def test_verify_with_add_crls(self):
ca = X509.load_cert("tests/crl_data/certs/revoking_ca.pem")
valid_cert = X509.load_cert('tests/crl_data/certs/valid_cert.pem')
revoked_cert = X509.load_cert('tests/crl_data/certs/revoked_cert.pem')
crl = X509.load_crl('tests/crl_data/certs/revoking_crl.pem')
# Verify that a good cert is verified OK
store = X509.X509_Store()
store.add_x509(ca)
store.set_flags(X509.m2.X509_V_FLAG_CRL_CHECK |
X509.m2.X509_V_FLAG_CRL_CHECK_ALL)
crl_stack = X509.CRL_Stack()
crl_stack.push(crl)
store_ctx = X509.X509_Store_Context()
store_ctx.init(store, valid_cert)
store_ctx.add_crls(crl_stack)
self.assertTrue(store_ctx.verify_cert())
# Verify that a revoked cert is not verified
store = X509.X509_Store()
store.add_x509(ca)
store.set_flags(X509.m2.X509_V_FLAG_CRL_CHECK |
X509.m2.X509_V_FLAG_CRL_CHECK_ALL)
crl_stack = X509.CRL_Stack()
crl_stack.push(crl)
store_ctx = X509.X509_Store_Context()
store_ctx.init(store, revoked_cert)
store_ctx.add_crls(crl_stack)
self.assertFalse(store_ctx.verify_cert())
def test_push_and_pop(self):
crl_stack = X509.CRL_Stack()
crl_a = X509.CRL()
crl_b = X509.CRL()
self.assertNotEqual(crl_a, crl_b)
crl_stack.push(crl_a)
crl_stack.push(crl_b)
self.assertEquals(len(crl_stack), 2)
popped_b = crl_stack.pop()
self.assertEquals(crl_b, popped_b)
self.assertEquals(len(crl_stack), 1)
popped_a = crl_stack.pop()
self.assertEqual(crl_a, popped_a)
self.assertEqual(len(crl_stack), 0)
def test_new(self):
crl_stack = X509.CRL_Stack()
self.assertIsNotNone(crl_stack)
self.assertEqual(len(crl_stack), 0)