def test_verify_with_add_crls(self): ca = X509.load_cert("tests/crl_data/certs/revoking_ca.pem") valid_cert = X509.load_cert('tests/crl_data/certs/valid_cert.pem') revoked_cert = X509.load_cert('tests/crl_data/certs/revoked_cert.pem') crl = X509.load_crl('tests/crl_data/certs/revoking_crl.pem') # Verify that a good cert is verified OK store = X509.X509_Store() store.add_x509(ca) store.set_flags(X509.m2.X509_V_FLAG_CRL_CHECK | X509.m2.X509_V_FLAG_CRL_CHECK_ALL) crl_stack = X509.CRL_Stack() crl_stack.push(crl) store_ctx = X509.X509_Store_Context() store_ctx.init(store, valid_cert) store_ctx.add_crls(crl_stack) self.assertTrue(store_ctx.verify_cert()) # Verify that a revoked cert is not verified store = X509.X509_Store() store.add_x509(ca) store.set_flags(X509.m2.X509_V_FLAG_CRL_CHECK | X509.m2.X509_V_FLAG_CRL_CHECK_ALL) crl_stack = X509.CRL_Stack() crl_stack.push(crl) store_ctx = X509.X509_Store_Context() store_ctx.init(store, revoked_cert) store_ctx.add_crls(crl_stack) self.assertFalse(store_ctx.verify_cert())
def test_push_and_pop(self): crl_stack = X509.CRL_Stack() crl_a = X509.CRL() crl_b = X509.CRL() self.assertNotEqual(crl_a, crl_b) crl_stack.push(crl_a) crl_stack.push(crl_b) self.assertEquals(len(crl_stack), 2) popped_b = crl_stack.pop() self.assertEquals(crl_b, popped_b) self.assertEquals(len(crl_stack), 1) popped_a = crl_stack.pop() self.assertEqual(crl_a, popped_a) self.assertEqual(len(crl_stack), 0)
def test_new(self): crl_stack = X509.CRL_Stack() self.assertIsNotNone(crl_stack) self.assertEqual(len(crl_stack), 0)