Improve Python allowed_usage and add tests

Add tests for Python verify function
author: Pavol Žáčik <[email protected]> 2019-10-21 14:01:44 +0200
committer: Pavol Žáčik <[email protected]> 2019-10-22 19:15:29 +0200
commit: ec0fe8ee448b5f76f9d40c56fcbbce26c8869ccc (patch)
tree: cc0c52a85215d369892dc5f132b0a868a105d1d6 /src
parent: 430e6c7c1236dfed90821e75b3909264b55bb00e (diff)
2 files changed, 55 insertions, 4 deletions
diff --git a/src/python/botan2.py b/src/python/botan2.py
index 3f7e54ae5..f7617b8c4 100755
--- a/src/python/botan2.py
+++ b/src/python/botan2.py
@@ -1352,8 +1352,24 @@ class X509Cert(object): # pylint: disable=invalid-name
     def not_after(self):
         return _call_fn_returning_sz(lambda l: _DLL.botan_x509_cert_not_after(self.__obj, l))
 
-    def allowed_usage(self, usage):
-        rc = _DLL.botan_x509_cert_allowed_usage(self.__obj, usage)
+    def allowed_usage(self, usage_list):
+        usage_values = {"NO_CONSTRAINTS": 0,
+                        "DIGITAL_SIGNATURE": 32768,
+                        "NON_REPUDIATION": 16384,
+                        "KEY_ENCIPHERMENT": 8192,
+                        "DATA_ENCIPHERMENT": 4096,
+                        "KEY_AGREEMENT": 2048,
+                        "KEY_CERT_SIGN": 1024,
+                        "CRL_SIGN": 512,
+                        "ENCIPHER_ONLY": 256,
+                        "DECIPHER_ONLY": 128}
+        usage = 0
+        for u in usage_list:
+            if u not in usage_values:
+                return False
+            usage += usage_values[u]
+
+        rc = _DLL.botan_x509_cert_allowed_usage(self.__obj, c_uint(usage))
         return rc == 0
 
     def get_obj(self):
@@ -1362,7 +1378,7 @@ class X509Cert(object): # pylint: disable=invalid-name
     def verify(self,
                intermediates,
                trusted,
-               trusted_path,
+               trusted_path="",
                required_strength=0,
                hostname="",
                reference_time=0):
diff --git a/src/scripts/test_python.py b/src/scripts/test_python.py
index e860df358..00209ef56 100644
--- a/src/scripts/test_python.py
+++ b/src/scripts/test_python.py
@@ -442,7 +442,7 @@ ofvkP1EDmpx50fHLawIDAQAB
             self.assertEqual(a_pem, new_a.to_pem())
 
     def test_certs(self):
-        cert = botan2.X509Cert(filename="src/tests/data/x509/ecc/CSCA.CSCA.csca-germany.1.crt")
+        cert = botan2.X509Cert("src/tests/data/x509/ecc/CSCA.CSCA.csca-germany.1.crt")
         pubkey = cert.subject_public_key()
 
         self.assertEqual(pubkey.algo_name(), 'ECDSA')
@@ -463,6 +463,41 @@ ofvkP1EDmpx50fHLawIDAQAB
 
         self.assertTrue(cert.to_string().startswith("Version: 3"))
 
+        self.assertEqual(cert.issuer_dn('Name', 0), 'csca-germany')
+        self.assertEqual(cert.issuer_dn('Organization', 0), 'bund')
+        self.assertEqual(cert.issuer_dn('Organizational Unit', 0), 'bsi')
+        self.assertEqual(cert.issuer_dn('Country', 0), 'DE')
+
+        self.assertTrue(cert.hostname_match('csca-germany'))
+        self.assertFalse(cert.hostname_match('csca-slovakia'))
+
+        self.assertEqual(cert.not_before(), 1184858838)
+        self.assertEqual(cert.not_after(), 1831907880)
+
+        self.assertTrue(cert.allowed_usage(["CRL_SIGN", "KEY_CERT_SIGN"]))
+        self.assertTrue(cert.allowed_usage(["KEY_CERT_SIGN"]))
+        self.assertFalse(cert.allowed_usage(["DIGITAL_SIGNATURE"]))
+        self.assertFalse(cert.allowed_usage(["DIGITAL_SIGNATURE", "CRL_SIGN"]))
+
+        root = botan2.X509Cert("src/tests/data/x509/nist/root.crt")
+
+        int09 = botan2.X509Cert("src/tests/data/x509/nist/test09/int.crt")
+        end09 = botan2.X509Cert("src/tests/data/x509/nist/test09/end.crt")
+        self.assertEqual(end09.verify([int09], [root]), 2001)
+
+        end04 = botan2.X509Cert("src/tests/data/x509/nist/test04/end.crt")
+        int04_1 = botan2.X509Cert("src/tests/data/x509/nist/test04/int1.crt")
+        int04_2 = botan2.X509Cert("src/tests/data/x509/nist/test04/int2.crt")
+        self.assertEqual(end04.verify([int04_1, int04_2], [], "src/tests/data/x509/nist/", required_strength=80), 0)
+        self.assertEqual(end04.verify([int04_1, int04_2], [], required_strength=80), 3000)
+        self.assertEqual(end04.verify([int04_1, int04_2], [root], required_strength=80, hostname="User1-CP.02.01"), 0)
+        self.assertEqual(end04.verify([int04_1, int04_2], [root], required_strength=80, hostname="invalid"), 4008)
+        self.assertEqual(end04.verify([int04_1, int04_2], [root], required_strength=80, reference_time=1), 2000)
+
+        self.assertEqual(botan2.X509Cert.validation_status(0), 'Verified')
+        self.assertEqual(botan2.X509Cert.validation_status(3000), 'Certificate issuer not found')
+        self.assertEqual(botan2.X509Cert.validation_status(4008), 'Certificate does not match provided name')
+
     def test_mpi(self):
         # pylint: disable=too-many-statements
         z = botan2.MPI()
author	Pavol Žáčik <[email protected]>	2019-10-21 14:01:44 +0200
committer	Pavol Žáčik <[email protected]>	2019-10-22 19:15:29 +0200
commit	ec0fe8ee448b5f76f9d40c56fcbbce26c8869ccc (patch)
tree	cc0c52a85215d369892dc5f132b0a868a105d1d6 /src
parent	430e6c7c1236dfed90821e75b3909264b55bb00e (diff)