.keys(): - suite.addTest( SymmetricTestCase('testDESX_CBC') ) - if 'RC4' in POW.__dict__.keys(): - suite.addTest( SymmetricTestCase('testRC4') ) - if 'RC4_40' in POW.__dict__.keys(): - suite.addTest( SymmetricTestCase('testRC4_40') ) - if 'IDEA_ECB' in POW.__dict__.keys(): - suite.addTest( SymmetricTestCase('testIDEA_ECB') ) - if 'IDEA_CFB' in POW.__dict__.keys(): - suite.addTest( SymmetricTestCase('testIDEA_CFB') ) - if 'IDEA_OFB' in POW.__dict__.keys(): - suite.addTest( SymmetricTestCase('testIDEA_OFB') ) - if 'IDEA_CBC' in POW.__dict__.keys(): - suite.addTest( SymmetricTestCase('testIDEA_CBC') ) - if 'RC2_ECB' in POW.__dict__.keys(): - suite.addTest( SymmetricTestCase('testRC2_ECB') ) - if 'RC2_CBC' in POW.__dict__.keys(): - suite.addTest( SymmetricTestCase('testRC2_CBC') ) - if 'RC2_40_CBC' in POW.__dict__.keys(): - suite.addTest( SymmetricTestCase('testRC2_40_CBC') ) - if 'RC2_CFB' in POW.__dict__.keys(): - suite.addTest( SymmetricTestCase('testRC2_CFB') ) - if 'RC2_OFB' in POW.__dict__.keys(): - suite.addTest( SymmetricTestCase('testRC2_OFB') ) - if 'BF_ECB' in POW.__dict__.keys(): - suite.addTest( SymmetricTestCase('testBF_ECB') ) - if 'BF_CBC' in POW.__dict__.keys(): - suite.addTest( SymmetricTestCase('testBF_CBC') ) - if 'BF_CFB' in POW.__dict__.keys(): - suite.addTest( SymmetricTestCase('testBF_CFB') ) - if 'BF_OFB' in POW.__dict__.keys(): - suite.addTest( SymmetricTestCase('testBF_OFB') ) - if 'CAST5_ECB' in POW.__dict__.keys(): - suite.addTest( SymmetricTestCase('testCAST5_ECB') ) - if 'CAST5_CBC' in POW.__dict__.keys(): - suite.addTest( SymmetricTestCase('testCAST5_CBC') ) - if 'CAST5_CFB' in POW.__dict__.keys(): - suite.addTest( SymmetricTestCase('testCAST5_CFB') ) - if 'CAST5_OFB' in POW.__dict__.keys(): - suite.addTest( SymmetricTestCase('testCAST5_OFB') ) - if 'RC5_32_12_16_CBC' in POW.__dict__.keys(): - suite.addTest( SymmetricTestCase('testRC5_32_12_16_CBC') ) - if 'RC5_32_12_16_CFB' in POW.__dict__.keys(): - suite.addTest( SymmetricTestCase('testRC5_32_12_16_CFB') ) - if 'RC6_32_12_16_ECB' in POW.__dict__.keys(): - suite.addTest( SymmetricTestCase('testRC5_32_12_16_ECB') ) - if 'RC5_32_12_16_OFB' in POW.__dict__.keys(): - suite.addTest( SymmetricTestCase('testRC5_32_12_16_OFB') ) - return suite - -def asymmetricSuite(): - suite = unittest.TestSuite() - suite.addTest( AsymmetricTestCase('testPemIo') ) - suite.addTest( AsymmetricTestCase('testDerIo') ) - suite.addTest( AsymmetricTestCase('testPublicEncrypt') ) - suite.addTest( AsymmetricTestCase('testPrivateEncrypt') ) - suite.addTest( AsymmetricTestCase('testSign') ) - return suite - -def x509Suite(): - suite = unittest.TestSuite() - suite.addTest( X509TestCase('testPemIo') ) - suite.addTest( X509TestCase('testDerIo') ) - suite.addTest( X509TestCase('testIssuer') ) - suite.addTest( X509TestCase('testSubject') ) - suite.addTest( X509TestCase('testVersion') ) - suite.addTest( X509TestCase('testSerial') ) - suite.addTest( X509TestCase('testNotBefore') ) - suite.addTest( X509TestCase('testNotAfter') ) - return suite - -def x509StoreSuite(): - suite = unittest.TestSuite() - suite.addTest( X509StoreTestCase('testVerify') ) - suite.addTest( X509StoreTestCase('testVerifyChain') ) - return suite - -def x509RevokedSuite(): - suite = unittest.TestSuite() - suite.addTest( X509RevokedTestCase('testRevoked') ) - return suite - -def x509CrlSuite(): - suite = unittest.TestSuite() - suite.addTest( X509CrlTestCase('testPemIo') ) - suite.addTest( X509CrlTestCase('testDerIo') ) - suite.addTest( X509CrlTestCase('testVersion') ) - suite.addTest( X509CrlTestCase('testIssuer') ) - suite.addTest( X509CrlTestCase('testThisUpdate') ) - suite.addTest( X509CrlTestCase('testNextUpdate') ) - suite.addTest( X509CrlTestCase('testRevoked') ) - suite.addTest( X509CrlTestCase('crlIssuerAltNameTest') ) - suite.addTest( X509CrlTestCase('revExtensionManipulationTest') ) - suite.addTest( X509CrlTestCase('revocationExtensionTest') ) - suite.addTest( X509CrlTestCase('crlExtensionManipulationTest') ) - return suite - -def sslSuite(): - suite = unittest.TestSuite() - suite.addTest( SslTestCase('testSimple') ) - suite.addTest( SslTestCase('testClientValidation') ) - suite.addTest( SslTestCase('testServerValidation') ) - return suite - -#--------------- Test suite generators ---------------# -#--------------- main ---------------# - -if __name__ == '__main__': - print '\n\tGenerating RSA keys and certificates to use for testing...\n' - - certs = X509Utilities() - ciphers = certs.asymUtils - certs.prepCerts() - - runner = unittest.TextTestRunner( sys.stderr, 1, 2) - runner.run( derEncodingTests() ) - runner.run( complexDerTests() ) - runner.run( pkixTests() ) - runner.run( hashSuite() ) - runner.run( hmacSuite() ) - runner.run( symmetricSuite() ) - runner.run( asymmetricSuite() ) - runner.run( x509Suite() ) - runner.run( x509StoreSuite() ) - runner.run( x509RevokedSuite() ) - runner.run( x509CrlSuite() ) - runner.run( x509ExtensionSuite() ) - if sys.platform != 'win32': - runner.run( sslSuite() ) - - certs.unPrepCerts() - -#--------------- main ---------------# |