def test_get_cert_chain_bad_host():
"""Pass bad host to get_certificate_chain exception"""
func_name: str = "get_certificate_chain"
host = "nonexistenthost.com"
port = 443
with pytest.raises(Exception) as excinfo:
get_certificate_chain(host, port)
assert str(excinfo.value
) == f"{func_name}: {host}:{port} is invalid or not known."
def test_get_cert_chain_bad_port():
"""Validate the issuer for microsoft.com with ms_pem"""
host = "github.com"
port = 80000
func_name: str = "get_certificate_chain"
with pytest.raises(Exception) as excinfo:
get_certificate_chain(host, port)
assert (str(
excinfo.value
) == f"{func_name}: Illegal port: {port}. Port must be between 0-65535.")
def test_get_cert_chain_host_timeout():
"""Pass bad port to get_certificate_chain to force the
connection to time out"""
func_name: str = "get_certificate_chain"
host = "espn.com"
port = 65534
with pytest.raises(Exception) as excinfo:
get_certificate_chain(host, port)
assert str(excinfo.value
) == f"{func_name}: Connection to {host}:{port} timed out."
def test_extract_ocsp_url_success():
"""test a successful extract_ocsp_url function invocation"""
host = "github.com"
port = 443
cert_chain = get_certificate_chain(host, port)
ocsp_url = extract_ocsp_url(cert_chain)
assert ocsp_url == "http://ocsp.digicert.com"
def test_get_cert_chain_success():
"""Validate the issuer for microsoft.com with ms_pem"""
host = "github.com"
port = 443
github = get_certificate_chain(host, port)
assert github[1] == certs.github_issuer_pem
def test_build_ocsp_request_success():
"""test a successful build_ocsp_request function invocation"""
host = "github.com"
port = 443
cert_chain = get_certificate_chain(host, port)
ocsp_request_data = build_ocsp_request(cert_chain)
assert ocsp_request_data == certs.github_ocsp_data
def test_extract_ocsp_result_success():
"""test an unsuccessful extract_ocsp_result function invocation"""
cert_chain = get_certificate_chain("github.com", 443)
ocsp_url = extract_ocsp_url(cert_chain)
ocsp_request = build_ocsp_request(cert_chain)
ocsp_response = get_ocsp_response(ocsp_url, ocsp_request)
ocsp_result = extract_ocsp_result(ocsp_response)
assert ocsp_result == "OCSP Status: GOOD"
def test_missing_ocsp_extension():
"""edellroot.badssl.com is missing the OCSP extensions"""
func_name: str = "extract_ocsp_url"
host = "edellroot.badssl.com"
port = 443
cert_chain = get_certificate_chain(host, port)
error = f"{func_name}: Certificate Authority Information Access (AIA) Extension Missing. Possible MITM Proxy."
with pytest.raises(Exception) as excinfo:
extract_ocsp_url(cert_chain)
assert str(excinfo.value) == error
def test_get_ocsp_response_success():
"""test an successful get_ocsp_response function invocation"""
cert_chain = get_certificate_chain("github.com", 443)
ocsp_url = extract_ocsp_url(cert_chain)
ocsp_request = build_ocsp_request(cert_chain)
ocsp_response = get_ocsp_response(ocsp_url, ocsp_request)
for header in ocsp_response.headers:
if "application/ocsp-response" in ocsp_response.headers[header]:
# There may be a better way to do this, but this proves we got a response
# from the OCSP server
assert True
