From e4e7b89fb627b372cde4158ceb7078d8769497cb Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Thu, 29 Nov 2018 11:51:38 +0800
Subject: PKCS12 Basic Parsing (#4553)

* PKCS12 parsing support

* running all the tests is so gauche

* rename func

* various significant fixes

* dangerous idiot here

* move pkcs12

* docs updates

* a bit more prose
---
 tests/hazmat/primitives/test_pkcs12.py | 110 +++++++++++++++++++++++++++++++++
 1 file changed, 110 insertions(+)
 create mode 100644 tests/hazmat/primitives/test_pkcs12.py

(limited to 'tests/hazmat/primitives')

diff --git a/tests/hazmat/primitives/test_pkcs12.py b/tests/hazmat/primitives/test_pkcs12.py
new file mode 100644
index 000000000..85be3b517
--- /dev/null
+++ b/tests/hazmat/primitives/test_pkcs12.py
@@ -0,0 +1,110 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from __future__ import absolute_import, division, print_function
+
+import os
+
+import pytest
+
+from cryptography import x509
+from cryptography.hazmat.backends.interfaces import DERSerializationBackend
+from cryptography.hazmat.primitives.serialization import load_pem_private_key
+from cryptography.hazmat.primitives.serialization.pkcs12 import (
+    load_key_and_certificates
+)
+
+from .utils import load_vectors_from_file
+
+
+@pytest.mark.requires_backend_interface(interface=DERSerializationBackend)
+class TestPKCS12(object):
+    @pytest.mark.parametrize(
+        ("filename", "password"),
+        [
+            ("cert-key-aes256cbc.p12", b"cryptography"),
+            ("cert-none-key-none.p12", b"cryptography"),
+            ("cert-rc2-key-3des.p12", b"cryptography"),
+            ("no-password.p12", None),
+        ]
+    )
+    def test_load_pkcs12_ec_keys(self, filename, password, backend):
+        cert = load_vectors_from_file(
+            os.path.join("x509", "custom", "ca", "ca.pem"),
+            lambda pemfile: x509.load_pem_x509_certificate(
+                pemfile.read(), backend
+            ), mode="rb"
+        )
+        key = load_vectors_from_file(
+            os.path.join("x509", "custom", "ca", "ca_key.pem"),
+            lambda pemfile: load_pem_private_key(
+                pemfile.read(), None, backend
+            ), mode="rb"
+        )
+        parsed_key, parsed_cert, parsed_more_certs = load_vectors_from_file(
+            os.path.join("pkcs12", filename),
+            lambda derfile: load_key_and_certificates(
+                derfile.read(), password, backend
+            ), mode="rb"
+        )
+        assert parsed_cert == cert
+        assert parsed_key.private_numbers() == key.private_numbers()
+        assert parsed_more_certs == []
+
+    def test_load_pkcs12_cert_only(self, backend):
+        cert = load_vectors_from_file(
+            os.path.join("x509", "custom", "ca", "ca.pem"),
+            lambda pemfile: x509.load_pem_x509_certificate(
+                pemfile.read(), backend
+            ), mode="rb"
+        )
+        parsed_key, parsed_cert, parsed_more_certs = load_vectors_from_file(
+            os.path.join("pkcs12", "cert-aes256cbc-no-key.p12"),
+            lambda data: load_key_and_certificates(
+                data.read(), b"cryptography", backend
+            ),
+            mode="rb"
+        )
+        assert parsed_cert is None
+        assert parsed_key is None
+        assert parsed_more_certs == [cert]
+
+    def test_load_pkcs12_key_only(self, backend):
+        key = load_vectors_from_file(
+            os.path.join("x509", "custom", "ca", "ca_key.pem"),
+            lambda pemfile: load_pem_private_key(
+                pemfile.read(), None, backend
+            ), mode="rb"
+        )
+        parsed_key, parsed_cert, parsed_more_certs = load_vectors_from_file(
+            os.path.join("pkcs12", "no-cert-key-aes256cbc.p12"),
+            lambda data: load_key_and_certificates(
+                data.read(), b"cryptography", backend
+            ),
+            mode="rb"
+        )
+        assert parsed_key.private_numbers() == key.private_numbers()
+        assert parsed_cert is None
+        assert parsed_more_certs == []
+
+    def test_non_bytes(self, backend):
+        with pytest.raises(TypeError):
+            load_key_and_certificates(
+                b"irrelevant", object(), backend
+            )
+
+    def test_not_a_pkcs12(self, backend):
+        with pytest.raises(ValueError):
+            load_key_and_certificates(
+                b"invalid", b"pass", backend
+            )
+
+    def test_invalid_password(self, backend):
+        with pytest.raises(ValueError):
+            load_vectors_from_file(
+                os.path.join("pkcs12", "cert-key-aes256cbc.p12"),
+                lambda derfile: load_key_and_certificates(
+                    derfile.read(), b"invalid", backend
+                ), mode="rb"
+            )
-- 
cgit v1.2.3