Esempio n. 1
0
    def test_verify_with_add_crls(self):
        ca = X509.load_cert("tests/crl_data/certs/revoking_ca.pem")
        valid_cert = X509.load_cert('tests/crl_data/certs/valid_cert.pem')
        revoked_cert = X509.load_cert('tests/crl_data/certs/revoked_cert.pem')
        crl = X509.load_crl('tests/crl_data/certs/revoking_crl.pem')

        # Verify that a good cert is verified OK
        store = X509.X509_Store()
        store.add_x509(ca)
        store.set_flags(X509.m2.X509_V_FLAG_CRL_CHECK |
                       X509.m2.X509_V_FLAG_CRL_CHECK_ALL)
        crl_stack = X509.CRL_Stack()
        crl_stack.push(crl)
        store_ctx = X509.X509_Store_Context()
        store_ctx.init(store, valid_cert)
        store_ctx.add_crls(crl_stack)
        self.assertTrue(store_ctx.verify_cert())

        # Verify that a revoked cert is not verified
        store = X509.X509_Store()
        store.add_x509(ca)
        store.set_flags(X509.m2.X509_V_FLAG_CRL_CHECK |
                       X509.m2.X509_V_FLAG_CRL_CHECK_ALL)
        crl_stack = X509.CRL_Stack()
        crl_stack.push(crl)
        store_ctx = X509.X509_Store_Context()
        store_ctx.init(store, revoked_cert)
        store_ctx.add_crls(crl_stack)
        self.assertFalse(store_ctx.verify_cert())
Esempio n. 2
0
 def test_push_and_pop(self):
     crl_stack = X509.CRL_Stack()
     crl_a = X509.CRL()
     crl_b = X509.CRL()
     self.assertNotEqual(crl_a, crl_b)
     crl_stack.push(crl_a)
     crl_stack.push(crl_b)
     self.assertEquals(len(crl_stack), 2)
     popped_b = crl_stack.pop()
     self.assertEquals(crl_b, popped_b)
     self.assertEquals(len(crl_stack), 1)
     popped_a = crl_stack.pop()
     self.assertEqual(crl_a, popped_a)
     self.assertEqual(len(crl_stack), 0)
Esempio n. 3
0
 def test_new(self):
     crl_stack = X509.CRL_Stack()
     self.assertIsNotNone(crl_stack)
     self.assertEqual(len(crl_stack), 0)