def test_missing_ocsp_extension():
"""edellroot.badssl.com is missing the OCSP extensions"""
func_name: str = "extract_ocsp_url"
host = "edellroot.badssl.com"
port = 443
cert_chain = get_certificate_chain(host, port)
error = f"{func_name}: Certificate Authority Information Access (AIA) Extension Missing. Possible MITM Proxy."
with pytest.raises(Exception) as excinfo:
extract_ocsp_url(cert_chain)
assert str(excinfo.value) == error
def test_extract_ocsp_url_success():
"""test a successful extract_ocsp_url function invocation"""
host = "github.com"
port = 443
cert_chain = get_certificate_chain(host, port)
ocsp_url = extract_ocsp_url(cert_chain)
assert ocsp_url == "http://ocsp.digicert.com"
def test_extract_ocsp_result_success():
"""test an unsuccessful extract_ocsp_result function invocation"""
cert_chain = get_certificate_chain("github.com", 443)
ocsp_url = extract_ocsp_url(cert_chain)
ocsp_request = build_ocsp_request(cert_chain)
ocsp_response = get_ocsp_response(ocsp_url, ocsp_request)
ocsp_result = extract_ocsp_result(ocsp_response)
assert ocsp_result == "OCSP Status: GOOD"
def test_get_ocsp_response_success():
"""test an successful get_ocsp_response function invocation"""
cert_chain = get_certificate_chain("github.com", 443)
ocsp_url = extract_ocsp_url(cert_chain)
ocsp_request = build_ocsp_request(cert_chain)
ocsp_response = get_ocsp_response(ocsp_url, ocsp_request)
for header in ocsp_response.headers:
if "application/ocsp-response" in ocsp_response.headers[header]:
# There may be a better way to do this, but this proves we got a response
# from the OCSP server
assert True