def test_get_cert_chain_bad_host(): """Pass bad host to get_certificate_chain exception""" func_name: str = "get_certificate_chain" host = "nonexistenthost.com" port = 443 with pytest.raises(Exception) as excinfo: get_certificate_chain(host, port) assert str(excinfo.value ) == f"{func_name}: {host}:{port} is invalid or not known."
def test_get_cert_chain_bad_port(): """Validate the issuer for microsoft.com with ms_pem""" host = "github.com" port = 80000 func_name: str = "get_certificate_chain" with pytest.raises(Exception) as excinfo: get_certificate_chain(host, port) assert (str( excinfo.value ) == f"{func_name}: Illegal port: {port}. Port must be between 0-65535.")
def test_get_cert_chain_host_timeout(): """Pass bad port to get_certificate_chain to force the connection to time out""" func_name: str = "get_certificate_chain" host = "espn.com" port = 65534 with pytest.raises(Exception) as excinfo: get_certificate_chain(host, port) assert str(excinfo.value ) == f"{func_name}: Connection to {host}:{port} timed out."
def test_extract_ocsp_url_success(): """test a successful extract_ocsp_url function invocation""" host = "github.com" port = 443 cert_chain = get_certificate_chain(host, port) ocsp_url = extract_ocsp_url(cert_chain) assert ocsp_url == "http://ocsp.digicert.com"
def test_get_cert_chain_success(): """Validate the issuer for microsoft.com with ms_pem""" host = "github.com" port = 443 github = get_certificate_chain(host, port) assert github[1] == certs.github_issuer_pem
def test_build_ocsp_request_success(): """test a successful build_ocsp_request function invocation""" host = "github.com" port = 443 cert_chain = get_certificate_chain(host, port) ocsp_request_data = build_ocsp_request(cert_chain) assert ocsp_request_data == certs.github_ocsp_data
def test_extract_ocsp_result_success(): """test an unsuccessful extract_ocsp_result function invocation""" cert_chain = get_certificate_chain("github.com", 443) ocsp_url = extract_ocsp_url(cert_chain) ocsp_request = build_ocsp_request(cert_chain) ocsp_response = get_ocsp_response(ocsp_url, ocsp_request) ocsp_result = extract_ocsp_result(ocsp_response) assert ocsp_result == "OCSP Status: GOOD"
def test_missing_ocsp_extension(): """edellroot.badssl.com is missing the OCSP extensions""" func_name: str = "extract_ocsp_url" host = "edellroot.badssl.com" port = 443 cert_chain = get_certificate_chain(host, port) error = f"{func_name}: Certificate Authority Information Access (AIA) Extension Missing. Possible MITM Proxy." with pytest.raises(Exception) as excinfo: extract_ocsp_url(cert_chain) assert str(excinfo.value) == error
def test_get_ocsp_response_success(): """test an successful get_ocsp_response function invocation""" cert_chain = get_certificate_chain("github.com", 443) ocsp_url = extract_ocsp_url(cert_chain) ocsp_request = build_ocsp_request(cert_chain) ocsp_response = get_ocsp_response(ocsp_url, ocsp_request) for header in ocsp_response.headers: if "application/ocsp-response" in ocsp_response.headers[header]: # There may be a better way to do this, but this proves we got a response # from the OCSP server assert True