def test_validate_certificate_invalid_signature(
untrusted_cert: Certificate) -> None:
with pytest.raises(
CertificateValidationError,
match="Client certificate not trusted",
):
_validate_certificate(untrusted_cert)
def test_validate_certificate_not_yet_valid(ca: CertificateAuthority) -> None:
with on_time(time() + 24 * 3600, "UTC"):
cert, _priv_key = ca._certificate_from_root("abc123")
with pytest.raises(
CertificateValidationError,
match="Client certificate not yet valid",
):
_validate_certificate(cert)
def test_validate_certificate_not_yet_valid(root_ca: RootCA) -> None:
with on_time(time() + 24 * 3600, "UTC"):
cert, _priv_key = root_ca.new_signed_cert("abc123", 100)
with pytest.raises(
CertificateValidationError,
match="Client certificate not yet valid",
):
_validate_certificate(cert)
def test_validate_certificate_expired(root_ca: RootCA) -> None:
with on_time(1638174087, "UTC"):
cert, _priv_key = root_ca.new_signed_cert("abc123", 1)
with pytest.raises(
CertificateValidationError,
match="Client certificate expired",
):
_validate_certificate(cert)
def test_validate_certificate_expired(ca: CertificateAuthority) -> None:
ca._days_valid = 1
with on_time(1638174087, "UTC"):
cert, _priv_key = ca._certificate_from_root("abc123")
with pytest.raises(
CertificateValidationError,
match="Client certificate expired",
):
_validate_certificate(cert)
def test_validate_certificate_ok(trusted_cert: Certificate) -> None:
_validate_certificate(trusted_cert)