def test_fetch_ocsp(self):
with open(os.path.join(fixtures_dir, 'GeoTrust_EV_SSL_CA_-_G4.crt'), 'rb') as f:
cert_bytes = f.read()
if pem.detect(cert_bytes):
_, _, cert_bytes = pem.unarmor(cert_bytes)
intermediate = x509.Certificate.load(cert_bytes)
registry = CertificateRegistry()
path = registry.build_paths(intermediate)[0]
issuer = path.find_issuer(intermediate)
ocsp_response = ocsp_client.fetch(intermediate, issuer, timeout=3)
context = ValidationContext(ocsps=[ocsp_response])
verify_ocsp_response(intermediate, path, context)
def test_build_paths_custom_ca_certs(self):
with open(os.path.join(fixtures_dir, 'codex.crt'), 'rb') as f:
cert_bytes = f.read()
if pem.detect(cert_bytes):
_, _, cert_bytes = pem.unarmor(cert_bytes)
cert = x509.Certificate.load(cert_bytes)
with open(os.path.join(fixtures_dir, 'GeoTrust_EV_SSL_CA_-_G4.crt'),
'rb') as f:
other_certs = [f.read()]
repo = CertificateRegistry(trust_roots=other_certs)
paths = repo.build_paths(cert)
self.assertEqual(1, len(paths))
path = paths[0]
self.assertEqual(2, len(path))
self.assertEqual([
b'\xaa+\x03\x14\xafd.\x13\x0e\xd6\x92%\xe3\xff*\xba\xd7=b0',
b"\xfcq\x7f\x98='\xcc\xb3D\xfbK\x85\xf0\x81\x8f\xab\xcb\xf0\x9b\x14"
], [item.subject.sha1 for item in path])
def test_build_paths_custom_ca_certs(self):
with open(os.path.join(fixtures_dir, 'mozilla.org.crt'), 'rb') as f:
cert_bytes = f.read()
if pem.detect(cert_bytes):
_, _, cert_bytes = pem.unarmor(cert_bytes)
cert = x509.Certificate.load(cert_bytes)
with open(
os.path.join(fixtures_dir,
'digicert-sha2-secure-server-ca.crt'), 'rb') as f:
other_certs = [f.read()]
repo = CertificateRegistry(trust_roots=other_certs)
paths = repo.build_paths(cert)
self.assertEqual(1, len(paths))
path = paths[0]
self.assertEqual(2, len(path))
self.assertEqual([
b"\x10_\xa6z\x80\x08\x9d\xb5'\x9f5\xce\x83\x0bC\x88\x9e\xa3\xc7\r",
b'I\xac\x03\xf8\xf3Km\xca)V)\xf2I\x9a\x98\xbe\x98\xdc.\x81'
], [item.subject.sha1 for item in path])
def test_build_paths_custom_ca_certs(self):
with open(os.path.join(fixtures_dir, 'codex.crt'), 'rb') as f:
cert_bytes = f.read()
if pem.detect(cert_bytes):
_, _, cert_bytes = pem.unarmor(cert_bytes)
cert = x509.Certificate.load(cert_bytes)
with open(os.path.join(fixtures_dir, 'GeoTrust_EV_SSL_CA_-_G4.crt'), 'rb') as f:
other_certs = [f.read()]
repo = CertificateRegistry(trust_roots=other_certs)
paths = repo.build_paths(cert)
self.assertEqual(1, len(paths))
path = paths[0]
self.assertEqual(2, len(path))
self.assertEqual(
[
b'\xaa+\x03\x14\xafd.\x13\x0e\xd6\x92%\xe3\xff*\xba\xd7=b0',
b"\xfcq\x7f\x98='\xcc\xb3D\xfbK\x85\xf0\x81\x8f\xab\xcb\xf0\x9b\x14"
],
[item.subject.sha1 for item in path]
)
