test: add test for PrivateKeyUsagePeriod extension

pyca · Aug 2, 2024 · 1caefef · 1caefef
1 parent 6edf169
commit 1caefef
Show file tree

Hide file tree

Showing 5 changed files with 69 additions and 1 deletion.
diff --git a/src/cryptography/hazmat/_oid.py b/src/cryptography/hazmat/_oid.py
@@ -274,6 +274,7 @@ class AttributeOID:
     ExtensionOID.SUBJECT_DIRECTORY_ATTRIBUTES: "subjectDirectoryAttributes",
     ExtensionOID.SUBJECT_KEY_IDENTIFIER: "subjectKeyIdentifier",
     ExtensionOID.KEY_USAGE: "keyUsage",
+    ExtensionOID.PRIVATE_KEY_USAGE_PERIOD: "privateKeyUsagePeriod",
     ExtensionOID.SUBJECT_ALTERNATIVE_NAME: "subjectAltName",
     ExtensionOID.ISSUER_ALTERNATIVE_NAME: "issuerAltName",
     ExtensionOID.BASIC_CONSTRAINTS: "basicConstraints",

diff --git a/src/cryptography/x509/__init__.py b/src/cryptography/x509/__init__.py
@@ -63,6 +63,7 @@
     PolicyInformation,
     PrecertificateSignedCertificateTimestamps,
     PrecertPoison,
+    PrivateKeyUsagePeriod,
     ReasonFlags,
     SignedCertificateTimestamps,
     SubjectAlternativeName,
@@ -111,6 +112,7 @@
 OID_INHIBIT_ANY_POLICY = ExtensionOID.INHIBIT_ANY_POLICY
 OID_ISSUER_ALTERNATIVE_NAME = ExtensionOID.ISSUER_ALTERNATIVE_NAME
 OID_KEY_USAGE = ExtensionOID.KEY_USAGE
+OID_PRIVATE_KEY_USAGE_PERIOD = ExtensionOID.PRIVATE_KEY_USAGE_PERIOD
 OID_NAME_CONSTRAINTS = ExtensionOID.NAME_CONSTRAINTS
 OID_OCSP_NO_CHECK = ExtensionOID.OCSP_NO_CHECK
 OID_POLICY_CONSTRAINTS = ExtensionOID.POLICY_CONSTRAINTS
@@ -226,6 +228,7 @@
     "PolicyInformation",
     "PrecertPoison",
     "PrecertificateSignedCertificateTimestamps",
+    "PrivateKeyUsagePeriod",
     "PublicKeyAlgorithmOID",
     "RFC822Name",
     "ReasonFlags",

diff --git a/src/rust/src/x509/certificate.rs b/src/rust/src/x509/certificate.rs
@@ -12,7 +12,7 @@ use cryptography_x509::extensions::{
     DistributionPointName, DuplicateExtensionsError, IssuerAlternativeName, KeyUsage,
     MSCertificateTemplate, NameConstraints, PolicyConstraints, PolicyInformation,
     PolicyQualifierInfo, Qualifier, RawExtensions, SequenceOfAccessDescriptions,
-    SequenceOfSubtrees, UserNotice,
+    SequenceOfSubtrees, UserNotice, PrivateKeyUsagePeriod
 };
 use cryptography_x509::extensions::{Extension, SubjectAlternativeName};
 use cryptography_x509::{common, oid};

diff --git a/tests/x509/test_x509.py b/tests/x509/test_x509.py
@@ -4250,6 +4250,10 @@ def test_build_cert_with_rsa_key_too_small(
                 encipher_only=False,
                 decipher_only=False,
             ),
+            x509.PrivateKeyUsagePeriod(
+                not_before=datetime.datetime(2002, 1, 1, 12, 1),
+                not_after=datetime.datetime(2030, 12, 31, 8, 30),
+            ),
             x509.OCSPNoCheck(),
             x509.SubjectKeyIdentifier,
         ],

diff --git a/tests/x509/test_x509_ext.py b/tests/x509/test_x509_ext.py
@@ -1876,6 +1876,65 @@ def test_key_cert_sign_crl_sign(self, backend):
         assert ku.crl_sign is True
 
 
+class TestPrivateKeyUsagePeriodExtension:
+    def test_not_validity(self):
+        with pytest.raises(TypeError):
+            x509.PrivateKeyUsagePeriod("notvalidity")  # type:ignore[arg-type]
+
+    def test_repr(self):
+        period = x509.PrivateKeyUsagePeriod(
+            not_before=datetime.datetime(2012, 1, 1),
+            not_after=datetime.datetime(2013, 1, 1),
+        )
+        ext = x509.Extension(
+            ExtensionOID.PRIVATE_KEY_USAGE_PERIOD, False, period
+        )
+        assert repr(ext) == (
+            "<Extension(oid=<ObjectIdentifier(oid=2.5.29.16, name=privateKeyUsagePeriod)>, "
+            "critical=False, value=<PrivateKeyUsagePeriod(not_before=2012-01-01 00:00:00, "
+            "not_after=2013-01-01 00:00:00)>)>"
+        )
+
+    def test_eq(self):
+        period = x509.PrivateKeyUsagePeriod(
+            not_before=datetime.datetime(2012, 1, 1),
+            not_after=datetime.datetime(2013, 1, 1),
+        )
+        period2 = x509.PrivateKeyUsagePeriod(
+            not_before=datetime.datetime(2012, 1, 1),
+            not_after=datetime.datetime(2013, 1, 1),
+        )
+        assert period == period2
+
+    def test_ne(self):
+        period = x509.PrivateKeyUsagePeriod(
+            not_before=datetime.datetime(2012, 1, 1),
+            not_after=datetime.datetime(2013, 1, 1),
+        )
+        period2 = x509.PrivateKeyUsagePeriod(
+            not_before=datetime.datetime(2012, 1, 1),
+            not_after=datetime.datetime(2014, 1, 1),
+        )
+        assert period != period2
+        assert period != object()
+
+    def test_hash(self):
+        period = x509.PrivateKeyUsagePeriod(
+            not_before=datetime.datetime(2012, 1, 1),
+            not_after=datetime.datetime(2013, 1, 1),
+        )
+        period2 = x509.PrivateKeyUsagePeriod(
+            not_before=datetime.datetime(2012, 1, 1),
+            not_after=datetime.datetime(2013, 1, 1),
+        )
+        period3 = x509.PrivateKeyUsagePeriod(
+            not_before=datetime.datetime(2012, 1, 1),
+            not_after=datetime.datetime(2014, 1, 1),
+        )
+        assert hash(period) == hash(period2)
+        assert hash(period) != hash(period3)
+
+
 class TestDNSName:
     def test_non_a_label(self):
         with pytest.raises(ValueError):
@@ -6320,6 +6379,7 @@ def test_all_extension_oid_members_have_names_defined():
     for oid in dir(ExtensionOID):
         if oid.startswith("__"):
             continue
+        print(getattr(ExtensionOID, oid))
         assert getattr(ExtensionOID, oid) in _OID_NAMES