def test_failed_generation(self):
"""
`PKey.generate_key` takes two arguments, the first giving the key type
as one of `TYPE_RSA` or `TYPE_DSA` and the second giving the number of
bits to generate. If an invalid type is specified or generation fails,
`Error` is raised. If an invalid number of bits is specified,
`ValueError` or `Error` is raised.
"""
key = PKey()
with pytest.raises(TypeError):
key.generate_key("foo", "bar")
with pytest.raises(Error):
key.generate_key(-1, 0)
with pytest.raises(ValueError):
key.generate_key(TYPE_RSA, -1)
with pytest.raises(ValueError):
key.generate_key(TYPE_RSA, 0)
with pytest.raises(TypeError):
key.generate_key(TYPE_RSA, object())
# XXX RSA generation for small values of bits is fairly buggy in a wide
# range of OpenSSL versions. I need to figure out what the safe lower
# bound for a reasonable number of OpenSSL versions is and explicitly
# check for that in the wrapper. The failure behavior is typically an
# infinite loop inside OpenSSL.
# with pytest.raises(Error):
# key.generate_key(TYPE_RSA, 2)
# XXX DSA generation seems happy with any number of bits. The DSS
# says bits must be between 512 and 1024 inclusive. OpenSSL's DSA
# generator doesn't seem to care about the upper limit at all. For
# the lower limit, it uses 512 if anything smaller is specified.
# So, it doesn't seem possible to make generate_key fail for
# TYPE_DSA with a bits argument which is at least an int.
# with pytest.raises(Error):
# key.generate_key(TYPE_DSA, -7)
评论列表
文章目录
